Right to attribution for photographs used on websites – cause for uncertainty?

„The creator enjoys the right to respect of his name” (Article L121-1 of the French Intellectual Property Code). In the area of photography this means that the photographer’s name must be displayed next to the picture he or she has taken, in order to be recognised as the author of the work. (more…)

The call for future use of SSL/TLS protocols for online sales websites

The entry into force of regulation 2016/679, from now on known as the GDPR, on May 25th, will require a review of online sale websites and their payment procedures.

The operators of websites are obliged to prevent or minimise any data loss that may occur, unauthorised access to data and any change to or sharing of data. Of course, it is impossible to guarantee absolute security to users of online stores, however website operators need to take all reasonable measures, organisational or technological, available to them, in order to secure their sites, in particular online payments via sites. (more…)

Proud to present a great judgement : Literature professor at the Sorbonne sentenced on appeal for copyright infringement

Certainly, there is nothing reprehensible in the fact that two researchers work on the same subject, study the same books from the 18th century, where they comment on the same passages, use similar or identical terms deemed to be “banal” or “common” in the field of human sciences, draw the same comparisons or even use the same ideas. (more…)

A seat at the table?

No, the mafia do not get a seat at the table in the area of trademarks. The application of “La mafia se sienta à la mesa” (“takes a seat at the table”) was declared invalid by the General Court of the European Union (La Mafia Franchises v EUIPO, 15th March 2018, T-1/17) as had been requested by the Italian Republic before the EUIPO. The brand had been registered by the company “La Honorable Hermanda” (“The Honorable Brotherhood”).

The reason: It was contrary to public policy and accepted principles of morality protected by Article 7 (1) (f) of EU Regulation 207/2009, which became Regulation 2017/1001.

However, the brand was not without humour, registered in Class 35, the provision of services and help in the management of the business affairs (those of the mafia?); Class 25, the production of shoes (non-orthopaedic ones though) and Class 43, providing food and drink. All this accompanied by the image of a red rose.

The brand was first deemed to be acceptable by the European Union Intellectual Property Office, where it was registered in 2007. A few years later i.e. eight, the Italian Republic filed an application for declaration of invalidity due to the brand going against the public order and accepted morals. In particular, the word “mafia” refers to a criminal organisation and the use of this word, which has deeply negative connotations, when setting up a chain of restaurants would distort the positive image of the Italian gastronomy and normalize the negative sense of the word.

Certainly, the phrase « se sienta a la mesa » which means “take a seat at the table” in Spanish, could, by a significant part of the public, be perceived as the sharing of a meal. However, associating the Mafia with the idea of a friendly and relaxing meal contributes to the normalization of their illegal activities and seems to give the world a more positive impression of the Mafia.

It is irrelevant that other brands containing the term “mafia” had been registered previously by the European Union Intellectual Property Office and even by the Italian Patent and Trade Mark Office, as the practice of the Office, the legislation – although harmonized – and the jurisprudence of a Union member could not call into question the relevant, independent regulation of the EU.


Some French universities are very vigilant in terms of plagiarism, research misconduct and make a real effort to educate their researchers. Congratulations to Doctoral School of Law of Strasbourg, which has dedicated a whole day to this sensitive issue. In this context, I was invited to present the administrative and judicial litigation of plagiarism in research in France, and to give a vision of the practice in Germany.




Author’s note and the precautions to be taken as a producer

If the contract with the authors is sufficient to cause the assignment of rights, accounting law requires a company for each payment to be caused by an invoice, royalties invoice, receipt, etc. This is one of the reasons why producers must settle with authors given copyrights, whose content may vary knowing that the calculation basis and payment of contributions depends on the income category in which the copyrights are fiscally declared.

According to the definition of the Agence pour la Gestion de la Sécurité Sociale des Auteurs,  or AGESSA” (which is the Social Security Fund for Artists and Authors together with La MAISON DES ARTISTES), “any individual or legal entity is considered a producer whose registered office is located in France and who in exchange for the right of commercial exploitation of an original work pays remuneration or copyright to the author”.

Any producer having to remunerate an author is required to identify themselves through AGESSA or La MAISON DES ARTISTES by completing a tax identity registration form. At the end of this identification procedure, the producer is normally assigned an identification number to be reflected on the royalties invoices.

Producers must first settle the so called “producer-contribution”, which is independent of the withholding tax and is due by the producer in all cases. In an amount equivalent to 1.1% of the gross author remuneration, it is composed as follows: social contribution of 1% + vocational training contribution of 0.10%.

Furthermore, all producers are required for each royalty payment to pay to AGESSA a withholding tax (payment of social security contributions for the author).This withholding tax requirement applies unless the author has a withholding tax exemption, through form S2026.This exemption is by no means systematic since only the authors declaring their income in Non-Commercial Earnings (Bénéfices Non Commerciaux, BNC) who have made the request and whose file has been accepted can benefit from it at the end of their first year of activity. The author must then present this exemption to the producer who will keep a copy of it as proof of the non-payment of the withholding tax in case of an audit by the Union de Recouvrement des cotisations de Sécurité Sociale et d’Allocations Familiales, or “URSSAF” (Union for the Recovery of Social Security Contributions and Family Allowances).

For their part, the authors must also register with the social agencies, and this, even though they have joined the Société des Auteurs et Compositeurs Dramatiques, or “SACD” (one of the French oldest copyright collecting agency for dramatic authors and composers) and declared their work. However, if the author’s social fund is AGESSA, in practice no legal provision compels an author to join. Likewise, no criminal sanction is provided for in case of non-affiliation despite reaching the ceiling of 8,703 euros in annual revenue, beyond which the author must be affiliated with AGESSA.

Yet, when the producer establishes a royalty, the SIRET number of the author (assigned number of the Computerised Registry for Businesses in the Territory) appears obligatorily on said note.

In this way, AGESSA and URSSAF are able to notice through cross-checking that the author whose SIRET number appears on different royalties has for example reached the amount of 12,000 euros in one year (for example 4,000 euros paid by a first producer, 2,000 euros by a second producer and 6,000 euros by a third and final producer). If this amount is greater than 8,703 euros set to be subject to an affiliation with AGESSA as it is in this case, but the author is not affiliated, AGESSA and URSSAF will then verify the payments made for social contributions and quickly realise that there have not been any.

This is only if the producer is able to provide a copy of the withholding tax exemption provided by the author when establishing the copyright, that in case of an URSSAF audit, he will a priori suffer no correction. As a reminder, form S2026 is proof that given the particular status of the author, the producer was not required to deduct social contributions from the remuneration of the latter and pay them to AGESSA in the form of a withholding tax.

Failing to present this exemption to URSSAF, the producer may be subject to prosecution.

The decision “Dialogue of the Carmelites” – A French tribute … to the creative freedom of the director

(continued, see article from 28.09.2017)

The final scene of Francis Poulenc’s opera on a libretto by Georges Bernanos, a final scene which concentrates all the issue and sense of the work, shows the Carmelites having made a vow of martyrdom under the French Revolution, climbing one by one onto the scaffold and disappearing while singing Salve Regina then Veni Creator; joined by Blanche de la Force, even though she had refused that vow.

But in his staging of the subject of dispute, Dimitri Tcherniakov, accustomed to polemical productions, presents a wooden booth surrounded by the crowd held back by a security tape, in which the nuns are enclosed. At the sound of the recorded religious songs, Blanche de la Force saves them one by one from asphyxiation and locks herself in the cabin, which explodes a few moments later. The sound of the guillotine blade which punctuates each demise in Poulenc’s opera, marks here each rescue.

In a decision on 13 October 2015[1], the Paris Court of Appeals had ruled, contrary to the lower court, that the spirit of the work was misrepresented by Dimitri Tcherniakov’s staging presented at the Munich Opera in 2010, even though the libretto and the music were perfectly respected.

Very controversial, this decision much removed from previous case law and accompanied by several penalties, was quashed on 22 June 2017.

Grounds : the findings of the Appeals Court are inconsistent with the misrepresentation held (1).The penalties imposed ignore the application of proportionality control and the search for a fair balance between the fundamental rights at stake (2).

1. The findings of the Appeals Court are inconsistent with the misrepresentation held

In its decision of 13 October 2015, Paris Appeal Court had deemed that Dimitri Tcherniakov’s staging had misrepresented “the spirit of the work”.

Ironic, because it had previously pointed out that “the disputed staging changed neither the dialogues, absent in this part of pre-existing works, nor the music, even going so far as to reproduce the sound of the guillotine’s chop which punctuates each demise in Francis Poulenc’s opera”. In other words, the elements of the work were not changed and the integrity of the work was respected.

In the same sense, the Appeals Court admitted that the director “respected the themes of hope, martyrdom, grace, and the transfer of grace and the communion of saints, dear to the authors of the original work”.

And yet, it had ruled that the work had nonetheless been misrepresented.

This reasoning finds its justification in copyright law in the distinction between purely material elements and “contextual” elements.

In effect, according to the appeal judges, the staging had led to changes in the sense of the work. By punctuating the release of the nuns instead of punctuating the death as originally planned in the work of Bernanos and Poulenc, the sound of the guillotine as used by Dimitri Tcherniakov constituted a misrepresentation of the original work.

The Court of Cassation correctly penalises not the substance but the inconsistency held by the Court of Appeal. This does not mean however that the Versailles Court of Appeal, before which this case was sent, will not be able to retain the misrepresentation, but the exercise will be very difficult and the motivation will have to be very solid.

However, it would be a mistake for the judge to become a “censor”! French doctrine, supported in this matter by a part of the music critique[2], has a tendency to consider that Dimitri Tcherniakov “took very important liberties with the opera[3]”.And Christophe Caron adds that the Versailles Court of Appeal “should not forget that the authors of operas also enjoy a moral right which must not be systematically sacrificed at the altar of the director’s right. In effect, the opera is not an underpinning that is possible to change with impunity. Its authors do not enjoy a diminished moral right (…)[4] ».

Should the director be at the service of the work, or does he have to be regarded as a new author of a composite work (“oeuvre composite “ in French, derivative work made from the existing first work), or also as a performing artist, free to make his own performance.

 2. The penalties announced by the Court of Appeals have no legal basis for lack of prior control of proportionality

In its decision of 13 October 2015, the Court of Appeal announced an extremely severe penalty – which amounts to censorship – by “ordering the Bel Air media company and Land de Bavière, under penalty, to take any measure to cease immediately and in every country the publication in commerce or more generally publishing, including online public communications networks, the disputed video and prohibiting the Mezzo company, under penalty, to broadcast or authorise the broadcasting of the latter in television programs and in all countries”.

The Court of Cassation overruled this decision on the grounds that the Appeals Court did not examine “as it had been invited to, how does the search for the right balance between the director’s creative freedom and protection of the composer’s and author’s moral rights justify the prohibition”.

It is interesting to note that the Court of Cassation in this case invokes Article 10 paragraph 2 of the Convention for the Protection of Human Rights and Fundamental Freedoms and revives the expectation of the Klasen decision, without, however, giving any indication as to its application.

It could also have considered that the international jurisdiction of the French court cannot be unlimited. As for the pure and simple prohibition announced by the Court of Appeal; a serious and grave measure, it is true in any case that a simple public warning could have been preferred. The public is perhaps able to decide for itself?…

Since this cassation judgment, the initially prohibited marketing of audiovisual recordings of Dimitri Tcherniakov’s staging in the form of videos has resumed and the case and parties have been referred to the Versailles Court of Appeals. Case to be continued …


[1]CA Paris, division 5, ch. 1, 13 Oct.2015, no. 14/08900, Bernanos et al w/ Munich Opera et al

[2] C. Merlin, “Tcherniakov, a radical in court”, Le Figaro 4 July.2017

[3]In this sense, see in particular C. Caron “”The Dialogue of the Carmelites” again before the Court of Cassation”, Communication Commerce Électronique, September 2017, no. 9, pp 1 – 3 at E. Treppoz, “Comment on the decision of the decision of 22 June 2017”, Légipresse, September 2017, no. 352, pp. 439 – 441

[4]C. Caron, ” ” The Dialogues of the Carmelites” again before the Court of Cassation », Communication Commerce Électronique, September 2017, no. 9, pp. 1 – 3


The use of personal banking card data as part of remote payments

The new deal

With the entry into force of the European Data Protection Regulation this 25 May, the online payment systems must also be reviewed.

It is Resolution no. 2017-222 of 20 July 2017 by the Commission Nationale de l’Informatique et des Libertés, or “CNIL” (the French Data Protection Authority), which repeals Resolution no. 2013-358 of 14 November 2013, which defines in France the procedures for processing payment card data related to the sale of goods or provision of remote services.

Like any other processing of personal data, only the appropriate, relevant not excessive data in relation to the purpose of processing of data, may be collected and its use must be limited to those purposes for which it was expressly communicated.

1. In which cases can bank card data be collected?

For the specific, explicit and legitimate purposes that are:

  • paying for a good or service,
  • reserving a good or service,
  • settling in several regular instalments of a subscription sold online,
  • subscribing to an offer of payment solutions dedicated to remote sales by payment service providers
  • facilitating any future purchases on the merchant website;
  • fighting against payment card fraud.

2. What are the strictly necessary data that may be collected?

By default (restricted list):

  • the bank card number
  • its expiration date
  • the visual security code

In other words, the identity of the bank card holder which is often requested should not be collected if it is not strictly required for completion of the online transaction or if it is not justified by the pursuit of a specific and legitimate purpose such as the fight against fraud.

The CNIL specifies that the payment card number cannot be used as a commercial identifier and that the photocopy or digital copy of the front and/or back of the payment card cannot be requested, even if the visual security code and part of the numbers are faded.

3. How long can the necessary data be stored?

Necessary data should in principle not be stored beyond the transaction.

The merchant’s shopping website must include a simple and free means of withdrawing the consent initially given.

If it is nevertheless possible to propose that the card holders store their data in order to facilitate future purchases, storage of the security code is, in all cases, prohibited after completion of the first transaction. For other required data, prior consent of the client is thus required and must take the form of an explicitly voluntary act. It is not presumed and cannot result from a pre-checked box by default. In the same sense, acceptance of the general terms and conditions of use or general terms and conditions of sale cannot be equated to an explicitly voluntary act.

Concerning the fight against fraud, storage of data related to the payment card beyond completion of a transaction exceeds the contract framework. Storage beyond this may only be done if it participates in the completion of a legitimate interest of the data processor and is simultaneously not disregarding the rights or interest of persons pursuant to amended Article 7 (5) of Law no 78-17 of 6 January 1978.

In summary, the duration of bank card data storage depends on the purposes pursued:

Extended version of the CNIL table, see Link 

4. What are the information obligations?

Any use of the payment card number, whatever its purpose, must be the subject of complete and clear information to people.

In general, the data subject is informed of the identity of the data processor, purposes of the processing, the mandatory or optional nature of the information to be provided, the possible consequences of failure to provide it, recipients of the data, the storage duration of categories of data processed, the existence and manner of exercise of their access rights, of rectification and opposition to the processing of his data, including that of defining directives related to the fate of their personal data after death and, where appropriate, on transfers of data outside the European Union.

In the event that data related to the person was sent to a third party by the merchant, he must inform this third party without delay of the exercise of the right of opposition or rectification by the person concerned.



General specifications concerning the EU Certification mark

The reform of European Union trademarks dated October 1st, 2017 has led to the introduction of a new type of European trademark: the certification mark. This is defined in Article 74(a) of Regulation (EU) 2015/2424 dated 16th December, 2015 as that “which distinguishes the goods or services for which the material, the way in which the products are produced or the services supplied, the quality, precision or other characteristics with the exception of geographical origin, are certified by the proprietor of the mark in relation to the goods or services which do not qualify for such certification”. This type of trademark guarantees the use of the mark in relation to the certification standards defined by the applicant.

The certification mark benefits the consumer, since it enables more transparency with regard to the quality of the products and/or services and the owner, who thereby gives value to his engagement and offer and proves his neutrality on the market. As for the European Union Trademark, this new kind of mark applies to all 28 countries of the European Union. Thus, it enables owners to easily provide and control the use of their signs by third parties.

In a recent decision, the CJEU (June 8, 2017, C-689/15, W. F. Gözze Frottierweberei GmbH c/ Verein Bremer Baumwollbörse) ruled that an individual trademark cannot be used as a certification mark and could be subject to revocation since it was not put to genuine use by its owner. Indeed, due to the lack of regulation regarding certificates, a significant number of certifying bodies applied in the past for individual marks. However, since the above-mentioned decision of the CJEU, it is important to react quickly in order to avoid any application for revocation.

In fact, individual marks and certification marks have different functions, the former enable the consumer to associate a mark with its owner and the latter enable one to distinguish between goods and services, which have been certified from those which have not. It is interesting to note that the company BREMER BAUMWOLLBÖRSE GmbH, which was involved in the case cited above, applied for an EU certification mark on the very day that the reform introducing this type of mark entered into force.

At the time of writing this document, only a few certification marks have been filed, including well-known signs such as or. It seems therefore to be the perfect time to file an EU certification mark and benefit from a right of priority.

Who is able to file an EU Certification Mark?

Unlike the collective mark, which can be only filed by associations or state bodies, any legal or natural person may apply to register a certification mark.

However, the Office sets a limit under the title of “duty of neutrality”, namely:

  • the applicant should not carry out any business involving the supply of goods and/or services protected by the certification mark and
  • the applicant and the third parties using the certification mark should not be economically bound (for example a branch office).

Hence, the applicant wishing to register a certification mark should provide a simple signed statement to the Office that he does not carry out any activity relating to the supply of the certified products and services.

The chosen sign must be distinctive

In the same way as for individual or collective marks, a certification mark has to be distinctive. However, in this instance, the function of the mark is not to distinguish the goods and services provided by a specific company but, as the Office mentions in its guidelines, “to distinguish goods or services certified by one certifier from those that are not certified at all and from those certified by another certifier”. This point will certainly give rise to several interesting decisions in the future.

How does the owner set out the given standards for the certification?

Of course, the products and services to be certified have to be listed, just as for any individual or collective trademark.

The essential element of the certification is the regulation of use of the mark provided by the owner, which must be filed within two months at the latest from the date of application. This document defines objective conditions governing the use of the certification mark by a third party such as:

  • the characteristics of the goods and services to be certified, e.g.:
    • persons or type of persons authorised to use the mark
    • quality of the goods and services
    • mode of manufacture
  • the testing and supervision measures to be applied by the owner, namely:
    • control of the market by the owner or a third party
    • sanctions for non-compliance with the regulations of use
  • the fees to be paid in connection with the use of the trademark by third parties, where applicable.

All these conditions have to be drafted with precision in order to be clearly understood by the market operators. The definition of the controls and sanctions operated by the owner is also important in order to dissuade incorrect use of the mark.

However, the Office clearly mentions in its guidelines as an absolute ground of refusal that “an EU certification mark will not be capable of distinguishing goods or services certified in respect of the geographical origin”.


The Office has based the fees for the application for an EU certification mark on the fees for the application for a collective mark, namely:

  • basic fee for the application for an EU certification mark: EUR 1,800.00
  • fee for the second class: EUR 50.00
  • fee for each class exceeding two: EUR 150.00.

The impact of the General Data Protection Regulation on the processing of your employees’ data

The entry into force of the General Data Protection Regulation (hereinafter GDPR) on May 25 will have a significant impact for all organisations that collect, process and / or store personal data on European residents. Whatever the size or level of development (large corporations, SMEs, start-ups …) as soon as the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in article 9.1 or personal data relating to criminal convictions and offenses referred to in article 10.

If the Data Protection Act (Loi Informatique et Libertés) applicable in France already constitutes an extremely protective framework for personal data (right of access to data, right of rectification and erasure…), the GDPR reinforces the rights of employees. The expression of consent is now precisely regulated, employees must be informed in a clear, intelligible and easily accessible way of the use of their data and must have a systematic possibility to give their unambiguous consent or to refuse it. These broad requirements will transform the organisation and management of employee data procedures and employee rights.

In this way, the GDPR grants a number of new rights to employees and imposes new obligations on employers, the greater part of which is extended to their processor(s), including:

  • the right to data portability: any employee having transmitted data will have the right to recover it in an easily reusable form and to then transmit it to a third party/another controller;
  • the reinforcement of confidentiality and data security: the employer, and its processors, is subject to reinforced security obligations and a requirement to notify any personal data breach to the supervisory authority within 72 hours;
  • the prohibition of transmission by the employer of personal data of employees who are European citizens, outside the European Union, to countries where the protection of data is considered insufficient by the European Commission, cf. USA;
  • impact assessments: companies wishing to process personal data shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data within the restrictions of the GDPR and in particular for risky processing operations;
  • the right to restriction of processing: limiting the collection and retention of data to relevant information (smart data) only;
  • systematic internal maintenance of a record of processing activities: the purpose of the GDPR is to simplify the preliminary steps and to make companies more accountable; therefore, it removes, with a few exceptions, the preliminary formalities (declarations and requests for authorisation) from supervisory authorities. Instead, companies must keep a record of processing activities in-house, which can be consulted at any time by the supervisory authorities;
  • the designation of a data protection officer, who will be responsible for informing or advising the controller or his processor(s): for structures that handle sensitive or mass data this is a requirement; for others, a recommendation;
  • recognition of the right to compensation: any employee who has suffered material or moral damage as a result of a violation of the provisions of the GDPR by the data controller or one of its processors will be granted a right to compensation.

In the event of a breach of the provisions of the new regulation by the employer or one of its processors, the GDPR provides for extremely heavy administrative sanctions, which may range from a fine of 4% of the annual turnover or the payment of the sum of 20 million euros, whichever is higher.

The sensible approach for employers to prepare for the coming into force of the GDPR:

  • carry out an inventory of the processing of personal data implemented within the structure;
  • evaluate the practices and procedures put in place;
  • identify the risks associated with the processing operations implemented and plan the measures necessary for their prevention,
  • always maintain and update documentation ensuring the traceability of the measures taken, as in the event of an audit by the competent authority or challenge by the employee, as it is now the controller, i.e. the employer and, where applicable its processor(s), on whom the burden of proof lies.

Although at first glance, compliance with the provisions of the GDPR may appear extremely restrictive, it has strategic value. In the long term, it will help to strengthen the trust of employees – and partners and customers – in the organisation concerned. It will also be an opportunity to strengthen the internal data security of the organisation. Finally, compliance will be rewarded by the award of one or more CNIL (the French national data protection authority) labels or of certification beneficial to the brand image and will thereby constitute a competitive advantage.