Feature
The Future of Non-Traditional Marks in Taiwan
The International Trademark Association's (INTA) Asia Roundtables Project Team and Winkler Partners are proud to present a roundtable discussion on "The Future of Non-Traditional Marks in Taiwan". Join us for good food and a lively discussion on the issue at the Formosa Regent on Friday, July 9, 2010.
Three-dimensional, color and sound trademarks currently enjoy protection under Taiwan’s Trademark Act. Proposed amendments to the law, however, would extend registration to other non-conventional marks such as motion, hologram, and scent marks. In this roundtable discussion we will examine the proposed changes and consider what the future holds for brand owners in the areas of trademark development and protection in Taiwan.
Discussion leader:
Peter J. Dernbach
Partner, Winkler Partners
When: Friday, July 9, 2010
Friday, July 9, 2010
12:00 – 14:00
Where: VIP Room 2
The Grand Formosa Regent Taipei
4F, 41 Zhong Shan North Road, Sec. 2
Taipei, Taiwan
Admittance to the roundtable (which includes lunch) is NT$1,400. The roundtable will be conducted in English and Chinese.
Please confirm registration by Thursday, 1 July 2010 by email to Irene Chu at ichu@winklerpartners.com and make your payment of NT$1,400 to Mega International Commercial Bank Co., Ltd., Cheng Chung Branch, Account No. 017-09-108-859.
Please direct any questions to Jesimy Yu at jesimy@winklerpartners.com.
Tags: IP , Peter Dernbach
Update
Legislature Updates Privacy Act
In April 2010, Taiwan’s legislature approved extensive and long-awaited revisions to the 1995 Computer-Processed Personal Data Protection Act (hereafter, the CDPA). The effective date of the amended law, entitled the Personal Data Protection Act (hereafter, the DPA), has yet to be announced by the Executive Yuan. The DPA is not expected to come into force until sometime in 2011, however, so as to allow time for supporting enforcement rules to be drafted and for public and private entities and individuals to familiarize themselves with the new data protection regime. This article examines imminent changes to Taiwan’s data protection framework that are of particular relevance to the private sector.
Fundamental principles of the CDPA/DPA
Taiwan’s data protection regime is aimed at regulating the collection, processing and use of personal data and preventing harm to data subjects. A core principle of the regime is that the collection, processing and use of personal data should respect the rights and interests of the subject. Moreover, data should be handled in accordance with the principles of good faith and credibility so as not to exceed the scope of the “specific purpose” of the collection. Protections afforded the data subject include the right to review, copy, supplement, correct, request cessation of processing or use, and request deletion of his or her personal data - such rights may not be waived in advance or limited by agreement.
Key revisions under the DPA
Universal application of the law
The DPA extends application of the data protection regime to any individual, organization or enterprise that collects, processes or uses personal data. By contrast, the CPDA applies only to public agencies and private sector businesses, entities, groups or individuals within certain a limited range of specified sectors, such as financial, telecommunication and insurance.
Scope of data
“Personal data” under the DPA encompasses all data formats, not merely computer-processed personal data as stipulated in the CPDA. “Personal data” is defined in the CPDA as “a natural person's name, date of birth, national identification number, special features, fingerprints, marital, family, education, occupation, health, medical history and financial status, social activities and other data which is sufficient to identify that person.” The DPA adds to that list a person’s passport number, genetic information, criminal record, sex life and contact information.
Obligations to inform
In most cases, when requesting personal data, the data controller must inform the data subject of certain details, including the specific purpose for collecting the data as well as the duration, location and method of use and any intended recipients of the data. For any personal data obtained from a source other than the data subject, the data collector must inform the subject of same prior to processing or using the personal data.
Like the CDPA, the DPA requires data controllers to implement reasonable measures to prevent unauthorized disclosure, loss, theft or damage of personal data. The DPA further requires data controllers to inform subjects of any loss, disclosure, theft or other infringement of their personal data.
Legitimate grounds to collect, process and use personal data
The collection, processing and use of personal data must be for specific purposes (as communicated to the data subject) and must meet one of several requirements to comply with the DPA, including being based on a contractual or semi-contractual relationship with the data subject, or by written consent provided by the subject.
Registration
The DPA abolishes the current registration and public announcement requirements for non-government data controllers as universal application of the DPA obviates the need for registration, and the use of obligations to inform replaces public announcement as a more direct and fair means of informing subjects of the intended purpose of collecting, processing or using their personal data.
Prohibited data
Certain types of personal data – medical information, genetic information, sexual life, health examination and criminal records – may not be collected, processed or used except under certain circumstances, including where the information has been made public in a legitimate way.
Use outside specified purpose
The use of personal data must be within the scope of the original specified purpose for collecting the data. In most cases, a data controller would need to obtain the data subject’s written informed consent to exceed this scope. There are exceptional circumstances listed in the DPA, however, including where such use prevents harm to the data subject or a third party.
If use outside the specified purpose is for marketing purposes, the data controller must at its own expense provide the data subject a means to “opt out”.
Sanctions
The DPA grants administrative authorities various means to sanction data controllers that violate the act. Authorities may prohibit the collection, processing or use of personal data, order the deletion of data, seize or destroy data collected illegally and publicly announce the details of the violation and identify the data collector. Authorities may also impose fines on offenders over and above such measures. It should be noted a company representative would be subject to the same fine imposed on a company for contravention of the DPA unless the representative can prove that he or she took measures to prevent the violation.
The PDPA increases criminal penalties and removes the “intent to profit” and “actual damage” thresholds required to establish criminal liability under the CDPA. Under the DPA, criminal liability is initiated where a data controller illegally collects, processes or uses personal data in a way that is likely to harm the data subject. Where such illegal activity is undertaken with intent to profit, offenders face more severe punishment of detention of up to five years and a fine of up to NTD1 million
Under the DPA, an injured party may claim actual and non-pecuniary damages. The maximum total damages that may be claimed under the DPA is NTD200 million, ten times that under the CDPA, for a breach arising from the same facts. An injured party may also claim measures to restore damage to their reputation. The DPA also allows for class action suits whereby 20 or more claimants may collectively bring suit through a foundation or public interest association.
A version of this article appears in the Computer Law and Security Review. For more information about this topic, please contact K. Mark Brown.
Tags: Mark Brown
Feature
Updated Taiwan Chapter on Licensing Released
Winkler Partners recently contributed to the Taiwan chapter of International Licensing Plus - Update 25, published in association with the Center for International Legal Studies and BNA International ("International Licensing", BNA International Inc, London England, March 2010.) The electronic version of the chapter can be found here.
For further information regarding licensing in Taiwan, please contact Peter J. Dernbach at +886-2-2311-2345 ext. 222.
Tags: copyright , IP , patent , Peter Dernbach , trademark
WP In the News
Winkler Partners Recognized as 'Employer of Choice'
Winkler Partners has been recognized as an "Employer of Choice" in the Taiwan jurisdiction by Asian Legal Business (ALB) magazine (Issue 10.3). ALB conducted its employer survey between December 2009 and February 2010, and received responses from more than 1,000 legal professionals in the Asia-Pacific and Gulf regions. Firms were ranked on categories such as quality of work and clients, firm reputation, professional development and training, work/life balance, and quality of partners to work for.
WP In the News
Hermès Trademark Award Noted as Landmark Case
Asia IP magazine has identified the Hermès Group's successful trademark infringement action against a former saleswoman as a landmark intellectual property case in Taiwan for 2009. In its February 2010 cover story, Asia IP details how Winkler Partners' Christine Chen represented the Hermès Group before Taiwan's Intellectual Property Court against the ex-saleswoman who sold fake Hermès bags to high-end Taiwanese consumers. The Intellectual Property Court awarded Hermès NT$256 million (c. US$7.7 million) in damages in April of 2009, the largest award ever for trademark infringement in Taiwan. The case was also headline news in Taiwan's Chinese-language media.
Tags: Christine Chen , IP , trademark
WP In the News
Winkler Partners Listed as One of Taiwan’s Top IP Firms
Winkler Partners was listed as one of Taiwan’s leading intellectual property firms in the latest print issue of Asian Legal Business (Issue 10.2) in the feature article “IP: The ultimate intangible.” The Web version of the article can be found here.
Tags: IP
Feature
Partner Peter Dernbach Recognized as IP Leader in Taiwan
Partner Peter J. Dernbach is recognized as one of the leading intellectual property law attorneys in Taiwan in the Chambers Asia 2010 directory. Leading lawyer candidates are assessed on qualities such as legal ability, professionalism, service, and client commitment, and Chambers base their rankings on interviews with both lawyers and clients. Chambers Asia 2009 described Dernbach as "a great bridge for global users–he can explain problems and solutions in a way that everyone can understand", adding that "he has a good grasp of what U.S. users expect". Winkler Partners was described as "...very helpful–the lawyers are fluent in Chinese and can understand the U.S. perspective as well as the Taiwanese courts system”.
Tags: IP , Peter Dernbach
Update
Taiwan-China Financial Market Liberalization Raises Data Protection Concerns
Taiwanese and Chinese regulatory authorities signed memoranda last November expanding mutual access to and the supervision of banking, insurance, and securities sectors. The memorandum became effective on January 16, 2010, and reflects planned financial market liberalizations between Taiwan and China. The memorandum—the latest in a series of unprecedented cross-strait deals brokered by Taiwan’s new administration paving the way for a binding Economic Cooperation Framework Agreement (ECFA) to lower long-standing barriers on a wide range of goods and services—should see a substantial increase in the collection and cross-border transfer of personal client data between the two countries.
Concerns have been raised over whether the personal data shared by Taiwanese banking, insurance, and securities firms with their Chinese counterparts will be adequately safeguarded from unauthorized disclosure and misuse. Part of this concern likely arises from the fact that trade and ECFA negotiations have been conducted behind closed doors and a substantive review of the financial and other sector-specific pacts therein by the public have not been possible to date. And part of the concern likely arises simply from the increased scrutiny afforded the issue of personal data protection over the last ten years. It will, however, be in the interests of both Taiwanese and Chinese companies to ensure that any personal data exchanged has been well protected.
Banking, insurance, and securities firms established in Taiwan fall under the Computer Processed Personal Data Protection Act - the fundamental legal framework for data protection in Taiwan. These firms must be licensed by Financial Supervisory Commission (FSC) to collect, process, and transfer personal data by computer. Approval must be obtained for the cross-border transmission of data - any cross-boarder transmission of the data through telecommunications systems (networks) including cable, terrestrial, optical or other electromagnetic communication networks. The application for the license must identify any cross-border transmission that will occur and who the direct recipient of that data will be. It must also set out a security and maintenance plan for the safety of personal data and provide a host of other required information. Firms currently licensed will, therefore, need to apply to amend their current registrations. And the FSC will have the opportunity to ensure adequate measures have been put in place to protect local consumers. The FSC may also restrict the cross-border transfer where major national interests are involved; where an international treaty or agreement specifies otherwise; where the nation receiving personal data lacks laws which fairly protect the rights and interests of the principal, thereby causing injury to the principal; or where international transmission and utilization of personal data are made through a circuitous means in order to evade the provisions of the Act. It would be very unlikely though to see the cross-border transmission to China be refused on these grounds at this stage.
Liability under the Act would fall on the entity governed by the Act and thus Taiwanese entities licensed under the Act will be liable for any unauthorized disclosure and misuse that occurs including that subsequent to a licensed cross-border transmission. Firms also face the prospect of potential criminal and civil liability under Taiwan’s Criminal Code and Civil Code.
The current Act, however, applies only to the collection, processing, and transfer personal data by computer and only to specified industries. A bill has been introduced whereby the Act would cover all data collection by any entity or individual. The amendments, however, have been stalled for several years at the Legislative Yuan. The main sticking point in the passage of the amendments has been just how severely violations of the Act should be punished and whether civil liability should be capped or not (it presently is).
The penalties under the current Act have been seen as inadequate, and likely are. The amendments seem unlikely to pass before the personal data of Taiwanese banking, insurance, and securities consumers starts flowing. Protection will, however, likely come from the fact that the liberalization of trade and closer political ties between Taiwan and China has come under increasing scrutiny from an ever-wary Taiwanese public. Parties on both sides of the Strait have a vested interest in ensuring that this next stage of closer commercial relations proceeds without giving the public cause to further question the proposed continued liberalization of trade and closer political ties.
A version of this article appears in the Computer Law and Security Review. For more information about this topic, please contact K. Mark Brown.
Tags: finance
Feature
Towers Watson 2010 Employment Terms and Conditions Published
2010 Employment Terms and Conditions – Asia Pacific, published by Towers Watson Data Services, contains comprehensive coverage of employment- and labor-related laws and regulations for legal or human resources professionals. The Taiwan chapter includes updated information on the island's retirement laws, strikes, and short-term leave, among other items. Winkler Partners is pleased to present a sample of the Taiwan chapter. The report in its entirety can be purchased from Towers Watson Publications.
For legal guidance on employment law in Taiwan, please contact Christine Chen.
For help obtaining work permits and resident status for foreigners and PRC nationals, please contact Lloyd Roberts.
Tags: Christine Chen , Employment Law , Labor , Lloyd Roberts
Update
Implementing Regulations for ISP Safe Harbor Amendments Announced
The Taiwan Intellectual Property Office (TIPO) announced the Regulations Governing Implementation of Limitations on the Liability of Internet Service Providers on September 7, 2009. The regulations address amendments to the Copyright Act establishing safe harbor provisions for Internet Service Providers (ISPs) that came into force earlier in 2009. The regulations have been based on the outcome of discussions with interested parties during the drafting of the amendments to the Copyright Act and public hearings this past summer. Interested parties had until September 17 to submit comments on the regulations. Absent significant opposition, the TIPO anticipates that the regulations will come into force in November 2009.
Notifications and Counter-notifications
Article 3 of the Regulations sets out the requirements for notifications sent to ISPs by rights holders under the Copyright Act. Notification may be made in writing sent by mail or fax or via electronic signature document sent by e-mail. The rights holder or its authorized representative must sign or chop the notification. ISPs may provide alternate means of receiving notification from rights holders. The notification must include:
i. Identity of the rights holder’s name along with their address, phone number, fax number, or e-mail;
ii. Identity of the infringed copyright;
iii. Request to the ISP to remove or deny user access to the infringing content;
iv. Adequate information and access routing information on the infringing content;
v. A statement that the rights holder has a good faith belief that the content cited is unauthorized or violates the Copyright Act; and
vi. A statement that the rights holder will assume liability if third parties incur damages as a result of false notification.
If multiple infringements will be alleged then these may be cited in a single notification.
Article 4 requires that an ISP notify a rights holder of any required amendments to a notification within five working days of the day following receipt of the notification. And a rights holder then has five working days to submit an amended notification. A notification shall be void if the rights holder fails to comply within the five-day period. Notification that does not meet the requirements and that has not been amended within the prescribed time to comply with the requirements shall not constitute evidence that an ISP has knowledge or awareness of the alleged infringement. That is to say, improper notice shall be deemed no notice.
The Copyright Act provides users of information storage service providers with a mechanism to challenge an infringement notification. Users of other types of ISP do not enjoy this right. A user of an information storage service provider who believes he or she has been wrongly accused of infringement by a rights holder may submit counter-notification to the information storage service provider requesting restoration of the alleged infringing content. Article 5 of the regulations provides that a counter-notification must be signed or chopped by the user (or representative) and include:
i. Identity of the user and contact information;
ii. Request to restore deleted content or access to the same;
iii. Adequate information on the content;
iv. A statement that the user has a good faith belief that he or she has legal authorization to use the content in question and that the deletion or denial of access to content is result of a false claim by the rights holder;
v. Consent to the information storage service provider to forward the counter-notification to rights holder; and
vi. A statement that the user will assume liability if third parties incur damages as a result of false counter-notification.
A representative making counter-notification must at same time state that he/she is doing so on behalf of the user.
Article 6 requires that an ISP notify a user of any required amendments to the counter-notification within five working days of the day following receipt of the notification. And a user then has five working days to submit the amended counter-notification. A counter-notification shall be void if the rights holder fails to comply within the five-day period and an ISP will not be required to restore access to the content.
Three-Strikes Rule
The Copyright Act provides that an ISP must to avail itself of the safe harbor protections inform its users that their service shall be terminated in whole or in part in the event that a user has been involved with three incidents of infringement. The Copyright Act does not, however, expressly require that the ISP terminate service. And the regulations do not address the "three-strikes" provision of the amendments at all though its absence from the regulations had been expected as users of connection ISP had not been provided with a means within the Copyright Act to challenge a notification. The amendments to the Copyright Act and the regulations appear to have been carefully thought through to appease those parties lobbying for the inclusion of a "three-strikes" mechanism while ensuring that the ISP and individual users of connection services have a degree of protection.
Observations on the 'Safe Harbor' Regime
There has, first, been no actual obligation imposed by the Copyright Act or the regulations on an ISP to terminate service, throttle, or restrict a user’s connection after the occurrence of "three-strikes". And where, for example, a user of a connection ISP has not been provided with any means within the notification system to challenge a notification then making it in fact a contractual issue between the ISP and user limits the likelihood of the law being challenged.
A rights holder has no right to know what action an ISP has taken against a connection service user and additional laws and regulations prevent the disclosure of such information absent a court order. There would be little current incentive for an ISP frequently trying to upsell consumers to more expensive and faster connections to actually enforce the "three-strikes" rule as a notification only contains an allegation of infringement–and given some of the cases reported in other jurisdictions and the use of automated notification systems that troll for infringement based on key words rather than actual content, an ISP would be correct to be wary. An ISP could face liability but this would require that a rights holder litigate first against a connection user. Which would in turn require sufficient evidence to support a court order to disclose the identity of the user.
The amendments also impose civil liability on any party who files a false notification of infringement. The regulations further require that a notification include both a statement by the rights holder that it has a good faith belief that the content cited is unauthorized or violates the Copyright Act and that the rights holder will assume liability if third parties incur damages as a result of fraudulent notification. Where, for example, a user of a connection ISP has received a false notification then the only redress to avoid "the strike" would be to bring legal action against the rights holder, and that user would have statements by the rights holder contained in the notification on which to base the action. The prospect of civil liability should serve to somewhat check the over-enthusiastic use of automated infringement notification systems sometimes seen in other jurisdictions as a rights holder should have sufficient and actual evidence of infringement at the time that the notification had been issued.
A version of this article appears in the Computer Law and Security Review. For more information about this topic, please contact K. Mark Brown.
