Header graphic for print

Technology's Legal Edge

A Technology, Privacy, and Sourcing Blog

FRANCE: The French Data Protection Authority (CNIL) Orders a French Company to Pay a EUR 5,000 Fine for the Non-compliance of its Customer Geolocation System with French Data Protection Law

Posted in Privacy and Data Security

By Carol Umhoefer & Mathilde Hallé

On July 22, 2014, the French Data Protection Authority (“CNIL”) found that a luxury car rental company had failed to comply with the French data protection law with respect to the implementation of a customer geolocation system. In particular, the CNIL considered that the rental company had failed (i) to fulfill the formalities required prior to processing customer geolocation data, (ii) to limit the collection of geolocation data to cases of non-return or theft of vehicles, (iii) to inform its customers of the aforementioned processing, and (iv) to ensure the security of the data.

In October 2012, a customer filed a complaint with the CNIL regarding the geolocation system implemented in connection with its rental luxury cars. In December 2012, the CNIL sent a first letter to the rental company summarizing the provisions of the French Data Protection Law pertaining to the implementation of a geolocation system. This letter remained unanswered, which led the CNIL to send two successive letters in January and March 2013. Likewise, these letters remained unanswered and the CNIL decided to conduct an on-site inspection in June 2013. Following such inspection, the CNIL sent a cease and desist letter to the rental company, requiring the latter to comply with applicable data protection law. However, the rental company failed to ensure such compliance, which was brought to light following a subsequent investigation. As a result of the foregoing, the CNIL ordered the rental company to pay a EUR 5,000 fine.

The CNIL’s decision was based on the following legal grounds:

  • First, the rental company had failed to file with the CNIL the required declarations prior to processing personal data in connection with (i) the geolocation of cars rented to customers, and (ii) customer management.
  • Second, the CNIL considered that the rental company had failed to comply with the principles of adequacy, relevance and non-excessive nature of the data. Indeed, the geolocation system was set for a 24/7 use and could not be deactivated, and therefore the car rented by customers could be located at any time by the rental company. The system thus enabled the collection and processing of various numerous data, including time and location-related data, that the CNIL considered as excessive in relation to the purposes for which it had been collected. The CNIL found that the rental company should have limited the collection of geolocation data to cases where the vehicle is stolen or not returned.
  • In addition, the CNIL considered that the rental company had failed to fulfill its obligation to give adequate notice to customers. In this respect, the rental company claimed that customers were verbally informed of the geolocation system. However, the CNIL noted that the rental company had not provided any evidence to support its claim. The CNIL thus considered that the rental company had not demonstrated that its customers were duly informed. It has to be noted that in its decision the CNIL does not consider that the customers’ consent would have been required. The CNIL further ruled that the rental company had failed to demonstrate its compliance that it had notified customers regarding the processing of their data for customer management generally.
  • Last, the CNIL stated that the rental company had failed to comply with its obligation to ensure the security of customers’ data. During on-site inspection, the CNIL had accessed the geolocation software at issue from a computer located at the reception desk of the company, and noted that the authentication process to access this software only required a user name and a password that had not been renewed since it had been set up (more than two years prior), as no password management policy was in place.

For further information, please contact Carol Umhoefer (Carol.Umhoefer@dlapiper.com) or Mathilde Hallé (Mathilde.Halle@dlapiper.com).

Is Your Browsewrap Terms of Use Agreement Enforceable?

Posted in Technology and Commercial

Written by Bahareh Samsami

Many websites use browsewrap terms of use agreements, which say that by virtue of using or making a purchase on the website, the user agrees to those terms of use.  However, the 9th Circuit’s recent opinion raises questions about the enforceability of those agreements.

On August 18, 2014, the 9th Circuit Court of Appeals affirmed the unenforceability of Barnes & Nobel’s (“B&N”) browsewrap website terms of use agreement.  In Nguyen v. Barnes & Nobel, Inc., 2014 U.S. App. LEXIS 15868 (9th Cir. August 18, 2014), the plaintiff had placed an online order for B&N’s discounted tablets that B&N later cancelled.  Nguyen brought a suit against B&N, claiming that as a result of B&N’s representation and the delay in informing him that B&N would not honor the sale, Nguyen was forced to purchase a higher priced tablet instead.

B&N moved to compel arbitration, arguing that Nguyen was bound by the arbitration agreement in B&N’s website terms of use.  The B&N’s website terms of use was available as a hyperlink at the bottom left-hand corner of every page on the B&N’s website in the online check out process, underlined and set in green typeface and was presented on the user’s screen without the need to scroll down.  Nguyen claimed that he was not aware of the existence of the terms of use, so he had not agreed to them, and the court agreed.  The court found no evidence that Nguyen had actual notice of the terms of use, nor was Nguyen required to affirmatively acknowledge the terms of use before making his online purchase.  As a result, the court held that the website did not put a reasonably prudent person on notice of the existence of the terms of the agreement.

In light of Nguyen, whenever possible, we advise that you require the user to agree to a click-through terms of use agreement, particularly if the website is targeted at consumers.  If that is not practicable, it is possible to form a binding agreement if the design and the content of the website make the terms of use link conspicuous prominently on the page where a reasonable user is certain to see it and be on notice.  But the question remains if a green and underlined hyperlink that appears on every page without needing the user to scroll down didn’t work, what will?

FRANCE: CNIL TO BEGIN COOKIES ENFORCEMENT IN OCTOBER

Posted in Cookies, EU Data Protection, International Privacy, Privacy and Data Security, Technology and Commercial

Written By Carol Umhoefer, Jeanne Dauzier and Mathilde Hallé

Starting in October, France’s Data Protection Authority (the CNIL) will verify compliance with its December 2013 Recommendation on the use of cookies and tracking technologies.

The CNIL’s inspections will follow “cookies sweep day,” planned to take place the week of September 15, 2014, during which European Union Data Protection Authorities will review how Internet users are notified of the use of cookies, and how their consent to such use is obtained.

The CNIL recently announced that, from October 2014, it will verify compliance with its recommendation on cookies and tracking technologies issued on December 5, 2013. Compliance checks will be conducted through on-site and online inspections.

Find out more.

FRANCE: The French Media Authority Refuses to Authorize TF1 to Swap the LCI News Channel From Pay to Free DTT

Posted in Technology and Commercial

By Florence Guthfreund-Roland & Mathilde Hallé

The TF1 group has petitioned the French media authority (the “CSA”) to swap its LCI news channel from pay to free DTT, based on the provisions of a new law adopted on November 15, 2013 which granted the CSA the power to authorize a pay DTT channel to migrate to free DTT, upon request from the broadcaster. In case of such a request, the CSA must consider whether a migration to free DTT would jeopardize (i) the principle of pluralism, (ii) the quality and diversity of TV programs, and (iii) the stability of the television sector. In a decision rendered on July 29, 2014, the CSA formally refused to approve the migration requested by TF1.

In support of its request, TF1 mainly contended that the decrease of LCI’s turnover partly results from a reduction in the fees paid to broadcasters by subscription-based television service providers (notably including cable/platforms operators). TF1 also claimed that LCI’s audience has substantially decreased, as have LCI’s annual net advertising revenues. On that basis, switching from pay to free DTT is, for TF1, the only option left to ensure LCI’s viability in the near future.

However, the CSA rejected TF1′s request based on the following arguments:

  • According to the CSA, LCI’s swap from pay to free DTT is not necessary to ensure pluralism on the free DTT market. Indeed, the LCI news channel is similar to two existing French free news channels, being BFM TV and i>Télé;
  • In addition, LCI’s migration to free DTT would lead to a decline in viewers for existing free news channels;
  • As a consequence, LCI’s migration to free DTT would likely jeopardize the balance of the advertising market considering that: (i) this market is already down and the level of advertising expenses has reached its lowest point in more than 10 years; and (ii) given the significant position of TF1 in the market, the latter would still be able to create advertising revenues for LCI (notably via cross-selling practices). Moreover, according to the CSA a prohibition of tied sales of advertising space between LCI and other channels belonging to TF1 would not compensate the channeling by LCI of part of the advertising resources specific to other news channels;
  • Based on the above, LCI’s migration to free DTT would materially affect the economic and financial situation of existing free news channels. Indeed, the CSA considered that neither competitive measures nor measures pertaining to the content of TV programs would be sufficient to thwart the transfer of audience shares from existing free news channels to LCI on the one hand, and the channeling of advertising resources by LCI on the other hand. In particular, the effects on the quality and diversity of the programs that would result from the offer of an additional free news channel would not compensate the detrimental impact on the economic and financial viability of existing free news channels, thus jeopardizing compliance with the principle of pluralism.

On the basis of similar considerations, the CSA, on the same day. rejected requests from the M6 group and the Canal + group to swap their respective channels Paris Première and Planète+ from pay to free DTT.

TF1 has two months to appeal the decision of the CSA before the French Administrative Supreme Court (the “Conseil d’Etat“). It can be noted that, in case of appeal by TF1, the decision of the CSA would remain applicable until the Conseil d’Etat rules on such decision.

For further information, please contact Florence Guthfreund-Roland (Florence.Guthfreund-Roland@dlapiper.com) or Mathilde Hallé (Mathilde.Halle@dlapiper.com).

 

FRANCE: Orange receives a public warning from the French Data Protection Authority (CNIL) following a security breach in a sub-subcontractor’s database

Posted in Privacy and Data Security

By Carol Umhoefer & Patrick Cookson

The CNIL’s decision provides useful guidance on security measures that the CNIL considers must be taken by data controllers.

Earlier this year, Orange discovered that the database of one of its sub-subcontractors had suffered a server malfunction that led to a security breach. The sub-subcontractor’s database contained the personal data of more than 1.3 million Orange customers (including name, date of birth, e-mail address, and landline and mobile phone numbers) and was used for sending promotional email campaigns.

In compliance with its obligations as an electronic communications operator, Orange notified the CNIL of the security breach in April 2014. On-site inspections conducted by the CNIL in May 2014 showed that the sub-subcontractor’s database had become publicly accessible by modifying the URL address of “unsubscribe” links in emails sent to customers, and that an unidentified third party had collected customers’ personal data a few months before.

Under French law, data controllers must use best efforts to ensure that the confidentiality of customers’ and prospects’ personal data is adequately secured. In issuing its warning, the CNIL cited three facts:

  • First, Orange did not carry out any security audit of the sub-subcontractor’s proprietary technology after it was implemented in November 2013;  the solution had been specifically adapted for Orange;
  • Second, Orange regularly sent updates of its customer database to its service providers by email, without any additional security measures;
  • Finally, although Orange and the subcontractor had entered into a contract setting forth security and confidentiality obligations for the subcontractor, those obligations were not passed through to the sub-subcontractor.

The decision serves as a timely reminder of the CNIL’s expectations as concerns personal data security.

For further information, please contact Carol Umhoefer (carol.umhoefer@dlapiper.com) or Patrick Cookson (patrick.cookson@dlapiper.com).

Managing legal risks arising from cloud computing

Posted in Cloud Computing

By Phillip Kelly and Elinor Thomas, DLA Piper (UK)

On 26 June 2014, the European Commission announced that it had been presented with guidelines on the standardisation of Service Level Agreements (SLAs) for cloud computing services.

The publication of the guidelines represents only the latest step in the Commission’s wider European Cloud Strategy, which was launched in 2012 with the objective of delivering a net gain of 2.5 million new European jobs, and an annual boost of €160 billion to European GDP by 2020.

The size of the market for cloud services across the EU, and the opportunities for growth that have already been identified, are indicative of the benefits that cloud services can bring to businesses of all sizes.   It is easy to see why there has been such a high take-up of cloud services and why the market is predicted to grow at such a rapid rate.  With the necessary infrastructure being the responsibility of the cloud service provider (CSP), the customer is spared the maintenance costs, capital expense and IT resource time typically associated with in-house IT projects.  Equally, because the infrastructure sits with the CSP, necessary resource and capacity can be acquired by the customer as and when it is needed, which can lead to very significant efficiency savings.

However, cloud services also bring risks, particularly for businesses with potential exposure to litigation or regulatory investigations, where documents may need to be accessed on a time sensitive basis and where any failings in document retention could result in significant negative consequences.  This article considers the nature of those risks and the steps that businesses can take to protect themselves in the context of the evolving cloud services market.

Summary of EU guidelines

The Commission’s publication of the guidelines for standardisation of SLAs for cloud services is undoubtedly a positive step towards assisting businesses across the EU in managing the risks associated with cloud services.  The guidelines have been prepared by a Cloud Select Industry Group, which included major CSPs such as Amazon, Google, Microsoft, Oracle and IBM and international professional service firms including DLA Piper and PwC.

The guidelines identify the types of objective criteria that should be included within SLAs to enable customers to measure performance.  Such criteria include the following:

  • availability levels, CSP response times, support and maintenance commitments and data retention policies;
  • security standards, including in respect of service reliability, user authentication, data encryption and security auditing rights;
  • data management standards, including in respect of data classification, data mirroring, backup and restoration policies, data lifecycle and data portability; and
  • personal data protection standards, including in respect of data protection compliance, data processing, notification of disclosure requests and limitations on the circumstances in which data can be transferred cross-border.

Users of cloud services within the EU will be better placed to control and monitor risk if the guidelines are adopted by CSPs within their standard form SLAs.  The Commission has indicated that it expects that adoption of the guidelines will lead to greater trust in cloud solutions, which in turn will lead to increased revenues for CSPs as the market continues to grow.

The objective of generating greater trust in cloud solutions should be also furthered when the proposed EU Data Protection Regulation finally comes into force.  The intention behind that Regulation is to create a single pan-European law for data protection, replacing the current position where, although the EU Data Protection Directive (No 94/56/EC) sets minimum measures for data protection, it is open to member states to implement stricter requirements.  This results in inconsistencies in national data protection laws and competing provisions applying to services that are provided across more than one member state.

Risks arising from the use of cloud services in the context of legal proceedings

Whilst the risk profile of using cloud services across the EU will likely change once the SLA guidelines and the EU Data Protection Regulation are adopted fully, businesses with exposure to litigation and regulatory investigations should be aware of the types of risks that are inherent when using cloud services.  In particular, the varying requirements under the laws of different European jurisdictions in relation to the retention, search for and disclosure or production of documents in the event of domestic or foreign litigation and varying data protection/privacy laws, can all lead to complications in the context of cloud storage solutions.

While typically more of an issue in common law jurisdictions (such as England, where parties to litigation are under a duty to retain and then disclose relevant documents in their control), cloud storage of documents may mean that document disclosure issues can also arise in civil law jurisdictions where obligations to produce documents are typically far more limited.  Particular issues arise in this context in relation to cloud document storage because of the attendant uncertainties concerning the physical location of cloud data.  As explained above, cloud storage is usually provided by a third party and located remotely from the business, often in another jurisdiction, in multiple jurisdictions, or even in changing locations.  In practice, therefore, a company’s data is often divided and stored in different countries and may become subject to the laws of the jurisdiction in which it is stored (e.g. where the CSP’s servers are located).

This can become problematic because of the varying laws, even across European jurisdictions, in relation to the collection of documents for foreign proceedings.  For example, while the search for and collection of data in the control of a party may be mandated by one law, the law of another European can prohibit the search for or disclosure of documents located in that jurisdiction for use in foreign proceedings.  The English court considered this issue (although not in the context of cloud services) as recently as last year in the cases of Secretary of State for Health and others v Servier Laboratories Ltd and others and National Grid Electricity Transmission plc v ABB Ltd and others, effectively deciding that documents stored in France must be disclosed notwithstanding that French law gave rise to a risk of prosecution for doing so.  Businesses may therefore end up in a position where the use of cloud storage solutions and the requirement to collect documents in the event of litigation exposes them to potential breaches of local laws even where they may not have been aware that their documents were located in the relevant jurisdiction.

Another key risk arising from cloud services in the context of disputes is the possibility of applications for third party disclosure being made directly against CSPs to compel them to provide documents within their control.  This is highly undesirable both for CSPs and customers and leads to the risk of conflicts between the CSP’s contractual obligations to customers and legal requirements imposed by, for example, a court order mandating disclosure.

Businesses should also be aware that the cross border nature of cloud storage could lead to the possibility of governments, law enforcement agencies or regulatory bodies in jurisdictions where data is stored being able to access their documents for the purposes of investigations or surveillance.  Generally speaking in these circumstances (unless the request can be challenged because it does not comply with applicable laws), the CSP will have little option other than to give access to its customer’s documents.  While it has always been the case that governments generally have rights under national laws to access privately held data in circumstances where national security or serious crime is an issue, cloud users should be particularly aware that the multi-jurisdictional features of cloud storage mean that documents may be susceptible to access by different governments across the world.

The particular legal issues that arise in the context of cloud computing can be mitigated against by businesses keen to use it because of the significant commercial advantages that it provides.  Ideally, cloud customers should undertake due diligence into their CSPs at the outset to determine which jurisdictions documents are likely to be stored in and therefore which national laws will be at play.  It is also good practice to engage with CSPs about their procedures for dealing with disclosure requests from third parties (whether courts or government/regulatory bodies) in order to gauge the CSP’s awareness of the issues and their processes for considering and responding to such requests.

It is also important for customers to select CSPs who can easily facilitate the preservation of documents in the event of litigation or investigations by implementing the immediate suspension of auto-deletion procedures (thereby preventing possible adverse inferences in the event of the loss of data) and who offer sophisticated search tools that can provide benefits in any litigation or investigation.

The use and reach of all three varieties of cloud computing is expanding, and although undoubtedly a positive development for businesses across Europe, its limitations and risks should not be overlooked. Businesses should be cautious when deciding whether to utilise the technology, the CSP they choose, and the extent to which cloud storage is implemented, particularly in light of the difficulties that could arise in the context of document retention, litigation and investigations. This is particularly relevant as a result of the differing nature of technology and privacy laws across the EU, and whilst steps are now being taken to increase certainty and cooperation between and across states, different interpretations and approaches to disclosure and document retention will continue to cause difficulties for businesses. However, as long as businesses (especially those operating cross border) are aware of the issues and have open communication with CSPs, the actual and potential benefits of using cloud computing technology appear to far outweigh the risks.

UPDATE: Federal District Court Decision in Microsoft Case re Warrants for Content Stored Outside US

Posted in International Privacy, Privacy and Data Security, Technology and Commercial, US Federal Law

UPDATE:

Written by Sydney White

On August 29, the district court judge lifted the stay after finding that the decision was not appealable.  Microsoft continues to refuse to turn over the emails and it seems likely that the judge will find Microsoft in contempt.  A contempt order would be appealable as a final order and could be stayed pending appeal.

____________________________________________________________________________________

Written by Sydney White

On July 31, the district court judge issued a ruling in the case involving the US Government’s warrant issued to Microsoft to compel production of data stored on the servers of its wholly owned Irish subsidiary located in Ireland (In re Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp. (S.D.N.Y.)).  The judge upheld the magistrate’s decision that Microsoft must produce the emails stored in servers located in Ireland stored by its Irish subsidiary.  The decision is stayed as Microsoft appeals.

This case could have profound implications for US companies storing or hosting data overseas because foreign competitors will be able to argue that data stored outside the US is not safe from not only US intelligence but also US law enforcement.  It likewise could lead to chaotic choice of law disputes as other countries begin to demand reciprocal treatment in the US for law enforcement process.  This follows on increasing requirements in other countries for data localization following the Edward Snowden revelations.

The judge agreed with the magistrate that the issue is not the location of the data but instead control over the data.  As such, Microsoft is required to produce the data regardless of where it is stored.  This follows the Bank of Nova Scotia line of cases.

Ultimately, this case could end up before the Supreme Court or it could lay the ground work for Congress to step in and clarify the legal standards for law enforcement access to electronic information.

What?? The Target Company Does Not Own its IP!?

Posted in Licensing, Technology and Commercial

Written by Mark Lehberg

We have been working on a number of private company mergers and acquisitions transactions this year where the technology and the intellectual property of the target company (the “Target”) are the key value drivers for the transaction.  It is always surprising when the Target has not used “good housekeeping” with regard to its intellectual property and when the Target has transacted business without regard to what might happen in the event of an acquisition.  This is especially a surprise since the exit strategy for many (if not most) private companies is an acquisition.

In a current transaction, our client is buying a private software company based in Europe.  The software, technology and intellectual property are the key value drivers in the deal.  The following are some of the issues in the transaction.  These are key issues for acquirers in M&A transactions and are issues that private companies can easily avoid.

  • IP Developed by Employees.  The agreements between the Target and its employees do not include a present assignment of intellectual property from the employees to the Target.  Consider the Stanford v. Rochedecision.
  • IP Developed by Contractors.  Similarly, the agreements between the Target and its contractors do not include a present assignment of intellectual property from the contractors to the Target.
  • IP Developed by Engineers’ Personal Management Companies.  In this transaction, some of the key engineers (who are also significant shareholders) were not employees of the Target, but instead contracted with the Target under separate “personal management companies.”  These personal management companies are common in the particular European jurisdiction for tax reasons.  So the key engineers are the sole employees of a personal management company, which in turn provides services to the Target and may, in some cases, provide services to other companies.  In some cases the personal management company has an agreement with the Target, while in other cases there is no agreement with the Target.  If there is an agreement with the Target, the agreement does not include an assignment of intellectual property to the Target.  To make matters more complicated, the engineer has no agreement with the management company.  As a result, it is not clear who owns the intellectual property – the engineer, the management company or the Target.  In one case, the personal management company was liquidated.
  • Patents.  The Target received an assignment of a patent from a European University, but the patent assignment was incomplete and did not fully assign the patent to the Target.  Other patent assignments were sloppy and incorrectly identified the Target as the assignee.
  • Inbound Licenses.  As a result of the Target’s relationship with the European University, the Target used “academic” as opposed to “commercial” licenses to certain third party software.
  • Tax Subsidies from Local Government.  The Target received tax subsidies for product development efforts and the subsidies included restrictions on the “transfer” of the result of the development work.  However, the term “transfer” is not defined.

If you are a private software or technology company and your “exit plan” is an acquisition, follow good housekeeping when it comes to your ownership of your intellectual property and your transaction will go much more smoothly.  If you are an acquirer, do not overlook the diligence around these “fundamental” issues.

 

FRANCE: A French Court orders a Swiss company selling French game tickets over the Internet to prevent French Internet users from accessing part of its websites

Posted in E-Commerce and Social Media, Gambling & Gaming, Licensing

By Florence Guthfreund-Roland & Mathilde Hallé

On April 10, 2014, the Court of First Instance of Paris found that VIAGOGO, a Swiss company operating a website selling sports tickets on the Internet, had no right to sell tickets for a French soccer game organized by the French Professional Soccer League. On that basis, the Swiss company was ordered to take appropriate steps to prevent French Internet users from accessing the content of its online communication service on several of its websites.

The French Professional Soccer League (the “LFP”) is the French entity in charge of the organization of professional soccer competitions, including the French national soccer cup.

In February 2014, the LFP sent a cease and desist letter to the Swiss company VIAGOGO asking the latter to cease the commercialisation of game tickets for the French national soccer cup final, on the grounds that VIAGOGO was in breach of the LFP’s monopoly as it was not authorised by the LFP to sell such tickets online. The LFP also claimed that the tickets were sold by VIAGOGO at a price much higher than the one set by the LFP when they brought an action against VIAGOGO before the interim relief judge of the Court of First Instance of Paris in March 2014. The LFP  asked the Court to order VIAGOGO to withdraw from its websites, and especially from the website www.viagogo.fr, any offer for sale of tickets for the French national soccer cup final.

In defence, VIAGOGO contended the following:

  • the French Courts had no jurisdiction over the disputed matter since the LFP had not demonstrated that the websites www.viagogo.lu and www.viagogo.com targeted the French public, nor that there was a substantial and significant link with the French public;
  • the fact that part of the content posted on the disputed websites was in French was not sufficient to grant the French Courts jurisdiction over the disputed matter;
  • the website www.viagogo.com did not target the French public since prices were displayed in dollars on the website;
  • VIAGOGO was not responsible for the offer of the website viagogo.fr; and
  • the Paris professional soccer team had entered into an agreement with VIAGOGO in relation to the website www.viagogo.fr.

However, the Court found that it had jurisdiction over the disputed matter considering that: (i) the three disputed websites could be accessed from France and target the French public. Moreover, online transactions could be made in Euros; and (ii) the fact that the company operating the website was not located in France was not relevant, nor was the fact that the hosting providers involved were not incorporated in France.

In line with previous case law on the monopoly of sports organizations, the Court further held that the offering for sale of the tickets by VIAGOGO consisted in an obviously illicit disorder since VIAGOGO does not have the right to commercialise such tickets and does not abide by the conditions of sale set forth by the LFP. In other words, and even if not innovative from a legal standpoint, the Court confirmed that the sale of tickets for any soccer game organised by the LFP falls within LFP’s monopoly, and therefore remains subject to the LFP’s prior authorisation and to its general conditions of sale.

On that basis, the Court ordered VIAGOGO to take any measures to prevent French Internet users from accessing the content of its online communication service accessible from the websites www.viagogo.fr, www.viagogo.lu and www.viagogo.com, without distinguishing between soccer tickets submitted to the LFP’s monopoly and other sports tickets. It can be noted that such measures may put a disproportionate burden on VIAGOGO as, under French law, the interim relief judge is in theory only allowed to grant measures which are strictly necessary to put an end to the acknowledged disorder and prevent any damage.

For further information, please contact Florence Guthfreund-Roland (florence.guthfreund-roland@dlapiper.com) or Mathilde Hallé (mathilde.halle@dlaiper.com).

Back to Top of Page