Archive for: computer law

Next posts »

Press law, case II K 367/08

January 14th, 2009, Tomasz Rychlicki

The Regional Court in Słupsk in its judgment of 16 December 2008, case file II K 367/08, acquitted Leszek Szymczak from charges of publishing press material featuring criminal content that publicly incited its readers to commit offences. This case concerned posts that were published at the online forum of http://gazetabytowska.pl website (also accessible at http://gby.pl), which – according to the Public Prosecutor’s Office – included incitement to commit crime. Charges were based on article 49a of the Polish Act of 26 January 1984 on Press law – APL – (in Polish: ustawa Prawo prasowe), Journal of Laws (Dziennik Ustaw) No 5, item 24, with later amendmets.

An editor who unintentionally published press material that featured criminal content mentioned in article 37a hereof, shall be subject to a fine penalty or the restriction of liberty.

In connection with article 255 of the Criminal Code of 6 June 1997, Journal of Laws (Dziennik Ustaw) No. 88, item 553, with later amendments.

1. A person who publicly calls for committing an offence of a fiscal crime shall be subject to a fine penalty, the restriction of liberty or imprisonment for up to two years.
2. A person who publicly calls for committing a crime shall be subject to the restriction of liberty for up to three years.
3. A person who publicly praises the commitment of a crime shall be subject to a fine penalty amounting to up to 180 daily rates, the restriction of liberty or imprisonment for up to one year.

The court ruled that according to the Polish Press Law, Leszek Szymczak is the publisher and the editor, however the entries that were posted by visitors of his website did not constitute a press material. The appeal brought by the Prosecutor Office was rejected. See “Press law, case VI Ka 202/09“.

See also “Press law, case VI Ka 409/07” and “Press law, case IV KK 174/07“.

Categories: Art. 255 CRC | Art. 49a APL | computer law | criminal law | defamation | e-law issues | ISP liability | legal regulations on computer networks | personal rights or interests | Polish Act on Press Law | Polish courts | Polish Criminal Code | Polish Criminal Proceedings Code | Polish law | Polish Regional Court | press law.

Internet domains, case II C 1091/04

November 22nd, 2008, Tomasz Rychlicki

The Regional Court for Warszawa-Mokotów in its judgment case file II C 1091/04 ruled that according to Article 3851 § 1 of the CC, the provisions of a contract concluded with a consumer, which have not been individually agreed with him, shall not be binding thereupon, if his rights and duties have been stipulated in conflict with public decency and in flagrant violation of his interest (wrongful contractual provisions). According to Article 3853 § 1 of the CC, in the case of doubt, the wrongful contractual provisions should be, in particular these which exclude the jurisdiction of the Polish courts, or have the case decided by a Polish or a foreign conciliatory court or another authority, or force a decision in the case to be made by the court which has no local competence. According to the court’s decisions, the obligatory referral of a domain name dispute to a court of arbitration is a wrongful contractual provisions. For this reason Article 23 of the Domain Names Regulations issued by NASK, does not relate to or is not binding for consumers.

22. In case a third party initiates a legal action in the Arbitration Court against the Subscriber claiming that the Subscriber has infringed the rights of that person by entering into or performing the Agreement, the Subscriber shall submit to that Arbitration Court a duly signed arbitration clause to the Arbitration Court in due time stated in the summon to sign this arbitration clause.
23. The non-signing of the arbitration clause specified above shall result in the termination of the Agreement three months after the time stated to sign this arbitration clause, and this time limit shall be shortened to the date of the expiry of the calculating period based on the Price List if this date occurs before the end of the three month-period after the time stated to sign this arbitration clause. If the NASK has been informed during the time period specified above by the Arbitration Court about the delivery of the signed arbitration clause to that Court, the Agreement shall not be terminated.

Consequently, the termination of the contract based on these provisions could be regarded as invalid. The court also noted that such provisions could be challenged even in the course of a professional trade, as affecting the principle of contractual freedom and the right to a court.

See also “Polish case law on domain names“.

Categories: Art. 385¹ CC | computer law | domain names | e-law issues | Polish Civil Code | Polish Regional Court | Polish TLDs.

Press law, case II SA/Wa 1885/07

October 30th, 2008, Tomasz Rychlicki

The Voivodeship Administrative Court in its order of 30 October 2008 case file II SA/Wa 1885/07 held that the legislature clearly included as the press all existing and emerging as a result of technical progress, means of mass communication (…), to disseminate periodical publications in print, video, audio, or other distribution technology, and although there are no established views on the recognition of internet communication as the press therefore the content of the provisions of Article 7(2) pt 1 of the APL should, however, allow for the broad understanding of the concept of “press”, as it was also interpreted by the Supreme Court in its order of 27 July 2007, case file IV KK 0174/07. See “Press law, case IV KK 174/07“.

The court found that the Internet journals that can be considered as press publications, do not need to have a typical electronic “newspaper” form, similar to that published in the on line system by the big companies with the well-known news titles. Of course, it may also mean that the status of “the press” will get everything that is posted on the Internet, just because it is the result of technological progress and gets a potentially unlimited audience. Whether a publication that is available online has press characteristics should decided by the goal/objective/tasks of such publications.

Since the role and task of the press is to disseminate information, the periodicity of communication, the cyclic information of the public of certain facts of social, economic, political, educational, cultural, music, film and art issues, etc., under the title, name, address or even a link it would indicate the purpose pursued by the editors, the publisher and the author of an electronic publication, a website that was created specifically for this purpose.

Categories: Art. 7(2) APL | computer law | e-law issues | e-press | personal rights or interests | Polish Act on Press Law | press law | press title | Voivodeship Administrative Court.

E-commerce law, case C-298/07

October 20th, 2008, Tomasz Rychlicki

The Court of Justice of European Communities in its judgment of 16 October 2008 in case C-298/07, deutsche internet versicherung, held that Article 5(1)(c) of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the internal market (‘Directive on electronic commerce’) must be interpreted as meaning that a service provider is required to supply to recipients of the service, before the conclusion of a contract with them, in addition to its electronic mail address, other information which allows the service provider to be contacted rapidly and communicated with in a direct and effective manner. That information does not necessarily have to be a telephone number. That information may be in the form of an electronic enquiry template through which the recipients of the service can contact the service provider via the internet, to whom the service provider replies by electronic mail except in situations where a recipient of the service, who, after contacting the service provider electronically, finds himself without access to the electronic network, requests the latter to provide access to another, non-electronic, means of communication.

Categories: computer law | digital economy | Directive 2000/31/EC | e-law issues | EU law | ISP liability | Judgments of Court of Justice of the EC | legal regulations on computer networks.

Computer crimes, case VI K 849/07

October 6th, 2008, Tomasz Rychlicki

On August 11, 2008, the District Court in Glogów (VI Wydzial Grodzki) issued an important ruling case file VI K 849/07, regarding a man accused by the prosecutor of using computers to breach electronic security of a company server and database which allowed him to obtain information not intended for him (personal data) thereby acting to the detriment of the business. Mateusz M. was accused by the prosecutor based on regulations provided in Artice 267 §1 of the Polish Penal Code.

Chapter XXXIII. Crimes against protection of information
(…)
Article 267.
§ 1. Whoever, without being authorised to do so, acquires information not destined for him, by opening a sealed letter, or connecting to a wire that transmits information or by breaching electronic, magnetic or other special protection for that information shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.
§ 2. The same punishment shall be imposed on anyone, who, in order to acquire information to which he is not authorised to access, installs or uses tapping, visual detection or other special equipment.
§ 3. The same punishment shall be imposed on anyone, who imparts to another person the information obtained in the manner specified in § 1 or 2 discloses to another person.
§ 4. The prosecution of the offence specified in § 1 – 3 shall occur on a motion of the injured person.

Mateusz M. had browsed through an internet company website and found that the service contained serious programming errors. He put into the login form a string of signs as follows “‘ or 1 = 1″ (and repeated this operation in the password field), which resulted in him being signed/logged into a random user account which allowed him to gain access to several user accounts and their personal data. Mateusz M. decided to exploit this opportunity and made contact with company’s representatives. He informed them that he detected a gap in their website security which allowed him entry to the marketing database of firms owned or connected with the company which operated this online database. In the meantime, Mateusz M. checked other websites and online services created by the same authors of the first website. He has also found that all of them contained the same programming errors because all these websites were built using the same content management system (CMS). Mateusz M. was invited by the company to sign a contract to remove these programming errors. He was also presented with a non-disclosure agreement (NDA), which he signed. However the NDA’s date was set prior to the date he had detected the programming errors and this was used by the company to enable the police, who were co-operating with the company, to arrest Mateusz M.

During the pre-trial proceedings the court’s expert in the field of information technology stated that in his opinion Mateusz M. had used “a form of attack on the company’s database called SQL Injection”; the aim of such an attack is “to extract confidential information from the database and to disrupt its operation”. In the course of the proceedings before the court, the District Court in G#x142og1ow allowed the counsel for the defence to admit evidence of another expert.

The second expert provided the court with an opinion that by introducing a string “‘ or 1 = 1″ Mateusz M. had not made any breach of the database, he did not crack any password allowing for access to the database, he did not type or insert any software code and Mateusz M. had not affected the functioning of the database in any way. According to the second expert, Mateusz M. had not removed the database security, and he had not changed the password access, nor did he create any new accounts in the database. In this expert’s opinion, the introduction of the said string by Mateusz M. should be considered as an “SQL Injection” method that was used to circumvent the protection of a database, but that it was permitted by the improper and inadequate protection scheme applied to the database by its creators. The “Sign in” form of the database was designed in such a way that merely typing any string of characters was permitted as an input of data for this type of form. The database authors had not implemented any solutions to verify whether the database stored a user name or password attached to such a string, and as it had not, the database did not generate a proper error message

The court held that the action of the accused failed to comply with the statutory elements of Article 267. In the court’s opinion, breaching security occurs when the offender destroys or removes the security, or when the impact of the offender’s action on the security temporarily removes its protective function. Thus a person who gains access to sensitive information without breaking any security measures is not criminally responsible.

The court ruling acquitted the accused of all the charges based on art.632(2) Polish Criminal Proceedings Code, and the court held that the costs of wrongful prosecution were to be covered by the state. This decision was final and consequently there are pending amendments to the Polish Criminal Code relating to the aforementioned regulations.

Categories: Art. 267 CRC | computer law | criminal law | legal regulations on computer networks | Polish courts | Polish District Court | Polish law.

US case law on computers and IT

February 28th, 2008, Tomasz Rychlicki

Last updated on 16 January 2010.

This short compilation of US computer (IT, Internet, cyberlaw, telecommunication) case law will be also available and under later developement on my new Wiki system.

I. Jurisdiction
II. Contracts
III. Trespass to chattels
IV. Intellectual Property
V. Regulating content and speech
VI. Privacy
VII. Computer and Internet crimes
VIII. E-government
IX. Litigation

I. JURISDICTION

A. Specific jurisdiction.

B. General jurisdiction

C. Criminal analogy

D. Enforcement

  • Louis Feraud Int’l S.A.R.L. v. Viewfinder Inc., 406 F. Supp. 2d 274 (S.D.N.Y. 2005).

II. CONTRACTS

A. Browserwrap licenses

  • Pollstar v. Gigmania Ltd., 170 F. Supp. 2d 974 (D. Cal. 2000).
  • Specht v. Netscape Communs. Corp., 150 F. Supp. 2d 585 (S.D.N.Y. 2001).
  • Ticketmaster Corp. v. Tickets.Com, Inc., 2000 U.S. Dist. LEXIS 12987 (D. Cal. 2000).
  • Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D.N.Y. 2000).
  • Comb v. Paypal, Inc., 218 F. Supp. 2d 1165 (D. Cal. 2002).
  • Cairo, Inc. v. Crossmedia Servs., 2005 U.S. Dist. LEXIS 8450 (D. Cal. 2005).

B. Shrinkwrap and clikwrap licenses

C. Terms Of Service

  • Oestreicher v. Alienware Corp., 502 F. Supp. 2d 1061 (D. Cal. 2007)

D. Software licenses

E. FLOSS licenses

  • Computer Assocs. Int’l v. Quest Software, Inc., 333 F. Supp. 2d 688 (D. Ill. 2004).
  • Planetary Motion, Inc. v. Techsplosion, Inc., 261 F.3d 1188 (11th Cir. 2001).
  • Progress Software Corp. v. MySQL AB, 195 F. Supp. 2d 328 (D. Mass. 2002).
  • SCO Group, Inc. v. International Business Machines Corp., Not Reported in F.Supp.2d, 2005 WL 318784 (D.Utah, 2005).
  • Wallace v. Free Software Found., Inc., 2006 U.S. Dist. LEXIS 53003 (D. Ind. 2006).
  • Wallace v. IBM, 467 F.3d 1104 (7th Cir. 2006).

F. Contractual and statutory liability for defective software

  • Kaczmarek v. Microsoft Corp., 39 F. Supp. 2d 974 (N.D. Ill. 1999).
  • In re AOL, Inc. Version 5.0 Software Litig., 168 F. Supp. 2d 1359 (S.D. Fla. 2001).
  • In re SONY BMG CD Technologies Litigation, 2005 U.S. Dist. Ct. Motions 9575, 2006 U.S. Dist. Ct. Motions LEXIS 9329, (S.D.N.Y. 2006).

G. Auction sites and contracts

  • Perez v. Hung Kien Luu, 2007 Tex. App. LEXIS 8670 (Tex. App. 2007)

III. TRESPASS TO CHATTELS

A. Trespass involving spam

  • Compuserve Inc. v. Cyber Promotions, 962 F. Supp. 1015 (D. Ohio 1997).
  • America Online v. LCGM, Inc., 46 F. Supp. 2d 444 (D. Va. 1998).

B. Trespass to online databases

IV. INTELLECTUAL PROPERTY

A. Copyright
1. Protection of computer software

2. Reverse engineering, technological protection measures, anti-circumventions (17 U.S.C. §§ 1201-1204)

3. Different copyright infringement issues (civil actions, DMCA, websites)

  • L.A.Times v. Free Republic, 54 U.S.P.Q.2D (BNA) 1453, 2000 U.S. Dist. LEXIS 5669 (D. Cal. 2000).
  • Umg Recordings v. Mp3.com, Inc., 92 F. Supp. 2d 349 (S.D.N.Y. 2000).
  • A&M Records v. Napster, 239 F.3d 1004 (9th Cir. 2001).
  • MGM Studios, Inc. v. Grokster, Ltd., 545 U.S. 913 (2005).
  • Tur v. Youtube, Inc., 2007 U.S. Dist. LEXIS 50254 (D. Cal. 2007).
  • Biosafe-One, Inc. v. Hawks, 524 F. Supp. 2d 452 (D.N.Y. 2007).

4. Derivative Works issues (framing, deep links)

  • Futuredontics, Inc. v. Applied Anagramics, 45 U.S.P.Q.2D (BNA) 2005, 1998 U.S. Dist. LEXIS 2265 (C.D. Cal. 1998).
  • Ticketmaster Corp. v. Tickets.com, Inc., 54 U.S.P.Q.2D (BNA) 1344, 2000 U.S. Dist. LEXIS 4553 (C.D. Cal. 2000).
  • Intellectual Reserve, Inc. v. Utah Lighthouse Ministry, Inc., 75 F. Supp. 2d 1290 (D. Utah 1999).
  • Digital Equip. Corp. v. AltaVista Tech., 960 F. Supp. 456 (D. Mass. 1997).
  • Nissan Motor Co. v. Nissan Computer Corp., 2000 U.S. App. LEXIS 33937 (9th Cir. 2000).

5. Communication Act, satellite programming

B. Trademarks (domain names and unfair competition, search engines and trademarks, keywords)
1. Domain names as trademarks

2. Cybersquatting

3. Free speech and fair use of trademarks in domain names

C. Databases

D. Patents (software patents and business models patents)

E. Trade secrets

V. REGULATING CONTENT AND COMMUNICATION

A. Pornography

B. Defamation and information torts

C. Spam

D. Liability of internet service providers

VI. PRIVACY (cookies, adware, spyware)

A. Cookies, adware

  • In re Doubleclick Privacy Litig., 154 F. Supp. 2d 497 (S.D.N.Y. 2001).
  • In re Intuit Privacy Litig., 138 F. Supp. 2d 1272 (C.D. Cal. 2001).
  • Directv, Inc. v. Jae Sun Chin, 2003 U.S. Dist. LEXIS 15815 (W.D. Tex. 2003).

B. Spyware

  • Specht v. Netscape Communs. Corp., 150 F. Supp. 2d 585 (S.D.N.Y. 2001).
  • Specht v. Netscape Communs. Corp., 306 F.3d 17 (2d Cir. 2002).
  • Sotelo v. DirectRevenue, LLC, 384 F. Supp. 2d 1219 (N.D. Ill. 2005).

C. Other issues
1. Posting different types of information

  • Michaels v. Internet Entertainment Group, 5 F. Supp. 2d 823 (D. Cal. 1998).
  • In the Matter of Geocities, 127 F.T.C. 94 (F.T.C 1999).
  • Remsburg v. Docusearch, Inc., 149 N.H. 148 (N.H. 2003).
  • Topheavy Studios, Inc. v. Doe, 2005 Tex. App. LEXIS 6462 (Tex. App. 2005).
  • John Doe No. 1 v. Cahill, 884 A.2d 451 (Del. 2005).
  • Federal Trade Commission, Gateway Learning Corporation; Analysis to Aid Public Comment, 69 Fed. Reg. 42176, (July 14, 2004).
  • Lambert v. Hartman, 2008 U.S. App. LEXIS 4019 (6th Cir. 2008).

2. Data retention and interception (administrative, civil and criminal aspects)

VII. COMPUTER AND INTERNET CRIMES

A. Hacking (system breach and/or data manipulation, etc.)

  • State v. McGraw, 480 N.E.2d 552 (Ind. 1985).
  • State v. Riley, 121 Wn.2d 22 (Wash. 1993).
  • Thrifty-Tel, Inc. v. Bezenek, 46 Cal. App. 4th 1559 (Cal. Ct. App. 1996).
  • United States v. Sablan, 92 F.3d 865 (9th Cir. 1996).
  • Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F. Supp. 2d 817 (E.D. Mich. 2000).
  • Thurmond v. Compaq Computer Corp., 171 F. Supp. 2d 667 (D. Tex. 2001).
  • United States v. Ivanov, 175 F. Supp. 2d 367 (D. Conn. 2001).
  • Guin v. Brazos Higher Educ. Serv. Corp., 2006 U.S. Dist. LEXIS 4846 (D. Minn. 2006).
  • In the Matter of BJ’S Wholesale Club, Inc., 2005 FTC LEXIS 134 (F.T.C 2005).
  • United States v. Heckenkamp, 482 F.3d 1142 (9th Cir. 2007).

B. Dos, DDoS, botnets

  • Tyco Int’l (US) Inc. v. Doe, 2003 U.S. Dist. LEXIS 25136 (S.D.N.Y. 2003).
  • United States v. Ancheta, case No.2:05CR01060, unpublished (C.D. Cal. 2006).

C. Viruses, worms, trojans, timebombs

D. IP crimes

  • United States v. Lambert, 446 F. Supp. 890 (D. Conn. 1978).
  • United States v. LaMacchia, 871 F. Supp. 535 (D. Mass. 1994).
  • Arista Records, Inc. v. MP3Board, Inc., 2003 U.S. Dist. LEXIS 11392, Copy. L. Rep. (CCH) P28,658 (S.D.N.Y. 2003).
  • United States v. Hsu, 40 F. Supp. 2d 623 (D. Pa. 1999).

E. Digital espionage, carding, e-banking robbery, online wars

F. Pornography

G. Other

  • People v. Fernino, 2008 NY Slip Op 28044, 1 (N.Y. Misc. 2008).

VIII. E-government (e-administration, e-voting, technological neutrality of the state, open standards) issues

  • Online Policy Group v. Diebold, Inc., 337 F. Supp. 2d 1195 (D. Cal. 2004).

IX. Litigation (e-evidences etc.)

  • Bakhtiari v. Lutz, 507 F.3d 1132 (8th Cir. 2007).

Categories: case law | computer law | telecommunication law | US law.

C-275/06, Promusicae

January 29th, 2008, Tomasz Rychlicki

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights, and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) do not require the Member States to lay down, in a situation such as that in the main proceedings, an obligation to communicate personal data in order to ensure effective protection of copyright in the context of civil proceedings. However, Community law requires that, when transposing those directives, the Member States take care to rely on an interpretation of them which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with those directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality.

Details about this case in the judgment C-275/06, Promusicae.

Categories: computer crime | computer law | copyright law | Directive 2000/31/EC | EU law | Judgments of Court of Justice of the EC.

Internet domains and trade mark law, case I ACa 1228/05

June 14th, 2007, Tomasz Rychlicki

The Appellate Court in Poznań in its judgment of 26 April 2006, case file I ACa 1228/05, published in electronic database LEX no. 214296, ruled that in the case of a trade mark in the form of a particular word, the word representing a sign it is important, so long as it has the distinctive character and it is possible to distinguish the goods supplied or manufactured by a company from the products of another company. The appearance of a sign that may be represented by letters written in different fonts was less important in the described case. The conclusion that the only the graphic/figurative similarity between the two marks would give a plaintiff the right to assert claims arising out from article 296 of the Polish Act of 30 June 2000 on Industrial Property Law – IPL – (in Polish: ustawa Prawo własności przemysłowej) of 30 June 2000, published in Journal of Laws (Dziennik Ustaw) of 2001 No 49, item 508, consolidated text of 13 June 2003, Journal of Laws (Dziennik Ustaw) No 119, item 1117, with later amendments, would render the protection resulting from this provision purely illusory and would wreck the sense of norms arising from this article.

Article 296
1. Any person whose right of protection for a trademark has been infringed or any person who is permitted by law to do so, may demand the infringing party to cease the infringement, to surrender the unlawfully obtained profits and in case of infringement caused by fault also to redress the damage:
(i) in accordance with the general principles of law,
(ii) by the payment of a sum of money at the amount corresponding to the license fee or of other reasonable compensation, which while being vindicated would have been due on account of consent given by the holder to exploit his trademark.

1a. To the claims referred to in paragraph (1) the provisions of Article 287(2) and (3) shall apply accordingly.

2. Infringement of the right of protection for a trademark consists of unlawful use in the course of trade of:
(i) a trademark identical to a trademark registered in respect of identical goods,
(ii) a trademark identical or similar to a trademark registered in respect of identical or similar goods, if a likelihood of misleading the public, including in particular a risk of associating the trademark with a registered trademark, exists;
(iii) a trademark identical or similar to a renown trademark registered for any kind of goods, if such use without due cause would bring unfair advantage to the user or be detrimental to the distinctive character or the repute of the earlier trademark.

3. The claims referred to in paragraph (1) shall also be enforceable against a person who only puts on the market the goods already bearing that trademark, provided that the goods do not originate from the right holder or from a party authorised by him to use the trademark.

4. When invoking the right of protection conferred by his trademark, the licensor may enforce the claims referred to in paragraph (1) against a licensee who breaches any provision in his licensing contract with regard to its duration and territory covered by the contract, the form covered by the contract in which the trademark may be used, as well as the scope of the goods for which the trademark may be used or the quality of the goods. This shall apply accordingly to the sub-license.

5. A holder of a right of protection for a trademark may enforce the claims referred to in paragraph (1) against a licensee or a sub-licensee in case where the provisions of the sub-license contract, referred to in paragraph (4) have been breached, as well as in the case, where the contract has been concluded in breach of Article 163(2).

The Court also held that the registration of a web site under a given domain name address, and conducting a business activity through, and also its advertising, complete the condition of “trade mark use”.

See also “Polish case law on domain names“.

Categories: Art. 10 CUC | Art. 296(1) IPL | Art. 296(2)(ii) IPL | Art. 3(1) CUC | case law | computer law | distinctive character | domain names | Internet domains law | Polish Act on Combating Unfair Competition | Polish Act on Industrial Property Law | Polish Appeallate Court | Polish TLDs | trade mark infringement | trade mark use.

Access to public information, case OSK 600/04

September 12th, 2006, Tomasz Rychlicki

ISOC Poland requested the President of the Social Insurance Institution – ZUS – (in Polish: Zakład Ubezpieczeń Społecznych) to make available public information concerning technical specification of the KSI MAIL format, that is used in Płatnik software. Płatnik computer program is a free but not open source software to use (fill in and send) a statement of payment declarations to the Social Insurance Institution. It works only with MS Windows.

The President of ZUS ruled that the Polish Act of 13 October 1998 on the social insurance system, consolidated text published in Journal of Laws (Dziennik Ustaw) of 2007 No. 11, item 74 as amended, obliges payers of social insurance to prepare documents including inter alia protected data, for instance sensitive data concerning health, in the electronic format and to transmit of such documents from Płatnik to ZUS. These data are personal data protected by law. Making them available could result in significant disruption in the supply KSI MAIL system, exposing to a breach of professional secrecy of ZUS and undermine the statutory exclusivity of the software provided by ZUS.

Regardless of the abovementioned arguments, ZUS stated that KSI MAIL module is subject to business confidentiality and trade secrets due to the greement conducted between ZUS and Prokom Software S.A. on the design and implementation of a comprehensive system for social security. The agreement obliged ZUS to keep confidential all information relating to the transferred technology and solutions contained in KSI MAIL.

ZUS based its final decision on article 5 of the the Polish Act of 6 September 2001 on access to public information – API – (in Polish: Ustawa o dostępie do informacji publicznej) Journal of Laws (Dziennik Ustaw) No. 112, item 1198, with later amendments.

Article 5. 1. The right to public information is subject to limitation to the extent and on the principles defined in the provisions on the protection of confidential information and on the protection of other secrets being statutorily protected.
2. The right to public information is subject to limitation in relation to privacy of a natural person or the secret of an entrepreneur. The limitation does not relate to the information on persons performing public functions, being connected with performing these functions, including the conditions of entrusting and performing these functions and in the event when a natural person or entrepreneur resigns from the right to which he was entitled to.
3. The access to public information on matters resolved before the state authorities, in particular in the administrative, criminal or civil proceedings cannot be limited, with the stipulation of it. 1 and 2, with respect to protection of the party’s interest, if the proceedings concern the public authorities or other entities performing public functions or persons performing public functions – in the scope of these functions or tasks.
4. The limitations of access to information on cases, defined in it. 3, do not breach the right to information on organisation and work of the bodies conducting proceedings, in particular on time, mode and place and the order of investigating cases.

ISOC filed a complaint before the Voivodeship Administrative Court in Warsaw. It emphasized that the technical specification of KSI MAIL is public information. Its publication broadens the possibility of fulfilling the duties of citizens who do not wish to invest in MS Windows.

ISOC further argued that ZUS can not rely on contractual provisions, as it was contrary to the mandatory provisions of the API and that they are invalid. Also, ZUS made an erroneous interpretation of the law to rely on business secrets and trade secrets, because ISOC did not request the source code of the program, or other works protected by copyright or industrial property rights/patents.

The Voivodeship Administrative Court in its order of 30 January 2004 case file II SA 3732/03 held that this request concerns matters that are not subject to the administrative jurisdiction, but the civil courts which is in accordance with the provisions of article 22(1) of the API.

Article 22.
1. The entity, which was denied the access to the public information in respect to its exclusion of its openness when quoting the protection of personal data, the right to privacy and the secret other than state, official, treasury or statistical secret, is entitled to put an action to the court for making such information available.
2. The entity, to which the exclusion of public information is related, has a legal interest in commencing as an accidental intervener on the defendant’s side.
3. The competent court for resolving the cases, defined in it. 1, is the district court with respect to the seat of the entity, which refused to make the public information available.

The Supreme Administrative Court in its judgment of 3 March 2004 case file OSK 600/04 stated that the cassation complaint is unfounded and declared that, the term “when quoting” as used in article 22(1) of the API, has such meaning that it is sufficient for the entity who posses requested information to invoke the mentioned in this provision object of protection, to exclude the possibility of control by an administrative court. The administrative court cannot control in this case the legality of the decision and investigate if the indicated condition actually occurred.

Categories: Art. 22 API | Art. 5(2) API | case law | computer law | digital economy | e-access | e-documents | e-law issues | e-proceedings | e-signature | free or libre and open source software | open standards | Polish Act on access to public information | Polish Supreme Administrative Court | public information | Voivodeship Administrative Court.

Next posts »