NEWSLETTER No 32 // Thursday 24 March 2022
|
|
|
|
SUCCESSFUL FUNDRAISING: ENHANCING DATA AND ENSURING COMPLIANCE WITH APPLICABLE REGULATIONS
|
|
|
|
This month, our newsletter “La Lettre du DPO” interviewed Samuel Brau, President of Drone Géofencing (which has developed a professional drone management software) and Bruna Sellin Trevellin, lawyer specialized in IP/IT law and DPO at the Agency for the Protection of Programs (“APP”). They share with us their views about the importance of proving the ownership and lawfulness of a company's intangible assets and data in the context of fundraising operations.
Record levels of fundraising for French startups. According to the 2021 fundraising record, French startups raised 784 funds, for a total amount of €11.6 billion, which represents a rise of 26% in unit sales and 115% in revenues compared to 2020. In 2021, the French Tech ecosystem gave birth to 12 new unicorns (tech startups that reach a valuation of more than €1 billion without being listed on the stock market), compared to only three in 2020. These include online marketplaces Vestiaire Collective, Back Market and ManoMano, fintechs Ledger, Younited, Sorare, Swile and Lydia, insurtechs Alan and Shift Technology, proptech IAD and the platform for dentists Dental Monitoring. Despite this record level, France ranks third in Europe, after the United Kingdom, which as always leads the way with €32.4 billion (+155% compared to 2020) and Germany with €16.2 billion (+209%).
It is necessary to increase the value of intangible assets in case of fundraising. The intangible assets of companies (databases, customer/prospect files, software and information systems, etc.) constitute an important part of their assets and contribute to their valuation in case of fundraising, acquisition project or capital account opening. It is therefore essential to identify them but also to protect them efficiently against possible attacks, in particular by proceeding with deposits with the Agency for the Protection of Programs.
In case of breach of the GDPR, the fundraising operation may be declared null and void. Startups are subject to the general data protection regulation, when they process this type of data. If they do not comply with their obligations according to this regulation, their data may be declared null and void. In this regard, on June 25th, 2013, the Court of Cassation ruled (Appeal No. 12-17037) that a customer file that did not comply with the French Data Protection Act (Loi Informatique et Libertés) could not be sold. It thus ruled that "any computerized file containing personal data must be declared to the CNIL" and "the sale ... of such a file which was not in commerce, since it had not been declared, had an illicit purpose". This case law proves that it is in the interest of companies to verify that their files comply with applicable regulation. Otherwise, the entire economic operation could be destroyed, implying, in case of nullity, the full return of the amounts paid or received.
Enjoy the reading!
Matthieu Bourgeois and Laurent Badiane, partners in charge of the Intellectual Property and Digital Law Team.
To subscribe, click here
|
|
|
|
"The deposit of source codes and/or databases gives a key advantage when an investment fund estimates the economic value of a business"
|
|
|
|
Samuel BRAU, President of the company Drone Geofencing, has registered the source code of "Gesta Drone" with the French Agency for the Protection of Programs (APP). Gesta Drone is a professional drone management software allowing, more specifically, to declare flights to the French Civil Aviation Authority (Direction Générale de l’Aviation Civile - DGAC) and the Controlled Airspace. Believing in the usefulness of these registrations to better secure and promote digital innovations and the investments they require, Samuel BRAU shares with our newsletter “La Lettre du DPO” his insights on this subject, which is often misunderstood by companies.
|
|
|
|
1/- What is your background and what led you to become interested in digital world and data?
After studying engineering in computer science, electronics and automation, I held operational management positions (engineering planning, operations, sales) at Equant (telecommunication services operator for multinationals), Transpac (data transmission network operator) and France Telecom for 12 years. Then, in 2008, I co-founded Monte Cristo Consulting, a consulting firm for financial services, both in the private and public sector. In 2016, I joined Virdys (a software company providing virtual reality and augmented reality content), which I left to found Drone Geofencing. My interest in digital world has been part of my career since the beginning. Furthermore, my previous experiences in fundraising at Monte Cristo Consulting as a consulting firm made me aware of the need not to neglect the legal aspects related to the protection of software by proceeding to a probationary deposit with a trusted third party.
2/- Can you tell us more about these digital content deposits?
As you know, software is protected by copyright, and databases by producer's rights, which are two fragile rights, because unlike patents or trademarks, they are not registered with an official body (the INPI - the national intellectual property office in France - for example). It is necessary to prove not only the originality or a substantial investment for the project, depending on the case, but also and above all that you were the author or producer, and this is important to prove it before the competitors. This last point requires to have a reliable and recognized proof, establishing the existence of the digital content at a specific date. I add that it is also advisable to keep a certain trace of its own creation to be able to successfully respond to possible accusations of plagiarism by third parties opposing their own creation, if this one is similar. Finally, a digital content can play a role of "guarantee", when, for example, your company signs a contract with a client/partner of large scale/great financial strength, which can be reassured by the fact that you registered the software that you put at its disposal. This will ensure access to the software in the event that your company, for example, goes bankrupt. Also, the deposit of source codes and/or databases gives a key advantage for the business valuation, in particular during an investment operation.
3 /- What is your vision on the future of the role and importance of deposits of digital creations in fundraising?
This type of deposit will make the company's ownership of the digital elements and content it has developed visible and transparent and will become more common among the companies which have understood the need to enhance their intellectual property. Because, as you know, the digital revolution has succeeded the industrial revolution. Consequently, the deposit of digital creations will play the same role as that played in the 20th century by the deposit of patents, industrial designs, etc., even if their legal force is different. As the INPI does not offer solutions in this field, it is necessary to have recourse to trusted third parties, and more specifically in this area, the French Agency for the Protection of Programs (APP), which offers the historical background and the strongest guarantees of professionalism.
|
|
|
|
"THE APP (AGENCY FOR THE PROTECTION OF PROGRAMS) DEPOSIT MEETS AT THE SAME TIME PROBATIVE, PATRIMONIAL, ORGANIZATIONAL AND COMMERCIAL OBJECTIVE"
|
|
|
|
Innovation is an essential condition for the development of companies. Their ideas, know-how, expertise and, more generally, all their intangible assets determine their future success. In our international and digital world, good ideas can be quickly duplicated. It is therefore essential for companies that want to innovate to adopt the appropriate strategy to protect their intangible assets in the long term. For 40 years, the Agency for the Protection of Programs (“APP”) has been helping innovative companies to protect their digital creations: software, databases, mobile applications, websites, etc. This month, our newsletter “La Lettre du DPO” interviewed Bruna SELLIN TREVELIN, lawyer specialized in IP/IT law and DPO: she shares with us her opinion about the importance of joining the APP to deposit your digital works.
The deposit of digital creations increases the chances of success in case of litigation."Contrary to patent or trademark protection, which require deposits constituting rights, copyright protects software and digital creations in general, but it does not require any formality. However, if an author wants to enforce his rights against a third party, he must be able to prove it. A deposit is a proof recognized by the jurisdictions that have signed the Berne Convention (currently 181 countries) as long as it has been made in conditions that guarantee its integrity, imputability and durability. The APP offers this kind of deposit in two formats (physical or digital deposit, with digital fingerprint and electronic time stamp), that are equivalent from a probative point of view, through a platform complying with the most demanding security standards, such as the General Security Regulation and the ISO 27001 standard. The deposit on the APP platform allows to materialize the rights of an author or a company on his/its work, to establish the proof of the ownership of a digital creation, to benefit from a presumption of ownership, as well as to attribute a specific date to the creations, by demonstrating their previous existence. Moreover, regular deposits make it possible to trace the evolution of a portfolio of digital creations. All this contributes to support positions in case of litigation. In this respect, in a decision of September 23rd, 2021, the Marseilles court sentenced a company, its founder and employees to more than three million euros for infringement by unauthorized reproduction of source codes. The court had first identified the work in question and the ownership of the rights on the basis of the APP certificates of deposit."
The deposit of digital creations helps to reassure investors and clients during negotiations, commercial transactions or fundraising. “Identifying the intellectual property of a software product is important to face acts of infringement or economic parasitism (kind of unfair competition according to French law), but also to develop the value of a company. Having a good strategy for the protection of intangible assets shows the company's organizational structure and the fact that it understands the value of its intangible assets. This strengthens the company's image and can be a decisive competitive factor. Thus, the APP deposit meets at the same time probative, patrimonial, organizational and commercial objectives.”
|
|
|
|
CNIL’S DECISIONS: IT’S TIME TO CONTROL THE APPROPRIATE APPLICATION OF MEASURES! |
|
|
|
This year again, the CNIL (the French data protection authority) has chosen three new main areas of control that are more relevant than ever. Concerning the first area, i.e. commercial prospecting, the data protection authority specified, in a communication of January 26th, 2022, that if the transfer of data to commercial partners is subject to consent, a single consent box may be sufficient to obtain the consent of the person concerned so that this transfer allows the recipient to send commercial prospecting. The second area focuses on the extensive application of telework since the emergence of the Covid-19 epidemic and the resulting monitoring of employees' tasks and work. Through this measure, the CNIL aims to ensure the balance between the privacy at work and the legitimate control that can be exercised by the employers. The third and final focus area concerns the use of cloud computing and the issues of personal data transfers to countries that do not have an appropriate level of protection or the legal framework of contracts between data processors, which are still widely underestimated by companies. This last area represents a strategic issue at the European level for the EDPB (European Data Protection Board), which has been coordinating, since last year, the feedback of some 20 supervisory authorities involved in monitoring the use of cloud technologies in the public sector.
|
|
|
|
CNIL: a new and simplified sanction procedure
|
|
|
|
Article 33 of law No. 2022-52 of January 24th, 2022 introduces a simplified procedure compared to that of article 22-1 of the law “relating to information technology, data files and civil liberties" ("LIL" or "loi informatique et libertés") which allows the chair of the restricted committee (or a member designated by the president) to rule alone on certain cases and to impose (in a non-public manner) the following corrective measures:
- a serious warning,
- an order to bring the processing into compliance with the obligations provided by the regulation – this order can be accompanied by a penalty payment of up to 100 € per day of delay,
- or an administrative fine of up to 20.000 €.
The chair of the CNIL may initiate proceedings following this procedure only if he considers (i) that the appropriate solution to the breaches detected is one of the three measures mentioned above and (ii) that the case does not present any particular difficulty, either because it is in line with previously established case law or with decisions previously issued by the CNIL's restricted committee, or because the factual and legal issues it raises are uncomplicated.
The conditions for the implementation of the simplified procedure will be set by decree during the French Council of State.
|
|
|
|
Use of Google Analytics and illegal data transfers to the United States: a big shock!
|
|
|
|
After receiving complaints from the NOYB association based in Vienna, on February 10th, 2022, the CNIL (the French data protection authority) ruled that the use of Google Analytics, the website audience measurement and analysis service, does not comply with Article 44 of the GDPR, relating to data transfers outside the EU. In the context of the Google Analytics operations, personal data are transferred to the servers of Google LLC located in the United States. However, the CNIL considers that the additional protection safeguards, which must be put in place as part of the new standard contractual clauses of the European Commission of June 4th,2021, are not, in this case, sufficient. These clauses do not prevent the US intelligence services from accessing the transferred data insofar as Google LLC holds the decryption key. In addition, the consent to the deposit of Google Analytics cookies is different from the consent that may be requested in case of data transfers. Consequently, the French company, which was ordered by the CNIL to bring its processing into compliance with the GDPR, must stop using Google Analytics in its current version. This decision is not isolated and is part of a series of decisions already taken by other Austrian and Norwegian data protection authorities as well as the EDPS.
|
|
|
|
Wednesday, 6th April 2022 - 3:30 p.m. - 5:30 p.m. |
|
|
|
Conference on health data protection organized by the French Medical Council (CNOM) and the Standing Committee of European Doctors (CPME)
|
|
|
|
As part of the French Presidency of the European Union, the French Medical Council (CNOM) and the Standing Committee of European Doctors (CPME) are jointly organizing a conference on health data protection in Europe on April 6th, 2022 from 3:30 pm to 5:30 pm.
This event, which will bring together medical leaders from national medical associations from all over Europe, will be held at the CNOM headquarters at 4 rue Léon Jost, 75017 Paris and will include outstanding keynote speakers in a hybrid format allowing virtual attendance, with both English and French interpretation.
For more information, click here
|
|
|
|
The Intellectual Property and Digital Law Team at klein • wenner
Fortified by in-depth experience, klein • wenner's attorneys in the IT Law and Intellectual Property team, who are experts in the digital sector and in GDPR, have developed a transversal practice unique in the area of data law. We work with other experts (in cybersecurity, SI/data governance and other areas), and our team offers a global, cooperative approach to all the issues relating to data (privacy, intellectual property, cybersecurity and open data - *with klein • wenner's Public Law team).
|
|
|
|
La Lettre du DPO is a publication of KGA Avocats which processes your data in accordance with the regulation regarding personal data. To learn more, click here
|
|
|
|
|
|
|
|
