What kind of technology would best equip European customs departments to enforce intellectual property (IP) law? It’s a timely question: their role in IP disputes has seized the spotlight during 2011. On one hand, border authorities have impounded PlayStation3 games consoles cited in patent-infringement proceedings filed against Sony. The action, filed in the Hague, triggered a temporary distribution ban on PlayStation3s across the whole of Europe. On the other, their responsibilities in the fight against counterfeits and trademark abuse appear to have been downgraded by rulings from Europe’s Court of Justice (CJ). These effectively blocked EU seizures of counterfeit goods that are en route through Member States to sales outlets in other countries.
However, despite the perceived impact of those rulings, the remit that EU customs have over fake goods has not been brought to an end. In fact, it is being clarified. In May, the European Commission unveiled a series of proposals recommending ‘conditions and procedures for action’ that border authorities should follow in their dealings with counterfeit goods. In the proposals were plans for a powerful resource: a centralised database of all border actions carried out against counterfeiters, which would be shared among all EU customs departments.
In October, though, it emerged that while the database looks like a passport to efficiency on paper, it will have to negotiate a tricky path through EU regulations if it is to become a reality.
The task of examining potential regulatory hurdles to the proposed database fell to the European Data Protection Supervisor (EDPS) – an ombudsman-like body set up to safeguard private information from the governmental arms of the EU. In the body’s view, the database – dubbed ‘COPIS’, short for Common European IT System – is not fit to be developed as currently conceived. And more pressingly, may even be a cause for concern.
In the Commission’s proposal for COPIS, the database would be created through two, simple procedures: i) requiring IP owners’ complaints to customs departments about infringing goods to be submitted electronically; and ii) requiring customs departments to pass those complaints on to the Commission for storage in a central hub.
For the EDPS, this leaves a lot to be desired.
‘There is, at this stage, no further detailed legal provision adopted through the ordinary legislative procedure in which the purpose and characteristics of COPIS are determined,’ the body wrote in an opinion published last month. ‘This is particularly worrying in the EDPS’s view. Personal data of individuals – including names, addresses and other contact details, as well as related information on suspected offences – will be the object of an intense exchange between the Commission and the Member States and will be stored for an undefined period of time within the database. Yet there is no legal text on the basis of which an individual could verify the legality of such processing.’ Moreover, said the EDPS, the specific access and data-management rights that Commission and customs stakeholders would have in relation to COPIS are not explicitly clarified.
In the EDPS’s assessment, COPIS would constitute an ‘instrument that restricts the fundamental right to the protection of personal information’. As such, its existence would have to be predicated on a sound legal basis that could be invoked before a European judge. Establishing that legal basis would bring the database in line with the Treaty on the Functioning of the European Union (TFEU) – an extensive document that sets out the agreed mechanisms for how the EU is run. Otherwise, though, it would contravene not only the TEFU, but key articles in the Charter of Fundamental Rights of the Union and the European Convention on Human Rights.
A safe system
Mindful of those risks, the EDPS has called on the Commission to urgently clarify the legal basis for the hub by introducing it in a specific legislative procedure, in accordance with the TEFU. In particular, said the data watchdog, the area of that legislation concerning the electronic exchange mechanism must:
i) identify the precise purpose of each COPIS processing operation;
ii) identify which entities within customs authorities and the Commission will have access to which data stored in COPIS, and who will be in a position to modify it;
iii) guarantee access rights for all the subjects whose personal data may be stored on and exchanged through the database, and
iv) define and limit the retention period for personal data to the minimum necessary for the system’s effectiveness.
The EDPS also highlights that the legislation should define specific roles for the overall management of the system, and for ensuring the security of its data. Just to make doubly sure that these points will be followed, the EDPS has asked the Commission to redraft the database proposal with new text that will reflect its recommendations.
In effect, the EDPS has performed some border policing of its own on the Commission’s brainchild, keeping it in quarantine until it is safe to venture out to its end-users. While there is clearly a long way to go before it is approved, it is likely that, as a result of the watchdog’s intervention, customs departments will end up with a stronger and more legally secure database to aid them in their battle against fake goods.
To download a PDF of the full EDPS opinion, click here