Cases Update December 2017

December 11, 2017

Restricting Internet Sales
of Luxury Goods

The Court of Justice of the European Union upheld
the validity of a supplier’s policy restricting online, which was reflected in
its contract with an authorised distributor

In Case C-230/16 Coty Germany GmbH v Parfümerie Akzente GmbH,
the CJEU had to consider whether a supplier of luxury goods can prohibit its
authorised distributors from selling those goods on a third-party Internet
platform such as Amazon.

The Court stated that a selective distribution
system for luxury goods, designed primarily to preserve the luxury image of
those goods, does not breach the prohibition of agreements, decisions and
concerted practices laid down in EU law, provided that the following conditions
are met: (i) resellers are chosen on the basis of objective criteria of a
qualitative nature, laid down uniformly for all potential resellers and not
applied in a discriminatory fashion; and (ii) the criteria laid down do not go
beyond what is necessary.

In the event that the Oberlandesgericht should
conclude that the clause at issue is caught, in principle, by the prohibition
of agreements, decisions and concerted practices laid down in EU law, the Court
points out that it is possible that that clause might benefit from a block

In circumstances such as those of the main
proceedings, the prohibition at issue on the use, in a discernible manner, of
third-party undertakings for Internet sales does not constitute a restriction
of customers nor a restriction of passive sales to end-users, restrictions
which are automatically excluded from the benefit of a block exemption because
they are liable to have severely anti-competitive effects.

Data Protection and Vicarious Liability

The High Court judgment in Various Claimants v WM Morrisons Supermarket Plc [2017] EWHC 3113
(QB) suggests that vicarious liability arises under data protection legislation
and applies even where a rogue employee’s breach is aimed at revenging himself
on a data protection compliant employer

Longstaff J addressed the question whether an
employer is liable, directly or vicariously, for the criminal actions of a
rogue employee in disclosing personal information of co-employees on the web,
whether under the Data Protection Act 1998, an action for breach of confidence,
or in an action for misuse of private information. He rejected each contention
for direct liability but endorsed one final crucial point – that the employer
should be vicariously liable under a ‘principle of social justice’.

Essentially, with one minor exception, Morrisons
were found to have done nothing wrong but remain at risk of a cumulatively
large claim for employees.

It should be especially noted that Longstaff J ends
his judgment with an admission that he had been ‘troubled’ in reaching his
conclusions, especially in view of the fact that Morrisons were the intended
victims of an unlawful act and yet were being held liable as a result of it. He
gave permission to appeal on the vicarious liability issue and a Court of
Appeal judgment might be expected unless Morrisons and the claimants settle.

Copyright and Copies in the Cloud

The Court of Justice of the European Union has
given its view on a case involving the copying of television programmes in the

In Case
C-265/16 VCAST Limited v RTI SpA
, the CJEU has ruled that the making
available of copies of television programmes saved in the cloud must be
authorised by the holder of the copyright or related rights. The remote video
recording service available to users was deemed to constitute a retransmission
of the programmes concerned.

Discovery and Data Protection

In Susquehanna International Group Limited v Needham [2017] IEHC
, Ms. Justice Baker, sitting in the High Court of Ireland, was faced
with a dispute about the extent of the discovery of documents which should be
ordered by the court. It is a case in which the plaintiff seeks injunctive
relief and damages for breach of contract arising from the alleged misuse of
confidential documents obtained in the course of the defendant’s employment
regarding the business, employees and business relationships of the plaintiff.
Among other claims, it is suggested that the defendant acted so as to help
another company to recruit staff from the plaintiff.

There were serious arguments about the width and
depth of discovery that was appropriate, with the usual suggestion that the
party seeking wider discovery was on a fishing expedition. What makes the case
different from the mainstream is what the judge described as ‘the novel question
of whether a court should order a person to make discovery of documents that he
or she can obtain on foot of a data subject protection request’. One example of
the sort of document sought was the notes of the new employer made at the time
of the interview of the defendant – information that might often be sought by
way of a subject access request but usually by a failed applicant and not for
the benefit of the successful applicant’s past employer.

Baker J ruled as follows:

44. I accept the argument of counsel for the
defendant as to the purpose of the Data Protection Directive and the source of
the right of a person to make a data request. I consider too that, there are
likely to be circumstances where another remedy such as non-party discovery is
more appropriate. This derives from the principle that discovery must not be
permitted to be oppressive of a litigant and must be proportionate.

45. I am not satisfied that the request in the
present case is oppressive or disproportionate. From the evidence and arguments
before me, I am satisfied that the defendant has a unique right to seek certain
classes of documents. While the request is couched in the language of
contemporary data rights, the class of documents sought to be discovered is a
type of document which is known and recognised in the common law. A person may
be compelled to make discovery of documents which are in the possession of an
agent of that person, for example a solicitor, a banker or a trustee, to take a
few examples. While I accept that counsel for the defendant is correct
regarding the purpose of the Data Protection Directive, and while the plaintiff
could seek in the alternative to make an application for non-party discovery
against Citadel or Execuzen, the test remains that which is long established in
the authorities, namely whether the documents are relevant and necessary and
the request is proportionate and not unduly oppressive.

49. The present request for discovery is not in my
view an attempt to use data protection law for a collateral purpose. The
judgment of the Court of Appeal for England and Wales in Durant v. Financial
Services Authority is not on point, as it concerned whether the applicant was
himself entitled to access to information, and the Court held that he was
misguided, as the proper course of action was to seek discovery and not to make
a data request.

50. It matters not therefore that data protection
legislation deriving from the Directive has the primary purpose of protecting
the right of privacy and accuracy regarding personal data held by others, if
the effect of the legislation is to make available as of right certain
information held by others relevant to that person.

51. There is no principled reason why information
which is capable of being obtained by a data request cannot be the subject
matter of a request for discovery. The law would suggest that a data access
request ought not to replace discovery where discovery is the more relevant
remedy, and the corollary may equally be the case, that discovery ought not to
replace a data request. But the question at issue in the present case is
whether the defendant can be compelled to obtain documents which are within his
power by making a data request. I consider that he can.’

Baker J accepted, however, that the order for
discovery must not be oppressive and that the subject access request might not
yield all that was hoped for by the plaintiff. The defendant was ordered to
take reasonable steps to obtain the documents by means of a subject access