advanced licensing agreements 2017download.pli.edu/webcontent/chbs/185480/185480_chapter33...to...

© Practising Law Institute

To order this book, call (800) 260-4PLI or fax us at (800) 321-0093. Ask our Customer Service Department for PLI Order Number 185480, Dept. BAV5.

Practising Law Institute1177 Avenue of the Americas

New York, New York 10036

Advanced Licensing Agreements 2017

Volume Two

INTELLECTUAL PROPERTYCourse Handbook Series

Number G-1308

Co-ChairsMarcelo Halpern

Ira Jay LevyJoseph Yang


33

International Licensing—Europe

Christopher Jeffery

Taylor Wessing

If you find this article helpful, you can learn more about the subject by going to www.pli.edu to view the on demand program or segment for which it was written.

2-555


2-556


3

EUROPE

In this paper, I will try to touch on the main areas where EU licensing deals are different from those in the US and other geographies.

1. WHOSE LAW AND WHOSE COURTS?

In any contract, the choice of party, law and forum will be intimately linked to each other, and to other factors, so it is not really possible to treat them in isolation, but I’ll now try to do so.

1.1 Choice of Contracting Party

A US entity may prefer to service Europe from its US home base, or it may set up one or more subsidiaries, or local branches. In the UK, as an initial move, it can start with a so called non-taxable place of business and, although its activities must be limited to those which are incidental or ancillary to the Company’s activities as a whole (e.g. warehousing, or administration/support functions), this can be a useful stepping stone into Europe. Where some local presence has been set up, the company needs to decide which group entity will do the contracting. This choice is often strongly driven by tax or revenue recognition imperatives. However, it makes good sense to keep flex-ibility by ensuring that the agreement allows for assignment up or down the tree, and - where the US entity contracts - for subcontracting of local services to the local office.

1.2 Choice of Law

In my experience, European entities are strongly opposed to choice of US law. It has therefore always seemed to me that use of English law is a good compromise for US entities dealing with main-land European companies. Europeans are beginning to think of England as part of Europe (despite the best efforts of our strident Europhobes), and English law is a common law system which operates in the English language. Best of all, the worst excesses of English law (i.e. UCTA, legislation which can invalidate liability disclaimers even B2B) are disapplied where English law is chosen as a compromise and the proper law would otherwise be some other system of law.

Where business with large European companies outside the UK is sought, most US companies will end up agreeing to local law governing and have their contract templates reviewed under the laws

2-557


4

of their key markets (even if they may not always get to use them, as customers may prefer their own paper).

Post-Brexit, many clients have wondered whether lack of clarity around its status as a trading partner and the possible removal of EU rules around mutual recognition of court judgments, means it looks less attractive. My expectation is that, whatever shape the UK – EU trade deal takes, it is very likely that the UK will remain part of the same EU-derived principles of respect for the parties’ choices of law and jurisdiction in B2B relationships.

Even though the UK will not be directly subject to the Recast Brussels Regulation on jurisdiction and mutual recognition of judg-ment or Rome I on governing law, there are strong economic and policy arguments for the UK aligning with the rest of the EU on these matters to facilitate cross-border trade within Europe. “Very likely” is not the same as certain, though, and there remains a slim risk that we could revert to unpredictability on law and jurisdiction where the UK is involved. This means that Ireland or the Netherlands, as two acces-sible jurisdictions for Americans may be preferred.

1.3 Choice of Process

The general pros and cons of arbitration, ADR and court process are well known, and I won’t repeat them here, except to say that English court process is usually thought to be cheaper and, now, roughly as fast as arbitration - so the relative balance of convenience is different in the UK, and no doubt will be different again in other member states. Mediation is gaining popularity too, as a first step which can save money and generate more innovative commercial solutions.

If courts are to be used, then location matters, because EU court judgments are relatively hard to enforce in the US (though ultimately that is a matter of US law), while being almost automatically enforce-able throughout the EU by virtue of the Recast Brussels Regulation.

1.4 Choice of Venue

A key consideration, often overlooked when drafting a dispute resolution process, is whether the client wants a sword or a shield. Often the only use of a sword is to restrain misuse of intellectual property, but this can be handled effectively with a general right to seek injunctive relief. Where that is the only offensive use contem-plated, there may be merit in using a venue from which enforcement at home in the US is relatively difficult - such as country which has

2-558


5

no treaty on enforcement of judgments with the US. It may come as a surprise to know that the UK is such a country. The reverse is therefore also true - winning the right to have disputes resolved in the Californian courts is an incomplete victory where a sword is required for use against European-based entities. The only US judgments which can be enforced in the UK are final judgments for a determinate sum of money. An account of profits, for example, could not be enforced at all.

The same is not true of arbitration, since most European states are party to the New York Convention. Under English law, arbitra-tion provisions are not usually drafted with the level of detail com-monly seen in the US, more reliance being placed on the statutory framework of the Arbitration Act 1996, which updates and consolidates the ‘default’ laws governing arbitration procedure.

2. PARTNERING IN EUROPE

2.1 Commercial Agents Directive

While distribution has not been the subject of EU wide leg-islation (save for the vertical agreements block exemption in anti-trust law), commercial agents (sales rep is the equivalent US term) benefit from protection under a 1986 EU Directive, covering rights to commission, minimum notice periods, and compensation on termination etc., provided the agency activities are not secondary to other activities. (So for example, a software distributor is not brought within the scope of the Directive by reason only that it acts as agent in procuring signature on direct licence documentation. However, some regimes - such as Germany and Sweden - might regard such direct licence relations, coupled with obligations to disclose customer details for support purposes, as indicative of an agency.)

The Directive applies regardless of governing law – so choosing US law will not stop an EU court applying the Directive, but exclu-sive US jurisdiction will limit the opportunity of claimants to get the case in front of a local EU court.

2.2 Competition

In distribution and reseller arrangements, EU competition (or anti-trust law) intervenes to make two common provisions problem-atic in ways that can blindside non-Europeans:

• Territorial restrictions within the EEA; and

2-559


6

• Controls on the reseller’s end price The EU Commission’s Vertical Restraints Block Exemption Reg-

ulation of 2010 (VRBER) and accompanying guidelines make it clear that where a supplier or licensor seeks to prevent a customer from reselling goods or services into another EEA territory, this will gener-ally be regarded as a “hard-core” restriction under competition law, capable of attracting fines of up to 10% of the companies’ worldwide annual turnover.

There are limited circumstances in which suppliers may restrict “active” sales by their distributors into particular territories (or customer groups), essentially where such a restriction is deemed necessary in order to prevent free-riding by the buyer’s competitors. However, restrictions of a buyer’s “passive” sales to other territories (i.e. respond-ing to unsolicited customer requests) will invariably constitute hard-core restrictions.

This is particularly significant in the context of online sales, since the VRBER Guidelines expressly state that sales made via a website will generally be deemed a form of passive selling. As such, any attempts by suppliers to restrict online sales by their customers will usually be prohibited and are liable to attract substantial fines. This can create numerous problems in relation to many online products and services accessed from multiple locations, and the single market imperative comes into direct conflict with a complex and often con-tradictory matrix of consumer, privacy and intellectual property laws.

This may help to explain the lack of enforcement action in relation to such restrictions, notwithstanding their obvious potential to create serious competition law problems and consumer harm. In recent years the Commission and national competition regulators have preferred to focus their attention on horizontal, cartel-type agree-ments between companies competing at the same level of the dis-tribution chain, rather than with restrictions imposed in the vertical context. A significant proportion of the Commission’s resources have also been taken up by some extremely intensive investigations into abuses of market power by dominant undertakings in technology and utilities markets.

There is still no tolerance of fixed and minimum resale price maintenance in reseller and distribution relationships, and again this is a hard-core restriction, so problematic regardless of market share or actual impact on competition.

(Note that, in general, agency relationships will not offend EU competition rules where the agent is economically integrated into the

2-560


7

business of the principal. However, agreements between two or more parties will generate problems. Recall finally that national laws must also be considered.)

2.3 Term, Termination and Compensation

Under the Agency Directive, upon termination an agent is usually entitled to be paid, either compensation or an indemnity against what it would have earned. Compensation is generally not payable where termination happens on the agent’s breach.

There is little commonality between EU countries on com-pensation levels, but as a rough guide: (a) In the UK, the courts will assess compensation based on the mar-

ket value of the agent’s business (or that part of it that related to the principal’s products) as if sold on the open market – making for an unpredictable test. If the contract specifically states that the parties have opted for the “indemnity” test for assessing calcula-tion, then compensation is based on the loss to the agent capped at annual commission averaged out over the previous five years;

(b) France uses the past two years’ gross commission as a starting-point and then looks to see if there are objective reasons for the agent being entitled to less;

(c) Germany was using a cap at annual commission averaged over 5 years, but now applies a more complex test. In addition, national laws may extend redress beyond what the

Directive requires. In some states (e.g. Spain and the Netherlands), a non-compete clause will increase the prospects that compensation is payable. Evidence that the principal has ‘unfairly’ enriched itself by terminating will also carry weight in many jurisdictions. Minimum notice periods are also longer in many states than the Directive requires (one month in the 1st year, two in the 2nd, and three thereafter).

In distribution agreements, most jurisdictions allow the parties to set their own termination arrangements. Where no notice period is provided, the courts will often require reasonable notice. What is con-sidered reasonable varies - in Germany for exclusive arrangements it may require notice of one or even two years. Also there is a non-excludable right to seek compensation where the distributor is ‘inte-grated into the supplier’s system’ and the supplier gets access to the end-user contact details.

2-561


8

In Belgium, where no term is specified, or where local law holds that the term is in truth indefinite, failure to give ‘reasonable notice’ of up to 36 months can entitle the distributor to compensation on an indemnity basis - and even where the term is fixed, notice must in many cases (not only where the agreement is exclusive) be given between 6 and 3 months prior to end of that term. The same law also requires (as a non-excludable term) that suppliers must pay the severance costs of any employees of the distributor made redundant by the termination.

3. EU PRIVACY

The biggest challenge facing US tech business looking to do business in Europe is the mis-match between the US and EU approaches to privacy and the increasing level of regulation and risk for EU businesses that changes to EU privacy laws present.

Here, I will focus on the issue of data transfer: the challenge of how to keep EU customers, partners and regulators happy where EU personal data is hosted in, or accessed from, the US or anywhere else outside the European Economic Area (other than the “adequate” countries like Canada, Israel and Argentina).

For US companies selling B2C, this is primarily a reputation and regulator enforcement concern (although a significant one); for B2B businesses, this is an immediate and challenging gating issue to getting deals with EU customers and partners signed.

EU companies have been spooked by the EU court decision in October 2015 to invalidate the Safe Harbor self-certification scheme and by the General Data Protection Regulation (or GDPR) which is coming soon, will replace the existing data protection directive and which sig-nificantly raises the compliance bar and associated costs for companies in or doing business with Europe which involves the processing of personal data. As a headline the GDPR, as it is known, raises maximum fines for non-compliance to 4% of global revenue or €20 million, and this is driving caution bordering on paranoia in some EU corporates as they try to manage risk.

Key questions are whether there is any personal data involved and, second whether there is a transfer.

3.1 Is there personal data involved?

As a rule of thumb, unless a dataset is aggregated so as to relate to a mass of individuals and no element being relevant to a specific

2-562


9

individual, a working assumption should be made that it is either is personal data or at least that an EU customer or regulator is likely to treat it as such.

The traditional focus on identifiability leads to theological levels of complexity and for Americans can be a trap, as it may lead them to think the personal data and the US concept of PII are the same: they are not. The EU concept has always been a wider one.

So, I tend to advise: data which is unique to a living individual is personal data, and I need a very good argument to the contrary to be comfortable we can ignore EU privacy.

To take one example, the customer segment data used in ad tech to drive relevant interest-based advertising is likely to be personal data in many cases now, and even more so under the GDPR come May 2018, as its definition of personal data expressly states that identifiability can happen by reference to an online identifier – so no need to get to a name, residential address etc.

Encryption does not stop data being personal either – encryption is a good sign that the security requirements in EU privacy are being addressed, but does not remove the data from the application of the regime.

3.2 Is there a transfer outside the EEA?

Usually if someone asks the question, the answer is yes, as it is easy to trigger a transfer. Transfer occurs not just when personal data is physically located outside the EEA (for instance on a server in the US), but also where individuals outside the EEA access on-screen personal data located within the EEA.

In discussion with EU customers, they are now live to the way that – even where primary hosting is within Europe (and that can take a fair amount of sting out of these discussions) - support requirements may mean the engineers in the US, India or elsewhere outside the EEA may need occasional access live data batches to diagnose and resolve problems, or that back-up servers, call centres or other ven-dors are outside Europe.

3.3 What are the solutions where there is a transfer?

(a) Privacy Shield The European Commission and US department of Commerce

have implemented the EU-US Privacy Shield. It replaces Safe Harbor as a framework for transatlantic data flows and to address

2-563


10

the issues which led to the demise of Safe Harbor. Like Safer Harbor this is a self-certification scheme for US companies (other than financial services and transportation) administered by the DoT and enforced by the FTC.

The arrangements under the Privacy Shield include:

• Strong obligations on companies handling European per-sonal data and robust enforcement: compliance will be mon-itored by the Department of Commerce and obligations will be enforced by the FTC. Crucially, any company processing European employment data will have to agree to comply with decisions by European regulators in relation to that data (which has led most of the 500+ US companies who have self-certified as at time of writing to exclude HR data from Privacy Shield, and use model clauses instead).

• Clear safeguards and transparency obligations on US gov-ernment access: the US has given the EU written assurances that the access to EU personal data for law enforcement and national security purposes will be necessary and proportion-ate and indiscriminate mass surveillance will not occur. Com-pliance will be assessed on an annual basis by the European Commission, the US Department of Commerce, national intelligence experts and European data protection regulators.

• Effective protection of EU rights with avenues for redress: there is a new Ombudsperson to deal with complaints around access to data by US intelligence agencies. In addition, European regulators can refer complaints to the Department of Commerce and the FTC. ADR will be available free of charge and companies will have to respond to complaints within certain time periods.

Privacy Shield involves more onerous obligations and more work than Safe Harbor to align with its requirements around internal pro-cedures, documentation and training, and requires specific content for privacy policies and for the flow-down of its principles to vendors who touch the data (sub-processors in EU parlance). It is popular and helpful in marketing terms to US businesses entering the EU market, and a good option to consider for B2C and B2B businesses.

For B2B businesses though, a word of caution: whilst Privacy Shield does certainly helpful from marketing and messaging standpoint, EU customers, especially larger ones and those from Germany,

2-564


11

France, Spain and the other EU countries whose regulators are prescriptive around privacy, are frequently asking for model clauses as well. (b) Model Clauses Another method that could be used to reach the level of adequacy

required by the Directive and the GDPR is the adoption of the European Commission-approved model clauses.

These model clauses are currently contained in three forms of contract that have been published by the EU Commission: Data Controller to Data Controller contract (2001) — this

governs international transfers from a data controller to another data controller. This can be used where it is likely that both parties will make decisions in relation to the per-sonal data that is being transferred, e.g. exports to head office.

Data Controller to Data Processor contract (2010) — this governs the international transfers from a data controller to its data processor. This could be used where there is outsourcing to a data processor based outside the EEA. This is the most flexible version for US-based processors and the one we use most commonly for US tech companies selling SaaS and other services to EU corporates,.

Data Controller to Data Controller contract (2004) — this is a more business-friendly version of the 2001 Data Controller to Data Controller contract, and is often referred to as the “ICC Clauses”.

Whichever contract chosen contains a number of different advantages: Speed — this is a relatively speedy option to adopt, although

EU companies can be tough on any changes or “softening” of the model clauses.

It represents a cost efficient approach that does not require extensive individual interpretation in every jurisdiction.

Individual clearance in each and every country is not always required although some EU jurisdictions may require further approval of the EU customer (sometimes pre-approval) and certain registration/filing obligations.

2-565


12

Level of certainty — the model clauses are internationally understood to provide a level of compliance.

Details of privacy policies and practices that may (or may not) underpin the contracts need not be disclosed or made public.

Disadvantages: Contracts can be directly enforced by data subjects (the indi-

viduals to whom personal data transferred relate). Model clauses exceed the obligations set out under the

Directive in some respects. Model clauses are often criticised as being poorly drafted

and not business friendly. Attempts to vary the standard form of the model clauses can

cause further compliance difficulties and result in a loss of the automatic adequacy (but remain a possibility if under-taken with care).

Local EU law is forced on the data importer entity/recipient. There are three rough edges to the 2010 processor model clauses

(the most commonly used version): The right of audit is not regulated by common protections

like notice, maximum number of audits in a year, confiden-tiality and extends to physical inspections sub-processors like data centres!

There is no limitation on the US company’s liability as data importer under the model clauses

The US company needs consent (probably) to appointing and changing vendors who may touch the personal data (some data centres, support providers etc) and this is unmanageable in the real world.

We routinely look to soften and manage these elements, even though there is a significant risk that any changes invalidate the model clauses – it has emerged as US market practice to do this and in our experience doing so usually does not damage cred-ibility in the eyes of UK, Irish, Dutch and Scandinavian clients (even though they may push back hard). In other EU countries, such as Germany, France and Spain any softening like this needs

2-566


13

to be approached with caution, as it is not market practice there and can be seen as a failure by the US supplier to understand the gravity of their compliance challenge. Which option is best is a matter for individual analysis for each

company – certainly you need something where data is transferred outside the EEA and some thought-through messaging for EU cus-tomers and partners. It is also a moving target with, at time of writing, two challenges in the EU courts to the validity of Privacy Shield and another to the model clauses expected to be heard over the next few years.

2-567


NOTES

2-568

advanced licensing agreements 2017download.pli.edu/webcontent/chbs/185480/185480_chapter33...to...

Documents