Blog

WP_Query Object
(
    [query] => Array
        (
            [paged] => 7
            [news-type] => blog-en
        )

    [query_vars] => Array
        (
            [paged] => 7
            [news-type] => blog-en
            [error] => 
            [m] => 
            [p] => 0
            [post_parent] => 
            [subpost] => 
            [subpost_id] => 
            [attachment] => 
            [attachment_id] => 0
            [name] => 
            [pagename] => 
            [page_id] => 0
            [second] => 
            [minute] => 
            [hour] => 
            [day] => 0
            [monthnum] => 0
            [year] => 0
            [w] => 0
            [category_name] => 
            [tag] => 
            [cat] => 
            [tag_id] => 
            [author] => 
            [author_name] => 
            [feed] => 
            [tb] => 
            [meta_key] => 
            [meta_value] => 
            [preview] => 
            [s] => 
            [sentence] => 
            [title] => 
            [fields] => 
            [menu_order] => 
            [embed] => 
            [category__in] => Array
                (
                )

            [category__not_in] => Array
                (
                )

            [category__and] => Array
                (
                )

            [post__in] => Array
                (
                )

            [post__not_in] => Array
                (
                )

            [post_name__in] => Array
                (
                )

            [tag__in] => Array
                (
                )

            [tag__not_in] => Array
                (
                )

            [tag__and] => Array
                (
                )

            [tag_slug__in] => Array
                (
                )

            [tag_slug__and] => Array
                (
                )

            [post_parent__in] => Array
                (
                )

            [post_parent__not_in] => Array
                (
                )

            [author__in] => Array
                (
                )

            [author__not_in] => Array
                (
                )

            [search_columns] => Array
                (
                )

            [meta_query] => Array
                (
                )

            [ignore_sticky_posts] => 
            [suppress_filters] => 
            [cache_results] => 1
            [update_post_term_cache] => 1
            [update_menu_item_cache] => 
            [lazy_load_term_meta] => 1
            [update_post_meta_cache] => 1
            [post_type] => 
            [posts_per_page] => 10
            [nopaging] => 
            [comments_per_page] => 50
            [no_found_rows] => 
            [taxonomy] => news-type
            [term] => blog-en
            [order] => DESC
        )

    [tax_query] => WP_Tax_Query Object
        (
            [queries] => Array
                (
                    [0] => Array
                        (
                            [taxonomy] => news-type
                            [terms] => Array
                                (
                                    [0] => blog-en
                                )

                            [field] => slug
                            [operator] => IN
                            [include_children] => 1
                        )

                )

            [relation] => AND
            [table_aliases:protected] => Array
                (
                    [0] => wp_term_relationships
                )

            [queried_terms] => Array
                (
                    [news-type] => Array
                        (
                            [terms] => Array
                                (
                                    [0] => blog-en
                                )

                            [field] => slug
                        )

                )

            [primary_table] => wp_posts
            [primary_id_column] => ID
        )

    [meta_query] => WP_Meta_Query Object
        (
            [queries] => Array
                (
                )

            [relation] => 
            [meta_table] => 
            [meta_id_column] => 
            [primary_table] => 
            [primary_id_column] => 
            [table_aliases:protected] => Array
                (
                )

            [clauses:protected] => Array
                (
                )

            [has_or_relation:protected] => 
        )

    [date_query] => 
    [queried_object] => WP_Term Object
        (
            [term_id] => 71
            [name] => Blog
            [slug] => blog-en
            [term_group] => 0
            [term_taxonomy_id] => 71
            [taxonomy] => news-type
            [description] => 
            [parent] => 0
            [count] => 89
            [filter] => raw
        )

    [queried_object_id] => 71
    [request] => SELECT SQL_CALC_FOUND_ROWS  wp_posts.ID
					 FROM wp_posts  LEFT JOIN wp_term_relationships ON (wp_posts.ID = wp_term_relationships.object_id) LEFT  JOIN wp_icl_translations wpml_translations
							ON wp_posts.ID = wpml_translations.element_id
								AND wpml_translations.element_type = CONCAT('post_', wp_posts.post_type) 
					 WHERE 1=1  AND ( 
  wp_term_relationships.term_taxonomy_id IN (71)
) AND ((wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'acf-disabled' OR wp_posts.post_status = 'tribe-ea-success' OR wp_posts.post_status = 'tribe-ea-failed' OR wp_posts.post_status = 'tribe-ea-schedule' OR wp_posts.post_status = 'tribe-ea-pending' OR wp_posts.post_status = 'tribe-ea-draft'))) AND ( ( ( wpml_translations.language_code = 'en' OR (
					wpml_translations.language_code = 'nl'
					AND wp_posts.post_type IN ( 'attachment' )
					AND ( ( 
			( SELECT COUNT(element_id)
			  FROM wp_icl_translations
			  WHERE trid = wpml_translations.trid
			  AND language_code = 'en'
			) = 0
			 ) OR ( 
			( SELECT COUNT(element_id)
				FROM wp_icl_translations t2
				JOIN wp_posts p ON p.id = t2.element_id
				WHERE t2.trid = wpml_translations.trid
				AND t2.language_code = 'en'
                AND (
                    p.post_status = 'publish' OR p.post_status = 'private' OR 
                    ( p.post_type='attachment' AND p.post_status = 'inherit' )
                )
			) = 0 ) ) 
				) ) AND wp_posts.post_type  IN ('post','page','attachment','wp_block','wp_template','wp_template_part','wp_navigation','our_sector','our_rechtsgebieden','acf-field-group','bwl_advanced_faq','tribe_venue','tribe_organizer','tribe_events','mc4wp-form','slider-data','actualiteiten','accordion','failissementens','advocaten','blogs','seminar','juridisch-medewerker','backoffice','rechtsgebied-detail' )  ) OR wp_posts.post_type  NOT  IN ('post','page','attachment','wp_block','wp_template','wp_template_part','wp_navigation','our_sector','our_rechtsgebieden','acf-field-group','bwl_advanced_faq','tribe_venue','tribe_organizer','tribe_events','mc4wp-form','slider-data','actualiteiten','accordion','failissementens','advocaten','blogs','seminar','juridisch-medewerker','backoffice','rechtsgebied-detail' )  )
					 GROUP BY wp_posts.ID
					 ORDER BY wp_posts.menu_order, wp_posts.post_date DESC
					 LIMIT 60, 10
    [posts] => Array
        (
            [0] => WP_Post Object
                (
                    [ID] => 29345
                    [post_author] => 65
                    [post_date] => 2022-03-03 15:01:05
                    [post_date_gmt] => 2022-03-03 14:01:05
                    [post_content] => 

Wat is copyright?

Copyright is the right of the "creator". The right arises automatically. Convenient, as no additional actions are required. Designers, engineers and other shapers have to deal with copyright on a daily basis. Any product or concept they develop will usually be subject to copyright. This brings advantages, as the creators have the exclusive right to publish their work. Think, for example, of placing photos on a website. Moreover, for the use of the work (by someone else) the permission of the maker is always needed. Creative designs such as logos and house styles may not be adapted just like that. In practice, a fee is often charged for the use of the works. The acquisition of copyright also offers opportunities, for example, to enter into cooperation with another organisation in order to create a new, joint work. The distribution of copyrights is an important issue to keep in mind. Will there be a joint copyright? Do the parties retain their own copyright on the input they provide? What fees should to be paid? These are just examples of questions that need to be considered at the front end. Our lawyers Jos van der Wijst, Frédérique Kuiper and Mustafa Kahya are happy to help you with your copyright plans. They can also help you with industry-specific questions:

Fashion & Design

Fashion and copyright go hand in hand. Without copyright protection, designs can be copied and imitated. Want to protect style, fashion or design? Read here how this can be done.

Performers

Music, performing arts and works of art are all protected by copyright and neighbouring rights. BG.legal assists artists who have questions about agreements, collaborations or infringements of their work.

Copyright and software

Software protection is a frequent issue in these modern times. Have an application built? Protect the technology!

Portrait rights

The Copyright Act states that someone who is depicted in a photograph, painting, etc. can object to the publication of his portrait. In that case, the image must not have been commissioned by him and he must have a reasonable interest in the publication. This portrait right can be invoked against, for instance, photographs on social media. [post_title] => Copyright [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => copyright1 [to_ping] => [pinged] => [post_modified] => 2022-03-15 14:25:17 [post_modified_gmt] => 2022-03-15 13:25:17 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=29345 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [1] => WP_Post Object ( [ID] => 29342 [post_author] => 65 [post_date] => 2022-03-02 14:58:26 [post_date_gmt] => 2022-03-02 13:58:26 [post_content] =>

What are Trademarks and designs?

Trademark and design law is part of intellectual property law. However, protection of trademarks and designs does not come about automatically. For this you have to take action. What you need to do exactly is explained below.

Trademarks

Trademark law is concerned with the protection of 'distinguishing marks' for services and goods. Distinctive signs come in all shapes and sizes. Such as logos and words, but also certain colour compositions or packaging. Companies are identified, as it were, by these signs.

Designs

Design law relates to the design of consumer goods. For example, the design of a piece of furniture that is recorded in a drawing or an illustration. When assessing the appearance of the object, the lines, colours, shapes, texture and ornamentation are tested, among other things.

Why registering?

Protection of trademarks and designs only comes about through their registration. Registration takes place at the relevant office. The procedure is quite simple. We can take care of the registration for you. BG.legal regularly registers trademarks and designs within the Benelux, Europe and internationally. We do not charge an hourly rate, but a fixed price. So that you know where you stand in advance. View our fixed fees for registering trademarks and designs here. By registering a trademark, companies can increase the added value of the trademark. After registration, the trademark is protected and action can be taken against infringements. The same applies to the registration of designs. Is a design new and does it have an individual character? Then registration is possible. After registration of the design the holder of the design has the exclusive right to use it, market it, sell it, etc.

Advertisement

Trademarks also play an important role in the field of advertising. One can think of advertisements on TV, but nowadays it is mainly about online forms of advertising. Such as advertising via Google Ads, affiliate marketing etc. In addition, trademarks and trade names are frequently used. Would you like to know more about advertising law and the rules that apply to the use of (other people's) trademarks? Click here.

Advice and procedures

Inventing trademarks and designs is often a costly process. As their use increases, they become known to an ever wider audience and their value increases. Subsequently, unpleasant situations may arise in which you are confronted with a sign used by another company that is very similar to your design. We will be pleased to help you with questions of advice and with taking action against infringements. [post_title] => Trademark and design [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => trademark-and-design [to_ping] => [pinged] => [post_modified] => 2022-08-11 14:43:38 [post_modified_gmt] => 2022-08-11 12:43:38 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=29342 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 29252 [post_author] => 78 [post_date] => 2022-03-01 16:12:21 [post_date_gmt] => 2022-03-01 15:12:21 [post_content] => Consent is one of the more well-known lawful bases of processing. At first glance, the concept of consent might seem quite self-explanatory: simply ask if the data subject is willing to agree with the processing of its personal data. However, in practice, obtaining valid consent under the General Data Protection Regulation (GDPR) might prove to be quite challenging. That is why in this blog, we shall take a closer look at some of the requirements pertaining to the use of consent as a lawful basis of processing.

Definition

Article 4 paragraph 11 of the GDPR defines consent as: “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” The definition of consent can be divided into four prerequisites: I. Freely given II. Specific III. Informed IV. Unambiguous indication of wishes Each of these prerequisites shall be further explained below.

I. Freely given

Consent is freely given, if the data subject has a genuine choice and/or control over the refusal/withdrawal of its consent. This is not always a given: certain circumstances could influence the ability of the data subject to freely give his or her consent. Consideration should therefore be given to the following preconditions:
  • Imbalance of power: An imbalance of power exists whenever it is unlikely that the data subject is able to refuse his or her consent without the fear of repercussions. Imbalances of power are likely to occur if the controller is either a public authority or an employer, due to the fact that their relationship with the data subject is characterised by a high degree of dependency. Under those circumstances it is unlikely that the controller will be able to rely on the consent of the data subject as a lawful basis of processing.
  • Conditionality: Consent is presumed to be not freely given, if consent is “bundled up” with a number of terms and conditions that are not necessary for the performance of the contract. In order to avoid this point of concern, the controller could offer an equivalent of the service that does not involve permitting the use of data for additional purposes.
  • Granularity: If data is being processed for more than one purpose, the data subject should be able to choose which purpose they are willing to accept. In other words, rather than having to consent to multiple purposes at once, the data subject should be able to give separate consent for each specific purpose.
  • Detriment: The data subject should be able to refuse or withdraw its consent without any repercussions. Moreover, the controller should be able to demonstrate that it is possible to refuse or withdraw consent without detriment.

II. Specific

Consent must be given in relation to one or more specific purpose. The aim of this prerequisite is to ensure that the data subject is in control: it shall be his/her consent that determines the purpose of the processing. If the controller wishes to use the data for a different purpose, it should either ask for additional consent or find another lawful basis that might better suit the situation.

III. Informed

For consent to be informed, the data subject should have access to certain pieces of information that would enable him or her to make an informed decision. To that end, the Article 29 Data Protection Working Party (WP29) is of the opinion that the controller should at least provide the following information to the data subject:[1]
  • the controller’s identity;
  • the purposes of the processing activities for which consent is requested;
  • the types of data that will be processed;
  • the existence of the right to withdraw consent;
  • whether or not data is used for automated (individual) decision-making, including profiling; and
  • the possible risks of data transfer operations, mainly due to the absence of an adequacy decision and/or proper safeguards that might ensure an appropriate level of security.

IV. Unambiguous indication of wishes

Consent requires a statement from the data subject or a clear affirmative act, which means it should be given through an active motion or declaration. In addition, the act of giving consent should be distinguishable from other actions. Merely continuing the use of a product and/or service is insufficient to extrapolate the consent of the data subject.

Things to keep in mind

There is more to consent than might initially meet the eye. If consent is used as (the sole) lawful basis of processing, we recommend evaluating the used consent forms, in order to ascertain whether or not they are compliant with the aforementioned criteria. If you have any questions about obtaining valid consent under the GDPR, please do not hesitate to contact us. [1] WP29, Guidelines on consent under Regulation 2016/679 (WP259), 28th of November 2017, par. 3.3.1. [post_title] => Consent under the GDPR: things to keep in mind [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => consent-under-the-gdpr-things-to-keep-in-mind [to_ping] => [pinged] => [post_modified] => 2022-03-01 16:35:25 [post_modified_gmt] => 2022-03-01 15:35:25 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=29252 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [3] => WP_Post Object ( [ID] => 29339 [post_author] => 65 [post_date] => 2022-03-01 14:56:40 [post_date_gmt] => 2022-03-01 13:56:40 [post_content] =>

What is intellectual property law?

Intellectual property is an umbrella term for different types of rights that protect creative works. By intellectual property rights we mean rights such as trademarks, design rights, copyright, patents and database rights. These rights protect the design of products, trade names, but also logos or the design of websites. Intellectual property law offers many forms of protection. They have one thing in common: all these rights are protected by law. Knowledge or know-how is not an official intellectual property right, although it can be a trade secret. Trade secrets are also protected by law. This is important if you intend to cooperate.

Operating

Intellectual property rights ('IP') offer opportunities. Opportunities to protect and commercialize know-how and other results of creative efforts. IP gives a monopoly through which the IP holder has exclusive control over the exploitation of the IP. Our specialists can help you with various questions. For example, they can investigate whether an IP has arisen and how it can be protected. We also take care of the registration of trademarks and designs. We charge a fixed fee per registration. Click here for the price list for trademark registrations. Naturally, we can also help if a party infringes your IP.

Which protection options are available?

Within intellectual property law, we distinguish between the following rights. Each right offers its own means of protection: Copyright We also call copyright the 'right of the author'. Read here about the advantages of copyright. Trademarks & Designs The protection of trademarks and designs does not arise automatically. Read about the registration procedure here. Domain Names Get the most out of your domain name. The more creative, the more protection. Read here about the transfer of domain names. Trade names You enter the market with your trade name. Customers will recognise you by your trade name. Is a competitor infringing on your trade name? Read here about what you can do about it. Trade secrets The protection of trade secrets is very important. Read here about protecting and sharing trade secrets. Slavish imitation Does your work not qualify for any of the above protection? Then you can always rely on slavish imitation. Read here how this works. BG.legal is a partner of Legal AIR         [post_title] => Intellectual property [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => intellectual-property [to_ping] => [pinged] => [post_modified] => 2022-03-07 15:27:16 [post_modified_gmt] => 2022-03-07 14:27:16 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=29339 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [4] => WP_Post Object ( [ID] => 27725 [post_author] => 78 [post_date] => 2021-11-11 11:38:43 [post_date_gmt] => 2021-11-11 10:38:43 [post_content] => Software development is a complicated process with many hurdles along the way. That is why virtually every software user will have to deal with a bug or defect at some point. Usually, the flaw can be fixed with a simple update. If the software developer is no longer contractually obliged to release updates, it remains to be seen whether they will voluntarily solve the problem. Under certain – strict – conditions, end users can then take matters into their own hands and decompile the software. This blog takes a closer look at the legal aspects of decompilation, based on the recent judgment of the Court of Justice of the European Union (CJEU).

What is decompilation?

Software is initially written in source code: the programming language that can be read by humans. However, a computer cannot understand these instructions. That is why the source code must first be transcribed into a functional format that the computer can read: object code. This is done by means of a specific program called a compiler. The process of converting source code to object code is known as compilation. With decompilation, the opposite happens. By using a decompiler, the source code is reconstructed from the target code. This does not result in the original source code, but in a 'quasi source code' that is very similar to it. The end user can use this quasi source code to make a version of the software in which the errors have been corrected. However, the option to decompile software does not offer end users carte blanche: it remains a duplication of the software (in modified form) that usually requires permission from the copyright owner. The conditions under which decompiling is permitted are set out by the CJEU in Top Systems v. Belgian State, which will be discussed below.[1]

The preceding events

Top System is a software development company. It has developed several software applications for Selor, an agency that takes care of the selection and recruitment of employees for various Belgian government entities. The software applications made use of functionalities that were derived from the framework work that was developed by Top System. This framework later turned out to be the cause of several operational problems. Selor and Top System were unable to reach an agreement on how to resolve these complications. Eventually, Selor took matters into their own hands and decompiled the target code, after which Selor used the quasi source code to correct most of the errors. In doing so, Selor had to disable a number of functionalities from the other software applications. As the copyright owner, Top System believes that Selor has acted in violation of its exclusive right to reproduce the software.

CJEU: Decompilation is allowed for necessary improvements

The CJEU states that according to Directive 2009/24/EC (hereafter: “the Software Directive”), reproduction and translation of any code form (i.e. decompilation) is an exclusive right of the copyright owner.[1] The lawful purchaser may only decompile the software without prior authorization from the copyright owner, if this is necessary to run the software in accordance with its intended purpose or to correct any errors that prevent said use. Correct errors The lawful purchaser is only allowed to correct errors that impair the ability to use the software in accordance with its intended purpose. Corrections may also consist of disabling certain  functionalities, if this allows the program to be reused for its intended purpose. The CJEU also explicitly distinguishes between decompiling for the purpose of correcting errors and decompiling for the purpose of compatibility. The latter is only allowed if compatibility with another independently created program cannot be achieved in any other way. Necessary Decompilation as measure also needs to be absolutely necessary in order to be able to use the program for its intended purpose. The lawful purchaser is therefore not allowed to use the quasi source code for any other purposes. Decompilation is also unnecessary if and when the original source code is legally or contractually accessible to the lawful purchaser. On the basis of Article 5, paragraph 1 of the Software Directive, both parties can make specific arrangements regarding the way in which errors should be corrected. One could think of an arrangement whereby the software developer maintains and corrects the software for a certain period of time. However, it is not permitted to completely exclude the ability to correct errors by contract.

What does this mean in practice?

The lawful purchaser may decompile a computer program - without prior authorization from the copyright owner - if this is necessary to run the software in accordance with its intended purpose or to correct errors that affect said use. In doing so, the following should be taken into account:
  • Identify if an error is preventing you from using a software application for its intended purpose.
  • Check whether decompiling the software is possible and necessary. Take a closer look at the contractual obligations of both parties and the legal bases on which the lawful purchaser can rely: perhaps the original source code is legally or contractually accessible.
  • When correcting errors it is also allowed to disable certain functions, if those functionalities prevent you from using the software for its intended purpose.
Here you can find the dutch version. [1] CJEU 6th of October 2021, ECLI:EU:C:2021:811 (Top Systems/Belgian State). [2] Article 4 sub a and b jo. 6 paragraph 1 Software Directive. Stan Elsendoorn nieuw 1 [post_title] => When are you allowed to decompile software? [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => when-are-you-allowed-to-decompile-software [to_ping] => [pinged] => [post_modified] => 2022-12-09 09:07:19 [post_modified_gmt] => 2022-12-09 08:07:19 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=27725 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [5] => WP_Post Object ( [ID] => 27674 [post_author] => 6 [post_date] => 2021-11-09 10:11:12 [post_date_gmt] => 2021-11-09 09:11:12 [post_content] => Nowadays it is possible to do everything in the cloud, you just need to have a computer with an internet connection. All you have to do is log in and all the heavy computing is done in the cloud. Once you enter the world of cloud services you will come across a number of different types of services with catchy names like IaaS, PaaS and SaaS. These types are like different animals and they all have their own advantages and disadvantages. In this article I will discuss the differences between on-premise, IaaS, PaaS and SaaS and then explain the legal implications. A general advantage of as a Service (aaS) products is that you don't have to buy and manage the servers yourself. This allows you to install more capacity much faster and you don't need to reserve extra physical space to put servers down. On the other hand, for all aaS services you are dependent on both the provider of the service and a stable internet connection. This may not be a problem for some businesses but can be unacceptable for others.

Software as a Service (SaaS)

The first type is the SaaS. A SaaS is like a goldfish, as long as you keep paying, the service keeps working. You only have to do the minimum amount of maintenance and you don't have to fix most problems yourself. An example of a SaaS is Google Drive. You can store your files in it, but only as Google sees fit. The advantage of a SaaS solution is that as a user you are not responsible for keeping the product running. The provider takes care of the security, the servers and they take care of the maintenance. This makes a SaaS solution the most accessible type of aaS of the three. The advantage of the SaaS can also be a weakness. As a user, you have (almost) no ability to add new features and also little control over how the service works behind the scenes. For example, as a user it is not possible to force Google to store your files within the EU.

Platform as a Service (PaaS)

A PaaS is more open than a SaaS. You can compare a PaaS to a dog, you have work to do on it. With a PaaS you get space on which you can run other programs. An example of this is a remote desktop. You can run all sorts of programs on it, but the provider determines which operating system is installed and when updates are performed. With a PaaS, you as a user have more control. You can install and develop programs yourself and add new functionality as a result. The provider still takes care of the fundamental security of the servers and the operating system and also ensures that the necessary updates are carried out. The disadvantage of the PaaS is that as a user you get more responsibility. You have to be sure that all the programs you install are secure and that you don't make mistakes when developing new programs.

Infrastructure as a Service (IaaS)

An IaaS offers the most freedom you can have without owning servers. It's like having a litter of puppies, you get to and have to raise them yourself. You can choose your own operating system, how you set everything up, what programs you use and what happens. Amazon Web Services (AWS) is an example of this. The advantage of an IaaS is that you have the benefits of controlling servers without having to buy or maintain them yourself. You get an empty shell that you can set up yourself and if you need to, you can make 100 copies of it in minutes. The disadvantage of an IaaS is that it requires more knowledge and skill. This is because you are responsible for everything except the physical server and the internet connection. So for this you need to know how to keep your operating system secure, how to make sure all the programs are set up and more.

On-premise

If you want to take care of everything yourself then you can purchase the software and run it on your own servers. This is a household with three children, but without a school or day-care. You have to do everything yourself and are responsible for everything. On the other hand, you are in control and therefore have the freedom to set everything up the way you want. This is what Google, Amazon and Microsoft do. They only use their own servers.

Comparison

The table at the top of this article provides an overview of which party is responsible for what. Basically, as a customer, you should be able to expect that the part which the service provider takes care of will work properly. If not, then your service provider should be liable for the downtime within the contractual limits. For example, AWS is supposed to be available 24 hours a day. Amazon guarantees that AWS is available 99.99% of the time. That means AWS can have 0,144 minutes of downtime every day. If the downtime is more than this, Amazon will give clients back some of their spent credits. The two big choices to make when deciding on which aaS is for you, are the amount of control you want as a user and the amount of responsibility. The more control you have (or want) over the service, the better you can control what happens. This can be important in relation to the GDPR and also if you perform services for others and have a duty of confidentiality. More control also means that you have more options and can therefore develop your own services. You will not be able to sell a SaaS you buy as a SaaS to others, but you can build your own SaaS on a PaaS. With an on-premise solution you have all the reins in your own hands. If you accept more responsibility, with an IaaS and a PaaS or on-premise hosting, you can also make more mistakes. You cannot hold the provider liable for these mistakes, because their responsibility decreases. If data is deleted by a program you installed, you will have to solve that yourself and your provider will not be able to do much about it. If you host on-premise, then you also have all the responsibility for all physical problems like internet connection and maintenance of servers. In terms of data protection, the type of aaS makes a difference when assessing whether the service provider is a processor or a data controller. The person who determines how personal data is processed is almost always one of the data controllers, so with SaaS it may well be that the service provider and the customer are joint data controllers. In all other solutions, the service provider has no say in how personal data is processed and so here the customer will be the data controller and the service provider a processor.

Conclusion

The different aaS forms each have their advantages and disadvantages. Also legally. How much responsibility and risk are you willing to accept? Does this fit with the corporate/professional liability insurance you have? For questions on this subject, please contact Jos van der Wijst (wijst@bg.legal). Here you can find the dutch version. Robin Verhoef and Jos van der Wijst.Jos van der Wijst   [post_title] => Choices when choosing cloud services [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => choices-when-choosing-cloud-services [to_ping] => [pinged] => [post_modified] => 2021-11-09 10:20:48 [post_modified_gmt] => 2021-11-09 09:20:48 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=27674 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [6] => WP_Post Object ( [ID] => 27650 [post_author] => 6 [post_date] => 2021-11-08 14:12:34 [post_date_gmt] => 2021-11-08 13:12:34 [post_content] => The European Commission has published a draft for an AI (Artificial Intelligence) Regulation, since it does not consider current laws and regulations are sufficient for regulating AI systems. The approach of the draft is to choose human-centered AI. Developers of AI systems must assess for themselves in which of the four risk groups their system falls. The higher the risk of an AI system, the higher the requirements for that AI system. It will still take years before the AI Regulation will come into effect. There is also good chance that the draft will be adjusted in the mean time. What does this draft mean for the AI systems that are currently being developed or used? Are there no rules which apply to them? For several types of AI systems, there are already laws and/or regulations that must be complied with. For example:
  • Medical Devices Regulation: for AI systems in medical devices;
  • Constitutions + Human Rights Treaties: for protection of fundamental rights such as freedom of speech, privacy and self-determination;
  • General Data Protection Regulation: when personal data is processed;
  • Product safety regulations: when an AI system causes injury;
  • Consumer protection: when information obligations arise from these regulations;
  • Codes of conduct: when rules (code of conduct) have been established in a sector for AI systems, and
  • Contracts: when parties have established rules for AI systems in an agreement.
In short, even without a specific AI regulation, there are already laws and regulations that an AI system must comply with. For AI developers, this means that they must check which laws and regulations their AI system must comply with and whether they are complient with these rules. If they are not, a customer/client may later claim that the AI system did not meet the legal requirements. This can lead to claims for damages. As a user/client for the development of an AI system you will have to ask similar questions. This applies to supervisors of parties using an AI system.

LegalAIR

General information about legal aspects of AI can be found on our knowledge platform LegalAIR.

AI compliance assessment

For this reason, it is wise for both developers and users of AI systems to determine with an AI compliance assessment which laws and regulations apply to their AI system and whether they are compliant. If they are not met, timely measures can be taken to become compliant. For more questions about this, or for guidance on the performance of an AI compliance assessment, please contact Jos van der Wijst.   [post_title] => We already have rules for AI systems [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => we-already-have-rules-for-ai-systems [to_ping] => [pinged] => [post_modified] => 2021-11-08 14:12:34 [post_modified_gmt] => 2021-11-08 13:12:34 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=27650 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [7] => WP_Post Object ( [ID] => 27500 [post_author] => 78 [post_date] => 2021-10-28 15:06:10 [post_date_gmt] => 2021-10-28 13:06:10 [post_content] => In recent years, big data has radically changed the way we live our lives, do business and conduct (scientific) research. This is reflected in the significant rise in demand for large amounts of (personal) data. Strict privacy legislation has reinforced this development, due to the fact that it is widely regarded as the main obstacle for (free) data sharing. Synthetic Data aims to offer a solution to this problem by utilizing AI to generate new, irreducible datasets that replicate the statistical correlations of real-world data. But how anonymous are these data? And can the safeguards of the General Data Protection Regulation (GDPR) truly be circumvented by using this method? In this write-up, we will consider the legal aspects of synthetic data and whether or not they are truly a blessing in disguise for the future of data sharing and, more importantly, our privacy.

What is synthetic data?

Synthetic data are artificially created data that contain many of the correlations and insights of the original dataset, without directly replicating any of the individual entries. This way, data subjects should no longer be identifiable within the new dataset.           Example of a use case for synthetic data.

Anonymisation versus pseudonymisation

Advocates of synthetic data argue that the primary benefit of synthetic data can be found in recital 29 of the GDRP, which states that the principles of data protection do not apply to personal data that have been rendered into anonymous data in such a manner that the data subject is no longer identifiable. Be that as it may, it is still unclear whether synthetic data can actually be regarded as anonymized data. The decisive factor in these conflicting points of view is the likelihood of whether or not the controller or a third party will be able to identify any individual within the dataset, by using all reasonable measures. If this is feasible, the process should be qualified as pseudonymisation, to which the GDPR still applies. To assess whether synthetic data can be qualified as anonymized or pseudonymized data, we need to assess the robustness of the technique that is used. To do that, The Article 29 Data Protection Working Party (WP29) provides us with three criteria that elaborate on the aptitude of an anonymisation method (i.e. generating synthetic data).[1]
  • Singling out: the possibility to distinguish and identify certain individuals within the dataset.
  • Linkability: the ability to link two or more datapoints concerning the same data subject within one or more different datasets.
  • Inference: the possibility to deduce, with significant probability, the value of an attribute from a data subject by using the values given to other attributes within the dataset.
Whether or not synthetic datasets meet the aforementioned criteria will depend on the extent to which the synthetic datapoints will deviate from the original data. In most cases, adding ‘noise’ will not be enough: the AI-framework needs to have a system in place that actively monitors whether ample distance is kept between the newly generated datapoints and the original ones. Even then, it is highly recommended to maintain the possibility for human intervention if and when something goes awry. With all those measures in place, there is an argument to be made to classify synthetic data as anonymous data. In that case, the GDPR will not apply to the (further) processing of synthetic data.

Not completely exempt from the GDPR

However, this does not mean that the safeguards of the GDPR can be completely circumvented by simply utilizing a synthetic dataset. The anonymisation process (i.e. generating the synthetic dataset) inherently qualifies as the processing of personal data, to which the GDPR still applies. Thus, the controller still needs a lawful basis for generating synthetic data, as well as a purpose that is compatible with the initial purpose for which the data have been collected. In most cases, the latter should not pose a problem: the WP29 is of the opinion that anonymisation as an instance of further processing can be considered compatible with the original purpose of processing, on the condition that the modus operandi meets the criteria mentioned above.[2]

Things to keep in mind

Generating synthetic data has a lot of potential, as long as the process is implemented correctly. If you are considering to utilize synthetic data, please take note of the following points:
  • Evaluate whether synthetic data offers a suitable solution for the specific needs of your business or organization. The main advantage of synthetic data lies in their ability to preserve the statistical properties of the original dataset. This attribute provides a lot of utility in certain use cases, such as compute learning and (scientific) research.
  • Assess whether the synthetic datasets deviate enough from the original datasets and adjust the settings of the AI-systems accordingly. In doing so, pay attention to the criteria as laid down by the WP29.
  • Give thought to your obligations under the GDPR. List your lawful basis for processing, as well as the purpose for which this is done.
If you have any questions about the legal aspects of synthetic data and whether or not this anonymisation technique will be suitable for your organization, please do not hesitate to contact one of the experts at BG.Legal.                 [1] WP29, Opinion 05/2014 on Anonymisation Techniques (WP 216), 10th of April 2014, p. 11 and 12. [2] WP29, Opinion 05/2014 on Anonymisation Techniques (WP 216), 10th of April 2014, p. 7. [post_title] => Exploring the legal boundaries of Synthetic Data [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => exploring-the-legal-boundaries-of-synthetic-data [to_ping] => [pinged] => [post_modified] => 2021-10-28 15:06:10 [post_modified_gmt] => 2021-10-28 13:06:10 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=27500 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [8] => WP_Post Object ( [ID] => 26698 [post_author] => 6 [post_date] => 2021-08-17 15:01:04 [post_date_gmt] => 2021-08-17 13:01:04 [post_content] => Without us knowing it often, we use products and services on a daily basis where artificial intelligence ("AI") has been applied. Such as speech recognition in the car, chatbots on websites, diagnosis of cancer cells and automated decision-making. Because more and more parties, both commercial parties and governments, are getting more data available, it can be used to make a model in which predictions can be made. AI is used to create that model. For developers of AI applications, clients of developers of AI applications and those who use AI applications, the question then is which laws and regulations an AI application must comply with. Where does an AI application forms a risk, how big or small is that risk and how can a risk be mitigated or eliminated? But also questions about Intellectual Property aspects (is an IP application or the results of an AI application protected by an Intellectual Property right / trade secret), competition aspects (can you refuse to share an AI application with competitors), liability questions (who is liable for damages by / with an AI application) and 'civil law questions' (who is 'owner of the (existing / new) data, who is allowed to do what with the data, what happens to the data/algorithm after the end of the use of an AI application, can I establish a lien on an algorithm / AI application / data set). BG.legal can carry out an AI risk check ("AI Risk Assessment") and come up with an advice on how to mitigate or eliminate any risks.

What does it mean exactly?

Often there are already laws and regulations that apply to AI applications. Such as, for example, the General Data Protection Regulation, the Medical Device Regulation, the Constitution/Charter of Fundamental rights of the European Union and product liability regulations. But for many aspects, there is still no regulation. There is regulation to come, like the proposal for a European AI Regulation. See our blog about this proposal. In an AI Risk Assessment, we analyse for a specific AI application whether it complies with current laws and regulations and with the proposed EU AI Regulation. This means that we assess against the three components:
  1. legal – all applicable laws and regulations are complied with;
  2. ethical – ethical principles and values are respected;
  3. robust – the AI application is robust both from a technical (cyber security) and a social point of view
In the concrete advice we indicate how risks can be eliminated or mitigated.

How it works

To carry out the AI Risk Assessment, we use a model in which we take the following steps:
  1. performing a pre-test: is it necessary to perform an AI Risk Assessment? If the risks are very limited, then perhaps it is not necessary to perform an AI Risk Assessment.
  2. Performing Risk Assessment: together with the client, we determine in advance the team of the client with whom we carry out the assessment, how we will carry it out, whether external parties will be part of the team (ethicists, information security experts, etc.).
  3. After the assessment, the client receives a report in which we have outlined the risks of the AI application in question with recommendations on how risks can be mitigated.
  4. After measures have been taken in which risks have been mitigated, we can carry out the AI Risk Assessment again and issue a new report.
The report can be shared with external parties such as (potential) clients.

Why have bg.legel perform the AI Risk Assessment?

BG.legal has a team consisting of lawyers and a data scientist, which focuses on the legal aspects of data/AI. We have advised clients on these topics for several years. Our clients are companies (startups, scale-ups and SMEs), governments and knowledge institutions. Sometimes they develop AI applications and sometimes they have AI applications developed or they are a customer/user of an AI application. BG.legal has developed the knowledge platform legalAIR (www.legalair.nl).  Jos van der Wijst, head of the BG.tech team, coordinates the activities in the field of legal aspects of AI for the Dutch AI coalition. He is part of the core team Human-oriented AI of the NL AIC. BG.legal has the knowledge and experience to perform an AI Riks Assessment.

What does it cost?

The costs of performing an AI Risk Assessment depend on the nature and size of the AI application. After an initial meeting, we will make a quotation for the costs.

More information?

For more information, please contact Jos van der Wijst: M           : +31 (0)650695916 E             :  wijst@bg.legal Jos van der Wijst [post_title] => Risk check for AI applications [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => risk-check-for-ai-applications [to_ping] => [pinged] => [post_modified] => 2021-11-29 16:15:04 [post_modified_gmt] => 2021-11-29 15:15:04 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=26698 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [9] => WP_Post Object ( [ID] => 25550 [post_author] => 6 [post_date] => 2021-05-20 15:39:53 [post_date_gmt] => 2021-05-20 13:39:53 [post_content] => On April 21, 2021, the European Commission presented a proposal with new rules for Artificial Intelligence (AI). The main points in this proposal are explained in this first article.
Why new rules?
AI is already widely used, often without us realizing it. Most AI systems do not pose a risk to users, but that does not apply to all AI systems. Existing regulations are insufficient to guarantee the safety of users and their fundamental rights. This can jeopardize confidence in AI.
Which risk categories?
The European Commission proposes an approach based on risks, with four risk levels: unacceptable risk A very limited number of AI applications are classified as an unacceptable risk. These violate fundamental rights and are therefore prohibited. As an example, the Committee mentions the social labeling of citizens by governments and remote biometric identification in public spaces. A few exceptions have been made to the latter. high risk A slightly larger number of AI applications poses a high risk. These are described in the proposal. They pose a high risk because they have an impact on fundamental rights. The list of these AI applications can be changed over time. These high-risk AI applications must meet several mandatory conditions. These conditions include quality requirements for the dataset used, technical documentation, transparency and information provision to users, human supervision, and robustness, accuracy, and cybersecurity. National supervisors will be given rights to investigate with regard to these requirements. limited risk A larger group of AI applications pose a limited risk. Transparency will suffice here. The committee cites chatbots as an example, with users needing to know that they are communicating with a chatbot. minimal risk For all other AI applications, the existing laws and regulations are sufficient. Most current AI applications fall into this category.
How do you categorize AI products?
The committee has come up with a method for categorizing AI applications in one of the four risk levels. Its purpose is to provide security for companies and others. The risk is assessed based on the intended use. This means that the following factors are looked at: - the intended purpose - the number of people potentially affected - the dependence of the outcome - the irreversibility of the damage
What are the consequences for high-risk AI systems?
Before these high-risk AI systems can be used, their compliance with the regulations must be investigated. This investigation must show that the AI system is compliant with the requirements regarding data quality, documentation and traceability, transparency, human supervision, accuracy and robustness. In case of some AI systems, a "notified body" will have to be involved. A risk management system for these AI systems must also be set up by the supplier.
Who will enforce these rules?
Member States will have to designate an authority to monitor compliance.
Codes of Conduct
Suppliers of high-risk AI systems can create a voluntary code of conduct for the safe application of AI systems. The Commission is encouraging the industry to come up with these codes.
Who is liable when importing AI systems?
The importer of AI systems into the EU is responsible for the imported AI system. It must ensure that the producer is compliant with EU regulations and has a CE mark.
What is the sanction?
Violation of these regulations can be sanctioned with a fine of up to 6% of the annual turnover in the previous calendar year. This was a first analysis of the Commission proposal. A more detailed analysis will follow later. An analysis of the proposed new machinery regulation will also follow later. For more information about legal/ethical aspects of AI we are developing LegalAIR. This platform will provide practical information and tools on how to deal with AI and AI systems. For more questions, please contact Jos van der Wijst (wijst@bg.legal). Jos van der Wijst [post_title] => New European rules for Artificial Intelligence [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => new-european-rules-for-artificial-intelligence [to_ping] => [pinged] => [post_modified] => 2021-05-20 15:44:50 [post_modified_gmt] => 2021-05-20 13:44:50 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=25550 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 10 [current_post] => -1 [before_loop] => 1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 29345 [post_author] => 65 [post_date] => 2022-03-03 15:01:05 [post_date_gmt] => 2022-03-03 14:01:05 [post_content] =>

Wat is copyright?

Copyright is the right of the "creator". The right arises automatically. Convenient, as no additional actions are required. Designers, engineers and other shapers have to deal with copyright on a daily basis. Any product or concept they develop will usually be subject to copyright. This brings advantages, as the creators have the exclusive right to publish their work. Think, for example, of placing photos on a website. Moreover, for the use of the work (by someone else) the permission of the maker is always needed. Creative designs such as logos and house styles may not be adapted just like that. In practice, a fee is often charged for the use of the works. The acquisition of copyright also offers opportunities, for example, to enter into cooperation with another organisation in order to create a new, joint work. The distribution of copyrights is an important issue to keep in mind. Will there be a joint copyright? Do the parties retain their own copyright on the input they provide? What fees should to be paid? These are just examples of questions that need to be considered at the front end. Our lawyers Jos van der Wijst, Frédérique Kuiper and Mustafa Kahya are happy to help you with your copyright plans. They can also help you with industry-specific questions:

Fashion & Design

Fashion and copyright go hand in hand. Without copyright protection, designs can be copied and imitated. Want to protect style, fashion or design? Read here how this can be done.

Performers

Music, performing arts and works of art are all protected by copyright and neighbouring rights. BG.legal assists artists who have questions about agreements, collaborations or infringements of their work.

Copyright and software

Software protection is a frequent issue in these modern times. Have an application built? Protect the technology!

Portrait rights

The Copyright Act states that someone who is depicted in a photograph, painting, etc. can object to the publication of his portrait. In that case, the image must not have been commissioned by him and he must have a reasonable interest in the publication. This portrait right can be invoked against, for instance, photographs on social media. [post_title] => Copyright [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => copyright1 [to_ping] => [pinged] => [post_modified] => 2022-03-15 14:25:17 [post_modified_gmt] => 2022-03-15 13:25:17 [post_content_filtered] => [post_parent] => 0 [guid] => https://bg.legal/?p=29345 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 89 [max_num_pages] => 9 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => 1 [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => [is_tag] => [is_tax] => 1 [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => 1 [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_favicon] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => 00c687b4c0b87e5019db9f607e64888a [query_vars_changed:WP_Query:private] => 1 [thumbnails_cached] => [allow_query_attachment_by_filename:protected] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) [tribe_is_event] => [tribe_is_multi_posttype] => [tribe_is_event_category] => [tribe_is_event_venue] => [tribe_is_event_organizer] => [tribe_is_event_query] => [tribe_is_past] => [tribe_controller] => Tribe\Events\Views\V2\Query\Event_Query_Controller Object ( [filtering_query:Tribe\Events\Views\V2\Query\Event_Query_Controller:private] => WP_Query Object *RECURSION* ) )
03 Mar 2022
Wat is copyright? Copyright is the right of the "creator". The right arises automatically. Convenient, as no additional actions are required. Designers, engineers and other shapers have to deal with...
Read more
What are Trademarks and designs? Trademark and design law is part of intellectual property law. However, protection of trademarks and designs does not come about automatically. For this you have...
Read more
Consent is one of the more well-known lawful bases of processing. At first glance, the concept of consent might seem quite self-explanatory: simply ask if the data subject is willing...
Read more
What is intellectual property law? Intellectual property is an umbrella term for different types of rights that protect creative works. By intellectual property rights we mean rights such as trademarks,...
Read more
Software development is a complicated process with many hurdles along the way. That is why virtually every software user will have to deal with a bug or defect at some...
Read more
Nowadays it is possible to do everything in the cloud, you just need to have a computer with an internet connection. All you have to do is log in and...
Read more
The European Commission has published a draft for an AI (Artificial Intelligence) Regulation, since it does not consider current laws and regulations are sufficient for regulating AI systems. The approach...
Read more
In recent years, big data has radically changed the way we live our lives, do business and conduct (scientific) research. This is reflected in the significant rise in demand for...
Read more
Without us knowing it often, we use products and services on a daily basis where artificial intelligence ("AI") has been applied. Such as speech recognition in the car, chatbots on...
Read more
On April 21, 2021, the European Commission presented a proposal with new rules for Artificial Intelligence (AI). The main points in this proposal are explained in this first article. Why...
Read more