We are pleased to present you with the new issue of our TMT Insider, the quarterly Newsletter on technology, media and telecommunications, which keeps you up to date on legal changes and news from Czech Republic and around the CEE/SEE region.

INTERNATIONAL

UBER DRIVERS ENJOYING EMPLOYEES' BENEFITS?

The London employment tribunal ruled that two Uber drivers were "workers" within the meaning of the Employment Rights Act 1996, rather than self-employed. It means that the two drivers are entitled to a host of employment rights that are not available to selfemployed contractors (such as paid holiday, minimum wage). Uber announced its intention to appeal. This sabotage against the "on-demand" freelance workforce is part of a wider trend; the decision could affect thousands of people working across the gig economy. It is to be expected that organizations with similar arrangements are likely to be subject to a greater scrutiny over employment status.

NEW OBLIGATIONS FOR DIGITAL BUSINESSES

The new EU Directive 2016/1148 on Security of Network and Information Systems aims to implement a minimum level of network and information security (NIS) in Member States. An obligation to manage security risks and to report serious cyber incidents will be imposed in the coming months on certain entities, such as search engines or cloud computing service providers, social networks, public authorities, online payment platforms such as PayPal, and leading e-shops like Amazon.

REFORM OF EU DATA PROTECTION RULES

EU data protection is facing the most substantial and ambitious changes of recent years which will impact almost every entity based or doing business in the EU. Several new concepts such as the "right to be forgotten", data portability, data breach notification and accountability will be introduced by the new General Data Protection Regulation (GDPR) as of 2018. The new regime shall not be underestimated as the fines for noncompliance have been raised to up to €20M or 4% of global turnover, whichever is higher.

The Czech Data Protection Office has already issued a conversion chart and a glossary of terms in GDPR.

BREXIT: MAKING IT OR BREAKING IT?

It would not be smart of UK organizations to ignore the new EU data protection rules and rely on the fact that Brexit will save them. Rules under the GDPR will always be triggered when the personal data of EU individuals and/or individuals which may be located in the EU are at stake, regardless of whether the UK remains in the EU or where the data are processed/collected. So, according to the GDPR, what matters is who the data is about and not where the data lives.

ARE FREE WI-FI PROVIDERS LIABLE FOR COPYRIGHT INFRINGEMENTS?

The CJEU confirmed in the McFadden case that businesses offering free Wi-Fi access to its customers are not liable for unlawful downloads and copyright infringements by third parties. Nonetheless, the CJEU pointed out that the Wi-Fi providers should provide the internet connection password-protected.

IP ADDRESS IS (USUALLY) A PERSONAL DATA

The CJEU ruled that dynamic IP addresses may under certain circumstances constitute "personal data" provided that a third party (in this case an internet service provider) has the additional data necessary to identify the individual. The judgment may have a significant impact on online analytics and targeting.

CODE OF CONDUCT FOR CLOUD PROVIDERS

In September 2016, the Cloud Infrastructure Services Providers in Europe (CISPE), a relatively new coalition of more than 20 cloud infrastructure providers with operations in Europe, published a Data Protection Code of Conduct. The Code covers, among others, a requirement that cloud customers are offered the ability to process and store their data exclusively within the EEA; a "Trust Mark" which is awarded to compliant cloud infrastructure providers listed on the CISPE website; and a prohibition on the use of customers' personal data for cloud infrastructure service providers' own benefit or the sale of such data to third parties.

CZECH REPUBLIC

END OF ARBITRATION CLAUSES?

In recent years, the Czech courts have started invalidating validly concluded arbitration clauses and proclaiming them as being absolutely void. This affects also domain name disputes which can be (according to the national domain registry cz.nic) generally settled through arbitration but - according to the courts – such an arbitration clause will not be valid in disputes between entities (and will apply only in disputes vis-àvis the domain registry).

On a related note, effective as of December 2016, arbitration clauses will be banned in credit agreements for consumers; this means that all consumer disputes arising from such agreements will be resolved by regular courts only.

ELECTRONIC RECORDS OF SALES

From December 2016, the Czech Republic introduces a system of electronic records of cash sales of goods and services (e-sales). Every cash income of an entrepreneur will be recorded via the internet in the central data repository of the Financial Administration at the time of its payment. A unique code for confirmation will be immediately sent back to the entrepreneur to be printed on a bill/receipt. The bill/receipt with the unique code will be used for the follow-up control confirming that the payment was actually reported to the tax administrator.

An appropriate device (such as cashier system, cash register, tablet with a printer) will need to be implemented by entrepreneurs.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.