The word “monaco” designates the origin or geographical destination of the goods and services concerned and is devoid of distinctive character.
In 2010, the government of the Principality of Monaco was granted, by the World Intellectual Property Organisation (WIPO), an international registration covering the territory of the EU. That registration, which was based on the word mark “monaco”, was transferred to the Office for Harmonisation in the Internal Market (OHIM) to be processed.
In 2013, OHIM refused protection of the trade mark in the EU in respect of some of the goods and services applied for (i.e.: magnetic data carriers, paper and cardboard goods not included in other classes, printed matter, photographs, transport, travel arrangement, entertainment, sporting activities and temporary accommodation).
OHIM based its refusal on the descriptive character of the mark, in so far as the word ‘monaco’ designates the territory of the same name and could, therefore, be understood in any of the EU’s official languages as designating the origin or geographical destination of the goods and services concerned. OHIM further considered that the mark at issue was clearly devoid of distinctive character. Les Marques de l’État de Monaco (MEM), a Monegasque public-limited company which succeeded the government of the Principality of Monaco as the proprietor of the trade mark, contests OHIM’s decision before the General Court and seeks the annulment of that decision.
In its Judgment in Case T-197/13, Monaco v OHIM, the General Court (Eight Chamber) dismisses the application and upholds OHIM’s decision.
The General Court points out, first of all, that under EU law any legal entity, including a public law entity, may apply to benefit from the protection of the Community trade mark. This is, of course, true for companies based in the territory of a State which is not a member of the EU, but also for the non-member States themselves, since those States are, within the meaning of EU law, public law entities. As a result, when the Principality of Monaco formulated its request to have the EU designated for the international registration of the trade mark at issue, it placed itself within the scope of application of EU law and, therefore, one of the absolute grounds for refusal could be relied upon against it. In other words, the Principality of Monaco sought to benefit from the application of EU law and, therefore, became subject to its rules, without being able to rely on its entitlement in principle to be the proprietor of the trade mark “monaco”.
Moreover, the General Court observes that the word “monaco” corresponds to the name of a globally-known principality, not least due to the renown of its royal family, its organisation of a Formula 1 Grand Prix and its organisation of a circus festival. Knowledge of the Principality of Monaco is even more established amongst EU citizens, notably on account of its borders with a Member State (France), its proximity to another Member State (Italy) and its use of the same currency as 19 of the 28 Member States, the Euro. There is therefore no doubt that the word “monaco” will evoke, regardless of the linguistic background of the relevant public, the geographic territory of the same name. In addition, the General Court notes that OHIM correctly defined the relevant public (namely citizens of the EU) and correctly attributed to that public, in respect of the goods and services concerned, either an average or high degree of attentiveness.
According to the General Court rulings, OHIM was also correct to find that the word “monaco” could be used, in trade, to designate origin, geographical destination or the place of supply of services, so that the trade mark has, in respect of the goods and services concerned, a descriptive character. Furthermore, as a descriptive mark is necessarily devoid of distinctive character, the General Court holds that the trade mark “monaco” is devoid of distinctive character.
In July 2014, the International Organization for Standardization (“ISO”) and International Electrotechnical Commission (“IEC”) published ISO/IEC 27018 (ISO 27018), a code of practice that sets forth standards and guidelines pertaining to the protection of data consisting of “personally identifiable information” processed by public cloud service providers.
ISO/IEC 27018 is the first International Standard that focuses on protection of personal data in the cloud. Although only a few months old, the new standard should finally give cloud users confidence that their service provider is well-placed to keep data private and secure.
ISO/IEC 27018 specifies certain minimum types of security measures that cloud providers should adopt, if applicable, including encryption and access controls. The cloud standard also requires cloud providers to implement security awareness policies and make relevant staff aware of the potential consequences (for staff, the cloud provider and the customer) of breaching privacy and security rules.
As the first-ever standard that deals with the protection of personal data for the cloud, ISO/IEC 27018 has the following key objectives:
ISO/IEC 27018 provides a practical basis to induce confidence in the cloud industry. At the same time, the public cloud industry will have clear guidance in order to meet some of the legal and regulatory concerns of its clients.
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect “personally identifiable information” in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of “personally identifiable information” which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as “personally identifiable information” processors via cloud computing under contract to other organizations.
The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as “personally identifiable information” controllers; however, “personally identifiable information” controllers can be subject to additional “personally identifiable information” protection legislation, regulations and obligations, not applying to “personally identifiable information” processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations.
As a guiding principle, ISO/IEC 27018 standards and guidelines facilitate the retention by the cloud service customer of authority to determine the scope of any use and handling of its “personally identifiable information”. The following controls and implementation guidelines set forth in ISO/IEC 27018 as generally applicable to cloud service providers processing “personally identifiable information”: