you are being redirected

You will be redirected to the website of our parent company, Schönherr Rechtsanwälte GmbH :

27 October 2022
Schoenherr publication
austria poland

to the point: technology & digitalisation l October 2022

Welcome to the October edition of Schoenherr's to the point: technology & digitalisation newsletter!

We are excited to present a selection of legal developments in the area of technology & digitalisation in the wider CEE region.

Insights waiting for you in this edition: 

From Midjourney to Dall·E 2, AI art engines are on the rise and here to stay. While AI that creates images from texts is not new, the services are getting better and better and are widely available for free.
Most of us have probably produced content at some point, be it a newsletter like this one, a presentation, a blog or whatever, and thought an eye-catcher to illustrate it would be great. The ideas tend to come easily enough; the hard part is turning them into reality. But with the help of powerful AI tools, everyone can now be an illustrator. For example, it was recently reported that Dall·E 2 is now freely available. Of course, we had to try it out.
Using these tools is pretty simple. You type in a prompt and the AI creates various suggestions that can then be further refined in many cases (with more or less input from the user). These AIs are trained using machine learning to understand the relationship between images and the text used to describe them.
So we asked Dall·E 2 to suggest images for the prompt "A lawyer creating a scary technology newsletter, digital art":

Image produced by Roland Vesenmayer using Dall·E 2 (

Those who follow our newsletters and publications will remember our NFT self-experiment and Guido Kucsko's iconic GIF "CONCEPTUAL ARTIST PULLING AN IDEA OUT OF HIS HEAD". For this prompt, Dall·E 2 suggests the following illustration, among others: 

Image produced by Roland Vesenmayer using Dall·E 2 (

Unfortunately, this is not an image creation blog but a legal newsletter. Fortunately, the legal side of AI art machines is almost as fascinating as the technical and artistic side.
It starts with the question of who is the creator of the work? The machine? If so, there can be no copyright protection, at least in most jurisdictions, since original creation by a human is required. But isn't the prompt enough to attribute the creation to the user? Probably not. Going back to Guido's GIF, we assume that copyright protection does not consist of a mere idea, but arises with the creation of the work (when the idea is pulled out of the head). However, the boundaries are fluid, especially when the user is involved in the creation process and makes creative decisions, e.g. by specifically instructing the AI to make certain variations or edits.
Another question is whether an AI creation can infringe the copyrights of third parties. If an image happens to resemble an existing work, even though the other work was not used as a basis, this is usually not a problem (so-called parallel creation). In fact, however, we do not know from where the AI takes the source image material and whether the use of the image provided by the AI might infringe third-party rights.
With regard to the rights of use, the terms and conditions of the service providers must also be observed. This is because even if there is no copyright protection for the images created by the AI, the service providers may try to contractually restrict the rights of use. In such a case, of course, there would be no absolute protection and no way to enforce the rights against third parties who are not bound by the contract.
AI raises a lot of other issues too, concerning the rights to the AI program, for example, but also the legality of AI training (using protected works available on the internet).
So you see, even copyright lawyers enjoy Dall·E, Midjourney & Co, not only because of their images, but also because of the legal issues they raise. Have a scary Halloween with AI art and your copyright lawyers!

The European Parliament recently published a study that aims to provide an overview of the currently known applications of distributed ledger technology (DLT) in the art sector, focusing on IP issues relating to art NFTs and tokenised physical artworks.
After defining related terminology, the study turns to the functional and transactional aspects of NFTs, from the process of creation/minting to sale, and discusses the various fields of application of NFTs and some of the many legal facets.
According to the study, the opportunities of NFTs "are manifold:

  • NFTs bring about the opportunity to give digital [(]art[)-]works a uniqueness and thus a value.
  • NFTs bring about new opportunities of exploitation […].
  • NFTs/smart contracts bring about the opportunity to fully automate resale royalties for secondary sales."

And "[a]part from the opportunities relating to NFTs, [DLT] creates potential further opportunities in the fields of rights management, combat against piracy and IP registration:

  • [R]ightsholdership, as well as licences, can be made transparent and accessible for all users of a blockchain. This might facilitate chain of title researches and might make the work of collecting societies more efficient.
  • In addition, DLT creates opportunities in the fight against piracy."

So let's be aware of the opportunities but also the risks and difficulties of DLT and NFTs. The study definitely contains insightful discussions, findings and conclusions from an IP perspective.

Hermès sued NFT artist Mason Rothschild for trademark infringement and dilution after he sold "MetaBirkin" NFTs that strongly resemble the luxury handbags during Art Basel in Miami. Reuters reports that Rothschild made at least USD 1m from the sales of the MetaBirkins.

Now Hermès is seeking summary judgment (i.e. an early ruling on the claim without going to trial) that Rothschild had intended to "capitalise on the goodwill of a leading luxury brand [and] one of its most iconic brands and products".

Moreover, there is similarity between the "Birkin" brand and the "MetaBirkin" brand, and the NFT of the digital MetaBirkin looks very much like the French luxury leather and fabric pieces. Hermès also submitted surveys showing that 18.7 % of consumers were confused as to whether the NFTs were not actually from Hermès or at least related to it.

Mason Rothschild is invoking his First Article rights under the US Constitution, which allow him to "create art based on [his] interpretations of the world around [him].

This could be a ground-breaking judgment for the NFT market, at least in the US.

On 19 October the Czech EU presidency circulated a new compromise on the AI law, which is expected to form the basis for an agreement next month. We will follow up on this once published.

On 7 October 2022, US President Joe Biden signed an executive order that will ensure that data transfers from the EU to the US are once again legally permissible.
You may recall that in June 2020 the ECJ declared the adequacy decision between the EU and the USA (the Privacy Shield) invalid, leading to much legal uncertainty between European and US companies. Personal data can only be transferred to the USA (or to any other third country outside the EU) subject to appropriate safeguards. In practice, the European Commission's Standard Contractual Clauses (SCC) are used to ensure that there is an adequate level of data protection in place. However, the SCC must be supplemented with additional measures to guarantee that the level of data protection is indeed substantially equivalent to that in the EU, which means that companies are currently forced to conduct a so-called Transfer Impact Assessment (TIA) before a data transfer takes place.
At the beginning of 2022, EU Commission President Ursula von der Leyen and President Biden announced a "new system" for data sharing between the EU and the US. With this executive order, Mr Biden has taken a first step to addressing the concerns of the ECJ. The executive order will set some boundaries for US signals intelligence activities, including: (i) data may only be collected when necessary to further legitimate national security objectives and does not disproportionately affect the protection of privacy and civil liberties; (ii) a multi-level redress mechanism to which EU individuals can appeal; and (iii) procedures by US intelligence agencies to ensure effective oversight of new privacy and civil liberties standards.
It will certainly take several months before a new adequacy decision will make data transfers to the US easier again and the "Privacy Shield 2.0" is in place. Only time will tell whether this successor shield will be upheld or whether it is just a breather until the ECJ overturns it.

The European Data Protection Board (EDPB) published an updated version of the Guidelines on personal data breach notifications under the GDPR (currently in public consultation).
There is an important change with respect to data breaches of controllers not established in the EU. Whereas the previous Guidelines provided that notification should be made to the "supervisory authority in the Member State where the controller's representative in the EU is established" (Guidelines on personal data breach notification under Regulation 2016/679 - WP250 rev.01), the revised Guidelines (9/2022) state that "[…] the mere presence of a representative in a Member State does not trigger the one-stop-shop system. For this reason, the breach will need to be notified to every single authority for which affected data subjects reside in their Member State. This notification shall be done in compliance with the mandate given by the controller to its representative and under the responsibility of the controller."

Tech deals remain under close scrutiny by antitrust watchdogs. The most recent example is the Meta/Giphy merger in which the UK Competition and Markets Authority ("CMA") concluded that Meta's acquisition of Giphy would have to be unwound, even though Giphy has no sales, assets, direct customers or employees in the UK. Meta appealed the decision, which was upheld by the Competition Appeal Tribunal. Following the tribunal's decision, the CMA conducted an "expedited review" of its original decision and determined a few days ago that "the only way […]" was for Meta to sell Giphy to a suitable buyer. After more than two years of antitrust wrangling over the GIF empire, Meta accepted the CMA decision as final and will sell off Giphy's global operations.

This was the first (but probably not the last) time the CMA has challenged a tech deal. The decision underlines the apparent unpredictability of merger proceedings in digital markets. When considering new acquisitions, companies in the digital space need to bear in mind that competition authorities are increasingly likely to pursue these deals, even if they do not appear at first glance to affect the markets and consumers in the authority's country.

In October 2022 Polish Post (Poczta Polska S.A.) announced the launch of its first NFT token called "Crypto Stamp 1.0". Each Crypto Stamp will consist of two parts: a traditional postage stamp and a unique NFT token on the Polygon network in the ERC1155 standard (allowing multiple token types to be supported within a single application in a blockchain environment). Pre-sales of the NFT collection will start in December 2022 with prices from PLN 18.50 (approx. EUR 3.86). The collection has been prepared in collaboration with the Polish Space Agency (Polska Agencja Kosmiczna) and Polish Security Printing Works (Polska Wytwórnia Papierów Wartościowych). More information:

On 13 October 2022 the European Data Protection Supervisor ("EDPS") issued an opinion on the Recommendation for a Council Decision authorising the opening of negotiations on behalf of the European Union for a Council of Europe convention on artificial intelligence, human rights, democracy and the rule of law. In the EDPS's view, such a convention could play a key role in complementing the European Commission's proposed Artificial Intelligence Act by strengthening the protection of individuals' fundamental rights, such as the rights to privacy and to the protection of personal data. According to the issued opinion, AI systems that pose unacceptable risks to individuals should be prohibited. As to the question of "unacceptable risk", it entails the use of AI for things like social scoring of individuals, biometric identification of individuals in publicly accessible spaces, and categorisation of individuals on the basis of their biometric data (e.g. their ethnicity) and according to their perceived emotions, and should be prohibited by default. AI systems which may affect individuals' rights to human dignity in general should also be prohibited. Full text is available at

On 10 October 2022 the European Data Protection Board adopted a statement on the design choices for a digital euro from the privacy and data protection perspective. The statement was initiated by the launch of the European Central Bank's 24-month investigation phase for a possible digital euro, aiming at the issuance of a digital euro. The key objectives presented in the statement refer to privacy and data protection by design and by default, avoidance of systematic transaction validation and tracing, privacy threshold (both offline and online – peer-to-peer modality recommended!), the need for a specific regulatory framework, and public debate on the protection of personal data in digital payments. Full text at

Earlier this year it was announced that Microsoft had reached an agreement with Activision Blizzard to acquire the video game company for a record-breaking USD 68.7bln. The acquisition is being scrutinised by the UK Competition Market Authority, and in the course of the investigation interesting details about the future plans of the US software giant have emerged.

Apparently, Microsoft is working on its own store for mobile games to compete with the Apple App Store and the Google Play Store. The acquisition of Activision Blizzard would play a crucial role in this plan for Microsoft, which so far holds no significant market share of the mobile gaming sector. Activision Blizzard, on the other hand, has multiple mobile gaming powerhouses like Call of Duty: Mobile, Diablo Immortal, Hearthstone and the extremely profitable Candy Crush in its portfolio. In Q2 2022, Activision Blizzard generated a total of USD 831m from mobile games, which accounted for approximately 51 % of the company's total quarterly revenues and is more than the console and PC segments combined. The mobile gaming market in general has grown at an incredible pace in recent years and is expected to rise from an estimated USD 101.21bln in 2021 to USD 116.43bln in 2022. It therefore comes as no surprise that Microsoft also wants a bigger piece of this pie.

Microsoft has already attracted attention with major acquisitions in the gaming sector in recent years, taking over Mojang (Minecraft) for USD 2.5bln and ZeniMax Media (The Elder Scrolls, Fallout) for USD 8.1bln. The pending acquisition of Activision Blizzard could now lay the foundation for a future push into the mobile segment.

The Amendment of the Austrian Copyright Act fundamentally revised the Copyright contract law. An entire series of new provisions for the protection of authors was implemented. But what does this mean for (future) license holders? Let us take a look!