júl 23, 2021 Všeobecné
Procedural misrepresentation and abuse of User Area credentials
Procedural misrepresentation refers to the bypassing of requirements regarding who can be a legal practitioner or professional representative before the EUIPO. These are laid down in Article 120 of the EU trade mark regulation and Article 78 of the Community design regulation.
To prevent abuse, the EUIPO requires professionals who are interested in representing others to provide evidence of having a real and effective business or employment in the European Economic Area (EEA).
The Office performs a series of checks, in particular:
- when an existing representative requests a second or subsequent ID number;
- on a case-by-case basis where there is reasonable doubt regarding possible misrepresentations (for example when multiple IDs are requested for the same professional representative or where the address is a virtual one);
- when a third party questions the veracity of the representative’s place of business or employment.
Third party requests to invalidate an ID or to remove a professional representative from the list (on the grounds, for example, that the representative does not have a real place of business or employment in the EEA) must be substantiated and, in all cases, the party concerned will be given the opportunity to be heard before the EUIPO.
Unauthorised leasing of User Area credentials
Some representatives have been leasing their unique User Area credentials to independent third parties, allowing them to interact online with the EUIPO.
These third parties do not operate under the direct control, responsibility or supervision of the authorised representative, as defined in Decision EX‑20‑9, Article 3(1). They merely act under their identity. By disclosing their User Area credentials, the representatives grant access to all the files and information stored in their User Area to these third parties. This means they may obtain unauthorised access to confidential files and information relating to other represented persons, resulting in a breach of data protection rules.
In response to this, the Office has updated the Conditions of use of the User Area annex to the Decision of the Executive Director on communication by electronic means.
The main changes to the annex reflect the actions the EUIPO will take in the event of a potential prohibited disclosure. These can be found under paragraph 4 ‘Proper use of the user account’ which:
- determines that the responsibility for the proper use of the account and maintenance of confidentiality falls on the account holder;
- defines the ‘prohibited disclosure’ of credentials (the sharing or disclosure by account holders of credentials, passwords or administrative email accounts with any third party, that is, any entity or individual outside its organisation);
- identifies the steps the EUIPO will take after being made aware (based on evidence) of a potential case of prohibited disclosure (the Office will investigate the relevant facts and invite the account holder to comment);
- outlines the consequences and sanctions when prohibited disclosure is deemed to have taken place, which may include:
- the temporary or permanent suspension of the User Area account;
- asking the account holder to submit authorisations for the parties represented;
- informing the competent national authorities; and/or
- informing the competent data protection supervisory authorities.
A disclaimer has also been added to the annex stating that the EUIPO is not liable for any data breaches caused by the account holder’s prohibited disclosure of its User Area credentials.