IT Law

Gonzi & Associates, Advocates has wide experience in the drafting and vetting of Software Agreements and a variety of related IT contracts subject to Maltese law. We consider the safeguarding our clients’ interests to be of paramount importance, and have experience drafting tailor-made indemnity, confidentiality and copyright clauses in order to best suit the clients’ purpose.

Regrettably, copyright laws can sometimes be extremely difficult to enforce in relation to software. Due to these potential difficulties, software companies can have problems when protecting their intellectual property and claiming the financial benefits due to them from the end users of such software.

Many IT companies develop and provide software for corporate use which has the effect of making other corporations run more efficiently. This software could potentially allow the end-user companies to increase their profit margins. It has even become a fairly common practice for large conglomerates to request software which has been tailor-made to their specifications, in order to fully maximise the amount of money saved. For these reasons there must be a copyright and licence agreement in place between the users and the creators of the said software. This agreement must be carefully drafted in order to specify the royalties owed for use of such software, as well as a clause specifying who is the owner of the intellectual property, that is whether it belongs to the creators or to the buyers or to any other relevant third party. There will often also be a clause allowing the users the possibility of purchasing more licences to use the software as may be required.

The agreement must be drafted in such a way as to make any failure to pay on the part of the purchasing companies a breach of obligation and thus also a breach of copyright laws. Problems may arise when proving the nature and extent of the breach of contract. Companies will often try and argue that their non-obligation was due to other excusable factors such as the purchase of new equipment onto which they may then upgrade the software which has been provided. Though this may seem harmless, it is in fact a breach of software copyright law, as the new user licences have not been bought and paid for. This is one example of a situation in which software copyright laws are unfortunately not being enforced as they ought to be.

Software copyright laws exist to protect the software companies from this type of abuse and misuse; however, it is up to the software creating companies to ensure that the applicable software copyright agreement has been carefully drafted in order to avoid these situations of conflict when possible. This is where our legal experts come in. We can assist with the drafting & negotiating of these agreements with the ultimate aim being the safeguarding of your copyrights and other intellectual property rights.

Websites are an essential business medium in today’s world, allowing companies to promote or offer goods or services over the internet. When setting up a website in order to attract clients it is important to include a clear set of terms and conditions. The entire consumer-provider relationship will be governed by the said terms and conditions and thus, it is essential that they strike a balance between being extensive enough in that they cover all possible scenarios, while at the same time not being so vast to the extent that they put the customer off using your products or services.

If the website is directed towards users within the EU then its use must be regulated in order to conform with the EU directives which prioritise the welfare of the consumer. Therefore, the first thing to establish is who the intended users of a site are. If they could potentially be EU citizens then extra care must be taken in order to comply with applicable EU consumer protection directives.

Customer protection is at the very forefront of the EU’s agenda, and therefore certain items like hidden surcharges and pre-ticked boxes are not allowed. There is also a requirement for a fourteen-day cooling-period, during which the client may be allowed to change their minds about using your business.

The obligations arising out of EU law are essential to consider when drafting the terms and conditions for use of a website. These must be properly drafted in order to avoid legal issues arising at a later date. It is also essential to include adequate data protection clauses and indemnity notices in order to fully protect your business from incurring avoidable liabilities.

Our team of IT legal experts based in Malta is well positioned to assist you in relation to all legal aspects of the design, implementation and use of your website including terms and conditions, copyright and data protection issues.

In addition to the EU General Data Protection Regulation 2016/679 (the “GDPR”), there exists a specific data protection regime which regulates to electronic communications sector: The Processing of Personal Data (Electronic Communications Sector) Regulations (SL 586.01). As its name implies, these regulations apply to the processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks in Malta and any other country.

The Regulation implements the provisions of the Directive on Privacy and Electronic Communications (2002/58/EC) and Regulation (EC) no. 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.

In terms of this regulation, the service provider must adhere to an array of obligations in the processing of personal data pertaining to subscribers and users, including in relation to the processing of traffic data and location data. Other obligations relate to: notification of personal data breaches, confidentiality, unsolicited communications, data retention and security. These are of course over and above the obligations and rights laid down under the GDPR.

In accordance with these Regulations, service providers are required to retain certain categories of data necessary to:

• trace and identify the source of a communication;
• identify the destination of a communication;
• identify the date, time and duration of a communication;
• identify the type of communication;
• identify the users’ communication equipment or what purports to be their equipment; and
• identify the location of mobile communication equipment.

Hefty administrative fines are envisaged under these Regulations where one contravenes or fails to comply with these Regulations. Such fines consist of a one-time administrative fine for each violation and another administrative fine for each day that the violation persists. These are of course in addition to any fines or other serious consequences laid down in the GDPR.

In order to prevent such scenarios, it is extremely important to be fully aware of the implications of data protection legislation and regulations and obtain correct legal advice in the ambit of any data processing venture, as non-conformity and non-compliance with applicable data protection laws can have serious consequences for a client’s business operations.

Gonzi & Associates, Advocates is able to assist you in relation to all aspects of compliance with Malta and EU data protection legislation. The firm has carried out data protection audits on various national and international companies and has recommended remedial action to ensure that the relevant legislation is observed.

The IT industry is one sector which has a comparatively higher frequency of mergers and acquisitions than other sectors, because it is such a diverse industry with many different subsectors. At Gonzi & Associates, Advocates we ensure that we target our legal recommendations depending on the specific technological needs and interests of the client.

Mergers and acquisitions are separate and distinct. Mergers occur when two companies join together creating a new distinct company, while company acquisition is the purchase of one company by another. These situations may occur for various reasons, including globalisation or increased competition within the IT sector. Since the negotiation stages of a merger or an acquisition can be extremely volatile, it is essential to consult with legal practitioners throughout in order to avoid any breakdown of communication and ensure a smooth transaction.

Gonzi & Associates, Advocates ensures that any client will be provided with legal advice on the most appropriate corporate restructure to suit their and their company’s purposes. We are able to offer legal advice to aid with every stage of the merger or acquisition process, from the initial valuation stage, to the eventual finalisation of the transaction.

Cloud Computing is a relatively important field of software services which can be of great benefit to a business, but which also presents a unique set of legal challenges, particularly within the European Union. There are various means of storing data within a cloud computing setup, such as software as a service, platform as a service or infrastructure as a service. These means may each be used for a specific purpose and thus can be a great asset to a business.

The main legal issues which tend to arise with regard to Cloud Computing are contractual, implementation of security measures, data protection, compliance with any requisite due diligence, applicable law and copyright disputes.

With the entering into force of the EU General Data Protection Regulation 2016/679 (the “GDPR”) in 2018, there is now an increased territorial scope whereby the GDPR applies to all companies processing personal data of individuals residing within the EU, irrespective of the location of the company. The GDPR has increased privacy for individuals which in turn translated into a substantial increase in fines, new obligations for processors and additional obligations for controllers with respect to transparency, the attainment of consent and retention obligations, amongst others. Other significant additions relate to the introduction of new measures with respect to the transfer of personal data outside the EU or to international organisations.

Of utmost importance in the realm of cloud computing would be the ‘adequate level of protection’ requirement which data controllers are legally obliged to implement in their organisations, including the implementing of appropriate technical and organisational measures to protect against accidental loss or destruction of data and any other unlawful forms of processing, such as for instance, unauthorised access. Data controllers are not only legally obliged to ensure that the data processors which they engage to process personal data on their behalf, have appropriate security measures in place but must also ensure that these measures are actually implemented.

Loss, destruction and other unlawful forms of processing, whether purposeful or accidental can have very serious consequences for the data controller. Adequate safeguards such as insurance, emergency procedures and indemnity clauses are essential. The physical location where the data is stored is significant, as that can be a deciding factor in determining the jurisdiction and choice of law applicable in the case of any dispute.

The data in question may also be subject to any intellectual property rights in force in the state where the information is technically considered to be stored. Copyright disputes could potentially occur.

Gonzi & Associates, Advocates boasts qualified professionals who have accumulated several years of experience in this area through serving a range of clientele, and who are well-equipped to provide legal advice with regard to a variety of IT issues.

Gonzi & Associates, Advocates offers a range of legal services relating to IT including, but not limited to: