Computers with many apps are installed in almost all devices and objects surrounding us. These technologies interlock today, with the result of complete, multinational networking. Such technical achievements lead to numerous legal questions and areas of conflict.
Lawyer Roman Pusep has been dealing with the legal aspects of information technology (IT) for more than 12 years. We talked to him and learned some interesting facts about IT law, about himself and his law firm called “WERNER Rechtsanwälte Informatiker” (WERNER RI).
Why did you become a Specialised Lawyer for IT?
That happed by coincidence, like many things in life. As a child, I needed to “tune” my 386 PC to be able to play my favourite games, which thus became my first ‘IT experience’. When I became a lawyer, I started working in a law firm that handled cases dealing with IT topics and I have been an IT lawyer ever since.
What legal field does IT law belong to?
Like any typical lawyer, I will answer this question by referring to an Act. The legal fields and activities belonging to IT law are set out in the German Specialised Lawyers Regulation. They comprise agreements on software development and software licenses (including apps and games), contracts on hardware and platforms, general terms and conditions, eCommerce, provider agreements, domain law, data protection, including encoding and signatures.
Does your work exclusively involve German law?
Generally speaking, yes. My colleagues and I are German lawyers, that is what we have been trained for, what we are good at and we even hold professional liability insurance in that field to protect our clients (but I have never needed it yet). However, the laws of the European Union are also part of German law. These are mainly Directives that need to be implemented to national law, but also regulations that are applicable in each EU member state, just like national laws. So, many legal standards that are applicable in Germany apply similarly, or even in the same way, to other EU countries, regardless of whether you are in the north of Sweden, in the east of Bulgaria, in the south of Cypress or the west of Portugal.
[ymal]
Do many of these EU standards apply to IT law?
Yes, there are quite a lot of them. The probably best-known example is the General Data Protection Regulation (GDPR). Since 25 May 2018, a uniform data protection law has been in effect in all EU countries, (however with some exemptions). Another example is the Geo Blocking Regulation. It ensures that, for example, a French citizen living in Germany may open a French webshop without being blocked, or without being automatically redirected to the German shop version since the IT recognises that they have a German IP address. The eIDAS Regulation provides for electronic identification, for example by using a qualified electronic signature and is applicable in the entire EU.
Do you often have to do deal with GDPR matters?
From approximately the beginning of 2018, we have been dealing with data protection law to an extraordinary extent. Germany has always been a country with a very high data protection level and this intensified significantly with the introduction of the GDPR.
What is a typical data protection engagement for you as a lawyer?
There is no such thing as a ‘typical engagement’. We have very many topics involving data protection which are all equally typical and important. The easiest ones to explain are, however, the data protection notices. They have been part of almost every website in the European Union since May 2018 at the latest, and are either custom-made or were prepared by an online generator or with the assistance of an IT lawyer.
You will not be able to apply legal rules or to prepare contracts if you do not know the technology that is involved.
Why do people need an IT lawyer?
Ideally, you do not need us. If you have a website with a simple design which hardly processes any personal data, you may just as well write your own data protection notice or have it prepared by an online generator. But some websites involve very intensive personal data processing mechanisms. In this case, the IT lawyer must, first of all, understand the technology behind the website, i.e. we must know, in detail, which data is being processed, how and where. So sometimes, I need to conduct intensive research and ask many people besides the owner of the website, including the website programmer, the designer, the administrator or the programmer of the webshop software used on the website, etc.
Do you and your colleagues in the law firm need technical training as well?
Only one person in my law firm has had such training, that is my colleague and partner, Dr Marcus Werner. He studied information technology before starting his law studies. But, what all of our colleagues need to have is an understanding of technology and a “technical curiosity”. You will not be able to apply legal rules or to prepare contracts if you do not know the technology that is involved.
So that means that all of your colleagues tuned their PCs when they were little?
Almost all of them. Their backgrounds are naturally all a little different: one of them worked in a PC store during his school years and as a student, another one worked in the IT department of a company when he studied and another programmed smaller websites, etc.
What IT projects do you support?
These projects mostly involve a change-over to or the introduction of a new IT system, like an EPR system (an Enterprise Resource Planning System). One of our clients might, for instance, change their software to that of SAP, SAGE, Oracle, Microsoft or DATEV, and we provide legal support in this endeavour.
How can you, as an IT lawyer, support such IT projects? Is it not mainly engineers and programmers that people need for such projects?
That is not quite correct. Programming and customising are mostly the last steps in a project, followed by the training. But a large part of the work involved in such IT projects is taken up by GAP analysis and planning. During these phases, people need to decide which functions the target system should have, and they need to verify which software would be best suited. These individual steps must finally be planned in a careful manner in order to successfully change from an old system to a new one.
And at what phase are IT lawyers needed?
We conduct the negotiations and prepare contracts with all service providers, such as consulting companies, software manufacturers or their silver/gold partners, the hosting company or even the providers of new hardware if such is necessary. We, lawyers, need to shape the contracts in such a manner that our client is optimally protected in the event that the IT project is not running as planned, i.e.: if programming errors or delays occur; if extra work is necessary and if the project thus becomes much more expensive; if data is lost or if the entire IT project is cancelled and continued with a new partner, or needs to start from the beginning.
German copyright law provides for a so-called “best-seller clause” (also called “fairness compensation”).
That is a lot of work involved which is probably expensive. Does it mean that you only work for larger corporations?
The legal work involved in an IT project is actually very time consuming and cannot be done in one or two days. We mostly work in teams of two or three IT lawyers to advise and legally protect the client optimally and at any time. An increasing number of small companies wish to have this type of protection. Today, IT is used in all or almost all companies and for most of them, the IT system is decisive for their success, so people show a high willingness to invest money.
What has been your most interesting case in the past 12 months?
The German copyright law provides for a so-called “best-seller clause” (also called “fairness compensation”). It ensures that authors who received adequate compensation for their work may still request additional compensation, even many years later, if the person possessing the work achieved an extraordinarily high revenue thanks to the work. Many legal decisions have been taken on these regulations, for example in the field of TV, music, drawings, auto design and art. Now, one software programmer brought a payment claim before a court and sued for full disclosure on the revenue that a company made by using their work. These were the first proceedings initiated by a programmer under the “best-seller clause”. We successfully represented the possessor of the work and defended them against the action before the court of first instance. The appeal proceedings are still being conducted, so it remains to be seen how this case ends.
Do you have a mantra or motto you live by when it comes to helping your clients?
The most important thing for me is to find the most practical and economical solution for my clients. In most cases, that means us trying to avoid court proceedings by all means. An amicable agreement is always more sensible, efficient, cost-effective and leads to better results for all parties involved.
Contact
Roman Pusep
Phone: +49 221 973143 0
Fax: +49 221 973143 99
Email: roman.pusep@werner-ri.de
Website: https://www.werner-ri.de
Roman is one of the few Specialised Lawyers for IT law in Germany and the only Russian Specialised Lawyer for IT law in Germany. His legal work focusses on legal consultation in IT projects, the legal fields surrounding eCommerce and the development of data protection on the basis of the GDPR. Roman is a TÜV-certified external data protection officer and also active as DIS arbitrator (TÜV is the German Technical Inspectorate Association). In addition, he represents his clients in legal matters under company law.
WERNER Rechtsanwälte Informatiker (WERNER RI) is a Cologne-based law firm with a track record dating back 100 years. The legal activities of this law firm focus on consultation on the subject of information technology law (IT law). WERNER RI is highly specified in this legal field and supports its clients, inter alia, in IT subjects such as outsourcing, infrastructure and computing centre projects, licence rights, cloud solutions and other XaaS services, ERP and CRM systems, issues under data protection law as well as data protection notices, admissibility of data processing, support for data protection officers and controllers, design of IT company agreements as well as eCommerce or online shops.
The law firm has its roots in Cologne and is simultaneously active for clients all over Germany and with offices in Europe. Clients include companies in the private economy and their shareholders/managing directors as well as companies and corporations under public law and church companies.
*** The interview was conducted in German and later translated. Roman speaks German and Russian.