The mobile app market is currently worth billions of dollars. It is therefore no surprise that software developers are racing to provide even more personalized products and services to the user. Software design, however, is not only the work of programmers, graphic designers and testers, but also lawyers. What aspects of the creative process should a developer keep in mind?
Is a mobile app a creation?
First of all, it is worth emphasising that the vast majority of apps will constitute a work within the meaning of the Copyright and Related Rights Act. Pursuant to Article 74 of this legal act, the protection granted to a computer program covers all forms of its expression. As a rule, it is considered that the disposition of the provision refers only to the textual layer of the programme, i.e. the source code and its documentation.
Graphic design and animations (Graphical User Interface) are also subject to copyright protection, but as a separate work and not as a part of a computer programme. The case law, however, indicates that only those graphic elements that fulfil the prerequisites of a work, i.e. are creative and original, are protected. Schematic and simple windows that only serve the purpose of allowing the user to use the application will unfortunately not be protected.
Who is entitled to the intellectual property rights in the application created?
The right to dispose of the copyright in a work is primarily vested in the creator if he has provided his services under a civil law contract (‘contract to perform a work or contract to commission’) or a B2B contract. There are two types of copyright:
- economic – they denote the possibility to dispose of the work for a fee in specific fields of exploitation;
- personal – they define the creator’s bond with the work, including through the designation of authorship.
In such a situation, the developer must ensure the transfer of economic copyrights in specific fields of exploitation to him on the basis of a written agreement under pain of nullity. The provisions of the Copyright Act directly indicate the conditions under which the transfer may be made:
- the agreement may relate only to a specific work and not to all of the author’s works;
- the fields of exploitation must be known at the time the contract is concluded and must not be presumed;
- as a rule, the transfer is made in exchange for payment, the remuneration being calculated separately for each field of exploitation.
The transfer of copyright must be distinguished from a licence. The essence of a transfer is the permanent and irreversible transfer of rights to a work.
As a rule, a licence is time-limited and can be granted to many entities simultaneously. The developer of the application should be primarily concerned with the transfer of economic copyright.
Software copyright and full-time employees
The issue of full-time employees who perform their duties under an employment contract is completely different. In such a situation, Article 74(3) of the Copyright Act will apply, which provides that the economic rights to a computer programme created by an employee as a result of the performance of duties under the employment relationship vest in the employer, unless the contract provides otherwise.
Such acquisition is primary, meaning that the parties to the legal relationship no longer need to sign any agreement for the employer to take possession of the work.
However, if a software house wants to bonus its employees, it is acceptable to include a clause in the contract for the employee to acquire the rights and then transfer them to the employer for a fee.
What about personal copyrights?
Unlike economic copyrights, personal copyrights are not transferable. However, in order not to expose oneself to the demand to mark each copy of the work with the name of the author, it is advisable to ensure in the contract that the person concerned undertakes not to execute his/her rights.
Protection of industrial property
Another point that a developer should bear in mind is to protect his interests on industrial property grounds by registering a trademark for his application. This will give him the exclusive possibility to use the designation for commercial purposes.
Trademark protection is granted by the Polish Patent Office for a 10-year period with the possibility of renewal. If you are designing an international application, it is worth considering using the extended patent protection guaranteed by the EUIPO (within the European Union) or WIPO (for a selected country of the world). This is a rather costly process, but it allows you to effectively protect your interests – in the event of a court dispute, it is usually sufficient to show the certificate of protection granted by the relevant office.
Graphic elements of an application can also be protected as industrial designs. In this case, protection is granted for a maximum of 25 years divided into 5-year periods.
One popular strategy is to register the app’s logo as a trademark but its individual variations (e.g. for particular markets) as industrial designs.
Mobile app use and GDPR
Today, it is difficult to imagine an app that does not collect users’ personal data. Typically, this will include name, email address, home address, mobile device ID. Without these, it may not be possible to use the app (or at least some of its functions).
For the developer, this means that it must follow the necessary procedures for protecting, processing and sharing personal data. If information is shared with third parties, it is necessary to communicate who will have customers’ personal data and to make sure that such sharing is secure.
This is particularly important if the data is received by a company outside of the GDPR area, such as one based in the US or China. When working with such entities, it is worth noting whether they have implemented the ISO/IEC 27001 information security management standard and its extension, ISO/IEC 27002.
All issues related to GDPR should be included in an easily accessible privacy policy. Failure to do so runs the risk of heavy financial penalties being imposed on the controller by the regulator!
Data protection takes on additional importance when a developer plans to use what is known as IDaaS (Identity as a Service). This is a user authentication model in which identity confirmation is performed by another cloud service provider, such as Google, LinkedIn or Facebook.
As a result, the user does not have to remember his or her login details in, for example, an online shop. Also in this situation, the app developer becomes the administrator and should comply with the principle of accountability and document all processes concerning the processing of personal data.
How to ensure the protection of app users?
It should not be forgotten that a mobile app will always be an electronically provided service. This means that it is necessary to design and make available appropriate rules and regulations, which – in accordance with Article 8 of the Act on the provision of services by electronic means – specify at least:
- types and scope of services provided electronically;
- the conditions for provision of services by electronic means (including technical requirements and the prohibition on providing illegal content by the service provider);
- conditions for conclusion and termination of agreements on provision of services by electronic means;
- the complaint procedure.
Regardless of the terms and conditions and privacy policy, it is important to bear in mind the specific privileges of consumers. First and foremost will be the right to withdraw from the contract. The trader should also make sure that the terms and conditions do not contain abusive clauses.