MAURITIUS Law and Practice Contributed by: Sameer Tegally, Sonia Xavier and Ashvan Luckraz, Venture Law
11.3 Data Protection and Privacy Considerations
The Industrial Property Office (IPO) oversees the reg - istration of various IP rights, including marks, patents, utility models and designs. Trade mark registration is quite straightforward. However, foreign applicants must engage local rep - resentatives, conduct searches and adhere to specific documentary requirements. The registration process takes approximately three months, including a two- week examination period. Renewal is required every ten years. Patents in Mauritius require novelty, inventive steps, and industrial applicability. The application process involves filing at the IPO, public inspection, and potential opposition. Patents expire after 20 years, and annual fees are payable. Restoration is possible within a grace period. Industrial designs are protected for five years and renewable for three five-year periods. Similar to pat - ents, renewal may occur within a grace period. The Industrial Property Act also covers other IP rights, such as certification marks, layout designs, protection of new plant varieties, and geographical indications. Mauritius is a party to international treaties such as the Patent Cooperation Treaty, the Madrid Protocol and the Hague Agreement, facilitating global IP protection. Criminal actions, with fines and imprisonment, are provided for in the Industrial Property Act 2019 and the Protection Against Unfair Practices (Industrial Property Rights) Act 2002. The Industrial Property Tribunal has been set up to handle IP disputes, and if needed, appeals may be made to the Supreme Court and the Judicial Committee of the Privy Council in the UK. Obtaining damages and other remedial action before the civil courts is also possible.
Mauritius has a comprehensive legal framework for data protection, primarily governed by the Data Protection Act 2017 (DPA), which is aligned with the EU’s General Data Protection Regulation (GDPR). The DPA empha - sises the protection of personal data and grants data subjects explicit rights, including the right to access, correct inaccuracies, and request deletion of their data. The Cybersecurity and Cybercrime Act 2021 comple - ments data protection efforts by defining cybersecu - rity and addressing potential privacy breaches arising from cyber attacks. Regarding extraterritorial scope, the DPA allows the transfer of personal data outside Mauritius under spe - cific conditions. These conditions include: • providing proof of appropriate safeguards; • obtaining explicit consent from the data subject; or • meeting certain legal criteria related to contracts, public interest, legal claims, vital interests or com - pelling legitimate interests. The legislation acknowledges the role of public regis - ters but limits the transfer of data from such registers to specific circumstances. Public authorities engaged in their functions are subject to specific rules, and the Commissioner has the authority to request proof of safeguards and may intervene to protect data sub - jects’ rights and freedoms. Violating the DPA Anyone found guilty of violating the DPA, in cases where no explicit penalty is outlined or who otherwise goes against the provisions of the Act, may, upon con - viction, face a fine of up to MUR200,000 and impris - onment for a maximum of five years. Furthermore, the court has the authority to: • order the forfeiture of any equipment or any article used or connected in any way with the committed offence; and • order or prohibit the doing of any act to stop a continuing contravention.
377 CHAMBERS.COM
Powered by FlippingBook