Search results for: digital rights

The future of national data retention obligations – How to apply Digital Rights Ireland at national level?

Note by the editors: we will take a short break over the summer and resume blogging in the week of 16 August

By Vanessa Franssen

On 19 July, Advocate General (AG) Saugmandsgaard Øe delivered his much awaited opinion on the joined cases Tele2 Sverige AB and Secretary of State for the Home Department, which were triggered by the Court of Justice’s (CJEU) ruling in Digital Rights Ireland, discussed previously on this blog. As a result of this judgment, invalidating the Data Retention Directive, many Member States which had put in place data retention obligations on the basis of the Directive, were confronted with the question whether these data retention obligations were compatible with the right to privacy and the right to protection of personal data, guaranteed by Articles 7 and 8 of the EU Charter of Fundamental Rights (Charter). Hence, without a whisper of a doubt, several national legislators eagerly await the outcome of these joined cases, in the hope to get more guidance as to how to apply Digital Rights Ireland concretely to their national legislation. The large number of Member States intervening in the joined cases clearly shows this: in addition to Sweden and the UK, no less than 13 Member States submitted written observations. The AG’s opinion is a first – important – step and thus merits a closer look. Continue reading

Joined Cases C-293/12 and 594/12 Digital Rights Ireland and Seitlinger and Others: The Good, the Bad and the Ugly

By Orla Lynskey

In its eagerly anticipated judgment in the Digital Rights Ireland case, the European Court of Justice held that the EU legislature had exceeded the limits of the principle of proportionality in relation to certain provisions of the EU Charter (Articles 7, 8 and 52(1)) by adopting the Data Retention Directive. In this regard, the reasoning of the Court resembled that of its Advocate General (the facts of these proceedings and an analysis of the Advocate General’s Opinion have been the subject of a previous blog post). However, unlike the Advocate General, the Court deemed the Directive to be invalid without limiting the temporal effects of its finding. This post will consider the Court’s main findings before commenting on the good, the bad and the ugly in the judgment. Continue reading

Plenty to retain? Opinion of the Advocate General in Joined Cases C-293/12 and 594/12, Digital Rights Ireland ltd and Seitlinger and others

In what circumstances is it possible for the EU to introduce a directive which limits the exercise of fundamental rights guaranteed by the EU Charter? This is just one of the many questions of constitutional significance which the Court is asked to address in Joined Cases C-293/12 and C-594/12.  In his Opinion delivered on 12 December 2013, Advocate General (AG) Cruz Villalón provides plenty of food for thought for the Court. For instance, the Opinion offers interesting yet contestable insights into the relationship between the rights to privacy and data protection in the EU legal order.

Continue reading

PNR Agreements between Fundamental Rights and National Security: Opinion 1/15

By Arianna Vedaschi and Chiara Graziani

On July 26, 2017, the European Court of Justice (ECJ) issued Opinion 1/15 (the Opinion of the Advocate General on this case had been discussed previously in this blog, part I and part II) pursuant to Article 218(11) TFEU on the draft agreement between Canada and the European Union (EU) dealing with the Transfer of Passenger Name Record (PNR) data from the EU to Canada. The draft agreement was referred to the ECJ by the European Parliament (EP) on January 30, 2015. The envisaged agreement would regulate the exchange and processing of PNR data – which reveals passengers’ personal information, itinerary, travel preferences and habits – between the EU and Canada. The adoption of the agreement is crucial because, according to Article 25 of Directive 95/46/EC as interpreted in the Schrems decision (commented here), the transfer of data to a third country (discussed here) is possible only if such country ensures an “adequate level of protection.” This standard can be testified by an “adequacy decision” of the European Commission or, alternatively, by international commitments in place between non-EU countries and the EU – as the one examined by the ECJ in this Opinion.

Not surprisingly, the leitmotiv of the Court’s Opinion is the challenging balance between liberty and security. Maintaining a realistic perspective, the Court considered mass surveillance tolerable at least in theory, because it is a necessary and useful tool for the prevention of terrorism. Yet, it insisted that there should be very strict rules as to the concrete implementation of such surveillance. For this reason, it found some provisions of the draft agreement incompatible with Articles 7 (privacy) and 8 (data protection), in conjunction with Article 52 (principle of proportionality) of the Charter of Fundamental Rights of the European Union (CFREU).

As a result, the agreement cannot be adopted in the current form and the EU institutions will have to renegotiate it with Canada. For sure, this renegotiation will prove to be challenging. Nevertheless, as the analysis below will show, the Luxembourg judges, by addressing particularly technical issues of the agreement, provided a detailed set of guidelines that, if respected, would ideally preserve fundamental rights – in this case, the right to privacy and to data protection – without undermining public security. Through a smooth and refined reasoning, the Court’s decision indeed suggests potential solutions to amend the draft agreement in a way that is compliant with the CFREU and, ultimately, the rule of law. Continue reading

Brexit, Fundamental Rights And The Future Of Judicial And Police Cooperation

By Cristina Saenz Perez

The future of EU-UK judicial cooperation in criminal matters is far from certain. In her Florence speech, Theresa May affirmed that one of the goals of the UK government was to establish a “comprehensive framework for future security, law enforcement and criminal justice cooperation” after Brexit. In the government’s ‘Future Partnership Paper’, the government also expressed the need of concluding a separate agreement that guarantees the future of cooperation in police and security matters between the UK and the EU. Despite all the efforts, the latest decisions have shown how difficult an agreement in this area will be. Continue reading

Defamation in the digital age

Last October, the grand chamber of the Court ruled in the joined cases of eDate and Martinez (C-509/09 and C-161/10) on the interpretation of Article 5(3) of the Brussels I Regulation (Regulation 44/2001/EC) in cases of alleged infringement of personality rights by means of content placed on an internet website. Article 5(3) grants jurisdiction to the court of the place where the harmful event occurred or may occur.

In earlier case law, Fiona Shevill, the Court had held that in case of defamation by means of a newspaper article distributed in several Member States, Article 5(3) must be interpreted as giving the victim a choice between fora. Firstly, the victim may bring the action before the courts of the Member State of the place where the publisher of the defamatory publication is established, which have jurisdiction to award damages for all of the harm caused by the defamation. Secondly and alternatively, the victim may bring the action before the courts of each Member State in which the publication was distributed and where the victim claims to have suffered injury to his reputation, and which have jurisdiction to rule solely in respect of the harm caused in the State of the court seised (paragraph 33 of Shevill). Could these criteria be applied in cases where the defamatory content was published on the internet?

Continue reading

Another Turn of the Screw? The ‘Facebook Fanpages’ judgment

By Orla Lynskey

Introduction

The data protection practices of social networking giant Facebook have been the subject of much regulatory and public scrutiny in recent months, from the Cambridge Analytica saga to the allegation that Facebook’s consent mechanism is not GDPR-compliant and its terms of service constitute an abuse of dominance. The recent judgment of the Grand Chamber of the CJEU is therefore likely to add to Facebook’s data protection woes, by increasing the pressure on it to reconsider the data processing practices that underpin its business model. Continue reading

Tele2 Sverige AB and Watson et al: Continuity and Radical Change

By Orla Lynskey

Introduction

The CJEU delivered its judgment in Tele2 Sverige AB and Watson on 21 December 2016. The Court had been asked by a Swedish and British court respectively to consider the scope and effect of its previous judgment in Digital Rights Ireland (discussed here). The judgment reflects continuity in so far as it follows in the line of this, and earlier judgments taking a strong stance on data protection and privacy. Yet, the degree of protection it offers these rights over competing interests, notably security, is radical. In particular, the Court unequivocally states that legislation providing for general and indiscriminate data retention is incompatible with the E-Privacy Directive, as read in light of the relevant EU Charter rights. While the judgment was delivered in the context of the E-Privacy Directive, the Court’s reasoning could equally apply to other EU secondary legislation or programmes interpreted in light of the Charter. This judgment will be a game-changer for state surveillance in Europe and while it offered an early Christmas gift to privacy campaigners, it is likely to receive a very mixed reaction from EU Member States as such. While national data retention legislation has been annulled across multiple Member States (Bulgaria, Czech Republic, Cyprus, Germany and Romania), this annulment has been based on an assessment of the proportionality of the relevant measures rather than on a finding that blanket retention is per se unlawful. For those familiar with the facts and findings, skip straight to the comment below. Continue reading

Opinion 1/15: AG Mengozzi looking for a new balance in data protection (part I)

By Maxime Lassalle

On 8 September 2016, Advocate General (AG) Mengozzi delivered his much awaited opinion on the agreement between Canada and the European Union on the transfer and processing of Passenger Name Record (PNR). It follows the European Parliament’s resolution seeking an Opinion from the Court of Justice of the European Union (CJEU) on the compatibility of the agreement with the Treaties. Even though the opinion concludes that the agreement has many loopholes, it could disappoint those who were expecting a strong condemnation of PNR schemes as such.

This blogpost intends to present the context of this procedure and the main elements of the AG’s opinion before analysing them. The question of the appropriate legal basis for the agreement, also raised by the Parliament, will not be addressed. However, before turning to the AG’s opinion, we need to briefly sketch the background of the proposed agreement. Continue reading

In the Shadows of the Data Protection Juggernaut: Bara and Weltimmo

By Orla Lynskey

Data protection policy, in particular the right to protection of personal data in Article 8 of the EU Charter, has remained firmly within the EU law limelight in recent years. This right played a key role in seminal judgments of the CJEU such as Schecke and Eifert, where for the first time a provision of secondary legislation was annulled for incompatibility with the Charter, and in Digital Rights Ireland (discussed earlier on this blog), where for the first time an entire Directive was annulled on the same grounds. Furthermore, in Google Spain (considered here) this fledgling right was ostensibly given precedence over the more established right to freedom of expression in certain circumstances, leading to a media furore on both sides of the Atlantic. 2015 was no different in this regard as much attention focused on the Court’s judgment in Schrems (discussed here), which invalidated the 15 year old Safe Harbor data sharing agreement between the EU and the US, and on the culmination of four years of negotiation on the new Proposed General Data Protection Regulation in December.

For good or for bad, the EU data protection juggernaut appears unstoppable, leaving in its wake legal instruments that do not meet its strict standards. Yet, in the shadows of these well-documented events, other noteworthy developments occurred. 2015 also saw the Dutch referring court withdraw its preliminary reference in Rease and Wullems, thereby regrettably removing the opportunity for the CJEU to pronounce upon the margin of discretion of national Data Protection Authorities (DPAs) when adopting a de minimis approach to their enforcement strategy to the detriment of individual or small group complainants. The Court did, however, deliver a number of largely overlooked yet significant data protection judgments in 2015. This contribution will focus on two significant cases which the CJEU delivered in the first week of October, immediately prior to the Schrems judgment, in Bara and Weltimmo. These preliminary references allowed the Court to clarify the interpretation of obligations and exemptions under the Data Protection Directive, as well as the Directive’s enforcement in online situations. Continue reading

Schrems vs. Data Protection Commissioner: a slap on the wrist for the Commission and new powers for data protection authorities

By Fanny Coudert

On 6th of October, in Schrems vs. Data Protection Commissioner, the CJEU, following the controversial Opinion of AG Bot, put an end to the specific regime regulating data flows to the US. The 4600 US companies using this agreement are now forced to rethink how to ensure the continuity of the protection when data are transferred from EU to the US. In this milestone ruling, the Court also reaffirmed the key role played by national Data Protection Authorities (DPAs) in the European system of data protection, and clarified the different competences of the European Commission, the DPAs and the courts –including the ECJ- in assessing the adequate level of protection offered by a third country. Continue reading

Top 10 Most Read Posts of the Year

With the end of the third year of operation of the European Law Blog approaching, it is once again time to take a brief look back at the most popular posts of the year. Based on our Google Analytics statistics and keeping in mind that there is a certain bias in favour of older posts which have had more time to become popular, we receive the following little tour d’horizon of EU law… Continue reading

The Commission´s Company Law Package: overview and critical view of the proposal for cross border transactions

By Segismundo Alvarez

The much awaited Company Law Package was finally published by the European Commission on April 25. It aims to establish “simpler and less burdensome rules for companies”  regarding incorporation and cross border transactions and consists of two proposals.

Proposal 2018/0113  intends to promote the use of digital tools and procedures in company law. Member States will need to allow a fully online procedure for the registration of new companies and of branches of other companies, that permits the incorporation without the physical presence of the members before any public authority. To avoid fraud and abuse the proposal “sets safeguards against fraud and abuse such as mandatory identification control, rules on disqualified directors and a possibility for Member States to require the involvement of a person or body in the process, such as notaries or lawyers”. The proposal also establishes the need to offer free access to the most relevant information of companies in the Companies Registers. This proposal will require important changes in national legislations and its implementation will be a technological challenge for the Member States that want to preserve the present level of control in the incorporation of companies. The question of online identification will undoubtedly be of special interest and complexity.

This first proposal certainly deserves more detailed examination. However, to keep this post short, I will concentrate here on the second proposal (2018/0114) regarding cross-border conversions, mergers and divisions. Continue reading

The EU Single Market Information Tool: The European Commission’s new investigative power in 2018

By Gianni De Stefano and Jaime Rodríguez-Toquero

The European Commission is about to gain a new investigative power through the Single Market Information Tool (SMIT).  The SMIT will allow the Commission to request information (including factual market data or fact-based analysis) from private firms or trade associations when the Commission initiates or substantiates infringement proceedings against one or more Member State(s) that may have failed to fulfil an obligation under the applicable Single Market legislation.  This post will discuss the background of the SMIT, its purported rationale, and critically reflect on the powers granted to the Commission under the SMIT.

The Commission is at pains to clarify that the SMIT initiative does not aim to create new enforcement powers allowing it to pursue infringements of Union law in the Single Market area against individual market participants.  That said, the Single Market rules can be infringed by either Member States or private companies.  Therefore, companies responding to such information requests will not only incur administrative and financial burdens, but they will also have to be careful not to incriminate themselves in doing so, as we will see below.

Continue reading

POMFR: Challenges in the Field of Economic and Financial Crime in Europe and the US

By Katrien Verhesschen

Katalin Ligeti, Vanessa Franssen (eds), Challenges in the Field of Economic and Financial Crime in Europe and the US (Hart Publishing, Oxford, 2017)

“A European ‘fraud hunter’ is beneficial for taxpayers”, “Fraud costs 100 euros per EU citizen” (own translations). As these examples of newspaper headlines demonstrate, economic and financial crimes are ‘hot topics’. Newspaper articles report on fraud cases on an almost daily basis. Economic and financial criminal law is a constantly evolving field of law, not only within states but also at the level of the EU, as is demonstrated by the recently adopted Council Regulation on the European Public Prosecutor’s Office. However, the globalisation and interconnectedness of financial markets, the digitalisation of our daily lives and the particularities of economic and financial crime pose considerable challenges to legislators and law enforcement trying to tackle these types of crime. The recently published ‘Challenges in the Field of Economic and Financial Crime in Europe and the US’ gives ‒ as its title suggests ‒ an interesting and at times eye-opening description of several of these challenges. Continue reading

Neues aus dem Elfenbeinturm: February 2017

Workshop Series “Current Issues in EU External Relations”

University of Luxembourg, 31 March/19 May/29 May 2017. Deadline for proposal submissions: 6 March 2017.

Conference “Comparative Public Law in Europe – Opportunities and Challenges”

University of Essex, 14 March 2017. Deadline for (free) registration: 10 March 2017.

Radboud Economic Law International Conference “Digital Markets in the EU”

Radboud University, 9 June 2017. Deadline for abstract submissions: 24 March 2017.

Summer Schools “Venice Academy of Human Rights – Economic, Social and Cultural Rights as an Answer to Rising Inequalities” and  “Venice School of Human Rights – Human Rights as Our Responsibility”

EIUC Venice, 3-12 July and 9-17 June 2017, respectively. Deadline for applications: 19/27 April 2017.

CJEU sheds light on liability for operators of open Wi-Fi networks (Case C-484/14 Mc Fadden v Sony Music)

By Bernd Justin Jütte

One week after the Court of Justice (CJEU) handed down its Judgment in GS Media (see for a comment here), it has ruled on another important copyright case. In Mc Fadden v Sony Music the Court followed the Opinion of AG Szpunar (see for comment on this blog here) to a large extent while disagreeing on two crucial points. It decided that the operator of an open wireless network provides an ‘information society service’ (ISS) within the meaning of Article 14 E-Commerce Directive if he provides access to the network as part of his economic activities. This means he can avail himself of the liability exemption laid down in that provision. However, the operator of a wireless network can be required to protect the network with a password in order to deter users from infringing the rights of copyright holders. The Court further decided that the right holder can claim from network operators the costs related to an injunction (e.g. to prevent future infringements), but not the costs related to claims for primary infringements of copyrights by the users of the Wi-Fi network. Continue reading

Advocate General wants libraries to lend e-books (Opinion of AG Szpunar in C- 174/15, Vereniging Openbare Bibliotheken)

By Bernd Justin Jütte

On 16 June 2016 Advocate Geneal (AG) Szpunar, who recently is very active in the field of European copyright (see also on this blog here), published his Opinion in Vereniging Openbare Bibliotheken v Stichting Leenrecht. The case deals with the question whether public libraries are entitled to lend electronic versions of books (e-books) and, if so, under which conditions. The AG takes a favourable position regarding the lending of e-books under the Rental and Lending Rights Directive (Directive 2006/115/EC). Yet, what is more interesting than the actual outcome of his opinion is his very daring argumentation to treat e-books and printed books alike for the purpose of the said Directive. The opinion, if followed by the Court of Justice (CJEU), could also have an influence on the interpretation of the Information Society Directive (Directive 2001/29/EC) and more far-reaching questions of digital exhaustion.

It is quite noteworthy that AG Szpunar highlights in a rather long introduction the important role of libraries and their difficulties to adapt to the changing circumstances of book consumption. He identifies the case as one which would enable the Court “to help libraries not only to survive, but also to flourish.” (para. 1) This, so the AG, would be possible by answering the question whether libraries are allowed to lend e-books. Continue reading

Limited liability for free Wi-Fi access (Case C-484/14, Mc Fadden v Sony Music)

By Justin Jütte

The civil liability of intermediary service providers remains a hotly debated topic in EU law, especially in relation to infringement of intellectual property rights (IPRs). Whereas the Information Society Directive (Directive 2001/29/EC), as well the IP Enforcement Directive (2004/48/EC) provide that owners of IPRs can, in principle, request injunctions against intermediaries, the E-Commerce Directive (Directive 2000/31/EC) exempts certain intermediaries from indirect liability under certain, well defined circumstances. The present case raises questions as to the scope and interpretation of Article 12 of the E-Commerce Directive, in particular with regard to fundamental rights. Concretely, the referring court in Tobias Mc Fadden v Sony Music Entertainment Germany GmbH asks under which circumstances and to what extent operators of publicly accessible Wi-Fi networks can be held liable for infringements of works protected by copyright, and what type of injunctions can be ordered against such operators.

Continue reading

Neues aus dem Elfenbeinturm: September 2015

Conference “The European Union as an Actor in International Economic Law”

University of Luxembourg, 1-2 October 2015. Deadline for registration: 30 September 2015.

Conference “Criminal Justice: Jurisprudence of the European Court of Justice – Today and Future”

Court of Justice of the European Union, 2-3 October 2015. (Paid) registration required.

Inaugural CMLRev Conference “Membership of the Union and Membership of the Euro”

University of Liverpool, 9 October 2015. (Free) registration required.

Workshop “Mutual Legal Assistance in the Digital Age: Problems, Challenges, Solutions for Criminal Justice”

University of Luxembourg, 15 October 2015. (Free) registration required.

Workshop “A balanced data protection in the EU: conflicts and possible solutions”

UM Campus Brussels, University of Maastricht, 19 October 2015. (Paid) registration required.

Conference “Migration Policy in the European Union – Current Challenges and Future Developments”

University of Luxembourg, 22-23 October 2015.

Call for submissions for the 2016 edition of the Hibernian Law Journal

Deadline for submissions: 31 October 2015.

EIUC Training for International Electoral Observers

Monastery of San Nicolò, 23-28 November 2015. Deadline for application: 30 October 2015.

Workshop “Victims in Europe – Needs, Rights, Perspectives”

University of Luxembourg, 16 November 2015.

Colloquium “The Environment in Court – Environmental Protection in National and International Courts, Tribunals, and Compliance Mechanisms”

PluriCourts, University of Oslo, 20-25 June 2016. Deadline for abstract submissions: 15 January 2016.