Category: Data protection and digital governance

Neues aus dem Elfenbeinturm: January 2018

Call for papers: Workshop “Information Sharing and European Agencies: Novel Frontiers”

European University Institute, 23 May 2018. Deadline for submissions: 15 February 2018.

Call for Papers: “Challenges to EU Law and Governance in the Member States”

European University Institute, 8 June 2018. Deadline for submissions: 18 February.

Call for papers: Special Issue “Revisiting WTO’s Role in Global Governance”

Trade, Law and Development. Deadline for submissions: 28 February 2018.

Call for Papers: PhD Colloquium “Regulating New Technologies in Uncertain Times”

Tilburg University, 14 June 2018. Deadline for submissions: 28 February 2018.

Call for Papers: “Geography and Legal Culture on the International Bench”

Leiden University, The Hague Campus, 17-18 May 2018. Deadline for submissions: 28 February 2018.

PNR Agreements between Fundamental Rights and National Security: Opinion 1/15

By Arianna Vedaschi and Chiara Graziani

On July 26, 2017, the European Court of Justice (ECJ) issued Opinion 1/15 (the Opinion of the Advocate General on this case had been discussed previously in this blog, part I and part II) pursuant to Article 218(11) TFEU on the draft agreement between Canada and the European Union (EU) dealing with the Transfer of Passenger Name Record (PNR) data from the EU to Canada. The draft agreement was referred to the ECJ by the European Parliament (EP) on January 30, 2015. The envisaged agreement would regulate the exchange and processing of PNR data – which reveals passengers’ personal information, itinerary, travel preferences and habits – between the EU and Canada. The adoption of the agreement is crucial because, according to Article 25 of Directive 95/46/EC as interpreted in the Schrems decision (commented here), the transfer of data to a third country (discussed here) is possible only if such country ensures an “adequate level of protection.” This standard can be testified by an “adequacy decision” of the European Commission or, alternatively, by international commitments in place between non-EU countries and the EU – as the one examined by the ECJ in this Opinion.

Not surprisingly, the leitmotiv of the Court’s Opinion is the challenging balance between liberty and security. Maintaining a realistic perspective, the Court considered mass surveillance tolerable at least in theory, because it is a necessary and useful tool for the prevention of terrorism. Yet, it insisted that there should be very strict rules as to the concrete implementation of such surveillance. For this reason, it found some provisions of the draft agreement incompatible with Articles 7 (privacy) and 8 (data protection), in conjunction with Article 52 (principle of proportionality) of the Charter of Fundamental Rights of the European Union (CFREU).

As a result, the agreement cannot be adopted in the current form and the EU institutions will have to renegotiate it with Canada. For sure, this renegotiation will prove to be challenging. Nevertheless, as the analysis below will show, the Luxembourg judges, by addressing particularly technical issues of the agreement, provided a detailed set of guidelines that, if respected, would ideally preserve fundamental rights – in this case, the right to privacy and to data protection – without undermining public security. Through a smooth and refined reasoning, the Court’s decision indeed suggests potential solutions to amend the draft agreement in a way that is compliant with the CFREU and, ultimately, the rule of law. Continue reading

Third country law in the CJEU’s data protection judgments

By Christopher Kuner

Introduction

Much discussion of foreign law in the work of the Court of Justice of the European Union (CJEU) has focused on how it deals with the rules, principles, and traditions of the EU member states. However, in its data protection judgments a different type of situation involving foreign law is increasingly arising, namely cases where the Court needs to evaluate the law of third countries in order to answer questions of EU law.

This is illustrated by its judgment in Schrems (Case C-362/14; previously discussed on this blog, as well as here), and by Opinion 1/15 (also discussed on this blog, part I and part II), a case currently before the CJEU in which the judgment is scheduled to be issued on 26 July. While these two cases deal with data protection law, the questions they raise are also relevant for other areas of EU law where issues of third country law may arise. The way the Court deals with third country law in the context of its data protection judgments illustrates how interpretation of EU law sometimes involves the evaluation of foreign legal systems, despite the Court’s reluctance to admit this. Continue reading

Neues aus dem Elfenbeinturm: July 2017

Brussels Summer School on EU competition law

Brussels, 4-9 September 2017. (Paid) registration required.

Conference « Metamorphosis of the European Economic Constitution »

University of Luxembourg, 21-22 September 2017. Registration required.

Conference « Protecting European Union Values: Breaches of Article 2 TEU and Their Consequences »

University of Warsaw, 14-15 September 2017. (Free) registration required.

Seminar : « The EU FTAs : Do you really want to know ? A dialogue on transparency »

King’s College London, 14 July 2017. (Free) registration required.

Call for papers : Special issue on European Law

Utrecht Journal of International and European Law. Deadline for submissions : 25 August 2017.

Call for papers : Comparative Constitutional Law and Administrative Law Quarterly

Deadline for submissions : 1 September 2017.

Call for papers: European Data Protection Law Review 2017 Young Scholars Award

Deadline for submissions: 15 October 2017.

A link too far: CJEU rules that sale equals communication and streaming from unlawful sources is illegal (C-527/15, Filmspeler)

By Bernd Justin Jütte

 In its judgment on 26 April the CJEU extends the scope of the right of communication to the public under Article 3 of the Information Society Directive (Directive 2001/29/EC), which grants a right holder the exclusive right to communicate a work or a related right to the public, to cover the sale of devices which contain pre-installed software that provides its users with links to unlawful streaming content. It further found that viewing such content is not privileged by the exception of Article 5(1) for temporary reproduction of the same directive, thereby rendering the provision as well as the streaming of unlawful content illegal, and thus increasing the circle of persons who can be held liable. Continue reading

Neues aus dem Elfenbeinturm: May 2017

Conference on the Legitimacy of Unseen Actors in International Adjudication

The Hague, 26-27 October 2017. Deadline for abstract submissions: 31 May 2017.

Call for applications: Summer School „Fundamental Rights and EU Trade Agreements”

University Centre of Bertinoro, 25-30 June 2017. Deadline for applications: 15 June 2017.

Conference “Freedom under Pressure – Data protection and privacy, the freedom of movement in the EU and property protection”

Ghent University, 7-8 December 2017. Deadline for abstract submissions: 15 June 2017.

Workshop “Resolving the Tensions between EU Trade and Non-Trade Objectives: Actors, Norms, and Processes”

Utrecht University, 10 November 2017. Deadline for abstract submissions: 1 July 2017.

Conference “Constitutionalism in a Plural World”

University of Porto, 22-23 November 2017. Deadline for abstract submissions: 15 July 2017.

Call for Papers for the Irish Journal of European Law Volume 2017 on Brexit

Deadline for submissions: 28 July 2017.

Neues aus dem Elfenbeinturm: February 2017

Workshop Series “Current Issues in EU External Relations”

University of Luxembourg, 31 March/19 May/29 May 2017. Deadline for proposal submissions: 6 March 2017.

Conference “Comparative Public Law in Europe – Opportunities and Challenges”

University of Essex, 14 March 2017. Deadline for (free) registration: 10 March 2017.

Radboud Economic Law International Conference “Digital Markets in the EU”

Radboud University, 9 June 2017. Deadline for abstract submissions: 24 March 2017.

Summer Schools “Venice Academy of Human Rights – Economic, Social and Cultural Rights as an Answer to Rising Inequalities” and  “Venice School of Human Rights – Human Rights as Our Responsibility”

EIUC Venice, 3-12 July and 9-17 June 2017, respectively. Deadline for applications: 19/27 April 2017.

Tele2 Sverige AB and Watson et al: Continuity and Radical Change

By Orla Lynskey

Introduction

The CJEU delivered its judgment in Tele2 Sverige AB and Watson on 21 December 2016. The Court had been asked by a Swedish and British court respectively to consider the scope and effect of its previous judgment in Digital Rights Ireland (discussed here). The judgment reflects continuity in so far as it follows in the line of this, and earlier judgments taking a strong stance on data protection and privacy. Yet, the degree of protection it offers these rights over competing interests, notably security, is radical. In particular, the Court unequivocally states that legislation providing for general and indiscriminate data retention is incompatible with the E-Privacy Directive, as read in light of the relevant EU Charter rights. While the judgment was delivered in the context of the E-Privacy Directive, the Court’s reasoning could equally apply to other EU secondary legislation or programmes interpreted in light of the Charter. This judgment will be a game-changer for state surveillance in Europe and while it offered an early Christmas gift to privacy campaigners, it is likely to receive a very mixed reaction from EU Member States as such. While national data retention legislation has been annulled across multiple Member States (Bulgaria, Czech Republic, Cyprus, Germany and Romania), this annulment has been based on an assessment of the proportionality of the relevant measures rather than on a finding that blanket retention is per se unlawful. For those familiar with the facts and findings, skip straight to the comment below. Continue reading

Neues aus dem Elfenbeinturm: December 2016

Conference « EU Civil Procedure Law and Third Countries: Which Way Forward? »

University of Kiel, 2-3 February 2017. Deadline for abstract submissions : 19 December 2016.

Workshop « International Law in a Dark Time »

University of Helsinki, 22-23 May 2017. Deadline for abstract submissions : 30 December 2017.

Conference « EU Policy on International Investments : Uncertainties, Challenges, and Opportunities »

University of Zaragoza, 20-21 March 2017. Deadline for proposal submissions : 31 December 2017.

IntLawGrrls! 10th Birthday Conference

University of Georgia Law School, 3 March 2017. Deadline for abstract submissions : 1 January 2017.

Workshop « New Challenges for European Solidarity »

University of Cambridge, 9-10 March 2017. Deadline for abstract submissions : 13 January 2017.

Call for papers Jean Monnet Seminar « The EU and Trust in the Online Environment »

Inter University Center, Dubrovnik, 23-29 April 2017. Deadline for abstract submissions : 31 January 2017.

ESIL Annual Conference 2017 : Global Public Goods , Global Commons, and Fundamental Values : The Responses of International Law

University of Naples, 7-9 September 2017. Deadline for abstract submissions : 31 January 2017.

Call for submissions : Trade, Law and Development Special Issue on Recent Regionalism

Deadline for submissions : 15 February 2017.

Call for papers : « Human Dignity and the Constitutional Crisis in Europe : Humanity, Democracy, Social Europe »

European University Institute, Florence, 15-16 June 2017. Deadline for abstract submissions : 28 February 2017.

European Environmental Law Forum 2017 Conference : « Sustainable Management of Natural Resources – Legal Approaches and Instruments »

Copenhagen, 30 August – 1 September 2017. Deadline for abstract submissions : 17 March 2017.

Opinion 1/15: AG Mengozzi looking for a new balance in data protection (part II)

By Maxime Lassalle

The AG’s proportionality test

After these general considerations, the AG starts his proportionality test. In the opinion nine points are considered separately (para. 210). From this analysis, three main elements deserve to be emphasized. Continue reading

Opinion 1/15: AG Mengozzi looking for a new balance in data protection (part I)

By Maxime Lassalle

On 8 September 2016, Advocate General (AG) Mengozzi delivered his much awaited opinion on the agreement between Canada and the European Union on the transfer and processing of Passenger Name Record (PNR). It follows the European Parliament’s resolution seeking an Opinion from the Court of Justice of the European Union (CJEU) on the compatibility of the agreement with the Treaties. Even though the opinion concludes that the agreement has many loopholes, it could disappoint those who were expecting a strong condemnation of PNR schemes as such.

This blogpost intends to present the context of this procedure and the main elements of the AG’s opinion before analysing them. The question of the appropriate legal basis for the agreement, also raised by the Parliament, will not be addressed. However, before turning to the AG’s opinion, we need to briefly sketch the background of the proposed agreement. Continue reading

Neues aus dem Elfenbeinturm: October 2016

Conference « New Instruments to Promote the Correct Application of the EU Charter of Fundamental Rights »

Florence, 28 October 2016. Deadline for (free) registration : 18 October 2016.

Colloquium « Les religions et le droit du travail »

Université de Rouen, 20-21 Octobre 2016. Free access.

Conference « Computers, Privacy & Data Protection : The Age of Intelligent Machines »

Brussels, 25-27 January 2017. Deadline for submissions : 22 October 2016.

Call for Papers: ESIL Conference “The Role of the European Parliament in the Conclusion and Implementation of International Agreements on International Economic Law Issues

European Parliament, Brussels, 9 December 2016. Deadline for abstract submissions: 7 November 2016.

Call for papers : One Day Symposium on Transnational and International Environmental Crime – Synergies, Priorities and Challenges

University of Lincoln, 15 February 2017. Deadline for abstract submissions : 18 November 2016.

Call for submissions Comparative Constitutional Law and Comparative Law Quarterly

Deadline for submissions : 27 November 2016.

Housing Law Research Network 3rd Annual Housing Law Symposium: Human Rights, Housing and Dispute Resolution

Malmö University, 23-24 March 2017. Deadline for abstract submissions : 1 January 2017.

 

 

CJEU sheds light on liability for operators of open Wi-Fi networks (Case C-484/14 Mc Fadden v Sony Music)

By Bernd Justin Jütte

One week after the Court of Justice (CJEU) handed down its Judgment in GS Media (see for a comment here), it has ruled on another important copyright case. In Mc Fadden v Sony Music the Court followed the Opinion of AG Szpunar (see for comment on this blog here) to a large extent while disagreeing on two crucial points. It decided that the operator of an open wireless network provides an ‘information society service’ (ISS) within the meaning of Article 14 E-Commerce Directive if he provides access to the network as part of his economic activities. This means he can avail himself of the liability exemption laid down in that provision. However, the operator of a wireless network can be required to protect the network with a password in order to deter users from infringing the rights of copyright holders. The Court further decided that the right holder can claim from network operators the costs related to an injunction (e.g. to prevent future infringements), but not the costs related to claims for primary infringements of copyrights by the users of the Wi-Fi network. Continue reading

Saving the Internet or linking limbo? CJEU clarifies legality of hyperlinking (C-160/15, GS Media v Sanoma)

By Bernd Justin Jütte

In a much awaited decision, the CJEU has ruled that linking to freely-available copyrighted content that has been uploaded without the consent of the right holder is, in principle, legal. However, it qualified that such a reference could infringe the right to communication to the public under Article 3(1) of the Information Society Directive (Directive 2001/29/EC) if certain elements were present. After AG Wathelet had provided his Opinion in early April (see post on this Blog here), the CJEU rendered its Judgement on 8 September 2016. Continue reading

The future of national data retention obligations – How to apply Digital Rights Ireland at national level?

Note by the editors: we will take a short break over the summer and resume blogging in the week of 16 August

By Vanessa Franssen

On 19 July, Advocate General (AG) Saugmandsgaard Øe delivered his much awaited opinion on the joined cases Tele2 Sverige AB and Secretary of State for the Home Department, which were triggered by the Court of Justice’s (CJEU) ruling in Digital Rights Ireland, discussed previously on this blog. As a result of this judgment, invalidating the Data Retention Directive, many Member States which had put in place data retention obligations on the basis of the Directive, were confronted with the question whether these data retention obligations were compatible with the right to privacy and the right to protection of personal data, guaranteed by Articles 7 and 8 of the EU Charter of Fundamental Rights (Charter). Hence, without a whisper of a doubt, several national legislators eagerly await the outcome of these joined cases, in the hope to get more guidance as to how to apply Digital Rights Ireland concretely to their national legislation. The large number of Member States intervening in the joined cases clearly shows this: in addition to Sweden and the UK, no less than 13 Member States submitted written observations. The AG’s opinion is a first – important – step and thus merits a closer look. Continue reading

Advocate General wants libraries to lend e-books (Opinion of AG Szpunar in C- 174/15, Vereniging Openbare Bibliotheken)

By Bernd Justin Jütte

On 16 June 2016 Advocate Geneal (AG) Szpunar, who recently is very active in the field of European copyright (see also on this blog here), published his Opinion in Vereniging Openbare Bibliotheken v Stichting Leenrecht. The case deals with the question whether public libraries are entitled to lend electronic versions of books (e-books) and, if so, under which conditions. The AG takes a favourable position regarding the lending of e-books under the Rental and Lending Rights Directive (Directive 2006/115/EC). Yet, what is more interesting than the actual outcome of his opinion is his very daring argumentation to treat e-books and printed books alike for the purpose of the said Directive. The opinion, if followed by the Court of Justice (CJEU), could also have an influence on the interpretation of the Information Society Directive (Directive 2001/29/EC) and more far-reaching questions of digital exhaustion.

It is quite noteworthy that AG Szpunar highlights in a rather long introduction the important role of libraries and their difficulties to adapt to the changing circumstances of book consumption. He identifies the case as one which would enable the Court “to help libraries not only to survive, but also to flourish.” (para. 1) This, so the AG, would be possible by answering the question whether libraries are allowed to lend e-books. Continue reading

Limited liability for free Wi-Fi access (Case C-484/14, Mc Fadden v Sony Music)

By Justin Jütte

The civil liability of intermediary service providers remains a hotly debated topic in EU law, especially in relation to infringement of intellectual property rights (IPRs). Whereas the Information Society Directive (Directive 2001/29/EC), as well the IP Enforcement Directive (2004/48/EC) provide that owners of IPRs can, in principle, request injunctions against intermediaries, the E-Commerce Directive (Directive 2000/31/EC) exempts certain intermediaries from indirect liability under certain, well defined circumstances. The present case raises questions as to the scope and interpretation of Article 12 of the E-Commerce Directive, in particular with regard to fundamental rights. Concretely, the referring court in Tobias Mc Fadden v Sony Music Entertainment Germany GmbH asks under which circumstances and to what extent operators of publicly accessible Wi-Fi networks can be held liable for infringements of works protected by copyright, and what type of injunctions can be ordered against such operators.

Continue reading

In the Shadows of the Data Protection Juggernaut: Bara and Weltimmo

By Orla Lynskey

Data protection policy, in particular the right to protection of personal data in Article 8 of the EU Charter, has remained firmly within the EU law limelight in recent years. This right played a key role in seminal judgments of the CJEU such as Schecke and Eifert, where for the first time a provision of secondary legislation was annulled for incompatibility with the Charter, and in Digital Rights Ireland (discussed earlier on this blog), where for the first time an entire Directive was annulled on the same grounds. Furthermore, in Google Spain (considered here) this fledgling right was ostensibly given precedence over the more established right to freedom of expression in certain circumstances, leading to a media furore on both sides of the Atlantic. 2015 was no different in this regard as much attention focused on the Court’s judgment in Schrems (discussed here), which invalidated the 15 year old Safe Harbor data sharing agreement between the EU and the US, and on the culmination of four years of negotiation on the new Proposed General Data Protection Regulation in December.

For good or for bad, the EU data protection juggernaut appears unstoppable, leaving in its wake legal instruments that do not meet its strict standards. Yet, in the shadows of these well-documented events, other noteworthy developments occurred. 2015 also saw the Dutch referring court withdraw its preliminary reference in Rease and Wullems, thereby regrettably removing the opportunity for the CJEU to pronounce upon the margin of discretion of national Data Protection Authorities (DPAs) when adopting a de minimis approach to their enforcement strategy to the detriment of individual or small group complainants. The Court did, however, deliver a number of largely overlooked yet significant data protection judgments in 2015. This contribution will focus on two significant cases which the CJEU delivered in the first week of October, immediately prior to the Schrems judgment, in Bara and Weltimmo. These preliminary references allowed the Court to clarify the interpretation of obligations and exemptions under the Data Protection Directive, as well as the Directive’s enforcement in online situations. Continue reading

Top ten most read posts of 2015

By the editors

As is becoming a tradition with our blog (albeit a bit late this year), we present to you our top 10 most read posts of the last year. We have had another good year of blogging behind us: more readers contributing to the content of the blog with 33 posters coming from approximately 14 different countries this year. Equally important is that readership is steadily increasing according to Google Analytics (plus: we now have almost 1600 email subscribers and 2400 followers on twitter). Most of you are from the UK, followed by the Netherlands, Belgium, Germany, the United States, Italy, Sweden, France, Ireland and Poland, respectively.

Keeping in mind that there is a certain bias in favour of older posts which have had more time to become popular, this is the 2015 list of most read posts of the year: Continue reading

Public access to documents: effective rear guard to a transparent EU?

By Elinor Pecsteen

Recently, journalists from all EU member states raised, for the first time ever, a joint voice before the Court of Justice of the European Union (CJEU) against the refusal of the European Parliament (EP) to give access, on grounds of personal data protection, to information on how MEPs spend their allowances.

This development is no surprise as the endeavour by individuals and non-governmental organisations alike to hold the EU to its democratic imperative of openness and transparency has been a clearly increasing tendency over the years. However, meeting the expectations of the civil society is not always an easy task for the EU institutions, which must keep a fair balance between transparency and the protection of an individual’s privacy and integrity throughout their processes.

This balance has become essential in the present context of increasing numbers of requests for public access to EU institutions documents containing personal data. Yet, the question remains unclear as to when it is legitimate for an institution to refuse access to documents on the ground of personal data protection.

The following post attempts to shed some light on this question by discussing two recent CJEU judgments whose common threads allow for some interesting consistency to be found in the Court’s logic. On the basis of these judgments, it would seem that for the Court, the use of personal data protection as a justification for refusing requests for access to documents should be restricted. Such requests are essential to increase the confidence of citizens in the EU and require that, provided the conditions are fulfilled, full access be given to the institutions’ documents, personal data included. The Court specifies that the context of public mistrust in the EU and the potential dual role of its decision-makers must weigh in the institutions’ assessment of the conditions. Continue reading