The CJEU delivered its judgment in Tele2 Sverige AB and Watson on 21 December 2016. The Court had been asked by a Swedish and British court respectively to consider the scope and effect of its previous judgment in Digital Rights Ireland (discussed here). The judgment reflects continuity in so far as it follows in the line of this, and earlier judgments taking a strong stance on data protection and privacy. Yet, the degree of protection it offers these rights over competing interests, notably security, is radical. In particular, the Court unequivocally states that legislation providing for general and indiscriminate data retention is incompatible with the E-Privacy Directive, as read in light of the relevant EU Charter rights. While the judgment was delivered in the context of the E-Privacy Directive, the Court’s reasoning could equally apply to other EU secondary legislation or programmes interpreted in light of the Charter. This judgment will be a game-changer for state surveillance in Europe and while it offered an early Christmas gift to privacy campaigners, it is likely to receive a very mixed reaction from EU Member States as such. While national data retention legislation has been annulled across multiple Member States (Bulgaria, Czech Republic, Cyprus, Germany and Romania), this annulment has been based on an assessment of the proportionality of the relevant measures rather than on a finding that blanket retention is per se unlawful. For those familiar with the facts and findings, skip straight to the comment below. Continue reading →
After these general considerations, the AG starts his proportionality test. In the opinion nine points are considered separately (para. 210). From this analysis, three main elements deserve to be emphasized. Continue reading →
On 8 September 2016, Advocate General (AG) Mengozzi delivered his much awaited opinion on the agreement between Canada and the European Union on the transfer and processing of Passenger Name Record (PNR). It follows the European Parliament’s resolution seeking an Opinion from the Court of Justice of the European Union (CJEU) on the compatibility of the agreement with the Treaties. Even though the opinion concludes that the agreement has many loopholes, it could disappoint those who were expecting a strong condemnation of PNR schemes as such.
This blogpost intends to present the context of this procedure and the main elements of the AG’s opinion before analysing them. The question of the appropriate legal basis for the agreement, also raised by the Parliament, will not be addressed. However, before turning to the AG’s opinion, we need to briefly sketch the background of the proposed agreement. Continue reading →
One week after the Court of Justice (CJEU) handed down its Judgment in GS Media (see for a comment here), it has ruled on another important copyright case. In Mc Fadden v Sony Music the Court followed the Opinion of AG Szpunar (see for comment on this blog here) to a large extent while disagreeing on two crucial points. It decided that the operator of an open wireless network provides an ‘information society service’ (ISS) within the meaning of Article 14 E-Commerce Directive if he provides access to the network as part of his economic activities. This means he can avail himself of the liability exemption laid down in that provision. However, the operator of a wireless network can be required to protect the network with a password in order to deter users from infringing the rights of copyright holders. The Court further decided that the right holder can claim from network operators the costs related to an injunction (e.g. to prevent future infringements), but not the costs related to claims for primary infringements of copyrights by the users of the Wi-Fi network. Continue reading →
In a much awaited decision, the CJEU has ruled that linking to freely-available copyrighted content that has been uploaded without the consent of the right holder is, in principle, legal. However, it qualified that such a reference could infringe the right to communication to the public under Article 3(1) of the Information Society Directive (Directive 2001/29/EC) if certain elements were present. After AG Wathelet had provided his Opinion in early April (see post on this Blog here), the CJEU rendered its Judgement on 8 September 2016. Continue reading →
Note by the editors: we will take a short break over the summer and resume blogging in the week of 16 August
By Vanessa Franssen
On 19 July, Advocate General (AG) Saugmandsgaard Øe delivered his much awaited opinion on the joined cases Tele2 Sverige AB and Secretary of State for the Home Department, which were triggered by the Court of Justice’s (CJEU) ruling in Digital Rights Ireland, discussed previously on this blog. As a result of this judgment, invalidating the Data Retention Directive, many Member States which had put in place data retention obligations on the basis of the Directive, were confronted with the question whether these data retention obligations were compatible with the right to privacy and the right to protection of personal data, guaranteed by Articles 7 and 8 of the EU Charter of Fundamental Rights (Charter). Hence, without a whisper of a doubt, several national legislators eagerly await the outcome of these joined cases, in the hope to get more guidance as to how to apply Digital Rights Ireland concretely to their national legislation. The large number of Member States intervening in the joined cases clearly shows this: in addition to Sweden and the UK, no less than 13 Member States submitted written observations. The AG’s opinion is a first – important – step and thus merits a closer look. Continue reading →
On 16 June 2016 Advocate Geneal (AG) Szpunar, who recently is very active in the field of European copyright (see also on this blog here), published his Opinion in Vereniging Openbare Bibliotheken v Stichting Leenrecht. The case deals with the question whether public libraries are entitled to lend electronic versions of books (e-books) and, if so, under which conditions. The AG takes a favourable position regarding the lending of e-books under the Rental and Lending Rights Directive (Directive 2006/115/EC). Yet, what is more interesting than the actual outcome of his opinion is his very daring argumentation to treat e-books and printed books alike for the purpose of the said Directive. The opinion, if followed by the Court of Justice (CJEU), could also have an influence on the interpretation of the Information Society Directive (Directive 2001/29/EC) and more far-reaching questions of digital exhaustion.
It is quite noteworthy that AG Szpunar highlights in a rather long introduction the important role of libraries and their difficulties to adapt to the changing circumstances of book consumption. He identifies the case as one which would enable the Court “to help libraries not only to survive, but also to flourish.” (para. 1) This, so the AG, would be possible by answering the question whether libraries are allowed to lend e-books. Continue reading →
The civil liability of intermediary service providers remains a hotly debated topic in EU law, especially in relation to infringement of intellectual property rights (IPRs). Whereas the Information Society Directive (Directive 2001/29/EC), as well the IP Enforcement Directive (2004/48/EC) provide that owners of IPRs can, in principle, request injunctions against intermediaries, the E-Commerce Directive (Directive 2000/31/EC) exempts certain intermediaries from indirect liability under certain, well defined circumstances. The present case raises questions as to the scope and interpretation of Article 12 of the E-Commerce Directive, in particular with regard to fundamental rights. Concretely, the referring court in Tobias Mc Fadden v Sony Music Entertainment Germany GmbH asks under which circumstances and to what extent operators of publicly accessible Wi-Fi networks can be held liable for infringements of works protected by copyright, and what type of injunctions can be ordered against such operators.
Data protection policy, in particular the right to protection of personal data in Article 8 of the EU Charter, has remained firmly within the EU law limelight in recent years. This right played a key role in seminal judgments of the CJEU such as Schecke and Eifert, where for the first time a provision of secondary legislation was annulled for incompatibility with the Charter, and in Digital Rights Ireland (discussed earlier on this blog), where for the first time an entire Directive was annulled on the same grounds. Furthermore, in Google Spain (considered here) this fledgling right was ostensibly given precedence over the more established right to freedom of expression in certain circumstances, leading to a media furore on both sides of the Atlantic. 2015 was no different in this regard as much attention focused on the Court’s judgment in Schrems (discussed here), which invalidated the 15 year old Safe Harbor data sharing agreement between the EU and the US, and on the culmination of four years of negotiation on the new Proposed General Data Protection Regulation in December.
For good or for bad, the EU data protection juggernaut appears unstoppable, leaving in its wake legal instruments that do not meet its strict standards. Yet, in the shadows of these well-documented events, other noteworthy developments occurred. 2015 also saw the Dutch referring court withdraw its preliminary reference in Rease and Wullems, thereby regrettably removing the opportunity for the CJEU to pronounce upon the margin of discretion of national Data Protection Authorities (DPAs) when adopting a de minimis approach to their enforcement strategy to the detriment of individual or small group complainants. The Court did, however, deliver a number of largely overlooked yet significant data protection judgments in 2015. This contribution will focus on two significant cases which the CJEU delivered in the first week of October, immediately prior to the Schrems judgment, in Bara and Weltimmo. These preliminary references allowed the Court to clarify the interpretation of obligations and exemptions under the Data Protection Directive, as well as the Directive’s enforcement in online situations. Continue reading →
As is becoming a tradition with our blog (albeit a bit late this year), we present to you our top 10 most read posts of the last year. We have had another good year of blogging behind us: more readers contributing to the content of the blog with 33 posters coming from approximately 14 different countries this year. Equally important is that readership is steadily increasing according to Google Analytics (plus: we now have almost 1600 email subscribers and 2400 followers on twitter). Most of you are from the UK, followed by the Netherlands, Belgium, Germany, the United States, Italy, Sweden, France, Ireland and Poland, respectively.
Keeping in mind that there is a certain bias in favour of older posts which have had more time to become popular, this is the 2015 list of most read posts of the year: Continue reading →
Recently, journalists from all EU member states raised, for the first time ever, a joint voice before the Court of Justice of the European Union (CJEU) against the refusal of the European Parliament (EP) to give access, on grounds of personal data protection, to information on how MEPs spend their allowances.
This development is no surprise as the endeavour by individuals and non-governmental organisations alike to hold the EU to its democratic imperative of openness and transparency has been a clearly increasing tendency over the years. However, meeting the expectations of the civil society is not always an easy task for the EU institutions, which must keep a fair balance between transparency and the protection of an individual’s privacy and integrity throughout their processes.
This balance has become essential in the present context of increasing numbers of requests for public access to EU institutions documents containing personal data. Yet, the question remains unclear as to when it is legitimate for an institution to refuse access to documents on the ground of personal data protection.
The following post attempts to shed some light on this question by discussing two recent CJEU judgments whose common threads allow for some interesting consistency to be found in the Court’s logic. On the basis of these judgments, it would seem that for the Court, the use of personal data protection as a justification for refusing requests for access to documents should be restricted. Such requests are essential to increase the confidence of citizens in the EU and require that, provided the conditions are fulfilled, full access be given to the institutions’ documents, personal data included. The Court specifies that the context of public mistrust in the EU and the potential dual role of its decision-makers must weigh in the institutions’ assessment of the conditions. Continue reading →
On 6th of October, in Schrems vs. Data Protection Commissioner, the CJEU, following the controversial Opinion of AG Bot, put an end to the specific regime regulating data flows to the US. The 4600 US companies using this agreement are now forced to rethink how to ensure the continuity of the protection when data are transferred from EU to the US. In this milestone ruling, the Court also reaffirmed the key role played by national Data Protection Authorities (DPAs) in the European system of data protection, and clarified the different competences of the European Commission, the DPAs and the courts –including the ECJ- in assessing the adequate level of protection offered by a third country. Continue reading →