By Koen Bovend’Eerdt
The Commission established OLAF (Office de Lutte Anti-Fraude), an administrative investigative service of the Commission, in 1999, in the wake of the fall of the Santer Commission, to strengthen the fight against illegal activities affecting the Union’s financial interests. One of the shortcomings in OLAF’s legal framework on the conduct of on-the-spot inspections, one of the service’s main investigative powers, is that it refers back to national law at various instances, requiring OLAF to cooperate with national authorities which operate on the basis of national law. A question that has lingered in academic circles for some time is when precisely – and to what extent – national law applies. In the recent Sigma Orionis case the General Court shed light on this issue. The General Court’s solution has been embraced by the Commission in its recently published proposal to amend the rules which govern OLAF’s investigations. The Commission´s proposal, as a result of the Court´s judgment, places OLAF shoulder to shoulder with other Union bodies – at least when it comes to the applicable law – in the business of enforcing Union law by means of inspections. Continue reading
By Orla Lynskey
Data protection policy, in particular the right to protection of personal data in Article 8 of the EU Charter, has remained firmly within the EU law limelight in recent years. This right played a key role in seminal judgments of the CJEU such as Schecke and Eifert, where for the first time a provision of secondary legislation was annulled for incompatibility with the Charter, and in Digital Rights Ireland (discussed earlier on this blog), where for the first time an entire Directive was annulled on the same grounds. Furthermore, in Google Spain (considered here) this fledgling right was ostensibly given precedence over the more established right to freedom of expression in certain circumstances, leading to a media furore on both sides of the Atlantic. 2015 was no different in this regard as much attention focused on the Court’s judgment in Schrems (discussed here), which invalidated the 15 year old Safe Harbor data sharing agreement between the EU and the US, and on the culmination of four years of negotiation on the new Proposed General Data Protection Regulation in December.
For good or for bad, the EU data protection juggernaut appears unstoppable, leaving in its wake legal instruments that do not meet its strict standards. Yet, in the shadows of these well-documented events, other noteworthy developments occurred. 2015 also saw the Dutch referring court withdraw its preliminary reference in Rease and Wullems, thereby regrettably removing the opportunity for the CJEU to pronounce upon the margin of discretion of national Data Protection Authorities (DPAs) when adopting a de minimis approach to their enforcement strategy to the detriment of individual or small group complainants. The Court did, however, deliver a number of largely overlooked yet significant data protection judgments in 2015. This contribution will focus on two significant cases which the CJEU delivered in the first week of October, immediately prior to the Schrems judgment, in Bara and Weltimmo. These preliminary references allowed the Court to clarify the interpretation of obligations and exemptions under the Data Protection Directive, as well as the Directive’s enforcement in online situations. Continue reading