Tagged: Digital Rights Ireland

European Data Protection and Freedom of Expression After Buivids: An Increasingly Significant Tension

By David Erdos

On 14 February the Court of Justice of the EU (CJEU) handed down its decision in Buivids, a case which pitted an amateur individual online publisher against the Latvian Data Protection Authority (DPA).  This important case raises fundamental questions concerning the scope of European data protection, the ambit of the personal/household exemption, the legal definition of journalism and the role of data protection as regards to this and also related academic, artistic and literary expression.  The Court’s answers to these questions highlight the close and tense interface between European data protection and freedom of expression.  At the same time, they provide only relatively limited insight as to how the serious tension between data protection, special expression and freedom of expression more broadly should be resolved.  What they do suggest, however, is that not only national legislators but also courts and regulators have active and important roles toplay within this space.  The full implications of this, as well as further guidance on how to balance data protection and special expression, should be provided in the forthcoming case of Stunt which will require the Court to consider whether national courts should disapply the ban on pre-publication injunctions against special expression processing which is set out in UK data protection legislation.  In addition, Grand Chamber CJEU judgments on internet search engines and data protection are awaited both in relation to sensitive data and the geographical reach of any remedy here.  In sum, slowly but surely, an albeit messy corpus of European jurisprudence on data protection and freedom of expression is in the process of gestation. Continue reading

Reconsidering the blanket-data-retention-taboo, for human rights’ sake?

Belgian Constitutional Court offers CJEU chance to explain its puzzling Tele2 Sverige AB-decision

By Frank Verbruggen, Sofie Royer, and Helena Severijns

Compulsory retention, by ICT-providers, of all non-content user and traffic data, to ensure that that data will be available for subsequent use by law enforcement or intelligence, has been a controversial issue in the EU for several years now. On 19 July 2018 the Belgian Constitutional Court requested a preliminary ruling from the CJEU. Basically, it asks the EU Court to further clarify its earlier case law. The Belgian constitutional judges indicate that they find some aspects of the CJEU’s previous decisions puzzling and they also offer a new angle by explicitly linking the matter to the positive obligations of member states under the European Convention on Human Rights. The implied suggestion seems that the CJEU did not give those obligations enough weight when it found blanket data retention obligations disproportionate.   Continue reading

A FRAGMENTATION OF EU/ECHR LAW ON MASS SURVEILLANCE: INITIAL THOUGHTS ON THE BIG BROTHER WATCH JUDGMENT

By Theodore Christakis

Last week, the European Court of Human Rights (ECtHR) issued an important, highly anticipated judgment, condemning the United Kingdom for its mass surveillance program.

Following Edward Snowden’s revelations regarding the United States-United Kingdom intelligence surveillance and intelligence sharing programme, 16 organizations and individuals (including the NGO Big Brother Watch) filed an application against the United Kingdom before the ECtHR. The 212page-long judgment published on September 13, 2018 is rich and deals with a great variety of important issues. Several among them are directly linked to some major legal questions examined in the past by the Court of Justice of the European Union (CJEU) or currently pending before it – not to mention the ongoing debate about whether the EU-US data transfer agreement known as Privacy Shield provides an “adequate level of protection”. The objective of this piece is to provide some first thoughts focusing on the strategic place of this judgment in the European legal landscape. Continue reading

Tele2 Sverige AB and Watson et al: Continuity and Radical Change

By Orla Lynskey

Introduction

The CJEU delivered its judgment in Tele2 Sverige AB and Watson on 21 December 2016. The Court had been asked by a Swedish and British court respectively to consider the scope and effect of its previous judgment in Digital Rights Ireland (discussed here). The judgment reflects continuity in so far as it follows in the line of this, and earlier judgments taking a strong stance on data protection and privacy. Yet, the degree of protection it offers these rights over competing interests, notably security, is radical. In particular, the Court unequivocally states that legislation providing for general and indiscriminate data retention is incompatible with the E-Privacy Directive, as read in light of the relevant EU Charter rights. While the judgment was delivered in the context of the E-Privacy Directive, the Court’s reasoning could equally apply to other EU secondary legislation or programmes interpreted in light of the Charter. This judgment will be a game-changer for state surveillance in Europe and while it offered an early Christmas gift to privacy campaigners, it is likely to receive a very mixed reaction from EU Member States as such. While national data retention legislation has been annulled across multiple Member States (Bulgaria, Czech Republic, Cyprus, Germany and Romania), this annulment has been based on an assessment of the proportionality of the relevant measures rather than on a finding that blanket retention is per se unlawful. For those familiar with the facts and findings, skip straight to the comment below. Continue reading