Google Ireland and Others (C-376/22): is the strict interpretation of national public policy exceptions to the benefit of EU regulation?

Blogpost 16/2024

On the 9th of November 2023, the Court of Justice issued a judgment concerning the interpretation of the derogation clause in Article 3 (4) of the Information Society Services Directive (also known as the e-commerce Directive). The case concerned an Austrian law that imposed obligations on communication platform services regarding illegal content (such as hate speech, harassment, and content related to terrorist and pornographic offences), even when the platform is established in another Member State.

Under the e-commerce Directive, the rules that apply to the service providers are the ones of the country of origin where they are established. Other Member States where the services are provided may not subject those services to their own national rules. However, as a derogation to this rule, Article 3 (4) provides for specific grounds under which Member States can still apply rules to the service providers, including grounds of public policy. The question hereby was whether the Austrian legislation could be considered to fall under Article 3 (4) of the Directive.

In its judgment, the Court refused to accept that such a law could fall under the derogation clause of the Directive, which cannot be used for general and abstract measures. Instead, the Court affirmed that the derogation clause could only be used to regulate services on a case-by-case basis.

Continue reading

The revised Single Permit Directive: protecting migrant workers from abusive employers or maintaining the status quo?

Blogpost 15/2024

On 21 December 2023, a political agreement was reached between the Council and the European Parliament on the text of the revised Single Permit Directive. This development is a key piece of the puzzle that aims at reforming the management of legal migration in the European Union (EU), as set out in the 2020 Pact on Migration and Asylum.

The EU Single Permit Directive 2011/98 provides for minimum rules with a view to facilitating a single application procedure for obtaining a (combined) single permit for the purpose of work and stay in the EU (Article 1(a)), and does not – unlike other EU labour migration legal instruments (e.g. Blue Card Directive, Seasonal WorkersDirective, and Directive on Intra-corporate Transferees) – stipulate the conditions of entry. A second objective of the Directive is to provide for a common set of rights to ensure equal treatment of third-country national workers with EU citizens (Article 1(b)), subject to certain restrictions, in relation to working conditions, freedom of association, training and education, recognition of diplomas and professional qualifications, and social security and tax benefits (Article 12).

The implementation of the Single Permit Directive has been marked by the significant leeway that has been afforded to Member States. The resulting lack of harmonisation has, in turn, had a significant impact on the third-country workers who, by virtue of their status as single permit holders, have experienced uncertainty and extended periods of legal limbo with a heightened risk of falling into irregularity (see De Lange and Falkenhain). Our research into the lived experiences of single permit holders in Belgium and other EU countries has revealed that the use of the single permit by EU countries as a means of granting access to the EU labour market has ultimately increased the precarity of third-country workers, regardless of skill level. Indeed, the European Commission’s evaluation and impact assessment of the original Directive laments the failure to achieve its objectives. The recast of the Single Permit Directive was announced in the 2022 European Commission Skills and Talent Package with a view to attracting third-country nationals with the skills and professional experience to address labour market needs, tackling irregular migration by developing legal pathways and better protecting third-country national workers from labour exploitation.

The following post provides an initial appraisal of the new rules and addresses the question: to what extent does the revised Single Permit Directive contribute to the EU’s toolbox to protect and safeguard migrant works from abusive employers or simply maintain the status quo?

Continue reading

Should Temporary stay Temporary? An interpretation of the Temporary Protection Directive in line with its rationale.

Blogpost 14/2024

Nearly 4 million people fled Ukraine since the Russian invasion started in February 2022. Within the territory of the EU, those persons who are unable to return enjoy residence rights derived from the Temporary Protection Directive(TPD). As the name of the Directive indicates, any derived right, such as the right to stay, work and receive medical assistance in the EU, are limited in time. The application of the Directive, and the rights thereof, have been prolonged until the 4th of March 2025. What happens after this time ‘runs out’ is for now – in the Directive’s first-time application – up in the air, or rather: up to the EU legislator and the Member States, with the help of creative scholars.

The dominant academic opinion, as illustrated by the Meijers Committee report, Asscher’s Report, and a recent post on this blog by Bilousov and Woolrych, is to simply assume that the TPD has a maximum duration of 3 years based on certain provisions of the Directive. This inference is also featured in a Dutch Council of State ruling on whether the TPD allows for ending temporary protection for third-country nationals who were in Ukraine on a temporary residence permit at the time of the invasion. This assumption means that either the temporary protection for Ukrainians will come to a definite end in 2025, or the TPD needs an amendment to allow for further prolongation. Given the lengthy and often cumbersome negotiations that the ordinary legislative procedure – which underlies this change – imply, and particularly the upcoming EP elections, it is not only nearly inconceivable that such an amendment will happen in time, but also questionable whether it will happen at all.

Therefore, the aforementioned academic commentators, have considered possible alternative solutions for this crux, all with their own considerable downsides. Bilousov and Woolrych on the one hand focus their attention on a solution on the national level as Article 20 of the TPD requires to ‘hand over‘ the task to national authorities as soon as the TPD is expired. The Meijers Committee on the other hand suggests that a solution on the national level is not desirable, and therefore propose the amendment of other EU tools to accommodate the gap left behind by the expired TPD.

However, this blogpost challenges the common assumption that the TPD explicitly digs its own grave after three years. From a careful examination of the relevant provision in the TPD, it seems that no explicit time limit for the application is mentioned. This realisation could be crucial for breaking the political deadlock that can be expected to arise on this issue. The Dutch State Secretary for Justice and Security, in charge of migration policy, has for example already hinted at discussions with the Commission aimed on prolonging the TPD without amending the instrument. This inventory shows us that the possibility to extend the TPD, without amending it, is likely on the Commissions’ agenda, deviating from the widely shared assumption that has informed the current academic debate on the future for Ukrainian refugees in Europe.

Therefore, this blogpost closely examines the TPD, and more specifically its Article 4(2), which states that the Council can prolong the TPD by up to one year, following a proposal by the Commission. By considering the Directive’s objective and purpose, I argue that an alternative – but sound – interpretation of Article 4(2) TPD allows for an extension of the Directive without amendments. The relevance of this finding is furthermore underscored by the fact that the alternative solutions suggested by the aforementioned academic commentators are neither flawless nor necessary, as I will demonstrate below.

Continue reading

A Citizen Jury on New Genomic Techniques: A Format For Public Participation in Genomic Matters in Agriculture?

Blogpost 13/2024

Between 26-28 January 2024, the Chair of Food Law of the University of Bayreuth, Campus Kulmbach, organised a citizen jury on new genomic techniques (NGTs) at the Schloss Thurnau in Upper Franconia, Bavaria as a part of the DFG project on EU decision-making on benefits of new technologies. The central questions posed to the jury to deliberate on was: “What are the needs and desired purposes regarding the application of new genomic techniques in plant breeding? Under which conditions should they be used, and for which objectives and intended impacts?”. The jury took place ahead of the first reading vote of the European Parliament on the Commission’s proposal for a regulation on plants obtained from certain techniques of genetic mutation and their feed and food products. The Parliament adopted the proposal with amendments, and the voting on the proposal now awaits the Council of the European Union.

Continue reading

The implications of the 2023 Frontex judgment on the EU agencies and the legal credibility of the Court

Blogpost 12/2024

In September 2023, the General Court of the Court of Justice of the EU ruled that Frontex did not incur non-contractual liability for deporting a Syrian family from Greece to Turkiye whose asylum claims were not examined by the Greek authorities. With its 2023 Frontex judgment, the Court has opened the door not only to criticism on its own legal reasoning and the protection of fundamental rights, but also on the raison d’être of EU agencies in general.

This contribution has three aims. First, we question the Court’s legal credibility due to its erroneous reasoning on what is a non-contested, relatively easy, unobscured element of legal doctrine. The law on non-contractual liability is straightforward and does not require highly specialized legal expertise. The Court’s misapplication of the law on non-contractual liability is far from an understandable misstep in a highly complex and technical legal field. We, thus, not only second the critique already raised by other commentators, but we add that the Court’s reasoning is of such poor legal quality that it affects its credibility as a court of law(yers).

Second, we want to reiterate our earlier concerns about the operational powers of Frontex and individual legal protection. Finally, we argue that shielding Frontex from meaningful responsibility is not only harmful for victims of fundamental right violations committed by Frontex. Going beyond this evident point in case, we will argue in this contribution that it also compromises the institutional framework of EU agencies, ultimately undermining the raison d’être of Frontex and EU agencies in general. We conclude, however, on a positive note: if the applicants launch an appeal against the judgment, the Court has an opportunity to regain its legal credibility by simply re-applying existing law.

Continue reading

When EU Data Protection Meets AI Tools – The CJEU determines responsibility: An analysis of C-683/21 Nacionalinis visomenes sveikatos centras prie Sveikatos apsaugos ministerijos

Blogpost 11/2024

Nowhere in this judgment of 5 December 2023 does the term ‘artificial intelligence’ (AI) appear, yet for the first time the Court of Justice of the EU’s Grand Chamber (CJEU) deals with the issue of legal responsibility and liability for the use of personal data by AI tools. It is a ground-breaking judgment which merits serious consideration, in particular as it allocates responsibility for AI operations and liability for data protection breaches, in accordance with the EU General Data Protection Regulation’s rules regarding the identification and duties of data controllers. The reference, from a court in Lithuania made in October 2022, only attracted the attention of the Dutch authorities who intervened before the Court and the Council. No other Member State participated in the case.

While the EU legislator has recently completed negotiation of an AI Act which will regulate the use of AI tools through the lens of risk assessments based on consumer protection and fundamental rights, the CJEU has begun to address who is responsible when things go wrong as regards the use of personal data. The EU legal tool which the Court used in this case is the GDPR – the allocation of legal responsibility regarding the duties of data controllers and critically, who counts as a data controller with responsibilities.

Continue reading

C-319/22 Gesamtverband Autoteile-Handel eV v. Scania: how to solve the “indirect personal data” riddle?

Blogpost 10/2024

INTRODUCTION

For those looking for more guidance by the Court of Justice of the European Union (CJEU) on the meaning of “personal data” and, in particular, the notion of an “indirectly identifiable” natural person under article 4(1) GDPR, 2023 has been an exceptionally gratifying year. On 26 April 2023 the General Court ruled in the case T-557/20 (SRB v. EDPS) and, on 9 November 2023, the ECJ pronounced its judgment in the case C-319 /22 (Gesamtverband). This blogpost focuses on the Court’s ruling in Gesamtverband, specifically, its deeply puzzling use of the word “indirectly” in relation to “personal data”.

The case concerns a dispute between Scania, a manufacturer of commercial vehicles, on the one hand, and, on the other hand, the Gesamtverband Auto-Handel, a German trade association of independent wholesalers of vehicle parts. The Gesamtverband asked, inter alia, the referring court (the Regional Court, Cologne, Germany) to order Scania to provide it with access to vehicle repair and maintenance information, which it deemed necessary to ensure competition on the motor vehicle aftermarket, on the basis of article 61(1) Regulation 2018/858. According to this provision, “Manufacturers shall provide to independent operators unrestricted, standardised and non-discriminatory access to vehicle OBD information, diagnostic and other equipment, tools including the complete references, and available downloads, of the applicable software and vehicle repair and maintenance information. […]”. The Gesamtverband claimed that this provision obliged Scania to provide all independent operators (also those that are not entrusted by a customer with the actual repair of a vehicle) with access to a list of the vehicles’ unique identifying numbers (i.e. Vehicle Identification Numbers or VINs), instead of limiting access to such VINs to repairers.

Consequently, the referring court asked several questions to the CJEU. For the purpose of this blogpost, the following question is relevant: “Does article 61(1) of Regulation [2018/858] constitute, for vehicle manufacturers, a legal obligation within the meaning of article 6(1)(c) of the GDPR which justifies the disclosure of VINs or information linked to VINs to independent operators as other controllers within the meaning of point 7 of Article 4 of the GDPR?”.

As summarised by Advocate General Campos Sánchez-Bordona in his Opinion in the case, the parties argued as follows: Scania claimed that VINs were personal data with respect to manufacturers, hence, the GDPR would prohibit their disclosure to independent operators without a proper legal basis (AG Opinion, para. 30). The Gesamtverband submitted that VINs were not personal data with respect to manufacturers (AG Opinion, para. 30). It added that, even if they were, Scania would be authorized to make them available to independent operators, since article 61(1) Regulation 2018/858 constitutes a legal obligation that renders the disclosure lawful under article 6 (1) (c) GDPR (AG Opinion, para. 30).

Continue reading

Regime Defence Disguised as a Defence of Sovereignty: The Hungarian Defence of National Sovereignty Bill as a violation of European values

Blogpost 9/2024

On 12 December 2023, Hungary passed a bill for the defence of national sovereignty which reportedly provides ‘the executive with even more opportunity to silence and stigmatise independent voices and opponents.’ On 1 February 2024, Hungary’s Sovereignty Protection Office is going to start operating. The Hungarian Sovereignty Bill constitutes another harmful attack on pluralism and democracy. It has been heavily criticised not only by the Council of Europe Commissioner for Human Rights but also by countless NGOs such as the Hungarian Helsinki Committee, the European Civic Forum and a coalition of over 100 Hungarian civil society organisations. Despite calls from inter alia the European Parliament to launch an infringement action against Hungary, the European Commission has to date not taken any measures. This blogpost argues that the European Commission should address the Hungarian Sovereignty bill as a clear violation of the principle of democracy under Article 2 TEU and aims to show in what respects this principle is violated.

Continue reading

X