Towards a Golden Age of the European Citizens’ Initiative?

Blogpost 7/2024

In December 2023, the European Commission published its first review of the Regulation (EU) 2019/788 on the European Citizens’ Initiative (ECI Regulation). The 2023 ECI Review Report reveals some very positive developments on the ECI process since the entry into force of the Regulation in January 2020: the support of proposed initiatives has been doubled and the refusal of registration has been minimized. Furthermore, out of the 10 initiatives that successfully passed the threshold of one million statements of support since the beginning of functioning of the ECI process in 2012, 4 were replied to by the Commission during the last 12 months, making 2023 the most successful year in the lifespan of the ECI so far!

These developments are definitely good omens, but do they suggest that we are heading to a golden age of the ECI? After providing a short background on the ECI mechanism, this contribution discusses the major positive developments resulting from the implementation of ECI Regulation, as presented in the 2023 Review Report. Subsequently, it questions the potential of these developments to ensure the fulfillment of ECI’s objectives, namely the encouragement of citizen participation and the promotion of democratic dialogue.

Continue reading

International Law as a Trailblazer for a Gender-Sensitive Refugee System in the EU. The Court of Justice’s ruling in Case C-621/21, Women who are Victims of Domestic Violence

Blogpost 6/2024

Is gender-based violence against women a ground for granting refugee protection under international and EU law? The European Court of Justice (ECJ) essentially addressed this question last week in Case C-621/21, Women who are Victims of Domestic Violence. The case was brought by a Turkish woman who was a victim of domestic violence and feared for her life if she had to return to Turkey. She legally arrived in Bulgaria in June 2018 and travelled to a family member in Berlin, where she lodged an application for international protection. In 2019, following a request from the German authorities, the applicant was taken back to Bulgaria where her application for international protection was rejected. In a groundbreaking judgment, the ECJ concluded that women who are exposed to physical and mental violence on account of their gender qualify for refugee status if the conditions set out in the Qualification Directive are fulfilled. This conclusion was reached through an interpretation of EU refugee law in the light of standards of international law, which facilitated qualifying women, as a whole, as belonging to ‘a particular social group’ within the meaning of that Directive.

The issues addressed in Women who are Victims of Domestic Violence are vital for answering one of the most topical and vital questions in refugee law to date: can women be recognized as refugees on the ground that they are women? This is the underlying question of the currently pending case in Joined Cases C‑608/22 and C‑609/22, Women Fleeing Taliban. Hence, the Women who are Victims of Domestic Violence case is an important prelude to the Women Fleeing Taliban case. It sets the tone for reading EU refugee law in light of the international duty to combat gender-based violence and discrimination against women.

Continue reading

No, the Data Protection Complaint is Not a Petition

Blogpost 5/2024

On 7 December 2023, the European Court of Justice (ECJ) issued two landmark rulings against the German credit scoring agency SCHUFA. Both decisions significantly strengthen the rights of a data subject under the General Data Protection Regulation (GDPR) in several substantive and procedural dimensions.

First, from the substantive point of view, in C-634/21, the Court completely overturned the company’s business model by stating that credit ranking decisions constitute automated decision-making and thus should be subject to human oversight. Moreover, in the joint cases C-26/22 and C-64/22, the Court prohibited private agencies from storing data longer than the public register. For an extensive commentary on the decision concerning credit scoring and automated decision-making, see this op-ed by Francesca Palmiotto.

Instead, this contribution looks into the equally paramount consequences of the judgment in C-26/22 and C-64/22 on the GDPR procedural rights. There, the ECJ investigated essential questions about the status of the GDPR complaint and its judicial review. Above all, the Court confirmed that contrary to the views of some data protection authorities (DPAs), an individual’s data protection complaint to a DPA is not a petition. Additionally, the Court emphasised the right for a full judicial review of any legally binding decision of the DPA. This may lead to fundamental shifts in how the GDPR is enforced in the EU.

Continue reading

The GDPR as a cyber risk management system: the ECJ cautiously tackles data breaches in the NAP case

Blogpost 4/2024

When the Bulgarian National Revenue Agency (Natsionalna agentsia za prihodite or the ‘NAP’) suffered a malicious data leak in 2019, it joined the growing ranks of organizations affected by cyberattacks. With security often being an afterthought in cyberspace, data breaches have become a drawback/reality of networking. Beneath the glitter of digitalization and the data economy lie illicit markets, “the central commodity of which is stolen data”. The NAP data breach, which affected 6 million Bulgarians and foreign citizens, sparked several actions to recover damages such as the proceedings that led to the Natsionalna agentsia za prihodite (NAP) case. While Breyer was technically the first ECJ judgment linked to a cybersecurity incident, the NAP case is the first to deal with data breaches and ‘cyberoffending’ in the context of the GDPR. Its importance cannot be overstated: proceedings brought by individuals against the Irish Health Service Executive in the aftermath of a 2021 HSE ransomware attack have been stayed pending the outcome of this and similar cases.

That a request for preliminary ruling landed on the Court’s registry only in 2021, notwithstanding exposure of data controllers to breaches for two decades, owes to the belated inclusion of cybersecurity within the scope of EU law. Concerning data breaches in particular, discrete provisions have been embedded into existing instruments over the past 15 years, creating an incoherent regulatory patchwork. The first was introduced with the 2009 amendment to the e-privacy Directive, which however had a limited scope of application and no dedicated liability regime, unlike the GDPR, which provides for a horizontal system of civil law remedies. It is the interpretation of this system of remedies that gave rise to a request for preliminary ruling by the Bulgarian Varhoven administrativen sad (Supreme Administrative Court), together with the rules on the responsibility of data controllers whose data have been breached. The request was made in proceedings brought by VB to claim compensation for non-material damage suffered due to the NAP’s alleged failure to fulfil its legal obligations as a data controller.

In a judgment delivered on December 14th, the Court blended literal, systemic and teleological reasoning to find that a cyberattack does not automatically exonerate data controllers from the responsibility incumbent on them under the GDPR, nor that such an attack, on its own, demonstrates the inappropriateness of the technical and organizational measures in place. The controller bears the burden to prove the appropriateness of such measures, which must be assessed by a national court without necessary recourse to expert evidence. Fear of future misuse of personal data can constitute non-material damage giving rise to compensation under Art 82 GDPR.

Continue reading

Green light to glyphosate, pesticides and NGTs: Backpedaling on the Green Deal?

Blogpost 3/2024

While pesticides are argued to be paramount to food security, their pollution poses serious threats to biodiversity, human health, and medium to long-term food security. The alarm bells regarding these risks have been around since the sixties, most notably in Rachel Carson’s Silent Spring. Yet, over the last decades, pesticide production has steadily contributed to exceeding the planetary boundaries for chemical pollution and increasing toxicity for fish, plants and insects. Data on pesticide exposure is concerning: according to a 2019 study, more than 80% of EU soil contains pesticide residues. Pesticides, whose exposure has been linked to various types of cancers as well as neurological, cardiovascular, reproductive, and respiratory diseases and impairments, have also been increasingly detected within human bodies and found to be more highly concentrated in children.

This begs the question: how does the European Union (EU) legal order, which rests on the precautionary principle and is committed to high-level health and environmental protections, respond to the challenges of pesticide pollution? According to many, including the European Commission (the Commission), the Court of Auditors, and the European Parliament (EP), EU rules on pesticides are ‘too weak’. The European Green Deal (EGD) partly addressed this weakness with a proposed Regulation on the Sustainable Use of Pesticides (SUR), the first piece of legislation setting targets to lower pesticides in the EU by 50% by 2030. As we write, at least three developments are putting the EGD’s ambitions and, arguably, the sustainability of EU food systems, at risk. All three pivot around pesticide governance.

Continue reading

The Legality of Banning Fossil Advertising

Blogpost 2/2024

It is hard to overlook the pervasive influence of advertising that encourages unsustainable behaviour and consumption. As we roam the streets of Amsterdam, every other billboard invites us to escape the drizzling, grey weather for a sunny weekend in Portugal or Spain. This same message infiltrates our many screens, coaxing us with the promise of a few days on the beach, only a few clicks and a low-cost flight away. It is a penetrating, pernicious message whose unmistakable purpose is to shape preferences, steer choices, and subtly create demands. Yet, its impact extends beyond influencing consumer behaviour. Advertising forges assumptions about what is normal and fosters an illusion of limitless possibilities, rendering everything else plain boring. Consequently, advertising hampers cooperative lifestyles that respect climate goals and planetary boundaries.

Two years ago, in December 2020, the Amsterdam municipal council voted to ban fossil advertising in public transport spaces, with some first effects. Several other municipalities in the Netherlands, as well as public entities elsewhere, have been swayed by the compelling evidence highlighting the adverse effects of fossil advertising. They have either adopted bans or are deliberating such measures. For example, the Advertising Standards Authority in the UK recently banned two Toyota ads that promoted the company’s SUVs due to their disregard for the impact on nature and the environment, citing a lack of “responsibility to society”.

The Netherlands is now contemplating a nationwide ban. A recent scientific report commissioned by the Ministry for Climate and Energy—Een verbod op fossiele reclame (2023) (A Ban on Fossil Advertising)—concluded that such a ban is necessary, albeit insufficient on its own. As per the report’s proposal, the ban would encompass advertising that encourages the purchase or use of high-carbon footprint goods and services (such as flying, fast fashion or meat consumption). Compared to regulating or prohibiting the underlying goods or services themselves, an advertising ban is a relatively minimal measure. Essentially, it restricts those profiting from fossil-intensive goods and services from manipulating consumer beliefs and preferences. In response to the report, Minister Jetten, the Dutch Minister for Climate and Energy, acknowledged the report’s findings but expressed concerns about the ban’s legality. Is there validity to these concerns?

Let’s be clear from the outset: Contrary to Minister Jetten’s concerns, a ban on fossil advertising is perfectly legal.  Advertising restrictions are a common feature of public policy. In the EU, for example, tobacco advertising has been prohibited since 1989—a ban extended in 2010 to all forms of audio-visual communications, including product placement. Member States and public bodies like federal states or municipalities often impose various restrictions on, for example, pharmaceuticals, adult content, gambling, alcohol, weapons, among others. Despite occasional challenges to these policies due to conflicting commercial interests or questions of principle, their legality has predominantly stood unshaken. These bans have been upheld in context of legitimate public policy objectives such as the protection of health and public order. The discourse surrounding the banning of fossil advertising offers a prime opportunity to revisit the legality questions they entail.

Continue reading

The judgment in G.K. e.a. (parquet européen) brought the EPPO a pre-Christmas tiding of comfort and joy but will that feeling last?

Blogpost 1/2024

Disclaimer: The views in this blog are strictly personal and do not in any way represent an official position of the Dutch government.

Judging by the image of a visibly delighted EPPO employee posted on LinkedIn, the mood at 11 Avenue John F. Kennedy (i.e. the EPPO’s headquarters in Luxembourg) following the ECJ’s judgment in Case C-281/22 G.K. appears to have been celebratory, bordering on self-congratulatory. The tone of the EPPO’s official statement on the judgment, titled ‘EU Court of Justice confirms EPPO’s approach to faster and more efficient cross-border investigations’, is equally upbeat and echoes the appreciation of a welcome gift befitting the festive season. All joking apart, the statement undoubtedly reflects a sense of relief following a nagging concern that the mechanism in place for cross-border cooperation within the EPPO’s ambit would have become much more cumbersome had the Court come to a different appreciation of the relevant articles in Regulation 2017/1939 (the EPPO Regulation) on the occasion. Even so, the question arises as to whether the initial euphoria regarding the outcome of the proceedings might somehow become slightly mitigated if we were to have a closer look at some of the legal and practical consequences of the Court’s judgment, particularly given the likelihood that the judgment may well turn out not to be the final episode in the saga.

Continue reading

Top ten most-read posts of 2023

As we reach the end of 2023, we would like to present the European Law Blog’s top ten most-read blog posts of the year. This list of top ten provides us with the opportunity to celebrate the most popular blog posts, to offer an insight into the topics that have received the most attention from our readers this past year, and to thank all the authors who have contributed to our blog.


Without further ado, here are our top ten most-read posts of 2023:

  1. CJEU Strips it Down for OnlyFans (C-695/20 Fenix International v HMRC)

By Emilia Cole

  1. Oceans Apart: The EU and US Cybersecurity Certification Standards for Cloud Services

By Kenneth Propp, Peter Swire and Josh Fox

  1. The Data Act: a (slippery) third way beyond personal/non-personal data dualism?

By Bárbara da Rosa Lazarotto and Gianclaudio Malgieri

  1. The European Court of Justice in Meta Platforms leaves competition and data protection authorities with an assignment

By Inge Graef

  1. Not just another Islamic headscarf case: LF v SCRL and the CJEU’s missed opportunity to inch closer to acknowledging intersectionality

By Nozizwe Dube

  1. The General Court finds Frontex not liable for helping with illegal pushbacks: it was just following orders.

By Gareth Davies

  1. The EU AI Act at a crossroads: generative AI as a challenge for regulation

By Christian Djeffal 

  1. Requirements for GDPR compensation after the ECJ decision in UI v Österreichische Post

By Felix Mikolasch

  1. ECtHR finds violation of the right to fair trial when national court does not seek preliminary ruling from the CJEU

By Susanna Lindroos-Hovinheimo

  1. The ECJ’s First Landmark Case on Automated Decision-Making – a Report from the Oral Hearing before the First Chamber

By Andreas Häuselmann


This year, the European Law Blog saw a change within the team. As we bid farewell to Jesse Peters, we express our appreciation for his dedicated service as an editorial assistant over the years. Joining us is Kerttu Keinänen. Kerttu is a law student and student assistant at the Department of Public International and European Law at the University of Amsterdam. We are delighted to have her on board!

As we reach the end of the blog’s eleventh year of running, we would like to thank all of our readers for their continued interest in our blog, and all contributors for their efforts to give their views on important developments of EU law.

For next year, we are working on an upgrade for the blog. The upgrade will allow greater recognition of the work of our contributors with DOI numbers for future and past contributions, better traceability in academic search engines, and an improved interface and submission system. More to follow soon …

We look forward to receiving many exciting new contributions in the coming year, which you can always send to us through email (at We wish you all a happy, safe, and fruitful 2024!