A complete U-turn in jurisprudence: HADOPI and the future of the CJEU’s authority

Blogpost 50/2023

This blogpost only reflects the views of their authors and not the organisations they represent.


In his second Opinion on the HADOPI case (C-470/21) (short for: Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet), the Advocate General Szpunar seemingly suggests that the Court of Justice of the European Union (CJEU) should change its jurisprudence when Member States refuse to apply it. He argues that the CJEU should be “pragmatic” and “nuanced” when national courts fail to implement its case law. This blog post argues that, if followed by the Court, the interpretation proposed by the AG would lead to a severe weakening of the CJEU’s authority and legitimacy, more generally. This would be of great symbolic significance in an already challenging environment for the Court which is faced with increasing defiance of Member States in the field of data protection.

The case, brought by the digital rights group, La Quadrature du Net, questions the compatibility of the “HADOPI” law, the French legal framework to combat the online exchange of copyrighted material without permission from right-holders, with European Union law. After a Grand Chamber hearing in July 2022 and a first AG Opinion in October 2022, the case was referred to the Full Court in March 2023 at the request of the Grand Chamber, pursuant to Article 60(3) of the Rules of Procedure of the Court. A reassignment from the Grand Chamber to the Full Court is very rare, but no reason has been provided in the public documents of the case. A second hearing was held in May 2023, and the AG delivered a second Opinion on 28 September 2023.

Continue reading

Digital Services Coordinators and other competent authorities in the Digital Services Act: streamlined enforcement coordination lost?

Blogpost 49/2023

This post relies on research being conducted in the framework of the ERC Starting Grant EUDAIMONIA (GA: 948473).

Regulation 2022/2065, also known as the Digital Service Act (hereafter, DSA or Act), is a landmark piece of EU legislation. By providing a clear set of due diligence obligations, especially risk-management and risk-assessment obligations for different categories of online intermediaries, the DSA provides much welcomed harmonised rules for a safe, predictable, and trusted online environment (Art. 1). However, its merit is not limited only to introducing new harmonised legal obligations. At least equally important has been the EU legislator’s ambition to establish an EU-structured institutional system through which those obligations are applied and enforced.

The DSA enforcement framework entrusts the European Commission with overseeing very large online platforms (VLOPs) and very large online search engines (VLOSEs) (art. 56(2)). All other online intermediaries will be supervised by their Member State of establishment (art. 56(1)), in which one or more competent authorities have to be designated. The DSA leaves Member States considerable freedom to choose which authorities will be involved in DSA enforcement and does not necessarily require the establishment of a new or specific authority. As a result, Member States may entrust multiple either new or existing competent authorities with the enforcement of (parts of) the DSA (art. 49(1)). At the same time, however, they have to designate, by 17 February 2024, one of their competent authorities as their Digital Services Coordinator (art. 49(3)). Digital Services Coordinators will take part, together with the European Commission, in the activities of the European Board for Digital Services, a network aimed at coordinating DSA enforcement among the Member States and within the Member State of which they are part (art. 61).

Continue reading

The Saga of Surrender Continues: Developments of the fundamental rights exception in the Court of Justice’s E.D.L. case and the Opinion of Advocate-General Capeta in GN

Blogpost 48/2023

Safeguarding fundamental rights as an executing authority in surrender procedures concerning a European Arrest Warrant (EAW) has been possible since the rulings of the European Court of Justice (the Court) in Aranyosi and Caldararu. The two-step test developed in this case, comprising an abstract test assessing whether a real risk of generalised or systemic deficiencies exists and a concrete test assessing whether this real risk exists for the specific person involved, was further expanded from application in cases regarding potential violations of Article 4 Charter of Fundamental Rights of the EU (the Charter) to application in cases relating to Article 47 of the Charter (right to an effective remedy and to a fair trial), a development starting from LM. Recently, Case C-699/12 E.D.L. provided a new perspective on this test and potentially paved the way for a new approach to the fundamental rights exception. Additionally, the Opinion of Advocate-General (AG) Ćapeta in GN provides an interesting insight in the possible outcome of this case, which could lead to another expansion of the fundamental rights exception. In this blog, these two cases are analysed, starting with E.D.L., followed by a commentary on the Opinion of the AG in GN, while discussing their influence on the two-step test, the future of mutual trust and protection of fundamental rights in surrender cases.

Continue reading

A Franco-Italian ploy to protect the carnivore consumer

Blogpost 47/2023

‘An “emulsified high fat offal tube” on account of it not containing enough meat’ were the words of the Rt. Hon. James Hacker in the 1980s British sitcom Yes, Minister to describe a sausage, when complaining about EU regulations on food labelling. These days, one might replace ‘enough’ with ‘any’. Giving the situation a modern twist, the French and Italian Governments have introduced legislation on banning names of meat products from a number of products, which are in fact plant-based meat substitutes. And all of this in the name of consumer protection and cultural heritage. The compatibility of the infamous French Decree No. 2022-947 with EU law currently rests with the Court of Justice of the European Union (CJEU or ‘the Court’), who has been referred questions regarding the French restrictions on the use of designations traditionally designating foodstuffs of animal origin for the description, marketing, or promotion of foods based on vegetable proteins produced and marketed in France. Just a few weeks ago, the Italian Government pulled out of the Technical Regulation Information System (TRIS) procedure, thereby depriving the European Commission of commenting on similar proposals coming from Rome, regarding, inter alia, a ban on the use of national treasures like mortadella or salami from meat-substitute products.

Continue reading

In the Shadow of the European Court of Justice: The Luxembourg Conference on Transatlantic Data Transfers

Blogpost 46/2023

Note that the author of this post was the co-organizer of the conference discussed below.

The EU-U.S. Data Privacy Framework (DPF) has only just taken effect, but the agreement already is under attack at the Court of Justice of the European Union (CJEU).  On 7 September 2023, French parliamentarian Philippe Latombe brought before the General Court a direct action for annulment of the European Commission adequacy decision relating to the DPF.  The CJEU rejected Mr. Latombe’s request for interim measures that would have precluded application of the DPF, but it has yet to address other issues in the case, including standing.

Austrian privacy activist Max Schrems, founder of None of Your Business and protagonist in the invalidation of the two predecessor EU-U.S. data transfer agreements, also has publicly promised to file a challenge to the DPF this fall.  Schrems appears inclined to bring an indirect action in a Member State court – possibly in Austria – setting the stage for a preliminary reference to the CJEU.  The stage is being set for the latest act in the long-running transatlantic privacy drama to play out in Luxembourg over the next years.

Against this backdrop, on 15 September 2023 the Max Planck Institute for Procedural Law (MPI), located in Luxembourg close to the CJEU, convened a timely conference to examine the EU-U.S. agreement in the context of European fundamental rights and data protection law.  MPI’s outgoing director, Professor Burkhard Hess, hosted the proceedings, which were co-organized by the author of this blogpost.  This post reports on the proceedings.

Continue reading

Are personal data always personal? Case T-557/20 SRB v. EDPS or when the qualification of data depends on who holds them

Blogpost 45/2023

In case T‑557/20 Single Resolution Board v. EDPS, the General Court had to settle an issue related to the extent of the definition of ‘personal data’ under Article 3 (1) of Regulation 2018/1725 (hereafter ‘EUDPR’). This case takes place in the context of the adoption of a resolution scheme, involving the Single Resolution Board (SRB), in its capacity of Banking Union resolution authority, and a Spanish bank called Banco Popular. During the process of resolution, the SRB invited the shareholders to submit comments in order to assess whether they should be given compensation. To examine these comments, the SRB classified them and attributed them an alphanumeric code. Some comments were sent to an independent valuer, Deloitte, to help complete the assessment. Following these events, five shareholders filed a complaint before the European Data Protection Supervisor (EDPS) on the ground that they had not been informed of their personal data being transferred to a third-party. Without digging into too much detail, the EDPS agreed with the complainants that their personal data had been processed by Deloitte while they had not been informed of any transfer of their data by the SRB. SRB, for its part, claimed that data processed by Deloitte were not personal data. Basically, the General Court had to determine whether the comments held by Deloitte could be considered personal data.

To summarise the outcome of this case, the Court held that the transfer of comments which were attributed an alphanumeric code could not necessarily be considered as a transfer of personal data. Instead, it must be carefully assessed whether the data recipient is reasonably able to re-identify data subjects from the pseudonymised comments. The Court thus adopted a relative approach of what constitutes ‘personal data’ which, in our opinion, runs the risk of undermining the level of protection of personal data within the EU and the protection of personal data of EU citizens more globally.

Continue reading

C-238/22 LATAM vs C‑180/22 Mensing II: Is the Court’s approach to the relevance of the wording used in EU law provisions too flexible?

Blogpost 44/2023

It is well-established in the Court’s case-law that the interpretation of a provision of EU law rests on three pillars: Its wording, its context and the wider objective pursued by the rules of which it forms a part (see, for example, C-336/03 easyCar, para 21). However, it is not always clear how they interact, and in particular how priority must be given if the latter two conflict with the former. By looking at two specific cases, namely C-238/22 LATAM and C-180/22 Mensing II, it can be illustrated how this might sometimes lead to unforeseeable results, and potentially irrational distinctions.

Continue reading

The Traumatic Growing of Age of EU Law’s ‘Cherished Child’? AG Emiliou’s Opinion on Covid-19 Related Mobility Restrictions in the Nordic Info Case (C-128/22)

Blogpost 43/2023

Fortunately, for most of us, the Covid-19 pandemic seems like a distant memory from a gloomy but thankfully bygone time. An especially traumatizing part of these memories certainly are the unprecedented restrictions of freedom of movement during the first wave of the pandemic. Whereas the balancing of fundamental rights against the effective combatting of threats is a standard judicial exercise in the fight against crime and terrorism, its application to a situation of a global pandemic is uncharted territory for the Court. In this context, Covid-related cases dealing with travel and labour law have recently made their way to Luxembourg and even long before that the Court has been seized with the legality of measures to control epidemic diseases – concerning cows though, not humans.

Continue reading