In the Shadow of the European Court of Justice: The Luxembourg Conference on Transatlantic Data Transfers

Blogpost 46/2023

Note that the author of this post was the co-organizer of the conference discussed below.

The EU-U.S. Data Privacy Framework (DPF) has only just taken effect, but the agreement already is under attack at the Court of Justice of the European Union (CJEU).  On 7 September 2023, French parliamentarian Philippe Latombe brought before the General Court a direct action for annulment of the European Commission adequacy decision relating to the DPF.  The CJEU rejected Mr. Latombe’s request for interim measures that would have precluded application of the DPF, but it has yet to address other issues in the case, including standing.

Austrian privacy activist Max Schrems, founder of None of Your Business and protagonist in the invalidation of the two predecessor EU-U.S. data transfer agreements, also has publicly promised to file a challenge to the DPF this fall.  Schrems appears inclined to bring an indirect action in a Member State court – possibly in Austria – setting the stage for a preliminary reference to the CJEU.  The stage is being set for the latest act in the long-running transatlantic privacy drama to play out in Luxembourg over the next years.

Against this backdrop, on 15 September 2023 the Max Planck Institute for Procedural Law (MPI), located in Luxembourg close to the CJEU, convened a timely conference to examine the EU-U.S. agreement in the context of European fundamental rights and data protection law.  MPI’s outgoing director, Professor Burkhard Hess, hosted the proceedings, which were co-organized by the author of this blogpost.  This post reports on the proceedings.

Continue reading

Are personal data always personal? Case T-557/20 SRB v. EDPS or when the qualification of data depends on who holds them

Blogpost 45/2023

In case T‑557/20 Single Resolution Board v. EDPS, the General Court had to settle an issue related to the extent of the definition of ‘personal data’ under Article 3 (1) of Regulation 2018/1725 (hereafter ‘EUDPR’). This case takes place in the context of the adoption of a resolution scheme, involving the Single Resolution Board (SRB), in its capacity of Banking Union resolution authority, and a Spanish bank called Banco Popular. During the process of resolution, the SRB invited the shareholders to submit comments in order to assess whether they should be given compensation. To examine these comments, the SRB classified them and attributed them an alphanumeric code. Some comments were sent to an independent valuer, Deloitte, to help complete the assessment. Following these events, five shareholders filed a complaint before the European Data Protection Supervisor (EDPS) on the ground that they had not been informed of their personal data being transferred to a third-party. Without digging into too much detail, the EDPS agreed with the complainants that their personal data had been processed by Deloitte while they had not been informed of any transfer of their data by the SRB. SRB, for its part, claimed that data processed by Deloitte were not personal data. Basically, the General Court had to determine whether the comments held by Deloitte could be considered personal data.

To summarise the outcome of this case, the Court held that the transfer of comments which were attributed an alphanumeric code could not necessarily be considered as a transfer of personal data. Instead, it must be carefully assessed whether the data recipient is reasonably able to re-identify data subjects from the pseudonymised comments. The Court thus adopted a relative approach of what constitutes ‘personal data’ which, in our opinion, runs the risk of undermining the level of protection of personal data within the EU and the protection of personal data of EU citizens more globally.

Continue reading

C-238/22 LATAM vs C‑180/22 Mensing II: Is the Court’s approach to the relevance of the wording used in EU law provisions too flexible?

Blogpost 44/2023

It is well-established in the Court’s case-law that the interpretation of a provision of EU law rests on three pillars: Its wording, its context and the wider objective pursued by the rules of which it forms a part (see, for example, C-336/03 easyCar, para 21). However, it is not always clear how they interact, and in particular how priority must be given if the latter two conflict with the former. By looking at two specific cases, namely C-238/22 LATAM and C-180/22 Mensing II, it can be illustrated how this might sometimes lead to unforeseeable results, and potentially irrational distinctions.

Continue reading

The Traumatic Growing of Age of EU Law’s ‘Cherished Child’? AG Emiliou’s Opinion on Covid-19 Related Mobility Restrictions in the Nordic Info Case (C-128/22)

Blogpost 43/2023

Fortunately, for most of us, the Covid-19 pandemic seems like a distant memory from a gloomy but thankfully bygone time. An especially traumatizing part of these memories certainly are the unprecedented restrictions of freedom of movement during the first wave of the pandemic. Whereas the balancing of fundamental rights against the effective combatting of threats is a standard judicial exercise in the fight against crime and terrorism, its application to a situation of a global pandemic is uncharted territory for the Court. In this context, Covid-related cases dealing with travel and labour law have recently made their way to Luxembourg and even long before that the Court has been seized with the legality of measures to control epidemic diseases – concerning cows though, not humans.

Continue reading

Case C-873/19 Deutsche Umwelthilfe: the Aarhus Convention secures enforcement of EU vehicle emission rules before national courts

Blogpost 42/2023

In Case C‑873/19 Deutsche Umwelthilfe, the Grand Chamber of the Court of Justice interpreted Article 9 (3) of the Aarhus Convention so as to provide access to justice before national courts for environmental organizations challenging approval of cars fitted with defeat devices. The case is particularly noteworthy for the way the Court approaches the legal effects of international law in the EU’s legal order and the fairly receptive interpretation of the Aarhus Convention (even though it reiterated its stance that Article 9 (3) does not have direct effect). It is also an important precedent for environmental NGOs seeking to enforce EU vehicle emission standards before national courts. Continue reading

Why the EU should care about national elections

Blogpost 41/2023

On Sunday, Poland held the ‘most consequential elections since 1989’. Arguably, these elections did not only decide on the next Polish government. Rather, the elections also appeared to be a possibly final vote on European values, and whether the Polish government adheres to them. While at the time of writing, it seems like the opposition led by Donald Tusk can declare victory, the European Union will pay a close look not only at the elections but also at their aftermath. This is because, as many authors have described in detail (see for example here and here), the PiS government has passed several laws and reforms that put into question the fairness of the election, and, consequently could put into doubt not only the democratic legitimacy of the newly elected Polish government but also of the Polish representatives in the European Council and Council, and those institutions as a whole. But should the European Union really only care about national elections insofar as its own institutions are concerned? This piece aims to critique such an institutional approach to Member State democracy and proposes instead to develop a citizen-centred conception of democracy.

Continue reading

“To Ensure that the Common Values and the Law are Observed”. What to make of the value turn in the case law of the Court of Justice?

Blogpost 40/2023

“The obligation to observe the law takes precedence over the strict terms of the written law. Whenever required in the interests of judicial protection, the Court is prepared to correct or complete rules which limit its powers in the name of the principle which defines its mission”.

Advocate General F. Mancini in Case 294/93 Les Verts

In memory of the late Professor John Usher

Faced with the unprecedented and persistent backlash against its own authority coming from Poland, the Court of Justice finds itself in a delicate position: it is trapped between what is now clearly a counter-factual assertion (“common values”), on the one hand, and the pragmatic judicial path and mandate that binds the Court to the “community based on the rule law” mast against all odds, on the other. As the Court searches for the optimal positioning, and calibrates its judicial doctrines in today’s less than perfect Union, we in turn face a challenge of making sense of the paradigmatic jurisprudential shift(s) that ultimately affect the heart and soul of “an ever closer union among the peoples of Europe” and challenge the Member States’ continuing fidelity to it. This analysis argues that the mega questions of belonging are on the line here since “the values contained in Article 2 TEU define the very identity of the European Union as a common legal order”. Two important (and still underappreciated) questions lurk behind these words: who “we Europeans” are and what continues to keep us together in these turbulent times.Continue reading

Glukhin and the EU regulation of facial recognition: Lessons to be learned? 

Blogpost 39/2023

On July 4th 2023, the European Court of Human Rights (ECtHR) handed in its first judgement on the use of facial recognition (FR) in law enforcement. The Court ruled that Russia breached Articles 8 and 10 of the Convention by using the technology to find and arrest a peaceful demonstrator. The decision reignites the European debate on FR. For the European Parliament and several NGOs, the use of FR in public is incompatible with EU values and should be banned (Reclaim your Face, 2023; AlgorithmWatch, 2023; European Parliament, 2023). However, the reasoning of the ECtHR does not necessarily follow this assumption. The Court does not embrace a proactive stance in the case, leaving many questions open on the legitimate use (if any) of the technology. This “laid-back” approach may be justified by the exclusion of Russia from the Council of Europe. The ECtHR is aware that the decision will not be executed and might have decided to avoid any confrontation on the matter with other Contracting Parties. Still, this might also have been a chance for the Court to take some liberty and provide general guidance.  

Nonetheless, Glukhin is an interesting read to understand current issues in the regulation of FR, and what might be missing in the upcoming EU legislation. This analysis highlights its implications for the legislative process of the Artificial Intelligence Act (AIA). Continue reading