Category Archives: ECJ

 ‘If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself'. James Madison, 1788 (highlighted in the AG's opinion) Enabling a government to control the governed, whilst obliging it to control itself, is the dilemma with which the European Court of Justice (ECJ) has been faced in its preliminary ruling on the appeal decisions of Tele2 and Watson. In today's ruling against the UK Government, the ECJ has clarified that national governments need to respect EU standards on data retention in their domestic legislation. The ruling is a potentially embarrassing setback for Theresa May, as … Continue Reading ››
On 19 October 2016, the European Court of Justice rendered a decision in the infamous Breyer case, which provided more clarification as to the qualification of personal data in our continuously growing digital economy. The Court ruled that dynamic IP addresses can constitute personal data even when the data controller must seek additional information from a third party in order to truly identify a person. The implications of this outcome are not to be underestimated, especially given the liability and compliance obligations of controllers, which are a lot more lenient when the data in question is not considered "personal" data. It also remains to be seen how this decision will relate to the harmonization attempts of the GDPR as Breyer seems to leave the door open for interpretation depending on other national laws that affect the concept of personal data. Dynamic IP addresses The case was referred to the CJEU … Continue Reading ››
The new Prime Minister won't have welcomed the publication yesterday of the European Court of Justice (ECJ) advocate general's legal opinion since it has potentially worrying implications for her Investigatory Powers Bill (dubbed by the media as the 'Snooper's Charter') and UK data transfers in a post-Brexit era. In a case initiated by a member of her own cabinet  (David Davis, now minister for Brexit resulting in him dropping his name from the action at the beginning of this week), Labour MP Tom Watson and others, the matter concerned the data retention obligations placed on electronic communications services under the Data Retention and Investigatory Powers Act (DRIPA). The ECJ case linked these proceedings with a Swedish case on a similar point. First it is worth noting that the Advocate General's opinion is not legally binding and is only a recommendation. However it is often followed by the ECJ and his comments … Continue Reading ››
Today, 12 July 2016, the Privacy Shield was adopted by the EU Commission. Who would have thought that the Privacy Shield would be adopted so fast after the harsh criticism by the Art. 29 WP? The new Privacy Shield Privacy Shield registration shall be available to US companies starting August 1, 2016.  The US Department of Commerce has already provided a HOW TO JOIN GUIDE. Compared to v1 of the Privacy Shield, it got some cosmetics and fine tuning around certain passages, e.g. purpose limitation and terminology. It is, however, not certain whether all points raised by the Art. 29 Working Party or other official bodies that oversee the framework have been cured. See some rather sceptical comments:  https://www.janalbrecht.eu/themen/datenschutz-digitalisierung-netzpolitik/eu-us-privacy-shield-2.html  or http://www.irishtimes.com/opinion/privacy-shield-the-new-eu-rules-on-transatlantic-data-sharing-will-not-protect-you-1.2719018. Disqualification is threatened According to unofficial statements, the likelihood of Privacy Shield coming before the ECJ is somewhere between 60 to 70%. This is very (too !) … Continue Reading ››
Datonomy's correspondents in Spain report on an important decision in the continuing saga of RTBF actions against Google. What's new? On 14 March 2016, the Spanish Supreme Court (Tribunal Supremo) issued an important ruling in favor of Google Spain on the right to be forgotten. The judgment held that claims concerning the right to be forgotten should be submitted directly to Google Inc in the United States. The Spanish Supreme Court's decision The Supreme Court considered that only Google Inc (headquartered in US) should be considered as a data controller, determining the purposes and means of the processing of personal data for Google Search. The Court considers that Google Spain is not involved in the processing of personal data necessary for the operation of the search engine (for instance, indexing or storing data from third-party websites), and therefore, it should not take over the claims brought by users seeking to exercise the right to … Continue Reading ››
The likely demise of the US Safe Harbor is dominating the data news headlines - but what else is happening in the world of data and cyber regulation? Datonomy provides a round up of other recent developments in Europe and Asia. With contributions from Andreas Splittgerber and Christian Leuthner in Germany, Sofia Fontanals in Spain and Matthew Hunter, Daniel Jung and Aisling O’Dwyer in Asia, in this update we cover:
  • EU policy and regulation including latest news from Brussels on the GDPR and NISD
  • News from the UK
  • News from Germany
  • News from Spain
  • News from Asia
EU POLICY AND REGULATION
  • GDPR and NISD: Commission President Junker has yet again affirmed the “swift adoption” of the GDPR and NISD as priorities in this open letter of 9 September to the European Parliament. Below we take a more detailed look at the recent procedural progress of these two (not-so-swift) proposals.
On 8 April 2014 the European Court of Justice ruled that the Data Retention Directive 2006/24/EC interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. The Directive is declared invalid. A.    The Directive Directive 2006/24/EC strives for harmonization of the Member States’ national legislations providing for the retention of data by providers of publicly available electronic communications services or of a public communications network for the prevention, investigation, detection and prosecution of criminal offences. The initial intention was that service and network providers would be freed from legal and technical differences between national provisions. The Directive and national laws implementing the Directive were often criticized. The main argument being that massive data retention was said to endanger the right to privacy. The advocates of the rules, however, argued that these rules were necessary for authorities to investigate and … Continue Reading ››