fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " CJEU "

Websites Using Facebook “Like” Button Are Responsible for User Privacy

The Court of Justice for the European Union has ruled websites embedding the Facebook “like” button are responsible for user privacy.

In Fashion ID v Verbraucherzentrale NRW, the Court stated FashionID can be held jointly responsible with Facebook for compliance with Europe’s data protection rules. Facebook’s tracking technique collects the personal data of visitors to a third-party website and transfers it to Facebook.

Source: Top European Court Rules Companies Using Facebook “Like” Button Are Responsible for User Privacy

CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

On July 9 the Court of justice of European Union had its session in so called Schrems II case. The question is; whether U.S. law on the access of national security agencies to the personal data of non nationals, the Foreign Intelligence Service Act, breaks European data protection laws. And if so, does that invalidate currently legal data transfer mechanisms?

Court heard from the Irish Data Protection Commissioner, Facebook, the Electronic Privacy Information Center, DigitalEurope, the Business Software Alliance, the European Commission, the European Data Protection Board, the U.S. government as well as several EU countries and representatives of Max Schrems himself.

The EU court’s Advocate General Henrik Saugmandsgaard Øe said he will give his non-binding opinion in the case December 12 this year, with a full decision expected by early 2020.

Source: CJEU’s hearing on Schrems II has both sides worried ruling could be sweeping

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

On July 9th, Europe’s highest court – the Court of Justice of the European Union (CJEU) – is set to hear a case concerning the validity of two key data transfer mechanisms: Standard Contractual Clauses (SCCs) and Privacy Shield – mechanisms widely used by businesses within the European Economic Area (EEA) to legitimise the transfer of personal data to countries outside the EEA.

There is a significant risk the CJEU will declare these transfer mechanisms as invalid. If this happens, many organisations will be left without any practical solution to legitimise the international transfer of personal data outside the EEA and exposure to the threat of GDPR revenue based fines, regulatory sanctions including injunctions and third party claims for compensation.

Read full article: SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

Privacy Shield and Standard Contractual Clauses will be assessed by European Courts

On the first and second of the July, the General Court of the European Union (which is part of the Court of Justice of the European Union (CJEU)) will hear a case against the EU-U.S. Privacy Shield brought by three French NGOs, La Quadrature du Net, French Data Network and Fédération FDN.

A week later, on 9 July, the CJEU will hear arguments in Schrems II, in which the Irish High Court has referred 11 questions relating to whether the European Commission’s Standard Contractual Clauses (SCCs) provide an adequate level of protection for personal data which is transferred to the US.

Judgments in these cases are expected towards the end of 2019 or beginning of 2020. there is high probability that either or both the Privacy Shield and SCCs will be invalidated as a mechanism for transferring personal data outside the EU, in a similar manner to the invalidation of Safe Harbor in 2015.

Source: Transfers on Trial: Privacy Shield and Standard Contractual Clauses go before the European Courts

Privacy Shield complaint to be heard by Europe’s top court in July

A legal challenge to the EU-US Privacy Shield, a mechanism used by thousands of companies to authorize data transfers from the European Union to the US, will be heard by Europe’s top court this summer.

The General Court of the EU has set a date of July 1 and 2 to hear the complaint brought by French digital rights group, La Quadrature du Net, against the European Commission’s renegotiated data transfer agreement which argues the arrangement is still incompatible with EU law on account of US government mass surveillance practices.

Source: EU-US Privacy Shield complaint to be heard by Europe’s top court in July

Brussels Court of Appeal refers Facebook case to CJEU

Belgian Data Protection Authority (DPA) announced, on 8 May 2019, that the Brussels Court of Appeal issued its judgment in relation to the DPA’s proceedings against Facebook, Inc., following the pleading of the parties to the Court on 27 and 28 March 2019.

DPA highlighted that the Court did not rule on the merits of the case and decided to refer it to the Court of Justice of the European Union (CJEU) to be assessed in line with the General Data Protection Regulation (GDPR) seeking to ensure that the DPA can pursue the case against Facebook.

Source: Belgium: Brussels Court of Appeal refers Facebook case to CJEU

Ireland’s Supreme Court to rule on Facebook data transfer appeal

The Supreme Court will rule by June 6th on Facebook’s appeal over a High Court decision to refer key issues concerning the validity of European Commission decisions approving European Union-United States data transfer channels to the European Court of Justice (CJEU).

The referral was made by the High Court in proceedings by the Data Protection Commissioner arising from complaints by Austrian lawyer Max Schrems that the transfer of his personal data by Facebook to the US breached his data privacy rights as an EU citizen.

Source: Supreme Court to rule on Facebook data transfer appeal

EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU). The case centers on the use of consent for the processing of personal data and consent for the use of cookies.

In the Advocate General’s view, the pre-ticked box for cookies does not provide a valid active consent under the GDPR nor under the ePrivacy Directive. Moreover, he considers that the ePrivacy Directive’s consent requirement for cookies applies irrespective of whether the collected data qualify as personal data.

Source: EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

CJEU to clarify scope of copyright infringement data requests

The EU’s highest court has been asked to clarify what information copyright holders have a legal right to obtain from online platforms and intermediaries about internet users who are allegedly responsible for infringing their rights.

Source: CJEU to clarify scope of copyright infringement data requests

European Court confirms journalism exception for citizen-journalists, but not in France?

Under European data protection law, journalists enjoy some regulatory exemptions when processing personal data for journalistic purposes, balancing the right to the protection of personal data with the principle of freedom of expression.

A question which has however sparked some debate is whether so-called citizen journalists, such as bloggers, can rely on the derogation for journalistic purposes as well. In its judgment of 14 February 2019 in the Sergejs Buivids v. Datu valsts inspekcija case, the Court of Justice of the European Union (CJEU) has answered this question affirmatively.

Source: EU: European Court confirms journalism exception for citizen-journalists, but not in France?

1 2 3 7
>