fbpx

Download free GDPR compliance checklist!

Tag Archives for " CJEU "

Competition challenge to Facebook’s ‘superprofiling’ of users sparks referral to Europe’s top court

A German court that’s considering Facebook’s appeal against a pioneering pro-privacy order by the country’s competition authority to stop combining user data without consent has said it will refer questions to Europe’s top court.

The latest development means another long wait to see whether competition law innovation can achieve what the EU’s privacy regulators have so far failed to do — with multiple GDPR challenges against Facebook still sitting undecided on the desk of the Irish Data Protection Commission. Referrals to the EU’s Court of Justice can take years to return a final interpretation.

Source: Competition challenge to Facebook’s ‘superprofiling’ of users sparks referral to Europe’s top court | TechCrunch

Schrems vs. Facebook: Dispute over advertising consent could soon end up before the ECJ

Max Schrems’ legal dispute with Facebook is entering the next round. The data protection activist has called the Supreme Court (OGH) and hopes that it will submit the questions he raised about data processing by Facebook to the European Court of Justice. The social media group thinks that users conclude a “contract” because they receive personalized advertising. That is why the General Data Protection Regulation (GDPR) is only applicable to a limited extent.

Schrems is convinced that the online giant violates the EU’s General Data Protection Regulation (GDPR) when handling its users’ data. However, the two Austrian courts involved in the matter up to now saw it differently. The civil regional court ruled in the summer that the data processing was in conformity with the contract and the law. The OLG also shared this view.

Now the case, which has already been pending in court since 2014 and which has landed before the Supreme Court twice without a result due to ambiguities about jurisdiction, is again at the local highest court.

Source: Schrems vs. Facebook: Dispute over advertising consent could soon end up before the ECJ – Netzpolitik – derStandard.at ›Web

France seeks to bypass EU top court on data retention

In October, the Court of Justice of the European Union ruled that national data retention rules, including France’s, were not compliant with EU law, but that such schemes could be allowed in the face of serious security risks.

Now the French government has asked the country’s highest administrative court — the Council of State — not to follow the EU ruling. France said that the EU top court should not rule on matters related to security, which remains a national competence.

Source: France seeks to bypass EU top court on data retention – POLITICO

CJEU rules electronic communication location data must only be used in investigations of ’serious crime’

Location data drawn from electronic communications must only be used by law enforcement investigations involving ‘serious crimes’ and to prevent ‘serious threats to public security’, the European Court of Justice (CJEU) has ruled.

In its decision, the court said that, unless it’s for a serious crime or in the interest of public safety, countries are prohibited from obtaining location data under the European Union’s 2002 Privacy and Electronic Communications Directive.

Source: CJEU rules electronic communication location data must only be used in investigations of ’serious crime’ | News | GRC World Forums

A New Day for GDPR Damages Claims in Germany?

Until now, damages claims awarded by German courts pursuant to Article 82 of the General Data Protection Regulation (GDPR) – in particular, claims for non-material damages – have been relatively low. However, a more recent decision issued by the Federal Constitutional Court indicates that views in Germany may be evolving on this topic, and courts may soon be willing to entertain higher damages claims.

In a case decided in January 2021, Germany’s Federal Constitutional Court held that the issue of whether or not (and if so, the extent to which) a damages claim brought pursuant to Article 82 GDPR is subject to certain evidentiary requirements must be decided under European law and – if necessary – clarified by the Court of Justice of the European Union (CJEU).

If the CJEU continues to follow its data protection-friendly line of reasoning and pursue effective enforcement of data protection law, damages claims pursuant to Article 82 GDPR and legal proceedings based on such claims may become the new norm and much more important in the future.

Source: A New Day for GDPR Damages Claims in Germany? | Inside Privacy

CJEU fines Spain €15 million for failure to implement Data Protection Law Enforcement Directive

The Court of Justice of the European Union (CJEU) ordered Spain to pay the European Commission 15.5 million euros and a potential daily fine thereafter for failing to transpose the Data Protection Law Enforcement Directive (Directive (EU) 2016/680).

On top of the €15 million fine Spain will have to pay a daily penalty payment of € 89 000 for each day of delay on transposition following the CJEU’s judgment.

Source: CJEU press release

Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

The German Federal Constitutional Court has ruled the Court of Justice of the European Union needs to clarify if the EU General Data Protection Regulation provides for a materiality threshold for GDPR damage claims.

The Federal Constitutional Court’s decision overturns a judgment of the Goslar Local Court of Sept. 27, 2019, regarding the unlawful sending of an advertising email. The Local Court had held that the plaintiff had not suffered any compensable damage under Article 82 of the GDPR. The damage suffered by the plaintiff had not exceeded the materiality threshold in this matter.

The plaintiff subsequently filed a constitutional complaint with the Federal Constitutional Court, arguing the Local Court should have made a submission to the CJEU for a preliminary ruling under Article 267 of the Treaty of the European Union.

Source: Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

Court says all EU states can take data cases against Facebook

On January the 13th, the Advocate General of the Court of Justice of the European Union (CJEU) has delivered his opinion in the case opposing Facebook and the Belgian Data Protection Authority.

According to his opinion, which reiterates the principle defended by the Belgian DPA, the one-stop shop mechanism established by the GDPR does not prevent supervisory authorities from bringing proceedings to court before a national judge as long as it is in situations specifically provided for in the GDPR.

If upheld, the advocate general’s opinion, issued on Wednesday, would mean any of the 27 member states’ data authorities could take action against the social media giant headquartered in Dublin, potentially unleashing a flood of complaints against big tech companies.

Source: Court says all EU states can take data cases against Facebook

Irish murderer appeals conviction on grounds of EU data law breach

When Graham Dwyer was convicted of murder in 2015 it was a triumph for Ireland’s police and judicial system. Phone data helped clinch murder conviction for Graham Dwyer in 2015.

Five years later, however, the conviction risks unravelling over the use of phone data – a twist that could see Dwyer walk free, and also have an impact on data privacy rules across Europe. Dwyer has now appealed on the grounds the retention and accessing of his mobile phone data breached EU law.

Court of Justice of European Union (CJEU) has ruled in recent cases involving Belgium, France and the UK that governments and service providers do not have broad rights to retain data on citizens, and legal experts expect the Dwyer decision to follow that pattern.

Source: Irish murderer appeals conviction on grounds of EU data law breach | Ireland | The Guardian

Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows

On December 9, 2020, the Senate Committee on Commerce, Science and Transportation held a hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows.

The hearing explored the policy issues that led to the Court of Justice of the European Union’s (CJEU) invalidation of the Privacy Shield framework in the Schrems II ruling. The hearing also discussed effects of the CJEU’s decision on U.S. businesses and what steps the U.S. government may take to develop a successor data transfer framework, including comprehensive federal privacy legislation.

Source: Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows | Privacy & Information Security Law Blog

1 2 3 10
>