Case C-498/16, Schrems – a Facebook consumer or simply in the business of privacy?

This case concerns a person with a Facebook account. He uses it not only to exchange private photographs and chat with about 250 friends but also for publicity purposes. The legal issue is whether this latter activity stops him from qualifying as a ‘consumer’. The definition matters because if he is a consumer, then he and several thousand other Austrians who are aggrieved at Facebook’s use of their personal data will be able to sue in the Austrian courts.

Continue reading

Case C-267/16, Buhagiar – Gibraltar, guns and the constitutional order

The Supreme Court of Gibraltar has made its first preliminary reference to the CJEU, and the burning issue is the free movement of hunters’ firearms.

Continue reading

Case C-169/15, Montis Design – EU copyright and Benelux design formalities, a game of musical chairs?

When a company owns the Benelux rights in the design of a chair but then it fails to maintain the registration of its Benelux rights under Benelux law, can a rival company still be stopped from making similar chairs because of the links between the old Benelux law and current EU law? More specifically, what is the relationship between Benelux rights and the EU’s ‘term of protection’ Directive 93/98/EEC?

Continue reading

Case C-24/16, Nintendo – jurisdiction by design

Nintendo is suing companies in the German courts for the alleged infringement of its design rights. However, the German courts wonder if they have jurisdiction to decide the case and the scope of any measures they might impose. The first problem is that the German defendant is only a subsidiary and its parent company is domiciled in France. The second problem is that although the defendant’s website has images on it that correspond to Nintendo’s design rights, these have been put there so that consumers know immediately that the defendant’s goods can be used in Nintendo’s games consoles.

Continue reading

Case C-610/15, Stichting Brein – seeking website blocks to stop peer to peer technology

People may use telecoms networks to pass information to each other. Some websites such as that run by The Pirate Bay allow people to download software that enables them to pass small pieces of information around a telecoms network. The question in this case is whether a Dutch court can order telecoms companies to block their customers’ access to websites like The Pirate Bay in order to stop presumed copyright infringement from taking place.

Continue reading

Case C-191/15, Verein für Konsumenteninformation – Amazon’s unfair online forum shopping

In the tiny Grand Duchy of Luxembourg is a tiny branch of the corporate king, Amazon. It subjects its customers to buying their goods under Luxembourg law. Is that fair? And what happens to Amazon’s choice of law after it is has been forced through the latticed-meshes of six pieces of EU legislation which determine the applicable national law?

Continue reading

Case C-192/15, Rease – secretly spied on, medical data leaked, and left unprotected by the Dutch regulator

Can the Dutch Data Protection Agency exert any control over companies based in the UK and the USA which conduct covert surveillance on Dutch territory? And in the event of an individual’s data processing law rights under Dutch law being breached, what is to be done where the internal rules of the Dutch Data Protection Agency mean that the Agency will never ever act on a complaint coming from an individual?

Continue reading

Case C-72/15, Rosneft – challenging the EU’s sectoral sanctions against Russia

Russian activities in Ukraine have prompted the EU to adopt a package of sanctions aimed at various Russians and Russian companies. These sanctions have been enshrined in various pieces of EU legislation and implemented by the EU Member States in their national laws. These sanctions are affecting an oil company which is part-owned by a British oil company ‘BP’, and part-owned by a Russian oil company that belongs to the State of Russia. To begin with, the company is challenging the legality of the UK’s implementing legislation. However, the validity of the EU’s legislation is also at stake. Does the CJEU have jurisdiction to rule on the validity of a Decision adopted pursuant to the EU’s Common Foreign and Security Policy? And if so, then does the drafting of the EU’s legislation satisfy the requirements of legal certainty and foreseeability in circumstances where that legislation forms the basis of criminal penalties?

Continue reading

Case C-582/14, Breyer – seeing the logs from the trees in privacy law

Behind a website, there may be a log. This can record which pages have been viewed, when, and by which dynamic IP address. The legal question is whether this is a processing of ‘personal data’ under the EU’s ‘data processing’ Directive 95/46/EC?

Continue reading

Case C-230/14, Weltimmo – regulatory competence over websites

If a Slovakian company runs a website that advertises Hungarian homes for sale, and Hungarian residents submit their personal data to the company’s website server, then in the event of the Slovakian company breaching data protection laws, does the Hungarian Data Protection Authority retain any regulatory competence to ensure that Hungarian data protection law is complied with? Or should the Hungarian Authority simply have requested its Slovakian counterpart to take action against the Slovakian company?

Continue reading