Case C-231/16, Merck KGaA – a murky issue of jurisdiction

When a company starts to sue a group of companies for infringing its trade mark in one Member State but then sees them infringing its mark in a second Member State, can the company commence proceedings in the second state too? Or is the court in the second Member State stopped from hearing the case by dint of the barring phrase, ‘the same cause of action’, which is in Article 109(1)(a) of the EU’s ‘trade mark’ Regulation 207/2009? More

Case C-498/16, Schrems – a Facebook consumer or simply in the business of privacy?

This case concerns a person with a Facebook account. He uses it not only to exchange private photographs and chat with about 250 friends but also for publicity purposes. The legal issue is whether this latter activity stops him from qualifying as a ‘consumer’. The definition matters because if he is a consumer, then he and several thousand other Austrians who are aggrieved at Facebook’s use of their personal data will be able to sue in the Austrian courts. More

Case C-194/16, Bolagsupplysningen – objecting to Swedish internet trolls

A Swedish webpage blacklisted a particular person and a company. Since that webpage had a discussion forum, its Swedish readers left negative comments on the website too. Unable to get the Swedish website either to rectify the alleged inaccuracies in its publication or remove the hurtful comments, the blacklisted person went to their local court seeking a court order. However, that court was in Estonia. At first instance, the Estonian court declined jurisdiction to hear the dispute because it thought the harm was in Sweden. Therefore, the legal question in this case is: where is the harm with Swedish internet trolls? More

Case C-210/16, Wirtschaftsakademie Schleswig-Holstein – Facebook Fan Page visitor data

Organisations and celebrities who use social media can ask Facebook for a ‘Fan Page’. Visitors to that Fan Page will then have their personal data taken and processed by Facebook, which in turn will send the Fan Page-holder anonymised statistical data about who visits the web page. The two main legal questions here are: can a German data protection agency require that a German organisation stops using its Fan Page when Facebook breaches German privacy law? And is it a defence for the institution to turn around and say that it is not processing visitors’ data because Facebook and its cookies do all this, and they do so under the regulatory supervision of the Irish Data Protection Commissioner? More

Case C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?

If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection? More