Case C-230/14, Weltimmo – regulatory competence over websites

If a Slovakian company runs a website that advertises Hungarian homes for sale, and Hungarian residents submit their personal data to the company’s website server, then in the event of the Slovakian company breaching data protection laws, does the Hungarian Data Protection Authority retain any regulatory competence to ensure that Hungarian data protection law is complied with? Or should the Hungarian Authority simply have requested its Slovakian counterpart to take action against the Slovakian company?

Continue reading

Case C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?

If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection?

Continue reading

Case C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?

If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection?

Continue reading

Case C-212/13, Ryneš – data from private CCTV cameras overlooking public spaces and private homes

Does a home owner’s camera security-system bring him within the scope of the EU’s data processing Directive 95/46/EC? And does it matter that the CCTV camera not only captures images of his home but also of who happens to be passing by in the street outside, and it even records who is going into a home on the opposite side of the street?

Continue reading

Case C-46/13, H – challenging more of the EU’s data retention Directive

When you use a telephone or go onto the internet a company registers and stores data about you. Companies are obliged to do this not for billing purposes but because of the EU’s data retention Directive 2006/24/EC. Can you access this ‘retention data’, and if not, is this compatible with the EU Charter?

Continue reading

Case C-449/12, van Luijk – No fingerprints? No Dutch passport.

Are the Dutch rules requiring passport applicants to be fingerprinted and to have their biometric data stored initially in local registers, and then in a central register, compatible with EU law?

Continue reading

Case C-293/12, Digital Rights Ireland – telecoms, privacy and freedom of expression

Does the restriction on the use of a mobile telephone arising from the data retention Directive 2006/24 contravene the EU Charter’s rights to privacy, data protection, and freedom of expression?

Continue reading