Case C-72/15, Rosneft – challenging the EU’s sectoral sanctions against Russia

Russian activities in Ukraine have prompted the EU to adopt a package of sanctions aimed at various Russians and Russian companies. These sanctions have been enshrined in various pieces of EU legislation and implemented by the EU Member States in their national laws. These sanctions are affecting an oil company which is part-owned by a British oil company ‘BP’, and part-owned by a Russian oil company that belongs to the State of Russia. To begin with, the company is challenging the legality of the UK’s implementing legislation. However, the validity of the EU’s legislation is also at stake. Does the CJEU have jurisdiction to rule on the validity of a Decision adopted pursuant to the EU’s Common Foreign and Security Policy? And if so, then does the drafting of the EU’s legislation satisfy the requirements of legal certainty and foreseeability in circumstances where that legislation forms the basis of criminal penalties?

Continue reading

Case C-582/14, Breyer – seeing the logs from the trees in privacy law

Behind a website, there may be a log. This can record which pages have been viewed, when, and by which dynamic IP address. The legal question is whether this is a processing of ‘personal data’ under the EU’s ‘data processing’ Directive 95/46/EC?

Continue reading

Case C-547/14, Philip Morris Brands – the Second Tobacco Products Directive is invalid

Is the EU’s Second Tobacco Products Directive 2014/40/EU invalid?

Continue reading

Case C-484/14, McFadden – a mere conduit?

If a person offers non-password-protected access to the Internet, and an unknown user passes a piece of copyright-infringing music over that Internet connection, then can the person offering the Internet access be absolved of legal liability on the basis that he is but a ‘mere conduit’ under the EU’s ‘E-Commerce’ Directive 2000/31/EC?

Continue reading

Case C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?

If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection?

Continue reading

Case C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?

If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection?

Continue reading

Case C-316/13, Fenoll – it is no holiday in a French work rehabilitation centre

Where a handicapped person is placed with a French work rehabilitation centre in order to facilitate his integration into society and to ensure that he flourishes on the labour market, must he work and follow the labour-market courses but without accruing any rights to paid annual leave? Or would that be contrary to the EU’s working time Directive 2003/88?

Continue reading

Case C-46/13, H – challenging more of the EU’s data retention Directive

When you use a telephone or go onto the internet a company registers and stores data about you. Companies are obliged to do this not for billing purposes but because of the EU’s data retention Directive 2006/24/EC. Can you access this ‘retention data’, and if not, is this compatible with the EU Charter?

Continue reading

Case C-449/12, van Luijk – No fingerprints? No Dutch passport.

Are the Dutch rules requiring passport applicants to be fingerprinted and to have their biometric data stored initially in local registers, and then in a central register, compatible with EU law?

Continue reading