Case C-698/15, Davis – did the CJEU in Digital Rights Ireland intend to lay down mandatory requirements of EU law?

In 2006, the EU’s ‘data retention’ Directive 2006/24/EC required telecoms companies to store data traffic. In its Digital Rights Ireland judgment of 2014, the CJEU annulled the Directive because the Directive was incompatible with the EU Charter. Six national courts have subsequently declared their national data retention laws to be invalid. However, in other Member States legal uncertainty surrounds what the CJEU actually decided and the legal effects that flow from it. In that context, a Swedish court has already made a preliminary reference to the CJEU. Now, the Court of Appeal of England and Wales has decided to make its own preliminary reference.

Continue reading

Case C-398/15, Manni – data in public registers should be subject to the Google right to be forgotten

Details about Mr Manni were incorporated in a public register. Data in the register was subsequently processed and used for other purposes by a commercial company. The question in this case is whether Mr Manni can require the administrators of the register to respect his right to privacy in accordance with the CJEU’s ‘right to be forgotten’ Google judgment.

Continue reading

Case C-203/15, Tele2 Sverige – Swedish data retention despite Digital Rights Ireland

Telecoms companies were legally required to store data traffic until the CJEU’s judgment in Digital Rights Ireland. The CJEU annulled the EU’s Data Retention Directive for being incompatible with the EU Charter. Nevertheless, Swedish telecoms companies are still being required to store data. The legal basis for this is an earlier EU Directive, which had been amended by the Data Retention Directive. Is this regulatory approach compatible with the EU Charter?

Continue reading

Case A-1/15, The Canada-EU ‘PNR’ Agreement – contrary to the EU Charter?

Canada and the EU have negotiated a new Passenger Name Record Agreement. A plank of the Agreement involves the transfer and processing of data. The European Parliament is asking the CJEU for a legal opinion on the compatibility of that Agreement with the EU Charter.

Continue reading

Case C-582/14, Breyer – seeing the logs from the trees in privacy law

Behind a website, there may be a log. This can record which pages have been viewed, when, and by which dynamic IP address. The legal question is whether this is a processing of ‘personal data’ under the EU’s ‘data processing’ Directive 95/46/EC?

Continue reading

Case C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?

If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection?

Continue reading

Case C-362/14, Schrems – does a ‘safe harbour’ shelter states that deprive EU citizens of their EU Charter rights?

If the EU Commission deems a non-EU state to be a ‘safe harbour’ for the purposes of data processing, then personal data about EU citizens can be sent to companies in that non-EU state. This is not new. For example, in 2000 the EU Commission had decided that the USA was a ‘safe harbour’. However, in 2013 Edward Snowden made a series of revelations concerning the USA’s blanket interception of Internet and telecoms systems. These revelations have generated a question of EU law. Namely, can an EU Member State’s national data protection regulator now disregard the EU Commission’s finding that the USA is a ‘safe harbour’, and do so on the basis that the USA’s laws and practices do not adequately protect and respect an EU citizen’s EU Charter rights to privacy and data protection?

Continue reading

Case C-46/13, H – challenging more of the EU’s data retention Directive

When you use a telephone or go onto the internet a company registers and stores data about you. Companies are obliged to do this not for billing purposes but because of the EU’s data retention Directive 2006/24/EC. Can you access this ‘retention data’, and if not, is this compatible with the EU Charter?

Continue reading

Case C-293/12, Digital Rights Ireland – telecoms, privacy and freedom of expression

Does the restriction on the use of a mobile telephone arising from the data retention Directive 2006/24 contravene the EU Charter’s rights to privacy, data protection, and freedom of expression?

Continue reading