Case C-490/14, Verlag Esterbauer – a map is not a database

Is a map a database? The EU’s Database Directive 96/9/EC requires a database to be ‘a collection of independent works … or other materials …’. It is a phrase which has already been interpreted by the CJEU in its earlier ‘sporting fixtures’ case law but now it is not clear whether the CJEU’s reasoning also brings a map within the scope of EU database law.

Continue reading

Case C-192/15, Rease – secretly spied on, medical data leaked, and left unprotected by the Dutch regulator

Can the Dutch Data Protection Agency exert any control over companies based in the UK and the USA which conduct covert surveillance on Dutch territory? And in the event of an individual’s data processing law rights under Dutch law being breached, what is to be done where the internal rules of the Dutch Data Protection Agency mean that the Agency will never ever act on a complaint coming from an individual?

Continue reading

Case C-582/14, Breyer – seeing the logs from the trees in privacy law

Behind a website, there may be a log. This can record which pages have been viewed, when, and by which dynamic IP address. The legal question is whether this is a processing of ‘personal data’ under the EU’s ‘data processing’ Directive 95/46/EC?

Continue reading

Case C-230/14, Weltimmo – regulatory competence over websites

If a Slovakian company runs a website that advertises Hungarian homes for sale, and Hungarian residents submit their personal data to the company’s website server, then in the event of the Slovakian company breaching data protection laws, does the Hungarian Data Protection Authority retain any regulatory competence to ensure that Hungarian data protection law is complied with? Or should the Hungarian Authority simply have requested its Slovakian counterpart to take action against the Slovakian company?

Continue reading

Case C-30/14, Ryanair – grounding a go compare an airfare website

Price-comparison websites in the EU are often lawful because the websites they take their information from are databases frequently unprotected by either copyright or the ‘sui generis’ right enshrined in the EU’s Database Directive 96/9/EC. This is true of Ryanair’s website. But Ryanair’s website is however protected by a plank of deviant Dutch ‘copyright’ law. In this case, a Dutch website that compares the price of airfares is seeking to rely on a Dutch exception to the Dutch ‘copyright’ rule, an exception that corresponds to one found in the EU’s Database Directive. The legal question has become whether the Directive applies to all databases and thus websites – even the unprotected ones – and, if so, whether the price-comparison website qualifies as a ‘lawful user’, who does not need to obtain Ryanair’s consent to use Ryanair’s website.

Continue reading

Case C-449/12, van Luijk – No fingerprints? No Dutch passport.

Are the Dutch rules requiring passport applicants to be fingerprinted and to have their biometric data stored initially in local registers, and then in a central register, compatible with EU law?

Continue reading