Data Protection, Data Transfers, and International Agreements: the CJEU’s Opinion 1/15

On 26 July the EU Court of Justice (CJEU) issued Opinion 1/15, which is its most significant ruling on the international dimensions of data protection law since its 2015 judgment in the Schrems case. In Opinion 1/15, the Grand Chamber of the Court found that the draft agreement between the EU and Canada for the transfer of passenger name record (PNR) data may not be concluded in its current form, since several of its provisions are incompatible with EU fundamental rights law. As the Court’s first ruling on the compatibility of a draft international agreement with the EU Charter of Fundamental Rights, the judgment has important implications for many areas of EU law.

Continue Reading →

The EU General Data Protection Regulation: Powerful Tool for Data Subjects?

Two months ago, the European Parliament and the Council have enacted the European General Data Protection Regulation as the result of a 4 years running legislative procedure. For a long time, it was uncertain whether the regulation could be passed at all: Not only has there been considerable opposition by EU Member States, but there have also been about 4.000 amendments by Parliament, accompanied by an enormous engagement of lobby groups.

Continue Reading →

The Force awakens – The Schrems case from a German perspective

Just like Star Wars, the "Solange" saga about German constitutional order’s approach to fundamental rights protection in the context of European integration appeared as a story told and settled. But now there are rumours that in Germany Solange Episode III is in the making, with a release date around 2016. The ECJ’s Schrems decision will bring some turmoil to the Solange Episode III production in Germany.

Continue Reading →

The Schrems Judgement: New Challenges for European and international companies

In Schrems the CJEU has declared the Safe-Harbor-Decision of the European Commission invalid whilst strengthening the EU fundamental rights. The Court has done so with astonishing clarity. Although the matter is about Facebook Ireland’s transfer of data to servers of Facebook, Inc. in the U.S., it, ironically, will not be Facebook but companies of the European “old economy” that will have to face severe consequences in the aftermath of this landmark judgement. In many cases of every day data processing in the business world, the consent of data subjects will be impossible to obtain. It is at the same time nearly impossible to prevent data to be transferred outside the EU. Hence, a vast number of data processing operations which were lawful before Schrems are now illegal.

Continue Reading →

Safeguarding European Fundamental Rights or Creating a Patchwork of National Data Protection?

On Tuesday, the Grand Chamber of the Court of Justice of the European Union declared the Commission’s US Safe Harbour Decision invalid. The Court’s ruling in Case C-362/14 of the Austrian Internet activist Maximillian Schrems v the Irish Data Protection Commissioner is a milestone in the protection of European fundamental rights, but it also preserves space for different national supervisory standards and national discretion on whether data may actually be transferred. Is the ruling opening the way for a patchwork of national data protection? How does this ruling influence the TTIP negotiations?

Continue Reading →

The Essence of Privacy, and Varying Degrees of Intrusion

What is remarkable in the CJEU’s Schrems decision is that a) the Court actually identified the intrusion in question as falling under the notion of the essence of privacy – something the European Court of Human Rights has never done under the privacy provision of ECHR Article 8, and b) the identification of an intrusion as compromising the essence of privacy meant that there was no need for a proportionality assessment under Article 52 (1.2) of the Charter. For these reasons, the Max Schrems judgment is a pathbreaking development, a major contribution to the understanding of the structure and legal effect of fundamental rights under the Charter.

Continue Reading →

Schrems v. Commissioner: A Biblical Parable of Judicial Power

We might celebrate the Court’s decision in Case C-362/14 as an improbable victory of good (data-privacy) over evil (consumer and intelligence data abuses). But I want to offer some words of caution about god-like judicial power.

Continue Reading →

Finnish Government and the Desire to Constitutionalize Mass Surveillance: Toward Permanent State of Emergency?

The Finnish Government intends to amend the constitution to clear the path for a NSA-type surveillance scheme. The form of constitutionalism that results from this kind of change would reverse the traditional grounds of legitimacy as set forth by the constitutions and human rights treaties: instead of providing one possible but narrowly interpreted ground for restricting right to confidential communications and protection of personal data, national security would occupy the position of a main rule while the constitutional right would wither away to a narrowly applied exception. In essence, the amendment would securitize one of the key fundamental rights of our time, and create a permanent state of emergency within it.

Continue Reading →