06 April 2022
Public Surveillance before the European Courts
Europe has experienced a significant expansion of state surveillance and counter-terrorism regimes, which demonstrate the increasing appetite of legislators and the executive for the normalisation of surveillance. For long, European Courts offered a powerful pushback against this trend and produced several celebrated victories for fundamental rights over surveillance. However, recent decisions by the CJEU and the ECtHR reveal a different picture, indicating a broader paradigm shift. Continue reading >>
0
01 November 2021
Why are you on Facebook?
In a recent draft decision of the Irish Data Protection Commissioner to other European Data Protection Authorities, the Irish Commissioner addressed whether or not Facebook could rely on the contractual legal basis for certain purposes of its personal data processing, including for behavioral advertising. According to the Commissioner, “a reasonable user would be well-informed […] that [personalized advertising] is the very nature of the service being offered by Facebook and contained within the contract”. Based on this interpretation, it appears that Facebook’s users are on the social network not to connect with their friends and family but rather to receive personalized advertising. Continue reading >>
0
24 April 2021
The Conseil d’Etat refuses to follow the Pied Piper of Karlsruhe
The Conseil d’Etat categorically rejected the proposal that the courts of the member states, in particular their supreme (or constitutional) courts, would be entitled to review an "ultra vires" of the European institutions. The wording of the judgment is an implicit acknowledgement that there is a monopoly of the EU Court of Justice in the authentic interpretation of the Treaty - unlike the German Federal Constitutional Court in the Weiss case and the doctrine of constitutional identity and protection of national security. Continue reading >>30 March 2021
Seeing through the Eye of God
The messenger app Telegram is swamped with bots which gather and disseminate personal data. Roskomnadzor, Russia’s media watchdog, has just moved to block one of the prominent bots, proudly named ‘Eye of God’. While Telegram bots offer certain positive implications through the newfound transparency they afford, these do not override the tremendous privacy risks posed. But even more importantly, there is little the Russian authorities can do to force Eye of God and other bots to respect the rights of data subjects. Continue reading >>
0
15 February 2021
Data Protection in Armed Conflict
These days, our thoroughly digitalised societies run on data. It is therefore only natural that experts of international humanitarian law (IHL) have for a while now pondered over the question of how to treat data under the existing legal frameworks applicable to armed conflicts. However, the ongoing discussion concerning the status and possible protection of civilian data in armed conflict is in need of increased clarity and granularity. Continue reading >>05 November 2020
Serious Cyberattack Raises Questions About GDPR Application in Finland
After the personal data of thousands of patients was hacked from a privately-run psychotherapy centre in Finland, blackmailers are threatening to publish the data unless they receive a ransom. Because of the seriousness of this data breach, the case is likely to become a landmark in Finnish data protection law and a Europe-wide reference point for the application of GDPR rules in data breach situations. Continue reading >>
0
15 October 2020
‘Keyword Warrants’ Make Every Search A Risk
How many times did you search google today? Few of us know the answer. It’s not just the queries entered into the ubiquitous google search bars, but the countless other apps in the Google ecosystem, constantly harvesting our every question to refine their picture of even the most intimate spheres of our life. In the hands of advertisers, this technology is creepy. But when it is fully exploited by law enforcement agencies, it can be a profound danger to civil society and human rights. Continue reading >>
0
25 August 2020
Schrems II Re-Examined
The Court of Justice of the EU’s judgment in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (“Schrems II”) of 16 July has already received significant attention. Now that the dust has somewhat settled, however, it deserves re-examination in light of its significant implications for the regulation of international data transfers under the EU General Data Protection Regulation. Continue reading >>29 July 2020
Schrems II: The Right to Privacy and the New Illiberalism
This post unpacks the implications of Schrems II for this new, unstable, and in many instances, illiberal political landscape. A number of excellent posts on this blog have already examined the impact of Schrems II on the corporate actors that transfer EU data globally. My focus here is on how Schrems II and the CJEU’s evolving jurisprudence on the right to privacy can be read as targeting the political developments of recent years. Continue reading >>
0
25 July 2020
Schrems II – A brief history, an analysis and the way forward
On July 16, 2020, the European Court of Justice (ECJ) invalidated the EU-US Privacy Shield – a framework that regulated Trans-Atlantic data transfers. Further, even though the court upheld the validity of Standard Contractual Clauses (SCC) - an EU-approved template to safeguard EU citizens’ data-transfer, it put forth important qualifications for data controllers to adhere to when using such SCCs. This article analyses the ECJ’s ruling, now known as Schrems II, in three parts. The first section sets the stage for the analysis by providing a brief history of EU-US data-flow arrangements and the developments leading up to Schrems II. The second section analyses the ECJ’s decision in Schrems II and finally, the third section concludes by exploring the implications of the ruling and evaluating the way forward. Continue reading >>
0