Posts Tagged C-505/17
GDPR (General Data Protection Regulation) aficionados will have already seen the draft guidelines published by the EDPB – the European data protection board – on the territorial scope of the Regulation.
Of particular interest to conflicts lawyers is the Heading on the application of the ‘targeting’ criterion of GDPR’s Article 3(2). There are clear overlaps here between Brussels I, Rome I, and the GDPR and indeed the EDPB refers to relevant case-law in the ‘directed at’ criterion in Brussels and Rome.
(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 188.8.131.52.3, Heading 184.108.40.206.5.
I have an ever-updated post on Google’s efforts to pinpoint the exact territorial dimension of the EU’s data protection regime, GDPR etc. Now, Facebook are reportedly (see also here) appealing a fine imposed by the UK’s data protection authority in the wake of the Cambridge Analytica scandal. Facebook’s point at least as reported is that the breach did not impact UK users.
The issue I am sure exposes Facebook in the immediate term to PR challenges. However in the longer term it highlights the need to clarify the proper territorial reach of both data protection laws and their enforcement.
One to look out for.
Update 19 November 2018 Michèle Finck has excellent reporting on the hearing before the CJEU here.
Update May 2018 our paper on global case-law re RTBF is here.
Update 23 May 2017 the Case is C-136/17 and the relevant dossier (partially in Dutch) is here, on the unparalleled website of the Dutch foreign ministry. A related case is C-505/17. Update 1 February 2018 for a recent English case see  EWHC 137 (QB) ABC v Google. Order to block access was denied for no permisison to serve out of jurisdiction had been sought (Google been incorporated in Delaware.
Many thanks to KU Leuven law student Dzsenifer Orosz (she is writing a paper on the issues for one of my conflict of laws courses) for alerting me to the French Conseil D’Etat having referred ‘right to be forgotten’ issues to the European Court of Justice. I have of course on occasion reported the application of data protection laws /privacy issues on this blog (try ‘Google’ as a search on the blog’s search function). I also have a paper out on the case against applying the right to be forgotten to the .com domain, and with co-authors, one where we catalogue the application of RTBF until December 2016. See also my post on the Koln courts refusing application to .com.
The Conseil d’Etat has referred one or two specific Qs but also, just to be sure, has also asked the Court of Justice for general insight into how data protection laws apply to the internet. The Court is unlikely to offer such tutorial (not that it would not be useful). However any Advocate General’s opinion of course will offer 360 insight.
One to look forward to.