Posts Tagged extraterritorial
In Case C-18/18, Eva Glawischnig-Piesczek v Facebook, the Austrian Supreme Court has referred a ‘hate speech’ case to Luxembourg – hearing will be tomorrow, 12 February. The Case revolves around Article 15 of the E-Commerce Directive: one sentence Twitter summary comes courtesy of Tito Rendas: does Article 15 prohibit the imposition on a hosting provider (Facebook, in this case) of an obligation to remove not only notified illegal content, but also identical and similar content, at a national or worldwide level?
Mirko Brüß has more extensive analysis here. I used the case in my class with American University (my students will be at the hearing tomorrow), to illustrate the relationship between secondary and primary law, but also the art in reading EU secondary law (here: A15 which limits what can be imposed upon a provider; and the recitals of the Directive which seem to leave more leeway to the Member States; particularly in the light of the scant harmonisation of tort law in the EU). To readers of the blog the case is probably more relevant in light of the questions on territorial scope: if a duty to remove may be imposed, how wide may the order reach? It is in this respect that the case is reminiscent of the Google etc. cases.
Yet another one to look out for.
(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 22.214.171.124, Heading 126.96.36.199.5.
Forget what you have read. Szpunar AG does not restrict EU ‘Right to be forgotten’ /data protection laws to European territory.
I have previously reported extensively on various national and European developments re the right to have search results delisted, more popularly referred to as the ‘right to be forgotten’ (‘RTBF’ – a product of the CJEU in Google Spain) and its territorial limits. (Search string ‘Google’ or ‘rtbf’ ought to assist the reader). Szpunar AG opined mercifully succinctly last Thursday in C-505/17 Google Inc v Commission nationale de l’informatique et des libertés (CNIL).
Possibly because of the English-language press release (‘Advocate General Szpunar proposes that the Court should limit the scope of the de-referencing that search engine operators are required to carry out to the EU‘) and because of the actual text of the Opinion hitherto being available in French only, general reporting has been almost unequivocally (note Michèle Finck’s 10th Tweet in an early thread on the Opinion as a cautious exception), that the AG suggests that the RTBF is limited to EU soil only.
Except, he does not.
The Conseil d’Etat has referred one or two specific Qs but also, just to be sure, has also asked the Court of Justice for general insight into how data protection laws apply to the internet.
The AG of course departs from the core objective of the data protection Directive and now the GDPR, and Google Spain, and points out that the CJEU has put the protection of the fundamental rights of the data subject at the centre. At 46 he summarises his view before justifying it:
‘in my opinion one should distinguish according to the place in which the search is carried out. Searches carried out outside the EU ought not to be made subject to delisting’. (My translation from the French).
Geo-blocking can be ordered and ensures that within the EU territory, no Google extension may be used to access the information at issue (at 64 ff) after duly having balanced the right of freedom of information against the right to be forgotten.
Turning to his arguments, the AG points out at 47 ff first of all – briefly: see e.g. Belgian case-law on Facebook for more extensive discussion – that public international law defines the borders of the EU and its Member States. The AG sees no reason (48-49) exceptionally to extend the scope of application beyond that border in the case of the Directive or the GDPR.
(51-52) Other examples of ‘extraterritoriality’ do not sway him, such as the Trademark Directive or EU competition law. He argues that in these cases the Internal Market is impacted and EU law applies to these situations ex-EU only because the Internal Market is a finite, territorial unit. The internet is not (at 53: Le marché intérieur est un territoire clairement délimité par les traités. En revanche, l’internet est, par nature, mondial et, d’une certaine manière, est présent partout. Il est donc difficile de faire des analogies et des comparaisons).
Note that references to other instances of ‘extraterritoriality’ (or not) could have been made: such as the cases surrounding animal welfare (Zuchtvieh), cosmetics, or the EU’s emissions trading scheme.
The AG also briefly discusses ‘extraterritorial’ protection of rights under the ECHR, but distinguishes the EU Charter from same. (On the topic of the ‘extraterritorial’ impact of the EU’s human rights obligations, see excellently Lorand Bartels here).
At 60-61 the AG argues (paras which have been more or less literally translated in the Press release) that if worldwide de-referencing were permitted, the EU authorities would not be able to define and determine a right to receive information, let alone balance it against the other fundamental rights to data protection and to privacy. This, the AG argues, is all the more so since ‘the right of the public to access such information’ (un tel intérêt du public à accéder à une information; this word string bizarrely translated in the press release as ‘such a publication’) will necessarily vary from one third State to another depending on its geographic location. There would be a risk, the AG suggests, that if worldwide de-referencing were possible, persons in third States would be prevented from accessing information and, in turn, that third States would prevent persons in the EU Member States from accessing information. This might in turn lead to a race to the bottom in the right to access of information.
This is an important point, because it essentially encapsulates a core argument made by Google: that particularly in the US, the constitutional right to free speech and the corollary of the freedom to receive information, gazumps a right to be forgotten – putting Google in the event of worldwide delisting orders between SCOTUS’ rock and CJEU’s hard place.
Crucially however at 62 the AG then in my view perhaps not quite torpedoes but certainly seriously softens his overall general analysis by suggesting that his views on territoriality are the default position only, which may be varied should specific instances of the balancing act of fundamental rights, so require: it’s just that the specific circumstances of the case do not.
Les enjeux en cause n’exigent donc pas que les dispositions de la directive 95/46 soient d’application au-delà du territoire de l’Union. Cela ne signifie pas pour autant que le droit de l’Union ne saurait jamais imposer à un exploitant de moteur de recherche tel que Google qu’il entreprenne des actions au niveau mondial. Je n’exclus pas qu’il puisse y avoir des situations dans lesquelles l’intérêt de l’Union exige une application des dispositions de la directive 95/46 au-delà du territoire de l’Union. Mais dans une situation telle que celle de la présente affaire, il n’y a pas de raison d’appliquer les dispositions de la directive 95/46 d’une telle manière.
The circumstances of the case do not justify worldwide blocking. Yet other circumstances might. This is a crucial section for the French data protection authority’s (CNIL) decision at issue, 2016/054 [thank you again to the Dutch Ministry of Foreign Affairs for providing the factual background to the case; also note that in the French decision Google’s name, amusingly, is anonymised] is a general CNIL instruction to Google to carry out global delisting in instances where natural persons request removal; not a case-specific one. In other words the ‘circumstances of the case’ concern a generic, not a factual balancing.
In yet other words: there could be many instances where national data protection authorities might find worldwide delisting to be the only proper means to balance the various fundamental rights at stake. The AG Opinion offers little to no support that such worldwide delisting in concrete cases were to infringe the Directive /the GDPR. Such balancing act would be akin to X v Google LLC at the Tribunal de grande instance de Paris on which I reported last week.
Note that in his Opinion of the same day in C-136/17, the AG Opines that the default response of search engine providers must be to honour requests for delisting, and to only exceptionally not do so.
Some issues for the Grand Chamber to chew on. And then some more.
(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 188.8.131.52, Heading 184.108.40.206.5.
Neither extraterritoriality questions nor WTO concerns unsettle the CJEU. Animal testing ban applies outside EU.
The last part of this title is a bit of a stretch, apologies: soundbite beats nuance. I reported earlier on the High Court’s referral to the CJEU in the Cosmetics Regulation case, C-592/14 . The Court held last week, 21 September. Much like in C-366/10, the emissions trading /aviation case, the Court was unimpressed with accusations of extraterritoriality (‘territory’ is not discussed in the judgment) and does not even flag WTO concerns (Bobek AG had, and simply suggested this is an issue that solely lies with the WTO itself to resolve).
Referring to the need to interpret the Regulation with a view to its object and purpose, the Court insists that in particular to avoid easy circumvention of the Regulation, data obtained from animal testing carried out outside the EU, cannot be employed for the marketing of cosmetics in the EU, even if those tests had to be performed so as to meet the regulatory requirements of third countries.
Of course in WTO jargon, this recalls the discussion of non-product incorporated production processes and -methods (n-PR PPMs) however the Court is more concerned with regulatory efficiency.
Forget Facebook and Safe Harbour. CJEU in Weltimmo confirms wide prescriptive but finds limited executive jurisdiction in EU data protection.
A lot of attention last week went to the CJEU’s annulment of the EC’s ‘Safe Harbour’ decision in Schrems v Facebook (aka Austrian student takes on internet giant). I will not detail that finding for I assume, for once, that readers will be au fait with that judgment. For those who are not: please refer to Steve Peers for excellent analysis as per usual. It is noteworthy though that the CJEU’s finding in Schrems is based in the main on a finding of ultra vires: often easily remedied, as those with a background in public law will know.
Schrems (held 6 October) confirmed the Court’s approach to the EU’s prescriptive jurisdiction in data protection laws, as in Google Spain. However the Thursday before, on 1 October, the Court took a more restrictive view on ‘executive’ or ‘enforcement’ jurisdiction in Case C-230/14 Weltimmo. Lorna Woods has the general context and findings over at EU Law analysis. The essence in my view is that the Court insists on internal limitations to enforcement. It discussed the scope of national supervisory authority’s power in the context of Directive 95/4, the same directive which was at issue in Google Spain. The Court held
Where the supervisory authority of a Member State, to which complaints have been submitted in accordance with Article 28(4) of Directive 95/46, reaches the conclusion that the law applicable to the processing of the personal data concerned is not the law of that Member State, but the law of another Member State, Article 28(1), (3) and (6) of that directive must be interpreted as meaning that that supervisory authority will be able to exercise the effective powers of intervention conferred on it in accordance with Article 28(3) of that directive only within the territory of its own Member State. Accordingly, it cannot impose penalties on the basis of the law of that Member State on the controller with respect to the processing of those data who is not established in that territory, but should, in accordance with Article 28(6) of that directive, request the supervisory authority within the Member State whose law is applicable to act.
In other words, the supervisory authority in a Member State can examine the complaints it receives even if the law that applies to the data processing is the law of another Member State. However the scope of its sanctioning power is limited by its national borders.
This finding (I appreciate there are caveats) has important implications for the discussion on the territorial reach of the so-called ‘righ to be forgotten’. It supports in my view, the argument that the EU cannot extend its right to be forgotten rule to websites outside the EU’s domain. I have a paper forthcoming which discusses the various jurisdictional issues at stake here and the impact of Weltimmo on same.
Rolex v Blomqvist. ECJ confirms irrelevance of ‘focus and target’ or ‘direction’ in intellectual property cases.
After its withholding of mere accessibility of a site as a jurisdictional trigger for copyright infringement in Pinckney, the ECJ has now accepted that the mere acquisition of a good by a person domiciled in an EU Member State, suffices to trigger the application of the EU Customs Regulation’s provisions on counterfeit and pirated goods. It is not necessary, in addition, for the goods at issue to have been the subject, prior to the sale, of an offer for sale or advertising targeting consumers of that State.
In Case C-98/13 Martin Blomqvist v Rolex Mr Blomqvist, a resident of Denmark, ordered a watch described as a Rolex from a Chinese on-line shop. The order was placed and paid for through the English website of the seller. The seller sent the watch from Hong Kong by post. The parcel was inspected by the customs authorities on arrival in Denmark. They suspended the customs clearance of the watch, suspecting that it was a counterfeit version of the original Rolex watch and that there had been a breach of copyright over the model concerned. In accordance with the procedure laid down by the customs regulation, Rolex then requested the continued suspension of customs clearance, having established that the watch was in fact counterfeit, and asked Mr Blomqvist to consent to the destruction of the watch by the customs authorities. Mr Blomqvist refused to consent to the destruction of the watch, contending that he had purchased it legally. Is there in the present case any distribution to the public, within the meaning of the copyright directive, and any use in the course of trade, within the meaning of the trade mark directive and the trade mark regulation?
The ECJ re-iterated earlier case-law (in particular L’Oreal /E-bay) that the mere fact that a website is accessible from the territory covered by the trade mark is not a sufficient basis for concluding that the offers for sale displayed there are targeted at consumers in the EU. However proof that the goods are intended to be put on sale in the European Union, is being provided, inter alia, where it turns out that the goods have been sold to a customer in the European Union, such as clearly in the case at issue.
That sales to the EU have taken place is enough. Proof that EU consumers were actually targeted is not required – at least not with a view to triggering intellectual property protection (cf consumer protection under i.a. the jurisdiction Regulation).
In the view of the EU of course this is not an ‘extraterritorial’ application of EU law: the territorial link is firmly established through the customer’s domicile.