Posts Tagged Extraterritoriality

Google and the jurisdictional reach of the Belgian DPA in right to be forgotten cases. Another piece misplaced in the puzzle?

Thank you Nathalie Smuha for first signalling the €600,000.00 fine which the Belgian Data Protection Authority (DPA) issued on Tuesday against Google Belgium, together with a delisting order of uncertain reach (see below) and an order to amend the public’s complaint forms. The decision will eventually be back up here I am assume (at vanished yesterday) however I have copy here.

Nauta Dutilh’s Peter Craddock and Vincent Wellens have very good summary and analysis up already, and I am happy to refer. Let me add a few things of additional note:

  • The one-stop shop principle of the GDPR must now be under severe strain. CNIL v Google already put it to the test and this Belgian decision further questions its operationalisation – without even without for the CJEU to answer the questions of the Brussels Court of Appeal in the Facebook case. At 31, the DPA refers to a letter which Google LLC had sent on 23 June 2020 (a few days therefore after the French decision) to the Irish DPA saying that it would no longer object to national DPAs exercising jurisdiction in right to be forgotten cases. Of note is that in ordinary litigation, deep-pocket claimants seeking mozaik jurisdiction seldom do that because it serves the general interest.
  • Having said that, the Belgian DPA still had to establish jurisdiction against Google Belgium. Here, CJEU Google v Spain, Google v CNIL, and Wirtschaftsakademie led the DPA to take a ‘realistic’ /business plan approach (such as Jääskinen AG in Google Spain) rather than a legally pure approach: at 80 following extensive reference to CJEU authority, and to the effet utile of the GDPR, the DPA holds that it matters little whether the actual processing of the date takes places outside of the EU, by Google employees ex-EU, and that Google Belgium’s activities are supportive only. A Belgian resident’s right to be forgotten has been infringed; a Google entity is available there: that would seem to suffice.
  • That left the issue of the territorial reach of the delisting request. The DPA arguably cuts a few corners on the Google Belgium issue; here, it is simply most vague: at 81 ff it refers to the jurisdictional decision in e-Date Advertising, that for infringement of privacy within Brussels Ia, the courts of the person’s centre of interests are best placed to hear the case in its entirety, holding this should be applied mutatis mutandis in GDPR cases and removal orders. It then holds at 85 that neither Google v CNIL nor Belgian law give it specific power to impose a worldwide delisting order, yet at 91 that an EU-wide delisting order would seem an effective means of redress, to end up in its final order (p.48-49) not identifying a territorial scope for delisting.

I am confused. I suspect I am not the only one.

Geert.

(Handbook of) EU private international law, 2nd ed.2016, chapter 2, Heading 2.2.8.2.5.

 

, , , , , , , , , , , , , , ,

Leave a comment

The GDPR’s one stop shop principle put to the test in French Supreme Court confirmation of CNIL jurisdiction over Google Android case. The Court also rebukes the spaghetti bowl of consent ticking and unticking.

Thank you Gaetan Goldberg for flagging that the French Supreme Court has confimed on 19 June last, jurisdiction of the French Data Protection Agency (‘DpA’), CNIL for issuing its fine (as well as confirming the fine itself) imposed on Google for the abuse of data obtained from Android users. The Court was invited to submit preliminary references to the CJEU on the one-stop shop principle of  the GPDR, but declined to do so.

Readers of the blog know that my interest in the GDPR lies in the jurisdictional issues – I trust date protection lawyers will have more to say on the judgment.

With respect to the one stop shop principle (see in particular A56 GDPR) the Court held at 5 ff that Google do not have a ‘main establishment’ in the EU at least not at the time of the fine complained of, given that the Irish Google office (the only candidate for being the ‘main establishment) at least at that time did not have effective control over the use and destination of the data that were being transferred – US Google offices pulling the strings on that decision. A call by the CNIL under the relevant EU procedure did not make any of the other DPAs come forward as wanting to co-ordinate the action.

On the issue of consent the SC referred to CJEU Cc-673/17 Planet49 and effectively held that the spaghetti bowl of consent, ticking and unticking of boxes which an Android user has to perform to link a Google account to Android and hence unlock crucial features of Android, do not amount to consent or proper compliance with GDPR requirements.

Geert.

, , , , , , , , , , , , , , , ,

Leave a comment

Akkurate: Whether English discovery may act extraterritorially under the EU Insolvency Regulation, and a clear difference following Brexit.

Graham Woloff eaor Calzaturificio Zengarini eaor re Akkurate Ltd, [2020] EWHC 1433 (Ch) concerns the question whether the court has the power under section 236(3) of the Insolvency Act 1986 to require persons resident in the EU to produce books and papers and an account of their dealings with a company being compulsorily wound up in England and Wales (it is not disputed that Akkurate’s centre of main interests (“COMI”) was in England and Wales under the European Insolvency Regulation EIR).

EIR 2000 applies to this case, because the winding up of Akkurate was before 26 June 2017, however the issue is not materially different in the new Regulation. There are inconsistent first instance decisions which Vos C reviews ia at 27 ff and at 54 after consideration, he considers s236(3) does not have extraterritorial effect on the basis of what he considers to be the binding authority of Re Tucker (a bankrupt) [1990] Ch. 148. however that following the EIR 2000 (unchanged in EIR 2015) the European regime can and does extend the territoriality of purely domestic insolvency provisions. CJEU authority cited is in particular C-339/07 Seagon v Deko Marty Belgium (at 58 ff) – which I find may be a bit optimistic. Vos C also decides that he can and should apply his discretion to grant orders as formulated at 68.

Clearly, post Brexit, the situation will revert to Tucker. Which would make the English courts less attractive than their continental counterparts – although of course one would have to wait for CJEU authority to confirm the issue less equivocally.

Geert.

(Handbook of) EU private international law, 2nd ed. 2016, Chapter 5,

 

, , , , , , , ,

Leave a comment

A reminder: Austrian courts apply CJEU Eva Glawischnig-Piesczek v Facebook ruling. Limits removal to national territory only but does not rule out worldwide removal on principle.

I had already reported in March on the first application of the CJEU C-18/18 Eva Glawischnig-Piesczek v Facebook ruling in an update to my post on the latter. I thought I’ld add a separate post on the ruling for it, well, deserves it: the court held that orders based on Austrian copyright are limited to Austria (given copyright’s territorial limitations), but if they are based on personal rights, the claimant has to specify the requested territorial reach (so potentially global).

IPKat have further analysis here. As one or two of us discussed at the time of the CJEU ruling: the infringement of personality rights angle is an important one.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2, Heading 2.2.8.2.5.

, , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

A quick (jurisdictional) note on the Cobalt supply chain litigation.

News broke a few weeks back on the class action suit introduced in the USDC for the District of Columbia, against Apple, Dell, Microsoft and Tesla. Swiss-based Glencore (of Mark Rich fame) and Belgium’s Umicore are mentioned in the suit but not added to the defendants. Historical references are inevitably made to the plundering of Congo first by King Leopold personally and in a later stage by the Kingdom of Belgium.

The suit is a strategic one, attempting to highlight the human rights (including child labour) issues involved in the mining of cobalt, used as a raw material in particular for modern batteries, and to propel the corporate social responsibility (CSR) debate on due diligence and supply-chain liability. It is also however a suit seeking damages for the victims of child labour in very dangerous circumstances.

Of note for the blog is the jurisdictional angle: discussed at 18 ff and featuring arguments against the use of forum non conveniens. Claimants put forward they have no practical ability to litigate in DRC: damages under DRC law (therefore assumed to be the lex causae which a Congolese judge would apply were the case litigated in DRC) sought from end-users of cobalt; DRC courts are corrupt; anyone standing in the way of the mining industry is threatened; the 2000 Victims of Trafficking and Violence Protection Act TVPRA as amended in 2013 allows for extraterritorial jurisdiction; finally and of relevance to a classic locus delicti commissi argument: ‘the policymaking that facilitated the harms Plaintiffs suffered was the product of decisions made in the United States by Defendants’.

Personal jurisdiction is suggested to exist for (at 22) are all U.S. resident companies and they do substantial and continuous business within the District of Columbia – minimum contacts are established, and defendants should reasonably anticipate being hailed into court there.

No doubt there will be intense discussion on the jurisdictional basis, prior to debate on the merits of liability of end-users.

Geert.

, , , , , , , , , , , , , , , , ,

Leave a comment

The French Constitutional Court on exporting environmental pollution and health hazards.

I seem to be having my environment cap firmly on this week so I am happy to thank Le Monde for flagging the judgment of the French Constitutional Court 2019-823 of 31 January in which it sanctioned (against the wishes of applicants, the Union des industries de la protection des plantes, essentially Bayer, Syngenta, BASF)  the Government’s ban on the manufacturing of and exportation of pesticides banned for use in France but hitherto available for export, mostly to Africa.

The case I would suggest is one that is also very suited to a business ethics class. Interestingly the Act also mentions that it applies to the degree it is not incompatible with WTO rules – the WTO is not addressed in the judgment.

Applicants’ case is grounded on the freedom of ‘enterprise’ or ‘commerce’, as expressed in the 1789 Déclaration des droits de l’homme et du citoyen – but also the Decret d’Allarde 1791. To the mix of objectives to be balanced, the Court adds the protection of public health (Constitutional recital, 1946) and the Environment Charter 2004, from which the court deduces that environmental protection, as common heritage of mankind, is a Constitutionally ringfenced objective.

At 6 the Court without much ado posits that the French Government in pursuing environmental policy, justifiably may take into account the extraterritorial environmental consequences of activities on French soil.

Having referred to the EU ban on the use of the substances at issue, based on scientific considerations discussed at length in the run-up to the EU law at issue, the Court at 9-10 refers to the principle that it should not overzealous in second-guessing the exercise by Parliament of its balancing exercise. At 11, it notes that the 3-year transitionary period gives corporations ample transitionary time in line with their freedom of commerce.

To the Court, it’s all very much self-evident. For environmental policy and extraterritoriality, its findings are quite relevant.

Geert.

 

 

, , , , , , , , , , , , , , ,

Leave a comment

Swamdi Ramdev v Facebook, Google, Youtube et al at the Delhi High Court: Worldwide removal ordered without much hesitation.

Update 14 November 2019 the judgment is, unsurprisingly, being appealed.

‘The race between technology and the law could be termed as a hare and tortoise race – As technology gallops, the law tries to keep pace.’ (see further below).

Thank you Daphne Keller for flagging CS (OS) 27/2019 Swami Ramdev et al v Facebook et al at the Delhi High Court on 23 October. Defendants are Facebook Inc, Google Inc, YouTube LLC, Twitter etc. The allegation of Plaintiffs is that various defamatory remarks and information including videos, found earlier to have been defamatory (a judgment currently before the Supreme Court without having been stayed), are being disseminated over the Defendants’ platforms.

At 6 Prathiba M Singh J summarises the parties’ position: None of the Defendants have any objection to blocking the URLs and disabling the same, insofar as access in India is concerned. However, all the Defendant platforms have raised objections to removal/blocking/disabling the impugned content on a global basis. On the other hand, the Plaintiffs argued that blocking merely for the Indian territory alone is not sufficient as the content would be accessible through international websites, which can be accessed in India. Thus, according to the Plaintiffs, for the remedy to be effective, a global blocking order ought to be passed.

Particularly in the review of plaintiff’s submission at 8 ff, the parallel is clear with the discussions on the role of intermediaries in Eva Glawischnig-Piesczek v Facebook. Reference of course is also made to Equustek and, at 64, to the CJEU in Google v CNIL. Facebook refers to the material difference between defamation laws across the globe: at 10: ‘Defamation laws differs from jurisdiction to jurisdiction, and therefore, passing of a global disabling order would be contrary to the principle of comity of Courts and would result in conflict of laws.’

At 44 ff Prathiba M Singh J extensively reviews global precedent, and, at 69, to Eva Glawischnig-Piesczek v Facebook. At 88 ff this leads justice Singh

Firstly, to uphold fairly straightforwardly the court’s power to order global delisting given the origin in India of the original act of uploading: ‘The act of uploading vests jurisdiction in the Courts where the uploading takes place. If any information or data has been uploaded from India on to a computer resource which has resulted in residing of the data on the network and global dissemination of the said information or data, then the platforms are liable to remove or disable access to the said information and data from that very computer resource. The removal or disabling cannot be restricted to a part of that resource, serving a geographical location.’

>>>Clearly the authority of the finding (likely to be appealed) may therefore be limited to situations of content uploading from inside the jurisdiction.

Further, at 99, to make an effectiveness argument: ‘it is clear that any order passed by the Court has to be effective. The parties before this Court i.e. the platforms are sufficiently capable to enforce an order of global blocking. Further, it is not disputed that the platforms are subject to in personam jurisdiction of this Court.’

>>>The latter element, again, may limit the authority of the judgment. I am not au fait with the ground for jurisdiction in the case at issue.

Finally, at 91: ‘The race between technology and the law could be termed as a hare and tortoise race – As technology gallops, the law tries to keep pace’. This does not imply the law simply laying down to have its belly rubbed. Exactly my sentiment in my post on the UK AI case.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2, Heading 2.2.8.2.5

 

 

 

, , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Steady now. Eva Glawischnig-Piesczek v Facebook. The CJEU on jurisdiction and removal of hate speech.

Update 5 May 2020 see the report of the first application of the criteria by the Austrian courts on 30 March 2020 here: the court held that orders based on Austrian copyright are limited to Austria, but if they are based on personal rights, the claimant has to specify the requested territorial reach (so potentially global).

My interest in C-18/18 Eva Glawischnig-Piesczek v Facebook as I noted in my short first review of the case, concerns mostly the territorial reach of any measures taken by data protection authorities against hosting providers. The Court held last week and o boy did it provoke a lot of comment.

The case to a large degree illustrates the relationship between secondary and primary law, and the art of reading EU secondary law. Here: Article 15 of the e-commerce Directive 2001/31 which limits what can be imposed upon a provider; and the recitals of the Directive which seem to leave more leeway to the Member States. Scant harmonisation of tort law in the EU does not assist the Institutions in their attempts to impose a co-ordinated approach.

The crucial issue in the case was whether Article 15 prohibits the imposition on a hosting provider (Facebook, in this case) of an obligation to remove not only notified illegal content, but also identical and similar content, at a national or worldwide level? The Court held the Directive does not as such preclude such order, and that as to the worldwide injunctive issue, EU law has not harmonised and that it is up to the Member States to direct in any such orders in compliance with public international law.

The judgment to a large degree concerns statutory interpretation on filtering content, which Daphne Keller has already reviewed pre the judgment succinctly here, Dan Svantesson post the judgment here, as did Lorna Woods, and a frenzied Twitter on the day of the judgment e.g. in this thread. A most balanced analysis is provided by Andrej Savin here. e-Commerce law is not the focus of this blog, neither my professed area of expertise (choices, choices). I do want to emphasise though

  • that as always it pays to bear in mind the CJEU’s judicial economy. Here: the need to interpret its judgment in line with the circumstances of the case. As Steve Peers noted, the Austrian court had ruled that the post was defamatory, which is a recognised basis for limiting freedom of expression; see also at 40: ‘In that regard, it should be made clear that the illegality of the content of information does not in itself stem from the use of certain terms combined in a certain way, but from the fact that the message conveyed by that content is held to be illegal, when, as in the present case, it concerns defamatory statements made against a specific person.‘ Nota bene, the same need to read the judgment in context goes for the earlier Google v CNIL case, applying Directive 95/46 and the GDPR, which I review here.
  • that speaking strictly as a member of the public who has seen the devastating effect of ‘social’ media on people close to me, the technical discussions on filtering (‘what filter does the CJEU think might possibly ever be available to FB to remove content in the way the Court wishes’) are emphatically beside the point. The public justifiably are not interested in the how. A service is offered which clearly has negative effects on EU citisens. Remedy those effects, or remove the service from those citisens. That is true for the negative impacts of goods (in 25 years of regulatory Bar practice I have seen plenty of that). There is no reason it should be any less true for services.

The jurisdictional issues are what interest me more from the blog’s point of view: the territorial scope of any removal or filtering obligation. In Google viz the GDPR and the data protection Directive, the Court confirmed my reading, against that of most others’, of Szpunar AG’s Opinion. EU law does not harmonise the worldwide removal issue. Reasons of personal indemnification may argue in specific circumstances for universal jurisdiction and ditto reach of injunctive relief on ‘right to be forgotten’ issues. Public international law and EU primary law are the ultimate benchmark (Google V CNIL). It is little surprise the Court held similarly in Eva Glawischnig-Piesczek, even if unlike in Google, it did not flag the arguments that might speak against such order. As I noted in my review of Google, for the GDPR and the data protection Directive, it is not entirely clear whether the Court suggests EU secondary law simply did not address extraterritoriality or decided against it. For the e-commerce Directive in Eva Glawischnig-Piesczek the Court notes at 50-52

Directive 2000/31 does not preclude those injunction measures from producing effects worldwide. However, it is apparent from recitals 58 and 60 of that directive that, in view of the global dimension of electronic commerce, the EU legislature considered it necessary to ensure that EU rules in that area are consistent with the rules applicable at international level.  It is up to Member States to ensure that the measures which they adopt and which produce effects worldwide take due account of those rules.

In conclusion, Member States may order a host provider to remove information covered by the injunction or to block access to that information worldwide within the framework of the relevant international law. To my knowledge, the Brussels Court of Appeal is the only national court so far to consider public international law extensively viz the issue of jurisdiction, and decided against it, nota bene in a case against Facebook Inc.

Any suggestion that the floodgates are open underestimates the sophisticated engagement of national courts with public international law.

In general, the CJEU’s approach is very much aligned with the US (SCOTUS in particular) judicial approach in similar extraterritoriality issues (sanctions law; export controls; ATS;…). There is no madness to the CJEU’s approach. Incomplete: sure (see deference to national courts and the clear lack of EU law-making up its legislative mind on the issues). Challenging and work in progress: undoubtedly. But far from mad.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2, Heading 2.2.8.2.5.

, , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Court of Justice in Google v CNIL sees no objection in principle to EU ‘Right to be forgotten’ leading to worldwide delisting orders. Holds that as EU law stands, however, it is limited to EU-wide application, leaves the door open to national authorities holding otherwise.

Many commentators were wrong-footed on reading Advocate-General Szpunar’s Opinion in C-505/17 Google Inc v Commission nationale de l’informatique et des libertés (CNIL), concerning the territorial limits to right to have search results delisted, more popularly referred to as ‘the right to erasure’ or the ‘right to be forgotten’ (‘RTBF’ – a product of the CJEU in Google Spain). Far from ruling out ‘extraterritorial’ or worldwide force of the right, the AG saw no objection to it in principle, even if he suggested non-application to the case at issue (he did so again in his Opinion in C-18/18 Eva Glawischnig-Piesczek v Facebook, which I review here and on which judgment is forthcoming next week).

The Court yesterday held (the Twitter storm it created was later somewhat drowned by the UK Supreme Court’s decision in the prorogation case) and overall confirmed the AG’s views. As with the AG’s Opinion, it is important to read the Judgment for what it actually says, not just how the headlines saw it. For immediate analysis, readers may also want to read Daphne Keller’s and Michèle Finck’s threads and Dan Svantesson’s impromptu assessment.

It is again important to point out that the French data protection authority’s (CNIL) decision at issue, 2016/054 is a general CNIL instruction to Google to carry out global delisting in instances where natural persons request removal; not a case-specific one. 

I have a case-note on the case and on C-137/17 (judgment also yesterday) forthcoming with Yuliya Miadzvetskaya, but here are my initial thoughts on what I think is of particular note.

1. The Court of Justice (in Grand Chamber) first of all, unusually, examines the questions in the light of both Directive 95/46, applicable to the facts at issue, and the GDPR Regulation ‘in order to ensure that its answers will be of use to the referring court in any event’ (at 41).

2. Next, at 52, the Court dismisses a fanciful distributive approach towards the computing reality of data processing:

Google’s establishment in French territory carries on, inter alia, commercial and advertising activities, which are inextricably linked to the processing of personal data carried out for the purposes of operating the search engine concerned, and, second, that that search engine must, in view of, inter alia, the existence of gateways between its various national versions, be regarded as carrying out a single act of personal data processing. The referring court considers that (and the CJEU clearly agrees, GAVC), in those circumstances, that act of processing is carried out within the framework of Google’s establishment in French territory.

3. At 55, the Court points out that de-referencing carried out on all the versions of a search engine would meet the objective of data protection in full, particularly (at 56) given the fact that ‘(t)he internet is a global network without borders and search engines render the information and links contained in a list of results displayed following a search conducted on the basis of an individual’s name ubiquitous (the Court restating here its finding in both Google Spain and Bolagsupplysningen). 

At 58 the Court employs that finding of ubiquitousness to ‘justify the existence of a competence on the part of the EU legislature to lay down the obligation, for a search engine operator, to carry out, when granting a request for de-referencing made by such a person, a de-referencing on all the versions of its search engine.’ No grand statements on public international law’s views on adjudicative extraterritoriality /universality. Just a simple observation.

The Court subsequently however (at 59-60) notes other States’ absence of a right to de-referencing and their different views on the balancing act between privacy and freedom of speech in particular. At 61-62 it then notes

While the EU legislature has, in Article 17(3)(a) of Regulation 2016/679, struck a balance between that right and that freedom so far as the Union is concerned (see, to that effect, today’s judgment, GC and Others (De-referencing of sensitive data), C‑136/17, paragraph 59), it must be found that, by contrast, it has not, to date, struck such a balance as regards the scope of a de-referencing outside the Union.

In particular, it is in no way apparent from the wording of Article 12(b) and subparagraph (a) of the first paragraph of Article 14 of Directive 95/46 or Article 17 of Regulation 2016/679 that the EU legislature would, for the purposes of ensuring that the objective referred to in paragraph 54 above is met, have chosen to confer a scope on the rights enshrined in those provisions which would go beyond the territory of the Member States and that it would have intended to impose on an operator which, like Google, falls within the scope of that directive or that regulation a de-referencing obligation which also concerns the national versions of its search engine that do not correspond to the Member States.

In other words the Court has adopted the same approach as the United States Supreme Court has done in Morrison v. National Australia Bank; and Kiobel: there is a presumption against extraterritoriality, however it is not excluded. In the absence of indications of the legislator wish to extend the right to delisting extraterritorially it does not so exist in the current state of the law.

4. At 63 the Court hints at what might be required as part of such future potential extraterritorial extension: EU law does not currently provide for cooperation instruments and mechanisms as regards the scope of a de-referencing outside the Union – in contrast with the regime it has intra-EU. This also hints at the CJEU taking a more multilateral approach to the issue than its SCOTUS counterpart.

5. At 69 the Court then adds that intra-EU, a delisting order covering all of the search engine’s EU extensions is both possible and may be appropriate: co-operation between authorities may lead to ‘where appropriate, a de-referencing decision which covers all searches conducted from the territory of the Union on the basis of that data subject’s name.’

6. A final twist then follows at 72:

Lastly, it should be emphasised that, while, as noted in paragraph 64 above, EU law does not currently require that the de-referencing granted concern all versions of the search engine in question, it also does not prohibit such a practice. Accordingly, a supervisory or judicial authority of a Member State remains competent to weigh up, in the light of national standards of protection of fundamental rights (references to CJEU authority omitted, GAVC), a data subject’s right to privacy and the protection of personal data concerning him or her, on the one hand, and the right to freedom of information, on the other, and, after weighing those rights against each other, to order, where appropriate, the operator of that search engine to carry out a de-referencing concerning all versions of that search engine.

Here I do not follow the Court: one could argue that the harmonised EU’s approach is currently not to extend the right to delisting extraterritorially. The Court on the other hand seems to be suggesting that the extraterritoriality issue was not discussed in the Directive or Regulation, that EU law does not occupy (‘pre-empt’) that regulatory space and consequently leaves it up to the Member States to regulate that right. (Update 27 September 2019: Other interpretations are collated here).

I shall need more detailed reading of the GDPR’s preparatory works to form a view as to whether the extraterritorial element was considered, and rejected, or simply not discussed. However I also want to already point out that if the decision is left to the Member States, the case-law and theory of pre-emption clarifies that such national action has to be taken in full compatibility with EU law. including free movement of services, say, which Google may rightfully invoke should there be a disproportionate impact on the Internal Market.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2, Heading 2.2.8.2.5.

, , , , , , , , , , , , , , , , , , , , , , , ,

1 Comment

Brussels Court of Appeal rejects jurisdiction against Facebook Inc, Facebook Ireland in privacy, data protection case.

The Brussels Court of Appeal held early May in a lengthy and scholarly judgment that it sees no ground in either public international law, or European law, for jurisdiction of the Belgian courts against Facebook Ireland and Facebook Inc (Palo Alto, California). I reported on the litigation inter alia here. I believe the Court is right, as readers of the blog know from my earlier postings.

Belgium’s Data Protection Authority (DPA) does not signal the rejection of jurisdiction against FB Ireland and FB Inc in its press release, however even its 3 page extract from the 121 page judgment clearly shows it (first bullet-point).

The questions which the Court of Appeal has sent up to Luxembourg concern Facebook Belgium only. The Court in the full judgment does not qualify FB Belgium’s activities as data processing. However it has very specific questions on the existence and extent of powers for DPAs other than the leading authority under the GDPR, including the question whether there is any relevance to the fact that action has started prior to the entry into force of the GDPR (25 May 2018). The Court is minded to interpret the one-stop shop principle extensively however it has doubt given the CJEU’s judgment in Fanpages

Crucial and so far, I believe, fairly unreported. (My delay explained by the possibility for use as an essay exam question – which eventually I have not).

Geert.

(Handbook of) EU private international law, 2nd ed.2016, chapter 2, Heading 2.2.8.2.5.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

%d bloggers like this: