Posts Tagged Extraterritoriality
For background to the Microsoft Ireland case under the Stored Communications Act (SCA), see here. The issue is essentially whether the US Justice Department may force Microsoft to grant access to e-mails stored on Irish servers.
With a group of EU data protection and conflicts lawyers, we have filed an amicus curiae brief in the case at the United States Supreme Court last week, arguing that the Court should interpret the SCA to apply only to data stored within the United States, leaving to Congress the decision whether and under what circumstances to authorize the collection of data stored in other countries.
There is not much point in me rehashing the arguments here: happy reading.
Apologies for late reporting. Bot AG opined end of October in C‑210/16 Fansites. [The official name of the case is Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH, in the presence of Facebook Ireland Ltd, Vertreter des Bundesinteresses beim Bundesverwaltungsgericht. It’s obvious why one prefers calling it Fansites].
The Advocate-General summarises (para 2-3) the case as involving ‘proceedings between the Wirtschaftsakademie Schleswig-Holstein GmbH, a company governed by private law and specialising in the field of education (‘the Wirtschaftsakademie’), and the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, a regional data-protection authority in Schleswig-Holstein (‘ULD’) concerning the lawfulness of an order issued by the latter against the Wirtschaftsakademie requiring it to deactivate a ‘fan page’ hosted on the website of Facebook Ireland Ltd. The reason for that order was the alleged infringement of the provisions of German law transposing Directive 95/46. Specifically, visitors to the fan page were not warned that their personal data are collected by the social network Facebook (‘Facebook’) by means of cookies that are placed on the visitor’s hard disk, the purpose of that data collection being to compile viewing statistics for the administrator of the fan page and to enable Facebook to publish targeted advertisements.’
The case ought to clarify the extent of the powers of intervention of supervisory authorities such as ULD with regard to the processing of personal data which involves the participation of several parties (at 13). I had flagged earlier that this case is relevant to the jurisdictional and applicable law issues involving datr cookies.
Whatever the outcome of the case, its precedent value will be limited by the imminent entry into force of the new General Data Protection Regulation – GDPR. The GDPR clearly introduces a ‘one-stop principle’ with only one lead authority (in FB’s case, Ireland’s data protection agency) having the authority to act (see also the AG’s observation of same in para 103).
As prof Lorna Woods in excellent analysis observes, the issue comes down to the interpretation of the phrase from Art. 4(1)(a), ‘in the context of the activities of an establishment’. Dan Svantesson has most superb analysis of Article 4(1)(a) here, anyone interested in the issue will find his insight most helpful.
Now, the Advocate-General leans heavily on Weltimmo however I would suggest its precedent value for the Fanpages case is constrained. Weltimmo concerned a company set up in Slovakia but with no relevant activities at all in that Member State. Indeed as the Court itself observed (at 16-18) , the company was effectively male fide (my words, not the CJEU’s) moving its servers and creating fog as to its exact whereabouts. In other words a case of blatant abuse. There is no suggestion of abuse in Fanpages. Moreover according to the CJEU in C-230/14 Weltimmo the phrase ‘in the context of the activities of an establishment’ cannot be interpreted restrictively (AG’s reference in para 87), yet that CJEU holding in Weltimmo cross-refers to Google Spain in which the crucial issue was whether EU data protection laws apply at all. That is very different in Weltimmo and in Fanpages. That EU authorities have jurisdiction and that EU privacy law applies is not at issue.
There is sufficient argument to find in the Directive, even before its transformation into the GDPR, that in cases such as these the same processing operation ought to be governed by the laws of just one Member State. It would be good for the CJEU to recognise that even before the entry into force of the GDPR.
(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 188.8.131.52.5.
This posting is really addressed to those with more of a full-time interest in competition law than yours truly. Particularly in the extraterritorial effect of same. In  EWHC 2420 (Ch) Emerald Supplies et al v British Airways defendants contend that as a matter of law there can be no claim for damages arising from the cartel at issue insofar as it affected freight charges between the EU and third countries on flights before 1 May 2004. That was the date on which air transport between the EU and third countries was brought within the regime implementing the EU competition rules set out in Regulation 1/2003.
Rose J after careful analysis sides with the defendants and rejects reference to the CJEU, citing acte clair (enough analysis of the CJEU on the same and related issues- I believe she is right). Happy reading.
Twitter injunctions – Twinjunctions if you like, rather like Facebook or Google Removal orders, provide classic scenarios for the consideration of the territorial scope of injunctive and enforcement proceedings. Michael Douglas has great review of  NSWSC 1300 X v Twitter. [P.s. 27 November: Michael has more analysis here]. On 28 September 2017, the Supreme Court of New South Wales awarded its final injunction with global reach, directed towards Twitter Inc (based at CAL) and its Irish counterpart, Twitter International Company.
Now, what is refreshing about Pembroke J’s review of the issues is his non-doctrinal analysis of the issue of jurisdiction. He emphasises that there is a long history of courts of equity making in personam orders that are intended to operate extra-territorially (the Court’s jurisdiction is one in equity); (at 40) that Twitter unlike other defendants may disagree with the ruling but will not seek to avoid its social responsibility; that there is a public interest in issuing the worldwide order (and in enforcing it: Pembroke J flags that there are Australia-based assets against which enforcement may be sought); and that given his experience with Twitter, it can be expected to use its best endeavours to give effect to the proposed orders, despite its objection that it is not feasible to pro-actively monitor user content.
Eventually of course the trouble with such an assessment, without consideration of wider issues of public and private international law, is that the issuing, or not, of orders of this kind by the courts, depends on the defendant’s attitude towards compliance. That is hardly a solution serving equal access to the law or indeed equity.
Update 8 November 2017 thank you Dan Svantesson for alerting me to Google seeking preliminary injuntive relief against the order’s enforement in the US. relief which, update 5 February 2018, was granted.
Thank you Stephen Pittel for alerting me to 2017 SCC 34 Google Inc. v Equustek Solutions Inc. – alternative review ia here, and apologies for my late reporting: the case came to my attention late June. I have of course posted before on various aspects of worldwide removal and other orders, particularly in the context of the EU’s ‘right to be forgotten’.
Equustek sued Datalink for various intellectual property violations and found alleged insufficient co-operation from Google in making it difficult for users to come across Datalink’s offerings. Google seemingly did not resist jurisdiction, but did resist the injunction and any ex-Canada effect of same.
The majority in the case however essentially applied an effet utile consideration: if as it found it did, it has in personam jurisdiction over defendant, an extraterritorial reach is not problematic if that is the only way to make the order effective. An order limited to searches or websites in Canada would not have addressed the harm: see Stephen’s verbatim comment (referring to para 38 of the judgment). Google was ordered to de-index globally.
Dissenting opinions suggested Datalink could be sued in France, too, however this I suppose does not address the effet utile consideration of the majority.
As Bot AG put it, Joined Cases C-24 and 25/16 Nintendo v Big Ben gave the Court an opportunity to determine the territorial scope of a decision adopted by a court of a Member State in respect of two co-defendants domiciled in two different Member States concerning claims supplementary to an action for infringement brought before that court.
The case concerns the relation between Brussels I and Regulation 6/2002 – which was last raised in the recent BMW case, particularly as for the former, the application of Article 6(1) (now 8(1))’s rule on anchor defendants. And finally the application of Rome II’s Article 8(2): the identification of the ‘country in which the act of infringement was committed’. In this post I will focus on the impact for Brussels I (Recast) and Rome II.
The Landgericht held that there had been an infringement by BigBen Germany and BigBen France of Nintendo’s registered Community designs. However, it dismissed the actions in so far as they concerned the use of the images of the goods corresponding to those designs by the defendants in the main proceedings.
The Landgericht ordered BigBen Germany to cease using those designs throughout the EU and also upheld, without territorial limitation, Nintendo’s supplementary claims seeking that it be sent various information, accounts and documents held by the defendants in the main proceedings, that they be ordered to pay compensation and that the destruction or recall of the goods at issue, publication of the judgment and reimbursement of the lawyers’ fees incurred by Nintendo be ordered (‘the supplementary claims’).
As regards BigBen France, the Landgericht held that it had international jurisdiction in respect of that company and ordered it to cease using the protected designs at issue throughout the EU. Concerning the supplementary claims, it limited the scope of its judgment to BigBen France’s supplies of the goods at issue to BigBen Germany, but without limiting the territorial scope of its judgment. It considered the applicable law to be that of the place of infringement and took the view that in the present case that was German, Austrian and French law.
BigBen France contends that the German courts lack jurisdiction to adopt orders against it that are applicable throughout the EU: it takes the view that such orders can have merely national territorial scope. Nintendo ia takes the view that German law should be applied to its claims relating to BigBen Germany and French law to those relating to BigBen France.
At 52 the CJEU holds that ‘Taking into account the objective pursued by Article 6(1) of Regulation No 44/2001, which seeks inter alia to avoid the risk of irreconcilable judgments, the existence of the same situation of fact must in such circumstances — if proven, which is for the referring court to verify, and where an application is made to that effect — cover all the activities of the various defendants, including the supplies made by the parent company on its own account, and not be limited to certain aspects or elements of them.’
If I understand this issue correctly (it is not always easy to see the jurisdictional forest for the many IP trees in the judgment), this means the Court restricts the potential for the use of anchor defendants in Article 8(1): the more facts one needs to take into account, the less likely these will be the ‘same’ that matter for the alleged infringement of the anchor defendant.
As for the application of Article 8(2) Rome II, at 98 and following inter alia analysis of the various language versions of the Article, the CJEU equates the notion ‘country in which the act of infringement is committed’ with the locus delicti commissi: ‘it refers to the country where the event giving rise to the damage occurred, namely the country on whose territory the act of infringement was committed.‘ At 103: ‘…where the same defendant is accused of various acts of infringement falling under the concept of ‘use’ within the meaning of Article 19(1) of Regulation No 6/2002 in various Member States, the correct approach for identifying the event giving rise to the damage is not to refer to each alleged act of infringement, but to make an overall assessment of that defendant’s conduct in order to determine the place where the initial act of infringement at the origin of that conduct was committed or threatened.’
At 108 the Court rules what this means in the case at issue: ‘the place where the event giving rise to the damage occurred within the meaning of Article 8(2) of [Rome II] is the place where the process of putting the offer for sale online by that operator on its website was activated’.
At 99 however it warns expressly that this finding must be distinguished as being issued within the specific context of infringement of intellectual property rights: Regulation 6/2002 as well as Rome II in its specific intention for IP rights, aims to guarantee predictability and unity of a singly connecting factor. This is a very important caveat: for while this approach by the CJEU assists with predictability, it also hands means for applicable law shopping and, were the Court’s approach for locus delicti commissi in IP infringement extended to jurisdiction, for forum shopping, too.
(Handbook of) EU private international law, 2nd ed. 2016, Chapter 2, Heading 184.108.40.206; Chapter 3.