Posts Tagged Facebook

Li Shengwu, Singapore: Serving out of jurisdiction in contempt of court cases.

Many thanks to Filbert Lam, a former student of mine, for alerting me to another interesting case in comparative conflict of laws: the story of Li Shengwu is recalled here.

The Singapore Prime Minister’s nephew made remarks in a Facebook post, which were allegedly contemptuous of the judiciary. When he made those remarks, he was located in the US, where he intends to stay (and work). The Attorney-General’s Chambers (AGC) wants to serve the summons on him in the US. Under what circumstances can this be done and what is the impact of a procedural law seemingly assisting the AGC in serving the summons, but which would have to be applied retroactively in the case at issue?

The Court of Appeal proceeding will be one to look out for.

Geert.

, , , , , , , ,

Leave a comment

On soggy grounds. The GDPR and jurisdiction for infringement of privacy.

Many thanks to Julien Juret for asking me contribute to l’Observateur de Bruxelles, the review of the French Bar representation in Brussels (la Délégation des barreaux de France). I wrote this piece on the rather problematic implications of the GDPR, the General Data Protection Regulation, on jurisdictional grounds for invasion of privacy.

I conclude that the Commission’s introduction of Article 79 GDPR without much debate or justification, will lead to a patchwork of fora for infringement of personality rights. Not only will it take a while to settle the many complex issues which arise in their precise application. Their very existence arguably will distract from harmonised compliance of the GDPR rules.

I owe Julien and his colleagues the French translation (as well as their patience in my late delivery) for I wrote the piece initially in English. Readers who would like to receive a copy of that EN original, please just send me an e-mail. (Or try here, which if it works should have both the FR and the EN version).

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2.5.

, , , , , , , , , ,

1 Comment

Handing over. ‘Joint control’ in Fansites.

Choices, choices. I will continue to follow the GDPR for jurisdictional purposes, including territorial scope. (And I have a paper coming up on conflict of laws issues in the private enforcement of same). But for much of the GDPR enforcement debate, I am handing over to others. Johannes Marosi, for instance, who reviews the CJEU judgment this week in Fansites, over at Verfassungsblog. I reviewed the AG’s Opinion here.

Judgment in Grand Chamber but with small room for cheering.

As Johannes’ post explains, there are many loose ends in the judgment, and little reference to the GDPR (technically correct but from a compliance point of view wanting). (As an aside: have a look at Merlin Gömann’s paper, in CMLREv, on the territorial scope of the GDPR).

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2.5.

 

 

, , , , , , , , , , , , , , ,

3 Comments

One of those groundhog days. The Brussels Court of First instance on Facebook, privacy, Belgium and jurisdiction.

I have flagged once or twice that the blog is a touch behind on reporting – I hope to be on top soon.

I blogged a little while ago that the Brussels Court of Appeal had sided with Facebook in their appeal against the Court of first instance’s finding of Belgian jurisdiction. I had earlier argued that the latter was wrong. These earlier skirmishes were in interim proceedings. Then, in February, the Court of First instance, unsurprisingly, reinstated its earlier finding, this time with a bit more substantial flesh to the bone.

First, a bit of Belgian surrealism. In an interlocutory ruling the court had requested FB to produce full copy of the Court of Appeal’s judgment upon which it relied for some of its arguments. Perhaps given the appalling state of reporting of Belgian case-law, this finding should not surprise. Yet it remains an absurd notion that parties should produce copies at all of Belgian judgments, not in the least copies of a Court of Appeal which is literally one floor up from the Court of first instance.

Now to the judgment. The court first of all confirms that the case does not relate to private international law for the privacy commission acts iure imperii (I summarise). Then follows a very lengthy and exhaustive analysis of Belgium’s jurisdiction on the basis of public international law. Particularly given the excellent input of a number of my public international law colleagues, this part of the judgment is academically interesting nay exciting – but also entirely superfluous. For any Belgian jurisdiction grounded in public international law surely is now exhausted regulated by European law, Directive 95/46 in particular.

In finally reviewing the application of that Directive, and inevitably of course with reference to Weltimmo etc. the Court essentially assesses whether Facebook Belgium (the jurisdictional anchor) carries out activities beyond mere representation vis-a-vis the EU institutions, and finds that it does carry out commercial activities directed at Belgian users. That of course is a factual finding which requires au faitness which the employees’ activities.

Judgment is being appealed by Facebook – rightly so I believe. Of note is also that once the GDPR applies, exclusive Irish jurisdiction is clear.

Geert.

 

 

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

1 Comment

Douez v Facebook: Consumers as protected categories in Canadian conflict of laws.

Postscript 16 May 2018 Tanya Monestier article re same here.

Thank you Stephen Pittel for flagging 2017 SCC 33 Douez v Facebook Inc.  Stephen also discusses the forum non conveniens issue and I shall leave that side of the debate over to him. What is interesting for comparative purposes is the Supreme Court’s analysis of the choice of court clause in consumer contracts, which it refuses to enforce under public policy reasons, tied to two particular angles:

  • ‘The burdens of forum selection clauses on consumers and their ability to access the court system range from added costs, logistical impediments and delays, to deterrent psychological effects. When online consumer contracts of adhesion contain terms that unduly impede the ability of consumers to vindicate their rights in domestic courts, particularly their quasi-constitutional or constitutional rights, public policy concerns outweigh those favouring enforceability of a forum selection clause.’ (emphasis added)

Infringement of privacy is considered such quasi-constitutional right.

  • ‘Tied to the public policy concerns is the “grossly uneven bargaining power” of the parties. Facebook is a multi-national corporation which operates in dozens of countries. D is a private citizen who had no input into the terms of the contract and, in reality, no meaningful choice as to whether to accept them given Facebook’s undisputed indispensability to online conversations.’

With both angles having to apply cumulatively, consumers are effectively invited to dress up their suits as involving a quasi-constitutional issue, even if all they really want is their PSP to be exchanged, so to speak. I suspect however Canadian courts will have means of sorting the pretended privacy suits from the real ones.

A great judgment for the comparative binder (see also Jutta Gangsted and mine paper on forum laboris in the EU and the US here).

, , , , , , , , , , , , , ,

Leave a comment

Schrems v Facebook. Consumer class actions and social media.

I reported on Bobek AG’s Opinion in Schrems v Facebook when it came out last year. The CJEU held this morning (judgment so far in FR and DE only) and largely confirms the AG’s Opinion.

As I noted at the time, the long and the short of the case is whether the concept of ‘consumer’ under the protected categories of Brussels I (and Recast) is a dynamic or a static one; and what kind of impact assignment has on jurisdiction for protected categories.

On the first issue, Mr Schrems points to his history as a user, first having set up a personal account, subsequently, as he became the poster child for opposition to social media’s alleged infringement of privacy, a Facebook page. Each of those, he suggests, are the object of a separate contract with Facebook. FB suggests they are part of one and the same, initial contractual relationship. This one assumes, would assist FB with its line of argument that Herr Schrems’ initial use may have been covered by the forum consumentis, but that his subsequent professional use gazumps that initial qualification.

The Court suffices at 36 with the simple observation that the qualification as a single or dual contract is up to the national court (see inter alia the Gabriel, Engler and Ilsinger conundrum: Handbook, Chapter 2, Heading 2.2.11.1.a and generally the difficulties for the CJEU to force a harmonised notion of ‘contract’ upon the Member States), yet that nevertheless any such qualification needs to take into account the principles of interpretation of Brussels I’s protected categories: in particular, their restrictive interpretation. Whence it follows, the Court holds, that the interpretation needs to be dynamic, taking into account the subsequent (professional or not) use of the service: at 37-38: ‘il y a notamment lieu de tenir compte, s’agissant de services d’un réseau social numérique ayant vocation à être utilisés pendant une longue durée, de l’évolution ultérieure de l’usage qui est fait de ces services. Cette interprétation implique, notamment, qu’un requérant utilisateur de tels services pourrait invoquer la qualité de consommateur seulement si l’usage essentiellement non professionnel de ces services, pour lequel il a initialement conclu un contrat, n’a pas acquis, par la suite, un caractère essentiellement professionnel.’

The Court does add at 39-40 that acquired or existing knowledge of the sector or indeed the mere involvement in collective representation of the interests of the service’s users, has no impact on the qualification as a ‘consumer’: only professional use of the service does. (The Court in this respect refers to Article 169(1) TFEU’s objective to assist consumers with the representation of their collective interest).

On this point therefore the Court unlike the AG attaches more weight to restrictive interpretation than to predictability. (Bobek AG’s approach to the issue of dynamic /static was expressed more cautiously).

As for the assignment issue, the Court sides squarely with its AG: the assigned claims cannot be pursued in the jurisdiction which is the domicile of the assignee. That in my view de lega lata makes perfect sense.

Geert.

(Handbook of) EU private international law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Bot AG in Fansites. No cheers for unified applicable data protection laws.

Apologies for late reporting. Bot AG opined end of October in C‑210/16 Fansites. [The official name of the case is Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH, in the presence of Facebook Ireland Ltd, Vertreter des Bundesinteresses beim Bundesverwaltungsgericht. It’s obvious why one prefers calling it Fansites].

The Advocate-General summarises (para 2-3) the case as involving ‘proceedings between the Wirtschaftsakademie Schleswig-Holstein GmbH, a company governed by private law and specialising in the field of education (‘the Wirtschaftsakademie’), and the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, a regional data-protection authority in Schleswig-Holstein (‘ULD’) concerning the lawfulness of an order issued by the latter against the Wirtschaftsakademie requiring it to deactivate a ‘fan page’ hosted on the website of Facebook Ireland Ltd. The reason for that order was the alleged infringement of the provisions of German law transposing Directive 95/46. Specifically, visitors to the fan page were not warned that their personal data are collected by the social network Facebook (‘Facebook’) by means of cookies that are placed on the visitor’s hard disk, the purpose of that data collection being to compile viewing statistics for the administrator of the fan page and to enable Facebook to publish targeted advertisements.’

The case ought to clarify the extent of the powers of intervention of supervisory authorities such as ULD with regard to the processing of personal data which involves the participation of several parties (at 13). I had flagged earlier that this case is relevant to the jurisdictional and applicable law issues involving datr cookies.

Whatever the outcome of the case, its precedent value will be limited by the imminent entry into force of the new General Data Protection Regulation – GDPR. The GDPR clearly introduces a ‘one-stop principle’ with only one lead authority (in FB’s case, Ireland’s data protection agency) having the authority to act (see also the AG’s observation of same in para 103).

As prof Lorna Woods in excellent analysis observes, the issue comes down to the interpretation of the phrase from Art. 4(1)(a), ‘in the context of the activities of an establishment’. Dan Svantesson has most superb analysis of Article 4(1)(a) here, anyone interested in the issue will find his insight most helpful.

Now, the Advocate-General leans heavily on Weltimmo however I would suggest its precedent value for the Fanpages case is constrained. Weltimmo concerned a company set up in Slovakia but with no relevant activities at all in that Member State. Indeed as the Court itself observed (at 16-18) , the company was effectively male fide (my words, not the CJEU’s) moving its servers and creating fog as to its exact whereabouts. In other words a case of blatant abuse. There is no suggestion of abuse in Fanpages. Moreover according to the CJEU in C-230/14 Weltimmo the phrase ‘in the context of the activities of an establishment’ cannot be interpreted restrictively (AG’s reference in para 87), yet that CJEU holding in Weltimmo cross-refers to Google Spain in which the crucial issue was whether EU data protection laws apply at all. That is very different in Weltimmo and in Fanpages. That EU authorities have jurisdiction and that EU privacy law applies is not at issue.

There is sufficient argument to find in the Directive, even before its transformation into the GDPR, that in cases such as these the same processing operation ought to be governed by the laws of just one Member State. It would be good for the CJEU to recognise that even before the entry into force of the GDPR.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2.5.

 

 

, , , , , , , , , , , , , ,

Leave a comment

%d bloggers like this: