Posts Tagged Facebook

Brussels Court of Appeal rejects jurisdiction against Facebook Inc, Facebook Ireland in privacy, data protection case.

The Brussels Court of Appeal held early May in a lengthy and scholarly judgment that it sees no ground in either public international law, or European law, for jurisdiction of the Belgian courts against Facebook Ireland and Facebook Inc (Palo Alto, California). I reported on the litigation inter alia here. I believe the Court is right, as readers of the blog know from my earlier postings.

Belgium’s Data Protection Authority (DPA) does not signal the rejection of jurisdiction against FB Ireland and FB Inc in its press release, however even its 3 page extract from the 121 page judgment clearly shows it (first bullet-point).

The questions which the Court of Appeal has sent up to Luxembourg concern Facebook Belgium only. The Court in the full judgment does not qualify FB Belgium’s activities as data processing. However it has very specific questions on the existence and extent of powers for DPAs other than the leading authority under the GDPR, including the question whether there is any relevance to the fact that action has started prior to the entry into force of the GDPR (25 May 2018). The Court is minded to interpret the one-stop shop principle extensively however it has doubt given the CJEU’s judgment in Fanpages

Crucial and so far, I believe, fairly unreported. (My delay explained by the possibility for use as an essay exam question – which eventually I have not).

Geert.

(Handbook of) EU private international law, 2nd ed.2016, chapter 2, Heading 2.2.8.2.5.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

The internet’s not written in pencil, it’s written in ink. Szpunar AG in Eva Glawischnig-Piesczek v Facebook, re i.a. jurisdiction and removal of hate speech. (As well as confirming my reading of his Opinion in Google).

Case C-18/18 Eva Glawischnig-Piesczek v Facebook as I noted in my short first review of the case, revolves around Article 15 of the E-Commerce Directive. Does Article 15 prohibit the imposition on a hosting provider (Facebook, in this case) of an obligation to remove not only notified illegal content, but also identical and similar content, at a national or worldwide level?

Szpunar AG in his Opinion kicks off with a memorable Erica Albright quote from The Social Network:  The internet’s not written in pencil, [Mark], it’s written in ink’. 

His Opinion to a large degree concerns statutory interpretation on filtering content, which Daphne Keller has already reviewed succinctly here and which is not the focus of this blog. The jurisdictional issues are what interest me more: the territorial scope of any removal obligation.

Firstly, Szpunar AG matter of factly confirms my reading, against that of most others’, of his Opinion in C-505/17 Google: at 79:

‘in my Opinion in that case I did not exclude the possibility that there might be situations in which the interest of the Union requires the application of the provisions of that directive beyond the territory of the European Union.’

Injunctions (ordering removal) are necessarily based on substantive considerations of national law (in the absence of EU harmonisation of defamation law); which law applies is subject to national, residual conflicts rules (in the absence of EU harmonisation at the applicable law, level, too): at 78. Consequently, a Court’s finding of illegality (because of its defamatory nature) of information posted may well have been different had the case been heard by a court in another Member State. What is however harmonised at the EU level, is the jurisdiction for the civil and commercial damage following from defamation: see e-Date, in particular its centre of interests rule which leads to an all-encompassing, universal’ jurisdiction for the damages resulting from the defamation.

Separate from that is the consideration of the territorial extent of the removal obligation. Here, the AG kicks off his analysis at 88 ff by clearly laying out the limits of existing EU harmonisation: the GDPR and data protection Directive harmonise issues of personal data /privacy: not what claimant relies on. Directive 2000/31 does not regulate the territorial effects of injunctions addressed to information society service providers. Next, it is difficult, in the absence of regulation by the Union with respect to harm to private life and personality rights, to justify the territorial effects of an injunction by relying on the protection of fundamental rights guaranteed in Articles 1, 7 and 8 of the Charter: the scope of the Charter follows the scope of EU law and not vice versa. In the present case, as regards its substance, the applicant’s action is not based on EU law. Finally, Brussels Ia does not regulate the extra-EU effects of injunctions.

In conclusion therefore EU law does not regulate the question of extraterritorial reach in casu.

For the sake of completeness, the AG does offer at 94 ff ‘a few additional observations’ as regards the removal of information disseminated worldwide via a social network platform. At 96 he refers to the CJEU’s judgment in Bolagsupplysningen which might implicitly have acknowledged universal jurisdiction, to conclude at 100 (references omitted)

the court of a Member State may, in theory, adjudicate on the removal worldwide of information disseminated via the internet. However, owing to the differences between, on the one hand, national laws and, on the other, the protection of the private life and personality rights provided for in those laws, and in order to respect the widely recognised fundamental rights, such a court must, rather, adopt an approach of self-limitation. Therefore, in the interest of international comity…, that court should, as far as possible, limit the extraterritorial effects of its junctions concerning harm to private life and personality rights. The implementation of a removal obligation should not go beyond what is necessary to achieve the protection of the injured person. Thus, instead of removing the content, that court might, in an appropriate case, order that access to that information be disabled with the help of geo-blocking.

There are very sound and extensive references to scholarship in the footnotes to the Opinion, including papers on the public /private international law divide and the shifting nature of same (the Brussels Court of Appeal recently in the Facebook case justifiably found jurisdictional grounds in neither public nor private international law, to discipline Facebook Ireland and Facebook Inc for its datr-cookies placed on Belgian users of FB).

I find the AG’s Opinion convincing and complete even in its conciseness. One can analyse the jurisdictional issues until the cows come home. However, in reality reasons of personal indemnification may argue in specific circumstances for universal jurisdiction and ditto reach of injunctive relief. However these bump both into the substantial trade-off which needs to be made between different fundamental rights (interest in having freedom removed v freedom of information), and good old principles of comitas gentium aka comity. That is not unlike the US judicial approach in similar issues.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2, Heading 2.2.8.2.5.

, , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Eva Glawischnig-Piesczek v Facebook. Hate speech at the CJEU.

In Case C-18/18, Eva Glawischnig-Piesczek v Facebook, the Austrian Supreme Court has referred a ‘hate speech’ case to Luxembourg – hearing will be tomorrow, 12 February. The Case revolves around Article 15 of the E-Commerce Directive: one sentence Twitter summary comes courtesy of Tito Rendas: does Article 15 prohibit the imposition on a hosting provider (Facebook, in this case) of an obligation to remove not only notified illegal content, but also identical and similar content, at a national or worldwide level?

Mirko Brüß has more extensive analysis here. I used the case in my class with American University (my students will be at the hearing tomorrow), to illustrate the relationship between secondary and primary law, but also the art in reading EU secondary law (here: A15 which limits what can be imposed upon a provider; and the recitals of the Directive which seem to leave more leeway to the Member States; particularly in the light of the scant harmonisation of tort law in the EU). To readers of the blog the case is probably more relevant in light of the questions on territorial scope: if a duty to remove may be imposed, how wide may the order reach? It is in this respect that the case is reminiscent of the Google etc. cases.

Yet another one to look out for.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2, Heading 2.2.8.2.5.

, , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Protection of privacy and private international law. Interim ILA report.

A short post effectively to deposit relevant documentation on the issue of privacy and private international law – which I frequently report on on the blog (e.g. use tag ‘rtbf’, or ‘internet’, or ‘privacy’, ‘Facebook’, or ‘Google’; see i.a. my recent posts re Facebook, Google , Schrems, etc.

Max Planck Luxembourg have the interim report on the International Law Association’s draft guidelines on jurisdiction and applicable law re privacy on their website, featuring many of the cases I have reported on over the years.

Happy reading.

Geert.

 

, , , , , , , , , , , ,

Leave a comment

EDPB guidelines on the territorial reach of the GDPR: Some clear conflicts overlap.

GDPR (General Data Protection Regulation) aficionados will have already seen the draft guidelines published by the EDPB – the European data protection board – on the territorial scope of the Regulation.

Of particular interest to conflicts lawyers is the Heading on the application of the ‘targeting’ criterion of GDPR’s Article 3(2). There are clear overlaps here between Brussels I, Rome I, and the GDPR and indeed the EDPB refers to relevant case-law in the ‘directed at’ criterion in Brussels and Rome.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2.3, Heading 2.2.8.2.5.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Facebook appeal against UK fine puts territoriality of data protection in the spotlight.

I have an ever-updated post on Google’s efforts to pinpoint the exact territorial dimension of the EU’s data protection regime, GDPR etc. Now, Facebook are reportedly (see also here) appealing a fine imposed by the UK’s data protection authority in the wake of the Cambridge Analytica scandal. Facebook’s point at least as reported is that the breach did not impact UK users.

The issue I am sure exposes Facebook in the immediate term to PR challenges. However in the longer term it highlights the need to clarify the proper territorial reach of both data protection laws and their enforcement.

One to look out for.

Geert.

 

, , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Li Shengwu, Singapore: Serving out of jurisdiction in contempt of court cases.

Many thanks to Filbert Lam, a former student of mine, for alerting me to another interesting case in comparative conflict of laws: the story of Li Shengwu is recalled here.

The Singapore Prime Minister’s nephew made remarks in a Facebook post, which were allegedly contemptuous of the judiciary. When he made those remarks, he was located in the US, where he intends to stay (and work). The Attorney-General’s Chambers (AGC) wants to serve the summons on him in the US. Under what circumstances can this be done and what is the impact of a procedural law seemingly assisting the AGC in serving the summons, but which would have to be applied retroactively in the case at issue?

The Court of Appeal proceeding will be one to look out for.

Geert.

, , , , , , , ,

Leave a comment

%d bloggers like this: