Posts Tagged Google Spain
GDPR (General Data Protection Regulation) aficionados will have already seen the draft guidelines published by the EDPB – the European data protection board – on the territorial scope of the Regulation.
Of particular interest to conflicts lawyers is the Heading on the application of the ‘targeting’ criterion of GDPR’s Article 3(2). There are clear overlaps here between Brussels I, Rome I, and the GDPR and indeed the EDPB refers to relevant case-law in the ‘directed at’ criterion in Brussels and Rome.
(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 220.127.116.11.3, Heading 18.104.22.168.5.
I have an ever-updated post on Google’s efforts to pinpoint the exact territorial dimension of the EU’s data protection regime, GDPR etc. Now, Facebook are reportedly (see also here) appealing a fine imposed by the UK’s data protection authority in the wake of the Cambridge Analytica scandal. Facebook’s point at least as reported is that the breach did not impact UK users.
The issue I am sure exposes Facebook in the immediate term to PR challenges. However in the longer term it highlights the need to clarify the proper territorial reach of both data protection laws and their enforcement.
One to look out for.
Right to be forgotten v Right to know. In Townsend v Google Inc and Google UK the Northern Irish High Court emphasises public interest in open justice.
In  NIQB 81 Townsend v Google Inc. & Anor the Northern Ireland High Court refused service our of jurisdiction in relation to a request for Google (UK and Inc.) to de-list a number of urls relating to reports on sexual and other criminal offences committed by plaintiff.
Plaintiff seeks an injunction inter alia requiring the defendants and each of them to withdraw and remove personal data relating to the plaintiff, making reference to or tending to reveal sexual offences committed by the plaintiff while a child, from their data processing and indexing systems and to prevent access to such personal data in the future. The Court references ia Vidal-Hall and Google Spain. I will leave readers to digest the ruling largely for themselves for there is a lot in there: consideration of Article 8 ECHR; Directive 95/46; aforementioned precedent; tort law etc.
Of particular note is Stephens J’s finding at 61 that ‘(t)here is a clear public interest in open justice. There is a clear right to freedom of expression. In such circumstances the processing was not unwarranted and that there is no triable issue in relation to any allegation that Google Inc. has not satisfied this condition.’
A judgment to add to the growing pile of internet, jurisdiction and balancing of interests in privacy considerations.
Update 19 November 2018 Michèle Finck has excellent reporting on the hearing before the CJEU here.
Update May 2018 our paper on global case-law re RTBF is here.
Update 23 May 2017 the Case is C-136/17 and the relevant dossier (partially in Dutch) is here, on the unparalleled website of the Dutch foreign ministry. A related case is C-505/17. Update 1 February 2018 for a recent English case see  EWHC 137 (QB) ABC v Google. Order to block access was denied for no permisison to serve out of jurisdiction had been sought (Google been incorporated in Delaware.
Many thanks to KU Leuven law student Dzsenifer Orosz (she is writing a paper on the issues for one of my conflict of laws courses) for alerting me to the French Conseil D’Etat having referred ‘right to be forgotten’ issues to the European Court of Justice. I have of course on occasion reported the application of data protection laws /privacy issues on this blog (try ‘Google’ as a search on the blog’s search function). I also have a paper out on the case against applying the right to be forgotten to the .com domain, and with co-authors, one where we catalogue the application of RTBF until December 2016. See also my post on the Koln courts refusing application to .com.
The Conseil d’Etat has referred one or two specific Qs but also, just to be sure, has also asked the Court of Justice for general insight into how data protection laws apply to the internet. The Court is unlikely to offer such tutorial (not that it would not be useful). However any Advocate General’s opinion of course will offer 360 insight.
One to look forward to.
C-191/15 Verein für Konsumenteninformation v Amazon SarL is one of those spaghetti bowl cases, with plenty of secondary law having a say on the outcome. In the EU purchasing from Amazon (on whichever of its extensions) generally implies contracting with the Luxembourg company (Amazon EU) and agreeing to Luxembourg law as applicable law. Amazon has no registered office or establishment in Austria. VKI is a consumer organisation which acted on behalf of Austrian consumers, seeking an injunction prohibiting terms in Amazon’s GTCs (general terms and conditions), specifically those which did not comply with Austrian data protection law and which identified Luxembourg law as applicable law.
Rather than untangle the bowl for you here myself, I am happy to refer to masterchef Lorna Woods who can take you through the Court’s decision (with plenty of reference to Saugmandsgaard Øe’s Opinion of early June). After readers have consulted Lorna’s piece, let me point out that digital economy and applicable EU law is fast becoming a quagmire. Those among you who read Dutch can read a piece of mine on it here. Depending on whether one deals with customs legislation, data protection, or intellectual property, different triggers apply. And even in a pure data protection context, as prof Woods points out, there now seems to be a different trigger depending on whether one looks intra-EU (Weltimmo; Amazon) or extra-EU (Google Spain).
The divide between the many issues addressed by the Advocate General and the more narrow analysis by the CJEU, undoubtedly indeed announces further referral.
(Handbook of) European Private International Law, 2016, Chapter 2, Heading 22.214.171.124.5.