American library books » Law » GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (red seas under red skies txt) 📕

Read book online «GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (red seas under red skies txt) 📕».   Author   -   Adv. Prashant Mali



1 ... 50 51 52 53 54 55 56 57 58 ... 71
Go to page:
that law permits, based on the information which the first DPA has transmitted to second DPA. The second DPA may also find it necessary to carry out other investigations, on the instructions of the first DPA.

Schrems: DPAs powers extend to their own Member State, but not to processing in third countries. However, DPAs are responsible for monitoring transfers from a Member State to a third country, as the transfer is processing carried out in the Member State.

An adequacy decision adopted by the Commission pursuant to Article 25(6) of Directive 95/46 is addressed to the Member States, which must take the necessary measures to comply with it. Until the Commission decision is declared invalid by the ECJ, it has legal effect in the Member States. However, the Commission decision cannot eliminate or reduce the powers of the DPA accorded by Article 8(3) of the CFR, and therefore cannot prevent data subjects whose personal data has been transferred from lodging a claim pursuant to Article 28(4) with the DPA alleging that an adequate level of protection is not ensured in that third country, which in essence challenges the validity of the Commission’s adequacy decision. But the ECJ alone has jurisdiction to declare that the decision is invalid; neither the DPA nor a national court may do so. The latter must refer the claim to the ECJ for a preliminary ruling to examine the validity of the Commission decision.

Article 3 of Decision 2000/520 lays down specific rules regarding DPA’s powers in light of a Commission adequacy finding (to suspend data flows to self-certified US organisations under restrictive conditions establishing a high threshold for intervention). It excludes the possibility of DPA’s taking action to ensure compliance with Article 25 (adequacy), in particular, it denies DPAs powers which they derive from Article 28 to consider a data subject’s claim which puts into question whether a Commission adequacy decision is compatible with protection of privacy and fundamental rights and freedoms of individuals. This goes beyond the power conferred on the Commission in Article 25(6). Thus, Article 3 is invalid.

 

PROCESSING FOR SOLELY JOURNALISTIC PURPOSES

Tietosuojavaltuutettu: Article 1 of the Directive indicates that the objective is that Member States should, while permitting the free flow of personal data, protect the fundamental rights and freedoms of natural persons and, in particular, their right to privacy, with respect to processing of their personal data. That objective can only be pursued by reconciling those fundamental rights with the fundamental right to freedom of expression. Article 9's objective is to reconcile the two rights. Member States are required to provide derogations in relation to the protection of personal data, solely for journalistic purposes or artistic or literary expression, which fall within the fundamental right to freedom of expression, insofar as necessary for reconciliation of the two rights. To take account of the importance of the right of freedom of expression in every democratic society, it is necessary to interpret notions of freedom, such as journalism, broadly. Derogations must apply only insofar as strictly necessary. The fact that publication is done for profit making purposes does not preclude publication from being considered as “solely for journalistic purposes.” The medium used is not determinative of whether it is “solely for journalistic purposes.” Thus activities may be classified as “journalistic” if their sole object is the disclosure to the public of information, opinions or ideas, irrespective of the medium used to transmit them.

 

PROCESSING FOR PURELY PERSONAL OR HOUSEHOLD ACTIVITY

Lindquist: Mrs. Lindquist's activities were mainly charitable and religious, but these are not covered by the exceptions in Article 3(2) of the Directive and cannot be considered exclusively personal or domestic.

Rynes: Protection of the fundamental right to private life guaranteed under Article 7 of the CFR requires that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary. Also, the wording of the derogation refers to “purely” personal or household activity, not simply a personal or household activity. Correspondence and the keeping of address books constitute, in the light of recital 12 to Directive 95/46, a purely personal or household activity, even if they incidentally concern the private life of other persons. However, to the extent that video surveillance covers, even partially, a public space and is accordingly directed outwards from the private setting of the person processing the data, it cannot be regarded as a purely personal or household activity. In such case, the consent of the data subject would be required to process his data.

 

TRANSPOSITION/HARMONISATION

Luxembourg: A Member State may not plead provisions, practices or circumstances in its internal legal system (here, the new distribution of ministerial powers following a change in its internal government) in order to justify a failure to comply with obligations and time limits laid down in a Directive, and thus a violation had occurred relating to the transposition of Directive 95/46.

Lindquist: The Directive envisages complete harmonization, thus Member States must adopt national legislation conforming to the regime of the Directive. However, certain provisions of the Directive can explicitly authorize the Member States to adopt more constraining regimes of protection. This must be done in accordance with the objective of maintaining a balance between free movement of personal data and protection of private life. In addition, Member States remain free to regulate areas excluded from the scope of application of the Directive in their own way, provided no other provision of EU law precludes it.

Promusicae: Directives 2000/31, 2001/29, 2004/48 and 2002/58 do not require Member States to lay down an obligation to communicate personal data in order to ensure effective protection of copyright in civil proceedings, nor does it oblige them to impose such an obligation. However, when transposing various intellectual property Directives, Member States must take care to interpret them such that there is a fair balance struck between the various fundamental rights protected by the Community legal order. Further, when implementing the national law transposing those Directives, authorities and courts of the Member States must interpret them in a manner consistent with the Directives and make sure that the interpretation does not conflict with those fundamental rights or other general principles of Community law, such as the proportionality principle.

ASNEF: Harmonisation of national laws is not limited to minimal harmonisation but harmonization, which is generally complete. Directive 95/46 is intended to ensure free movement of personal data while guaranteeing a high level of protection for the rights and interests of data subjects, equivalent in all Member States. Consequently, Article 7 of Directive 95/45 sets out an exhaustive and restrictive list of cases in which the processing of personal data can be regarded as lawful. That interpretation is corroborated by the term “may be processed only if” which demonstrates the exhaustive and restrictive nature of the list appearing in that Article. Thus the Member States cannot add new principles relating to the lawfulness of processing or impose additional requirements.

Article 5 authorises Member States to specify the conditions under which the processing of personal data is lawful, within the limits of Article 7, inter alia. That margin of discretion can be used only in accordance with the objective pursued by the Directive of maintaining a balance between the free movement of personal data and the protection of private life. A distinction must be made between national measures that provide for additional requirements amending the scope of a principle referred to in Article 7 (precluded) and national measures which provide for a mere clarification of one of those principles (allowed). Thus, Article 7(f) precludes any national rules, which in the absence of the data subject’s consent, impose requirements that are additional to the two cumulative conditions set out in that Article

Englebert: Article 13(1) states “Member States may” and thus does not oblige the Member States to lay down in their national law exceptions for the purposes listed therein. Rather they have the freedom to decide whether, and for what purposes, to take legislative measures aimed at limiting the extent of the obligations to inform the DS. Further, they may take such measures only when necessary.

 

DIRECT APPLICABILITY

Rechnungshof: Wherever provisions of a directive appear to be unconditional and sufficiently precise, they may, in the absence of implementing measures adopted within the prescribed period, be relied on against any incompatible national provision, or insofar as they define rights which individuals are able to assert against the State.

ASNEF: Whenever the provisions of a Directive appear to be unconditional and sufficiently precise, they have direct effect if the Member State has failed to implement that Directive in domestic law by the end of the prescribed period. Article 7(f) is sufficiently precise, as it states an unconditional obligation.

 

DIRECTIVE 2002/58

SCOPE

Bonnier: The communication of name and address of a person using an IP address from which files were shared (for copyrighted audio books) falls within the scope of Directive 2002/58 (and within the scope of Directive 2004/48, dealing with copyright)

TRAFFIC DATA

Probst: Article 6(2) of Directive 2002/58 provides an exception to the confidentiality of communications, stating that traffic data necessary for purposes of subscriber billing and interconnection payments may be processed “up to the end of the period during which the bill may lawfully be challenged or payment pursued”. Thus, the provision covers the processing necessary for securing payment, including debt collection.

Article 6(5) provides that traffic data processing authorized by Article 6(2) “must be restricted to persons acting under the authority of [service] providers of the public communications networks and publicly available electronic communications services handling billing” and “must be restricted to what is necessary” for the purpose of such activity. Thus, the assignee of claims for payment is authorized to process the data on condition that it acts “under the authority” of the service provider and that it processes only traffic data which are necessary for the purpose of recovery of those claims. That provision seeks to ensure that such externalization of debt collection does not affect the level of protection of personal data enjoyed by the user. “Under the authority” must be strictly construed to mean that the assignee acts only on instructions and under the control of the service provider. The contract between the service provider and assignee must contain provisions ensuring the lawful processing of traffic data by the assignee and must allow the service provider to ensure at all times that those provisions are being complied with by the assignee.

 

DIRECTIVE 2006/24

APPROPRIATE LEGAL BASIS

Ireland: The Court rejected Ireland's argument that the sole or principal objective of the Directive 2006/24 is the investigation, detection and prosecution of crime. Article 95(1) provides that the Council is to adopt measures for approximation of provisions laid down by law, regulation or administrative action in the Member States which have the objective of establishment and functioning of the internal market. It may be used where disparities exist (or are likely to exist in the future) between national rules, which obstruct fundamental freedoms or create distortions of competition and thus have a direct effect on the functioning of the internal market. The premise of the Directive was to harmonize disparities between national provisions governing retention of data by service providers, particularly regarding the nature of data retained and periods of data retention. It was apparent that differences were liable to have a direct impact on the functioning of the internal market, which would become more serious with the passage of time.

Article 47 of the EU Treaty provides that none of the provisions of the EC Treaty may be affected by a provision of the EU Treaty, in order to safeguard the building of the acquis communautaire. Insofar as Directive 2006/24 comes within the scope of Community powers, it could not be based on a provision of the EU Treaty without infringing Article 47. Directive 2006/24 provisions are limited to activities of service providers and do not govern access to data or use thereof by police or judicial authorities of the Member States. They are designed to harmonize national laws on the obligation to retain data, the categories of data to be retained, the periods of retention of data,

1 ... 50 51 52 53 54 55 56 57 58 ... 71
Go to page:

Free e-book: «GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (red seas under red skies txt) 📕»   -   read online now on website american library books (americanlibrarybooks.com)

Comments (0)

There are no comments yet. You can be the first!
Add a comment