Views
‘Legal identity’, statelessness, and private international law
Guest post by Bronwen Manby, Senior Policy Fellow and Guest Teacher, LSE Human Rights, London School of Economics.
In 2014, UNHCR launched a ten-year campaign to end statelessness by 2024. A ten-point global action plan called, among other things, for universal birth registration. One year later, in September 2015, the UN General Assembly adopted the Sustainable Development Goals (SDGs), an ambitious set of objectives for international development to replace and expand upon the 15-year-old Millennium Development Goals. Target 16.9 under Goal 16 requires that states shall, by 2030, ‘provide legal identity for all, including birth registration’. The SDG target reflects a recently consolidated consensus among development professionals on the importance of robust government identification systems.
Birth registration, the protection of identity, and the right to a nationality are already firmly established as rights in international human rights law – with most universal effect by the 1989 Convention on the Rights of the Child, to which every state in the world apart from the USA is a party. Universal birth registration, ‘the continuous, permanent, compulsory and universal recording within the civil registry of the occurrence and characteristics of birth, in accordance with the national legal requirements’, is already a long-standing objective of UNICEF and other agencies concerned with child welfare. There is extensive international guidance on the implementation of birth registration, within a broader framework of civil registration.
In a recent article published in the Statelessness and Citizenship Review I explore the potential impact of SDG ‘legal identity’ target on the resolution of statelessness. Like the UNHCR global action plan to end statelessness, the paper emphasises the important contribution that universal birth registration would make to ensuring respect for the right to a nationality. Although birth registration does not (usually) record nationality or legal status in a country, it is the most authoritative record of the information on the basis of which nationality, and many other rights based on family connections, may be claimed.
The paper also agrees with UNHCR that universal birth registration will not end statelessness without the minimum legal reforms to provide a right to nationality based on place of birth or descent. These will not be effective, however, unless there are simultaneous efforts to address the conflicts of law affecting recognition of civil status and nationality more generally. UNHCR and its allies in the global campaign must also master private international law.
In most legal systems, birth registration must be accompanied by registration of other life events – adoption, marriage, divorce, changes of name, death – for a person to be able to claim rights based on family connections, including nationality. This is the case in principle even in countries where birth registration reaches less than half of all births, and registration of marriages or deaths a small fraction of that number. Fulfilling these obligations for paperwork can be difficult enough even if they all take place in one country, and is fanciful in many states of the global South; but the difficulties are multiplied many times once these civil status events have to be recognised across borders.
Depending on the country, an assortment of official copies of parental birth, death or marriage certificates may be required to register a child’s birth. If the child’s birth is in a different country from the one where these documents were issued, the official copies must be obtained from the country of origin, presented in a form accepted by the host country and usually transcribed into its national records. Non-recognition of a foreign-registered civil status event means that it lacks legal effect, leaving (for example) marriages invalid in one country or the other, or still in place despite a registered divorce. If a person’s civil status documents are not recognised in another jurisdiction, the rights that depend on these documents may also be unrecognised: the same child may therefore be born in wedlock for the authorities of one country and out-of-wedlock for another. On top of these challenges related to registration in the country of birth, consular registration and/or transcription into the records of the state of origin is in many cases necessary if the child’s right to the nationality of one or both parents is to be recognised. It is also likely that the parents will need a valid identity document, and if neither is a national of the country where their child is born, a passport with visa showing legal presence in the country. A finding of an error at any stage in these processes can sometimes result in the retroactive loss of nationality apparently held legitimately over many years. Already exhausting for legal migrants in the formal sector, for refugees and irregular migrants of few resources (financial or social) these games of paperchase make the recognition of legal identity and nationality ever more fragile.
These challenges of conflicts of law are greatest for refugees and irregular migrants, but have proved difficult to resolve even within the European Union, with the presumption of legal residence that follows from citizenship of another member state. The Hague Conference on Private International Law has a project to consider transnational recognition of parentage (filiation), especially in the context of surrogacy arrangements, but has hardly engaged with the broader issues.
The paper urges greater urgency in seeking harmonisation of civil registration practices, not only by The Hague Conference, but also by the UN as it develops its newly adopted ‘Legal Identity Agenda’, and by the UN human rights machinery. Finally, the paper highlights the danger that the SDG target will rather encourage short cuts that seek to bypass the often politically sensitive task of determining the nationality of those whose legal status is currently in doubt: new biometric technologies provide a powerful draw to the language of technological fix, as well as the strengthening of surveillance and control rather than empowerment and rights. These risks – and their mitigation – are further explored in a twinned article in World Development.
Álvarez-Armas on potential human-rights-related amendments to the Rome II Regulation (I): The law applicable to SLAPPs
Eduardo Álvarez-Armas is Lecturer in Law at Brunel University London and Affiliated Researcher at the Université Catholique de Louvain. He has kindly provided us with his thoughts on recent proposals for amending the Rome II Regulation. This is the first part of his contribution; a second one on corporate social responsibility will follow in the next days.
On December the 3rd, 2020, the EU commission published a call for applications, with a view to putting forward, by late 2021, a (legislative or non-legislative) initiative to curtail “abusive litigation targeting journalists and civil society”. As defined in the call, strategic lawsuits against public participation (commonly abbreviated as SLAPPs) “are groundless or exaggerated lawsuits, initiated by state organs, business corporations or powerful individuals against weaker parties who express, on a matter of public interest, criticism or communicate messages which are uncomfortable to the litigants”. As their core objective is to silence critical voices, SLAPPs are frequently grounded on defamation claims, but they may be articulated through other legal bases (as “data protection, blasphemy, tax laws, copyright, trade secret breaches”, etc) (p. 1).
The stakes at play are major: beyond an immediate limitation or suppression of open debate and public awareness over matters that are of significant societal interest, the economic pressure arising from SLAPPs can “drown” defendants, whose financial resources are oftentimes very limited. Just to name but a few recent SLAPP examples (For further review of cases throughout the EU see: Greenpeace European Unit [O. Reyes, rapporteur], “Sued into silence – How the rich and powerful use legal tactics to shut critics up”, Brussels, July 2020, p. 18ff): at the time of her murder in 2017, Maltese journalist Daphne Caruana Galizia was facing over 40 civil and criminal defamation lawsuits, including a 40-million US dollar lawsuit in Arizona filed by Pilatus Bank (Greenpeace European Unit [O. Reyes, rapporteur], pp. 9-12); in 2020, a one million euros lawsuit was introduced against Spanish activist Manuel García for stating in a TV program that the poor livestock waste management of meat-producing company “Coren” was the cause for the pollution of the As Conchas reservoir in the Galicia region.
In light of the situation, several European civil-society entities have put forward a model “EU anti-SLAPP Directive”, identifying substantive protections they would expect from the European-level response announced in point 3.2 of the EU Commission´s “European democracy action plan”. If it crystallized, an EU anti-SLAPP directive would follow anti-SLAPP legislation already enacted, for instance, in Ontario, and certain parts of the US.
Despite being frequently conducted within national contexts, it is acknowledged that SLAPPs may be “deliberately brought in another jurisdiction and enforced across borders”, or may “exploit other aspects of national procedural and private international law” in order to increase complexities which will render them “more costly to defend” (Call for applications, note 1, p. 1) Therefore, in addition to a substantive-law intervention, the involvement of private international law in SLAPPs is required. Amongst core private-international-law issues to be considered is the law applicable to SLAPPs.
De lege lata, due to the referred frequent resort to defamation, and the fact that this subject-matter was excluded from the material scope of application of the Rome II Regulation, domestic choice-of-law provisions on the former, as available, will become relevant. This entails a significant incentive for forum shopping (which may only be partially counteracted, at the jurisdictional level, by the “Mosaic theory”).
De lege ferenda, while the risk of forum shopping would justify by itself the insertion of a choice-of-law rule on SLAPPs in Rome II, the EU Commission´s explicit objective of shielding journalists and NGOs against these practices moreover pleads for providing a content-oriented character to the rule. Specifically, the above-mentioned “gagging” purpose of SLAPPs and their interference with fundamental values as freedom of expression sufficiently justify departing from the neutral choice-of-law paradigm. Furthermore, as equally mentioned, SLAPP targets will generally have (relatively) modest financial means. This will frequently make them “weak parties” in asymmetric relationships with (allegedly) libeled claimants.
In the light of all of this, beyond conventional suggestions explored over the last 15 years in respect of a potential rule on defamation in Rome II (see, amongst other sources: Rome II and Defamation: Online Symposium), several thought-provoking options could be explored, amongst which the following two:
1st Option: Reverse mirroring Article 7 Rome II
A first creative approach to the law applicable to SLAPPs would be to introduce an Article 7-resembling rule, with an inverted structure. Article 7 Rome II on the law applicable to non-contractual obligations arising from environmental damage embodies the so-called “theory of ubiquity” and confers the prerogative of the election of the applicable law to the “weaker” party (the environmental victim). In the suggested rule on SLAPPs, the choice should be “reversed”, and be given to the defendant, provided they correspond with a carefully drafted set of criteria identifying appropriate recipients for anti-SLAPP protection.
However, this relatively straightforward adaptation of a choice-of-law configuration already present in the Rome II Regulation could be problematic in certain respects. Amongst others, for example, as regards the procedural moment for performing the choice-of-law operation in those domestic systems where procedural law establishes (somewhat) “succinct” proceedings (i.e. with limited amounts of submissions from the parties, and/or limited possibilities to amend them): where a claimant needs to fully argue their case on the merits from the very first written submission made, which starts the proceedings, how are they meant to do so before the defendant has chosen the applicable law? While, arguably, procedural adaptations could be enacted at EU-level to avoid a “catch-22” situation, other options may entail less legislative burden.
2nd option: a post-Brexit conceptual loan from English private international law = double actionability
A more extravagant (yet potentially very effective) approach for private-international-law protection would be to “borrow” the English choice-of-law rule on the law applicable to defamation: the so-called double actionability rule. As it is well-known, one of the core reasons why “non-contractual obligations arising out of violations of privacy and rights relating to personality, including defamation” were excluded from the material scope of the Rome II Regulation was the lobbying of publishing groups and press and media associations during the Rome II legislative process (see A. Warshaw, “Uncertainty from Abroad: Rome II and the Choice of Law for Defamation Claims”). With that exclusion, specifically, the English media sector succeeded in retaining the application by English courts of the referred rule, which despite being “an oddity” in the history of English law (Vid. D. McLean & V. Ruiz Abou-Nigm, The Conflict of Laws, 9th ed., Swett & Maxwell, 2016, p. 479), is highly protective for defendants of alleged libels and slanders. The double actionability rule, roughly century and a half old, (as it originated from Philips v. Eyre [Philips v. Eyre (1870) L.R. 6 Q.B. 1.] despite being tempered by subsequent case law) is complex to interpret and does not resemble (structurally or linguistically) modern choice-of-law rules. It states that:
“As a general rule, in order to found a suit in England for a wrong alleged to have been committed abroad, two conditions must be fulfilled. First, the wrong must be of such a character that it would have been actionable if committed in England … Secondly, the act must not have been justifiable by the law of the place where it was done” (Philips v. Eyre, p. 28-29).
The first of the cumulative conditions contained in the excerpt is usually understood as the need to verify that the claim is viable under English law (Lex fori). The second condition is usually understood as the need to verify that the facts would give rise to liability also under foreign law. Various interpretations of the rule can be found in academia, ranging from considering that once the two cumulative requirements have been met English law applies (Vid. Dicey, Morris & Collins, The Conflict of Laws, vol. II, 15th ed., Swett & Maxwell, 2012, pp. 2252-2270, para. 35-111), to considering that only those rules that exist simultaneously in both laws (English and foreign) apply, or that exemptions from liability from either legal system free the alleged tortfeasor (Vid. Cheshire, North & Fawcett, Private International Law, 15th ed., OUP, 2017, p. 885. Similarly, Dicey, Morris & Collins, The Conflict of Laws, vol. II, 15th ed., Swett & Maxwell, 2012, pp. 2252-2270, para. 35-128). Insofar as it is restrictive, and protective of the defendant, double actionability is usually understood as a “double hurdle” (Vid. Cheshire, North & Fawcett, Private International Law, 15th ed., OUP, 2017, p. 885; D. McLean & V. Ruiz Abou-Nigm, The Conflict of Laws, 9th ed., Swett & Maxwell, 2016, p. 479) to obtaining reparation by the victim, or, in other words, as having to win the case “twice in order to win [only] once” (Vid. A. Briggs, The Conflict of Laws, 4th ed., Clarendon Law Series, OUP, 2019, p. 274). Thus, the practical outcome is that the freedom of speech of the defendant is preserved.
A plethora of reasons make this choice-of-law approach controversial, complex to implement, and difficult to adopt at an EU level: from a continental perspective, it would be perceived as very difficult to grasp by private parties, as well as going against the fundamental dogma of EU private international law: foreseeability. This does not, nevertheless, undermine the fact that it would be the most effective protection that could be provided from a private-international-law perspective. Even more so than the protection potentially provided by rules based on various “classic” connecting factors pointing towards the defendant´s “native” legal system/where they are established (as their domicile, habitual residence, etc).
Truth be told, whichever approach is chosen, a core element which will certainly become problematic will be the definition of the personal scope of application of the rule, i.e. how to precisely identify subjects deserving access to the protection provided by a content-oriented choice-of-law provision of the sort suggested (and/or by substantive anti-SLAPP legislation, for that matter). This is a very delicate issue in an era of “fake news”.
Insights into ERA Seminar on Privacy and Data Protection with a Specific Focus on “Balance between Data Retention for Law Enforcement Purposes and Right to Privacy” (Conference Report)
Introduction:
On 9-11 December 2020, ERA – the Academy of European Law – organized an online seminar on “Privacy and Data Protection: Recent ECtHR & CJEU Case Law”. The core of the seminar was to provide an update on the case law developed by the European Court of Human Rights (ECtHR) and by the Court of Justice of the European Union (CJEU) with relevance for privacy and data protection law since 2019. The key issues discussed were the distinction between the right to privacy and data protection in the jurisprudence of the ECtHR and CJEU, the impact of the jurisprudence on international data transfers, notions of ‘essence of fundamental rights’ ‘personal data processing’, ‘valid consent’ and so on.
Day 1: Personal Data Protection and right to privacy
Gloria González Fuster (Research Professor, Vrije Universiteit Brussel (VUB), Brussels) presented on the essence of the fundamental rights to privacy and data protection in the existing legal framework with a specific focus on the European Convention on Human Rights (Art. 8 of ECHR) and the Charter of Fundamental Rights of the EU (Art. 7, Art. 8)
Article 8 of the Convention (ECHR) guarantees the right to respect private and family life. In contrast, Art 52(1) EU Charter recognizes the respect for the essence of the rights and freedoms guaranteed by the Charter. Both are similar, but not identical. This can be validated from the following points:
- As per Art 8 (2) ECHR – there shall be no interference with the exercise of this right except such as in accordance with the law, whereas Art 52 (1) states that any limitation to the exercise of right and freedoms recognized by the Charter must be provided for by law.
- The Art 8 (2) ECHR stresses the necessity in a democratic society to exercise such an interference, whereas Art 52(1) of the EU Charter is subject to the principle of proportionality.
- Respect for the essence of rights and freedoms is mentioned in Art 52 (1) but not mentioned in Art 8 (2).
- Also, Art 8 (2) states that the interference to the right must be only allowed in the interests of national security, public safety, or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or the protection of the rights and freedoms of others. At the same time, Article 52 (1) states that any limitations to rights must meet objectives of general interest recognized by the Union or the need to protect others’ rights and freedoms.
In the Joined Cases C?293/12 and C?594/12, Digital Rights Ireland; the Court addressed the interferences to the rights guaranteed under Articles 7 and 8 caused by the Data Retention Directive. An assessment was carried out as to whether the interferences to the Charter rights were justified as per Article 52(1) of the Charter. In order to be justified, three conditions under Article 52(1) must be fulfilled. The interference must be provided for by law, and there must be respect for the essence of the rights, and it must be subject to the principle of proportionality. Certain limitations to the exercise of such interference/ infringement must be genuinely necessary to meet objectives of general interest. The Directive does not permit the acquisition of data and requires the Member States to ensure that ‘appropriate technical and organizational measures are adopted against accidental or unlawful destruction, accidental loss or alteration of data’ and thus, respects the essence of the right to privacy and data protection. The Directive also satisfied the objective of general interest as the main aim of the Directive was to fight against serious crime, and it was also proportional to its aim of need for data retention to fight against serious crimes. However, even though the Directive satisfied these three criteria, it did not set out clear safeguards for protecting the retained data, and therefore it was held to be invalid.
It is pertinent to note here that the ECHR does not contain any express requirement to protect the ‘essence’ of fundamental rights, whereas the Charter does. However, with regard to Art 8 of the ECHR, it aims to prohibit interference or destruction of any rights or freedoms with respect for private and family life. This can be possibly interpreted so as to protect the essence of the fundamental right of private and family life. This is because a prohibition of the destruction of any right would mean affecting the core of the right or compromising the essence of the right.
Gloria, also examined Article 7 of the Charter, which guarantees a right to respect for private and family life, home and communications, and Article 8, which not only distinguishes data protection from privacy but also lays down some specific guarantees in paragraphs 2 and 3, namely that personal data must be processed fairly for specified purposes. She analyzed these Charter provisions concerning the Regulation (EU) 2016/679 (GDPR). GDPR creates three-fold provisions by imposing obligations on the data controllers, providing rights to data subjects, and creating provision for supervision by data protection authorities.
She also addressed the balance between the right to privacy and the processing of personal data of an individual on one hand and the right to information of the public on the other. Concerning this, she highlighted the interesting decision in C-131/12, Google Spain, wherein it was stated that an interference with a right guaranteed under Article 7 and 8 of the Charter could be justified depending on the nature and sensitivity of the information at issue and with regard to the potential interest of the internet users in having access to that information. A fair balance must be sought between the two rights. This may also depend on the role played by the data subject in public.
It was also discussed in the judgments C-507/17, Google v CNIL; and Case C-136/17 that a data subject should have a “right to be forgotten” where the retention of such data infringes the Directive 95/46 and the GDPR. However, the further retention of the personal data shall only be lawful where it is necessary for exercising the right of freedom of expression and information. The ruling was on the geographical reach of a right to be forgotten. It was held that it is not applicable beyond the EU, meaning that Google or other search engine operators are not under an obligation to apply the ‘right to be forgotten’ globally.
In the next half of the day, Roland Klages, Legal Secretary, Chambers of First Advocate General Szpunar, Court of Justice of the European Union, Luxembourg, presented on the topic: “The concept of consent to the processing of personal data”. He started with a brief introduction of GDPR and stated that there is no judgment on GDPR alone as it has been introduced and implemented recently, but there are judgments based on the interpretation of Directive 95/46 and the GDPR simultaneously. He commented on the composition of the ECJ, which sits in the panel of 3,5, 15 (Grand Chamber), or 27 (Plenum) judges. The Grand Chamber comprises a President, vice-president, 3 presidents of a 5th chamber, rapporteur, another 9 judges, appointed based on re-established lists (see Article 27 ECJ RP).
He discussed the following cases in detail:
C – 673/17 (Planet49): Article 6(1) (a) GDPR states that the processing of data is lawful only if the data subject has given consent to the processing of personal data for one or more specific purposes. “Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.[1] This clearly indicates that consent is valid only if it comes from the active behavior of the user as it indicates the wishes of the data subjects. A consent given in the form of a pre-selected checkbox on a website does not amount to active behavior. It also does not fulfill the requirement of unambiguity. Another important aspect of the ruling was that it does not matter if the information stored or retrieved consists of personal data or not. Article 5(3) of Directive 2002/58/ EC (Directive on privacy and electronic communications)protects the user from interference with their private sphere, regardless of whether or not that interference involves personal or other data. Hence, in this case, the storage of cookies at issue amounts to the processing of personal data. Further, it is also important that the user is able to determine the consequence of the consent given and is well informed. However, in this case, the question of whether consent is deemed to be freely given if it is agreed to sell data as consideration for participation in a lottery is left unanswered.
Similarly, in case C -61/19 (Orange Romania), it was held that a data subject must, by active behavior, give his or her consent to the processing of his or her personal data, and it is upto the data controller, i.e., Orange România to prove this. The case concerns contracts containing a clause stating that the data subject has been informed about the collection and storage of a copy of his or her identification document with the identification function and has consented thereto. He also discussed other cases such as case C-496/17, Deutsche Post, and C- 507/17, Google (discussed earlier), demonstrating that consent is a central concept to GDPR.
Day 2: “Retention of personal data for law enforcement purposes.”
On the next day, Kirill Belogubets, Magister Juris (Oxford University), case lawyer at the Registry of the European Court of Human Rights (ECtHR), started with a presentation on the topic:
“Retention of personal data for combating crime.”
Kirill Belogubets discussed the case of PN v. Germany. No. 74440/17 regarding the processing of personal identification of data in the context of criminal proceedings. In this case, a German citizen was suspected of buying a stolen bicycle. Authorities collected an extensive amount of data such as photographs, fingerprints, palm prints, and suspect descriptions. It must be noted here that with regard to the right to respect for private life under Article 8 of the ECHR, the interference must be justified and fulfill the test of proportionality, legitimacy, and necessity. The authorities expounded on the likelihood that the offender may offend again. Therefore, in the interest of national security, public security, and prevention of disorder and criminal offenses, it is essential to collect and store data to enable tracing of future offenses and protect the rights of future potential victims. Thus, the collection and storage of data in the present case struck a fair balance between the competing public and private interests and therefore fell within the respondent State’s margin of appreciation.
With respect to margin of appreciation, the case of Gaughran v. The United Kingdom, no. 45245/15was also discussed. This case pertains to the period of retention of DNA profiles, fingerprints, and photographs for use in pending proceedings. The Court considered storing important data such as DNA samples only of those convicted of recordable offences, namely an offense that is punishable by a term of imprisonment. Having said that, there was a need for the State to ensure that certain safeguards were present and effective, especially in the nature of judicial review for the convicted person whose biometric data and photographs were retained indefinitely.
However, it has been highlighted that the legal framework on the retention of DNA material was not very precise. It does not specifically relate to data regarding DNA profiles and there is no specific time limit for the retention of DNA data. Similarly, the applicant has no avenue to seek deletion because of the absence of continued necessity, age, personality, or time elapsed. This has been laid down in the case of Trajkovski and Chipovski v. North Macedonia, nos. 53205/13 and 63320/13.
Mass Collection and Retention of Communications data
In the next half, Anna Buchta, Head of Unit “Policy & Consultation”, European Data Protection Supervisor, Brussels brought the discussion on Article 7 and 8 of the Charter and Article 8 of the Convention along with the concept of ‘essence’ of fundamental rights, back to the table. With regard to this discussion, she described the case C-362/14 Maximilian Schrems v DPC, which highlights that ‘any legislation permitting the public authorities to have access on a generalized basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life, as guaranteed by Article 7 of the Charter.’ In this context, EU member states must recognize the confidentiality of communication as a distinct legal right. In this case, it was the first time where a Directive was invalidated due to non-confirmation with the ECHR. It was laid down that the safe harbor principles issued under the Commission Decision 2000/520, pursuant to Directive 95/46/EC does not comply with its Article 25(6), which ensures a level of protection of fundamental rights essentially equivalent to that guaranteed in the EU legal order. The Decision 2000/520 does not state that the United States, infact, ‘ensures’ an adequate level of protection by reason of its domestic law or its international commitments.
Traffic and Location data
She also commented on the indefinite retention of data, which might lead to a feeling of constant surveillance leading to interference with freedom of expression in light of CJEU cases C-203/15 and C-698/15 Sverige and Watson. In these cases, the Court agreed that under Article 15(1) of the Directive 2002/58 / EC, data retention could be justified to combat serious crime, national security, protecting the constitutional, social, economic, or political situation of the country and preventing terrorism. However, this must only be done if it is limited to what is strictly necessary, regarding categories of data, means of communication affected, persons concerned, and retention period. Traffic data relating to subscribers and users processed and stored by the provider of a public communications network or publicly available electronic communications service must be erased or made anonymous when it is no longer needed for the transmission of a communication without prejudice to paragraphs 2, 3, and 5 of this Article 6 and Article 15(1) of the Directive. This was reiterated in C-623/17 Privacy International. It must be noted here that these data can be retained only if there is evidence that these data constitute an identifiable link, at least an indirect one, to criminal activities. Data with regard to the geographical location again requires objective factors. It must be retained if there exists a risk of criminal activities in such areas. These locations may correspond to places that are vulnerable to the commission of serious offenses, for instance, areas that receive a large number of people, such as airports, train stations, toll-booth areas, etc.
The Court differentiated between generalized and targeted retention of data. Real-time collection and indeterminate storage of electronic communications surveillance involving traffic and location data of specific individuals constitute targeted retention. In this context, the case of C?511/18, C?512/18 and C?520/18, La Quadrature du Net and Others were also relied upon, with a focus on the following findings:
Targeted real-time collection of traffic and location data by electronic communication providers that concerns exclusively one or more persons constitutes a serious interference that is allowed where:
- Real-time collection of traffic and location data is limited to persons in respect of whom there is a valid reason to suspect that they are directly or indirectly involved in terrorist activities. With regard to persons falling outside of that category, they may only be the subject of non-real-time access.
- A court or an administrative authority must pass an order after prior review, allowing such real-time collection. This must be authorized only within the limits of what is strictly necessary. In cases of duly justified urgency, the review must take place within a short time.
- A decision authorizing the real-time collection of traffic and location data must be based on objective criteria provided for in the national legislation, which must clearly define the circumstances and conditions under which such collection may be authorized.
- The competent national authorities undertaking real-time collection of traffic and location data must notify the persons concerned, in accordance with the applicable national procedures.
Last but not least, the EU Commission as well as the CJEU have started looking at the national laws of data retention and specifically inclined to define national security in manner so as to increase their own role in the area. However, data retention schemes are divergent across the Member States. It is essential to create clearer and more precise rules at the European level to enable the Courts to develop the best ways to strike a balance between the interactions of privacy rights with the need to tackle serious crime. The different legal rules in the area of data retention restricted cooperation between competent authorities in cross-border cases and affected law enforcement efforts. For instance, some Member States have specified retention periods, whereas some do not, a fact from which conflict-of-laws problems may arise. While some Member States for example Luxembourg precisely define ‘access to data’, there are Member States, which do not. This was pointed out by the EU Council in the conclusion of the data retention reflection process in May 2019, wherein it was emphasized that there is a need for a harmonised framework for data retention at EU level to remedy the fragmentation of national data retention practices.
Day 3: Data Protection in the Global Data Economy
The discussion of the third day started with a presentation by Professor Herwig Hofmann, Professor of European and Transnational Public Law, the University of Luxembourg on the well-known Schremscases namely, C-362/14, Schrems I; C-498/16, Schrems vs Facebook; and C-311/18, Schrems II;which involves transatlantic data transfer and violation of Article 7 and 8 of the Charter. In the clash between the right to privacy of the EU and surveillance of the US, the CJEU was convinced that any privacy agreements could not keep the personal data of EU citizens safe from surveillance in the US, so long as it is processed in the US under the country’s current laws. The guidelines in the US for mass surveillance did not fit in the EU. Therefore, privacy shield could not be maintained.
He also highlighted that international trade in today’s times involves the operation of standard contractual terms created to transfer data from one point to another. Every company uses a cloud service for the storage of data, which amounts to its processing. It is inevitable to ensure transparency from cloud services. The companies using cloud services must require transparency from cloud services and confirm how the cloud service will use the data, where would the data be stored or transferred.
In the last panel of the seminar Jörg Wimmers, Partner at TaylorWessing, Hamburg, spoke about the balance between Data protection and copyright.
The case discussed in detail was C-264/19 Constantin Film Verleih GmbH, which was about the prosecution of the user who unlawfully uploaded a film on YouTube, i.e., without the copyright holder’s permission. In this regard, it was held that the operator of the website is bound only to provide information about the postal address of the infringer and not the IP address, email addresses, and telephone numbers. The usual meaning of the term ‘address’ under the Directive 2004/48 (Directive on the enforcement of Intellectual Property rights) refers only to the postal address, i.e., the place of a given person’s permanent address or habitual residence. In this context, he also commented on the extent of the right to information guaranteed under Article 8 of the said Directive 2004/48. This was done by highlighting various cases, namely, C-580/13, Coty and C-516/17, Spiegel Online, noting that Article 8 does not refer to that user’s email address and phone number, or to the IP address used for uploading those files or that used when the user last accessed his account. However, Article 8 seeks to reconcile the right to information of the rightholder/ intellectual property holder and the user’s right to privacy.
Conclusion:
To conclude, the online seminar was a total package with regard to providing a compilation of recent cases of the ECtHR and CJEU on data protection and the right to privacy. A plethora of subjects, such as the balance between data protection and intellectual property rights, privacy and data retention, and respect for the essence of fundamental rights to privacy, were discussed in detail. The data retention provision established by the new Directive on Privacy and Electronic Communications may be an exception to the general rule of data protection, but in the current world of Internet Service providers and telecommunication companies, it may not be easy to ensure that these companies store all data of their subscribers. Also, it is important to ensure that data retained for the purpose of crime prevention does not fall into the hands of cybercriminals, thereby making their jobs easier.
[1] Article 4 No.11 GDPR
News
European Union Private International Law – Role Model or Hegemony?
Caroline Sophie Rapatz, University of Kiel, has just published her German-language Habilitationsschrift on “European Union Private International Law – Role Model or Hegemony? Delimitations and Effects in Relation to National and International Conflict of Laws” (Das Internationale Privatrecht der EU – Vorbild oder Vormacht? Abgrenzungen und Wirkungen im Verhältnis zum nationalen und völkerrechtlichen Kollisionsrecht, Beiträge zum ausländischen und internationalen Privatrecht 139, Mohr Siebeck 2023 (XXVI, 693 p.) The book analyses the consequences of the Europeanisation of private international law (PIL) for the traditional regulatory levels of national and international (treaty and convention) conflict-of-laws rules and for the system of conflict-of-laws as a whole. The author has kindly provided has with the following summary of her insights:
Application Now Open: The Hague Academy of International Law’s Advanced Course in Hong Kong – 1st Edition (2023)
The first edition of the HAIL Advanced Courses in Hong Kong, organised in cooperation with with the Asian Academy of International Law and (AAIL) and the Hong Kong Department of Justice, will take place on 11-15 December 2023 with a focus on “Current Trends on International Commercial and Investment Dispute Settlement“.
Read more
International Symposium on Legalisation of Foreign Relations in China
Legalisation of Foreign Relations in China, 14 Oct 2023, Wuhan University
Wuhan University and Fudan University are co-organising an International Symposium “Legalisation of Foreign Relations in China” (in English) on 14 Oct 2023. This symposium will discuss the two most important developments in Chinese law relating to foreign relations, i.e. the Foreign Relations Law and the Foreign State Immunities Law. Some presented articles will be published in the special session of the Chinese Journal of Transnational Law. This symposium will be held in person and online. Everyone is welcome. For more information and the program, please follow the event page. This event can be attended in-person or online. No registration is required.
INTERNATIONAL SYMPOSIUM ON LEGALISATION OF FOREIGN RELATIONS IN CHINA
Time: 9:30 am (Beijing time), 14 Oct 2023
Join the Zoom meeting
https://zoom.us/j/87645264148?pwd=xlbP90sgAmV0R4kFT6nkmxbL5nVlHA.1
Meeting ID: 876 4526 4148
Password: 032908