Policy Observatory

Following the ECJ court decision and several reactions from the US (mentioned in the 301 report), there have been a series of legislative changes in Spain regarding managing links. The Sinde-Wert Committee was created to clarify whether links infringe intellectual property rights. Contrary to the national civil and criminal courts decisions so far, the Committee reached the conclusion that it does represent an infringement.

The case stems from a complaint filed by 27-year-old Austrian law student Max Schrems against Facebook with the Irish data protection commissioner, who monitors compliance with privacy laws. Schrems argued the company helped the NSA harvest email and other private data from European citizens by forwarding data to servers in the United States and asked the Irish watchdog to investigate whether the United States was providing adequate data protection. The Irish regulator rejected the request on the grounds that it was bound by the EU Safe Harbour agreement of 2000 which allows companies to transfer EU citizens' data to the United States because it is held to have sufficient privacy safeguards in place.

The European Court of Justice Advocate General Yves Bot will deliver his opinion in Luxembourg on Wednesday at around 9:30 CET. While the court's judges are not bound by the opinion, they follow it in most cases.

Today, in case Case C-362/14 Maximillian Schrems v Data Protection Commissioner, Advocate General Yves Bot takes the view that the existence of a Commission decision finding that a third country ensures an adequate level of protection of the personal data transferred cannot eliminate or even reduce the national supervisory authorities’ powers under the directive on the processing of personal data. He considers furthermore that the Commission decision is invalid.

Please read the press release and the full opinion here.

On 6 October 2015, the European Court of Justice (ECJ) invalidated the Safe Harbor, the agreement concluded in 2000 with the USA in order to give a legal framework to data transfers between the European Union and the USA. The W29, a working group bringing together all Member States' national data protection authorities, waited until the end of January for the European Commission to draft a new agreement taking into account the requirements of the ECJ. This agreement called "Privacy Shield" was announced on 2 February but only contains vague promises.

A decision of the district court Hamburg caused legal uncertainty by following the arguments of the latest ECJ judgement: According to the district court, a person operating a website that contains a link to illegal content is liable for this content as long as he somehow intents to realize a profit by running the website. This would potentially affect all companies and freelancer running own websites.