Agrégateur de flux

Constantin Film Verleih
Rapprochement des législations
Lors d’un téléversement illégal d’un film sur une plateforme en ligne, telle que YouTube, le titulaire peut, en vertu de la directive relative au respect des droits de propriété intellectuelle, réclamer de l’exploitant uniquement l’adresse postale de l’utilisateur concerné, mais non son adresse courriel ou IP ou son numéro de téléphone

Raiffeisen Bank
Rapprochement des législations
Une réglementation nationale peut prévoir un délai de prescription pour l’action en restitution fondée sur une clause abusive dans un contrat conclu entre un professionnel et un consommateur

Verein für Konsumenteninformation
Espace de liberté, sécurité et justice
Un constructeur automobile dont les véhicules illicitement manipulés sont revendus dans d’autres États membres peut être attrait devant les juridictions de ces États

Land Hessen
Principes du droit communautaire
La commission des pétitions du parlement d’un État fédéré d’un État membre est soumise au règlement général sur la protection des données

Banca Transilvania
Rapprochement des législations
Une clause contractuelle n’ayant pas été négociée mais reflétant une règle qui, selon la loi nationale, s’applique entre les parties lorsqu’aucun autre arrangement n’a été convenu à cet égard, ne relève pas du droit de l’Union relatif aux clauses abusives dans les contrats conclus avec les consommateurs

Naturschutzbund Deutschland - Landesverband Schleswig-Holstein
Environnement et consommateurs
Les personnes morales de droit public peuvent être responsables des dommages environnementaux causés par des activités exercées dans l’intérêt de la collectivité en vertu d’un transfert légal de mission, telles que l’exploitation d’une station de pompage à des fins de drainage de surfaces agricoles

Toni Marzal (University of Glasgow) has posted From World Actor to Local Community: Territoriality and the Scope of Application of EU Law on SSRN.

The abstract reads:

This chapter offers a reconstruction of the case law of the Court of Justice of the European Union in relation to the territorial scope of application of EU law. Thus, it will focus on the manner in which the Court approaches the question of whether EU law should apply to cases that are at least partly connected to non-EU jurisdictions. This is a topic that has attracted significant interest in recent years from EU lawyers as well as experts in public and private international law, given in particular how EU law has been said to take the role of a ‘world actor’ in tackling problems that lack a clear geographical basis, such as the protection of personal data, environmental degradation or competition law. Under the most common understanding, the question of the territorial applicability of EU law is essentially a functional one: the scope of application of EU law will be that which is required by the effective pursuit of whatever goal is at stake, which may mean that in many instances it will apply ‘extraterritorially’. It will however be argued that this leaves aside an important dimension of the territorial applicability of EU law – its contribution to the construction of the EU legal system as a ‘local community’. Indeed, the EU legal system should not only be seen as an institutional tool in the promotion of certain objectives, but should also be understood as a space of inclusion and exclusion. It will not only be argued that this is a necessary dimension to EU law’s scope of application, but also that this dimension is already present in the case law. This will be seen through a study of three different lines of cases, where the Court deduces the applicability of EU law from the location of a legal relationship, the imperativeness of the particular EU legal regime, and the integrity of the EU legal system as a whole.

The paper is forthcoming in L. Azoulai (ed), European Union Law and Forms of Life. Madness or Malaise? (Hart Publishing, 2020).

Avocat

Responsabilité pénale

Surpopulation carcérale - Détention provisoire

By Anubhav Das (National University of Advanced Legal Studies, Kochi) and Aditi Jaiswal (Ram Manohar Lohia National Law University, Lucknow)

The internet brought significant changes in society, leading to a massive collection of data which necessitated legislation to regulate such data collection. The European Union enacted the General Data Protection Regulation, 2016(Hereafter GDPR), replacing the Data Protection Directive, 1995. Meanwhile, India, which currently lacks a separate data protection legislation, is in the process of enacting the Personal Data Protection Bill, 2019 (Hereafter PDP). The PDP has been introduced in the Indian parliament and is currently under the scrutiny of a parliamentary committee. The primary purpose of these legislations is the protection of informational privacy.

Even though GDPR and PDP follow the same set of data protection principles, but, there exists an inevitable conflict between the two. This conflict determines the applicability of the legislation on the data subject. The territorial scope of GDPR and the PDP makes it clear that both overlap each other and this overlap can be used by companies involved in data processing or collection, to circumvent the civil liability arising under the laws. This post analyses the conflict between both the laws and in conclusion, it will suggest a way to overcome such an issue.

Territorial Scope: GDPR and PDP   

Article 3 of the GDPR provides for the territorial applicability of the law. The Regulation applies to the processing of personal data by a controller or a processer. According to Article 3(1), any controller or processer that is established in the member state (European Union) shall fall under the scope of the GDPR. In other words, any company which has an office in the European Union shall come within the purview of the GDPR. Article 3(2) states that even if any processer or controller is not established in the European Union, but if they are offering goods or services irrespective of payment or monitoring behaviour in the European Union, then they will also fall under the scope of GDPR.

On the other hand, the PDP provides for the territorial applicability under Section 2. It applies to the processing of personal data by data fiduciary (similar to the controller under GDPR) and data processer (similar to processer under GDPR). Section 2(A) (a) states that if personal data is collected, disclosed, shared or otherwise processed within the territory of India, then it shall fall under the PDP. Section 2(A) (b), makes it applicable to the State, any Indian company, any citizen of India or any person or body of persons incorporated or created under Indian law. Section 2 (A) (c) makes it applicable to data fiduciary or data processor which are not in India but are processing in connection with any business carried on in India, or any systematic activity of offering goods or services to data principals within the territory of India or any activity concerning the profiling of data principle.

The Overlap of Jurisdiction

The internet has provided a way for companies to operate anywhere without the existence of an entity in a particular country. This also includes those companies which deal with data. In the context of Europe and India, a company doesn’t need to have an entity in Europe or India to operate and do business. Thus, an Indian company can easily do business related to data in Europe without any real existence in Europe and vice versa. Consequently, the problem that arises concerning data protection laws is complicated. An Indian company will fall under the purview of the PDP as per Section 2(A) (b) but at the same time if this Indian company also deals with ‘personal data for offering goods or services’ in the European Union, then it will also be regulated by the provisions of the GDPR.

Similarly, a European company ‘collecting data in India’ will fall under the scope of both PDP and GDPR. It is a matter of fact that judicial courts do not have jurisdiction over foreign land. Hence, no monetary damages can be imposed on companies which operate from Europe by using PDP or companies operating from India by using GDPR.

A European company or an Indian company can also claim that there is proper compliance with GDPR or PDP, respectively. In the context of Europe and India, a company only needs to follow the data protection law of the land from where it operates even though such an act violates data protection law of the other jurisdiction. This is possible as GDPR and PDP differ from each other on every key and essential aspect such as the very meaning of personal data.

The Difference and its Implications

The primary purpose of GDPR and PDP is the protection of personal data. But, the definition of personal data differs when GDPR is compared with PDP. The reason why such a description is essential is that a substantial part of both laws is based on the processing of personal data. This includes fair consent, purpose limitation, storage limitation, rights of data principle etc. Such aspects, when read with the territorial scope of both the laws, outlines the applicability of its provisions. The table below shows the difference in the definition of personal data.

 

 

GDPR PDP   Personal data means any information relating to an identified or identifiable natural person (‘data subject’).

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; Personal data is data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, whether online or offline, or any combination of such features with any additional information, and shall include any inference drawn from such data for profiling.

 

Note – Underlined are the parts which show that it is not present in the other law.

Both GDPR and PDP refer to personal data as information/data relating to identified/identifiable natural person. At the same time, the nuances of what constitutes an identifiable natural person differ significantly as both use different terminology which creates a diversion in the meaning of the personal data.

Deviation 1 – PDP provides for words such as ‘any other feature of identity, a combination of such feature with other information, any inference drawn for profiling’, in the meaning of an identifiable natural person. These terms can be interpreted more liberally and will probably be explained by courts in India and shall have an evolving meaning. GDPR, on the other hand, provides for specific terms like ‘physical, physiological, genetic, mental, economic, cultural, social identity’. Hence, European Courts will have to interpret personal data by mandatorily considering such terms, making it’s scope narrower when compared to PDP in this context.

Deviation 2 – Terms such as ‘identification number’ and ‘location data’ is mentioned explicitly in GDPR and not in PDP, making PDP narrower in scope here.

This above discussion can be easily understood with the help of the following figure –

Deviation 1 – The green circle represents inference in PDP. The blue circle represents inference in GDPR. The green stripe represents personal data which is covered in PDP and not covered in GDPR.

Deviation 2 – The yellow circle represents personal data in GDPR. The red circle represents personal data in PDP. The yellow stripe represents personal data which is covered in GDPR and not covered in PDP.

In the figure above, in Deviation 1, the green strip represents that personal data, which when processed by a company shall not fall under the scope of GDPR even though it shall be under the scope of the PDP. Such a difference implies that companies falling under the territorial ambit of both the laws, can follow one and circumvent the other.

A European company can process personal data represented in the green strip from India, and for that, it doesn’t need to comply with GDPR as that data is not personal data under GDPR. Now even though, there is a violation of the provisions under PDP the company can escape liability as Indian courts do not have jurisdiction in Europe, and European Courts cannot adjudge the matter as it falls outside the material scope of GDPR. The vice versa will happen if the case of deviation two is considered.

The consequence of such inconsistencies will be faced by data subjects who won’t be able to claim damages provided under their respective data protection law. One of the ways to ensure that damages can be claimed is by harmonising the data protection laws which can only be done by international cooperation.

The Need For International Cooperation in Data Protection

The existence of such issues in the framework of GDPR and PDP is not because of the extraterritorial application. Advocating against the extraterritorial application to resolve the problem of overlap in the jurisdiction of data protection laws would only give rise to more infringement of informational privacy of data subjects by foreign companies. This, in turn, will be detrimental for the very purpose for which data protection legislation is enacted.

The requirement at present is to harmonise the key definitions such as personal data in the data protection legislation. This will ensure that a right of action lies in both GDPR and PDP. Even if a foreign company cannot be dragged to the national court, harmonisation will at least ensure that a data subject has a right to seek damages in the international court.

The aspect discussed in this article is regarding two jurisdictions. However, consider, for instance,  the complications that could arise when more than two jurisdictions are involved. To illustrate, an Indian Company having an office in Canada and that office is doing business in data from the European Union. In such cases, the best way to ensure data protection rights is by harmonisation, and this can only be achieved with the help of international cooperation. Thus, data protection in the age of internet needs multilateral international agreements.

Conclusion

The international regime of data protection is complicated in today’s world. There is no proper international agreement which governs the data protection legislation across the globe, which resulted in a difference in the critical terms of data protection when GDPR and PDP are compared. This, in – turn can be used by corporates to get away with liability. So, the aim must be not to let anyone violate the data protection principles by using this inconsistency and get away with it. To deal with this and safeguard the privacy of data subject, international cooperation in data protection is essential.

 

 

 

BRF et SHB Comercio e Industria de Alimentos / Commission
SANT
Le Tribunal rejette la demande formée par deux producteurs de viande brésiliens tendant à l’annulation du règlement ayant pour effet d’interdire, pour des motifs de santé publique, l’exportation, vers l’Union, de certains produits d’origine animale en provenance d’établissements appartenant auxdits producteurs

Infineon Technologies / Commission
Concurrence
Le Tribunal ordonne la réduction de près de 6 millions d’euros du montant de l’amende infligée à Infineon pour sa participation à une entente sur le marché des puces pour cartes qui passe de 82 784 000 à 76 871 600 euros

VQ / BCE
Politique économique
Le Tribunal rend ses quatre premiers arrêts portant sur des décisions de la Banque centrale européenne (BCE) infligeant des sanctions pécuniaires au titre de la surveillance prudentielle des établissements de crédit

Mr Villiers reacted to Villiers v Villiers [2020] UKSC 30 with a letter in the FT yesterday, set against the general background of ‘divorce tourism’ said to have been encouraged by the Supreme Court ruling last week. Ms Villiers now lives in England however the majority of the marriage was spent in Scotland which is also where divorce proceedings were issued.

Sales J for the majority summarises the legislative background at 8:

The national legislation governing jurisdiction in cross-border cases is primarily contained in the Civil Jurisdiction and Judgments Act 1982 (“the CJJA 1982”). That Act gave effect in domestic law to the [1968] Brussels Convention… [which] was amended on the association of Denmark, Ireland and the United Kingdom in 1978. It was replaced as the principal instrument governing jurisdiction in cross-border cases between member states of the European Union by [Brussels I] which in large part replicated the provisions of the Brussels Convention. The CJJA 1982 was amended to refer to and give effect in domestic law to the Brussels Regulation. The Brussels Regulation has been replaced by [Brussels Ia].

The Brussels Convention did not apply to issues of the status of natural persons, including marriage, nor to rights in property arising out of a matrimonial relationship (article 1(1)), but it did apply in respect of claims for maintenance. This was later carved out and titled into a separate Regulation, the Maintenance Regulation 4/2009. The UK until Brexit day chose to apply the Regulation intra-State, too, i.e. between the constituent parts of the Kingdom. 

Lord Sales posits that all in all, the application of the jurisdictional rules is ‘straightforward’ (at 25) however his needing 32 paras to set out the test somewhat belies that statement, as does Lord Wilson’s and Lady Hale’s lengthy dissent at 93 ff. (and Lady Black’s at

There is no forum non conveniens rule in the Maintenance Regulation. The CJEU held so in C-468/18 R v P and Lord Sales refers to that judgment.

The only viable route to a stay of the jurisdiction in principle of the English courts, the place of habitual residence of Mrs Villiers, the maintenance creditor, is via the ‘related actions’ gateway of A13 of the Regulation. Are the husband’s divorce proceeding in Scotland a “related action” for the purposes of A13? And, pursuant to that provision, should the English court decline jurisdiction in respect of the wife’s maintenance claim? At 45 Sales LJ holds that to be related actions, they must refer

‘primarily to maintenance claims of the kind to which the special regime in the Regulation applies. If the position were otherwise, and the word “actions” meant legal proceedings of any kind whatever, that would undermine the fundamental object of the Maintenance Regulation that a maintenance creditor has the right to choose in which jurisdiction to claim maintenance. On such a reading, there would be a substantial risk that this object of the Maintenance Regulation would be undermined by the commencement of proceedings by the maintenance debtor according to the jurisdictional provisions of instruments other than the Maintenance Regulation, laid down in pursuance of entirely different jurisdictional policies than that reflected in the Maintenance Regulation.’

At 48 he adds obiter (for the husband’s suit in Scotland here concerned the divorce and the divorce only) that contra to the likely position in Moore v Moore [2007] EWCA Civ 361, even a maintenance debtor’s claim for distribution of family property with an impact on maintenance, cannot be a related action for the purposes of A13: for it would hand the debtor a torpedo against the creditor’s Regulation-protected choice.

It is on the issue of related actions that Lord Wilson and Lady Hale disagree at 147 ff., with Lord Wilson adding an arguably stinging postscript at 172 ff. At 162 Lord Wilson refers to A13(2) as ‘the dog. The reference to “irreconcilable judgments” is no more than the tail.’ A wide interpretation therefore of A13 (Lady Black, consenting with Sales, at 85 puts more emphasis in the irreconcilability of the judgments).

A most interesting to and fro of arguments and one which post Brexit will be recommended reading for the continuing application of the Maintenance Regulation in the EU.

Geert.

 

Maintenance regulation Brussels II, applied intra-State (UK) by incorporation by that Member State.
Application of lis alibi pendens. Non-existence of forum non conveniens. Distinction with matrimonial Regulation. https://t.co/AllsUqm05Q

— Geert Van Calster (@GAVClaw) July 1, 2020