readenglishbook.com » Law » GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗

Book online «GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗». Author Adv. Prashant Mali



1 ... 32 33 34 35 36 37 38 39 40 ... 71
Go to page:
delay in transposing the Directive was due to the new distribution of ministerial powers following a change in its internal government. The Court ruled that a Member State may not plead provisions, practices or circumstances in its internal legal system in order to justify a failure to comply with obligations and time limits laid down in a Directive, and thus a violation had occurred.

 

C-465/00 AND C-138/01, RECHNUNGSHOF V. OSTERREICHISCHER RUNDFUNK, 20.5.2003 (“RECHNUNGSHOF”)

Reference for a preliminary ruling by the Austrian Constitutional and Supreme courts. National legislation required public bodies subject to the control of the Rechnungsh of (Court of Audit) to communicate to it the salaries and pensions exceeding a certain level paid by them to their employees and pensioners, together with the names of the recipients, for the purpose of it drawing up an annual report to be transmitted to the federal and provincial legislatures, and the general public. The defendants, subject to this requirement, refused, claiming that they are not obliged to communicate such data relating to income on grounds of data protection requirements.

Questions referred: (1) Whether data protection law precludes national legislation which requires a state body to collect and transmit data on income for the purpose of publishing the names and income of various state employees; (2) Whether provisions precluding such national legislation are directly applicable, in the sense that the persons obliged to disclose may rely on them to prevent the application of the national provisions.

Scope of Directive 95/46: Applicability of Directive 95/46 cannot depend on whether the specific situations at issue have a sufficient link with the exercise of the fundamental freedoms guaranteed by the Treaty (here free movement of workers). The EU system of data protection has a wide scope, is defined in very broad terms, and does not depend on whether, in every specific case, the processing of personal data has a connection to the free movement between the Member States. A contrary interpretation could make the limits of the field of application of the Directive unsure

and uncertain. The system consists of checks and balances in which processing of personal data is subject to a number of conditions and limitations.

Article 8 ECHR: Provisions of Directive 95/46, insofar as they govern the processing of personal data liable to infringe fundamental freedoms, in particular the right to privacy, must be interpreted in light of that right, which forms an integral part of the general principles of EU law. Article 8 ECHR states that public authorities must not interfere with the right to respect for private life, unless it is in accordance with law and is necessary in a democratic society to protect certain interests.

The collection of data by name relating to an individual's professional income, with a view to communicating it to third parties, falls within the scope of Article 8. The ECHR has held that communication of the data infringes the right of the persons concerned to respect for private life.

Regarding necessity, the purpose of the provision was to keep salaries within reasonable limits, which fits within the “economic well-being of the country”. But “necessary” means that a pressing social need is involved and the measure is proportionate to the legitimate aim pursued. The 6 authorities enjoy a margin of appreciation. The interests of the state must be balanced against the seriousness of the interference. The interference is justified only insofar as publication of the names is both necessary and appropriate to the aim of keeping salaries within reasonable limits, which is for the national court to examine. If not, then the interference also constitutes a violation of Articles 6 and 7 of Directive 95/46.

Direct applicability: Wherever provisions of a directive appear to be unconditional and sufficiently precise, they may, in the absence of implementing measures adopted within the prescribed period, be relied on against any incompatible national provision, or insofar as they define rights which individuals are able to assert against the State.

 

1.3. C-101/01, LINDQUIST, 6.11.2003 (“LINDQUIST”)

Reference for a preliminary ruling by the Swedish appellate court. Mrs. Lindquist had published on the internet the names, jobs, hobbies, telephone numbers, family circumstances etc. of 18 colleagues, as well as the fact that one had injured her foot and was on medical leave. She removed the data as soon as some objected. She was charged with criminal violations of Swedish data protection law.

Questions referred: (1) Whether the mention of a person, by name or with name and telephone number, on an internet home page is an action which falls within the scope of Directive 95/46; (2) If so, whether the loading of information of this type about work colleagues onto a private home page which is accessible to anyone who knows its address is covered by one of the exceptions under Article 3(2) of Directive 95/46; (3) Whether information on a home page stating that a named colleague has injured her foot and is on half-time on medical grounds is personal data concerning health which, according to Article 8(1), may not be processed; (4) Whether the

loading of the data onto the home page, with the result that the data becomes accessible to people in third countries, constitutes a transfer to a third country; (5) Whether a Member State can provide more extensive protection for personal data than the directive.

Definition of personal data: The name of a person in conjunction with his/her telephone number, and information about working conditions or hobbies constitute personal data. Definition of processing: The operation of loading personal data on an internet page must be considered to be processing.

Scope of Directive 95/46: Loading personal data on an internet page is processing by automatic means.

Processing for purely personal or household activity: Mrs. Lindquist's activities were mainly charitable and religious, but these are not covered by the exceptions in Article 3(2) of the Directive and cannot be considered exclusively personal or domestic.

Sensitive personal data: Reference to the fact that an individual has injured her foot and is on medical leave constitutes personal data concerning health within the meaning of Article 8(1), as that provision must be given a wide interpretation so as to include all aspects, both physical and mental, of the health of an individual.

Transfers to third countries: The publication on the internet did not constitute a transfer, as an internet user would have to connect to the internet and personally carry out the necessary actions to consult those pages. Mrs. Lindquist's internet pages did not contain the technical means to send that information automatically to people who did not intentionally seek access. There is no transfer of data to a third country within the meaning of Article 25 of the Directive when an individual in a Member State loads personal data onto an internet page which is stored with his/her hosting provider in that or another Member State, thereby making the data accessible to anyone who connects to the internet, including people in a third country.)

Balancing fundamental rights: The data protection and freedom of expression must be balanced against each other, and the regime of the Directive provides in itself multiple mechanisms allowing a balancing of the different fundamental rights to be carried out. Therefore, it is not a disproportionate violation of the principle of freedom of expression.

Transposition/Harmonisation: The Directive envisages complete harmonisation, thus Member States must adopt national legislation conforming to the regime of the Directive. However, certain provisions of the Directive can explicitly authorize the Member States to adopt more constraining regimes of protection. This must be done in accordance with the objective of maintaining a balance between free movement of personal data and protection of private life. In addition, Member States remain free to regulate areas excluded from the scope of application of the Directive in their own way, provided no other provision of EU law precludes it.

1.4. C-317 AND 318/04, PARLIAMENT V. COUNCIL (PNR), 30.5.2006 (“PNR”)

Action for annulment by the European Parliament of Council Decision 2004/496/EC concerning the conclusion of an agreement between the EU and the USA on the processing and transfer of Passenger Name Record (PNR) data and on the adequacy decision on data transferred to the USA, both of which were adopted on the basis of Directive 95/46. After the 11 September 2011 terrorist attacks, the US passed legislation providing that air carriers operating flights to or from the US or across the US had to provide US customs with electronic access to the data contained in their automated reservation and departure control systems (PNR). Negotiations followed, and in April 2004, the Commission adopted the decision on adequacy and the Council adopted the decision on conclusion of an agreement between the EU and the US on the processing and transfer of PNR data.

Appropriate legal basis:

Adequacy decision: Requirements for transfer were based on a statute enacted by the USA in November 2001 and implementing Regulations adopted thereunder, which concern enhancement of security and conditions under which persons may enter and leave the USA, fighting against terrorism and fighting transnational crime. Thus, the transfer of PNR data is processing concerning public security.

Even though PNR data are initially collected in the course of commercial activity, the processing addressed in the adequacy decision concerns safeguarding public security and law enforcement. The facts that the data are collected by private operators for commercial purposes and that those operators arrange for the transfer of the data to the third country does not prevent that transfer from being regarded as processing excluded from the Directive's scope. Thus, it falls within the first indent of Article 3(2) of the Directive, which excludes from the Directive's scope data protection in the course of activities provided for by Titles V and VI of the EU Treaty. Accordingly, the adequacy decision is annulled.

Agreement: Article 95 of the EC Treaty (internal market) in conjunction with Article 25 of the Directive (transfers to third countries ensuring adequacy) do not justify EU competence to conclude the Agreement. The agreement relates to the same transfers as the adequacy decision, and thus processing operations are outside the scope of the Directive. The Council decision approving the conclusion of the agreement between the EU and the US on the processing of PNR data is annulled.

 

1.5. C-275/06, PROMUSICAE, 29.1.2008 (“PROMUSICAE”)

Reference for a preliminary ruling by the Juzgado de lo Mercantil No. 5 de Madrid. Telefonica had refused to disclose to Promusicae, an NPO acting on behalf of its members who are holders of intellectual property rights, personal data relating to users of the internet who accessed the KaZaA file exchange program and shared files of recordings of Promusicae's members, by means of connections provided by Telefonica. Promusicae wanted to bring civil actions against those persons.

Question referred: Whether EU law permits Member States to limit the duty of operators of telecom networks to supply traffic data.

Balancing fundamental rights: The requirements of protection of different fundamental rights must be reconciled, namely the right to respect for private life on the one hand and rights to protection of property and an effective remedy on the other hand. Directive 2002/58 provides rules determining in what circumstances and to what extent personal data processing is lawful and what safeguards must be provided.

Transposition/Harmonisation: Directives 2000/31, 2001/29, 2004/48 and 2002/58 do not require Member States to lay down an obligation to communicate personal data in order to ensure effective protection of copyright in civil proceedings, nor does it oblige them to impose such an obligation. However, when transposing various intellectual property Directives, Member States must take care to interpret them such that there is a fair balance struck between the various fundamental rights protected by the Community legal order. Further, when implementing the national law transposing those Directives, authorities and courts of the Member States must interpret them in a manner consistent with the Directives and make sure that the interpretation does not conflict with those fundamental rights or other general principles of Community law, such as the proportionality principle.

 

1.6. C-301/06, IRELAND V. PARLIAMENT AND COUNCIL, 10.2.2009 (“IRELAND”)

Action for annulment by Ireland regarding Directive 2006/24/EC on the retention of electronic communication data on the ground that it was not adopted

1 ... 32 33 34 35 36 37 38 39 40 ... 71
Go to page:

Free e-book «GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗» - read online now

Comments (0)

There are no comments yet. You can be the first!
Add a comment