Agrégateur de flux

Izsák et Dabis / Commission
Citoyenneté européenne
Le Tribunal confirme que la proposition d’initiative citoyenne européenne visant à promouvoir le développement des zones géographiques peuplées par des minorités nationales ne peut pas être enregistrée

This post has been written by Martina Mantovani.

On 4 May 2016, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, or GDPR) was published on the Official Journal. It shall apply as of 25 May 2018.

Adopted on the basis of Article 16(2) TFEU, the Regulation is the core element of the Commission’s Data protection reform package, which also includes a Directive for the protection of personal data with regard to the processing by criminal law enforcement authorities.

The new measure aims at modernising the legislative framework for data protection, so as to allow both businesses and citizens to seize the opportunities of the Digital Single Market.

First and foremost, businesses will benefit from a simplified legal landscape, as the detailed and uniform provisions laid down by the GDPR, which are directly applicable throughout the EU, will overcome most of the difficulties experienced with the divergent national implementations of Directive 95/46/EC, and with the rather complex conflict-of-law provision which appeared in Article 4 of the Directive.

Nevertheless, some coordination will still be required between the laws of the various Member States, since the new regime does not entirely rule out the relevance of national provisions. As stated in Recitals 8 and 10, the GDPR ‘provides a margin of manoeuvre for Member States’ to restrict or specify its rules. For example, Member States are allowed to specify or introduce further conditions for the processing depending, inter alia, on the nature of the data concerned (Recital 53 refers, in particular, to genetic, biometric, or health-related data).

Secondly, the new Regulation marks a significant extension of the extraterritorial application of EU data protection law, with the express intent of leveling the playing field between European businesses and non-EU established companies operatig in the Single Market. In delimiting the territorial scope of application of the new rules, Article 3 of the GDPR borrows on the case-law of the Court of Justice regarding Article 4 of Directive 96/45/EC. Pursuant to Article 3(1), the Regulation applies to any processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, ‘regardless of whether the processing itself takes place within the Union or not’ (along the lines of the Google Spain case).

Moreover, Article 3(2) refers to the targeting, by non-EU established controllers and processors, of individuals ‘who are in the Union’, for the purposes of offering goods or services to such subjects or monitoring their behaviours. This connecting factor, further specified by Recital 23 in keeping with the findings of the Court of Justice in Weltimmo, is somehow more specific than the former ‘equipment/means’ criteria set out by the Directive (cfr. Opinion 8/2010 of the Working Party on the Protection of Individuals with regard to the processing of personal data, on applicable law).

One of the key innovations brought along by the GDPR is the so-called one-stop-shop mechanism. The idea, in essence, is that where a data controller or processor processes information relating to individuals in more than one Member State, a supervisory authority in one EU Member State should be in charge of controlling the controller’s or processor’s activities, with the assistance and oversight of the corresponding authorities of the other Member States concerned (Article 52). It remains to be seen whether the watered down version which in the end found its way into the final text of the Regulation will effectively deliver the cutting of red tape promised to businesses.

The other goal of the GDPR is to provide individuals with a stronger control on their personal data, so as to restore consumers’ trust in the digital economy.  To this end, the new legislative framework updates some of the basic principles set out by Directive 95/46/EC — which are believed to ‘remain sound’ (Recital 9) — and devises some new ones, in order to further buttress the position of data subjects with respect to their own data.

The power of individuals to access and control their personal data is strengthened, inter alia, by the introduction of a ‘right to be forgotten’ (Article 17) and a right to data portability, aimed at facilitating the transmission of personal data between service providers (Article 20). The data subject additionally acquires a right to be notified, ‘without undue delay’ of any personal data breach which may result in ‘a high risk to [his or her] rights and freedoms’ (Article 33).

The effective protection of natural persons in relation to the processing of personal data also depends on the availability of adequate remedies in case of infringement. The Regulation acknowledges that the infringement of the rules on the processing of personal data may result in physical, material or non-material damage, ‘of varying likelihood or severity’ (Recital 75). The two-track system has been maintained, whereby the data subject is entitled to lodge a complaint against the data controller or processor either with the competente courts (Article 79) or with the competent supervisory authority (Article 77). Furthermore, pursuant to Article 78, any legally binding decision of a supervisory authority concerning the position of a data subject — or the lack of thereof — may be appealed before the courts of the Member State where the supervisory authority is established.

The GDPR additionally sets forth an embryonic procedural regime for proceedings in connection with the alleged infringement of data protection legislation.

In the first place, it introduces two unprecedented special rules of jurisdiction, the application of which should not be prejudiced, as stated in Recital 147, by ‘general jurisdiction rules such as those of Regulation (EU) No 1215/2012’, ie, the Brussels Ia Regulation on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (by the way, the primacy of the GDPR over Brussels Ia could equally be asserted under Article 67 of the latter Regulation). Article 79 of the GDPR provides that the data subject who considers that his or her rights under the Regulation have been infringed, may choose to bring proceedings before the courts of the Member State where the controller or processor has an establishment or, alternatively, before the courts of the Member State where the data subject himself or herself resides, unless the controller is a public authority of a Member State acting in the exercise of its public powers. Article 82(6) clarifies that the courts of the same Member State have jurisdiction over actions for compensation of the damage suffered as a result of the said infringements.

Article 81 of the GDPR deals with lis pendens. If proceedings concerning the same activities are already pending before a court in another Member State, any court other than the one first seised has the discretion (not the obligation) to stay its proceedings. The same court may also decide to decline jurisdiction in favour of the court first seized, provided that the latter court has jurisdiction over the proceedings in question and its law permits the consolidation of related proceedings.

Finally, the Regulation includes a provision concerning the recognition and enforcement of ‘any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data’. Pursuant to Article 48, such judgments or decisions may be recognised or enforced solely on the basis of an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State..

This provision mirrors the stance recently taken by some Member States and their representatives in connection to an important cross-border dispute, where a similar question had arisen, which was in fact the object of different solutions on the two sides of the Atlantic.

In fact, in the light of the approach taken by US law enforcement authorities, search warrants seeking access to personal data stored in European data centres are regarded as a form of compelled disclosure, akin to a subpoena, requiring the recipient of the order to turn over information within its control, irrespective of the place in which data is effectively stored. What matters is the sheer existence of personal jurisdiction over the data controller, that is the ISP who receives the warrant, which would enable criminal prosecutors to unilaterally order seizure of the data stored abroad, without necessarily seeking cooperation thorough official channels such as Mutual Legal Assistance Treaties.

Article 48 of the Regulation (EU) 2016/679 may accordingly be read as the EU counter-reaction to these law enforcement claims.

Slovakia and the Netherlands concluded a BIT in 1992 which included an arbitration agreement for disputes between foreign investors and one of the contracting parties. Slovakia became a EU member state in 2004. Later, a health insurance company from the Netherlands that had operated on the Slovakian market obtained an award from an arbitral court in Frankfurt, Germany, granting € 22 million damages against Slovakia.

Slovakia now argues before German state courts that by its accession to the EU its offer for concluding an arbitration agreement had become invalid because of its incompatibility with EU law. The Upper Regional Court (Oberlandesgericht) of Frankfurt, decision of 18 December 2014, docket no. 26 Sch 3/13, decided against Slovakia. By its appeal to the Federal Court of Justice (Bundesgerichtshof) Slovakia continues seeking the setting aside of the arbitral award for lack of jurisdiction of the arbitral tribunal. The Bundesgerichtshof, by its decision of 3 March 2016, docket no. I ZB 2/15, requested the Court of Justice of the European Union to give a ruling on the validity of arbitration agreements in BITs between Member States of the European Union, in particular in light of Articles 344, 267 and 18 I TFEU.

The Bundesgerichtshof expressed its view that there should be no conflict with Articles 344, 267. However, the Court poses the question whether there might be a discrimination against investors of other Member States unable to proceed under equivalent BIT proceedings. Even if this were the case, the Court further holds that the consequence of a dicrimination of this kind would not necessarily be the invalidity of the arbitration clause but rather the access of discriminated investors to the BIT dispute settlement mechanism.

For those who read German, the Court’s press release of today about its decision (full text is not yet available) can be found here:

http://juris.bundesgerichtshof.de/cgi-bin/rechtsprechung/document.py?Gericht=bgh&Art=pm&Datum=2016&Sort=3&nr=74606&pos=1&anz=82

Si terrà a Firenze, il 30 maggio 2016, un corso di aggiornamento professionale dedicato all’applicazione pratica, nell’ordinamento italiano, della Carta dei diritti fondamentali dell’Unione europea, organizzato dal Dipartimento di Scienze Giuridiche dell’Università di Firenze, in collaborazione con la Fondazione per la Formazione Forense dell’Ordine degli Avvocati di Firenze.

[Descrizione del corso] – Il corso si propone di fornire ai partecipanti gli strumenti tecnici e conoscitivi necessari ai fini della corretta applicazione della “Carta dei diritti fondamentali dell’UE” (c.d. Carta di Nizza) nell’ordinamento italiano. … In concreto, la Carta assume rilevanza rispetto a settori di particolare importanza ai fini della tutela giurisdizionale delle persone, quali il diritto dell’immigrazione, il diritto di famiglia e dei minori, il diritto del lavoro e dei consumatori, il diritto antidiscriminatorio. La sua applicazione rispetto alle norme interne, oltre ad essere richiesta ai fini dell’adempimento degli obblighi posti dal diritto dell’Unione, arricchisce gli strumenti di tutela a vantaggio delle persone determinando, in molti casi, una protezione maggiore rispetto a quella fornita dalle fonti interne. Il corso fornirà ai partecipanti le conoscenze necessarie per comprendere se in casi concreti, relativi ai settori di particolare rilevanza, la Carta debba trovare applicazione e con quali conseguenze.

Alcune relazioni avranno ad oggetto i rapporti tra la Carta e la CEDU (Ornella Feraci, Univ. Firenze), il rilievo della Carta nel diritto internazionale privato e processuale europeo, con specifica attenzione alle garanzie dell’equo processo (Olivia Lopes Pegna, Univ. Firenze), nonché la rilevanza della Carta nel diritto internazionale privato europeo della famiglia (Ester di Napoli, Univ. Magna Graecia, Catanzaro).

Per la partecipazione al corso è prevista l’attribuzione di 12 crediti formativi per gli avvocati. Le domande di partecipazione devono essere inviate all’indirizzo email perfezionamenti@adm.unifi.it, entro il 18 maggio 2016.

Maggiori informazioni sono disponibili a questo indirizzo.

On 4 May 2016, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, or GDPR) was published on the Official Journal. It shall apply as of 25 May 2018.

Adopted on the basis of Article 16(2) TFEU, the Regulation is the core element of the Commission’s Data protection reform package, which also includes a Directive for the protection of personal data with regard to the processing by criminal law enforcement authorities.

The new measure aims at modernising the legislative framework for data protection, so as to allow both businesses and citizens to seize the opportunities of the Digital Single Market.

First and foremost, businesses will benefit from a simplified legal landscape, as the detailed and uniform provisions laid down by the GDPR, which are directly applicable throughout the EU, will overcome most of the difficulties experienced with the divergent national implementations of Directive 95/46/EC, and with the rather complex conflict-of-law provision which appeared in Article 4 of the Directive.

Nevertheless, some coordination will still be required between the laws of the various Member States, since the new regime does not entirely rule out the relevance of national provisions. As stated in Recitals 8 and 10, the GDPR ‘provides a margin of manoeuvre for Member States’ to restrict or specify its rules. For example, Member States are allowed to specify or introduce further conditions for the processing depending, inter alia, on the nature of the data concerned (Recital 53 refers, in particular, to genetic, biometric, or health-related data).

Secondly, the new Regulation marks a significant extension of the extraterritorial application of EU data protection law, with the express intent of leveling the playing field between European businesses and non-EU established companies operatig in the Single Market. In delimiting the territorial scope of application of the new rules, Article 3 of the GDPR borrows on the case-law of the Court of Justice regarding Article 4 of Directive 96/45/EC. Pursuant to Article 3(1), the Regulation applies to any processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, ‘regardless of whether the processing itself takes place within the Union or not’ (along the lines of the Google Spain case).

Moreover, Article 3(2) refers to the targeting, by non-EU established controllers and processors, of individuals ‘who are in the Union’, for the purposes of offering goods or services to such subjects or monitoring their behaviours. This connecting factor, further specified by Recital 23 in keeping with the findings of the Court of Justice in Weltimmo, is somehow more specific than the former ‘equipment/means’ criteria set out by the Directive (cfr. Opinion 8/2010 of the Working Party on the Protection of Individuals with regard to the processing of personal data, on applicable law).

One of the key innovations brought along by the GDPR is the so-called one-stop-shop mechanism. The idea, in essence, is that where a data controller or processor processes information relating to individuals in more than one Member State, a supervisory authority in one EU Member State should be in charge of controlling the controller’s or processor’s activities, with the assistance and oversight of the corresponding authorities of the other Member States concerned (Article 52). It remains to be seen whether the watered down version which in the end found its way into the final text of the Regulation will effectively deliver the cutting of red tape promised to businesses.

The other goal of the GDPR is to provide individuals with a stronger control on their personal data, so as to restore consumers’ trust in the digital economy.  To this end, the new legislative framework updates some of the basic principles set out by Directive 95/46/EC — which are believed to ‘remain sound’ (Recital 9) — and devises some new ones, in order to further buttress the position of data subjects with respect to their own data.

The power of individuals to access and control their personal data is strengthened, inter alia, by the introduction of a ‘right to be forgotten’ (Article 17) and a right to data portability, aimed at facilitating the transmission of personal data between service providers (Article 20). The data subject additionally acquires a right to be notified, ‘without undue delay’ of any personal data breach which may result in ‘a high risk to [his or her] rights and freedoms’ (Article 33).

The effective protection of natural persons in relation to the processing of personal data also depends on the availability of adequate remedies in case of infringement. The Regulation acknowledges that the infringement of the rules on the processing of personal data may result in physical, material or non-material damage, ‘of varying likelihood or severity’ (Recital 75). The two-track system has been maintained, whereby the data subject is entitled to lodge a complaint against the data controller or processor either with the competente courts (Article 79) or with the competent supervisory authority (Article 77). Furthermore, pursuant to Article 78, any legally binding decision of a supervisory authority concerning the position of a data subject — or the lack of thereof — may be appealed before the courts of the Member State where the supervisory authority is established.

The GDPR additionally sets forth an embryonic procedural regime for proceedings in connection with the alleged infringement of data protection legislation.

In the first place, it introduces two unprecedented special rules of jurisdiction, the application of which should not be prejudiced, as stated in Recital 147, by ‘general jurisdiction rules such as those of Regulation (EU) No 1215/2012’, ie, the Brussels Ia Regulation on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (by the way, the primacy of the GDPR over Brussels Ia could equally be asserted under Article 67 of the latter Regulation). Article 79 of the GDPR provides that the data subject who considers that his or her rights under the Regulation have been infringed, may choose to bring proceedings before the courts of the Member State where the controller or processor has an establishment or, alternatively, before the courts of the Member State where the data subject himself or herself resides, unless the controller is a public authority of a Member State acting in the exercise of its public powers. Article 82(6) clarifies that the courts of the same Member State have jurisdiction over actions for compensation of the damage suffered as a result of the said infringements.

Article 81 of the GDPR deals with lis pendens. If proceedings concerning the same activities are already pending before a court in another Member State, any court other than the one first seised has the discretion (not the obligation) to stay its proceedings. The same court may also decide to decline jurisdiction in favour of the court first seized, provided that the latter court has jurisdiction over the proceedings in question and its law permits the consolidation of related proceedings.

Finally, the Regulation includes a provision concerning the recognition and enforcement of ‘any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data’. Pursuant to Article 48, such judgments or decisions may be recognised or enforced solely on the basis of an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State..

This provision mirrors the stance recently taken by some Member States and their representatives in connection to an important cross-border dispute, where a similar question had arisen, which was in fact the object of different solutions on the two sides of the Atlantic.

In fact, in the light of the approach taken by US law enforcement authorities, search warrants seeking access to personal data stored in European data centres are regarded as a form of compelled disclosure, akin to a subpoena, requiring the recipient of the order to turn over information within its control, irrespective of the place in which data is effectively stored. What matters is the sheer existence of personal jurisdiction over the data controller, that is the ISP who receives the warrant, which would enable criminal prosecutors to unilaterally order seizure of the data stored abroad, without necessarily seeking cooperation thorough official channels such as Mutual Legal Assistance Treaties.

Article 48 of the Regulation (EU) 2016/679 may accordingly be read as the EU counter-reaction to these law enforcement claims.

Allemagne / Commission
Aide d'État
Le Tribunal confirme que la loi allemande sur les énergies renouvelables de 2012 (EEG 2012) comportait des aides d’État

Allemagne / Commission
Aide d'État
Le Tribunal confirme que la loi allemande sur les énergies renouvelables de 2012 (EEG 2012) comportait des aides d’État

Allemagne / Commission
Aide d'État
Le Tribunal confirme que la loi allemande sur les énergies renouvelables de 2012 (EEG 2012) comportait des aides d’État

Allemagne / Commission
Aide d'État
Le Tribunal confirme que la loi allemande sur les énergies renouvelables de 2012 (EEG 2012) comportait des aides d’État

The School of Legal and Social Sciences of the Carlos III University of Madrid has issued a call for papers on the topic of International Family Law Reforms.

The initiative, addressed to young researchers, is intended to select the papers that will be presented in the Young Researchers Round Table, in the framework of the  International Congress on International Family Law Reforms, which will be held in Madrid on 17 and 18 November 2016.

The selected papers may also be published on Cuadernos de Derecho Transnacional.

The deadline for the submission of the abstracts (in English or Spanish) is 15 June 2016.

Further information on the call for papers and on the final conference are available here.

 

Michael Bogdan, Concise Introduction to EU Private International Law, 3a ed., Europa Law Publishing, 2016, pp. 230, ISBN 9789089521774, Euro 38.

[Dal sito dell’editore] – This concise book is mainly intended to be used as an introduction to the rules of private international law belonging to the legal system of the European Union. It provides legal practitioners with an overview of this highly complex field of law and can serve as an introductory textbook in elective undergraduate courses and master programs offered today by many law schools both to their own students and to exchange students from other countries. The book will hopefully also be useful as a spring-board towards more profound studies of statutory texts, case law and legal literature.

L’indice dell’opera è consultabile qui. Maggiori informazioni sono disponibili a questo indirizzo.

Dans un rapport de 305 pages rendu public le 9 mai 2016, le Défenseur des droits pointe les difficultés des étrangers résidant en France à faire valoir leurs droits. De son arrivée en France à l’exercice de ses droits fondamentaux, l’étranger est pénalisé par sa situation. 

En carrousel matière:  Oui Matières OASIS:  Néant

en lire plus

Le Conseil d’État a cassé un arrêt de la cour administrative d’appel de Paris qui a jugé qu’un avocat ne pouvait opposer aux services fiscaux le secret professionnel sur l’identité de ses clients.

En carrousel matière:  Non Matières OASIS:  Néant

en lire plus

Les décisions marocaines prononçant la dissolution du lien conjugal ne produisent effet en France que si, notamment, elles sont passées en force de chose jugée et susceptibles d’exécution.

En carrousel matière:  Non Matières OASIS:  Jugement étranger (Procédure civile)

en lire plus