By Jacqueline Clover

The Court of Justice of the European Union (‘CJEU’) has ruled that an analysis produced by an administrative agency to inform and support the agency’s formal decisions (‘legal analysis’) is not of itself “personal data” as defined under Directive 95/46/EC (the ‘EU Data Protection Directive’).  This is the case even where the legal analysis contains information that is clearly “personal data”, such as an individual’s name, date of birth, nationality and gender.  The ruling of 17 July 2014 in Joined Cases C-141/12 and C-372/12 YS v. Minister voor Immigratie, Integratie en Asiel, and Minister voor Immigratie, Integratie en Asiel v. M, S, is available here.

It is an important decision for two reasons.  First, it clarifies the boundaries of what constitutes “personal data” under EU law. And, second, it clarifies that a data subject’s right of access under the EU Data Protection Directive does not necessarily require access to the actual records containing personal data. In some cases, a full summary of the personal data in an intelligible form suffices.

Continue Reading EU Court of Justice clarifies the definition of personal data and scope of access requests

In a judgment laid down on 16 February 2012 in the Case 360/10 Sabam v. Netlog, the Court of Justice of the European Union (CJEU) ruled that EU national courts cannot issue injunctions forcing social networks to monitor their sites for illegal file-sharing because such injunctions would not strike a fair balance between the rights of intellectual property holders, on the one hand, and the rights of social network users to privacy and freedom to receive or impart information, on the other.

The ruling was a response to a request for a preliminary ruling by a Belgian court in a case involving music royalties collecting society, SABAM, and a social networking platform, Netlog.  SABAM had claimed that Netlog’s platform was being used to make music and audiovisual copyright works available to the public without SABAM’s consent and without Netlog paying it any fees.  SABAM sought an injunction under European copyright laws that would have required Netlog to introduce a filtering system to monitor illegal file-sharing by its users. 

The Belgian court referred the case to the CJEU asking the Court to rule whether the fundamental right to privacy and freedom of expression, which are enriched in the EU Charter of Fundamental Rights, would prevent national courts from issuing such injunctions.

The CJEU held that a system, which would filter most of the information which is stored on a social network’s servers in order to identify and block on its servers electronic files containing copyright works, would not only result in a serious infringement of the freedom to conduct business, but would also infringe the social network users’ right to privacy because such system would involve the identification, systematic analysis and processing of personal data connected with the user profiles.  The injunction could also potentially undermine the freedom of information since the filtering system may not have adequately distinguished between unlawful content and lawful content — possibly resulting to the blocking of lawful communications.

Continue Reading EU Court Rules that Forcing Social Networks to Monitor the Internet Infringes Right to Privacy