The sharpening of EU Data Protection Law in the online environment by the CJEU

Abstract : In less than eighteen months, the Court of Justice of the European Union has drastically sharpened the European Data Protection Law, and considerably upheld the two fundamental rights to privacy and to the protection of personal data, as set forth in Article 7 and Article 8, respectively, of the Charter of Fundamental Rights of the European Union. It mainly took the CJUE three landmark rulings to achieve this result: the invalidation of the European Data Retention Directive on 8 April 2014; the recognition of a so-called ‘Right to be forgotten’ on 13 May 2014; and the invalidation of the so-called ‘Safe Harbour’ decision on 6 October 2015 - whereby the European Commission’s acknowledged the compliance of a third country data protection scheme with the EU law, thus restricting the power of national supervisory authorities to examine it. After a brief reminder of these three cases and their circumstances, the proposed paper will analyse their consequences in the European Union as well as at the global level. These consequences are multifold: First of all, there rulings ruling have led to major revisions of the European data protection law and policy, as they occurred while the EU General Data Protection Regulation was still in discussion. They impacted, inter alia, the provisions on a ‘right to be forgotten’, and the ones related to decisions on third countries’ adequacy level. They also led to the replacement of the ‘Safe Harbour’ agreement by another one, the so-called ‘Privacy Shield’. Second, the invalidation of the Data Retention Directive revealed a number of contentions among Member States with regards to such legislation. Some of them, which have been reluctant to transpose this Directive in their national law, have expressed their satisfaction with the ruling. Others, which were instrumental in its adoption, soon started working on an alternative. Third, the rulings, which were issued only some months after Edward Snowden’s revelations on mass surveillance in the USA – as a matter of fact, these revelations were used as arguments by the plaintiff in the third case – revealed how much the CJUE is taking into account the global context and the public debate when it has to decide on cases related to the online domain. Fourth, in the case of the ‘Right to be forgotten’, the paper will show that this very controversial ruling, which actually sparked a heated debate in Europe as well as at the global level, not only is emblematic of the difficult balance of rights (here, the right to privacy and personal data protection vs. the right to freedom of expression), but also might well lead to serious issues from the rule of law perspective, as it empowers private actors – and, on top of this, US private actors – with the capacity to judge whether a given online content should be removed (or de-indexed) from the public domain.
Type de document :
Communication dans un congrès
2017 ECPR General Conference, Sep 2017, Oslo, Norway. 〈https://ecpr.eu/Events/EventDetails.aspx?EventID=96〉
Liste complète des métadonnées

https://halshs.archives-ouvertes.fr/halshs-01672922
Contributeur : Meryem Marzouki <>
Soumis le : mercredi 27 décembre 2017 - 18:33:17
Dernière modification le : samedi 24 novembre 2018 - 01:46:05

Identifiants

  • HAL Id : halshs-01672922, version 1

Collections

Citation

Meryem Marzouki. The sharpening of EU Data Protection Law in the online environment by the CJEU. 2017 ECPR General Conference, Sep 2017, Oslo, Norway. 〈https://ecpr.eu/Events/EventDetails.aspx?EventID=96〉. 〈halshs-01672922〉

Partager

Métriques

Consultations de la notice

95