28 November 2024
The Future of GDPR Enforcement
The ongoing trilogue negotiations on the GDPR procedural regulation aim to address significant enforcement shortcomings. From strengthening complainants' rights to harmonising Data Protection Authorities' discretion and improving cross-border cooperation, these discussions carry major implications for data protection in Europe. This analysis highlights the urgent need for reforms to ensure effective and fair enforcement. Continue reading >>
0 
28 August 2024
Strengthening the EU Legal Edifice for Data Transfers
GDPR provides the rulebook for international transfers of personal data from the EU and serves as the vehicle through which EU data protection law interacts with the wider world. However, the EU seems ambivalent about deciding how far it can expect third countries to adopt data protection standards similar to its own. Moreover, DPAs often fail to scrutinize data transfers to third countries that may lack the rule of law. Finally, the EU lacks a comparative methodology for assessing data protection equivalence in third countries. It is essential for the EU to elevate the public discourse so that the global significance of data transfers is recognized. Continue reading >>
0
14 August 2024
In the Shadows
Recent investigations by Netzpolitik and the German public service broadcaster Bayerischer Rundfunk into the company Datarade have shed light on a part of the digital economy that has so far operated mainly in the background: data trading. The key players in this sector are data brokers, whose business model is to trade in (non-)personal data. Data trading is a multi-billion-dollar component of the global digital economy and not a new phenomenon. This article outlines the legal implications of data trading in the context of the GDPR, the DSA and the AI Act. Continue reading >>
0
19 July 2024
Proximity, Amicable Settlements, and how the EU Guts GDPR Enforcement
The EU legislator is working on a new Regulation to modify the GDPR. Unfortunately, the reform features deeply troubling elements. It seeks to mainstream a controversial Irish approach to dealing with data protection complaints, namely “amicable settlements” between individuals and digital corporations. Further, and rather problematically, the reform foreshadows the end of the principle of proximity. Gutting – or at least eroding – the proximity principle should ring alarm bells for anyone concerned with effective judicial remedies in the EU. Continue reading >>
0
14 December 2023
To Score Is to Decide
Can the act of assigning a score to someone constitute a decision? This, in essence, is the question the Court of Justice of the European Union (CJEU) had to answer in Case C-634/21. And the Court’s answer is yes, following in the footsteps of the Advocate General’s opinion on the case. Rendered on 7 December, this ruling was eagerly awaited as it was the first time the Court had the opportunity to interpret the notorious Article 22 of the General Data Protection Regulation (GDPR) prohibiting decisions “based solely on automated processing". Continue reading >>
0
06 September 2023
Europe’s Digital Constitution
In the United States, European reforms of the digital economy are often met with criticism. Repeatedely, eminent American voices called for an end to Europe’s “techno-nationalism.” However, this common argument focusing on digital protectionism is plausible, yet overly simplistic. Instead, this blog post argues that European digital regulations reflect a host of values that are consistent with the broader European economic and political project. The EU’s digital agenda reflects its manifest commitment to fundamental rights, democracy, fairness, and redistribution, as well as its respect for the rule of law. These normative commitments, and the laws implementing those commitments, can be viewed in aggregate as Europe’s digital constitution. Continue reading >>
0
21 July 2023
Rechtsgut Datenschutz?
Während materielle Schadensersatzansprüche für Datenschutzverletzungen in der Praxis eine untergeordnete Rolle zu spielen scheinen und verhältnismäßig einfach festzustellen und zu beziffern sind, bereitet die in Art. 82 DSGVO vorgesehene Ersatzfähigkeit immaterieller Schäden den Gerichten Kopfzerbrechen. Eine richtungsweise Entscheidung zu immateriellen Schadensersatzansprüchen für DSGVO-Verletzungen fällte der EuGH Anfang Mai 2023 in der Rechtssache C‑300/21. Es ist das erste Urteil aus einer langen Reihe an Vorabentscheidungsersuchen zur Auslegung des Art. 82 DSGVO. Nach wie vor interpretationsbedürftig bleibt jedoch, wie ein immaterieller Schaden nun konkret festzustellen und zu bemessen ist. Nach einer kurzen Zusammenfassung der Kernaussagen des EuGH befasst sich dieser Beitrag daher mit diesem praxisrelevanten Problem und möchte – insbesondere unter Berücksichtigung etablierter Instrumentarien der deutschen und österreichischen Rechtspraxis – Lösungswege für die mitgliedstaatlichen Gerichte aufzeigen. Continue reading >>19 July 2023
How the Platform Work Directive Protects Workers’ Data
The Commission's proposal of the new platform labour directive came with a core promise to platform workers in the EU: to recognize the impact algorithmic management has on their working conditions. In doing so, the directive seeks to clarify and strengthen data rights of workers, regardless of whether they are classified as employees or not. This blog post argues that the main achievement of the proposed Directive is to clarify and reframe existing norms about automated decision-making in a way that shifts attention from data to working conditions. While the specific proposed provisions do not go far beyond norms already established in the General Data Protection Regulation, they are reframed in a way that clarifies that digital labour platforms have the responsibility to ensure fairness, transparency and accountability when making decisions that rely on algorithms. Continue reading >>
0
07 July 2023
Competition law as a powerful tool for effective enforcement of the GDPR
It looks like a good week for data protection. On Tuesday, the Commission presented a new proposal for a Regulation on additional procedural rules for the GDPR, and a few hours later, the ECJ published its decision C-252/21 on Meta Platforms v Bundeskartellamt (Federal Cartel Office). While the Commission's proposal to improve enforcement in cross-border cases should probably be taken with a pinch of salt, the ECJ ruled on some things with remarkable clarity. The first reactions to the ruling were quite surprising; few had expected the ECJ to take such a clear stance against Meta's targeted advertising business model. It does however represent a consistent interpretation of the GDPR in the tradition and understanding of power-limiting data protection. Continue reading >>
0
16 June 2023
The GDPR’s Journalistic Exemption and its Side Effects
On 25 May 2023, we mark the fifth anniversary of the General Data Protection Regulation’s (GDPR) full application in the European Union (EU). While the Regulation is primarily known for its impact on business, it also fostered significant changes to data processing by media outlets, which are often overlooked in discussions about data protection. This blog post analyzes what is commonly called the ”journalistic exemption” under Article 85 of the GDPR that requires Member States to regulate the extent to which GDPR applies to journalists and others writing in the public interest. Further, this contribution reflects on how exactly that journalistic exemption is implemented across the Member States, and considers the problematic consequences of the GDPR’s uneven application to the media sector, including instrumentalization of GDPR in the strategic litigation (SLAPPs) against journalists. Continue reading >>
0