CJEU

The right to be forgotten: the CJEU sides with Google in two landmark cases

By Nadège Martin (FR) & Nilofar Moini Shabestari (FR) on October 9, 2019

On 24 September 2019 the Court of Justice of the European Union (CJEU) gave two judgments (Cases C-507/17 and C-136/17) ruling that: (i) de-referencing by Google should be limited to EU Member States’ versions of its…

CJEU Judgement: Dynamic IP Addresses Constitute Personal Data

By Christoph Ritzer (DE) on October 21, 2016

On October 19, 2016, the Court of Justice of the European Union (CJEU) decided that the dynamic IP address of a website visitor is “personal data” under Directive 95/46EC (Data Protection Directive) in the hands of a website operator that has the means to compel an internet service provider to identify an individual based on the IP address.

Irish Data Protection Commissioner to Request Court Declaration as to Validity of Personal Data Transfers to the US Under EU Model Clauses

By Marcus Evans (UK) & Shiv Daddar (UK) on May 26, 2016

On May 25, 2016, Austrian law student Max Schrems issued a press release stating that he has been informed that the Irish Data Protection Commissioner (DPC) is planning to refer a question to the Court of Justice of…

CJEU Advocate General Opinion: Dynamic IP Addresses are Personal Data; Member States cannot limit processing permitted by the Data Protection Directive

By Christoph Ritzer (DE) & Sven Jacobs (DE) on May 16, 2016

On May 12, 2016, the Court of Justice of the European Union’s (CJEU) Advocate General, Campos Sánchez-Bordona, published his opinion on a question referred to the CJEU for a preliminary ruling. The opinion argues that dynamic IP addresses should be considered to be personal data under European law. Moreover, the opinion asserts that Member States’ laws that limit the ability to store such personal data beyond the restrictions permitted in Directive 95/46EC (the Data Protection Directive) are non-compliant with European law. Although the CJEU’s final decision does not have to follow this opinion, the advocate general’s arguments are followed more often than not.

CJEU decision in Schrems: what businesses should do next

By Marcus Evans (UK) & Jay Modrall (BE) on October 8, 2015

This week, the Court of Justice of the European Union (“CJEU”) ruled that the EU-US Safe Harbor Decision is invalid in Case C-362/14 (the “Schrems” case). This followed a similar opinion from its Advocate General, which also sets out the facts of the case.

The decision will impact businesses that rely on the EU-US Safe Harbor to legitimize their storage in, or access from, the US of personal data that is subject to EU data protection rules. It could affect cloud service providers, companies that use cloud services, intragroup shared services and any other export flows to the US that rely on Safe Harbor for data transfer.

In this post we look at what the CJEU decided and on what grounds, and what affected businesses should do next.

Data Protection Report

CJEU

CJEU Judgement: Dynamic IP Addresses Constitute Personal Data

Irish Data Protection Commissioner to Request Court Declaration as to Validity of Personal Data Transfers to the US Under EU Model Clauses

CJEU Advocate General Opinion: Dynamic IP Addresses are Personal Data; Member States cannot limit processing permitted by the Data Protection Directive

CJEU decision in Schrems: what businesses should do next

About

Topics

Archives