Home Knowledge Landmark European Rulings on Data Protection

Landmark European Rulings on Data Protection

January 28, 2015
Partner
Leo Moore

In 2014, we saw some major decisions taken by the Court of Justice of the European Union (“CJEU”) which have had a fundamental effect on data protection issues in Europe.

  • In May, the CJEU ruled on what become known as the “right to be forgotten” in the much publicised Google Spain case . The decision was seen by many as a simple confirmation of rights that already exist for individuals under the current Data Protection Directive, i.e. to keep data accurate and up to date. It has been suggested that this case pre-empted “the right of erasure” (formerly know as the “right be forgotten”) that is due to form part of the proposed EU Data Protection Regulation. The judgment also determined that search engines were data controllers of personal data that appears in search returns, rather than data processors.
  • In April, the CJEU found the EU Data Retention Directive to be invalid. The Directive requires communication service providers to retain a wide range of communications data, for a period of between 6 and 24 months, with the retained data to remain available for the purposes of the investigation, detection and prosecution of serious crime. The decision to declare the Directive invalid came following a referral by the Irish High Court to the CJEU on the matters arising from a dispute between the Irish entity Digital Rights Ireland and the Irish Government.
  • A judicial review was sought by Mr Max Schrems of the Irish Data Protection Commissioner’s (“DPC”) decision not to investigate certain complaints made by Mr Schrems against Facebook, particularly in relation to the security of personal information transferred to the US. The Irish High Court referred the question of whether or not the DPC was bound by a European Commission’s decision that US data protection rules on Safe Harbor were adequate. The CJEU ruling is expected in 2015 and will certainly add fuel to the debate which has been ongoing at European level as to the adequacy of the Safe Harbor regime. For those companies that transfer data to and from the US under the Safe Harbor regime, this mechanism is of crucial importance and accordingly this case will be closely watched by industry.

An increased willingness on the part of the Irish High Court to refer complex data protection related issues to the European courts for direction is evident. Furthermore, these decisions of the CJEU are giving us an indication of the future direction of data protection policy at European level.

Contributed by:   Leo Moore and Niamh Gavin

Recommended Insights

See all
Article and Insights
1
Feb 2024
Responsible Business Annual Report 2023
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
Article and Insights
2
Feb 2024
John Delaney Documents – Supreme Court Refuses Leave to Appeal
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
WF_author_blank
Partner
Deirdre O’Donovan
Article and Insights
24
Jan 2024
Cross-Examining Affidavit Evidence in Insolvency Cases
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
WF_author_blank
Partner
Fergus Doorly
prev
next
See all