Posts

Fine of 5.5 million euros on WhatsApp for violation of the GDPR

Image
The Data Protection Commission of Ireland imposed a fine of 5.5 million euros on WhatsApp for breaches of the GDPR relating to its service. The Commission’s announcement states the following: “The Data Protection Commission (“DPC”) has today announced the conclusion of an inquiry into the processing carried out by WhatsApp Ireland Limited (“WhatsApp Ireland”) in connection with the delivery of its WhatsApp service, in which it has fined WhatsApp Ireland €5.5 million (for breaches of the GDPR relating to its service). WhatsApp Ireland has also been directed to bring its data processing operations into compliance within a period of six months. The inquiry concerned a complaint made on 25 May, 2018 by a German data subject about the WhatsApp service. In advance of 25 May 2018, the date on which the GDPR came into operation, WhatsApp Ireland updated its Terms of Service, and informed users that if they wished to continue to have access to the WhatsApp service following the introduction

ECJ: Every person has the right to know to whom his or her personal data have been disclosed.

Image
According to ECJ's Judgment (12/1/2023) in Case C-154/21 (Österreichische Post), every person has the right to know to whom his or her personal data have been disclosed. Nevertheless, the controller may indicate only the categories of recipient if it is impossible to identify the recipients or the request is manifestly unfounded or excessive.  A citizen requested Österreichische Post, the principal operator of postal and logistical services in Austria, to disclose to him the identity of the recipients to whom it had disclosed his personal data. He relied on the EU General Data Protection Regulation (GDPR). That regulation provides that the data subject has the right to obtain from the controller information about the recipients or categories of recipient to whom his or her personal data have been or will be disclosed.  In response to the citizen’s request, Österreichische Post merely stated that it uses personal data, to the extent permissible by law, in the course of its activitie

Combatting aggressive tax planning: the obligation for a lawyer to inform other intermediaries involved is not necessary and infringes the right to respect for communications with his or her client

Image
According to the Judgment of the European Court of Justice in Case C-694/20  (Orde van Vlaamse Balies and Others) regarding the combat against tax avoidance, the obligation for a lawyer to inform other intermediaries involved is not necessary and infringes the right to respect for communications with his or her client . All the other intermediaries involved in such planning, and the taxpayer him- or herself, are subject to that reporting obligation, which makes it possible to ensure that the tax authorities are informed. An EU Directive [1] provides that all intermediaries involved in potentially aggressive cross-border tax-planning (arrangements which could lead to tax avoidance and evasion) are required to report them to the competent tax authorities. That obligation concerns all those who participate in the design, marketing, organisation or management of the implementation of that planning. All those who provide assistance or advice in relation to that planning, or in the abse

Opinion on the Proposal for a Regulation on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020

Image
The European Data Protection Supervisor (EDPS) published its  Opinion on a proposed Regulation laying down cybersecurity requirements for products with digital elements .  Concretely, the proposed Regulation aims to set out EU-wide cybersecurity requirements for a broad range of hardware and software products and their remote data processing solutions. These include, for example, browsers, operating systems, firewalls, network management systems, smart meters or routers. Wojciech Wiewiórowski, EDPS, said:  “The cybersecurity of products with digital elements is of utmost importance to protect effectively individuals’ fundamental rights in the digital age, including their rights to privacy and data protection. Harmonised cybersecurity requirements across the EU should reduce the risks for Europeans of being victims of cyber-attacks and of the vast consequences that these may entail, such as the theft and misuse of their personal data.” In its Opinion, the EDPS reiterates that under

Mergers: Commission opens in-depth investigation into the proposed acquisition of eTraveli by Booking

Image
The European Commission has opened an in-depth investigation to assess, under the EU Merger Regulation, the proposed acquisition by Booking Holdings (‘Booking') of Flugo Group Holdings AB, that operates under the trading name ‘eTraveli'.  The Commission is concerned that the proposed acquisition would allow Booking to strengthen its position on the market for accommodation online travel agencies (OTAs). Booking and eTraveli are both active in the provision of OTA services, respectively focusing on accommodation OTA and flight OTA services. Booking is also active in the market of metasearch services (MSS) mainly through its price comparison platform KAYAK. The Commission's preliminary investigation indicates that Booking may have a dominant position on the market for the provision of accommodation OTA services and that the transaction may significantly reduce competition in this market by combining eTraveli's activities in flight OTA services with Booking's own s

Legal battle between mother and aunt on adoption of an adult child: Request for an advisory opinion by ECtHR

Image
The European Court of Human Rights has accepted a request for an advisory opinion under Protocol No. 16 to the European Convention on Human Rights received from the Supreme Court of Finland on 10 October 2022.  In its request, the Supreme Court of Finland has asked the European Court of Human Rights to provide an advisory opinion on the procedural rights of a biological mother in proceedings concerning the adoption of her adult child.  The request will be dealt with by the Grand Chamber, comprising 17 judges, which will be constituted in accordance with Rule 24 § 2 (g) of the Rules of Court. The President of the Grand Chamber has also established a time frame for submissions from the parties to the domestic proceedings or any other interested party. Protocol No. 16 enables member States’ highest national courts and tribunals to ask the Court to give advisory opinions on questions of principle relating to the interpretation or application of the rights and freedoms defined in the Europe

The partim occupation of business’ premises in strike through the lens of a recent judgment of the German Federal Labour Court

Image
By Evlampia Tsolaki, Lawyer* I. Τhe concept of strike  Irrespective of the regulations composing a national legal order’s framework of industrial relations, in western world at their center of gravity is posed the right to strike as it constitutes the highest manifestation of employees’ organized struggle directed to the assertion of their rights’ enhancement concerning their employment and in general financial conditions. By this means, in practical terms, the individual power of employees is channeled and pooled in the competent trade unions in order to collectively attain a better level of terms for their job positions through the united race against the employers’ omnipotence. In this vein, strike is popularly conceptualized in a lato sensu, namely more loose, meaning, in other words as it is commonly understood by a layman’s perception.  In strictly legal terms, strike is called [1]  the partial or total abstention of employees from the provision of the services owned to their emp

Facial recognition: 20 million euros penalty against Clearview AI

Image
Following a formal notice which remained unaddressed, the CNIL imposed a penalty of 20 million euros and ordered Clearview AI to stop collecting and using data on individuals in France without a legal basis and to delete the data already collected. As of May 2020, the Commission nationale de l'informatique et des libertés, CNIL received complaints from individuals about Clearview AI's facial recognition software and opened an investigation. In May 2021, the association Privacy International also warned the CNIL about this practice. On 26 November 2021, the Chair of the CNIL decided to give Clearview AI formal notice to cease the collection and use of data of persons on French territory in the absence of a legal basis to to facilitate the exercise of individuals' rights and to comply with their requests for erasure.  Clearview AI had two months to comply with the injunctions formulated in the formal notice and to justify them to the CNIL. However, it did not provide any re

The internal rule of an undertaking prohibiting the visible wearing of religious, philosophical or spiritual signs does not constitute direct discrimination if it is applied to all workers in a general and undifferentiated way (ECJ)

Image
According to ECJ''s Judgment in Case C-344/20 (13.10.2022), the internal rule of an undertaking prohibiting the visible wearing of religious, philosophical or spiritual signs does not constitute direct discrimination if it is applied to all workers in a general and undifferentiated way.  According to the Court of Justice, religion and belief must be regarded as a single ground of discrimination, otherwise the general framework for equal treatment in employment and occupation provided for by EU law, in particular by Directive 2000/78, will be undermined. A dispute has been ongoing since 2018 between L.F., a woman of the Muslim faith who wears the Islamic headscarf, and SCRL, a company which manages social housing. The dispute concerns a failure to take into consideration L.F.’s unsolicited application for an internship on the ground that, during an interview, L.F. indicated that she would refuse to remove her headscarf in order to comply with the policy of neutrality promoted wi

Conviction of Germany by the ECtHR for discrimination - Police check carried out on a dark-skinned train passenger

Image
The European Court of Human Rights held that there has been a violation of Article 14 (prohibition of discrimination) taken in conjunction with Article 8 (right to respect for private and family life) of the Convention in the case Basu v. Germany (no. 215/19). The applicant, Biplab Basu, is a German national who was born in 1955 and lives in Berlin. The case concerns Mr Basu’s allegation that the police carried out an identity check on him only because of his skin colour. He was travelling on a train which had just passed the border from the Czech Republic in 2012, with his daughter. Basu is a German national of Indian origin. When asked, the police told him that it was a random check. Basu unsuccessfully brought an action in the courts, arguing that he and his daughter were singled out as they were the only passengers with dark skin colour in the train carriage. Relying on Article 14 (prohibition of discrimination) taken in conjunction with Article 8 (right to respect for privat