The ECJ's videoconference system complies with data protection rules (EDPS)

With its Schrems II-judgment of 16 July 2020, the Court of Justice declared invalid the EU-US Privacy Shield, governing the transfer of personal data from the European Union to the United States. 

In the absence of this EU-US Privacy Shield, in February 2021 the Court of Justice of the European Union (CJEU), as an EU institution, referred its contract with its US-based videoconferencing operator to the European Data Protection Supervisor (EDPS). 

It asked the EDPS whether these rules complied with the EU’s data protection rules contained in the EU Data Protection Regulation. The EDPS issued two temporary authorisations, in 2021 and 2022, allowing the CJEU to use these contractual clauses. It adopted its final decision on 13 July 2023. 

The EDPS has decided that the CJEU’s videoconferencing services meet the data protection standards under EU Data Protection Regulation. The CJEU is the first EU institution to obtain such approval from the EDPS. The main characteristics of the videoconferencing services used by the CJEU are: 

  • no data is transmitted to the cloud for confidential meetings; 
  • very limited data transmitted to the cloud for other meetings with full and strong encryption (end-to-end encryption, one to many points) by default; 
  • combined with strong technical and organisational measures; and moreover 
  • the use of cloud servers located exclusively within the EU. 

The final decision of the EDPS adopted on 13 July 2023 may be consulted on the EDPS’ website. (source curia.europa.eu/photo freepik.com)

Comments

Post a Comment

Top Stories

Accidents on board an aircraft: The strict liability of airlines under the Montreal convention extends to inadequate first aid administered on board an aircraft

Image
According to the Judgment of the European Court of Justice dated 6/7/2023 in Case C-510/21 (Austrian Airlines ),  as regards accidents on board an aircraft, the strict liability of airlines under the Montreal convention extends to inadequate first aid administered on board an aircraft. On a flight operated by Austrian Airlines, a jug containing hot coffee fell from a catering trolley and scalded a passenger. First aid was administered to him on board the aircraft. The passenger brought an action before the Austrian courts seeking damages and a declaration establishing Austrian Airlines’ liability for all future damage resulting from the aggravation of his burns on account of the inadequate first aid administered on board the aircraft. Austrian Airlines contends that the action should be dismissed, since it was brought after the expiry of the two-year time limit provided for in the Montreal convention [1] in respect of actions for damages relating to an accident that took place on
Read more

The length of court proceedings for 7 years and 8 months violated the right to a fair hearing within a reasonable time (ECtHR)

Image
In Chamber's judgment dated 5.9.2023 in the case of Van den Kerkhof v. Belgium (application no. 13630/19) the European Court of Human Rights held, unanimously, that there had been a violation of Article 6 § 1 (right to a fair hearing within a reasonable time) of the European Convention on Human Rights.  The case concerned the length of civil proceedings pending before a court of the Brussels judicial district. In the present case the proceedings were brought by the applicant against the vendors of a flat and the real estate agency that had served as an intermediary for the sale.  The Court held that the applicant’s case had not been heard within a reasonable time, noting that seven years and eight months had elapsed for two levels of jurisdiction and that the proceedings were still pending before the French-Language Brussels Court of First Instance.  It emphasised that the system for protecting the rights guaranteed by the Convention was based on the principle of subsidiarity and t
Read more

TikTok processing of children’s data: Dispute's settlement by European Data Protection Board

Image
The European Data Protection Board (EDPB) adopted a dispute resolution decision on the basis of Art. 65 GDPR concerning a draft decision of the Irish Data Protection Authority (DPA) regarding TikTok Technology Limited (TTL).  The binding decision addresses legal questions arising from objections to the draft decision of the Irish DPA as lead supervisory authority (LSA) regarding TikTok Technology Ltd. The EDPB binding decision ensures the correct and consistent application of the GDPR by the national DPAs. The Irish DPA issued the draft decision following an own-volition inquiry into the processing by TTL of personal data of registered TikTok users between the ages of 13 and 17, as well as certain issues regarding TTL’s processing of personal data of children under the age of 13. As no consensus was reached on the objections lodged by DPAs, the EDPB was called upon to settle the dispute between the DPAs within two months. The objections concerned, among other things, whether ther
Read more

Promotion of judges after evaluation by other judges: Substantive conditions and procedural rules must be such as to dispel any reasonable doubt as to the independence and the impartiality

Image
According to the Judgment of the European Court of Justice (7.9.2023) in Case C-216/21 ( Asociaţia ‘Forumul Judecătorilor din România’ ), the promotion of judges to a higher court, based on an assessment, by members of that court, of their work and conduct, is compatible with EU law .  The relevant substantive conditions and procedural rules must, however, be such as to dispel any reasonable doubt as to the independence and the impartiality of the judges concerned, once they have been promoted. In 2019, the Superior Council of Magistracy (SCM) of Romania approved a reform of the procedure for the promotion of judges to higher courts. The ‘Forum of Judges of Romania’ Association and a private individual are contesting that reform before the Court of Appeal, Ploieşti (Romania).  The applicants in the main proceedings submit that replacing the old written exams with an assessment, by (i) the president and (ii) members of the higher court concerned, of candidates’ work and conduct makes th
Read more

Timeshare contracts: Applicable law in the absence of a choice made by the parties (ECJ)

Image
The Court of Justice of the European Union, by judgment, dated 14 September 2023, in Case C-632/21, in proceedings between JF and NS, and Diamond Resorts Europe Limited and others, concerning an application for a declaration that timeshare contracts concluded between the applicants in the main proceedings and Diamond Resorts Europe are void, ruled that: 1. The provisions of Regulation (EC) No 593/2008 on the law applicable to contractual obligations (Rome I) are applicable, in the context of a dispute before a court of a Member State, to contracts the two parties of which are United Kingdom nationals, to the extent that those contracts have a foreign element. 2. Article 6(2) of Regulation No 593/2008 must be interpreted as meaning that: - Where a consumer contract fulfils the requirements laid down in Article 6(1) of that regulation (the contract has been concluded by the consumer for a purpose which can be regarded as being outside his or her trade or profession, the professiona
Read more