The ECJ's videoconference system complies with data protection rules (EDPS)

With its Schrems II-judgment of 16 July 2020, the Court of Justice declared invalid the EU-US Privacy Shield, governing the transfer of personal data from the European Union to the United States. 

In the absence of this EU-US Privacy Shield, in February 2021 the Court of Justice of the European Union (CJEU), as an EU institution, referred its contract with its US-based videoconferencing operator to the European Data Protection Supervisor (EDPS). 

It asked the EDPS whether these rules complied with the EU’s data protection rules contained in the EU Data Protection Regulation. The EDPS issued two temporary authorisations, in 2021 and 2022, allowing the CJEU to use these contractual clauses. It adopted its final decision on 13 July 2023. 

The EDPS has decided that the CJEU’s videoconferencing services meet the data protection standards under EU Data Protection Regulation. The CJEU is the first EU institution to obtain such approval from the EDPS. The main characteristics of the videoconferencing services used by the CJEU are: 

  • no data is transmitted to the cloud for confidential meetings; 
  • very limited data transmitted to the cloud for other meetings with full and strong encryption (end-to-end encryption, one to many points) by default; 
  • combined with strong technical and organisational measures; and moreover 
  • the use of cloud servers located exclusively within the EU. 

The final decision of the EDPS adopted on 13 July 2023 may be consulted on the EDPS’ website. (source curia.europa.eu/photo freepik.com)

Comments

Post a Comment

Popular posts from this blog

Imposition of fines and order to comply following a leak of expats’ personal data file by Greek Data Protection Authority

Image
The Greek Supervisory Authority for Data Protection imposed on the Greek Ministry of the Interior,  an administrative fine totalling EUR 400,000 and on a Member of European Parliament an administrative fine totalling EUR 40,000 for infringements of GDPR. The Hellenic Data Protection Authority received a large number of complaints regarding unsolicited political communication via e-mail sent on 1/3/2024 and entitled "100 days before the European elections", by Member of European Parliament Anna-Michelle Asimakopoulou. Following this, the Authority investigated the case ex officio, exercising immediately its powers of investigation and auditing the bodies involved. Following a series of on-the-spot audits and the receipt of evidence and data in the context of the audit, it was found that a file containing personal data of all registered Greek expatriate voters for the June 2023 elections, for which the Hellenic Ministry of the Interior is the controller, and for which the leg...
Read more

Unfair and illegal terms of loan agreements used by banks

Image
Article by George Kazoleas,  Lawyer LL.M. (Banking & Capitalmarkets Law) It is well known that loan agreements contain terms and conditions that disturb the balance between the parties to the detriment of the borrower and are therefore legally and judicially  diagnosed as contrary to law. Despite this, most banks insist on including them in their new contracts, refusing to comply with court rulings even by the European Court of Justice. Especially, foreign currency loan agreements (such as the Swiss franc) contain many unfair and opaque terms. Particularly: The Bank had to inform the potential borrower of the foreign exchange risk and explain in detail the relevant clauses before concluding the loan. It is very common, that the loan agreement does not mention anything about this risk, nor does it appear that the borrower has been effectively and properly informed by a competent bank official. According to Cypriot and European legislation and case law, the loan...
Read more

A euro area Member State can oblige its administration to accept payments in cash, but can also limit that payment option on public interest grounds

Image
In its Judgment in Joined Cases C-422/19 and C-423/19 (Johannes Dietrich and Norbert Häring v Hessischer Rundfunk) the European Court of Justice ruled that a euro area Member State can oblige its administration to accept payments in cash, but can also limit that payment option on public interest grounds. Such a limitation may in particular be justified where payment in cash is likely to involve the administration in unreasonable expense because of the very high number of persons liable to pay. Two German citizens who were liable to pay a radio and television licence fee in the Land of Hesse (Germany) offered to pay it to Hessischer Rundfunk (Hesse’s broadcasting body) in cash. Invoking its regulations on the procedure for payment of radio and television licence fees, which preclude any possibility of paying the licence fee in cash, [1] Hessischer Rundfunk refused their offer and sent them payment notices. The two German citizens brought an action against those payment notices and th...
Read more

ECtHR Judgement against Greece: Disclosure of the identities and medical data of prostitutes diagnosed with HIV was a breach of their right to private life

Image
The case of O.G. and Others v. Greece (applications nos. 71555/12 and 48256/13) concerned the publication, by decision of the domestic authorities, of medical data concerning prostitutes who had been diagnosed as HIV-positive, and media coverage of them. It also concerned the circumstances in which they were required to undergo a blood test.  In Chamber 's judgment(23.1.2024) in this case the European Court of Human Rights held, unanimously, that there had been two violations:  -A violation of Article 8 (right to respect for private life) of the European Convention on Human Rights, with regard to two applicants, on account of the blood tests they had been required to undertake.  The Court considered that the blood samples imposed on two applicants had amounted to an interference with their private life and noted that this had not been in accordance with the law within the meaning of Article 8 of the Convention, given that the provisions of domestic law in issue ought to h...
Read more

The Delivery Delay Clause in Residential Construction Contracts: Consumer Protection in Cyprus and Europe

Image
By Giorgos Kazoleas, LL.M., Lawyer, Managing Partner at Legal Experts Cyprus The purchase or construction of a new residence is one of the most significant financial and personal decisions a consumer can make. Residential construction contracts or agreements for the sale of property under construction are a crucial and defining element of the entire process, as certain terms they may contain can be detrimental to the buyer. One of the most critical aspects is the contractual delivery time of the project and the provision for delay, through the so-called delivery delay clause. The Delivery Delay Clause: Its Role and Legal Nature The delivery delay clause (also known as a penalty clause in the event of default) is a term usually included in the contract that specifies a predetermined compensation amount that the contractor or seller must pay to the buyer for every day, week, or month of delay beyond the agreed delivery date. The purpose of the clause is twofold: -Compensatory: ...
Read more

Obligation of a creditor to check a consumer’s creditworthiness - Credit agreement void and creditor’s entitlement to payment of the agreed interest forfeited

Image
By Giorgos Kazoleas, Lawyer A significant decision was issued by the CJEU [1] interpreting Articles 8 and 23 of Directive 2008/48/EC on consumer credit agreements and repealing Council Directive 87/102/EEC as regards the obligation of credit institutions to assess the creditworthiness of consumers before concluding the credit agreement.  Article 8 of that directive, entitled ‘Obligation to assess the creditworthiness of the consumer’, provides: ‘ 1. Member States shall ensure that, before the conclusion of the credit agreement, the creditor assesses the consumer’s creditworthiness on the basis of sufficient information, where appropriate obtained from the consumer and, where necessary, on the basis of a consultation of the relevant database. Member States whose legislation requires creditors to assess the creditworthiness of consumers on the basis of a consultation of the relevant database may retain this requirement. 2. Member States shall ensure that, if the...
Read more

Employee monitoring: French Data Protection Authority fined Amazon France Logistique €32 million

Image
On 27 December 2023, the French Data Protection Authority (CNIL) fined Amazon France Logistique €32 million for setting up an excessively intrusive system for monitoring employee activity and performance. The company was also fined for video surveillance without information nor sufficient security. Amazon France Logistique   manages the Amazon group's large warehouses in France, where it receives and stores items and then prepares parcels for delivery to customers. As part of its activities, each warehouse employee is given a scanner to document the performance of certain tasks assigned to them in real time (storage or removal of an item from the shelves, putting away or packing, etc.). Each scan carried out by employees results in recording of data, which is stored and used to calculate indicators providing information on the quality, productivity and periods of inactivity of each employee. Following press articles about practices of the company in its warehouses, the CNIL c...
Read more