1. bookVolume 11 (2021): Issue 2 (September 2021)
Journal Details
License
Format
Journal
eISSN
2674-4619
First Published
18 Jun 2013
Publication timeframe
2 times per year
Languages
English
access type Open Access

Personal Data Protection in the Decision-Making of the CJEU Before and After the Lisbon Treaty

Published Online: 15 Nov 2021
Volume & Issue: Volume 11 (2021) - Issue 2 (September 2021)
Page range: 167 - 188
Journal Details
License
Format
Journal
eISSN
2674-4619
First Published
18 Jun 2013
Publication timeframe
2 times per year
Languages
English
Abstract

Personal data protection is one of the important areas of the EU’s operation and the general public is especially aware of the General Data Protection Regulation (GDPR). However, personal data protection has been an issue in the EU for a long time. The Court of Justice of the European Union (CJEU) plays a major role in personal data protection as their function is to interpret EU law and thus also EU legislation related to personal data protection. Until now, research papers have tackled specific issues related to interpreting EU legislation or analyses of specific decisions made by the CJEU. However, no comprehensive empirical legal study has been published so far which would evaluate the decision-making of the CJEU in the area of personal data protection using a combination of quantitative and qualitative methods. Therefore, no analysis has been carried out to determine how many decisions of the CJEU have been related to personal data protection, how their number has increased, or which participants and from which areas have participated in the proceedings. The results of the analysis presented here can be used as a basis for studying the future development of the CJEU’s decision-making in the area of personal data protection in relation to digitization and especially to the COVID-19 pandemic, which undoubtedly has contributed to a significant increase in online communication, posing new challenges towards a more efficient personal data protection in the online world.

Keywords

Adidas AG [1999], ECJ, C-223/98, ECLI:EU:C:1999:500, 14.10.1999.10.1016/S0956-7135(99)00035-3 Search in Google Scholar

Asklepios Kliniken GmbH v. Commission of the European Communities [2007], ECJ, T-167/04, ECLI:EU:T:2007:215, 11.7.2007. Search in Google Scholar

Becker, R.; Thorogood, A.; Ordish, J. & Beauvais, M. J. S. (2020), ‘COVID-19 research: Navigating the European General Data Protection Regulation,’ Journal of Medical Internet Research, vol. 22, no. 8, pp. 1–14. https://www.jmir.org/2020/8/e19799 Search in Google Scholar

Bodil Lindqvist [2003], ECJ, C-101/01, ECLI:EU:C:2003:596, 6.11.2003.10.1016/S1351-4210(03)01131-4 Search in Google Scholar

Bradford, L.; Aboy, M. & Liddell, K. (2020), ‘COVID-19 contact tracing apps: A stress test for privacy, the GDPR, and data protection regimes,’ Journal of Law and the Biosciences, vol. 7, no. 1, pp. 1–21. https://doi.org/10.1093/jlb/lsaa03410.1093/jlb/lsaa034731389332728470 Search in Google Scholar

Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband eV v. Planet49 GmbH [2019], ECJ, C-673/17, ECLI:EU:C:2019:801, 1.10.2019. Search in Google Scholar

Buttarelli, G. (2016), ‘The EU GDPR as a clarion call for a new global digital gold standard,’ International Data Privacy Law, vol. 6, no. 2, pp. 77–78. https://doi.org/10.1093/idpl/ipw00610.1093/idpl/ipw006 Search in Google Scholar

CJEU (n.d.), ‘Annual Report.’ Retrieved from https://curia.europa.eu/jcms/jcms/Jo2_7000/en/ [accessed 6 Feb 2021] Search in Google Scholar

CJEU (2019), Annual Report 2019: Judicial Activity. Retrieved from https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-05/qd-ap-20-001-en-n.pdf [accessed 6 Feb 2021] Search in Google Scholar

Commission of the European Communities v. Grand Duchy of Luxembourg [2001], ECJ, C-450/00, ECLI:EU:C:2001:519, 4.10.2001. Search in Google Scholar

Damian, A. T. (2020), ‘Design principles for the General Data Protection Regulation (GDPR): A formal concept analysis and its evaluation,’ Information Systems, vol. 91, pp. 1–22. https://doi.org/10.1016/j.is.2019.10146910.1016/j.is.2019.101469 Search in Google Scholar

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, pp. 31–50. Search in Google Scholar

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), OJ L 178, 17.7.2000, pp. 1–16. Search in Google Scholar

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (‘Directive on privacy and electronic communications’), OJ L 201, 31.7.2002, pp. 37–47. Search in Google Scholar

Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the re-use of public sector information, OJ L 345, 31.12.2003, pp. 90–96. Search in Google Scholar

Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare, OJ L 88, 4.4.2011, pp. 45–65. Search in Google Scholar

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ L 119, 4.5.2016, pp. 89–131. Search in Google Scholar

Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, OJ L 119, 4.5.2016, pp. 132–149. Search in Google Scholar

Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services, OJ L 136, 22.5.2019, pp. 1–27 Search in Google Scholar

Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information, OJ L 172, 26.6.2019, pp. 56–83. Search in Google Scholar

Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, OJ L 305, 26.11.2019, pp. 17–56. Search in Google Scholar

Doron, I. (2013), ‘Older Europeans and the European Court of Justice,’ Age and Ageing, vol. 42, no. 5, pp. 604–608. https://doi.org/10.1093/ageing/aft05310.1093/ageing/aft05323669561 Search in Google Scholar

Ducato, R. (2020), ‘Data protection, scientific research, and the role of information,’ Computer Law & Security Review, vol. 37, pp. 1–16. https://doi.org/10.1016/j.clsr.2020.10541210.1016/j.clsr.2020.105412 Search in Google Scholar

European Commission v. Federal Republic of Germany [2010], ECJ, C-518/07, ECLI:EU:C:2010:125, 9.3.2010. Search in Google Scholar

European Commission v. Greece [2006], ECJ, C-475/04, ECLI:EU:C:2006:362, 1.6.2006. Search in Google Scholar

European Commission v. Hungary [2014], ECJ, C-288/12, ECLI:EU:C:2014:237, 8.4.2014. Search in Google Scholar

European Commission v. The Bavarian Lager Co. Ltd. [2010], ECJ, C-28/08 P, ECLI:EU:C:2010:378, 29.6.2010. Search in Google Scholar

European Parliament v. Council of the European Union [2006], ECJ, joined cases C-317/04 and C-318/04, ECLI:EU:C:2006:346, 30.5.2006. Search in Google Scholar

Fashion ID GmbH & Co. KG v. Verbraucherzentrale NRW eV [2019], ECJ, C-40/17, ECLI:EU:C:2019:629, 29.7.2019. Search in Google Scholar

František Ryneš v. Úřadu pro ochranu osobních údajů [2014], ECJ, C-212/13, ECLI:EU:C:2014:2428, 11.12.2014. Search in Google Scholar

GC, AF, BH, ED v. Commission nationale de l’informatique et des libertés [2019], ECJ, C-136/17, ECLI:EU:C:2019:773, 24.9.2019. Search in Google Scholar

Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos (AEPD), Mario Costeja González [2014], ECJ, C-131/12, ECLI:EU:C:2014:317, 13.5.2014. Search in Google Scholar

Hallinan, D. (2020) ‘Broad consent under the GDPR: An optimistic perspective on a bright future,’ Life Sciences, Society and Policy, vol. 16, art. 1, pp. 1–18. https://doi.org/10.1186/s40504-019-0096-310.1186/s40504-019-0096-3694389931903508 Search in Google Scholar

Heinz Huber v. Bundesrepublik Deutschland [2008], ECJ, C-524/06, ECLI:EU:C:2008:724, 16.12.2008. Search in Google Scholar

Hu, P. & Wei, Q. (2020), ‘Research on personal data protection of EU General Data Protection Regulation,’ OP Conference Series: Materials Science and Engineering, vol. 806, no. 1, pp. 1–6. https://doi.org/10.1088/1757-899X/806/1/01200310.1088/1757-899X/806/1/012003 Search in Google Scholar

Ireland v. European Parliament and Council of the European Union [2009], ECJ, C-301/06, ECLI:EU:C:2009:68, 10.2.2009. Search in Google Scholar

Josef Probst v. mr.nexnet GmbH [2012], ECJ, C-119/12, ECLI:EU:C:2012:748, 22.11.2012. Search in Google Scholar

Kesa, A. & Kerikmäe, T. (2020), ‘Artificial intelligence and the GDPR: Inevitable nemeses?’ TalTech Journal of European Studies, vol. 10, no. 3(32), pp. 68–90. https://doi.org/10.1515/bjes-2020-002210.1515/bjes-2020-0022 Search in Google Scholar

Lopes, H.; Pires, I. M.; Sánchez San Blas, H.; García-Ovejero, R. & Leithardt, V. (2020), ‘PriADA: Management and adaptation of information based on data privacy in public environments,’ Computers, vol. 9, no. 77, pp. 1–18. https://doi.org/10.3390/computers904007710.3390/computers9040077 Search in Google Scholar

Mazur, J. (2019), ‘Automated decision-making and the precautionary principle in EU law,’ Baltic Journal of European Studies, vol. 9, no. 4, pp. 3–18. https://doi.org/10.1515/bjes-2019-003510.1515/bjes-2019-0035 Search in Google Scholar

Österreichischer Rundfunk, Wirtschaftskammer Steiermark, Marktgemeinde Kaltenleutgeben, Land Niederösterreich, Österreichische Nationalbank, Stadt Wiener Neustadt, Austrian Airlines, Österreichische Luftverkehrs AG, v. Christou Neukomm, Josephem Lauermannem [2003], ECJ, joined cases C-465/00, C-138/01 and C-139/01, ECLI:EU:C:2003:294, 20.5.2003. Search in Google Scholar

Patrick Breyer v. Bundesrepublik Deutschland [2016], ECJ, C-582/14, ECLI:EU:C:2016:779, 9.10.2016. Search in Google Scholar

Peter Nowak v. Data Protection Commissioner [2017], ECJ, C-434/16, ECLI:EU:C:2017:994, 20.12.2017. Search in Google Scholar

Peter Puškár v. Finančnému riaditeľstvu Slovenskej republiky, Kriminálnemu úradu finančnej správy [2017], ECJ, C-73/16, ECLI:EU:C:2017:725, 27.9.2017. Search in Google Scholar

Pharmacontinente – Saúde e Higiene SA, Domingos Sequeira de Almeida, Luis Mesquita Soares Moutinho, Rui Teixeira Soares de Almeida, André de Carvalho e Sousa contre Autoridade para as Condições do Trabalho (ACT) [2014], ECJ, C-683/13, ECLI:EU:C:2014:2028, 19.6.2014. Search in Google Scholar

Politou, E.; Alepis, E. & Patsakis, C. (2018), ‘Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions,’ Journal of Cybersecurity, vol. 4, no. 1, tyy001. https://doi.org/10.1093/cybsec/tyy00110.1093/cybsec/tyy001 Search in Google Scholar

Proceedings against Tietosuojavaltuutettu [2018], ECJ, C-25/17, ECLI:EU:C:2018:551,10.7.2018. Search in Google Scholar

Productores de Música de España (Promusicae) v. Telefónica de España SAU [2008], ECJ C-275/06, ECLI:EU:C:2008:54, 29.1.2008. Search in Google Scholar

Puljak, L.; Mladinić, A.; Iphofen, R. & Koporc, Z. (2020), ‘Before and after enforcement of GDPR: Personal data protection requests received by Croatian Personal Data Protection Agency from academic and research institutions,’ Biochemia Medica, vol. 30, no. 3, pp. 1–8. https://doi.org/10.11613/BM.2020.03020110.11613/BM.2020.030201739425332774116 Search in Google Scholar

Razmetaeva, Y. (2020), ‘The right to be forgotten in the European perspective,’ TalTech Journal of European Studies, vol. 10, no. 1(30), pp. 58–76. https://doi.org/10.1515/bjes-2020-000410.1515/bjes-2020-0004 Search in Google Scholar

Regulation (EC) no. 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8, 12.1.2001, pp. 1–22. Search in Google Scholar

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, pp. 1–88. Search in Google Scholar

Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union, OJ L 303, 28.11.2018, pp. 59–68. Search in Google Scholar

Regulation (EU) no. 603/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of ‘Eurodac’ for the comparison of fingerprints, OJ L 180, 29.6.2013, pp. 1–30. Search in Google Scholar

Safari, B. (2017), ‘Intangible privacy rights: How Europe’s GDPR will set a new global standard for personal data protection,’ Seton Hall Law Review, vol. 47, no. 3, pp. 809–848. Search in Google Scholar

Safe Interenvíos SA v. Liberbank SA, Banco de Sabadell SA, Banco Bilbao Vizcaya Argentaria SA [2016], ECJ, C-235/14, ECLI:EU:C:2016:154, 10.3.2016. Search in Google Scholar

Sergejs Buivids v. Datu valsts inspekcija [2019], ECJ, C-345/17, ECLI:EU:C:2019:122, 14.2.2019. Search in Google Scholar

Smaranda Bara and others v. Președintele Casei Naționale de Asigurări de Sănătate, Casa Naţională de Asigurări de Sănătate, Agenţia Naţională de Administrare Fiscală (ANAF) [2015], ECJ, C-201/14, ECLI:EU:C:2015:638, 1.10.2015. Search in Google Scholar

Szczepaniuk, E. K.; Szczepaniuk, H.; Rokicki, T. & Klepacki B. (2020), ‘Information security assessment in public administration,’ Computers & Security, vol. 90, pp. 1–11. https://doi.org/10.1016/j.cose.2019.10170910.1016/j.cose.2019.101709 Search in Google Scholar

Tahal, R. & Formánek, T. (2020), ‘Reflection of GDPR by the Czech population,’ Management & Marketing: Challenges for the Knowledge Society, vol. 15, no. 1, pp. 78–94. https://doi.org/10.2478/mmcks-2020-000510.2478/mmcks-2020-0005 Search in Google Scholar

Tele2 Sverige AB v. Post- och telestyrelsen [2016], ECJ, joined cases C-203/15 and C-698/15, ECLI:EU:C:2016:970, 21.12.2016. Search in Google Scholar

Tietosuojavaltuutettu v. Satakunnan Markkinapörssi Oy, Satamedia Oy [2008], ECJ, C-73/07, ECLI:EU:C:2008:727, 16.12.2008. Search in Google Scholar

TK v. Asociaiția de Proprietari bloc M5A-ScaraA [2019], ECJ, C-708/18, ECLI:EU:C:2019:1064, 11.12.2019. Search in Google Scholar

Uusitalo, J. (2018), ‘Protecting economic interests or the right to life? Perception of the European Court of Justice on emergency medical services,’ TalTech Journal of European Studies, vol. 8, no. 1, pp. 197–209. https://doi.org/10.1515/bjes-2018-001110.1515/bjes-2018-0011 Search in Google Scholar

Valsts policijas Rīgas reģiona pārvaldes Kārtības policijas pārvalde v. Rīgas pašvaldības SIA “Rīgas satiksme” [2017], ECJ, C-13/16, ECLI:EU:C:2017:336, 4.5.2017. Search in Google Scholar

Ventrella, E. (2020), ‘Privacy in emergency circumstances: Data protection and the COVID-19 pandemic,’ ERA Forum, vol. 21, no. 3, pp. 379–393.10.1007/s12027-020-00629-3 Search in Google Scholar

Verein für Konsumenteninformation v. Amazon EU Sàrl [2016], ECJ, C-191/15, ECLI:EU:C:2016:612, 28.7.2016. Search in Google Scholar

Volker und Markus Schecke GbR, Hartmut Eifert v. Land Hessen [2010], ECJ, joined cases C-92/09 and C-93/09, ECLI:EU:C:2010:662, 9.11.2010. Search in Google Scholar

Waerdt, P. J. (2020), ‘Information asymmetries: Recognizing the limits of the GDPR on the data-driven market,’ Computer Law & Security Review, vol. 38, pp. 1–18. https://doi.org/10.1016/j.clsr.2020.10543610.1016/j.clsr.2020.105436 Search in Google Scholar

Weltimmo s. r. o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság [2015], ECJ, C-230/14, ECLI:EU:C:2015:639, 1.10.2015. Search in Google Scholar

Wiedemann, K. (2020), ‘The ECJ’s decision in “Planet49” (case C-673/17): A cookie monster or much ado about nothing?’ IIC – International Review of Intellectual Property and Competition Law, vol. 51, pp. 543–553. https://doi.org/10.1007/s40319-020-00927-w10.1007/s40319-020-00927-w Search in Google Scholar

Worten – Equipamentos para o Lar SA v. Autoridade para as Condições de Trabalho (ACT) [2013], ECJ, C-342/12, ECLI:EU:C:2013:355, 30.5.2013. Search in Google Scholar

W. P. Willems v. Burgemeester van Nuth [2015], ECJ, cases C-446/12 to C-449/12, ECLI:EU:C:2015:238, 16.4.2015. Search in Google Scholar

Y.S. v. Minister voor Immigratie, Integratie en Asiel [2014], ECJ, joined cases C-141/12 and C-372/12, ECLI:EU:C:2014:2081, 17.7.2014. Search in Google Scholar

Zarsky, T. (2017), ‘Incompatible: The GDPR in the age of big data,’ Seton Hall Law Review, vol. 47, no. 4(2), pp. 995–1020. Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo