Reality and Illusion in EU Data Transfer Regulation post-Schrems
On the first anniversary of the judgment of the Court of Justice of the European Union in Case C-362/14 Schrems, Professor Christopher Kuner (pictured left), Professor of Law at the Vrije Universiteit Brussels, will give a public lecture on
Reality and Illusion in EU Data Transfer Regulation post-Schrems
The lecture will be held in the Neill Theatre, Trinity Long Room Hub, Trinity College Dublin, on Thursday 6 October 2016, at 1:00pm.
In Case C-362/14 Schrems v Data Protection Commissioner [2015] ECR I-nyr (Grand Chamber, 6 October 2015), the Court of Justice of the European Union invalidated the EU-US Safe Harbour arrangement allowing personal data to be transferred to the US. The judgment is a landmark in the Court’s data protection case law, and illustrates the tension between the high level of legal protection for data transfers in EU law and the illusion of protection in practice. The judgment has undermined the logical consistency of the other legal bases for data transfer besides the Safe Harbour, and reactions to it have largely been based on formalism or data localization measures that are unlikely to provide real protection. Schrems also illustrates how many legal disagreements concerning data transfers are essentially political arguments in disguise. The EU and the US have since agreed on a replacement for the Safe Harbour (the EU-US Privacy Shield), the validity of which will likely be tested in the Court. It is crucial for data transfer regulation to go beyond formalistic measures and legal fictions, in order to move regulation of data transfers in EU law from illusion to reality.
Professor Christopher Kuner is a leading expert on the law of data protection and, in particular, the law governing the international transfer of data. He is Professor of Law and Co-Chairman of the Brussels Privacy Research Hub at the Vrije Universiteit Brussel and Senior Privacy Counsel in the Brussels office of Wilson Sonsini Goodrich & Rosati. He is also a Visiting Professor in the Department of Law in the London School of Economics and Political Science, an associate professor in the Law Faculty of the University of Copenhagen and an affiliated lecturer and Honorary Fellow of the Centre for European Legal Studies of the University of Cambridge. He is the author of Transborder Data Flows and Data Privacy Law (OUP, 2013) and Editor-in-Chief of the Journal of International Data Privacy Law (also published by OUP).
Attendance is free, and all are welcome to attend, but booking is essential, so please register at eventbrite.
The lecture is organised by the Ethics & Privacy Working Group of the ADAPT Centre, TCD, in conjunction with the Trinity Long Room Hub, TCD School of Law, TCD School of Religions, Peace Studies and Theology, TCD Library and DCU Institute of Ethics.
Some forthcoming legislation on the administration of justice, cybercrime, education, intellectual property, and privacy
Government Buildings,
Merrion Square, Dublin.
Image via wikipedia
The June programme had the feel of a holding document, published to get a new government to the Summer Recess. This programme has a far more substantial feel about, published to demonstrate the government’s confidence in its capacity to promote and enact legislation.
After the publication of the June programme, I examined proposed legislation from the Department of Education and Skills (here; and see also here), the Department of Jobs, Enterprise and Innovation (here; and see also here and here), and the Department of Justice and Equality (here and here). Under those headings, very little has changed. But there are some notable additions, not least of which is the Interception of Postal Packets and Telecommunications Messages (Regulation) (Amendment) Bill. All we are told is that work is underway on a Bill to “amend various pieces of legislation in respect of electronic communications”. There is no further explanation. This is probably the Bill to provide for further covert surveillance of electronic communications promised by the Minister earlier this Summer. It is also likely to cover incoming requests from overseas to access to data held in Ireland. It may also include preparatory work for the response to the investigations being carried out by retired Chief Justice John Murray and retired Supreme Court judge Nial Fennelly. However, at present, this is just speculation, so we shall have to wait and see what the Department has in mind.
As to the administration of justice, priority legislation to be published by the Department of Justice and Equality this session includes a Bill to make provision for periodic payment orders to replace lump sum damages, and a (hastily-promoted?) Bill to establish the long-awaited Judicial Council. Indeed, that Bill is expected to undergo pre-legislative scrutiny this session, as is a Bill to replace the Judicial Appointments Advisory Board with a new Judicial Appointment Commission – indeed, the cabinet agreed yesterday to bring forward the heads of such a Bill by November. All of these developments are very welcome – provided that the Appointments Bill permits legal academics to apply for appointment to be bench, especially at appellate level. It would not be difficult to draft the necessary legislative provisions, and there is no reason in principle not to do so.
As to cybercrime, first, the busy Department of Justice and Equality is promoting the Criminal Justice (Offences Relating to Information Systems) Bill 2016, to implement Directive 2013/40/EU on attacks against information systems. It is on the Dáil Order Paper, awaiting Second Stage. Second, in the ‘I’ll believe it when (if) I see it’ category is the long-promised and almost long-forgotten Cybercrime Bill to give effect to the Council of Europe Convention on Cybercrime 2001. Yes, you read that right, it’s a 2001 Convention. It is 15 years old, which is a lifetime online.
As to education, legislation envisaged at some stage from the Department of Education, but probably not in this session, includes the Higher Education (Reform) Bill and the longer-threatened Universities (Amendment) Bill (critiqued here, here, here, and here). And the Technological Universities Bill 2015 remains on the Dáil Order Paper, awaiting Committee stage.
As to intellectual property, pre-legislative scrutiny is expected shortly on the Knowledge Development Box (Certification of Inventions) Bill. Heads of a Bill to amend Article 29 of the Constitution to recognise the Agreement on a Unified Patent Court were approved on 23 July 2014, though, in the light of Brexit, a cautious approach for the time being may mean that other Bills may progress ahead of it from the Department of Jobs, Enterprise and Innovation to the Oireachtas. Finally, the Copyright and Related Rights (Amendment) (Miscellaneous Provisions) Bill has been “referred to committee” pre-legislative scrutiny. This is presumably the Joint Committee on Jobs, Enterprise and Innovation. However, the Bill is not in the pre-legislative scrutiny list for this session, so we probably won’t see it in committee before Christmas.
As to privacy, the most important piece of legislation mentioned in the Programme is the Data Protection Bill, to transpose the EU Directive 2016/680 and give full effect to the General Data Protection Regulation (Regulation 2016/679). Heads are expected before the end of 2016 (but I’m not holding my breath). A Data Sharing and Governance Bill will be published and sent for pre-legislative scrutiny, to mandate and facilitate lawful data-sharing and data-linking for all public bodies, and a Health Information and Patient Safety Bill go further in the context of health information. In both cases, the drafting will be tricky, not least because the Bills will have to be compliant with the decision of the Court of Justice of the European Union in Case C?201/14 Bara. The Criminal Records Information System Bill and the Passenger Name Record Bill implement EU obligations. However, in the case of the latter, since there is a challenge before the CJEU in respect of a related measure, a cautious approach for the time being may mean that other Bills may progress ahead of it from the Department of Justice and Equality to the Oireachtas.
Finally, it is heartening to see that work has commenced on a Bill to remove blasphemy from the Constitution, and interesting to see active proposals to establish an Electoral Commission and to amend the transfer of records in the National Archives from 30 years to 20 years.
National Anthems and Political Dissent
For various reasons (set out here, here, here, and here), I have been musing recently about what should and should not be in a National Anthem Bill. In the US, legislation provides that, when the national anthem (since 1931, “The Star-Spangled Banner“) is being played, “persons present should … stand at attention with their right hand over the heart” (emphasis added). Although the photograph left shows Barak Obama doing so as President in 2009, there was a minor controversy during the 2008 election when he neglected to do so at a campaign event. More recently, US gymnastics gold medalist Gabby Douglas apologized in the face of criticism when she neglected to do during the playing of national anthem at an olympics medal ceremony. Neither Obama nor Douglas meant anything by it. Obama said his grandfather taught him to put his hand on his heart only during the pledge of allegiance, and only to sing during the national anthem. And Douglas was just overcome by the emotion of the moment.
But some people do take advantage of the anthem to make a political point. At the 1968 Olympics, US 200-metre medallists Tommie Smith (gold) and John Carlos (bronze) raised their own gloved hands during the national anthem while looking down as a way of opposing US state-sanctioned racism. In 1996, basketballer Mahmoud Abdul-Rauf of the Denver Nuggets was suspended indefinitely and without pay for declining to stand for the anthem in protest at the treatment of Muslims in the US (though a compromise was soon reached). Jeremy Corbyn, Leader of the opposition Labour Party in the UK, and life-long Republican, caused controversy by not singing the national anthem at a commemorative service for WWII veterans, and caused even more controversy when he sang the anthem at a service to mark the Queen’s 90th birthday with one hand in his pocket.
Most recently, American footballer Colin Kaepernick (quarterback for the San Francisco 49ers) refrains from standing to attention with his hand on his heart during the anthem before football games – he began by remaining seated, but now kneels on one knee. It is his way of opposing racism in the US, and in particular protesting at police brutality against people of colour. He is now being joined in his protest by other athletes in many sports. And just last Sunday, 100 people knelt outside the outside the Bank of America Stadium in Charlotte, North Carolina, as the national anthem played before the Carolina Panthers lost at home to the Minnesota Vikings.
In 1968, Smith and Carlos faced significant criticism for their protest (pictured right). Little has changed. So do Kaepernick and his fellow refuseniks now – indeed, their protests are proving very unpopular with fans. But President Obama, who has invited Smith and Carlos to the White House, has defended Kaepernick and those following his lead, saying that they have the right to protest in this way. As Jeffrey Toobin points out in the New Yorker, this right was copper-fastened in “the most eloquent opinion in the history of the [US] Supreme Court”. The opinion is that of Jackson J in West Virginia State Board of Education v Barnette 319 US 624 (1943), and Toobin says that it “stands as perhaps the greatest defense of freedom of expression ever formulated by a [US] Supreme Court Justice”. Allowing for a little hyperbole, Barnette is certainly a major free speech case, and it equally certainly protects Kaepernick’s protest.
Walter Barnett (his name was misspelled by a court clerk), a Jehovah’s Witness, declined to allow his two daughters to recite the pledge of allegiance in a state grade school; the girls were expelled; but the Supreme Court held that the action of a State in making it compulsory for children in the public schools to salute the flag and pledge allegiance violated the free speech protections in the US constitution. Read more
Harmful Communications and Digital Safety
The Law Reform Commission has today published its long-awaited (pdf) a Report on Harmful Communications and Digital Safety (pdf). It contains 32 recommendations for reform, and includes a draft Harmful Communications and Digital Safety Bill to implement them. In my view, the most important recommendation is the proposal to establish a statutory Digital Safety Commissioner, modelled on comparable offices in Australia and New Zealand. The Commissioner’s function would be to promote digital safety, including an important educational role to promote positive digital citizenship among children and young people. The Commissioner’s role would also include publication of a statutory Code of Practice on Digital Safety, to set out nationally agreed standards on the details of an efficient take-down procedure. As the Law Reform Commission explains:
Under the proposed statutory system, individuals would initially apply directly to a social media site to have harmful material removed in accordance with agreed time-lines: this is similar to the statutory system in place in Australia. If a social media site did not comply with the standards in the Code of Practice, the individual could then appeal to the Digital Safety Commissioner, who could direct a social media site to comply with the standards in the Code. If a social media site did not comply with the Digital Safety Commissioner’s direction, the Commissioner could apply to the Circuit Court for a court order requiring compliance.
The Commission also recommends two new criminal offences, and reforms of existing offences. The new offences relate to publication of intimate images without consent (revenge porn (section 4 below), upskirting and down-blousing (section 5 below)). The reforms relate to the existing offences of harassment, and of sending threatening and intimidating messages, in both cases to ensure that the relevant offences fully capture the most serious types of online harassment, stalking and intimidation. Reflecting a campaign that is gaining increasing momentum in the UK, the Commission also recommends that, in any prosecution for these offences, the privacy of the victim should be protected (but her or she should also be able to waive his or her anonymity). The details of the new offences in the draft Bill are as follows:
Distributing intimate image without consent, or threatening to do so, with intent to cause harm
4(1) A person commits an offence where he or she, without lawful authority or reasonable excuse and in the circumstances referred to in subsection (2), by any means of communication distributes or publishes an intimate image of another person (in this section referred to as the other person) without the consent of the other person, or threatens to do so.
(2) The circumstances are that the person who distributes or publishes the intimate material, or who threatens to do so, does so where—
(a) he or she, by his or her act or acts intentionally or recklessly seriously interferes with the other person’s peace and privacy or causes alarm, distress or harm to the other person, and
(b) his or her act or acts is or are such that a reasonable person would realise that the act or acts would seriously interfere with the other person’s peace and privacy or cause alarm, distress or harm to the other person. …Taking or distributing intimate image without consent
5(1) A person commits an offence where he or she, without lawful authority or reasonable excuse and in the circumstances referred to in subsection (2), by any means of communication takes, or distributes or publishes an intimate image of another person (in this section referred to as the other person) without the consent of the other person.
(2) The circumstances are that the person who takes, or distributes or publishes the intimate material does so where he or she, by his or her acts seriously interferes with the other person’s peace and privacy or causes alarm, distress or harm to the other person. …
Reform of the law of defamation – the defence of innocent publication (Muwema v Facebook part 2)
Innocent Moonlit Night
(1929) by Harue Koga
via wikipedia
The decision of Binchy J in Muwema v Facebook Ireland Ltd [2016] IEHC 519 (23 August 2016) demonstrates that, on the question of the liability of internet intermediaries for defamatory posts on their platforms, an important part of the answer is provided by application of the defence of innocent publication provided in section 27 of the Defamation Act 2009 (also here).
Binchy J granted a Ugandan lawyer a Norwich Pharmacal order requiring Facebook to identify the holder of a pseudonymous account which, the lawyer alleged, contained posts that were defamatory of him. However, Binchy J declined to grant injunctions requiring Facebook either to remove allegedly defamatory posts from the account or to prevent the material in them from being re-posted, on the grounds that Facebook could rely on the defence of innocent publication in section 27 of the 2009 Act and on the hosting immunity conferred by Regulation 18 of the European Communities (Directive 2000/31/EC) Regulations 2003 (SI No 68 of 2003) (transposing Article 14 of the e-Commerce Directive Directive 2000/31/EC into Irish law).
He came to that conclusion, especially as regards section 27, with some unease, and he doubted very much if that consequence was intended by the Oireachtas ([65]). If his doubts are well founded, then the Oireachtas has it its power to amend the section to come into line with its intentions. In my previous post, I considered the issues in Binchy J’s judgment other than the availability of those defences. In this post, I will first consider the defence of innocent publication in section 27; I will then consider the hosting immunity in Regulation 18; and I will finally consider whether it is necessary to reform either or both of those provisions. Read more
Internet defamation and the liability of intermediaries (Muwema v Facebook part 1)
1. Introduction
The liability of internet intermediaries for defamatory posts on their platforms was central to the decision of Binchy J in Muwema v Facebook Ireland Ltd [2016] IEHC 519 (23 August 2016). A Ugandan lawyer objected to allegedly defamatory posts on a pseudonymous Facebook account, and Binchy J gave an order requiring Facebook to identify the account-holder. However, he declined to grant injunctions requiring Facebook either to remove the posts or to prevent the material in them from being re-posted, on the grounds that Facebook could rely on the defence of innocent publication in section 27 of the Defamation Act 2009 (also here).
On the other hand, in the earlier Petroceltic International plc v Aut O’Mattic A8C Ireland Ltd (High Court, unreported, 20 August 2015, amended 8 September 2015; noted here (pdf) and here (pdf)) (see Irish Independent | Irish Times) Baker J not only gave an order requiring the defendant to identify an account-holder but also granted an injunction requiring the defendant to remove allegedly defamatory posts from a blog hosted on its site. Baker J simply made the relevant orders, whereas Binchy J handed down a full judgment explaining that section 27 was the reason why he refused to award the injunctions against the defamatory posts. Whilst his judgement is likely to be influential, it is nevertheless striking that another judge took the opposite approach, so the matter cannot be regarded as fully settled, and it is appropriate to analyse his reasoning in at least a little detail.
In Muwema, the plaintff sought three orders against Facebook: (i) to identify the person or persons behind the pseudonymous account, (ii) to take down the allegedly defamatory posts, and (iii) to prevent any similar posts from being reposted. The plaintiff obtained the first, but not the second or third. In this post, I will discuss the issues in this sequence, but I will postpone a detailed analysis of section 27 to the next post. Read more
Even as Public Funding to Universities Decreases, Government Preoccupation with Control Increases
I have the following op-ed in the current edition of the University Times:
Even as Public Funding to Universities Decreases, Government Preoccupation with Control Increases
The political agenda looks for control over the raising and expenditure of funding received from non-state sources.
As students return to college, the politicians return to Leinster House. Both students and politicians are facing very interesting terms, and each group has the capacity to make life difficult for the other.
One of the issues on the returning government’s plate is the vexed question of third-level funding. All sides are agreed that our higher education sector is woefully underfunded. The ongoing fall of Irish universities in international rankings is due, in no small part, to the funding cutbacks that began in 2003 and were cumulatively deepened after the 2008 global financial crisis. A recent report by an expert group, chaired by trade unionist Peter Cassells, made several recommendations on the future funding for higher education, and any choice the government makes will be controversial.
Two questions will have to be answered. The first is: who pays? The second is: how much? Read more
CAO cynicism
It’s that time of the year when the Central Applications Office (CAO) makes offers of third level places to Ireland’s school-leavers. Places are allocated on the basis of a complex but transparent system of supply (of [level 6, level 7 and level 8] courses by third level institutions), demand (for courses by school leavers), and grades (obtained by school leavers in the second level terminal examination, the Leaving Certificate). The grades are converted into points, and the number of points of the last-admitted candidate to a course can be regarded as the cut-off for qualification for entry to that course. The race for points for College places has become increasingly utilitarian over recent years, and the headlines this morning are no different:
Stem steams ahead as students abandon the arts ship
Points for arts courses fall to a new low as students question value of such degrees
Students have been bombarded by calls to study science, technology, engineering and maths (STEM) over the past few years. The message seems to be working, as points for those courses have risen across the board for the first round of CAO offers. Points for arts courses have fallen to a new low as students question the value of those degrees, …
Also: CAO offers: Sharp points rise for courses linked to recovery – Engineering, architecture, construction and business up as arts falls to new low; Focus on construction and engineering results in higher points – Points drop across the board for arts and social science degrees; Business and technology jobs surge as over 52,000 receive CAO offers – Students target courses to give them skills to travel globally.
If the drop in points for Arts, Humanities and Social Science (AHSS) courses is because of a drop in demand, and if that drop in demand is because students are questioning the value of such degrees, this would be, to say the least, unfortunate. It reminds of me of the definition of a cynic given by Lord Darlington in Oscar Wilde’s Lady Windermere’s Fan as someone “who knows the price of everything, and the value of nothing”. Read more
Hi there! Thanks for dropping by. I'm 
