Article 4(1)(a) 'establishment of the controller' in EU data privacy law - time to rein in this expanding concept?

Research output: Contribution to journalArticleResearchpeer-review

2 Citations (Scopus)
7 Downloads (Pure)

Abstract

extractIntroduction:Article 4 of the Data Protection Directive—defining theDirective’s territorial scope—has always been shroudedin a veil of mystery.1 No one seems to have been quitecertain as to exactly what the role of that Article is andhow it relates to other provisions; especially how it relatesto Article 28 dealing with jurisdiction. For the first15 years or so, the confusion surrounding Article 4seems to have mattered little in that, whatever issueArticle 4 was to address, that issue did not get muchtime in the limelight.That has now changed, not least due to the Internet.Article 4 has been the very focal point in one recentCJEU decision (Weltimmo2), and an important matterin another recent CJEU decision (Google Spain3).Furthermore, the proper interpretation of Article 4 isone of several important matters in a request tothe CJEU for a preliminary ruling from theOberster Gerichtshof of Austria (Verein fu¨rKonsumenteninformation4), in relation to whichAdvocate General Saugmandsgaard Øe delivered hisOpinion on 2 June 2016. And Article 4 is set to again bethe battle ground in the CJEU, namely in the context ofthe ongoing dispute relating to Facebook’s so-called‘Fanpages’.5 Among these disputes, it is particularly subsection1(a)—processing of personal data in the contextof the activities of an establishment of a controller inthe Union—that has been the focal point, and it is themeaning of that specific subsection I will discuss here.
Original languageEnglish
Pages (from-to)210-221
Number of pages12
JournalInternational Data Privacy Law
Volume6
Issue number3
DOIs
Publication statusPublished - 2016

Fingerprint

privacy law
EU
data protection
personal data
facebook
Austria
search engine
jurisdiction
Internet
interpretation
time

Cite this

@article{1da492e14720409d93fb06210cf2af6e,
title = "Article 4(1)(a) 'establishment of the controller' in EU data privacy law - time to rein in this expanding concept?",
abstract = "extractIntroduction:Article 4 of the Data Protection Directive—defining theDirective’s territorial scope—has always been shroudedin a veil of mystery.1 No one seems to have been quitecertain as to exactly what the role of that Article is andhow it relates to other provisions; especially how it relatesto Article 28 dealing with jurisdiction. For the first15 years or so, the confusion surrounding Article 4seems to have mattered little in that, whatever issueArticle 4 was to address, that issue did not get muchtime in the limelight.That has now changed, not least due to the Internet.Article 4 has been the very focal point in one recentCJEU decision (Weltimmo2), and an important matterin another recent CJEU decision (Google Spain3).Furthermore, the proper interpretation of Article 4 isone of several important matters in a request tothe CJEU for a preliminary ruling from theOberster Gerichtshof of Austria (Verein fu¨rKonsumenteninformation4), in relation to whichAdvocate General Saugmandsgaard {\O}e delivered hisOpinion on 2 June 2016. And Article 4 is set to again bethe battle ground in the CJEU, namely in the context ofthe ongoing dispute relating to Facebook’s so-called‘Fanpages’.5 Among these disputes, it is particularly subsection1(a)—processing of personal data in the contextof the activities of an establishment of a controller inthe Union—that has been the focal point, and it is themeaning of that specific subsection I will discuss here.",
author = "Svantesson, {Dan Jerker B}",
year = "2016",
doi = "10.1093/idpl/ipw013",
language = "English",
volume = "6",
pages = "210--221",
journal = "International Data Privacy Law",
issn = "2044-3994",
publisher = "Oxford University Press",
number = "3",

}

Article 4(1)(a) 'establishment of the controller' in EU data privacy law - time to rein in this expanding concept? / Svantesson, Dan Jerker B.

In: International Data Privacy Law, Vol. 6, No. 3, 2016, p. 210-221.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Article 4(1)(a) 'establishment of the controller' in EU data privacy law - time to rein in this expanding concept?

AU - Svantesson, Dan Jerker B

PY - 2016

Y1 - 2016

N2 - extractIntroduction:Article 4 of the Data Protection Directive—defining theDirective’s territorial scope—has always been shroudedin a veil of mystery.1 No one seems to have been quitecertain as to exactly what the role of that Article is andhow it relates to other provisions; especially how it relatesto Article 28 dealing with jurisdiction. For the first15 years or so, the confusion surrounding Article 4seems to have mattered little in that, whatever issueArticle 4 was to address, that issue did not get muchtime in the limelight.That has now changed, not least due to the Internet.Article 4 has been the very focal point in one recentCJEU decision (Weltimmo2), and an important matterin another recent CJEU decision (Google Spain3).Furthermore, the proper interpretation of Article 4 isone of several important matters in a request tothe CJEU for a preliminary ruling from theOberster Gerichtshof of Austria (Verein fu¨rKonsumenteninformation4), in relation to whichAdvocate General Saugmandsgaard Øe delivered hisOpinion on 2 June 2016. And Article 4 is set to again bethe battle ground in the CJEU, namely in the context ofthe ongoing dispute relating to Facebook’s so-called‘Fanpages’.5 Among these disputes, it is particularly subsection1(a)—processing of personal data in the contextof the activities of an establishment of a controller inthe Union—that has been the focal point, and it is themeaning of that specific subsection I will discuss here.

AB - extractIntroduction:Article 4 of the Data Protection Directive—defining theDirective’s territorial scope—has always been shroudedin a veil of mystery.1 No one seems to have been quitecertain as to exactly what the role of that Article is andhow it relates to other provisions; especially how it relatesto Article 28 dealing with jurisdiction. For the first15 years or so, the confusion surrounding Article 4seems to have mattered little in that, whatever issueArticle 4 was to address, that issue did not get muchtime in the limelight.That has now changed, not least due to the Internet.Article 4 has been the very focal point in one recentCJEU decision (Weltimmo2), and an important matterin another recent CJEU decision (Google Spain3).Furthermore, the proper interpretation of Article 4 isone of several important matters in a request tothe CJEU for a preliminary ruling from theOberster Gerichtshof of Austria (Verein fu¨rKonsumenteninformation4), in relation to whichAdvocate General Saugmandsgaard Øe delivered hisOpinion on 2 June 2016. And Article 4 is set to again bethe battle ground in the CJEU, namely in the context ofthe ongoing dispute relating to Facebook’s so-called‘Fanpages’.5 Among these disputes, it is particularly subsection1(a)—processing of personal data in the contextof the activities of an establishment of a controller inthe Union—that has been the focal point, and it is themeaning of that specific subsection I will discuss here.

UR - http://www.scopus.com/inward/record.url?scp=85041766196&partnerID=8YFLogxK

U2 - 10.1093/idpl/ipw013

DO - 10.1093/idpl/ipw013

M3 - Article

VL - 6

SP - 210

EP - 221

JO - International Data Privacy Law

JF - International Data Privacy Law

SN - 2044-3994

IS - 3

ER -