Abstract
Introduction:
Article 4 of the Data Protection Directive—defining the Directive’s territorial scope—has always been shrouded in a veil of mystery.1 No one seems to have been quite certain as to exactly what the role of that Article is and how it relates to other provisions; especially how it relates to Article 28 dealing with jurisdiction. For the first15 years or so, the confusion surrounding Article 4seems to have mattered little in that, whatever issue Article 4 was to address, that issue did not get much time in the limelight. That has now changed, not least due to the Internet. Article 4 has been the very focal point in one recent CJEU decision (Weltimmo2), and an important matter in another recent CJEU decision (Google Spain3).Furthermore, the proper interpretation of Article 4 is one of several important matters in a request to the CJEU for a preliminary ruling from the Oberster Gerichtsh of of Austria (Verein fu¨rKonsumenteninformation4), in relation to which Advocate General Saugmandsgaard Øe delivered his Opinion on 2 June 2016. And Article 4 is set to again be the battle ground in the CJEU, namely in the context of the ongoing dispute relating to Facebook’s so-called‘Fanpages’.5 Among these disputes, it is particularly subsection1(a)—processing of personal data in the context of the activities of an establishment of a controller in the Union—that has been the focal point, and it is the meaning of that specific subsection I will discuss here.
Article 4 of the Data Protection Directive—defining the Directive’s territorial scope—has always been shrouded in a veil of mystery.1 No one seems to have been quite certain as to exactly what the role of that Article is and how it relates to other provisions; especially how it relates to Article 28 dealing with jurisdiction. For the first15 years or so, the confusion surrounding Article 4seems to have mattered little in that, whatever issue Article 4 was to address, that issue did not get much time in the limelight. That has now changed, not least due to the Internet. Article 4 has been the very focal point in one recent CJEU decision (Weltimmo2), and an important matter in another recent CJEU decision (Google Spain3).Furthermore, the proper interpretation of Article 4 is one of several important matters in a request to the CJEU for a preliminary ruling from the Oberster Gerichtsh of of Austria (Verein fu¨rKonsumenteninformation4), in relation to which Advocate General Saugmandsgaard Øe delivered his Opinion on 2 June 2016. And Article 4 is set to again be the battle ground in the CJEU, namely in the context of the ongoing dispute relating to Facebook’s so-called‘Fanpages’.5 Among these disputes, it is particularly subsection1(a)—processing of personal data in the context of the activities of an establishment of a controller in the Union—that has been the focal point, and it is the meaning of that specific subsection I will discuss here.
Original language | English |
---|---|
Pages (from-to) | 210-221 |
Number of pages | 12 |
Journal | International Data Privacy Law |
Volume | 6 |
Issue number | 3 |
DOIs | |
Publication status | Published - Aug 2016 |