Category Archives: European Policy

Who’s responsible for what happens on Facebook? Analysis of a new ECJ opinion

In this guest post Lorna Woods, Professor of Internet Law at the University of Essex, provides an analysis on the new ECJ opinion . This post first appeared on the blog of Steve Peers, Professor of EU, Human Rights and World Trade Law at the University of Essex.

Who is responsible for data protection law compliance on Facebook fan sites? That issue is analysed in a recent opinion of an ECJ Advocate-General, in the case of Wirtschaftsakademie (full title: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH, in the presence of Facebook Ireland Ltd, Vertreter des Bundesinteresses beim Bundesverwaltungsgericht).

This case is one more in a line of cases dealing specifically with the jurisdiction of national data protection supervisory authorities, a line of reasoning which seems to operate separately from the Brussels I Recast Regulation, which concerns jurisdiction of courts over civil and commercial disputes.  While this is an Advocate-General’s opinion, and therefore not binding on the Court, if followed by the Court it would consolidates the Court’s prior broad interpretation of the Data Protection Directive.  While this might be the headline, it is worth considering a perhaps overlooked element of the data-economy: the role of the content provider in providing individuals whose data is harvested.

Continue reading

Call for Papers – Children and Digital Rights: Regulating Freedoms and Safeguards

We are pleased to announce this call for papers for the Information Law and Policy Centre’s Annual Conference on 17 November 2017 at IALS in London, this year supported by Bloomsbury’s Communications Law journal. You can read about our previous annual events here.

We are looking for high quality and focused contributions that consider information law and policy within the context of children and digital rights. Whether based on doctrinal analysis, or empirical social research, papers should offer an original perspective on the implications posed by the data-driven society for the regulation of the digital rights of children and young adults, and the freedoms and safeguards therein.

Topics of particular interest in 2017 include:

  • Internet intermediary liability
  • Social media
  • Data privacy
  • Internet of Things
  • Cyber security
  • UN Convention on the Rights of the Child
  • Online games/apps
  • Digital education
  • The EU General Data Protection Regulation

The workshop will take place on Friday 17th November 2017 and will be followed by the Information Law and Policy Centre’s Annual Lecture and an evening reception.

Attendance will be free of charge thanks to the support of the IALS and our sponsor, although registration is required as places are limited.

The best papers will be featured in a special issue of Bloomsbury’s Communications Law journal, following a peer-review process. Those giving papers will be invited to submit full draft papers to the journal by 1st November 2017 for consideration by the journal’s editorial team.

How to apply:

Please send an abstract of between 250-300 words and some brief biographical information to Eliza Boudier, Fellowships and Administrative Officer, IALS: eliza.boudier@sas.ac.uk by Friday 14th July 2017 (5pm, BST).

Abstracts will be considered by the Information Law and Policy Centre’s academic staff and advisors, and the Communications Law journal editorial team.

About the Information Law and Policy Centre at the IALS:

The Information Law and Policy Centre (ILPC) produces, promotes, and facilitates research about the law and policy of information and data, and the ways in which law both restricts and enables the sharing, and dissemination, of different types of information.

The ILPC is part of the Institute of Advanced Legal Studies (IALS), which was founded in 1947. It was conceived, and is funded, as a national academic institution, attached to the University of London, serving all universities through its national legal research library. Its function is to promote, facilitate, and disseminate the results of advanced study and research in the discipline of law, for the benefit of persons and institutions in the UK and abroad.

The ILPC’s Annual Conference and Annual Lecture form part of a series of events celebrating the 70th Anniversary of the IALS in November.

About Communications Law (Journal of Computer, Media and Telecommunications Law):

Communications Law is a well-respected quarterly journal published by Bloomsbury Professional covering the broad spectrum of legal issues arising in the telecoms, IT, and media industries. Each issue brings you a wide range of opinion, discussion, and analysis from the field of communications law. Dr Paul Wragg, Associate Professor of Law at the University of Leeds, is the journal’s Editor in Chief.

New Study on Intermediary Liability and European Copyright Reform

Dr Christina Angelopoulos, associate research fellow at the Information Law & Policy Centre and lecturer at the University of Cambridge, has authored a study entitled ‘On Online Platforms and the Commission’s New Proposal for a Directive on Copyright in the Digital Single Market’.

The study, commissioned by MEP Julia Reda, evaluates the provisions of the European Commission’s Proposal of 14 September 2016 for a Directive on Copyright in the Digital Single Market that are relevant to the issue of intermediary liability.

The study concludes that key elements of these provisions are incompatible with existing EU directives, as well as with the Charter of Fundamental Rights of the EU.

In particular, the study suggests that the Proposal misinterprets EU copyright and related rights law by implying that intermediaries that allow users to host content in a public manner are themselves performing an act of communication to the public. The study argues that acts of facilitation of third party copyright infringement are instead the rightful domain, not of primary, but of accessory liability, an area of copyright and related rights law that has not yet been harmonised at the EU level.

Continue reading

Book launch: ‘Private Power, Online Information Flows and EU Law: Mind The Gap’

angela-daly-eu-bookBook launch at: The Conservatory, Bloomsbury Publishing Plc 
50 Bedford Square
London
WC1B 3DP
6pm – 8pm, 31 January 2017

This event is FREE but registration is required on Eventbrite.

Speaker: Angela Daly

With guest speakers: Professor Chris Marsden, University of Sussex; Dr Orla Lynskey, London School of Economics and Political Science

About the Book

This monograph examines how European Union law and regulation address concentrations of private economic power which impede free information flows on the Internet to the detriment of Internet users’ autonomy. In particular, competition law, sector specific regulation (if it exists), data protection and human rights law are considered and assessed to the extent they can tackle such concentrations of power for the benefit of users.

Using a series of illustrative case studies, of Internet provision (including the net neutrality debate), search, mobile devices and app stores, and the cloud, the work demonstrates the gaps that currently exist in EU law and regulation. It is argued that these gaps exist due, in part, to current overarching trends guiding the regulation of economic power, namely neoliberalism, by which only the situation of market failure can invite ex ante rules, buoyed by the lobbying of regulators and legislators by those in possession of such economic power to achieve outcomes which favour their businesses. Given this systemic, and extra-legal, nature of the reasons as to why the gaps exist, solutions from outside the system are proposed at the end of each case study.

Praise for the Book

‘This is a richly textured, critically argued work, shedding new light on case studies in information law which require critical thinking. It is both an interesting series of case studies (notably cloud computing, app stores and search) that displays original and deeply researched scholarship and a framework for critiquing neoliberal competition policy from a prosumerist and citizen-oriented perspective.’ – Professor Chris Marsden, University of Sussex.

The Competence of the European Union in Copyright Lawmaking

competence-of-eu-in-copyright-lawmakingBook launch event at the IALS
6pm – 8pm, 15 Dec 2016

Register online at Eventbrite to book your free ticket

Speaker: Dr Ana Ramalho, Assistant Professor of Intellectual Property, Maastricht University

Discussant: Professor Lionel Bently, Herchel Smith Professor of Intellectual Property and Director of the Centre for Intellectual Property and Information Law, University of Cambridge.

In this seminar Ana Ramalho will discuss her new book, which inquires into the competence of the EU to legislate in the field of copyright and uses content analysis techniques to demonstrate the existence of a normative gap in copyright lawmaking.

To address that gap Ana Ramalho proposes the creation of benchmarks of legislative activity, reasoning that EU secondary legislation, such as directives and regulations, should be based on higher sources of law.

In the book she investigates two such possible sources: the activity of the EU Court of Justice in the pre-legislative era and the EU treaties. From these sources Ana Ramalho establishes concrete benchmarks of legislative activity, which she then tests by applying them to current EU copyright legislation.

This provides examples of good and bad practices in copyright lawmaking and also shows how the benchmarks could be implemented in copyright legislation. Finally, Ana Ramalho offers some recommendations in this regard.

This seminar will be followed by the book launch of “The Competence of the European Union in Copyright Lawmaking: A Normative Perspective of EU Powers for Copyright Harmonization” by Ana Ramalho

EU Copyright Reform: Outside the Safe Harbours, Intermediary Liability Capsizes into Incoherence

In the following piece, Christina Angelopoulos, lecturer in intellectual property law at the University of Cambridge, analyses the aspects of the Commission’s new proposal for the digital single market directive that are relevant to intermediary liability. The post was originally published on the Kluwer Copyright Blog.

As has by now been extensively reported, on 14th September the European Commission released its new copyright reform package. Prominent within this is its proposal for a new Directive on Copyright in the Digital Single Market.

copyright-40632_1280

The proposal contains an array of controversial offerings, but from the perspective of this intermediary liability blogger, the most interesting provision is the proposed Article 13 on ‘Certain uses of protected content by online services’. This is highly problematic in a number of different ways.

The Supposed Problem

As the Communication on a fair, efficient and competitive European copyright-based economy in the Digital Single Market (which was released in parallel to the proposal) explains, the new Article 13 is intended to address what in Brussels parlance over the past year has come to be termed the ‘value gap’. This refers to the idea that revenues generated from the online use of copyright-protected content are being unfairly distributed between the different players in the value chain of online publishing. A distinction is usually drawn in this regard between ad-funded platforms, such as YouTube, Dailymotion and Vimeo, and subscription-funded platforms, such as Spotify or Netflix. While the latter require the consent of copyright-holders to operate legally, the business model of the former revolves around user-created content (UCC). As a result, they tend to focus not on copyright licensing, but on notice-and-takedown systems, which allow them to tackle any unwanted infringements of copyright snuck onto their websites by their users. [To continue reading this post on the Kluwer Copyright Blog, click here.]

Brexit: “You don’t know what you’ve got till it’s gone”

Brexit IT law scrabble

In the following editorial, Professor Lilian Edwards considers the implications of the Brexit vote for information law and assesses the mood amongst the academic community in the aftermath of the EU Referendum.

The article was first published in Volume 13, Issue 2 of SCRIPT-ed: A Journal of Law, Technology and Society. Professor Edwards’ views do not represent those of the Information Law and Policy Centre or the Institute of Advanced Legal Studies. 

On 23 June 2016 a slim majority of UK voters decided we should leave the EU in one of the great political upsets of British political history. On 24 June, the next day, CREATe,[1] the RCUK copyright and business models centre which I have helped run since 2012, ran a one-day festival at the Royal Society of the Arts in London. This was designed to be a showcase and celebration of four years of working at the cutting edge of copyright and how it either helps or hinders the creative industries and arts. Hundreds of academics signed up to show and see, including the Director of CREATe, Martin Kretschmer of Glasgow University, from Germany by birth, and many others from all over Europe and beyond.

It was a classic international IT/intellectual property event: analysing laws made throughout the world to regulate globalised cultural markets, transnational data and product flows, disruptive technologies that disregard borders, and audiences as likely to listen to music made in Brazil via decentralised P2P networks, as watch Netflix series made in the US, or use smartphones made in Japan to watch Hindi pop videos on YouTube.

In the event, the CREATe Festival became more of a wake. Reportedly, experienced academics, who thought themselves hardened to trauma by years of bombardment from REF, TEF and NSS, were almost in tears at the first session. This writer, derelict of duty, was not there to corroborate, still staring like a rabbit in the headlights at the TV in a hotel bedroom in Docklands, where the dominant tech, business and financial workers were almost equally in shock.

So, Brexit. As the dust not so much settles as temporarily accumulates while we work out what on earth happens next, what are the implications for IT law and UK academe? Are they really as bad as they seemed that morning? Continue reading

What is the impact of the Brexit vote on the Investigatory Powers Bill?

IP bill 2 copyThe Investigatory Powers Bill is currently proceeding through parliament – its second reading in the House of Lords took place on Monday 27 June.

Readers may have missed reports on the Lords debate amidst financial losses, Labour Party resignations, the Conservative Party leadership race and, of course, England’s embarrassing exit from Euro 2016 (among other things).

Given the ongoing political uncertainty and distractions after the Brexit vote, Open Rights Group campaigners have called on the government to halt the passage of the Bill on the basis that it cannot be adequately scrutinised by parliamentarians, the media and the public.

The Open Rights Group suggests that the passage of the Bill could be affected by the political crisis – the Bill could be accelerated or delayed depending on whether a General Election is called.

Ongoing legal cases may also affect its passage – particularly the impending European Court of Justice ruling on a case brought by MPs Tom Watson and David Davis in relation to the Data Retention and Investigatory Powers Act (DRIPA). In the Lords debate, Lord Butler described the DRIPA ruling as “hanging over the whole issue”.

Elements of DRIPA – emergency legislation passed in 2014 – have been included in the Investigatory Powers Bill. If the ECJ upholds a decision by the High Court in July 2015 that the sections on self-authorised access and bulk retention of data breach fundamental EU Charter rights under Articles 7 and 8, then this could have a significant impact on the IP Bill.

It is likely that any temptation to ignore ECJ rulings relevant to the IP Bill (and more generally) in light of the leave vote will be resisted as any failure to comply with current EU treaty obligations could possibly provide a pretext for greater EU action against the UK to speed up Brexit. Although there is no mechanism to formally expel the UK from the EU, indirect action could be explored which might put pressure on the UK’s control of the exit process through Article 50.

In the Lords debate, there was disagreement over the impact of the leave vote on the Bill. Lord Rosser noted that the vote to leave the EU had “added to the complexity” of the Bill due to uncertainties over European cooperation on security issues, but the Advocate General for Scotland, Lord Keen of Elie did not believe that any changes to the Bill would be required in light of the Brexit vote.

For the time being, the Bill continues its path to Royal Assent – the House of Lords committee stage is due to begin on 11 July.

What is the impact of Brexit on data protection and the GDPR?

A consensus already appears to be emerging among legal commentators that many UK organisations will need to comply with the provisions of the European Union’s General Data Protection Regulation regardless of the progress of the UK’s path to Brexit.

The GDPR was due to be adopted by the UK in May 2018 after a long process of EU legislative reform. As soon as the UK officially leaves the EU, in theory it is possible that the GDPR could be ignored – data protection is already written into UK law in the Data Protection Act 1998. In practice, however, if the UK continued to be part of the European Economic Area then the UK would have to abide by GDPR.

Moreover, as Andrew Cormack points out, any organisation outside the EU that wishes to process the data of “data subjects who are in the Union” will also have to abide by GDPR (Article 3(2)). This would be relevant to a number of UK organisations who need to process the data of EU clients, customers, students etc.

Further, any EU organisation sending personal data to the UK as a non-member state would no longer be able to guarantee that there was “adequate protection” of data in the UK, unless the UK sought to obtain a declaration to the contrary.

The position of the UK vis-à-vis GDPR was summarised by the ICO in a statement published in response to the referendum result:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

It is likely, therefore, that elements of the GDPR will be incorporated into UK law however Brexit progresses. Both Anya Proops QC and Eduardo Ustaran argue that any UK business which provides services into the EU will need to understand and comply with GDPR.

Brendan Van Alsenoy: I tweet therefore I am … subject to data protection law?

In this guest blog post, Brendan Van Alsenoy – legal researcher at the Centre for IT and IP Law, University of Leuven – analyses the scope of the personal use exemption under the new EU General Data Protection Regulation (GDPR).

A note with regard to the relevance of the GDPR to the UK: this post was written before the EU referendum result on 24th June. For the ICO’s statement on the potential regulatory implications of a UK exit from the EU please see this link.

The blog post was originally posted on the CiTiP blog at KU Leuven. It is based on a draft paper included in the CiTiP Working Paper Series. You can follow the CiTiP on Twitter here.


In less than 30 years, individuals have transcended their role as passive “data subjects” to become actively involved in the creation, distribution and consumption of personal data. Unless an exemption or derogation applies, individuals are – at least in theory – subject to data protection law.

The evolving role of the individual

We use information and communication technologies every day. Mobile devices tell us where to eat, who to meet and how to get there. We share pictures, post videos and tweet reviews. We google everything and everyone.

With all these processing capabilities at our fingertips, the question can be asked: are we subject to EU data protection law?

Continue reading