This essay analyses the issues concerning the application of territorial criteria set forth by EU privacy protection laws regarding activities on the Internet. To this extent, the scholars warn about the confusion arising from the term “extraterritorial” or from the expression “territorial principal” to describe the scope of EU data protection regulation. The author stresses the need to focus on specific issues concerning the identification of the court having jurisdiction and of the supervisory authority having competence over privacy violations carried out through electronic means on the Internet. It has been noted that the principle of effective remedy is applied by the European Court of Justice to Internet cases in such a way as to guarantee the person entitled to the remedy to bring an action before the nearest court or to lodge a complaint with the nearest supervisory authority, suitable according to the relevant EU laws. Yet the European jurisprudence is not always compliant with the predictability principle. In the author’s opinion, the locus commissi delicti jurisdiction should indeed be granted alternatively to the courts, where the “centre of interest” of the damaged party or the establishment of the damaging party are located. On the contrary, with reference to the competence of the supervisory authorities to issue sanction the expression “establishment” of the data processor is construed by the European Court of Justice in a broad sense granting such competence to the closest authority to the data subject. The EU Regulation 2016/679 defines the competence of the supervisory authorities and the jurisdiction of the courts with regard to data protection remedies in light of the effective remedy principle and the predictability principal. Accordingly, the territorial criteria provided by Regulation 2016/679 are (not surprisingly) the habitual residence and place of work of the data subject, as well as the establishment of the data controller and processor. However, the coordination system concerning cross-border data protection affects the jurisdiction of the courts, also empowering indirectly the European Court of Justice to rule on the jurisdiction of the national courts. The reference to the effective remedy principal in the Schrems case is central to understand the key role played by national courts in verifying the adequate protection granted by third countries in relation to data flowed from EU Member States. Moreover, Regulation 2016/679 has refined the protection of data flows to third countries by conciliating the application of the principle of effective remedy to that of predictability of jurisdiction.
Barletta, A., La tutela effettiva della privacy nello spazio (giudiziario) europeo e nel tempo (della "aterrittorialità") di Internet., <<EUROPA E DIRITTO PRIVATO>>, 2017; (4): 1179-1214 [http://hdl.handle.net/10807/122710]
La tutela effettiva della privacy nello spazio (giudiziario) europeo e nel tempo (della "aterrittorialità") di Internet.
Barletta, A
Primo
2017
Abstract
This essay analyses the issues concerning the application of territorial criteria set forth by EU privacy protection laws regarding activities on the Internet. To this extent, the scholars warn about the confusion arising from the term “extraterritorial” or from the expression “territorial principal” to describe the scope of EU data protection regulation. The author stresses the need to focus on specific issues concerning the identification of the court having jurisdiction and of the supervisory authority having competence over privacy violations carried out through electronic means on the Internet. It has been noted that the principle of effective remedy is applied by the European Court of Justice to Internet cases in such a way as to guarantee the person entitled to the remedy to bring an action before the nearest court or to lodge a complaint with the nearest supervisory authority, suitable according to the relevant EU laws. Yet the European jurisprudence is not always compliant with the predictability principle. In the author’s opinion, the locus commissi delicti jurisdiction should indeed be granted alternatively to the courts, where the “centre of interest” of the damaged party or the establishment of the damaging party are located. On the contrary, with reference to the competence of the supervisory authorities to issue sanction the expression “establishment” of the data processor is construed by the European Court of Justice in a broad sense granting such competence to the closest authority to the data subject. The EU Regulation 2016/679 defines the competence of the supervisory authorities and the jurisdiction of the courts with regard to data protection remedies in light of the effective remedy principle and the predictability principal. Accordingly, the territorial criteria provided by Regulation 2016/679 are (not surprisingly) the habitual residence and place of work of the data subject, as well as the establishment of the data controller and processor. However, the coordination system concerning cross-border data protection affects the jurisdiction of the courts, also empowering indirectly the European Court of Justice to rule on the jurisdiction of the national courts. The reference to the effective remedy principal in the Schrems case is central to understand the key role played by national courts in verifying the adequate protection granted by third countries in relation to data flowed from EU Member States. Moreover, Regulation 2016/679 has refined the protection of data flows to third countries by conciliating the application of the principle of effective remedy to that of predictability of jurisdiction.
| File | Dimensione | Formato | |
|---|---|---|---|
|
4.pdf
non disponibili
Tipologia file ?:
Versione Editoriale (PDF)
Licenza:
Non specificato
Dimensione
162.19 kB
Formato
Unknown
|
162.19 kB | Unknown | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
