data it law March 2017: right to be forgotten and company registers & competition law in the right to data portability

The overview of interesting Data & IT Law articles and news in March 2017!

The right to be forgotten and company registers – the judgment by the Court of Justice of the EU

The Court of Justice of the EU had analyzed an application of the right to be forgotten for different types of data controllers, other than search engines (see more about its Google Spain case). In the Manni Case, it analyzed its application for company registers.

It held that the right to be forgotten “could not be generally applied to a company register, though it did suggest that there may be some very limited circumstances where limitations might be imposed on access to personal data held on such a register.“

These circumstances include “overriding and legitimate reasons that would justify that access to personal data (…) Such limitations could only occur “exceptionally” and “…upon expiry of a sufficiently long period after the dissolution of the company in question.” In addition the register would still have to allow access “… to third parties who can demonstrate a specific interest …”

Several scholar articles this month

This month, the authors published several interesting articles.

Damian Clifford and Valerie Verdoodt published an article “Integrative advertising: the marketing ‘dark side’ or merely the emperor’s new clothes?” in European Journal of Law and Technology.

They analyze new forms of marketing, mixing commercial and non-commercial content, in the light of EU legislative framework. “The paper states that for true advertising literacy mere identification of commercial communications is insufficient and that efforts need to be made in order to educate consumers (especially children) to allow for the continuing relevance and reliance on the notion of the average consumer.“

Irene Kamara published an article “Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation ‘mandate’” in European Journal of Law and Technology.

It focuses on the rise of a standardization in the data protection legislation in the European union, with a focus on privacy by design. The author argues: “The mandate on privacy by design in security products and services illustrates mainly two things. The first is that requirements on technological measures and methods, which cannot be included in the data protection law, maybe be incorporated in technical standards. (…) The second lesson from the ongoing standardisation request is that self-regulation has limitations. (S)elf-regulation is flexible and market-driven. These characteristics might lead to results that promote the interests of groups that participate in the standardisation activity.”

Finally, Aysem Diker Vanberg and Mehmet Bilal Ünver published an article The right to data portability in the GDPR and EU competition law: odd couple or dynamic duo? in European Journal of Law and Technology.

It deals with the competition law aspects of the right to data portability. “This paper critically examines the right to data portability and suggests that in order to ensure comprehensive data portability that reaches out to all relevant stakeholders, including businesses, the provisions in the GDPR need to be analysed by taking into account EU competition rules. It suggests that lessons can be drawn from EU competition law to limit the potential adverse consequences of the right to data portability particularly for small and medium-sized enterprises. It also asserts that EU competition rules, especially Article 102 TFEU and the essential facilities doctrine, can complement data portability by facilitating mandatory access to specific data.”