data it law October 2016: merger review and data protection, dynamic IP address as personal data

The overview of interesting Data & IT Law articles and news in October 2016!


Merger review and data protection – time for a more forward-looking approach?

The article at the KU Leuven blog deals with the current regime of an application of data protection rules for a merger review by the European Commission. The author argues that it might be beneficial to apply a forward-looking approach for data protection issues.

The author argues that „the Commission as a competition authority could adopt conditions which not only address the economic efficiency concerns but at the same time also guarantee the effectiveness of data protection law.” Based on the examples of Google/Double Click, as well as Facebook/Whatsapp reviews, the author describes the measures that might have helped improve the data protection regime after the merger. „(T)he Commission could require the merging parties to keep their databases separate because of economic efficiency concerns (…) (T)he competent national data protection authority could even be put in charge of monitoring whether personal data is not exchanged between previously distinct services.”

The author gives an example of Facebook/Whatsapp merger, in which the Commission did not deal with data protection risks and approved the merger. However, at present, after Facebook modified Whatsapp´s privacy policy, the Commission is investigating the modification from a data protection perspective. The author argues that „in the absence of any merger remedies, the only option for the Commission as well as the national data protection authorities is to monitor ex post whether Facebook is complying with the relevant competition and data protection rules.”


GS Media case in practice: the case from Sweden

The article at IPkitten deals with an application of GS Media Case of the EU Court of Justice, case no. 160/15. In this ruling, the Court held that to answer the question of unauthorised linking to unlicensed content, „one must not only consider the classic duo (1) act of communication + (2) to a public, but also “several complementary criteria, which are not autonomous and are interdependent” [para 34]. These, according to the CJEU, include whether the posting of hyperlinks is carried out for profit and whether the person who posts the link has knowledge of the unauthorised character of the content linked to.” The article includes a very nice overview of various scenarios and how to deal with these situations, pursuant to the Court of Justice case law.

In the case in Sweden, the Court applied a fairly strict interpretation of the GS Media Case. The author describes several controversial issues:

  • The claimant´s work to pursue a profit is unclear. „(I)t might appear that getting the label “profit-making intention” is VERY easy and – with it – the presumption of knowledge and …prima facie
  • „the judgment does not contain any discussion of whether one or more copyright exceptions would apply to this case [news reporting? quotation? criticism/review?]
  • it is unclear both (1) whether the claimant approached the defendant to notify it of the unlicensed nature of the YouTube video and (2) whether the claimant asked YouTube to take down the video in the first place.“


Data & IT Law articles 10-2016! Merger review and data protection, dynamic IP address as personal data. Click To Tweet


Prediction of judicial decisions using Natural Language Processing

At, we have already covered several examples of the use of data analysis tools for the legal practice (here, here or tools for contracts). In the recent PeerJ Computer Science issues, the group of authors published an article about „Predicting judicial decisions of the European Court of Human Rights: a Natural Language Processing perspective“.

The analysis resulted in several findings: „Our models can predict the court’s decisions with a strong accuracy (79% on average). Our empirical analysis indicates that the formal facts of a case are the most important predictive factor. This is consistent with the theory of legal realism suggesting that judicial decision-making is significantly affected by the stimulus of the facts. We also observe that the topical content of a case is another important feature in this classification task and explore this relationship further by conducting a qualitative analysis.“


EU Court of Justice´s Case Breyer v Deutschland – dynamic IP address and personal data

At, we have discussed the issue of an IP address constituting personal data (see the opinion of Advocate General). In Case C-582/14, the Court of Justice held that it constitutes personal data. However, the issue is more complex: „The dynamic internet protocol address of a visitor constitutes personal data, with respect to the operator of the website, if that operator has the legal means allowing it to identify the visitor concerned with additional information about him which is held by the internet access provider”.

In an interpretation of the decision, pagefair stressed „the legal means“ condition as well as the fact that: „a website operator may collect and store personal data without consent for an indeterminate period so as to ensure the continued functioning of the website”.

At KU Leuven blog, the author highlighted other issues: “(I)t is clear that security can be a legitimate interest of the controller, which might provide the possibility to store personal data longer than is necessary to purely provide the technical service (…) (T)he Court considered the Federal German institutions running the contested websites, are to be considered as ‘individuals’ in doing so, not as public authorities.”

Leave a Reply

Your email address will not be published. Required fields are marked *