Skip to main content
SpringerLink
Log in

Europe Versus Facebook: An Imbroglio of EU Data Protection Issues

  • Chapter
Data Protection on the Move

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 24))

  • 3417 Accesses

Abstract

In this paper, the case Europe versus Facebook is presented as a microcosm of the modern data protection challenges that arise from globalization, technological progress and seamless cross-border flows of personal data. It aims to shed light on a number of sensitive issues closely related to the case, which namely surround how to delimit the power of a European Data Protection Authority to prevent a specific data flow to the US from the authority of the European Commission to find the entire EU-US Safe Harbor Agreement invalid. This comment will also consider whether the entire matter might have been more clear-cut if Europe-versus-Facebook had asserted its claims against Facebook US directly pursuant to Article 4 of the EU Data Protection Directive, rather than through Facebook Ireland indirectly under the Safe Harbor Agreement.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Colin J. Bennett, and Charles D. Raab, The Governance of Privacy: Policy Instruments in Global Perspective (The MIT Press, 2006).

  2. 2.

    Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Official Journal L 281, 23/11/1995 P. 0031–0050 (hereinafter referred to as “Data Protection Directive”).

  3. 3.

    Patrick J. Murray, “The Adequacy Standard Under Directive 95/46/EC: Does U.S. Data Protection Meet This Standard?,” 21 Fordham International Law Journal 932, 964–965 (1998).

  4. 4.

    Article 29 Data Protection Working Party, Opinion 8/2010 on applicable law (Dec. 16, 2010), http://ec.europa.eu/justice/policies/privacy /docs/wpdocs/2010/wp179_en.pdf.

  5. 5.

    Article 25(6).

  6. 6.

    For more information about this procedure see, European Commission, Commission decisions on the adequacy of the protection of personal data in third countries retrieved at http://ec.europa.eu/justice/data-protection/document/international-transfers/adequacy/index_en.htm.

  7. 7.

    European Commission, Commission decisions on the adequacy of the protection of personal data in third countries retrieved at http://ec.europa.eu/justice/data-protection/document/international-transfers/adequacy/index_en.htm.

  8. 8.

    Article 25(6) (“The Commission may find…that a third country ensures an adequate level of protection … by reason of its domestic law or of the international commitments it has entered into … for the protection of the private lives and basic freedoms and rights of individuals. Member States shall take the measures necessary to comply with the Commission’s decision.” (emphasis added); Article 4(3) Treaty of Lisbon.

  9. 9.

    Commission decision of July 26, 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce, 2000/520/EC.

  10. 10.

    There are other ways to permit the transfer of personal data from the EU to the US such as reliance on Binding Corporate Rules but the Safe Harbor Agreement is the only mechanism to permit to free flow and systematic transfer of personal data between the EU and the US; for more see, Liane Colonna, “Article 4 of the EU Data Protection Directive and the irrelevance of the EU-US Safe Harbor Program?” 4(3) International Data Privacy Law (Oxford 2014).

  11. 11.

    U.S.-EU Safe Harbor Overview http://www.export.gov/safeharbor/eu/eg_main_018476.asp.

  12. 12.

    Working Document on surveillance of electronic communications for intelligence and national security purposes, WP 228 adopted on 5 Dec 2014.

  13. 13.

    Safe Harbor Principles http://www.export.gov/safeharbor/eu/eg_main_018475.asp.

  14. 14.

    Safe Harbor Enforcement Overview retrieved at http://export.gov/safeharbor/eu/eg_main_018481.asp; see also, Joanna, Kulesza, “Walled Gardens of Privacy or ‘Binding Corporate Rules?’: A Critical Look at International Protection of Online Privacy,” 34 University Arkansas Little Rock Law Review 747 (2012); Robert R Schriver, “You Cheated, You Lied: The Safe Harbor Agreement and Its Enforcement by the Federal Trade Commission,” 70 Fordham Law Review 2777 (May 2002).

  15. 15.

    Damon Greer, “Safe harbor - A Framework That Works,” 1(3) International Data Privacy Law 143 (2011).

  16. 16.

    Arguably, an individual can bring a claim under federal or state law prohibiting unfair and deceptive acts. However, at the moment, the only two clear enforcement bodies with jurisdiction to hear claims concerning the Safe Harbor Agreement are the FTC (which while covering commerce in general excludes financial services, transport, telecommunications, among others, from its jurisdiction) and the US Department of Transportation. See Safe Harbor Enforcement Overview retrieved at http://export.gov/safeharbor/eu/eg_main_018481.asp (stating, “Where an organization relies in whole or in part on self-regulation in complying with the Safe Harbor Privacy Principles, its failure to comply with such self-regulation must be actionable under federal or state law prohibiting unfair and deceptive acts or it is not eligible to join the safe harbor); see also, Caspar Bowden and Judith Rauhofer, “Protecting Their Own: Fundamental Rights Implications for EU Data Sovereignty in the Cloud,” Edinburgh School of Law Research Paper No. 2013/28 (2013)(stating, “Failure to comply with the safe harbor principles can result in enforcement proceedings by the US Federal Trade Commission and direct action by affected individuals in the US courts.).

  17. 17.

    Data Protection Panel (related to FAQs 5 and 9 issued by the US Department of Commerce, and annexed to Commission Decision 2000/520/EC on the adequacy of the 'safe harbor' privacy principles) 25 July 2005 retrieved at http://ec.europa.eu/justice/policies/privacy/docs/adequacy/information_safe_harbour_en.pdf (stating, “Is the data protection panel competent to investigate all the complaints that derive from an alleged infringement of the Safe Harbour principles? No, the data protection panel does not have competence to investigate all the complaints that derive from an alleged infringement of the Safe Harbour principles. In certain cases, individuals will have other recourse mechanisms…”); see additionally footnote 65 in Ioanna Tourkochoriti, “The Transatlantic Flow of Data and the National Security Exception in the European Data Privacy Regulation: In Search for Legal Protection Against Surveillance”, 36 University of Pennsylvania Journal of International Law 459 (Winter 2014).

  18. 18.

    Communication from the Commission to the European Parliament and the Council on the Functioning of the Safe Harbour from the Perspective of EU Citizens and Companies Established in the EU COM(2013) 847 (27 November 2013), available at http://ec.europa.eu/justice/data-protection/files/com_2013_847_en.pdf (hereinafter referred to as “Commission’s Safe Harbor Communication”); see also, PRISM and Data Protection for EU Citizens, The Society for Computers and Law (June 6, 2013), http://www.scl.org/site.aspx?i=ne32989.

  19. 19.

    The European Commission. How will the “safe harbor” arrangement for personal data transfers to the US work? retrieved at http://ec.europa.eu/justice/policies/privacy/thridcountries/adequacy-faq1_en.htm.

  20. 20.

    Commission’s Safe Harbor Communication of 27 November 2013 (stating, “As recalled in the current Safe Harbour Decision, it is the competence of the Commission—acting in accordance with the examination procedure set out in Regulation 182/2011—to adapt the Decision, to suspend it or limit its scope at any time, in the light of experience with its implementation.”).

  21. 21.

    Commission’s Safe Harbor Communication of 27 November 2013.

  22. 22.

    The European Commission. How will the “safe harbor” arrangement for personal data transfers to the US work? http://ec.europa.eu/justice/policies/privacy/thridcountries/adequacy-faq1_en.htm.

  23. 23.

    Article 26(d) (stating, “The Member States and the Commission shall inform each other of cases where they consider that a third country does not ensure and adequate level of protection …. Member States shall take the measures necessary to prevent any transfer of data to [this country].”).

  24. 24.

    European Commission Press Release, European Commission calls on the U.S. to restore trust in EU-U.S. data flows (Brussels, 27 November 2013) retrieved at http://europa.eu/rapid/press-release_IP-13-1166_en.htm.

  25. 25.

    COM(2013) 847 Communication from the Commission to the European Parliament and the Council on the functioning of the safe Harbor from the perspective of EU citizens and companies established in the EU, 27 November 2013.

  26. 26.

    Complaint against Facebook Ireland Ltd to the Data Protection Commissioner of Ireland (25 June 2013) retrieved at http://www.europe-v-facebook.org/prism/facebook.pdf.

  27. 27.

    Pleading Documents in relation to High Court Judicial Review between Maximilian Schrems (applicant) and Data Protection Commissioner (respondent) (Record No. 2013/765 JR), Affidavit of B Hawkes sworn 16 December 2013 retrieved at http://europe-v-facebook.org/JR_First_Response_DPC.pdf.

  28. 28.

    Schrems v. Data Protection Commissioner (No.2), [2014] IEHC 351 (2014).

  29. 29.

    Pleading Documents in relation to High Court Judicial Review between Maximilian Schrems (applicant) and Data Protection Commissioner (respondent) (Record No. 2013/765 JR), Grounding Affidavit of Applicant sworn 21October2013_REDACTED retrieved at https://dataprotection.ie/docimages/documents/Grounding%20Affiadvit_Applicant%20%5Bredacted%5D.PDF.

  30. 30.

    Pleading Documents in relation to High Court Judicial Review between Maximilian Schrems (applicant) and Data Protection Commissioner (respondent) (Record No. 2013/765 JR), Affidavit of B Hawkes sworn 16 December 2013 retrieved at http://europe-v-facebook.org/JR_First_Response_DPC.pdf.

  31. 31.

    Schrems v. Data Protection Commissioner (No.2), [2014] IEHC 351 (2014).

  32. 32.

    Schrems v. Data Protection Commissioner (No.2), [2014] IEHC 351 (2014) para. 62.

  33. 33.

    Schrems v. Data Protection Commissioner (No.2), [2014] IEHC 351 (2014) para. 62.

  34. 34.

    Schrems v. Data Protection Commissioner (No.2), [2014] IEHC 351 (2014) para. 62 (stating, “It must be stressed, however, that neither the validity of the 1995 Directive nor the Commission Decision providing for the Safe Harbour Regime are, as such, under challenge in these judicial review proceedings.”).

  35. 35.

    Schrems v. Data Protection Commissioner (No.2), [2014] IEHC 351 (2014) para. 66.

  36. 36.

    Schrems v. Data Protection Commissioner (No.2), [2014] IEHC 351 (2014) para. 71.

  37. 37.

    2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce retrieved at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000D0520:EN:HTML.

  38. 38.

    Article 3, Commission decision of July 26, 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce, 2000/520/EC.

    Safe Harbor Enforcement Overview retrieved at http://export.gov/safeharbor/eu/eg_main_018481.asp.

  39. 39.

    Article 3(4) 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce retrieved at

    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000D0520:EN:HTML.

  40. 40.

    See the procedure referred to in Article 31 of the Data Protection Directive for how the Commission may go about suspending the entirety of the Safe Harbor Agreement.

  41. 41.

    Annex 1, 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce retrieved at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000D0520:EN:HTML.

  42. 42.

    See, Article 4 Data Protection Directive.

  43. 43.

    See, Article 12 Data Protection Directive.

  44. 44.

    See, Article 6 and Article 17 Data Protection Directive.

  45. 45.

    Article 3(2) Data Protection Directive.

  46. 46.

    Article 4(2) Data Protection Directive states “national security remains the sole responsibility of each Member State”; see further, Working Document on surveillance of electronic communications for intelligence and national security purposes, WP 228 adopted on 5 December 2014.

  47. 47.

    Working Document on surveillance of electronic communications for intelligence and national security purposes, WP 228 adopted on 5 December 2014.

  48. 48.

    Article 13 Data Protection Directive.

  49. 49.

    C-465/00, Rechnungshof v Österreichischer Rundfunk, judgment of 20 May 2003 (para. 91).

  50. 50.

    Article 25(1) of Data Protection Directive.

  51. 51.

    Peter Swire, “Of Elephants, Mice, and Privacy: International Choice of Law and the Internet,” 32 International Law 991 (1998).

  52. 52.

    Article 28(1) Data Protection Directive.

  53. 53.

    Article 28(3) Data Protection Directive.

  54. 54.

    Article 22 Data Protection Directive (stating, “Without prejudice to any administrative remedy for which provision may be made, inter alia before the supervisory authority referred to in Article 28, prior to referral to the judicial authority, Member States shall provide for the right of every person to a judicial remedy for any breach of the rights guaranteed him by the national law applicable to the processing in question.).

  55. 55.

    2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce retrieved at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000D0520:EN:HTML; see further, Commission’s Safe Harbor Communication of 27 November 2013 (stating, “Independently of the powers they enjoy under the Safe Harbour (sic) Decision, EU national data protection authorities are competent to intervene, including in the case of international transfers, in order to ensure compliance with the general principles of data protection set forth in the 1995 Data Protection Directive.”).

  56. 56.

    Commission’s Safe Harbor Communication of 27 November 2013 (making clear that “Independently of the powers they enjoy under the Safe Harbour (sic) Decision, EU national data protection authorities are competent to intervene, including in the case of international transfers, in order to ensure compliance with the general principles of data protection set forth in the 1995 Data Protection Directive.”).

  57. 57.

    See consolidated versions of the European Communities (2012), Treaty on European Union, OJ 2012 C 326; and of European Communities (2012), TFEU, OJ 2012 C 326.

  58. 58.

    European Charter of Fundamental Rights (2000).

  59. 59.

    Article 8, European Charter of Fundamental Rights (2000).

  60. 60.

    Joined cases C-92/09 and C-93/09, Volker and Markus SChecke GbR and Hartmut Eifert v. Land Hessen, judgment of 9 November 2010, para. 48.

  61. 61.

    Article 52(1) European Charter of Fundamental Rights.

  62. 62.

    Working Document on surveillance of electronic communications for intelligence and national security purposes, WP 228 adopted on 5 dec 2014.

  63. 63.

    C-390/12, Pfleger and Others, judgment of 30 April 2014 (confirming that the use by a Member State of a derogation provided for by EU law in order to justify a limitation of a fundamental right guaranteed by the Treaty must be regarded as “implementing Union law” within the meaning of Article 51 of the Charter).

  64. 64.

    Joined cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and Others, judgment of 8 April 2014.

  65. 65.

    Joined cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and Others, judgment of 8 April 2014, para. 27.

  66. 66.

    Joined cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and Others, judgment of 8 April 2014, para. 37.

  67. 67.

    Joined cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and Others, judgment of 8 April 2014, para 65.

  68. 68.

    Joined cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and Others, judgment of 8 April 2014, paras. 60–62.

  69. 69.

    Joined cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and Others, judgment of 8 April 2014, paras. 64–65.

  70. 70.

    Schrems v. Data Protection Commissioner (No.2), [2014] IEHC 351 (2014).

  71. 71.

    For more see, Christopher Kuner, “The data retention judgment, the Irish Facebook case, and the future of EU data transfer regulation,” Concurring Opinions Blog (19 June 2014) retrieved at http://www.concurringopinions.com/archives/2014/06/the-data-retention-judgment-the-irish-facebook-case-and-the-future-of-eu-data-transfer-regulation.html (stating, “…the logical consequence of the Court’s statement in Digital Rights Ireland would seem to be that fundamental rights law requires oversight of data processing by the DPAs also with regard to the data of EU individuals that are transferred to other regions.”).

  72. 72.

    Christopher Kuner, “The data retention judgment, the Irish Facebook case, and the future of EU data transfer regulation,” Concurring Opinions Blog (19 June 2014).

  73. 73.

    See, Case C-101/1, Criminal Proceedings Against Bodil Lindqvist, judgment 6 November 2003.

  74. 74.

    Case C-101/1, Criminal Proceedings Against Bodil Lindqvist, judgment 6 November 2003, para. 69.

  75. 75.

    For more see, Liane Colonna, “Article 4 of the EU Data Protection Directive and the irrelevance of the EU-US Safe Harbor Program?” 4(3) International Data Privacy Law (Oxford 2014).

  76. 76.

    Article 4(1)(a)–(c) Data Protection Directive.

  77. 77.

    Article 3, Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), COM (2012) 11 final (25 Jan. 2012).

  78. 78.

    Case C-131/12 Google Spain SL Google Inc. v Agencia Española de Protección de Datos (AEPD) Mario Costeja González, judgment of 13 May 2014 (concerning the application of EU data protection law to data processing outside the EU); for information about the intra-EU application of national data protection laws under the Directive please see Case C-230/14 Weltimmo s.r.o. v Nemzeti Adatvédelmi és Információszabadság hatóság, request for a preliminary ruling from the Kúria (Hungary) lodged on 12 May 2014; see also, Christopher Kuner, The Court of Justice of the EU Judgment on Data Protection and Internet Search Engines, LSE Law, Society and Economy Working Papers 3/2015, London School of Economics and Political Science Law Department (making the relevant distinction between the application of EU data protection law to data processing outside the EU versus inside the EU).

  79. 79.

    Case C-131/12 Google Spain SL Google Inc. v Agencia Española de Protección de Datos (AEPD) Mario Costeja González, judgment of 13 May 2014.

  80. 80.

    Case C-131/12 Google Spain SL Google Inc. v Agencia Española de Protección de Datos (AEPD) Mario Costeja González, judgment of 13 May 2014, para. 48–49.

  81. 81.

    Case C-131/12 Google Spain SL Google Inc. v Agencia Española de Protección de Datos (AEPD) Mario Costeja González, judgment of 13 May 2014, para. 56.

  82. 82.

    Case C-131/12 Google Spain SL Google Inc. v Agencia Española de Protección de Datos (AEPD) Mario Costeja González, judgment of 13 May 2014, para. 53 (stating, “Furthermore, in the light of the objective of Directive 95/46 of ensuring effective and complete protection of the fundamental rights and freedoms of natural persons, and in particular their right to privacy, with respect to the processing of personal data, those words cannot be interpreted restrictively.”).

  83. 83.

    Case C-131/12 Google Spain SL Google Inc. v Agencia Española de Protección de Datos (AEPD) Mario Costeja González, judgment of 13 May 2014, para. 53.

  84. 84.

    Article 3 Data Protection Directive (stating, “This Directive shall not apply to the processing of personal data: in the course of an activity which falls outside the scope of Community law, such as … processing operations concerning public security, defence (sic), State security…”).

  85. 85.

    Article 26 Data Protection Directive.

  86. 86.

    See also, Article 4(2) of the Treaty of the European Union (TEU)(imposing a national security exemption).

  87. 87.

    Compare Joined Cases C-317/04 and C-318/04, EP v Council and Commission (PNR), judgment of 30 May 2006 with Case C-301/06, Ireland v. Parliament and Council, judgment of 10 February 2009.

  88. 88.

    Article 29 Working Party, Opinion 04/2014 on surveillance of electronic communications for intelligence and national security purposes, 819/14/EN WP 215 (Adopted on 10 April 2014) retrieved at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp215_en.pdf.

  89. 89.

    For more see, Opinion of the European Data Protection Supervisor on the future development of the area of freedom, security and justice (4 June 2014) https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2014/14-06-04_Future_AFSJ_EN.pdf.

  90. 90.

    See generally, Working Document on surveillance of electronic communications for intelligence and national security purposes, WP 228 adopted on 5 dec 2014 stating (“…national security needs to be distinguished from the security of the European Union, but also from State security, public security and defence (sic)”.

  91. 91.

    Article 29 Working Party, Opinion 04/2014 on surveillance of electronic communications for intelligence and national security purposes, 819/14/EN WP 215 (Adopted on 10 April 2014) retrieved at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp215_en.pdf; see further Working Document on surveillance of electronic communications for intelligence and national security purposes, WP 228 adopted on 5 dec 2014 (stating, “the Working Party points out that the national security exemption has to be interpreted to reflect the competence of the EU vis-à-vis the Member States and not as a general exemption from EU data protection requirements of all activities requested by third countries in the name of national security.).

  92. 92.

    Case C-473/12, Institut professionnel des agents immobiliers (IPI) v Geoffrey Englebert and Others, Judgment of the Court, judgment 7 November 2013, para. 39.

  93. 93.

    Els De Busser and Gert Vermeulen, “Towards a coherent EU policy on outgoing data transfers for use in criminal matters? The adequacy requirement and the framework decision on data protection in criminal matters. A transatlantic exercise in adequacy,” EU and International Crime Control (GOFS Research Paper Series, 2010).

  94. 94.

    Article 28(6) of the EU Directive provides: “Each supervisory authority is competent, whatever the national law applicable to the processing in question, to exercise, on the territory of its own Member State, the powers conferred on it in accordance with (this Directive).”

  95. 95.

    Lee Bygrave, Determining Applicable Law Pursuant to European Data Protection Legislation, 16 Computer L. & Sec. Rev. 252, 255 (2000).

  96. 96.

    Article 29 Working Party, Working document on determining the international application of EU data protection law to personal data processing on the Internet by non-EU based websites, WP 56, 30 May 2002, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2002/wp56_en.pdf.

  97. 97.

    Article 29 Working Party, Working document on determining the international application of EU data protection law to personal data processing on the Internet by non-EU based websites, WP 56, 30 May 2002, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2002/wp56_en.pdf. (stating, “the applicable law criteria of the Directive foresee the possibility that a DPA is empowered to verify and intervene on a processing operation that is taking place on its territory even if the law applicable is the law of another Member State.”).

  98. 98.

    Christopher Kuner, Internet Jurisdiction and Data Protection Law: An International Legal Analysis http://www.justice.gov.il/NR/rdonlyres/0C7218F7-8B6D-4A62-9E45-7BFB80621E32/26405/ConflictKuner_article.pdf.

  99. 99.

    Bernhard Maier, How Has the Law Attempted to Tackle the Borderless Nature of the Internet?, International Journal of Law and Information Technology vol. 18, no. 2, Oxford: Oxford University Press 2010.

  100. 100.

    Edward R. McNicholas, Privacy and Surveillance Legal Issues: Leading Lawyers on Navigating Changes in Security Program Requirements and Helping Clients Prevent Breaches (Aspatore, 2014).

  101. 101.

    Uta Kohl, Jurisdiction and the Internet Regulatory Competence over Online Activity (Cambridge University Press, 2010).

  102. 102.

    Liane Colonna, The New Proposal to Regulate Data Protection in the Law Enforcement Sector: Raises the Bar but Not High Enough. IRI-memo, Nr. 2/2012 available at http://www.juridicum.su.se/iri/docs/IRI-PM/2012-02.pdf.

  103. 103.

    See, Christopher Kuner, “Internet Jurisdiction and Data Protection Law: An International Legal Analysis (Part 1),” International Journal of Law and Information Technology, Vol. 18, p. 176 (2010).

  104. 104.

    7 Report on the Findings by the EU Co-chairs of the Ad Hoc EU-US Working Group on Data Protection accompanying the Communication from the Commission to the European Parliament and the Council on “Rebuilding Trust in EU-US Data Flows” (COM(2013) 846 final)—http://ec.europa.eu/justice/dataprotection/files/report-findings-of-the-adhoc-eu-us-working-group-on-data-protection.pdf.

  105. 105.

    Colin J. Bennett, and Charles D. Raab, The Governance of Privacy: Policy Instruments in Global Perspective (The MIT Press, 2006).

  106. 106.

    Christopher Kuner, An International Legal Framework for Data Protection: Issues and Prospects. Computer Law & Security Review, Vol. 25, pp. 307–317 (2009); see more generally, The Madrid Privacy Declaration (3 November 2009) retrieved at http://thepublicvoice.org/TheMadridPrivacyDeclaration.pdf (calling for “…the establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions.”).

Author information

Authors and Affiliations

  1. Skeppargatan 55, Stockholm, 11459, Sweden

    Liane Colonna

Authors
  1. Liane Colonna
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Liane Colonna .

Editor information

Editors and Affiliations

  1. Law, Science, Technology and Society (LSTS), Faculty of Law and Criminology, Vrije Universiteit Brussel, Brussels, Belgium

    Serge Gutwirth

  2. Tilburg Institute for Law, Technology, and Society, Tilburg University, Tilburg, The Netherlands

    Ronald Leenes

  3. Law, Science, Technology and Society, Faculty of Law and Criminology, Vrije Universiteit Brussel, Brussels, Belgium

    Paul De Hert

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Colonna, L. (2016). Europe Versus Facebook: An Imbroglio of EU Data Protection Issues. In: Gutwirth, S., Leenes, R., De Hert, P. (eds) Data Protection on the Move. Law, Governance and Technology Series(), vol 24. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-7376-8_2

Download citation

Publish with us

Policies and ethics

Search

Navigation