-
European Court of Justice: Judgment in Case C-201/14
Smaranda Bara and Others (transfer of data between public authorithies)
“EU law precludes the transfer and processing of personal data between two public administrative bodies without the persons concerned (data subjects) having been informed in advance”.
-
ECJ: Case C-362/14 Maximillian Schrems (USA safe harbour scheme)
“…the Commission was required to find that the United States in fact ensures, by reason of its domestic law or its international commitments, a level of protection of fundamental rights essentially equivalent to that guaranteed within the EU under the directive read in the light of the Charter. The Court observes that the Commission did not make such a finding, but merely examined the safe harbour scheme [.] National security, public interest and law enforcement requirements of the United States prevail over the safe harbour scheme, so that United States undertakings are bound to disregard, without limitation, the protective rules laid down by that scheme where they conflict with such requirements. The United States safe harbour scheme
thus enables interference, by United States public authorities, with the fundamental rights of persons, and the Commission decision does not refer either to the existence, in the United States, of rules intended to limit any such interference or to the existence of effective legal protection against the interference…”.
-
ECJ: Case C-230/14 Weltimmo (Establishment and EU Data Protection Authorities)
“…Weltimmo, a company registered in Slovakia, runs a property dealing website concerning Hungarian properties. Within that context, it processes the personal data of the advertisers [.] the Court notes that the presence of only one representative can, in some circumstances, suffice to constitute an establishment if that representative acts with a sufficient degree of stability for the provision of the services concerned in the Member State in question [.] The Court states that each supervisory authority established by a Member State must ensure compliance, within the territory of that State, with the provisions adopted by all Member States pursuant to the directive. Consequently, each supervisory authority is to hear claims lodged by any person concerning the protection of his rights and freedoms in regard to the processing of personal data, even if the law applicable to that processing is the law of another Member State”
