SUMMARY

12 NOVEMBER 2019

Meet the Author Series: The Internet and the Global Reach of EU Law (Prof Christopher Kuner)

Summary by Laura Drechsler, FWO, Brussels Privacy Hub, LSTS

SUMMARY

On 4 October 2019, the Meet the Author Series continued after the summer break with a debate with Prof Dr Christopher Kuner (Brussels Privacy Hub), the author of a book chapter entitled “The Internet and the Global Reach of EU Law" (SSRN version available here) (published in Cremona/Scott, EU Law Beyond EU Borders: The Extraterritorial Reach of EU Law, OUP 2019) examining the influence of EU law over the internet. Discussants were Orla Lynskey (Associate Professor of Law at London School of Economics) and Alessandra Calvi (Researcher at VUB). It was moderated by Hielke Hijmans from the Privacy Hub (also President of Litigation Chamber at Belgian Data Protection Authority (Chair)).

The event started by short introduction to the research in “The Internet and the Global Reach of EU Law” by the author Christopher Kuner himself, who explained that the aim of this chapter was to explain how different subject areas of EU law, especially data protection law, affect and influence the internet. The research was conducted without deciding whether such influence is desirable or not for the EU but with the objective to clearly map such an influence and formulate normative questions that arise from such an influence. To this, moderator Hielke Hijmans, added that the research was very timely in light of the recent decisions by the Court of Justice of the European Union (CJEU) in Google CNIL(Case C-507/17), GC et al v CNIL(Case C-136/17) and Glawischnigg (Case C-18/18) exploring the extent of the reach of EU law on data protection and relating to hate speech. These cases also indicate that the CJEU might be more and more willing to take into account the effects of such reach on third countries. He also mentioned the problem of enforcement of EU vis-à-vis actors in third countries, as well as the difference in roles between the EU Courts, on the one hand, and the Commission, on the other hand.  

The first discussant, Orla Lynskey, praised the quality of the research including its coverage of a multitude of perspectives from international law scholars and its critical stance towards the EU’s mixing of values and interests.This often led to a hiding of political interests behind the EU value of protecting fundamental rights as pointed out in the contribution. She continued by elaborating on the complexity of internet regulation in the EU by reminding that the EU was designed as an economic entity, therefore fundamental rights protection can only occur in the context of an economic activity. As a consequence, the EU, while having competences to legislate within the digital economy, had no competence in the digital public sphere. This includes the extent of the enjoyment of freedom of expression as this was still solely in the hand of the EU Member States. Successful internet regulation by the EU was further hampered according to Lynskey by the argument often put forward by EU institutions, that the law should regulate online as it did offline. She argued that this approach could lead to satisfactory results in the area of competition law but would certainly fail in areas where online activity significantly differs, e.g. in the area of cyber-bullying. She further pointed out the existence of a double-standard by the EU in relation to fundamental rights, as third countries undergo a high scrutiny, especially in the area of data flows, while EU Member States are assumed to guarantee all fundamental rights without further check. This is even more relevant since there are currently proceedings pending against some of them because of concerns regarding the rule of law. Finally, Lynskey emphasised the importance of a critical approach towards exporting EU standards as proposed by the contribution. Using EU law as standards could limit the imagination of legislators in other parts of the world to develop more appropriate legal solutions for their own system. Additionally, it was questionable whether EU law, for example in data protection, should be exported as standards, when there were serious concerns about the suitability of the approach and its concepts. Moreover, exporting EU law as a standard could impose a serious burden on low- and middle-income countries, an effect currently not considered in EU impact assessments for new legislation.

The second discussant, Alessandra Calvi, started her intervention by returning to the distinction between EU values and EU interests outlined in the contribution. She flagged that EU institutions would not be aware of such a distinction and it would be unclear which institutions would take care of their enforcement. Calvi further questioned whether the term used in the contribution of “global reach” implied the legal concept of extraterritoriality or whether it referred to a broader concept. Furthermore, she questioned whether the struggles of the EU to develop regulation for the internet could be linked to the fact that the internet was essentially developed following an US regulatory approach that fits uneasy within the regulatory approach of the EU. Regarding the recent case law of the CJEU, Google CNIL(Case C-507/17), GC et al v CNIL(Case C-136/17) and Glawischnigg(Case C-18/18), Calvi expressed surprise at the conclusion found by the CJEU in all three cases that left the Member States a wide margin of appreciation, with the effect that the extraterritorial effect may be differently interpreted, depending on the Member State concerned. Paradoxically this has now led to a situation where national law has a wider global scale than EU law. Such a situation was neither desirable for the EU data subject as it was leading to differential treatment of EU citizen (e.g. the scope of the right to erasure could depend largely on the EU Member State in which the right is launched), nor was it suitable for guaranteeing a high level of protection of personal data in the EU due to the fragmentation caused. Finally, Calvi pointed out that Article 50 General Data Protection Regulation (GDPR) could serve as a tool to balance the EU tendency to export its standards in the area of data protection, as it provides for the exchange of information with third countries and international organisation.

Before the panel engaged in a lively discussion with the audience, Christopher Kuner reacted briefly to the different comments received on his contribution. He highlighted with regard to the export of EU standards that this was contradictory in itself. The EU simultaneously insists on the export of its standards in instruments such as the GDPR for data flows and the uniqueness of its own system (according to the CJEU the EU is a supranational body neither country nor international organisation). He questioned how third countries were supposed to copy something that was unique according to the EU itself. Furthermore, he cautioned that export of EU law could not be easily qualified as advantageous or disadvantageous for third countries. Therefore it was important that any potential export was considered carefully and with humility, considering the risk of potentially becoming oppressive towards the third country especially if it was a low- or middle-income country. Concerning the use of the term “global reach”, Kuner clarified that this was intentionally to avoid negative connotations that “extraterritoriality” evokes. He also reminded that there was no real agreement in international law or EU law how to define “extraterritoriality”. In relation to the recent judgments by the CJEU on the scope of the right to erasure (‘right to be forgotten’) in Google CNIL(Case C-507/17), Kuner expressed disappointment with the judgment since according to him the CJEU had missed an opportunity to clearly lay out the rules how to define the territorial scope of EU fundamental rights. The solution found that gives more power to national law and national data protection authorities (DPAs) would have to be carefully analysed but generally raised more questions than it answered. Commenting on the distinction between EU values and interests he reiterated that the main importance was to not put one in the clothes of the other. The EU should avoid asserting a political interest while pretending it was a legal value. The politicisation of law could only lead to a loss of respect for the rule of law.

Copyright © Brussels Privacy Hub

Copyright © Brussels Privacy Hub