Call for papers

Call for Papers – Doctoral Workshop at the University of Bologna

The Department of Legal Studies and the PhD Programme in European Law of the University of Bologna organize a Doctoral workshop, under the direction of Prof. Federico Casolari, on the topic:

The extraterritorial application of EU law: 

A contribution to its global reach

Bologna, 18-19 March 2021

Venue: Department of Legal Studies – Malvezzi Building – via Zamboni 22 – 40126 Bologna

Organised in cooperation with:

  • Prof. Christine Kaddous (Université de Genève),
  • Prof. Ramses Wessel (University of Groningen),
  • Prof. Enzo Cannizzaro (University of Rome “La Sapienza”),
  • Prof. Sara Poli (University of Pisa),
  • Prof. Jan Wouters (KU Leuven).

 

Background

The scope of application of EU law represents a major element of the legal discourse concerning the affirmation and strengthening of the European integration process. It firstly influences the way in which that law interacts with the municipal law of the Member States. More and more, however, the relevance of the scope of EU law goes beyond the interplay with Member States’ legal orders, contributing thus to the global reach of EU law.

In this respect, a crucial role is played by the extraterritorial application of EU law. Thanks to the growing web of contractual relations put in place by the European Union with third countries and other international organisations, the widening of the Union’s competences – also in the light of the recent crises the EU and its Member States have faced – and the doctrines elaborated by the case law of the European Court of Justice (such as the ‘effects doctrine’ invoked with regard to EU competition law), the possibility to apply EU law outside the Union’s borders is a reality representing a pillar of the EU external dimension.

Against this background, the Workshop seeks to realize a general reflection on the extraterritorial application of EU law, by stressing its legal implications for the EU external action and the EU legal order as a whole.

                                                                                                                    ***

Link to the Call for Papers. Deadline: 30th November 2020. 

Competition Law, Sport

The exploitation of Sports Media Rights: Whether EU Intervention strikes a balance between IP Protection and Competition in the market?

by Mohit Agarwal*

 

While Sports events generally do not attract protection under copyright or neighbouring rights of European Union Law, it does not imply that copyright and related rights have no significance in protecting the commercial interest of the sport organisers. The sport organising entities hold the right to broadcast the events through the mediums of wire or cable as granted under the Copyright Directive of 2001. It is a general practice to license such broadcasting rights to entities that professionally operate in the field on basis of contractual agreements.

This article aims to explain how sports media rights are managed and licensed by sport organisers and the compatibility of such licensing practices with EU Competition Law. The joint selling of sports media rights, territorially restrictive clauses in distribution and broadcasting licenses, and the problem of unauthorised/illegal live streaming will be addressed.

Nowadays, joint selling, as against individual selling, is how sports media rights are mainly marketed. Joint selling is an arrangement whereby the clubs entrust their media rights to their national or international sports organiser which collectively sells them on their behalf. While scrutinising the license agreements, the European Commission in its Decision 2003/778 (UEFA) held that joint selling agreements create efficiency gains and may be covered by the exception provided in Article 101(3) of the TFEU.

It was observed that joint selling acts as a single point of sale which is significantly more efficient, reducing the acquisition and transaction costs as against an individual sale of media rights by the teams/clubs. Negotiating with multiple teams/clubs to establish the same end product would mean high transaction complexities and costs for the broadcasters. A single sale outlet not only benefits the organisers, but also the licensee, who have certainty with regard to predictable commercial and programming plan for the whole season, reducing its financial risk considerably.

However, some commentators are in favour of regulatory intervention as joint selling may enable the teams/clubs to act as a cartel and thus restrict competition. Consolidation through collective selling grants the organiser, the market power to dictate the terms of the license, which may lead to inaccurate inflation in both upstream and downstream to the final consumers. The supply side substitutability in such a licensing agreement is zero or perfectly inelastic which creates an inequality in the balance of bargaining power. The licensee is markedly at a weaker bargaining position eliminating the freedom to negotiate the terms of the agreement.

The Commission’s decisions, however, declared joint selling of sports media rights compatible under EU Competition Rules, provided that strict conditions are respected. In some cases, an exception to joint selling is the ‘no single buyer obligation’. It is an intensified approach requiring that all packages of the valuable media rights are not sold to a dominant player in the downstream market. It was first implemented in the FAPL case and has being increasingly implemented in other national leagues. This obligation is considered an exceptional measure, justified when either at the time of licensing, a serious foreclosure risk already exists in the downstream market or when selling the rights to a single buyer would lead to securing a dominant position beyond the contractual period.

The Court of Justice in the Premier League v. QC Leisure held that a contractual provision aimed at reinforcing territorial scope (absolute territorial protection) of a license to a single Member State restricts competition under Article 101(1) TFEU. The Court held that such territorial exclusivity results in creation of artificial prices and in partitioning of the EU Internal Market which is against the very core of EU Law. Article 7 of the Portability Regulation makes any contractual provision prohibiting cross border portability of online content services unenforceable.

A restriction on passive sales is treated as a by object restriction which means that it infringes the Competition rules, without needing to demonstrate actual anti-competitive effects. Absolute territorial exclusivity restricts both active and passive out-of-territory sales, thereby partitioning the EU Internal Market and are prima facie violative of Competition rules.

However, sports organisers may disagree on this point, as they believe that territorial exclusivity in licensing of media rights is vital to maximise their return on investment by selling them in different territories. Territorial exclusivity grants the organisers, the opportunity to sell the licensing rights at different prices in different territories. For instance, if consumers’ willingness to pay for a certain product is positively correlated with their income, affluent consumers will be willing to pay more for the same product. Hence, a combination of territorial exclusivity and price discrimination becomes allocatively efficient. Price discrimination will increase the organisers profit, reduce the surplus of richer consumers and increase the surplus of relatively poorer consumers, maximising social welfare.

In recent years, a substantial increase of pirated and illegal live streaming of professional sports has resulted in considerable reduction of pay television broadcasting. Given the fact that it requires a sizeable investment to obtain such broadcasting licenses, unauthorised streaming enables such illegitimate hosts to free ride on authorised broadcaster’s rights. Such pirated streaming sites earn through click-advertisements.

The European Court of Justice interpreted Article 3(1) of the Copyright Directive in the TVCatchup case confirming that any unauthorised retransmission, through wire or wireless, is an infringement of the neighbouring right, granting the right-holders a right to damages and injunctive relief. While such an infringement gives rise to an action for relief and damages, the existing legal tools are ineffective in protecting right-holders from unauthorised rebroadcasting (parallel broadcasting) especially online of live matches.

The unauthorised dissemination of content and information, usually online, is a major roadblock for the content industry such as movies, music, sport broadcasting, etc. However, a legal remedy that can effectively block the availability of pirated music or videos, it is deemed inadequate for illegal broadcasting of sports events. A sport event is of highly perishable and volatile value as compared to other traditional content and information. This is because the transmitted content is time sensitive as the value of the broadcast tends to be zero after the end of live transmission. Therefore, it requires differential treatment from other sectors.

Interestingly, the Irish Commercial Court has granted a first of its kind remedy and compelled internet service providers (ISPs) to block illegal transmission of matches of Premier League in real time. Latest advance technology will be used to possibly block streams across different platform in one blow. The judge held that such unauthorised streaming undermines the value of FA’s rights and if allowed to exist, may cause an impact on wider sporting community.

Another remedy that can potentially end the illegal streaming is to target the advertising revenue of such websites. Blocking of such advertisement and other associated revenues, the business models can be halted. It remains to be analysed the effectiveness of such remedy.

In conclusion, competition authorities play a cardinal role in the sports sector, more importantly, in sale of broadcasting rights. While there are different protection regimes across the EU, sports organisers can rely on EU law. However, the Commission still needs to develop an immediate and effective enforcement remedies that suit the sports sector.

 

*About the author

Mohit Agarwal is an Undergraduate Student at Gujarat National Law University, Gandhinagar. He possesses a keen interest in Competition Law & Policy and is an Editor at GNLU Journal of Law and Economics Blog.

Article, GDPR

Can Legitimate Interests Ground Justify Web-Scraping of Personal Data for Direct Marketing Purposes under the GDPR?

by Ali Talip Pınarbaşı, LLM

 

WHAT IS DIRECT MARKETING? HOW IS WEB-SCRAPING USED FOR DIRECT MARKETING?

 

As grabbing the attention of the customers became harder by  digital advertising, reaching out to customers directly has become more vital for businesses. Examples of such  direct communication includes cold-calling, cold-emailing, postal mail and point of sale marketing. All these methods constitute direct marketing.

The distinguishing feature of direct marketing is that the prospective customer does not initiate a communication; the first step is taken by the seller and the seller usually calls on the customer to take a certain action such as subscribing to newsletters or making a purchase.

Every direct marketing campaign, be it via email marketing or telemarketing, requires access to vast amounts of contact data of customers such as e-mails and phone numbers.

However, such contact data does not magically appear on the databases of the marketers, so they need to extract such data from various sources including websites and online directories.

This is where the web-scraping methods come into play: web-scraping is a technology used to extract the contact details of individuals from websites and online directories. Following the extraction of these data, the marketers then contact individuals to promote their products/services.

For example, an insurance company may want to advertise its new car insurance product to people who have been in car accidents before. To send e-mails or make calls to those people, the insurance company will have to collect the contact details of these individuals. This company can use web-scraping technology to collect their contact details.

 

LEGITIMATE INTERESTS CAN BE THE LEGAL BASIS FOR SCRAPING OF PERSONAL DATA FROM THE WEB FOR DIRECT MARKETING PURPOSES

When the data-controller extracts personal data from the websites or directories, it is likely that she does not have the consent of the data subjects. Therefore, data controllers must justify their scraping activity under another lawful basis for processing of personal data, which will inevitably be the ‘legitimate interests’ basis.

However, it is quite common to come across an article on the internet which posits that GDPR completely prohibited web-scraping and unless there is consent, the processing is unlawful and will lead to hefty fines.

One recent example supporting this prevalent view is French Data Protection Authority’s(CNIL) guidance which rejected the possibility that legitimate interests can justify scraping of personal data. The reasoning behind this position is that data subjects do not expect to receive direct marketing communications from a third-party data controller when they share their personal data with a data controller.

In other words, the Guidance rejects the reliance on legitimate interests ground to justify we-scraping based on one single criteria: the expectations of the data subject.

However, as will be explained below, legitimate interests assessment cannot be reduced to a single determining criteria because it requires taking into account all factors and circumstances.

The following reasons demonstrate why the legitimate interests ground can be used to justify web-scraping.

 

  1. Scraping of personal data from the web is a separate processing activity subject to GDPR and it is distinct from the direct marketing activity itself.

 

Consider a data controller who scrapes personal data from the web and then use this data for direct marketing purposes such as sending cold e-mails to individuals. In this scenario, both the scraping activity and cold e-mailing are two separate processing activities subject to GDPR, and both have the same purpose: direct marketing.

As the scraping of personal data is done for direct marketing purposes, GDPR’s rules for processing of personal data for direct marketing purposes should apply to this scraping activity.

Recital 47 of GDPR states that “[t]he processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

Considering the GDPR’s approach, rejecting the reliance on legitimate interest ground to justify web-scraping for direct-marketing purposes seems like a bizarre result which does not align with the wording of GDPR.

 

  1. Data controller has the discretion to conduct legitimate interest analysis to justify web-scraping, GDPR does not categorically exclude web-scraping of personal data.

 

Stating that the web-scraping can only be justified on the basis of consent makes web-scraping activities completely illegal under the GDPR, as the consent is almost practically impossible to obtain in web-scraping activities. In other words, rejecting the reliance on legitimate interests means prohibiting a data processing activity that the GDPR did not prohibit.

To the contrary, GDPR explicitly states that processing of personal data for direct marketing purposes can be lawful based on legitimate interests. If the purpose of a web-scraping activity is direct marketing, then it does not make sense to say that consent can be the only lawful basis to justify the scraping activity.

Therefore, the data controller should be able to rely on legitimate interests basis to justify its web-scraping activity.

This of course does not guarantee that the web-scraping activity will be considered lawful in every circumstance. Web-scraping activity can still be unlawful if the conditions for legitimate interests are not satisfied.

Since we established that legitimate interests can justify web-scraping, now let’s look at how it would be applied in practice.

 

APPLYING THE LEGITIMATE INTERESTS TEST TO WEB-SCRAPING FOR DIRECT MARKETING

Legitimate interests test requires a balancing exercise where the interests of the data controller will be weighed against the rights and freedoms of the data subjects. While doing this balancing exercise, all factors and circumstances should be taken into account.

This balancing exercise can be exercised by applying a three-step test:

  1. What are the legitimate interests of the data controller ?

In such a competitive business environment, reaching out to potential customers to promote  its products and services are vital for every business.  Therefore, collecting the contact details of individuals to contact them for direct marketing purposes serves the commercial interests of the data controller. Two examples can be given for these commercial interests.

Firstly, web-scraping for direct marketing purposes cost far less compared to traditional marketing methods or running ads on digital media platforms. This is particularly true for small and medium-sized businesses which have a very limited marketing budget and have difficulties in reaching their target customers.

Secondly, web-scraping can be effective in finding a specific group of customers who might be more likely to engage with the business. For instance, web-scraping can help the business market its products/services to a particular group of people who belong a certain age group or who live in a specific region.

  1. Is web-scraping necessary?

This step require investigation into whether there are less intrusive ways to achieve the goal of marketing.

This will vary depending on the particular industry in which the business operates and the availability of other methods to reach customers as well as the impact on the privacy of the data subject.

For instance, if the data controller is planning to promote its farming equipment to farmers by cold e-mail or cold calling after scraping their contact information, this may pass the necessity test because this may be the most convenient way to reach the customer. This may be because it is almost impossible to reach the farmers on traditional media outlets or by running ads on digital platforms.

  1. Does individual’s interest override the interest of the data controller ?

This step requires a balancing exercise between the two sides. Following factors should be considered in this weighing exercise:

-If the potential privacy impact of the web-scraping on the individual is high, this may tip the balance in favor of unlawfulness of the web-scraping,

-Sensitive character of data,

-Reasonable expectations of the customer,

-Degree of intrusion of the processing.

Depending on the specific circumstances of the case, the result of the balancing exercise will differ.

For instance, let’s imagine two different scenarios where the personal data are scraped from the web for direct marketing purposes.

Scenario 1: Company A scrapes the e-mail addresses of thousands of high school students to promote its math course materials to them via cold emailing. However, it takes appropriate security measures on the data such as encryption and pseudonymization and does not share this data with third parties. Furthermore, it does not send spammy e-mails to each person, but it only selects a small number of relevant students to promote its products.

Scenario 2: Company does the same scraping activity as company A, but it does not apply the relevant security measures and shares the scraped data with third parties.

Comparing these two scenarios, it is crystal-clear that the privacy impact of the A’s scraping activity is almost minimal on individuals whereas the B’s scraping is likely to expose the personal data of the data subject to high-risk.

As can be seen, every web-scraping for direct marketing purposes has different implications on individuals and justifying them on the basis of legitimate interests requires a case-by-case analysis.

CONCLUSION

Legitimate interests ground can justify web-scraping of personal data for direct marketing.

While doing the legitimate interests analysis, all factors and circumstances should be taken into account such as privacy impact on the individual, commercial interests of the web-data controller and necessity of web-scraping instead of just focusing on one criteria such as expectations of individuals.

 

About the author

Ali Talip Pınarbaşı is a Legal Consultant based in Istanbul. He provides legal consultancy services on IP Law and Data Protection Law. He completed his LLM Degree in King’s College London, specializing in IP&IT Law.

Article, Covid

Mental healthcare and prevention of suicide should be the first priority of EU Member States after the (first wave?!) 2020 Coronavirus pandemic

Dr. Andraž Teršek, Professor of Constitutional Law

 

  1. Introduction

 

The central purpose of this essay is to, once again, raise the general importance of mental health and suicide. Or, by other words, to once again address the importance of the awareness of general public in EU member States regarding mental health and the problem of suicide. And to at least partially cut off the edges of the stigmatization that is more than obviously still stuck to any attempt at serious and all-inclusive public debate on these issues. At least in my experience.

 

These two questions, or rather “problems” of the today’s society must be understood as the core of public health systems. On national, international and global scale. Especially, this should be particularly emphasized, after the Coronavirus pandemic in the first part of the year. But also because, or especially because the worldwide medical community express most serious concerns and alerts the public it was only the “first wave” of the pandemic which we have just witnessed.

 

One of the most obvious and most harmful consequences of the pandemic was and still is fear, public fear. In combination with loneliness and anxiety, it is fear that further contributes to people’s depression and depressive disorders. Which still too often lead to suicide attempts or even and most tragic – to suicides. Therefore, it was expected when psychiatrists and psychotherapists addressed the public with the information that the mental health problem increased and intensified during the pandemic. Especially in those EU member States where strict quarantine was commanded by the government decrees. Slovenia being one of those States.

 

As a constitutional scholar I have been trying to modestly contribute to such awareness in my homeland, Slovenia, one of the smallest EU member States. I am not satisfied with the effect of my effort. Especially since these two topics are almost neglected in the domestic legal community. This essay represents my determination to continue in trying to positively contribute to the motivation of fellow lawyers to work in greater numbers, more extensively and with lasting determination to increase the quality of the public health system, while at the same time improving the quality and effectiveness of joint mental health care and suicide prevention (not only in Slovenia but) in EU member States. It is not only a question regarding fundamental human rights to health, healthy environment and human dignity. It IS a question about life and death, living and dying.

 

But there is also another, personal reason for this essay…

 

2. In Memory of prof. dr. Andrej Marušič

 

Prof. dr. Andrej Marušič (1965-2008) was my friend. He was a psychiatrist and psychologist, whose work represents an important contribution to the progress in the field of public mental health in Slovenia and worldwide. He has studied Medicine and Psychology in Ljubljana, pursued his postgraduate education mainly in England, where he acquired Doctoral Degree in Psychiatry. As an assistant professor he lectured at the Maudsley Hospital in London and he was the National Coordinator for Mental Health at the World Health Organization (WHO). His particular investigative interest was Suicidiology. He took over a leading function in one of the sections of the International Association for Suicide Prevention (IASP). In 2002 he became the director of the Institute of Public Health of the Republic of Slovenia. He was especially devoted to investigative and clinical work aimed at improving the mental health of an individual and society as a whole. He became the Head of the Health Research Department at the University of Primorska, where he successfully coordinated and completed several national and European research projects focusing on various psychiatric and public health topics. He founded and led his own Health Trust named ‘Healing‘. His rich bibliography includes numerous internationally indexed primary articles from the field of Psychiatry and related disciplines. He was honoured with two international prizes for his research achievements. He was one of the most influential activists for the destigmatization of mental disorders in Slovenia.

 

Andrej’s intelligence, particularly the emotional one, his love and determination for humanity and his intuition enabled him to understand legal concepts and the logic of legal reasoning better than most of the lawyers or even legal experts I have ever met. Personally and professionally it was a privilege to be a part of his intellectual and scientific attention.

 

Professor Marušič invited me to join his team and to use the constitutional law, legal philosophy and legal theory as a tool for policy making and policy developing regarding public health, mental health and the problem of suicide. We were planning a research and postdoctoral study programme Law and Suicidiology. Soon after he got cancer and after several months of struggle and pain the unforgiving illness overcame his strength and his will to live.

 

This essay is a small contribution to Andrej’s professional legacy and a small reflection of my commitment to staying focused on the topic discussed here.

 

3. The Seriousness of Mental Health problem in Europe

 

Mental health is considered to be one of the biggest and most serious health problems in Europe, especially (according to the statistical data) for the last decade.[1] (Note: it is a serious problem in Slovenia also, putting my homeland near the top and in some recent years even on the top of the list of EU member States with the highest rate of suicides per capita). Slovenian and European public still awaits the information how many cases of suicide and suicide attempts were there during the Coronavirus pandemic. But it is already clear: the problem of mental health increased and the assumption it will increase even more seems to be a matter of logic.

 

During the pandemic living conditions were hard to bear and damaging for people with depression, depressive disorders or other mental health problems. Especially since constitutional rights to freedom of movement and socializing were limited (In Slovenia by government decree, prohibiting movement across the municipal borders without special and officially confirmed reasons.) Socializing was limited, in most of the EU member States quite strictly. (In Slovenia even sitting on benches in parks, streets and even in the natural parks and even on the edge of the woods was prohibited.) Even though “the state of emergency” was not officially declared in all of the EU member States (the Slovenian Constitution explicitly determines, by Art. 92, the conditions for such declaration and those conditions were not fulfilled), the exceptional circumstances of public life had an effect as if it has been declared. (Slovenian citizens were living in de facto quarantine.)[2]

 

4. The problem of Fear

 

It soon became obvious people all over the Europe are quite frightened. And they seem to be even more frightened as days went by.[3] For most of the time politicians were the ones addressing the public. They took up most of the space and time in the media. According to the daily TV media programs in some EU member States a little more, in others a little less. Doctors, other medical staff or medical scientists were, such was the impression, in the second or third plan. Not only the politicians, even the WHO was using words, such as “combating the Coronavirus.[4] As if it was the time of war.

 

In most of the EU member States and most of the time (once again, such was the impression due to the daily TV media programmes and government PR-conferences) the public was addressed with pure statistical data: how many people have been tested for CIVID-19, how many of those were positive and how many people daily died –presumably just from virus. Broader context was rarely offered to the public: information about the age of those who were infected, their other diseases, possible terminal illness… By doing so people, especially the elderly, were even more frightened.

 

This fear won’t go away with the officially proclaimed end of the Coronavirus pandemic. (Such proclamation came first in Slovenia, Austria and Hungary came second. It has been suggested other EU member States will do it in the second part of June, combined with the opening of the national borders inside the EU.) And this fear won’t go away easily. It is a legitimate concern it will become a new epidemic. In EU member States who already declared the end of pandemic some citizens are still wearing masks when waking down the streets, driving cars, even exercising in nature (same goes for Slovenia). Even though the pandemic officially ended, even though the WHO did not advise that masks should be worn from the start of the pandemic, and even though medical experts and other professionals strongly oppose wearing masks (but the latter did not respond until after the official end of the pandemic). There are no reasonable indicators it won’t be the same or even worse in other member States where pandemic will officially end much later. People are scared and will remain to be scared.

 

5. The Right to be Protected from Fear

 

Every single individual, every member of the society, every human has the right to be protected from fear – by the State. I claim it is a fundamental human right.[5] Also in its connection to the right for the protection of health, clear environment, natural heritage and human dignity. To be protected from fear, to be protected from mental health damages and to be protected from social reasons for committing suicide are issues which come hand in hand with the positive obligations of the State regarding fundamental human rights, listed in the ECHR, and fundamental constitutional rights and liberties, listed in national Constitutions (also determined by the Slovenian Constitution). This right should be again and again explicitly recognized, addressed and emphasized as a fundamental human right inside the scope of the EU legal order. Not in spite of, but precisely because of the experience of the 2020 Coronavirus pandemic.

 

6. The Short-Term Priorities of the EU

 

Slovenia, as an example of the EU member State, has a National Resolution for facing the mental health problems.[6] But in recent years the forecasts and commitments written in that document basically remained a status of “pure words written on paper,” with no effective and determined, not to say responsible execution in social practice. Even a special Act on Mental Health was enacted, in late 2008, publicly introduced as an appropriate legal framework covering the problems of mental health of individuals and of the Nation. Bit this statute is nothing special. Most of the provisions concern general principles already known and written elsewhere, with addition of the provisions transcribed from the Constitutional Court judgement (No. U-I-60/03) determining fundamental right of individuals who are posted, by doctors or by court decisions, to Psychiatric Hospital for treatment. The documents review of the European Commission regarding mental health of the of citizens of the EU member States shows quite similar picture.[7]

 

In the EU member states the systemic arrangement of the mental health problem remains insufficiently effective. The deficit of professional staff, funds and special capacities remains obvious. Inside the frame of public health system and institutions, which I strongly consider to be a legal and political priority in the near future, this problem must not be ignored or put aside as secondary or even less important.

 

7. Legal Foundations for Further Deliberations

 

In the next months and years special concern should be given to the analysis, interpretation and synthesis of some of the essentially legal and constitutional (not only medical, ethical, philosophical and sociological) questions and problems, directly connected with mental health and the problem of suicide. Mental health and suicide should be fully and publicly addressed as legally relevant phenomena. A constitutional principle of “social state” must be politically and legally strengthened, not weakened. Socially responsible political community (as the EU was supposed to be) may not disregard the issue. Substance and scope of fundamental rights and freedoms closely connected with mental health and the suicide represent special, the most intimate relationship between the State and individual, so the positive nature of fundamental human and constitutional rights must be safeguarded with more effort of the State and its institutions, not with less effort. In this regard the EU Administration must play its part: as a legislator and as a supervisor over the implementation of political commitments and legal duties of the EU member States regarding the public health system, the protection of mental health and the prevention of suicides.

 

8. Work to be done

 

Legal aspects of mental health and the suicide problem represent a subject with quite a deficit in respect of scientific research and evaluation. The analysis of the EU institutions and committees regarding mental health confirm such evaluation. This presents us with necessity to make determined and sufficient steps forward. The model of modern constitutional democracy and the constitutional doctrine of positive obligations of the State enable and demand new approach to legal aspects of mental health and suicide. Some new and legitimate expectations towards legal policy and constitutional obligations of the State have to be made. A comprehensive legal and constitutional analysis should fulfil the gap in national and international prospect. All the relevant potentials of legal theory and legal practice should be determined and used for the purpose of reducing the number of cases of suicide and mental illness present in current social life. Success of this research could enable EU as the “political and legal community” to be progressive in evolving public programmes of mental care, psychotherapy, nursing, preventing suicides and palliative care.

 

The legal community in the EU member States should be deeply involved in forcing the States to do much more in this context as it has been done in previous years. The EU should use common legal order and policy making process to put the EU member States and the daily politics of the member States under an effective control of responding to their legal duties and exercising their ethical, legal and political responsibility regarding mental health and suicide. I consider this to be among the absolute legal and political priorities of the EU legal policies in the next two to five years. Lost time in this regard needs to be made up quickly, with increased awareness, responsibility and efficiency. So I call upon the EU member States legal community for its special and increased attention and effort to face this problem.

 

The author

Dr. Andraž Teršek,

Professor of Constitutional Law,

Faculty of Education, University of Primorska and European Faculty of Law, New University

 

 

References

[1] See, for example: The European Mental Health Action Plan 2013-2020. WHO. Regional office for Europe. Copenhagen, Denmark, 2015: Available at: https://www.euro.who.int/__data/assets/pdf_file/0020/280604/WHO-Europe-Mental-Health-Acion-Plan-2013-2020.pdf  (10. 6. 2020); The State of Mental Health in the European Union. Health & Consumer Protection. Directorate – General. European Commission.  2004-2012. Available at: https://ec.europa.eu/health/ph_projects/2001/monitoring/fp_monitoring_2001_frep_06_en.pdf  (15. 4. 2020)

[2] Living conditions were the most strict in Belgium, France, Germany, Hungary, Italy, Poland and Spain. See: States of emergency in response to the coronavirus crisis: Situation in certain Member States. Available at: https://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI(2020)649408 (1. 6. 2020)

[3] In Slovenia another problem became obvious: hostile disposition towards each other was on the rise. Too many people behaved as they were the police, the surveillance agents towards each other, taking photographs and video recordings of their neighbours and strangers, presumably breaking the government decree not to stand too close to each other when having a conversation, not to socialize in groups of more than five people, not to cross the municipal borders on foot, on bikes and with cars, not to sit down on benches in parks, not to throw balls in basketball playgrounds etc. Too many of them were sending such material to the police. Slovenia almost became a Police State: not because of the police (who did a good job during the pandemic), but because of the “puritanical” character of too many individuals.

[4] See: WHO Campaigns/Connecting the world to combat coronavirus.

Available at: https://www.who.int/campaigns/connecting-the-world-to-combat-coronavirus

[5] Let me just remind ourselves of the Universal Declaration of Human Rights, the Atlantic Charter and the Philadelphia Declaration, which marked the end of the II. world war and announced a new world social order. And in particular of the European Social Charter. All these international legal documents address this right – as a fundamental human right.

[6] Resolution on the National Mental Health Program 2018−2028. Available at: http://www.pisrs.si/Pis.web/pregledPredpisa?id=RESO120&d-49681-o=2&d-49681-p=1&d-49681-s=2  (5. 6. 2020)

[7] See footnote No. 1.

 

 

Article, Commentary, Covid, GDPR

Location privacy and data retention in times of pandemic and the importance of harmonisation at European level

Patrícia Corrêa

In this time of pandemic, many countries are starting to actively monitor cellphone data to try to contain the spread of the new coronavirus. Governments are using location data to trace contacts or monitor and enforce quarantine of persons who have tested positive for COVID-19 or those with whom they have come into contact with.

The United States’ Government is in discussions with the tech industry about how to use Americans’ cellphone location data to track the spread of the novel coronavirus. In Iceland, authorities have launched an app that tracks users’ movements in order to help tracking coronavirus cases by collecting data about other phones in the area. In India, state authorities have also launched an application to track the movement history of persons tested positive, also providing the date and time of the visit to spots by the patients. In Brazil, at least one city is already using cellphone data to monitor gathering of people and take action to disperse them and soon federal government will follow. There are reports of similar approaches in many other countries as well.

At European level, Internal Market Commissioner Thierry Breton has held a videoconference with CEOs of European telecommunication companies and GSMA to discuss the sharing of anonymised metadata for modelling and predicting the propagation of the virus.

Does this approach necessarily put data privacy at risk? Is the trade-off between data privacy and public health necessary? Whereas it is true that in exceptional circumstances fundamental rights need to be balanced against each other, data privacy shall not be an insurmountable obstacle to the implementation of exceptional public health policies.

Some basics on data and metadata

Simply put, data consists of potential information that has to be processed to be useful. [1] Metadata, on the other hand, is “data about data”, comprising all the information about data at any given time, at any level of aggregation. It is structured information about an information resource of any media type or format. [2]

In order to safeguard privacy, personal data must be anonymised before its processing. Anonymisation refers to the process of de-identifying sensitive data while preserving its format and type [3] so it cannot be tied to specific individuals. Privacy can be also be assured by means of aggregation, which refers to the “process where raw data is gathered and expressed in a summary form for statistical analysis.”

Conditions for the use of location data

While in some countries the use of information to combat the COVID-19 outbreak seems to go beyond anonymised data (individual location and contacts tracking, for instance, requires device-level data), in Europe, so far, collaboration between telecommunication companies and governments appears to encompass only the exchange of anonymised data or databased models. On that level of data processing, the European Data Protection Board issued an approval statement based on some conditions, such as the anonymity of the processed data and the applicability of administrative controls, including security, limited access and limited retention periods.

On April 8, the European Commission issued a Recommendation on a Common Union Toolbox for the Use of Technology and Data to Combat and Exit from the COVID-19 Crisis, in particular concerning mobile applications and the use of anonymised mobility data. The Recommendation acknowledges the value of digital technologies and data in combating the COVID-19 crisis stating, however, that fragmented and uncoordinated approaches could hamper the effectiveness of measures aimed at combating the pandemic and violate fundamental rights and freedoms. It sets up a process for developing a common approach (Toolbox) to use digital means to address the crisis. The Toolbox will consist of practical measures for making effective use of technologies and data, with a focus on a pan-European approach for the use of mobile applications, coordinated at Union level and a common scheme for using anonymised and aggregated data on mobility of populations.

Regarding the use of mobility data, the Recommendation provides, inter alia, for safeguards to be put in place to prevent de-anonymisation and avoid reidentifications of individuals, including guarantees of adequate levels of data and IT security, and assessment of reidentification risks when correlating the anonymised data with other data.

The right to location privacy

According to the Article 4(1) of the GDPR, personal data comprises any information relating to an identified or identifiable natural person, including location data. Location data, as stated by the ePrivacy Directive, means any data processed in an electronic communications network or by an electronic communications service, indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service. It can be tied to a known individual (e.g. a name linked to a cell phone subscription) or to an identifier associated with a specific device (anonymised data). In other cases, a dataset is modified to display the location of groups of people, instead of individuals (aggregated data).

Location privacy, hence, relates to the location information of an individual in a sense that prevents others to learn about one’s current or past location. [4] In other words, “This definition captures the idea that the person whose location is being measured should control who can know it.”

The right to location privacy encompasses two fundamental rights, both guaranteed by the Charter of Fundamental Rights of the EU: the respect for private and family life (Article 7) and the protection of personal data (Article 8). Notwithstanding its importance, fundamental rights are not absolute and can be restricted in exceptional situations. As stated by Article 52(1), restrictions on these rights can only be imposed when lawful, legitimate and proportionate.

Location privacy is also protected under the Article 8 of the European Convention on Human Rights and cannot be limited either, if not for derogation in time of emergency consisting of war or other public emergency threatening the life of the nation. In that case, the measures shall be taken strictly to the extent required by the situation and cannot be inconsistent with other obligations under international law (Article 15).

Data retention in EU context

In Digital Rights Ireland case, the ECJ declared the invalidity of the Directive 2006/24/EC, which required providers of publicly available electronic communication services or public communication networks to retain telecommunication data of individuals for the purposes of preventing, investigating and prosecuting serious crime. The ECJ took the view that the Directive does not “provide for sufficient safeguards … to ensure effective protection of the data retained against the risk of abuse and against any unlawful access…” According to the ECJ, although the Directive satisfies a valid objective of general interest (public security), it does not meet the principle of proportionality.

To date, there is no EU legislation regarding data retention. Filling up the void, the ECJ decided in Tele2 Sverige case on the scope and effect of its previous judgment on Digital Rights Ireland, establishing minimum safeguards that must be included in any national law regarding data retention. ECJ therefore concluded that national legislation that did not contemplate minimum safeguards would be precluded pursuant to Article 15(1) of ePrivacy Directive.

Despite the guidelines set out in the Tele2 Sverige judgement, a survey by Privacy International indicates that, as of 2017, a large number of Member States still had not yet made necessary changes to ensure national legislation compliance. This is especially important in this time of pandemic, as many States in Europe are recurring to private telecom companies to disclose retained location data in order to fight the COVID-19 outbreak.

Data retention and location privacy: the need for harmonisation

This scenario highlights the importance of harmonisation on the subject at European level, what would contribute to safeguard citizens’ privacy rights. That coordination between private companies and governments shall reveal how access to sensitive telecommunication data by public authorities will affect the retention of data for private purposes.

In the light of the COVID-19 pandemic, location data can be very useful for epidemiological analysis, medical research and measures against disease spread. This importance, however, does not preclude the respect for privacy rights. In that context, a European framework for data retention is paramount to location privacy, since it can effectively regulate what data can be retained, for how long, and what measures must be taken in order to reduce violations risks and making it is being stored and shared in legitimate and responsible ways.

Final remarks

The retention, processing and exchange of location data to handle the pandemic do not necessarily have to violate privacy. There are mechanisms that, although not infallible, minimise risks of breach in the processing of personal data, in particular aggregation and anonymization. Besides, even in exceptional cases in which personal identifiable information processing is needed, EU Regulation and case law have already set some boundaries, especially amounting to proportionality. What really matters is the approach authorities will choose to take after the outbreak subsides, so mass surveillance does not become the norm.

[1] POMERANTZ, Jeffrey. Metadata. Cambridge : The MIT Press, 2015. p. 21.
[2] BACA, Murtha (ed). Introduction to Metadata. 3. ed. Los Angeles : Getty Research Institute, 2016. p. 2.
[3] RAGHUNATHAN, Balaji. The Complete Book of Data Anonymization: From Planning to Implementation. Boca Raton, FL, USA : CRC Press, 2013. p. 4.
[4] ATAEI, Mehrnaz; KRAY, Christian. Ephemerality is the New Black: A Novel Perspective on Location Data Management and Location Privacy in LBS. In GERTNER, Georg; HUANG, Haosheng (ed. ) Progress in Location-Based Services 2016. Switzerland : Spring, 2017. p. 360.

 

The Author

Patrícia Corrêa is a Portuguese qualified lawyer currently pursuing a Master’s Degree in International and European Law at Universidade Católica do Porto, Portugal.