When in May 2000 a French court enjoined Yahoo!, a US-based Internet service provider, to enforce restrictions on access to web content that infringed French law, the decision provoked an outcry overseas and started a complex jurisdictional conflict. The fame of the Yahoo! case was well deserved, as it clearly exposed the potential of the web to give rise to regulatory clashes: the same activity – the online sale of Nazi memorabilia through the Yahoo! Auction site – was illegal under French law but enjoyed the protection of free speech in the US. Justifying the assertion of prescriptive jurisdiction by multiple States, the borderless nature of the Internet made such clashes all the more likely. Almost two decades later, the application of EU data protection law to data processing carried out in third countries has raised similar issues, requiring a careful weighing of competing rights and interests and setting the stage for thorny conflicts when the balancing process leads to different outcomes in different jurisdictions. Against this backdrop, the paper inquires whether looking back at the Yahoo! case might suggest possible ways to reduce such risk. A key but sometimes overlooked aspect of the Yahoo! litigation was the actually limited scope of the measure French courts imposed on the ISP, as Yahoo! was not required to take down the auction web page or filter its content, but merely to prevent users based in France from viewing it. Interestingly, a similar approach has been suggested for the enforcement of the “right to be forgotten” that the Court of Justice recognized in Google Spain and is now enshrined in the new General Data Protection Regulation: it is currently being litigated in at least one Member State whether geographically selective delisting may represent an alternative to obliging search engines to delist search results globally. At first sight, this limitation might appear a reasonable restraint in the exercise of jurisdiction. Yet it would only provide the data subject with a very partial remedy, as information would still be accessible from other countries. Highlighting a major difference between jurisdictional conflicts à la Yahoo! and the application of data protection law, the paper will therefore conclude that, while it can prove useful to permit the coexistence of regulatory regimes reflecting different policy choices, the geographically selective enforcement of data protection rules clashes with the fundamental rights logic underpinning the case law of the Court of Justice.
Back to Yahoo!? Regulatory clashes in cyberspace in the light of EU data protection law
Alberto Miglio
2017-01-01
Abstract
When in May 2000 a French court enjoined Yahoo!, a US-based Internet service provider, to enforce restrictions on access to web content that infringed French law, the decision provoked an outcry overseas and started a complex jurisdictional conflict. The fame of the Yahoo! case was well deserved, as it clearly exposed the potential of the web to give rise to regulatory clashes: the same activity – the online sale of Nazi memorabilia through the Yahoo! Auction site – was illegal under French law but enjoyed the protection of free speech in the US. Justifying the assertion of prescriptive jurisdiction by multiple States, the borderless nature of the Internet made such clashes all the more likely. Almost two decades later, the application of EU data protection law to data processing carried out in third countries has raised similar issues, requiring a careful weighing of competing rights and interests and setting the stage for thorny conflicts when the balancing process leads to different outcomes in different jurisdictions. Against this backdrop, the paper inquires whether looking back at the Yahoo! case might suggest possible ways to reduce such risk. A key but sometimes overlooked aspect of the Yahoo! litigation was the actually limited scope of the measure French courts imposed on the ISP, as Yahoo! was not required to take down the auction web page or filter its content, but merely to prevent users based in France from viewing it. Interestingly, a similar approach has been suggested for the enforcement of the “right to be forgotten” that the Court of Justice recognized in Google Spain and is now enshrined in the new General Data Protection Regulation: it is currently being litigated in at least one Member State whether geographically selective delisting may represent an alternative to obliging search engines to delist search results globally. At first sight, this limitation might appear a reasonable restraint in the exercise of jurisdiction. Yet it would only provide the data subject with a very partial remedy, as information would still be accessible from other countries. Highlighting a major difference between jurisdictional conflicts à la Yahoo! and the application of data protection law, the paper will therefore conclude that, while it can prove useful to permit the coexistence of regulatory regimes reflecting different policy choices, the geographically selective enforcement of data protection rules clashes with the fundamental rights logic underpinning the case law of the Court of Justice.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Miglio in Data Protection and Privacy under Pressure ebook.pdf
Accesso aperto
Tipo di file:
PDF EDITORIALE
Dimensione
1.38 MB
Formato
Adobe PDF
|
1.38 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
