There were some ground-breaking developments in the technology and commercial law spheres in 2015. 

Key topics in 2015 included: 

“Safe Harbor” Invalidated - Schrems v Irish Data Protection Commissioner

European Commission Launches a Digital Single Market Strategy for Europe

Ryanair Notches Up Wins Against Price Comparison Sites

The standout European development has been the fallout from the proceedings brought by Austrian law student Max Schrems that affected the “Safe Harbor scheme”, which up to that point had underpinned the transfer of personal data outside Europe by thousands of organisations.

“Safe Harbor” Invalidated - Schrems v Irish Data Protection Commissioner

Austrian PhD law student, Max Schrems, filed a complaint with the Irish Data Protection Commissioner ("DPC") requesting that, due to the alleged risk of the US government intercepting and reading personal data, the DPC investigate transfers of personal data from Facebook’s European headquarters located in Ireland to its US based parent company. At the time, the Irish DPC’s view was that the transfers in question were valid based on the “Safe Harbor” scheme that permitted transfers of personal data from Europe to the US. The DPC therefore refused to investigate Schrems’ complaint.

Schrems filed judicial review proceedings challenging the DPC’s rejection of his complaint. The Irish Courts referred the case to the Court of Justice of the European Union ("CJEU"). In October 2015, the CJEU handed down its judgment which found that the Safe Harbor system facilitating the transfer of personal data from Europe to the US is ‘invalid’. The CJEU ruling does not prohibit or restrict all transfers of personal data from Europe to the US.  It only means that Safe Harbor, one of a number of different legal processes that could be used to lawfully move data from Europe to the US, is invalid.

Since the Schrems decision was handed down there have been intensive efforts behind the scenes in both the EU and US to resolve the difficulties which have arisen as a result of the invalidation of Safe Harbor. In a recent speech, the EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, discussed the progress that has been made towards an agreement for EU-US data transfers.  She noted that she is confident an agreement will be reached in 2016.

For extensive coverage and analysis of the Schrems decision and its consequences for your business visit our Tech Law blog.

European Commission Launches a Digital Single Market Strategy for Europe

Only around 15% of citizens purchase goods online from another EU member state and only 7% of SMEs complete transactions cross-border. In light of this, the European Commission (the "Commission") declared its plans to create a Digital Single Market ("DSM") allowing citizens, individuals and businesses to more effectively access and carry out online activities across the European Union.

In the same way that the EU aspires to have a single market for goods and services across the EU, the DSM aims to remove regulatory barriers and move from the current 28 national EU markets to a single market in the digital sphere. While online operators can already rely on principles of EU law to trade across the EU, such as the Freedom to Provide Services, the DSM is aimed at further encouraging cross-border digital trade.

The Commission adopted its DSM Strategy in May 2015, which sets out three pillars and 16 key actions for which the Commission is tasked with delivering by the end of 2016. Although the DSM Strategy is new, many of the main legislative initiatives have been in development for some time. Significant legislative plans on the agenda include increased harmonisation of copyright law, a modified proposal for a Common European Sales Law, and a new Directive on Comparative and Misleading Advertising. The Council of the European Union has recently approved a version of the General Data Protection Regulation, although it may be some time before a final version is agreed.

Ryanair Notches Up Wins Against Price Comparison Sites

In recent years, the Irish airline Ryanair has been involved in numerous legal battles across Europe against alleged ‘screen scrapers’. ‘Screen scraping’ describes how some price-comparison websites automatically collect and compare data from various service providers’ websites without the service providers’ consent.

In May 2015, the Irish Supreme Court confirmed that the Irish Courts have jurisdiction to deal with the ‘screen scraping’ of Ryanair’s website. The Court decision marked a further victory for Ryanair in its battle to restrict the display of its fares to end-users visiting its website directly.

The Court held that the price comparison sites’ engagement with Ryanair’s website to gather pricing information to their own customers constituted use of the Ryanair site.  It would therefore become bound by the site’s terms of use, including the provisions setting out where disputes under those terms should be heard.

The case illustrates that companies should ensure that their website terms of use are drafted to include a clause governing jurisdiction. Equally, price comparison sites should note that simply accessing an airline’s website means they will automatically be bound by the website’s terms of use, including any jurisdiction stipulation. Despite this, it is important to remember that consumers generally have the right to sue in their home jurisdiction, regardless of any provision in a site’s terms of use.

Comment

2016 promises to bring some interesting legislative developments, including progress on the European Commission’s new General Data Protection Regulation and the Digital Single Market Strategy. The Internet of Things, with its connected smart-devices, will continue to grow and Gartner expects over 6 billion connected ‘things’ to be in use this year around the world. 2016 may also be the year of artificial intelligence and we expect to see Irish and EU law grapple to keep pace with technological developments such as drones, autonomous cars and ‘big data’ analytics.