DOSSIERS
Alle dossiers

ICT - TIC - Privacy  

IEFBE 1796

Conclusie AG: Dynamisch IP-adres is ook persoonsgegeven als ISP over aanvullende gegevens beschikt die identificatie mogelijk maakt

HvJ EU - CJUE 12 mei 2016, IEFBE 1796; ECLI:EU:C:2016:339 (Breyer), https://ie-forum.be/artikelen/conclusie-ag-dynamisch-ip-adres-is-ook-persoonsgegeven-als-isp-over-aanvullende-gegevens-beschikt-di

Conclusie AG HvJ EU 12 mei 2016, IT 2055; IEFbe 1796; C-582/14; ECLI:EU:C:2016:339 (Breyer)
Zie eerder IT 1698; IEFbe 1206. Begrip ‚persoonsgegevens’ – IP-adressen – Bewaring door een aanbieder van elektronische mediadiensten. Nationale regeling volgens welke geen rekening kan worden gehouden met het legitieme belang van de voor de verwerking verantwoordelijke.

1)      Overeenkomstig artikel 2, onder a), [richtlijn gegevensbescherming], vormt een dynamisch IP‑adres waarmee een gebruiker toegang heeft gekregen tot de website van een aanbieder van elektronische mediadiensten voor deze laatste een ‚persoonsgegeven’, wanneer een internetprovider beschikt over de aanvullende gegevens die het, samen met het dynamische IP‑adres, mogelijk maken de gebruiker te identificeren.

IEFBE 1782

Schadevergoeding voor verlies van kans om derde contractant in IT-aanbesteding EUIPO te worden

Gerecht EU - Tribunal UE 27 apr 2016, IEFBE 1782; ECLI:EU:T:2016:248 (European Dynamics tegen EUIPO), https://ie-forum.be/artikelen/schadevergoeding-voor-verlies-van-kans-om-derde-contractant-in-it-aanbesteding-euipo-te-worden

Gerecht EU 27 april 2016, IT 2050; IEFbe 1782; ECLI:EU:T:2016:248; zaak T-556/11 (European Dynamics tegen EUIPO)
Overheidsopdrachten voor diensten. Aanbestedingsprocedure. Diensten inzake softwareontwikkeling en -onderhoud. Afwijzing van de offerte van een inschrijver. Rangschikking van een inschrijver in de cascadeprocedure. Uitsluitingsgronden. Belangenconflict. Gelijke behandeling. Zorgvuldigheidsplicht. Gunningscriteria. Kennelijk onjuiste beoordeling. Motiveringsplicht. Niet-contractuele aansprakelijkheid. Verlies van een kans. Het besluit tot afwijzing van de offerte wordt nietig verklaard. EUIPO moet de schade vergoeden die eisers heeft geleden door het verlies van een kans om minstens als derde contractant de raamovereenkomst toegewezen te krijgen.

IEFBE 1766

Publieke consultatie over evaluatie en review van ePrivacy-verordening

Consultatie 12 april tot 5 juli 2016 (evaluatie en review van ePrivacy-verordening)
In 6 May 2015, the Commission adopted the Digital Single Market (DSM) Strategy, which announced that, following the adoption of the General Data Protection Regulation, the ePrivacy rules would also be reviewed. The review of the ePrivacy Directive is one of the key initiatives aimed at reinforcing trust and security in digital services in the EU with a focus on ensuring a high level of protection for citizens and a level playing field for all market players. The review will be preceded by a Regulatory Fitness and Performance Programme (REFIT), which aims at evaluating the performances of the current legislation against criteria such as efficiency, effectiveness and EU added value. The Commission is now consulting stakeholders on both the retrospective evaluation and the possible changes to the current ePrivacy Directive. The Commission will use the feedback from the consultation to prepare a new legislative proposal on ePrivacy, which is expected by the end of 2016.

IEFBE 1716

Vrijstelling van informatieverplichtingen publiekrechtelijke beroepsorganisaties en privédetectives

Grondwettelijk Hof 25 februari 2016, IEFbe 1716; Arrest nr. 28/2016 (Beroepsinstituut van vastgoedmakelaars en Romain Lamolle)
Privacy. Persoonsgegevens. Zie eerder IEFbe 752. Het Beroepsinstituut van vastgoedmakelaars en Romain Lamolle vorderen de vernietiging van de artikelen 3, §§3 tot 6, en 9 van de wet tot bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking van persoonsgegevens. Artikel 9 bepaalt welke informatie de verantwoordelijke voor de verwerking van persoonsgegevens moet meedelen aan de persoon wiens gegevens het voorwerp van die verwerking uitmaken. Artikel 3, §§3 tot 7 stelt sommige categorieën van personen of instellingen vrij van de bij artikel 9 opgelegde verplichtingen. De bestreden bepalingen zouden een discriminerend verschil in behandeling invoeren tussen enerzijds de categorie personen genoemd in paragraaf 3 tot en met 6 en anderzijds de publiekrechtelijke beroepsorganisaties die bij de wet ermee zijn belast onderzoek te verrichten naar schendingen van de beroepscode van een gereglementeerd beroep, zoals het BIV. Het Hof vernietigt artikel 9 in zoverre het zonder meer van toepassing is op de publiekrechtelijke beroepsorganisatie die bij de wet ermee is beslaat onderzoek te verrichten naar schendingen van de beroepscode van een gereglementeerd beroep en op de activiteit van een privédetective die ertoe is gemachtigd voor de betrokken beroepsorganisatie op te treden.

B.11. Het middel is gegrond in zoverre artikel 9 van de wet van 8 december 1992 tot bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking van persoonsgegevens zonder meer van toepassing is op de publiekrechtelijke beroepsorganisatie die bij de wet ermee is belast onderzoek te verrichten naar schendingen van de beroepscode van een gereglementeerd beroep en op de activiteit van een privédetective die ertoe is gemachtigd voor de betrokken beroepsorganisatie op te treden overeenkomstig artikel 13 van de wet van 19 juli 1991 tot regeling van het beroep van privédetective. Die situaties vallen bijgevolg buiten het toepassingsgebied van artikel 9 van de wet van 8 december 1992, in afwachting van de uitdrukkelijke uitbreiding, door de wetgever, van de vrijstellingen waarin artikel 3 van dezelfde wet voorziet.

Om die redenen,
het Hof vernietigt artikel 9 van de wet van 8 december 1992 tot bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking van persoonsgegevens in zoverre het zonder meer van toepassing is op de publiekrechtelijke beroepsorganisatie die bij de wet ermee is belast onderzoek te verrichten naar schendingen van de beroepscode van een gereglementeerd beroep en op de activiteit van een privédetective die ertoe is gemachtigd voor de betrokken beroepsorganisatie op te treden overeenkomstig artikel 13 van de wet van 19 juli 1991 tot regeling van het beroep van privédetective.

IEFBE 1713

A public debate on ‘backdoors’ in the light of the recent developments in the Apple FBI iPhone case

Bijdrage ingezonden door Bernd Fiten, Student KU Leuven/LinkedIn. A brief analysis of the different arguments in the Apple FBI iPhone case. Factual background
On February 16, 2016, the US Justice Department filed an order to compel Apple to assist agents in search. Apple was ordered by a Federal Court1 to help the Federal Bureau of Investigation (FBI) unlock an iPhone 5C2  used by one of the two attackers of the San Bernardino attacks3 in December last year, the most deadly act of terrorism on American soil since 9/11. The filing4 at issue by the US Justice Department cited the 18th-century All Writs Act, a 230-year old catchall statute to allow courts to issue a writ, or order, which compels a person or company to do something5.

The Apple FBI iPhone case is particularly interesting because the FBI is not asking Apple to unlock the iPhone at issue, but instead to write a new software tool to eliminate specific security protections Apple built into its phone software to protect customer data6.  Providing the FBI with new software, a so-called custom firmware file (IPSW file, essentially a crippled version of its iOS software), or called ‘GovtOS’7 by Apple , would enable law enforcement to ‘brute force’ the four digit passcode lockout on the iPhone 5C8.  While the data on the iPhone will, in principle, be permanently deleted after ten unsuccessful attempts to enter the passcode, the custom firmware file will remove this limited number of passcode attempts, so that the FBI can make an unlimited number of attempts (‘brute force’, try every combination until by chance the right one is hit). According to Will Strafach, ex-jailbreaker and CEO of mobile security firm Sudo Security Group, a four digit passcode should be possible to ‘brute force’ in less than an hour, because there are only 10.000 possible combinations.

The US Justice Department decided not to wait for Apple’s response to file a motion9 asking the Federal Court to compel Apple to comply with the court’s February 16, 2016 order 10.  As a response, Apple filed a motion to vacate the court order and opposed the motion to compel assistance.11   This was Apple’s first official legal response to the court order compelling Apple to help the FBI. However, this official legal response by Apple came as no surprise, because the previous bold statement by Tim Cook, CEO of Apple, already indicated that Apple planned to fight the court order.12

Since the court order by the Federal Court, many have expressed their concerns. A survey conducted among 130 high-profile security and privacy experts, indicated that 60% was of the opinion that Apple should not comply with the court order to help the FBI hack into the iPhone in question. However, a similar survey conducted among 1000 American citizens indicated that 38% was of the opinion that Apple should not help the FBI, while 51% said that Apple should help the FBI 13.  In the meantime, the case has drawn worldwide attention and is shaping up to be one that may have huge implications for privacy and security. Let’s assume that the FBI can force Apple to help them, could this mean that, in the future, the FBI will be able to compel all sorts of other US companies to change their products to serve law enforcement?

On the basis of the aforementioned court order and the motions, three types of arguments can be raised in the debate about the Apple FBI iPhone case, although these arguments might overlap or might be inherently linked to each other. The general-philosophical, legal and technical arguments will be discussed below.

General-philosophical arguments
Security and privacy experts pointed out that ‘backdoors’ would fundamentally undermine encryption and could be exploited by criminals14.  According to Tim Cook, providing the FBI with custom firmware would be the equivalent of making available a so-called ‘master key’ capable of opening hundreds of millions of locks. In other words, the custom firmware file would not just weaken the security of one iPhone, but could threaten millions of iPhones worldwide15  and could possibly open the door to massive surveillance16.  This is why the debate should not focus too much on the technical aspects, but on the fact that the US Justice Department would be weakening the security of a private company’s product. Therefore, Tim Cook stated that the dangerous precedent of encryption ‘backdoors’ would threaten everyone’s civil liberties17.  He said that the court order was an unprecedented step which threatens the security of their customers and that the court order has implications far beyond the legal case at hand. In the meantime, Tim Cook was supported by Google18, WhatsApp19, Twitter, Facebook and other tech organizations and civil rights groups20.  Nevertheless, the US Justice Department emphasizes that they are asking Apple for access to the single iPhone at hand.21  However, many security experts are skeptical. Especially since the revelations by whistleblower Edward Snowden, which harmed the trust in the US government not to abuse its powers of surveillance.

The most remarkable statement in my opinion was the first statement of Bill Gates, founder of Microsoft. Although he nuanced his statement later on, he backed the FBI hack request at first, in contrast to founders and CEO’s of other technology companies, by stating that “[t]his is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case”.22 However, Microsoft Corporation, as member of the Reform Government Surveillance (RGS)23, is probably on the side of the other technology companies like Apple and Google, strongly advocating for protecting security of customers and their information.24  Eventually, Brad Smith, President and Chief Legal Officer of the Redmond company, also officially stated that Microsoft (which previously not weighed in directly on the high-profile issue) is wholeheartedly siding with Apple in the Apple FBI iPhone case at hand.25 

The aforementioned survey indicated that a majority of security and privacy experts in the US are of the opinion that Apple should not help the FBI. However, the outcome of the Apple FBI iPhone case could also have some important effects for foreign non-US iPhones, for instance in Europe. The European Commission Vice-President, Andrus Ansip, stated to be strongly against having any kind of ‘back door’ 26.   Although, he did not want to talk about the Apple FBI case specifically, because it is up to the US authorities to deal with this issue. Nevertheless, only one year ago, Gilles de Kerchove, EU’s counter-terrorism coordinator27, stated in a leaked meeting document28 that the European Commission should come up with rules that require technology companies to help national governments snoop on possible suspects by handing over encryption keys to security and intelligence agencies, as part of a wider crackdown on terrorism.29 

The terrorist attacks of last year (Charlie Hebdo attack and Paris attacks) also played an important role in the debate surrounding ‘backdoors’. The terrorists attacks are referred to by some individuals to serve their own agendas. Reacting on the iPhone case, James Comey, director of the FBI, publicly lobbied for the insertion of encryption ‘backdoors’ into software and hardware to allow law enforcement agencies to bypass authentication and access a suspect’s data surreptitiously. In the same vein, M. Rogers, head of the NSA, once again noted that the Paris attacks would not have happened without end-to-end encrypted IM services such as Telegram, hiding terror plans from security agencies. Additionally, he blamed the leaks by whistleblower Edward Snowden for terrorists and criminals rushing to use such encrypted IM services30.  In contrast to that, A. Ansip noted that there is no evidence about the fact that terrorists in the Paris attacks used encrypted IM services. Instead, due to a mobile phone found at the scene of one of the Paris attacks, it may be evidenced that an unencrypted text messaging system was likely to be used by the terrorists of the Paris attacks.31

A good illustration of the concerns that have been raised is the cartoon ‘Trap Door’, made by Stuart Carlson.32  It addresses the fact that the consequences of a ‘backdoor’ may be more far reaching than only the FBI unlocking the iPhone 5C in question. Although the FBI may have good intentions, there could be a cascade of untrusted third parties also exploiting the ‘backdoor’. For instance, hackers with bad intentions could exploit the ‘backdoor’ for illegitimate purposes, or in the end, even repressive regimes could exploit the ‘backdoor’ to violate civil liberties and human rights, by making similar, perhaps even broader, demands for access in less justified cases. Also, some argue that Apple will find it hard to resist in the future, having conceded once.
 

FIGURE 1 CARTOON 'TRAP DOOR' BY S. CARLSON
As a humorous side note, J. McAfee33 even offered to the FBI to decrypt the iPhone 5C used in the San Bernardino attacks, free of charge so that Apple doesn’t need to place a ‘backdoor’ on its iOS software. J. McAfee said that he works with a team of the best hackers on the planet and that he will eat his shoe if they cannot decrypt the iPhone 5C in three weeks 34.

The individuals that argue that Apple should help the FBI often refer to Apple’s concern for its business model and marketing strategy, or they refer to the fact that the owner of the iPhone was actually Farook’s employer, the San Bernardino County Department of Public Health, a government agency. S. Baker, the first Assistant Secretary for Policy at the US Department of Homeland Security under the Presidency of George W. Bush35, noted that “Apple has an obligation to assist the government if it can do so” and that “[a]s a practical matter, Apple’s technical and legal position elevates Farook’s privacy over the interests of the iPhone’s real owner […] the San Bernardino County Department of Public Health, which issued it to Syed Farook to use at work.”36  However, many of those arguing that Apple should help the FBI preferred to remain anonymous, but they argued, for instance, that “[Apple is] willing to harvest every drop of personal information from their users and sell it to the highest bidders via ad networks, but won’t let it be used in a real life/death law enforcement situation?”, and that “[a]ccording to Newsweek, Apple has unlocked their phones at least 70 times since 2008. […]  So why the big protest now? Because it’s a marketing ploy”37.  The latter statement is also supported by the US Justice Department. They argued that Apple’s recalcitrance appears to be based on nothing more than “its concern for its business model and public brand marketing strategy.”38 

Legal arguments
As a preliminary remark, it should be noted that there is currently no US legislation that forces US technology companies to weaken their encryption by installing a ‘backdoor’ for the law enforcement. The question whether such legislation would be desirable, is again a question of philosophical nature. Consequently, the legal argument most often put forward is that the All Writs Act does not provide an adequate legal basis for the court order to compel Apple to help the FBI. According to Apple, the boundless interpretation of the All Writs Act by the US Justice Department, makes it hard to conceive of any limits on future court orders. In its motion to vacate the court order, Apple argued that the All Writs Act (on which the court order is legally based) is intended only to fill the gaps covering scenarios not covered by other laws (in Latin: lex specialis derogat legi generali). Instead, the Communications Assistance for Law Enforcement Act (CALEA) is a law that was passed specifically to cover this sort of cases. The CALEA defined the circumstances under which private companies must assist law enforcement in executing authorized electronic surveillance and the nature of, and limits on, the assistance such companies must provide. It specifies when a company has an obligation to assist the government with decryption of communications, and made clear that a company has no obligation to do so where, as in the case at issue, Apple does not retain a copy of the decryption key.39  In short, Apple is leaning heavily on the idea that CALEA pre-empts the All Writs Act here, and that CALEA explicitly says that companies can't be forced into helping to decrypt encrypted content.40

Another legal (and partly technical) argument pointed to the undue burden of the court order to create the custom firmware file. The US Justice Department suggested to create the software only for the iPhone in question and to delete it afterwards. However, Apple argued that this would not lessen the burden, because “building everything up and tearing it down for each demand by law enforcement” is an enormously intrusive burden. Furthermore, Apple argued that the alternative of keeping and maintaining the software would impose a different but not less significant burden, forcing Apple to take on the task of securing the software against disclosure, for instance. In other words, Apple argued that the requested (technical) assistance by the US Justice Department is not reasonable. Additionally, there are constitutional arguments, namely a violation of the First Amendment (freedom of expression) and the Fifth Amendment (due process). However, it should be noted that the Federal Court will only address these constitutional arguments when it deems the All Writs Act applicable.

As already mentioned, the legal arguments are linked with some general-philosophical arguments. For instance, A. Ghappour, law professor at UC Hastings, stated that the government is “using a catch-all statute from the 18th century to compel a technology company to 'assist' law enforcement by designing custom software to ‘backdoor’ an encrypted device. […] The ramifications of such a precedent could be tremendous. If the government can compel Apple to provide custom software, why can’t they compel Facebook to customize analytics that predicts the criminality of their user base?"41  In the same vein, B. Smith, Microsoft’s President and Chief Legal Officer, said that the Redmond company does not believe that courts should seek to resolve issues of this century’s technology with the All Writs Act that was written in the era of the adding machine. Therefore, Microsoft will file an ‘amicus brief’42 (a third party observation), to back Apple in its position. Microsoft also took this opportunity to emphasize again the need for an update of global data sovereignty laws, as Microsoft itself is embroiled in a similar case43.

Technical arguments
In addition to the general-philosophical and legal arguments, some arguments are more (or partly) of a technical nature. The US Justice Department stated in its motion to compel Apple to comply with the court order that “Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation. […] Despite its efforts, Apple nonetheless retains the technical ability to comply with the Order, and so should be required to obey it.” 44  In essence, the FBI requests that Apple updates the iPhone in question, so that the extra security features (like a maximum of ten passcode attempts) are removed, making ‘brute forcing’ the iPhone feasible. The FBI could, theoretically, write such an update itself, but updates for iPhones require a special, encrypted Apple certificate in order to accept the update, so that Apple’s help is rendered necessary.

Furthermore, Apple pointed to the high costs of providing the custom firmware file, because Apple would be required to create new software, not just disable existing code functionality. In this regard, Apple stated that it could tie up resources for as long as a month to create the so-called ‘GovtOS’, although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time.

Another technical argument relates to the fact that there are other possible technical means than writing new software. Apple argued that the US Justice Department failed to demonstrate that the court order was absolutely necessary to effectuate the search warrant, including that the US Justice Department failed to exhaust all other technical means and avenues for recovering information. Thus, Apple holds the opinion that the US Justice Department should at first request technical assistance from other federal agencies, before they ask the Federal Court to compel Apple to write new software. It is, for instance, technically possible to retrieve data from iCloud backups of Farook’s iPhone, but the US government changed the iCloud password associated with the iPhone in question, so that an automatic iCloud backup is prevented. But let’s not forget that, once the iPhone 5C is unlocked, there are still plenty of encrypted IM services, many written outside the US and thus beyond the reach of the US government.

Closing remarks
To conclude, the arguments used by both camps can roughly be categorized in three types of arguments (general-philosophical, legal and technical), but it should be noted that these arguments might overlap or might be inherently linked to each other. Individuals that argue that Apple should not help the FBI emphasize the fact that this would essentially create a ‘backdoor’ and open the door to massive surveillance, not only by law enforcement, but also by other untrusted third parties like hackers and repressive regimes. While those that argue that Apple should help the FBI, hold the opinion that this is just a marketing campaign by Apple, because the FBI only requests to access the iPhone 5C at issue. They also tend to give the anti-terrorism purposes of the FBI more weight in their analysis.

As this case wends its way through the US courts at the time of writing (potentially ending up at the US Supreme Court)45, it is already clear that the public debate about the encryption ‘backdoor’ argument is not ended yet. Also foreign non-US iPhone users could possibly be affected, so the Apple FBI iPhone case could also have some serious extraterritorial, worldwide effects. In any case, it seems that both the FBI and Apple are not inclined to give in to each other and that there is a possibility that Apple could drag this out with the FBI for a very long time, as both the FBI and Apple have a great deal at stake46.  The next formal hearing in the Federal Court will take place on March 22, 2016. To be continued.

Bernd Fiten
1)   By US Magistrate Judge Sheri Pym who wrote: “Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.” (C. FARIVAR, Judge: Apple must help FBI unlock San Bernardino shooter’s iPhone, https://arstechnica.com/tech-policy/2016/02/judge-apple-must-help-fbi-unlock-san-bernardino-shooters-iphone/).

2)  Full encryption is enabled by default since iOS8, which is the predecessor of iOS9 running on the iPhone 5C at issue. In September 2014, Apple stated: “For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.” (Apple, We believe security shouldn’t come at the expense of individual privacy, https://www.apple.com/privacy/government-information-requests/); J. SCHELLEVIS, Apple: wij kunnen niet langer passcodes omzeilen, https://tweakers.net/nieuws/98519/apple-wij-kunnen-niet-langer-passcodes-omzeilen.html.
3)  On December 2, 2015, a heavily armed man (Syed Rizwan Farook) and woman terrorized the city of San Bernardino (California), killing at least 14 people and wounding at least 17 at a social services center before leading the police on a manhunt culminating in a shootout that left the two suspects dead (A. NAGOURNEY, I. LOVETT, R. PÉREZ-PENA, San Bernardino Shooting Kills at Least 14; Two Suspects Are Dead, https://www.nytimes.com/2015/12/03/us/san-bernardino-shooting.html).
4)  Available at https://www.documentcloud.org/documents/2714000-SB-Shooter-MOTION-Seeking-Asst-iPhone.html.
5)  C. FARIVAR, Judge: Apple must help FBI unlock San Bernardino shooter’s iPhone, https://arstechnica.com/tech-policy/2016/02/judge-apple-must-help-fbi-unlock-san-bernardino-shooters-iphone/.
6)  K. ZETTER, Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On, https://www.wired.com/2016/02/apples-fbi-battle-is-complicated-heres-whats-really-going-on/; in this article, K. Zetter explains the technical side of the issue.
7)  A. CARMAN, This is what it would take to build what Apple calls ‘GovtOS', https://www.theverge.com/2016/2/25/11116634/apple-fbi-hypothetical-operating-system-govtos.
8)  S. VAN VOORST, Apple moet iPhone van aanslagpleger helpen ontsleutelen met speciale firmware, https://tweakers.net/nieuws/108339/apple-moet-iphone-van-aanslagpleger-helpen-ontsleutelen-met-speciale-firmware.html.
9)  Available at https://www.justice.gov/usao-cdca/file/826836/download.
10)  K. ZETTER, DoJ Files Motion to Force Apple to Hack iPhone in San Bernardino Case, https://www.wired.com/2016/02/doj-files-motion-to-compel-apple-to-cooperate-in-san-bernardino-case/, O. VAN MILTENBURG, Justitie VS: Apple is weerbarstig toegang tot iPhone te geven wegens marketing, https://tweakers.net/nieuws/108489/justitie-vs-apple-is-weerbarstig-toegang-tot-iphone-te-geven-wegens-marketing.html.
11)  This ‘motion to vacate’ is a formal request to overturn (or reverse) the earlier court’s order to unlock the iPhone 5C in question; available at https://www.documentcloud.org/documents/2722199-5-15-MJ-00451-SP-USA-v-Black-Lexus-IS300.html
12)  T. COOK, A Message to Our Customers, https://www.apple.com/customer-letter/.
13)  PEW RESEARCH CENTER, More Support for Justice Department Than for Apple in Dispute Over Unlocking iPhone, https://www.people-press.org/files/2016/02/2-22-2016-iPhone-release.pdf.
14)  M. CAROLLO, Influencers: Apple should not help FBI crack San Bernardino iPhone, https://passcode.csmonitor.com/influencers-apple.
15)  R. WYDEN, This Isn’t about One iPhone. It’s About Millions of Them, https://backchannel.com/this-isn-t-about-one-iphone-it-s-about-millions-of-them-3958bc619ea4#.aqamdowkp.
16)  J. SANCHEZ, This Is the Real Reason Apple Is Fighting the FBI, https://time.com/4229601/real-reason-apple-is-fighting-the-fbi/.
17)  B. QUINN, UK surveillance bill could bring ‘very dire consequences’, warns Apple chief, https://www.theguardian.com/world/2015/nov/10/surveillance-bill-dire-consequences-apple-tim-cook; E. LICHTBLAU, Judge Tells Apple to Help Unlock iPhone Used by San Bernardino Gunman, https://www.nytimes.com/2016/02/17/us/judge-tells-apple-to-help-unlock-san-bernardino-gunmans-iphone.html; K. BENNER, E. LICHTBLAU, Tim Cook Opposes Order for Apple to Unlock iPhone, Setting Up Showdown, https://www.nytimes.com/2016/02/18/technology/apple-timothy-cook-fbi-san-bernardino.html?smid=fb-nytimes&smtyp=cur&_r=2; S. FOLEY, T. BRADSHAW, Bill Gates backs FBI iPhone hack request, https://www.ft.com/cms/s/0/3559f46e-d9c5-11e5-98fd-06d75973fe09.html#axzz40yj7FueB; S. VAN VOORST, Apple moet iPhone van aanslagpleger helpen ontsleutelen met speciale firmware, https://tweakers.net/nieuws/108339/apple-moet-iphone-van-aanslagpleger-helpen-ontsleutelen-met-speciale-firmware.html
18  J. GRUBER, Sundar Pichai on the Apple/FBI Encryption Fight, https://storify.com/gruber/sundar-pichai-on-the-apple-fbi-encryption-fight.
19  Jan Koum, CEO and co-founder of WhatsApp, stated on his Facebook account: “I have always admired Tim Cook for his stance on privacy and Apple's efforts to protect user data and couldn't agree more with everything said in their Customer Letter today. We must not allow this dangerous precedent to be set. Today our freedom and our liberty is at stake.” (available at https://www.facebook.com/jan.koum/posts/10153907267490011?pnref=story).
20)  S. VAN VOORST, Google-directeur steunt Apple in encryptiedebat, https://tweakers.net/nieuws/108405/google-directeur-steunt-apple-in-encryptiedebat.html; J. DE VRIES, John McAfee wil San Bernardino-iPhone kraken om backdoors te voorkomen, https://tweakers.net/nieuws/108449/john-mcafee-wil-san-bernardino-iphone-kraken-om-backdoors-te-voorkomen.html; R. LAWLER, Twitter, Facebook support Apple in its fight with the FBI, https://www.engadget.com/2016/02/18/twitter-facebook-support-apple-in-its-fight-with-the-fbi/; J. RIBEIRO, White House says FBI isn't asking Apple for an iPhone back door, https://www.computerworld.com/article/3034694/security/white-house-says-fbi-isnt-asking-apple-for-an-iphone-backdoor.html; D. BASS, Microsoft, Google, Facebook Back Apple in Blocked Phone Case, https://www.bloomberg.com/news/articles/2016-02-25/microsoft-says-it-will-file-an-amicus-brief-to-support-apple; D. SEETHARAMN, J. NICAS, Tech Companies to Unite in Support of Apple, https://www.wsj.com/articles/google-facebook-to-support-apple-in-court-1456434617.
21)  REUTERS, U.S. DOJ is asking Apple for access to one device: White House, https://www.reuters.com/article/apple-encryption-whitehouse-idUSW1N14V03K.
22)  S. FOLEY, T. BRADSHAW, Bill Gates backs FBI iPhone hack request, https://www.ft.com/cms/s/0/3559f46e-d9c5-11e5-98fd-06d75973fe09.html#axzz40yj7FueB; however, in a subsequent interview on ‘Bloomberg Go’, Bill Gates said that he was disappointed with the aforementioned report suggesting that he supports the US government in its clash with Apple (J. CAO, Bill Gates ‘Disappointed’ by Reports He Backs FBI Over Apple, https://www.bloomberg.com/news/articles/2016-02-23/bill-gates-disappointed-by-reports-he-backs-fbi-over-apple).
23)  The Reform Government Surveillance is a coalition between technology companies Microsoft, Apple, Dropbox, Evernote, Facebook, Google, LinkedIn, Twitter and Yahoo! The alliance said while it is extremely important to deter terrorists and criminals, technology companies should not be required to build in backdoors to the technologies that keep their users information secure (REFORM GOVERNMENT SURVEILLANCE, Reform Government Surveillance Statement Regarding Encryption and Security, https://reformgs.tumblr.com/post/139513553507/reform-government-surveillance-statement; more information about the RGS available at https://www.reformgovernmentsurveillance.com/).
24)  PTI (INDIA TODAY), Rules need to catch up with tech to protect privacy: Microsoft, https://indiatoday.intoday.in/story/rules-need-to-catch-up-with-tech-to-protect-privacy-microsoft/1/599686.html; T. WARREN, Microsoft offers tepid support for Apple's battle with FBI, https://www.theverge.com/2016/2/18/11044646/microsoft-apple-fbi-comment-reform-goverment-surveillance.
25)  R. LERMAN, M. DAY, Microsoft takes Apple’s side in iPhone dispute with FBI, https://www.seattletimes.com/business/technology/microsoft-takes-apples-side-in-iphone-dispute-with-fbi/.
26)  J. RIBEIRO, White House says FBI isn't asking Apple for an iPhone back door, https://www.computerworld.com/article/3034694/security/white-house-says-fbi-isnt-asking-apple-for-an-iphone-backdoor.html; BBC, Apple order: White House says San Bernardino request is limited, https://www.bbc.com/news/world-us-canada-35591988.
27)  COUNCIL OF THE EUROPEAN UNION, Coördinator voor terrorismebestrijding, https://www.consilium.europa.eu/nl/policies/fight-against-terrorism/counter-terrorism-coordinator/.
28)  This document was leaked by London-based civil liberties group Statewatch (available at https://www.statewatch.org/news/2015/jan/eu-council-ct-ds-1035-15.pdf).
29)  N. NIELSEN, EU wants internet firms to hand over encryption keys, https://euobserver.com/news/127329.
30)  C. PLEASANCE, Paris attacks 'would not have happened' without encrypted apps hiding terror plans from security agencies, says NSA chief, https://www.dailymail.co.uk/news/article-3453104/Paris-attacks-not-happened-without-encrypted-apps-hiding-terror-plans-security-agencies-says-NSA-chief.html.
31)  J. VALERO, Ansip: ‘I am strongly against any backdoor to encrypted systems’, https://www.euractiv.com/section/digital/interview/ansip-i-am-strongly-against-any-backdoor-to-encrypted-systems/; D. VOLZ, E. BEECH and P. COONEY, Tech group rejects post-Paris call for data encryption ‘backdoors’, https://www.reuters.com/article/us-tech-encryption-idUSKCN0T82SS20151119#alRCoGxE1SvFl4WM.97.
32)  Available at https://www.carlsontoons.com/wp-content/uploads/2016/02/doorCOL.gif.
33)  Founder of McAfee (now Intel Security Group), which is an American global computer security software company headquartered in Santa Clara, California, and the world's largest dedicated security technology company.
34)  J. MCAFEE, JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product, https://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2?IR=T.
35)  Stewart Baker was the first Assistant Secretary for Policy at the United States Department of Homeland Security under the Presidency of George W. Bush and he was in private practice with the Washington, DC-based law firm Steptoe & Johnson LLP from 1981 to 1992 and again from 1994 to 2005.
36)  S. BAKER, Has Apple made iPhones illegal in the financial industry?, https://www.washingtonpost.com/news/volokh-conspiracy/wp/2016/02/20/has-apple-made-iphones-illegal-in-the-financial-industry/; S. BAKER, Or is Apple happy to enable a backdoor as long as it makes money from it?, https://www.skatingonstilts.com/skating-on-stilts/2016/02/or-is-apple-happy-to-build-a-backdoor-as-long-as-it-makes-money-from-it.html; the statement that law enforcement is the real owner of the iPhone 5C at issue, is also supported by Donald Trump (Republican presidential candidate). When he called to boycott Apple for not helping the FBI, he was ridiculed on Twitter for using an iPhone himself (P. HUYGHEBAERT, Trump wil Apple boycotten, maar twittert lustig op een iPhone, https://deredactie.be/cm/vrtnieuws/buitenland/1.2577844).
37)  M. CAROLLO, Influencers: Apple should not help FBI crack San Bernardino iPhone, https://passcode.csmonitor.com/influencers-apple.
38) K. ZETTER, DoJ Files Motion to Force Apple to Hack iPhone in San Bernardino Case, https://www.wired.com/2016/02/doj-files-motion-to-compel-apple-to-cooperate-in-san-bernardino-case/.
39) 47 U.S.C. § 1002(b)(3) CALEA.
40)  M. MASNICK, We Read Apple's 65 Page Filing Calling Bullshit On The Justice Department, So You Don't Have To, https://www.techdirt.com/articles/20160225/15240333713/we-read-apples-65-page-filing-calling-bullshit-justice-department-so-you-dont-have-to.shtml.
41)  Ahmed Ghappour is a law professor at the University of California Hastings College of Law. He specializes in the intersection of law, security and technology (A. GHAPPOUR, Apple Challenges Use Of All Writs Act In Order To Unlock Attacker’s iPhone, https://www.npr.org/2016/02/17/467115555/apple-challenges-use-of-all-writs-act-in-order-to-unlock-attackers-iphone; UC HASTINGS, Introducing Professor Ahmed Ghappour and the Liberty, Security & Technology Clinic, https://www.uchastings.edu/news/articles/2014/05/prof-ahmed-ghappour-intro.php).
42) An amicus curiae (legal Latin) is someone who is not a party to a case and offers information that bears on the case, but who has not been solicited by any of the parties to assist a court. This is a way to introduce concerns ensuring that the possibly broad legal effects of a court decision will not depend solely on the parties directly involved in the case.
43)  In the Microsoft Ireland case, which is still pending, Microsoft was ordered by a US court order to turn over the contents of a customer’s email account stored at an Irish data center (see K. PORTER, Microsoft versus the Federal Government; Round Three, https://www.jdsupra.com/legalnews/microsoft-versus-the-federal-government-62038/).
44)  K. ZETTER, DoJ Files Motion to Force Apple to Hack iPhone in San Bernardino Case, https://www.wired.com/2016/02/doj-files-motion-to-compel-apple-to-cooperate-in-san-bernardino-case/.
45)  B. GROSS, Apple encryption fight with FBI could go to the Supreme Court, https://www.computerworld.com/article/3033926/security/apple-encryption-fight-with-fbi-could-go-to-the-supreme-court.html.
46)  J. GUY-RYAN, A brief history of the U.S. trying to add backdoors into encrypted data, https://www.atlasobscura.com/articles/a-brief-history-of-the-nsa-attempting-to-insert-backdoors-into-encrypted-data; this article provides some historical background on the encryption backdoor debate. It deals with the Enigma machine, Clipper chips and the backdoor into the Dual_EC_DRBG algorithm (a cryptographic algorithm that was supposed to generate random bit keys for encrypting data), for which the NSA paid RSA, a computer security company (proved by documents leaked by Edward Snowden in 2013, see K. ZETTER, How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA, https://www.wired.com/2013/09/nsa-backdoor/all/).

IEFBE 1708

Vragen gestelde aan HvJ EU over vertrouwelijkheid documenten bij handhaver over verboden piramidespel

Prejudiciële vragen gesteld aan HvJ EU 4 november 2015; IEFbe 1708; C-15/16 (Baumeister)
Know how bescherming. Piramidekansspel. Minbuza.nl: Verzoeker heeft (in 2005) als belegger schade geleden door bedrieglijke handelingen van Phoenix Kapitaldienst (‘piramideconstructie’). Hij eist van verweerster (de DUI ‘AFM’) toegang tot documenten in verband met het toezicht op dat bedrijf. Verweerster wijst het verzoek af. Verzoeker gaat in beroep en bij vonnis van 12-03-2008 wordt verweerster gelast hem (beperkt) inzage te verlenen. Hij krijgt onder meer geen inzage in documenten van de VK toezichthouder. In hoger beroep handhaaft verzoeker zijn oorspronkelijke eis. Bij beschikking van 28-04-2010 gelast de rechter overlegging van stukken om na te gaan of de door verweerster aangevoerde weigeringsgronden aanwezig zijn. DUI MinFIN weigert als hoogste toezichthouder overlegging van stukken met een ‘verzetsverklaring’ (geen openbaarmaking wegens mogelijke schade aan openbare belangen). Verzoeker legt dit voor aan een gespecialiseerde kamer die bevoegd is om te beslissen over de noodzaak van geheimhouding in een bestuursrechtelijke zaak die 12-01-2012 voor recht verklaart dat de weigering onrechtmatig is. Ook in deze procedure volgt bezwaar (door ‘AFM’ en MinFIN) en wordt 09-03-2012 in een nieuwe beschikking de weigering gedeeltelijk onrechtmatig verklaard. In de hoofdprocedure wordt vervolgens bij arrest van 29-11-2013 zowel het hoger beroep van verzoeker als verweerster verworpen. De rechter oordeelt dat verzoeker recht heeft op toegang en dat die toegang niet in het algemeen kan worden geweigerd. De in de Wet op het kredietwezen opgenomen weigeringsgrond bevat geen bepaling die strekt tot bescherming van een geheim, maar gaat uit van een bijzondere geheimhoudingsplicht. Ook het EUrecht vereist geen absolute geheimhoudingsplicht. Verweerster stelt beroep in Revision in.

Volgens de verwijzende DUI rechter (Bundesverwaltungsgericht) treffen verweersters bezwaren tegen de door verzoeker gevraagde toegang geen doel. Hij oordeelt dat de appelrechter de uit de DUI wet voortvloeiende bescherming (van bedrijfs- c.q. commerciële geheimen) te eng opvat. Op het moment van de uitspraak was geen sprake meer van voortzetting van Phoenix en was er dus geen belang meer bij geheimhouding van de bedrijfsinformatie. De verwijzende rechter zal de zaak voor nader onderzoek naar het belang van ‘AFM’ en DUI MinFIN bij geheimhouding terugverwijzen naar de lagere rechter maar heeft eerst antwoord nodig op de hieronder aan het HvJEU gestelde vragen. Het gaat dan met name om een nadere uitleg van het begrip ‘geheimhoudingsplicht’ en hoe moet worden vastgesteld of stukken onder dat begrip vallen. De vragen luiden als volgt:

1) a) Valt alle bedrijfsinformatie die de onder toezicht staande onderneming aan de toezichthoudende autoriteit heeft verstrekt, onder het begrip ‘vertrouwelijke gegevens’ in de zin van artikel 54, lid 1, tweede volzin, van richtlijn 2004/39/EG van het Europees Parlement en de Raad van 21 april 2004 betreffende markten voor financiële instrumenten, tot wijziging van de richtlijnen 85/611/EEG en 93/6/EEG van de Raad en van richtlijn 2000/12/EG van het Europees Parlement en de Raad en houdende intrekking van Richtlijn 93/22/EEG van de Raad (PB L 145, blz. 1; hierna ‘richtlijn 2004/39/EG’), en dus onder het in artikel 54, lid 1, eerste volzin, van deze richtlijn bedoelde beroepsgeheim, zonder dat daarvoor aan nadere voorwaarden dient te zijn voldaan?
b) Geldt het ‘geheim van het prudentiële toezicht’ als onderdeel van het beroepsgeheim in de zin van artikel 54, lid 1, eerste volzin, van richtlijn 2004/39/EG voor alle in de stukken vervatte verklaringen van de toezichthoudende autoriteit, met inbegrip van haar correspondentie met andere instanties, zonder dat daarvoor aan nadere voorwaarden dient te zijn voldaan?
Voor het geval dat de vragen a) of b) ontkennend worden beantwoord:
c) Dient de bepaling over het beroepsgeheim in artikel 54, lid 1, van richtlijn 2004/39/EG aldus te worden uitgelegd dat bij de kwalificatie van gegevens als ‘vertrouwelijk’ aa) beslissend is of gegevens naar de aard ervan onder het beroepsgeheim vallen dan wel de toegang tot deze gegevens het belang bij geheimhouding concreet en daadwerkelijk zou kunnen schaden,
bb) of aldus dat bij deze kwalificatie rekening moet worden gehouden met andere omstandigheden die meebrengen dat de gegevens onder het beroepsgeheim vallen,
cc) of aldus dat de toezichthoudende autoriteit zich bij die kwalificatie ten aanzien van de in haar stukken vervatte bedrijfsinformatie van de onder toezicht staande instelling en ten aanzien van haar geschriften die daarmee verband houden, kan beroepen op het weerlegbare vermoeden dat in zoverre commerciële of prudentiële geheimen in het geding zijn?
2. Dient het begrip ’vertrouwelijke gegevens’ in de zin van artikel 54, lid 1, tweede volzin, van richtlijn 2004/39/EG aldus te worden uitgelegd dat de kwalificatie van door de toezichthoudende autoriteit doorgegeven bedrijfsinformatie als commercieel geheim dat bescherming verdient of als gegeven dat anderszins bescherming verdient, enkel afhangt van het tijdstip waarop deze informatie is verstrekt aan de toezichthoudende instantie?
Voor het geval dat vraag 2 ontkennend wordt beantwoord:
3. Dient bij de vraag of bedrijfsinformatie, los van wijzigingen van het economische klimaat, bescherming verdient als commercieel geheim en dus onder het beroepsgeheim valt als bedoeld in artikel 54, lid 1, tweede volzin, van richtlijn 2004/39/EG, op algemene wijze een tijdslimiet – van bijvoorbeeld vijf jaar – te worden gehanteerd, waarvan de overschrijding het weerlegbare vermoeden oplevert dat deze informatie haar economische waarde heeft verloren? Geldt dit eveneens voor het geheim van het prudentiële toezicht?
IEFBE 1683

Gelijke behandeling aanbieders mobiel en vast internet sociale element universele dienst wel verantwoord

Grondwettelijk Hof 3 februari 2016, IEFbe 1682; Arrest nr. 15/2016 (KPN Group Belgium en Mobistar)
Telecommunicatie. Universele dienstverlening. KPN en Mobistar voelen zich gediscrimineerd omdat zij moeten betalen voor de financiering van nettokosten die voortvloeien uit het aanbieden van mobiele diensten en internetabonnementen. Zij vorderen de vernietiging van artikelen 50, 51 en 146 van de Wet elektronische communicatie wegens schending van de Grondwet en strijdigheid met de Universeledienstrichtlijn. Eerder stelde het Grondwettelijk Hof prejudiciële vragen hierover. Het HvJEU oordeelde dat de bijzondere tarieven en financieringsregeling uit de Universeledienstrichtlijn niet van toepassing zijn op mobiel internet (zie IEFbe 1372). Het Grondwettelijk Hof oordeelt dat er geen verantwoording is om aanbieders van mobiel internet, op gelijke wijze te behandelen als aanbieders voor vast internet wat betreft het financieel bijdragen tot de vergoedingsregeling voor specifieke onderneming in de zin van art. 13 lid 1 sub b Universeledienstrichtlijn. Gelijke behandeling inzake het sociale element van de universele dienst is echter wel toegestaan. Het Hof vernietigt artikel 51 en verwerpt het beroep voor het overige.

B.11. Uit wat voorafgaat blijkt dat er geen verantwoording is - ook niet die waarbij de Ministerraad zich beroept op artikel 9, lid 3, van de Universeledienstrichtlijn - om de operatoren die mobieletelefonie- en mobielinternetabonnementen aanbieden, op gelijke wijze te behandelen als de operatoren voor vaste telefonie en vaste internetverbindingen, door de eerste categorie van operatoren, wat de mobiele diensten betreft, met artikel 51 van de wet van 10 juli 2012 mede ertoe te verplichten financieel bij te dragen tot de vergoedingsregeling voor specifieke ondernemingen ter uitvoering van artikel 13, lid 1, onder b), van de Universeledienstrichtlijn.

Daarentegen is het Hof van Justitie in het voormelde arrest (punt 40) van oordeel dat het de lidstaten vrijstaat diensten voor mobiele communicatie, met inbegrip van abonnementsdiensten voor mobiel internet, te beschouwen als aanvullende verplichte diensten in de zin van de artikelen 9, lid 3, en 32 van de Universeledienstrichtlijn. Hieruit volgt dat de wetgever vermocht de operatoren die dergelijke diensten voor mobiele communicatie aanbieden ertoe te verplichten het in het bestreden artikel 50 van de wet van 10 juli 2012 bedoelde sociale element van de universele dienst (sociale tarieven) te verstrekken.

Derhalve is het op basis van de richtlijn, zoals uitgelegd door het Hof van Justitie, wel verantwoord de operatoren, met inbegrip van de verzoekende partijen, op gelijke wijze te behandelen wat betreft het sociale element van de universele dienst en wat betreft de vaste telefoontarieven en de abonnementsdiensten die een internetaansluiting op een vaste locatie vereisen.

B.12. Het middel, afgeleid uit de schending van de artikelen 10 en 11 van de Grondwet, in samenhang gelezen met de artikelen 170 en 172 van de Grondwet en met de artikelen 9 en 32 van de Universeledienstrichtlijn, is niet gegrond in zoverre het is gericht tegen artikel 50 van de wet van 10 juli 2012. Het is gegrond in zoverre het gericht is tegen artikel 51 van die wet, in de mate waarin het betrekking heeft op de mobiele telefonie en mobielinternetabonnementen.

Artikel 51 van de wet van 10 juli 2012 dient te worden vernietigd in zoverre het de operatoren die een openbare elektronische-communicatiedienst aanbieden, voor hun diensten inzake mobiele communicatie en mobielinternetabonnementen, betrekt bij de compensatieregeling waarin dat artikel voorziet. 22 Het komt aan de wetgever toe te beslissen of voor het verstrekken van die diensten een compensatie moet geschieden volgens een ander mechanisme, waarbij geen specifieke ondernemingen worden betrokken.

IEFBE 1674

Twee nieuwe opinies Article 29 Working Party

SCL The IT Law Community bericht: Two new official opinions were adopted by the Article 29 Data Protection Working Party on 16 December and are now published: one on ‘applicable law’ following Google Spain and one on automatic exchange of personal data for tax purposes. Although adopted in December, the latest opinions of the Article 29 Working Party have only now been published.

The first, Opinion 175/16/EN WP 234, has the full title 'Guidelines for Member States on the criteria to ensure compliance with data protection requirements in the context of the automatic exchange of personal data for tax purposes' is a 17-page document and can be accessed as a pdf here.

The second, Opinion 176/16/EN WP 179 update, has the full title 'Update of Opinion 8/2010 on applicable law in light of the CJEU judgement in Google Spain'. That is a much shorter document (12 pages but that includes annexes, including one annex identifying changes to the 2010 Opinion). It does not seem, on a very quick read, to say anything new or profound but SCL members may think differently. The Opinion can be accessed here. The nub of what is communicated is set out below:

'In conclusion, on the basis of the judgement in Google Spain, an additional element should be added to the criteria described in the WP29 Opinion on applicable law, which may trigger the applicability of EU/national law: the criteria of an 'inextricable' (in this specific case economic) 'link' between an activity and the data processing. In its judgement, the CJEU identified this 'inextricable link' taking into consideration the advertisement-financed business model of free on-line services, which is currently the most common mode of operating businesses on the internet. In addition, the judgement suggests that other business models, and different forms of activity (including revenue raising) in an EU Member State may also trigger the applicability of EU law, although the assessment must be made on a case by case basis. Irrespective of where the data processing itself takes place, so long as a company has establishments in several EU Member States which promote and sell advertisement space, raise revenues or carry out other activities, and it can be established that these activities and the data processing are "inextricably linked", the national laws of each such establishments will apply. The judgement provides useful clarification on two aspects: first, the judgement makes it clear that the scope of current EU law extends to processing carried out by non-EU entities with a 'relevant' establishment whose activities in the EU are 'inextricably linked' to the processing of data, even where the applicability of EU law would not have been triggered based on more traditional criteria. Second, the judgement also confirms that - where there is an 'inextricable link' - according to Article 4(1)(a) of Directive 95/46/EC, there may be several national laws applicable to the activities of a controller having multiple establishments in various Member States.'

 

IEFBE 1660

Lezen van privé-email verstuurd met werkmail geen schending privacy

EHRM 12 januari 2016, IEFbe 1660, application no. 61496/08 (Bărbulescu v. Roemenië)
Uit het persbericht: Privacy. Bărbulescu is werkzaam bij een privaat bedrijf in een sales positie. Op verzoek van zijn werkgever maakt hij een email-adres aan voor gebruik in zijn werkzaamheden. Op enig moment krijgt Bărbulescu te horen dat zijn email communicaties zijn gemonitord. Hij wordt ontslagen omdat hij, tegen de bedrijfsregels in, zijn email voor privé berichten heeft gebruikt. Bărbulescu stelt dat zijn emails beschermd zijn door artikel 8 EVRM. Het EHRM oordeelt dat artikel 8 EVRM inderdaad van toepassing is nu het gaat om “private life” en “correspondence”. De nationale gerechten hebben volgens het Hof echter een “fair balance” tussen Bărbulescu’s privacy en de belangen van de werkgever gecreëerd. Het is niet onredelijk voor een werkgever om te willen verifiëren of een werknemer zijn taken goed uitvoert. Daarnaast is het transcript van de emails vertrouwelijk behandeld. Geen schending van artikel 8 EVRM.