ANALYSIS: The European Court Of Justice’s Recent Judgment On The Direct Applicability Of The Data Protection Directive And Its Impact On German Privacy Law
By Michael Schmidl, of Baker & McKenzie, Munich.
This article summarises the Judgment of the Court of Justice of the European Union of November 24, 2011 (in joined cases C-468/10 and C-469/10) and analyses potential consequences for the application of German privacy laws.
Summary of the Judgment
On November 24, 2011, the European Court of Justice rendered a judgment (hereafter “ECJ Judgment”) in a procedure according to Article 267 of the Treaty on the Functioning of the European Union (hereafter “TFEU”) (see related report in this issue). Article 267 TFEU enables the European Court of Justice to give preliminary rulings upon an EU Member State court’s or tribunal’s initiative concerning the interpretation of the Treaties and the validity and interpretation of acts of the institutions, bodies, offices or agencies of the European Union.
Article 267 TFEU has the following wording:
Article 267. The Court of Justice of the European Union shall have jurisdiction to give preliminary rulings concerning:
(a) the interpretation of the Treaties;
(b) the validity and interpretation of acts of the institutions, bodies, offices or agencies of the Union.
Where such a question is raised before any court or tribunal of a Member State, that court or tribunal may, if it considers that a decision on the question is necessary to enable it to give judgment, request the Court to give a ruling thereon.
Where any such question is raised in a case pending before a court or tribunal of a Member State against whose decisions there is no judicial remedy under national law, that court or tribunal shall bring the matter before the Court.
If such a question is raised in a case pending before a court or tribunal of a Member State with regard to a person in custody, the Court of Justice of the European Union shall act with the minimum of delay.
In the two relevant cases, C-468/10 and C-469/10, the European Court of Justice’s preliminary ruling was requested by the Spanish Supreme Court (Tribunal Supremo) being uncertain about the compliance of certain provisions under Spanish law with Directive 95/46/EC (the Data Protection Directive). The underlying national court procedures were triggered by:
• the Asociación Nacional de Establecimientos Financieros de Crédito (hereafter “ASNEF”) (C-468/10), an association of banks, and
• the Federación de Comercio Electrónico y Marketing Directo (hereafter “FECEMD”) (C-469/10), an association of e-commerce and direct marketing providers.
In the administrative proceedings, both ASNEF and FECEMD took the view that certain Spanish laws (i.e., Organic Law 15/1999 and Article 10(2)(b) of Royal Decree 1720/2007) were not compliant with the requirements set forth by Article 7(f) of Directive 95/46/EC because these laws required that personal data appear in public sources in order to be covered by the statutory permission under Spanish law created as implementation of Article 7(f) of Directive 95/46/EC…