Under European data protection law, consent of the data subject is one of the six grounds for lawful processing of personal data. It is such an important ground that lawmakers considered it necessary to provide a legal definition of consent. One of the conditions under this definition is that it needs to be “freely given.” The General Data Protection Regulation (GDPR) 3 has further expanded on this concept in Article 7(4). It refers to a situation under which consent might not be considered “freely given.” If consent is invalid because it is not freely given, the processing is usually unlawful. Consequently, a legal basis for processing is missing. Therefore, this is an important provision. Yet the wording of this new provision is vague and its scope is unclear. Thus, the question arises as to how Article 7(4) should be applied. In this paper, the authors tease out the assessment criteria for the application of this provision on the basis of its text, structure and history. These criteria will then be applied to hypothetical cases in the final section.

In: Bulk Collection: Systematic Government Access to Private-Sector Data, ed. F.H. Cate & J.X. Dempsey, Oxford University Press, 2017, ISBN: 9780190685515.

There are many ways to approach the question of government access to private-sector data. Much of the recent public debate has focused on access in the context of national security and traditional law enforcement, with respect to both targeted and untargeted access to data collected and processed by third parties. As more and more data is collected and stored by the private sector (“big data”), the amount of data that can be retrieved by governments is steadily increasing. A new “third domain” has emerged, where data is used for social security and tax surveillance and other types of non- traditional law enforcement. The Digital Rights Ireland case is the point of departure of this chapter. Next, two recent judgments by national courts are described, in which national data retention rules were tested against the ruling in the Digital Rights Ireland case and the necessity of independent oversight was discussed in further detail. This chapter draws from a recent study by the Institute for Information Law (IViR) to formulate standards for independent oversight. These standards are based on a broader analysis of the relevant jurisprudence of the European Court of Justice— including the Digital Rights Ireland case— and of the European Court of Human Rights (ECtHR). The analysis is also based on selected studies, reports, resolutions, and recommendations.

IRIS Special, 2017-1, European Audiovisual Observatory, Strasbourg, ISBN: 9789287184870

Publication forthcoming in Kritika. Essays on Intellectual Property, Vol. III

This paper argues against the idea of a ‘data producer’s right’. Introducing a property right in machine-generated data would seriously compromise the system of intellectual property law that currently exists in Europe. It would also contravene fundamental freedoms enshrined in the European Convention on Human Rights and the EU Charter, distort freedom of competition and freedom of services in the EU, restrict scientific freedoms and generally undercut the promise of big data for European economy and society.

This article assesses how the European Court of Human Rights has responded to the argument that holding online news media liable for reader comments has a chilling effect on freedom of expression. The article demonstrates how the Court first responded by dismissing the argument, and focused on the apparent lack of evidence for any such chilling effect. The article then argues that the Court has moved away from its initial rejection, and now accepts that a potential chilling effect, even without evidence, is integral to deciding whether online news media should be liable for reader comments. Finally, the article argues that this latter view is consistent with the Court’s precedent in other areas of freedom of expression law where a similar chilling effect may also arise.

Online shops could offer each website customer a different price. Such personalized pricing can lead to advanced forms of price discrimination based on individual characteristics of consumers, which may be provided, obtained, or assumed. An online shop can recognize customers, for instance through cookies, and categorize them as price-sensitive or price-insensitive. Subsequently, it can charge (presumed) price-insensitive people higher prices. This paper explores personalized pricing from a legal and an economic perspective. From an economic perspective, there are valid arguments in favour of price discrimination, but its effect on total consumer welfare is ambiguous. Irrespectively, many people regard personalized pricing as unfair or manipulative. The paper analyses how this dislike of personalized pricing may be linked to economic analysis and to other norms or values. Next, the paper examines whether European data protection law applies to personalized pricing. Data protection law applies if personal data are processed, and this paper argues that that is generally the case when prices are personalized. Data protection law requires companies to be transparent about the purpose of personal data processing, which implies that they must inform customers if they personalize prices. Subsequently, consumers have to give consent. If enforced, data protection law could thereby play a significant role in mitigating any adverse effects of personalized pricing. It could help to unearth how prevalent personalized pricing is and how people respond to transparency about it.

Verspreiding antiquarisch exemplaar Mein Kampf valt wel onder 137e 2e Sr, maar is niet strafbaar omdat de beperking in strijd komt met artikel 10 EVRM.

Privacy werknemers bij een kritische publicatie over het bedrijf waar zij werkzaam zijn. Recht op anonimiteit?

In: Promoting dialogue between the European Court of Human Rights and the media freedom community, Conference e-book, European Centre for Press and Media Freedom (ECPMF)

European Centre for Press and Media Freedom, the Council of Europe and other partners, Strasbourg, 24 March 2017. Video recording, Part 2, EN, starting at 3.05.20.

In zijn arrest laat de Hoge Raad zich uit over hoe de rechten op privacy en gegevensbescherming zich verhouden tot het recht op vrijheid van meningsuiting.

Deze bijdrage vormt het tweede deel van het overzicht en de analyse van de jurisprudentie van het EHRM over de afgelopen zeven jaar. Het eerste deel werd gepubliceerd in het eerste nummer van dit jaar. Ditmaal is er aandacht voor de speciale positie van de pers, voor uitlatingen over rechtszaken, voor klokkenluiden en openbaarheid van bestuur, voor uitlatingen op internet en voor ‘hate speech’. Een uitleiding sluit het geheel af.

On 20 June 2017, Axel Arnbak and Frederik Zuiderveen Borgesius spoke at the Dutch Senate (Eerste Kamer) at an Expert Meeting on Privacy. The meeting focused on two bills, 'Computercriminaliteit III' (Computer Crime III, concerning, among other things, hacking by the police) and 'Vastleggen en bewaren kentekengegevens door politie' (on the use of automatic number plate recognition cameras by the police).

Spanish translation of ‘Copyright Formalities in the Internet Age: Filters of Protection or Facilitators of Licensing’

WIPO Publication No. 1037E/17, WIPO, Geneva, 176 p.

Op grond van een uitzonderingsbepaling in de Auteurswet mogen openbare bibliotheken zonder voorafgaande toestemming van de rechthebbenden (o.a. auteurs en uitgevers) werken (boeken, beeld- en geluidsdragers) uitlenen, mits hiervoor een billijke vergoeding (leenrechtvergoeding) aan de rechthebbenden wordt betaald. De Stichting Leenrecht is aangewezen om deze wettelijke vergoeding te innen bij de openbare bibliotheken. Zij heeft geconstateerd dat het aantal doorgegeven uitleningen de laatste jaren afneemt, waarna de vraag is opgeworpen aan welke oorzaken deze daling is toe te schrijven, in het bijzonder de relatie met het ontstaan van bibliotheken op school. Ecorys en IViR hebben dit onderzoek in het najaar van 2016 uitgevoerd.