The European Court of Justice (ECJ) ruled on 6 October 2021 in Top System SA v. Belgian State (Case C‑13/20) EU:C:2021:811 that, under article 5(1) of the Software Directive (Council Directive 91/250/EEC) (the Directive), lawful purchasers of software are permitted to decompile programs (in whole or in part) in order to correct errors affecting the

On 23 April 2018, the European Commission published a proposal for a Directive on the protection of whistleblowers reporting on breaches of EU law, accompanied by an explanatory memorandum.

The Directive

The intention behind the proposal is to harmonise the minimum level of protection available to whistleblowers across the EU. It reflects the Commission’s view that whistleblowers can play an important role in exposing breaches of EU law, but they will often resist coming forward for fear of the legal and financial consequences which may occur. At present, legal protection for whistleblowers is fragmented and, in the Commission’s view, insufficient. In its explanatory memorandum, the Commission talks of ‘missed opportunities’ for preventing and detecting breaches of EU law where certain Member States currently have a lack of protection and argues that the harmonisation brought about by the draft Directive will contribute toward improving the business environment, increasing fairness in taxation and promoting labour rights.

The draft Directive applies to reports of breaches across a wide range of EU areas of law, including the protection of privacy and personal data, and security of network and information. It creates an obligation to establish internal channels and procedures to handle reports made by whistleblowers, which applies to entities that meet the prescribed thresholds. For those entities in the private sector, the threshold is 50 or more employees, or an annual turnover of EUR 10 million or more, although this does not apply to businesses offering financial services, for which there is no minimum threshold. Entities in the public sector will be caught if they are involved in state or regional administration, if they are responsible for municipalities with more than 10,000 inhabitants or if they are otherwise governed by public law.

Continue Reading European Commission proposes draft Whistleblowing Directive

In anticipation of the implementation of the Trade Secrets Directive, the topic of know-how protection has been widely discussed. Dr Anette Gärtner, along with Sabrina Gossler, has written an article which explores the current legal situation in Germany, analyses the relevant provisions of the Directive and explains the immediate next steps for companies operating in

On 23 February 2018, the Article 29 Working Party (WP29) sent a letter to Alban Schmutz, President of Cloud Infrastructure Services Providers in Europe (CISPE), in response to the organisation’s submission of a draft Code of Conduct for Cloud Infrastructure Service Providers.

In conducting its review, the aim of WP29 was to ensure that the draft Code would enable individuals to feel confident that their chosen cloud infrastructure services are compliant with the Data Protection Directive (Directive 95/46/EC) (the ‘Directive’) and the General Data Protection Regulation ((EU) 2016/679) (GDPR). It should be noted that the GDPR recommendations made by WP29 are non-binding for now, with a final assessment of the Code to be made once the GDPR is implemented on 25 May 2018.

In the annexes to the letter, a series of general and specific remarks are made to assist CISPE in re-evaluating and redrafting the Code.

Continue Reading Article 29 Working Party makes recommendations following submission of Code of Conduct for Cloud Infrastructure Service Providers

According to the opinion of the Advocate General Pedro Cruz Villalón, published 12 December 2013, the Directive 2006/24/EC is as a whole incompatible with the requirement, laid down in the Charter of Fundamental Rights, that every limitation on the exercise of a fundamental right must be provided for by law. The Directive itself should already

This post was written by Cynthia O’Donoghue.

In early July, the European Parliament adopted a new directive harmonizing the criminal laws relating to cyberattacks (Directive). It will replace the current nonbinding agreement between EU countries from 2005 (Framework Decision 2005/222/JHA). The Directive aims to harmonise the approach to cybercrime, by requiring all

This post was written by Cynthia O’Donoghue.

On 23 and 24 February 2012, the General Secretariat to the EU presented the proposed Data Protection Regulation to the EU Working Party on Information Exchange and Data Protection (DAPIX), stating that the new proposals were motivated by the European Commission’s (EC) desire to stimulate growth across

This post was also written by Nick Tyler.

The UK Minister responsible for government policy on data protection has raised concerns about any proposed “radical rewrite” of the EU Data Protection Directive.

Kenneth Clarke, Lord Chancellor and Secretary of State for Justice, called for both flexibility and a common-sense solution to modernising data protection