Issue 2 / 2018

In the current CRi issue 2 (publication on: 15. April 2018) you find the following articles and case law:


CRI mourns the death of Prof. Ray Nimmer, CRi 2018, 33


Rustici, Chiara, GDPR Profiling and Business Practice, CRi 2018, 34-43

The article begins by demonstrating that the business reality of profiling eludes attempts to answer the five simple questions posed by the GDPR (I.). Then, the three dimensions of profiling are elaborated as well as the difficulties in applying the GDPR provisions on profiling to a particular enterprise (II.). The first prong of the main part suggests that textual analysis of the GDPR reveals profiling to be best understood as a conceptual cluster (III.). The second prong of the main part then offers both analogical and policy arguments to prove that the GDPR definition of profiling also is teleological or outcome-based, rather than goal-based (IV.). As a result, it is sufficient that a form or stage of data processing shares the digital dividends of the profiling ecosystem for it to attract the qualification of profiling under the GDPR. A rigorous application of the GDPR regulates the business practice of profiling whether or not new legal tools including a prohibition of profiling by default are introduced and ahead of the forthcoming ePrivacy Regulation (V.).

Stoykova, Radina, The right to Data Portability as a Market Tool, CRi 2018, 44-49

The right to data portability (Art. 20 GDPR) is of hybrid nature, both serving the data subject’s protection and enabling the free flow of data and as such being an instrument to enhance competition and develop the digital singular market. The right could be seen as a regulatory tool, which implies preventing market-entry barriers for SMEs on the basis of legal requirements and standardization on technology.

Lloyd, Ian, Balancing Crime Prevention and Privacy on the Back of Data Retention, CRi 2018, 50-53

Use of our mobile communication devices tells a good deal about us. It is often the case that what number calls what number, at what times and frequencies and, in the case of mobile phones from and to what geographical locations can be as revealing to law enforcement and national security agencies as the actual contents of messages. Inevitably, though, this may involve the processing of data concerning millions of people who have no inclination to engage in unlawful conduct.Establishment of a legal regime for data retention that balances the claims of law enforcement agencies to prevent and detect criminal and terrorist activities has proved to be a difficult task. A number of legal challenges have been brought before the British and European Courts and this note seeks to consider and place in context the recent litigation involving the legality of the United Kingdom’s Data Retention and Privacy Act 2014.

Case Law

Federal Court of Appeal v. 20 February 2018 - , Canada: Interim Injunction Authorising Shutdown and Seizure of Piracy Websites, CRi 2018, 53-58

Court of Appeals for the 9th Circuit v. 29 November 2017 - , USA: Concept of “Personally Identifiable Information”, CRi 2018, 58-60

District Court Northern District of California v. 2 November 2017 - , USA: No Enforceability of Canadian Court Order for Global Delisting in Search Results, CRi 2018, 60-62


Martínez Bavière, Javier, Spain: Extraterritorial Application of “Right to be Forgotten” Contrary to International Law, CRi 2018, 62-64

Verlag Dr. Otto-Schmidt vom 10.04.2018