Issue 6 / 2019

In the current CRi issue 6 (publication on: 15. Dezember 2019) you find the following articles and case law:



Rothkegel, Tobias / Strassemeyer, Laurenz, Joint Control in European Data Protection Law – How to make Sense of the CJEU’s Holy Trinity, CRi 2019, 161-171

The article analyses and evaluates the three landmark decisions by the CJEU on joint controllership in the light of the general criteria establishing controllership (III.1. to III.3.). Based on this analysis and in an effort to bridge the plethora of logical gaps and questions concerning the identification of joint control, the article establishes five key criteria to facilitate a manageable and verifiable assessment of a potential joint control scenario (III.4.).

Lawrence, J. Alexander / Ehle, Kristina, Combatting Unauthorized Webscraping, CRi 2019, 171-174

The recent decision from the Ninth Circuit Court of Appeals in a dispute between LinkedIn and hiQ Labs has spotlighted the thorny legal issues involved in combatting unauthorized webscraping of data from public websites. While some may interpret the LinkedIn decision as greenlighting such activity, this would be a mistake. On close review of the decision, and in light of other decisions that have held unauthorized webscrapers liable, the conduct remains vulnerable to legal challenge in the United States.

Elteste, Ulrike, Recent Developments in the Law on Payment Services, CRi 2019, 174-180

The new safety requirements under the Second Payment Services Directive (PSD II) came into effect on 14 September 2019. Their interpretation and the supervisory practice in Germany lead to certain limitations in the scope of their application. German courts dealt with, inter alia, charges for the use of specific payment methods, the allocation of liability in fraud cases, chargebacks under PayPal’s buyer protection scheme, and discriminations against EU residents in the context of payments. The German Financial Services Supervisory Authority (BaFin) takes a comparatively strict approach to regulating crypto assets used for payments.

Case Law

Federal Court v. 15 November 2019 - [2019 FC 1432], Canada: Website-Blocking Order Against Innocent ISPs, CRi 2019, 181-186

CJEU (3rd Chamber) v. 3 October 2019 - C-18/18, EU: Scope of Host Provider’s Duty to Remove Unlawful Information After Court Order, CRi 2019, 186-189


China: The 2019 Draft Measures on Security Assessment of Cross-Border Transfer of Personal Information, CRi 2019, 189-192

Verlag Dr. Otto-Schmidt vom 05.12.2019