Article 29 Working Party guidelines and the case law of the CJEU facilitate a plausible argument that in the near future everything will be or will containpersonal data, leading to the application of data protection to everything:technology is rapidly moving towards perfect identifiability of information;datafication and advances in data analytics make everything (contain)information; and in increasingly ‘smart’ environments any information is likelyto relate to a person in purpose or effect. At present, the broad notion ofpersonal data is not problematic and even welcome. This will change infuture. When the hyperconnected onlife world of data-driven agency arrives,the intensive compliance regime of the General Data Protection Regulation(GDPR) will become ‘the law of everything’, well-meant but impossible tomaintain. By then we should abandon the distinction between personal andnon-personal data, embrace the principle that all data processing shouldtrigger protection, and understand how this protection can be scalableNadezhda Purtova (2018) The law of everything. Broad concept of personaldata and future of EU data protection law, Law, Innovation and Technology, 10:1, 40-81, DOI:10.1080/17579961.2018.1452176
N. PURTOVA Spain case, where the Court found search engine providers to be controllers with regard to indexing and making available via its search personal data published on third-party websites.116 Hereby, without expressly mentioning it, the Court overruled the earlier position adopted by the WP29 on two points: first, that the search engine providers cannot be the principal controller when they act purely as an intermediary with regard to the third-party content containing personal data, and second, that the search engine providers can only be controllers with regard to the removal of personal data from their index and search results, [while] the extent to which an obligation to remove or block personal data exists, may depend on the general tort law and liability regulations of the particular Member State.117
id: 02735f6ccbf54327f27ccb0bac98eada - page: 22
At the same time, Advocates General (AGs) in their opinions for the Court do, although not always, refer to the WP29.118 Hence the WP136 may still be of indirect influence on how the concept personal data develops in the case law, if not in terms of substantive outcomes, surely in terms of providing the AGs and the Court with a list of issues to consider. 4.2. The development of the Court of Justices case law on the concept of personal data This section will very briefly sketch the development of the EU case law on the meaning of personal data from Lindqvist until roughly 2014, focusing on the big lines rather than exhaustive description. The year 2014 is chosen as a milestone as it marks a different stage in the Court of Justice case law. This was the year when the Court for the first time engaged in a discussion of an element of the definition of personal data and produced extensive analysis of the meaning of information relating to a person in YS and others.
id: e83d17732381da7f65cb382b8d070b88 - page: 22
The Court of Justice ruled on the meaning of personal data in the Directive in its very first data protection case, Lindqvist,119 and on a number of occasions since then. However, the Courts judgments are not nearly as comprehensive as the WP136. Part of the reason is that nearly all of them are given in the context of a reference for preliminary ruling. While it is true that the Court often reformulates the questions asked, it remains constrained by the questions from the national courts and the circumstances of each case. 115A search done on 28 August 2017 for Article 29 Working Party using the search tool, under data protection subject matter, resulted in four hits, all opinions of Advocates General and no judgments of the Court. 116Case C-131/12 Google Spain SL, Google Inc v Agencia Espaola de Proteccin de Datos and Mario
id: 0e21c346ef7e8334537fc3fb38ddcd84 - page: 22
Costeja Gonzlez ECLI:EU:C:2014:317 et seq. 117Article 29 Working Party Opinion 1/2008 on data protection issues related to search engines, adopted on 4 April 2008 (WP 148), 14. 118Most recently Breyer (n 11), Opinion of Advocate General Sanchez-Bordona; and Nowak (n 24), Opinion of Advocate General Kokott. 119Case C-101/01 Bodil Lindqvist ECR I-12992.
id: 8cda50219f675b6db9204bd7d7a9f03b - page: 22