New UNIO issue now online

By the Editorial Team

The Editorial Board is happy to announce that a new issue of the UNIO – EU Law Journal is now online. The 8(2) issue of UNIO includes contributions from various highly respected scholars and young academics and addresses issues such as a) the deployment of public consultations and referenda in the context specially important political issues (e.g. secession), b) ecological transition, c) tools available to the EU to combat rule of law backsliding, d) the common European asylum system, e) fostering equality and non-discrimination in the EU, and f) and the existence of legal remedies under the GDPR to challenge automated decision-making and profiling resulting in unjustified inferences about a data subject.

We hope this new system pleases both our readers and authors and would like to remind you that we are accepting submissions at UNIO and also at our blog.

You may find UNIO’s 8(2) issue here.

The internalisation of EU law by citizens and how it operates a threat to EU democratic values

André Lima Machado (Master in European Union Law - UMINHO) 

1. Introductory remarks

Last May 10, the Head of State of the Portuguese Republic, Marcelo Rebelo de Sousa, addressed the European Parliament in Strasbourg on the occasion of the Europe Day celebrations.[1] President Marcelo – as he is affectionately called by the Portuguese – called for a stronger Europe, a Europe that leads and anticipates, rather than a Europe that follows events. He went on to explain that the Portuguese believe in the future of Europe: in a Europe that is not the Europe of Heads of State, Heads of Government, or party leaders, but rather a Europe of European women and men, because without both there is not and there never will be a strong Europe, within itself and in the world. This is the challenge – said President Marcelo – there is not much time left to anticipate it, and the millions of Europeans deserve it. 

Moreover, this is a recurring idea in President Marcelo’s speech: “Europe cannot waste time”. And why is that? Because the circumstances of integration have changed substantially. The Portuguese President began by recalling the last time he spoke to MEPs, seven years ago, at the start of his first mandate. It was another time, another world, another Europe. He listed the changes that had occurred since then, such as the pandemic, the UK’s decision to opt out, and the Russian invasion of Ukraine. “In another time, another world, another Europe”, people still believed in the international order, in the existing balance of power, in the advancement of human rights, in the victory of diplomacy over war. People believed in the reform of universal institutions (even if postponed) and in the European security inherited from the 20th century (even if weakened). They believed in the primacy of globalisation, multilateralism, and common causes.

Continue reading “The internalisation of EU law by citizens and how it operates a threat to EU democratic values”

Brazil’s Recent Ratification of the Budapest Convention on Cybercrime

Bruno Calabrich (Public Prosecutor (Brazil) | PhD candidate at the University of Brasília (UnB).)

Cybercrime is a growing issue in today’s digital age, with criminals taking advantage of the interconnectedness and dependency on technology for personal and organizational activities. Cybercrime is not a new problem and has been addressed by the Council of Europe with the Budapest Convention on Cybercrime in 2001, which entered into force in 2004 after ratification by five Council member countries. This international treaty was conceived to serve as a framework for nations to coordinate and cooperate in the investigation, prosecution, and prevention of cybercrime. As highlighted in its preamble, the Convention recognizes the crucial importance of establishing common criminal law and criminal procedural law in order to facilitate “detection, investigation and prosecution at both the domestic and international levels and by providing arrangements for fast and reliable international co-operation”.[1] Chang and Grabosky point out that “the Budapest Convention is the first and only international convention to encourage harmonization of cyber laws and regulations, and to build cooperation among nations in controlling cybercrime”.[2] In its core fundamentals, Member States commit to work together to provide quick and effective responses to cyber-attacks, exchange information on emerging threat trends and assist each other in investigating cross-border criminal activities.

Brazil, as a leading South American country in terms of technological advances and digital economy, has also recognised the importance of addressing these issues. Indeed, after a long period in which little importance was given to the topic (particularly when compared to the European tradition), Brazilian legislation has shown significant advances in several matters related to digital law, cybercrime and personal data protection in recent years. Its main normative milestones are Federal Statute No. 12.737/2012,[3] which “establishes the criminal typification of cybercrimes” – also known as the “Carolina Dieckman Act” –, Federal Statute No. 12.965/2014[4] – the Brazilian Internet Civil Rights Framework –, and Federal Statute No. 13.709/2018[5] – the Brazilian General Data Protection Act (“Lei Geral de Proteção de Dados Pessoais”, or LGPD). In Brazilian Courts, there have also been important decisions, such as the ruling by the Federal Supreme Court (STF) on ADC (“Ação Direta de Constitucionalidade”, a declaratory lawsuit of constitutionality of federal laws or normative acts) no. 51,[6] in February 2023, which confirmed the validity of court orders issued in the interest of criminal investigations for technology companies running internet applications in Brazil, even when the requested data is stored on servers located abroad. Prior to that, in May 2020, the STF, in the judgment of ADI (“Ação Direta de Inconstitucionalidade”, a direct lawsuit of unconstitutionality of federal or state laws or normative acts), no. 6387 MC-Ref/DF, recognized for the first time the protection of personal data as an autonomous fundamental right, not explicitly stated, but inferred from an integrated reading of several provisions of the Brazilian Constitution.[7] This decision prepared the grounds for the enactment of Constitutional Amendment no. 115/22, in February 2022, which expressly included the protection of personal data in the wording of the Constitution among the fundamental rights and guarantees.[8]

Continue reading “Brazil’s Recent Ratification of the Budapest Convention on Cybercrime”

Editorial of May 2023

By Pedro Madeira Froufe (Editor) 

30 years after “Maastricht”: the past and the future of integration (marking Europe’s Day)

1. November 2023 will mark the 30th anniversary of the Treaty on European Union – the Maastricht Treaty. “Maastricht” marks the beginning of a then new era in the integration process which, in a sense, may now be coming to an end. The “post-Maastricht era”, its assumptions and political meaning (guiding European integration), will most likely be different after the war in Ukraine. From this perspective, we can say that European integration has so far had two major phases: an initial phase, a path traced and, at the same time, built, from 1951 (Treaty of Paris, ECSC) to the birth of the European Union (Maastricht Treaty, 1992); and, on the other hand, an era already marked by the existence of the Union, i.e. from 1992/1993 to the present day (a “post-Maastricht” phase). The war in Ukraine heralds the inevitability of a third stage in the integration process which may to some extent redefine (widen?) the very understanding of integration – at least in a political and geostrategic sense. We will most likely be at the dawn of a third phase of “post-war” European integration in Ukraine.

Continue reading “Editorial of May 2023”

Once again on the rule of law in Romania. The risk that thousands of defendants would not face criminal liability: a new wave of requests preliminary rulings at the CJEU

Dragoș Călin (Judge at the Bucharest Court of Appeal and Co-President of the Romanian Judges' Forum Association) 

The decisions of the Constitutional Court of Romania once again created a wave of requests for preliminary rulings at the CJEU. Currently there are ten such new referrals that the ordinary courts in Romania (Brașov Court of Appeal, Bucharest Court of Appeal, Bistrița First Instance Court) have submitted or are going to submit after drafting the decisions,[1] under Article 267 of the Treaty on the Functioning of the European Union. In fact, one of the requests (case C-107/23 PPU, Lin) will be heard in an urgent preliminary ruling procedure, therefore, in a very short time, a solution is expected from the CJEU, as the pleadings are scheduled for 10 May 2023. Another reference for a preliminary ruling was dismissed in a peculiar manner, as a result of the admission by the High Court of Cassation and Justice – Criminal Division of the request to transfer the hearing of the case, the High Court noting the fear of a defendant, judged in several cases in which he has such a capacity, regarding the referral to the CJEU.

In the domestic cases in which these requests were submitted, the accused requested the application of the principle of the most favorable criminal law (lex mitior) in the situation where a decision of the Constitutional Court of Romania declared unconstitutional a legal provision (Article 155 par. (1) of the Romanian Criminal Code) regarding the interruption of the limitation period of criminal liability (Decision no. 358/2022). To do so, the Constitutional Court argued the passivity of the legislator, which did not intervene to bring the legal text into agreement with another decision of the Constitutional Court, issued four years earlier (Decision no. 297/2018). During that time the case law of the common courts formed and attempted to interpret the existing in law in accordance with the Constitutional Court’s decision, the practical consequence of reducing to half the limitation period for all criminal acts for which a final judgment of conviction was not issued prior to the first decision of the Constitutional Court and of terminating the criminal proceedings against the accused in question.

Continue reading “Once again on the rule of law in Romania. The risk that thousands of defendants would not face criminal liability: a new wave of requests preliminary rulings at the CJEU”

From the Digital Services package to the Digital Markets Act: the road to a (more) secure, open, and fundamental rights-friendly digital space

Inês Neves (Lecturer at the Faculty of Law, University of Porto | Researcher at CIJ - Centre for Legal Research | Member of the Jean Monnet Module team DigEUCit)

Aware of the shortcomings arising from the lack of changes to the European Union’s legal framework governing online platforms and digital services, practically since the adoption of the Directive on electronic commerce[1] of 2000, the European Commission presented the Digital services Act package[2] in December 2020. It seeks to ensure and strengthen European digital sovereignty in terms that guarantee fundamental rights and the affirmation of the Union (also on the international stage) as a community of values and rights whose applicability should not depend on the online vs. offline divide. To this end, the options initially pursued, favouring non-interference, minimal regulation,or even the immunisation of intermediaries from any liability, soon proved insufficient to respond to the new digital challenges.

The imperative to provide European citizens and businesses with a secure digital space, respectful of fundamental rights, as well as open, contestable, and fair, is therefore at the origin of a fundamental paradigm shift of increasing responsibility that marks the genetic identity of the digital services package. The vision of a “minimal” European Union is thus replaced by the imposition of a set of obligations on platform service providers, according to a model of ex-ante regulation.

Continue reading “From the Digital Services package to the Digital Markets Act: the road to a (more) secure, open, and fundamental rights-friendly digital space”

Article 12-A and the presumption of an employment relationship for digital labour platforms

Teresa Coelho Moreira (Associate Professor with Aggregation at the Law School of the University of Minho | Integrated member of JusGov )

Nowadays there is an app for everything or almost everything, from simpler activities, such as food delivery, to more complex ones, such as providing legal services, with new digital platforms emerging every day. Indeed, in theory, any activity can be transformed into a task that can be performed through digital platforms and we witnessed this during the pandemic.

In view of this situation, one of the issues that assumes enormous importance is the qualification of the existing relationships between those who provide the activity in digital platforms, with numerous cases having been already ruled around the world.

Bearing this situation in mind, the importance of establishing presumptions increases. However, the presumption provided for in Article 12 of the Portuguese Labour Code, although positive, was envisaged for typical labour relations, for employment relations in the pre-digital era. Regarding the new ways of providing work, the work in digital platforms, it is necessary to recognize the inadequacy of the presumption of employment to face the emerging problems of the new ways of working through digital platforms. Factors such as, inter alia, the ownership of work equipment and instruments, the existence of a work schedule determined by the beneficiary of the activity and the payment of a certain remuneration, are classic signs of legal subordination, but they are hardly operational signs to address the new types of dependency resulting from the provision of services for a particular company, via platforms.

Continue reading “Article 12-A and the presumption of an employment relationship for digital labour platforms”

Finally, the ECJ is interpreting Article 22 GDPR (on individual decisions based solely on automated processing, including profiling)

Alessandra Silveira (Editor)

1) What is new about this process? Article 22 GDPR is finally being considered for before the European Court of Justice (ECJ) – and on 16 March 2023, the Advocate General’s Opinion in Case C-634/21 [SCHUFA Holding and Others (Scoring)][1] was published. Article 22 GDPR (apparently) provides a general prohibition of individual decisions based “solely” on automated processing – including profiling – but its provisions raise many doubts to the legal doctrine.[2] Furthermore, Article 22 GDPR is limited to automated decisions that i) produce effects in the legal sphere of the data subject or that ii) significantly affect him/her in a similar manner. The content of the latter provision is not quite clear, but as was suggested by the Data Protection Working Party (WP29), “similar effect” can be interpreted as significantly affecting the circumstances, behaviour or choices of data subjects – for example, decisions affecting a person’s financial situation, including their eligibility for credit.[3] To this extent, the effectiveness of Article 22 GDPR may be very limited until EU case law clarifies i) what a decision taken solely on the basis of automated processing would be, and ii) to what extent this decision produces legal effects or significantly affects the data subject in a similar manner.

2) Why is this case law so relevant? Profiling is an automated processing often used to make predictions about individuals – and may, or may not, lead to automated decisions within the meaning of the Article 22(1) GDPR. It involves collecting information about a person and assessing their characteristics or patterns of behaviour to place them in a particular category or group and to draw on that inference or prediction – whether of their ability to perform a task, their interest or presumed behaviour, etc. To this extent, such automated inferences demand protection as inferred personal data, since they also make it possible to identify someone by association of concepts, characteristics, or contents. The crux of the matter is that people are increasingly losing control over such automated inferences and how they are perceived and evaluated by others. The ECJ has the opportunity to assess the existence of legal remedies to challenge operations which result in automated inferences that are not reasonably justified. As set out below, the approach adopted by the Advocate General has weaknesses – and if the ECJ adopts the conditions suggested by the Advocate General, many reasonable interpretative doubts about Article 22 GDPR will persist.

3) What questions does Article 22 GDPR raise?  Does this Article provide for a right or, rather, a general prohibition whose application does not require the party concerned to actively invoke a right?  What is a decision based “solely” on automated processing? (which apparently excludes “largely” or “partially” but not “exclusively” automated decisions). Will the provisions of Article 22 GRPD only apply where there is no relevant human intervention in the decision-making process? If a human being examines and weighs other factors when making the final decision, will it not be made “solely” based on the automated processing? [and, in this situation, will the prohibition in Article 22(1) GDPR not apply]?

Continue reading “Finally, the ECJ is interpreting Article 22 GDPR (on individual decisions based solely on automated processing, including profiling)”

Union in a time of war: On the Judgment “Violetta Prigozhina”, Case T-212/22

Pedro Madeira Froufe (Editor)


On 8 March 2023, the General Court delivered a judgment in the case of Violetta Prigozhina (Case T-212/22),[1] whose applicant is an octogenarian lady and mother of the well-known Russian “war entrepreneur” who leads the pro-Kremlin mercenary group called the “Wagner Group”.

The European Union (EU) has always had a sufficiently clear and assertive position towards the invasion of Ukraine by the military forces of the Russian Federation, which began on 24 February 2022. Support for Ukraine stems from many factors, not least the Ukrainian people’s desire to move closer to the European way of life. The so-called “Euromaidan revolution” that began in Kiev in 2014 reacted against the former President Víktor Yanukóvytch for having refused to sign the agreements on trade cooperation and, in general, greater openness to the EU, apparently under pressure from Moscow.[2] On the other hand, the military action (aggression) unleashed in 2022 by Russia against Ukraine calls into question the international order and the assumptions of peace built up after the Second World War. From the perspective of the EU (and the political and civilisational bloc currently referred to as the “West”, associated with the framework of the democratic rule of law), this is a serious violation of international law.

Continue reading “Union in a time of war: On the Judgment “Violetta Prigozhina”, Case T-212/22″

New CitDig website

The Editorial Team

On 1 October 2022 the European Commission awarded a “Jean Monnet Centre of Excellence” to the University of Minho under the Erasmus+ Programme. It is entitled “Digital citizenship and technological sustainability: pursuing the effectiveness of the CFREU in the digital decade” (CitDig) and is coordinated by Alessandra Silveira. In this context, CitDig presents its new website and electronic repository entitled “Espaço UNIO”, under which content related to European Union law will be made available, through various formats that record the interaction between its researchers.

You may find CitDig’s new website and the Espaço UNIO repository here: