Information Sharing and Data Protection in the Area of Freedom, Security and Justice, Towards Harmonised Data Protection Principles for Information Exchange at EU-level
Abstract
Privacy and data protection in police work and law enforcement cooperation has always been a challenging issue. Current developments in EU internal security policy, such as increased information sharing (which includes the exchange of personal data between European law enforcement agencies and judicial actors in the area of freedom, security and justice (Europol, Eurojust, Frontex and OLAF)) and the access of EU agencies, in particular Europol and Eurojust, to data stored in European information systems such as the SIS (II), VIS, CIS or Eurodac raise interesting questions regarding the balance between the rights of individuals and security interests. This book deals with the complexity of the relations between these actors and offers for the first time a comprehensive overview of the structures for information exchange in the area of freedom, security and justice and their compliance with data protection rules in this field. © Springer-Verlag Berlin Heidelberg 2012. All rights are reserved.
Chapters (4)
In order to study the observance of the AFSJ actors with European data protection principles, these principles have to be identified.
Chapter B seeks to present the data processing and data protection framework of the different European actors in the AFSJ in order to assess their compliance with the data protection guarantees developed in Chap. A. As demonstrated in Chap. A, the general data protection rules in the AFSJ are diversified and reflect the former pillar structure. Therefore, specific data protection rules are additionally entailed in the legal bases of the AFSJ actors itself. To analyse to which extent personal data are protected at the AFSJ actors, a first subdivision studies the legal framework of the agencies Europol, Eurojust Frontex as well as the Commission’s anti fraud unit OLAF. A second section involves the analysis of the data processing activities of the information systems SIS, CIS, VIS and Eurodac in the AFSJ. The data protection standards of the Council of Europe, specified in Convention No. 108, Recommendation R (87) 15 and particularly within the ECtHR’s interpretation of Article 8 ECHR as well as the EU principles demonstrated above are duly considered in this analysis. The following Chapter therefore critically reviews the data processing activities as well as the data protection mechanisms of the main AFSJ actors.
As has already been established in the present contribution, the data protection frameworks of the AFSJ actors show several shortcomings and inconsistencies. Having this in mind, it is now worth pointing out that the data processing by these actors is not limited to the actors themselves; most of them are additionally interlinked with each other. Consequently, it is interesting to evaluate how and if at all, personal data are protected when it comes to the cooperation and the exchange of personal data amongst the different AFSJ actors.
As follows from the foregoing analysis, information sharing in the AFSJ has become an essential tool in recent years to contribute to EU-internal security policy. Law enforcement cooperation between Member States, EU agencies, bodies and information systems is based to a large extent on the exchange of (personal) data and plays an increasing role in the AFSJ. The Hague as well as the Stockholm programme call for an increasing interoperability of the AFSJ databases which in some cases leads to a questionable connection of systems established for different purposes.
... 15 A measure on secret surveillance may be found to be in compliance with the Convention only if it is strictly necessary, as a general consideration, for safeguarding democratic institutions and, as a particular consideration, for obtaining vital intelligence in an individual operation if it is strictly necessary. 16 Otherwise, it is a serious threat to individual democracy in today's world [88]. The phrase "in accordance with the law" implies conditions that go beyond the existence of a legal basis in domestic law and requires that the legal basis be "accessible" and "foreseeable" [120]. ...
... In the case of foreseeability in the context of covert interception of communications, the requirements of the Convention cannot exactly be the same under the special circumstance of interception of communica- 14 [66]. 16 Szabó and Vissy v. Hungary [114]. 17 20 Klass and Others v. Germany paras 42, 49 [61]. ...
... 61 Notification of surveillance measures is inextricably linked to the effectiveness of remedies before the court, 62 and hence to the existence of effective safeguards against the abuse of monitoring powers, since in principle there is little scope for recourse to the courts by the individual concerned unless he/she is advised on the measures taken without his/her knowledge and thus able to challenge their legality retrospectively. 63 The ECtHR used Klass as an opportunity to stipulate basic principles that balance the state's secret surveillance powers against the rights of targeted individuals, in particular, the rights to be informed of the surveillance measures and the possibility of having recourse to the courts after the termination of such measures [16]. In Klass, the ECtHR did not directly require the person concerned to be notified, but in recent cases, beginning with Association for European Integration and Human Rights and Ekimdzhiev v. Bulgaria, the ECtHR increasingly insists on the notification duty [17]. ...
The bulk interception of cross-border communications, commonly referred to as “digital surveillance”, poses unique challenges. Developments facilitating law enforcement agencies’ ability to conduct investigations and surveillance and
the public’s mass adoption of digital communication technologies have created new
investigative targets. The police and the private sector have harnessed technological
innovations to create new and previously unimaginable investigative tools. The bulk
interception of communications is a complex issue that falls within the purview
of Article 8 of the European Convention on Human Rights (ECHR). As a severe
intrusion into private life and correspondence, all forms of telephone conversations
must be based on law that is specific. The Grand Chamber of the European Court
of Human Rights (ECtHR) decided two important cases—Big Brother Watch and
Others v the United Kingdom and Centrum för rättvisa v Sweden; at the centre of
this debate are the right to privacy and surveillance of communications. The ECHR
developed new criteria to assess whether the states acted within their margin of appreciation, and the ECtHR introduced eight criteria and ruled that bulk interception
and collection of foreign communications is a legal state activity and that exchanging information with their intelligence partners in different states is allowed under
certain conditions. In the main part of the article, the author deals with the two
above-mentioned decisions and analyses the ECtHR’s positions on the surveillance
of individual and mass communications.
... Another crucial example is "vertical mixity", an expression that points at international agreements split between EU substantive regulation and Member State implementation, which is fictitious according to García Andrade: "since the treaty-making power is a normative power, the Union will be entitled to conclude these agreements alone, either for being a field of exclusive EU competence in the case of short-term visas, or a concurrent competence that the EU may exercise in the case of readmissions" (2019: 45 Before the Treaty of Lisbon was adopted, the European Community lacked a legal basis that it could have relied upon to legislate in the field of personal data. This gap did not prevent it from regulating the matter and data protection rules were provided for in both intergovernmental 33 and supranational instruments 34 , given that the justice and home affairs area is the prominent example of a sectorial-patchworked regulation (Boehm, 2012 (Liñán Nogueras, 1996: 13-16;2001: 374;2020: 126). Thus, the proposed legislation on the protection of personal data was smartly designed under the logic of trade liberalisation among Member States (Lynskey, 2015: 47-48). ...
El presente estudio resume la jurisprudencia y las normas convencionales que sustentan el ejercicio de las competencias externas (implícitas) de la Unión Europea (UE) aplicadas al art. 16.2 del Tratado de Funcionamiento de la UE (TFUE). El art. 16.2 del TFUE faculta a la UE para adoptar normas sobre la protección de las personas cuyos datos personales se procesados y sobre la libre circulación de dichos datos. Las normas adoptadas sobre esta base jurídica podrían activar el criterio de afectación AETR/ERTA codificado en el art. 3.2 del TFUE, convirtiendo la competencia compartida interna de la UE en competencia exclusiva externa. Nuestro análisis sostiene que, a la luz de la legislación de la Unión vigente en materia de protección de datos, la UE posee una competencia externa (implícita) compartida/concurrente basada en el art. 16.2 del TFUE. Por este motivo, las negociaciones para acceder al Convenio 108+ del Consejo de Europa fueron mixtas.
... Regarding the origin of the right to privacy, see Glancy (1979). On the right to privacy, see Prosser (1960), Thomson (1975), Regan (1990), Schwartz (1999), Mills (2008), Bennett (2010), Boehm (2011), andBennett (2018). As discussed in the following Section 7, the use of AI for manipulation Please, refer to Section for references and citations. ...
Artificial Intelligence, unperceived, can acquire the user's data, find connections not visible by a human being, profile the users, and aim at persuading them, resulting in Persuasive Technology (PT). During the persuasive process, PT can use manipulation, finding and using routes to affect System 1, the primordial brain of individuals, in the absence of their awareness, undermining their decision-making processes. Multiple international and European bodies recognized that AI systems could use manipulation at an unprecedented degree via second-generation dark patterns such as the hypernudge and that computational manipulation constitutes a risk for autonomy and different, overlapping, fundamental rights such as privacy, informational self-determination and freedom of thought. However, there is a lack of shared ideas regarding which fundamental rights are violated by computational manipulation and which fundamental rights can protect individuals against it. The right to be let alone and the right to hold and express a thought differ from the right to create a thought, being in control of the decision-making process and free from cognitive interferences operated by computational manipulation. Therefore, this paper argues in favor of recognizing a newly emerged fundamental right, the right to mental self-determination, tailored to the unprecedented abilities of AI-driven manipulative technologies.
... Анализа члана 13 у Association for European Integration and Human Rights and Ekimdzhiev v. Bulgaria је најкомплетнија анализа у судској пракси у вези са питањем накнадног обавештења самим тим и са постојањем делотворних заштитних механизама против злоупотребе овлашћења надзора, пошто у принципу постоји мало простора за обраћање судовима од стране појединаца о којима је реч. 35 ЕСЉП је искористио пресуду Klass као прилику да одреди основне принципе који балансирају између овлашћења државног тајног надзора и права циљаних појединаца, посебно права да буду обавештени о мерама надзора и могућности да се обрате судовима након престанка таквих мера (Boehm, 2012). У Klass, ЕСЉП није директно захтевао обавештавање дотичне особе, али у новијим случајевима ЕСЉП све више инсистира на обавези обавештавања (Boehm & de Hert, 2012), почев од Association for European Integration and Human Rights and Ekimdzhiev v. Bulgaria. ...
Authors in this work deal with bulk interception of communications and its relationship with the right to privacy. At the center of the debate are new ECtHR’s judgments in cases Big Brother Watch and Others v. the United Kingdom and Centrum för Rättvisa v. Sweden. The ECtHR decided to develop new criteria regarding bulk surveillance because the developed six criteria are more than ten years old. However, this approach may be questionable given the relatively new judgments in the same matter but in which the old approach is taken. This work is divided into several parts. After introductory remarks, the authors briefly explain the main human rights documents regarding the bulk interception of communications and the right to privacy. After that, they explain the approach of the European Court of Human Rights. In the first place, they explain the general principles relating to secret measures of surveillance, including the interception of communications, after which he explains ECtHR’s approach in bulk surveillance cases and the ECtHR approach to be followed in bulk interception cases.
... Vavoula (2015Vavoula ( , 2020aVavoula ( , 2020b has evaluated how such interoperability complies with respect for private life and the protection of data. Vavoula argues that the system is flawed, which threatens individual privacy when national and EU systems do not comply (see also Boehm, 2012aBoehm, , 2012b. The permission to use EURODAC data for risk assessment (i.e., to combat terrorism) equally weakens the protection provided by law. ...
This article scrutinises the European Asylum Dactyloscopy Database (EURODAC) as a research object for social science. EURODAC serves as an important part of the Common European Asylum System (CEAS) infrastructure by registering dig‐ italised fingerprints of asylum seekers, which facilitates the allocation of responsibility following the Dublin Regulation. In this article, we explore the role of EURODAC from its implementation in 2003 until April 2021 through a scoping review that maps and analyses existing social science research in the field. In total, 254 scholarly publications—identified in Scopus, Academic Search Complete, and Web of Science—were reviewed. The article seeks to answer three research questions: What is the accumulated knowledge within social science research on EURODAC? What gaps and trends exist in this research? What are the possible implications of this knowledge, gaps, and trends for other areas of the CEAS such as asylum evaluations and reception of asylum seekers? Based on a qualitative thematic analysis, our review shows that research on EURODAC can be divided into three broad categories: research that focuses on the reconfiguration of borders; research that focuses on migration governance and resistance; and research that emphasises fundamental rights and discrimination. In our final discussion, we highlight the lack of ethnographic studies, of gender and intersectional perspectives, and of in‐depth studies on national legal frameworks including asylum evaluations and reception practices across the EU. The article concludes that social science needs to address the socio‐political underpinnings of EURODAC and acknowledges its centrality to all areas of the CEAS.
... Over the years and several legislative revisions, the number of objectives attached to each system has increased and they have gradually focused more on migration control 7 , giving greater access to law enforcement authorities for security purposes. They have become multi-purpose databases, raising several concerns as to the right to data protection (from the vast literature on database and data protection, see Boehm 2012, Brouwer 2008, Fundamental Rights Agency 2018a, Vavoula 2020b and blurring the lines between border management, control and policing purposes. ...
EU management of migration is undergoing an unprecedented transformation because of the use of databases and information systems. Drawing on the concept of border performativity, this article discusses how data is transforming the border. In particular, the article focuses on 1) how the EU JHA databases are evolving, from separate systems each with one purpose to multi-purpose databases, and 2) how the new EU plan – the interoperability regulation – connects and merges biometric and biographical data, as part of a shift from a silo-based approach towards a single centralised information system. The article - based on results of several research projects carried out between 2011 and 2019 adopting mixed methodology - discusses the border crossers’ role in challenging this digital border control, both in light of the current practices of data collection and processing and newly approved EU regulations. The article argues that the transformation of border control practices into practices driven by data processing makes it more difficult for border crossers to manoeuvre the system and legally challenge decisions based on data processing, thus, hampering the transformation of the border from below.
... European Union (EU)-wide border biometric information management systems [20], including the European Asylum Dactyloscopy Database (EURODAC), Visa Information System (VIS) and Second-generation Schengen Information System (SIS II) have an increasingly important role in the identity establishment process by storing biographic and biometric data of third-country nationals [12,39]. In addition, the centralized Entry/Exit System (EES) of border control is expected to be fully implemented by 2020 in compliance with Regulations (EU) 2017/2225 [2] and (EU) 2017/2226 [3]. ...
This paper discusses concerns pertaining to the absoluteness of the right to privacy regarding the use of biometric data for border control. The discussion explains why privacy cannot be absolute from different points of view, including privacy versus national security, privacy properties conflicting with border risk analysis, and Privacy by Design (PbD) and engineering design challenges.
... This new and current legal basis enables Europol to tackle EU security threats by officially setting up specialized internal structures such as the European Counterterrorism Centre and the EU Internet Referral Unit (Moor & Vermeulen, 2010b). In fact, the new legal basis strengthened Europol's accountability to the EU and national parliaments and enhanced its data protection regime, as Europol is now accountable to the EU Data Protection Supervisor, thus solving a critical and sensitive issue over Europol's control in processing personal data, which had been pending since its establishment (Boehm, 2012:292, OJEC, 2001. Although it remains to be seen what has been the added value of the new legal basis in the operational work of Europol (Busuioc & Groenleer, 2013), it is certain that the new regulation enhanced Europol's mandate and improved its ability to act as a pan-European platform in the fight against organized crime and terrorism in line with the requirements of the Treaty of Lisbon. ...
... Eurodac tivi attribuiti a ciascun sistema si sono moltiplicati, diventando progressivamente più focalizzati sul controllo della migrazione 9 , attribuendo più ampi diritti di accesso a un numero sempre maggiore di autorità. In breve, si sono trasformati in database multi-scopo, sollevando numerosi interrogativi in merito al rispetto del diritto alla protezione dei dati personali (tra la vasta letteratura sulla protezione dei dati e questi database, si veda Boehm 2012, Brouwer 2008. ...
Lo scandalo di Cambridge Analytica produce allarme nell’opinione pubblica, ren-dendo palese quello che era risaputo tra gli addetti ai lavori. Esiste una “industria del dato” che con metodi più o meno leciti raccoglie informazioni sui cittadini, unisce databases e produce profilazioni in base a gusti, orientamenti valoriali, abitudini sessuali, pratiche religiose, etc., rivendendole a partiti, gruppi di interesse, multinazionali. L’uso di questi dati è documentato in numerosi studi che si soffermano sulla segmentazione e sulla successiva targhettizzazione del messaggio, già nelle campagne elettorali moderne degli anni ‘60 (Howard 2006; Nickerson e Rogers 2014). La piattaforma digitale tuttavia amplifica questo fenomeno, facilitando la raccolta automatica dei dati grazie specialmente ai social network. A questo proposito il Ceo di Cambridge Analytica Alexander Nix dice: “Oggi non serve più bussare alle case della gente per reperire i dati. I dati sono ovunque. E determinano ogni decisione” (Kaiser 2019, p. 67). Nell’articolo ci si interroga su quanto il “potere dei dati” possa influenzare la qualità della democrazia e quali siano le possibili conseguenze delle asimmetrie sugli esiti elettorali.
... 48 Saradnja sa odvija putem dvije ključne tačke za saradnju: nacionalnih jedinica za saradnju sa EUROPOL-om i policijskih službenika za vezu (koji su pripadnici nacionalne jedinice) koji se upućuju na rad u sjedište Agencije u Den Hagu. U cilju izvršavanja svojih funkcija EUROPOL osniva i koristi nekoliko značajnih baza podataka u okviru informacionog sistema 49 , i one imaju ključnu ulogu u razmjeni i distribuciji informacija, naročito u smislu pristupa koji EUROPOL ima prema drugim EU agencijama i informacionim sistemima, što iziskuje dosta širok zahvat i analizu standarda koje sve te agencije i subjekti primjenjuju u pogledu efikasne zaštite podataka (Boehm, 2012). ...
Inspiracija za rad i problem(i) koji se radom oslovljava(ju): U radu se ispituje kako i pod kojim uvjetima su nastale i razvile se prakse međunarodne policijske saradnje na području Evrope, naročito u kontekstu širih društvenih, političkih, ekonomskih i drugih promjena. Ciljevi rada (naučni i/ili društveni): Opisati kako su nastali i kako danas funkcioniraju savremeni oblici policijske saradnje u Evropi, te objasniti faktore koji su doveli do razvoja. Metodologija/Dizajn: Meta-analitički pristup, analizirajući veliki broj referentnih i aktuelnih izvora iz područja međuanrodnih odnosa, prava EU, međunarodnog-kri-vičnog prava, kriminologije i kriminalistike.
Ograničenja istraživanja/rada: Rad se bazira se na pregledu istraživanja, i tipično za ovu vrstu istraživanja nudi samo neke perspektive mogućih tumačenja aktuelnog razvoja praksi policijske saradnje u Evropi.
Rezultati/Nalazi: Policijska saradnja u Evropi ima dugu i bogatu historiju, i kroz duži vremenski period djelovanja različitih inicijativa policijske saradnje primjetan je kon-tinuitet i razvoj pravnog uređenja i praksi ostvarenja saradnje.
Generalni zaključak: Zbog niza historijskih, političkih i širih društvenih procesa Evro-pa predstavlja autentični izvor za nastanak i razvoj vrlo važnih mehanizama međuna-rodne policijske saradnje koji se razvijaju.
Opravdanost istraživanja/rada: Rad ima znanstvenu ulogu i značaj, kako sa ciljem razvoja i prihvatanja novih znanja, tako i kritičkog propitivanja i adaptacije postojećih znanja o pojavi i razvoju međunarodne policijske saradnje.
... European Union (EU)-wide border biometric information management systems [20], including the European Asylum Dactyloscopy Database (EURODAC), Visa Information System (VIS) and Second-generation Schengen Information System (SIS II) have an increasingly important role in the identity establishment process by storing biographic and biometric data of third-country nationals [12,39]. In addition, the centralized Entry/Exit System (EES) of border control is expected to be fully implemented by 2020 in compliance with Regulations (EU) 2017/2225 [2] and (EU) 2017/2226 [3]. ...
This paper discusses concerns pertaining to the absoluteness of the right to privacy regarding the use of biometric data for border control. The discussion explains why privacy cannot be absolute from different points of view, including privacy versus national security, privacy properties conflicting with border risk analysis, and Privacy by Design (PbD) and engineering design challenges.
... In the wake of Snowden revelations in 2013 on mass surveillance and collection of data, the issue of privacy protection, particularly the transfer of personal data, was brought to the attention of the European legal public. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: the GDPR) 1 , effective from May 2018, maintained the rules of personal data transfer from its predecessor in most part. Regardless of the fact that GDPR interventions in data transfer rules were not as extensive as in certain other areas, this matter remains to be one of the most controversial ones in data protection. ...
protection. The only case in which this issue could become more debatable is if personal data crosses EU borders. The transfer of personal data to third countries proved its disputed status when the CJEU invalidated the Safe Harbour Agreement, one of the frameworks for the transfer of personal data to the US and several more came under the CJEU’s scrutiny, including the Safe Harbour Agreement’s successor, the Privacy Shield Agreement. It has been suggested that some of these instruments for transfer need to be repealed or amended in order to be brought in conformity with the GDPR. The paper, after analysing each of the grounds for transfer which may be used by EU companies, argues
that regardless of the recent entry into force of the GDPR, the data protection “revolution” is still not complete, at least as far the transborder data flows are concerned.
... The field covers the areas of police and border control, asylum and immigration, judicial cooperation in civil as well as in criminal matters and police cooperation. Therefore, this field needs a tailormade protection method for data protection [4]. The data protection directive 95/46 makes no difference between fields of data usage, therefore data protection in a field of police and justice is not regulated specifically. ...
In this paper we present the findings of a case-study on IT system security in the area of EU internal security and justice. We have analyzed the implementation of information security for the EU information systems EURODAC, SIS II and VIS in case of Estonia. The analysis comes in a situation, where there are multiple regulations, directives, guidelines; but it lacks a unified standard for the implementation of the member states subsystems. The main finding is that a separate standard is not necessary; however, there is a need for setting minimum requirements, ensuring security of the information systems, that come with appropriate guidelines that help the member states to achieve the minimum requirements. The second finding is that there is a need for greater cooperation and an increased knowledge exchange of the methods used in the member states. Following defined guidelines and exchanging knowledge would help to strengthen the level of security for the entire system.
KeywordsSchengenGDPREU-LISAEURODACSIS IIVISIT securityISO 27001
... European fundamental rights establish requirements and limitations for data collection and data processing (see Boehm 2012). Security agencies today tend to use data collected by means of mass surveillance, and EU institutions such as Europol interlink 'polycentric surveillance practices' (den Boer and van Buuren 2010: 230). ...
Transnational information sharing among security agencies in the European Union and beyond has grown considerably more important over the past decades. Centralised databases and numerous formal and informal networks now facilitate cooperation and information sharing. However, sharing intelligence may not only conflict with the protection of fundamental rights (data protection/privacy; presumption of innocence), but also with the organisational culture of institutions that are built upon secrecy. Police agencies often keep knowledge about individual cases and their strategies secret as long as possible. Intelligence services build their work and strategies upon secrecy even more. This paper analyses the variations of secrecy that can be observed for police agencies and secret services, and the relationship between information sharing among security agencies, secrecy, trust, transparency and accountability. In a normative perspective, the paper explores answers to the questions of how secret the work of security agencies should be in democratic rule of law systems and how accountability can be improved without making these institutions work less effectively.
Apstrakt: Nakon usvajanja Lisabonskog sporazuma područje slobode, bezbednosti i pravde, kao nasleđe politike pravosudne i policijske saradnje u okviru III stuba Evropske unije, intenzivnije se razvija kao prioritetna oblasti EU. Integracije u ovoj oblasti postaju dublje i složenije i permanentno poprimaju nove oblike sa ciljem uspostavljanja Unije kao funkcionalne celine. Organizovani kriminal kao fenomen, čiji efekti pogađaju sve sfere društvenog života, čini jednu od najznačajnih oblasti prostora slobode, bezbednosti i pravde. Sofisticirane metode delovanja organizovanih kriminalnih grupa nužno zahtevaju uspostavljanje adekvatnih instrumenata kako na nivou EU, tako i sa trećim državama i entitetima sa kojima ima najtešnje veze. Ovi instrumenti prevashodno zahtevaju stalno preispitivanje, ali i uspostavljane novih u cilju efikasnijeg suzbijanja ogranizovanog kriminala. Unija je posebno zainteresovana za region Zapadnog Balkana, s obzirom da su ove države iskazale strateško opredeljenje za pristupanje EU. Delovanje organizovanih kriminalih grupa na prostoru Zapadnog Balkana prventveno šteti interesima samih država i njenih građana, remeti sprovođenje reformskih procesa, podriva pravni sistem i ostvaruje direktne negativne efekte po Uniju i/ili države članice. Zbog toga je EU 1 Ovaj rad je nastao u realizaciji projekta Fakultet za poslovne studije i pravo Univerziteta "Union-Nikola Tesla" Beograd: "Savremeni geopolitički procesi u Evropi sa apsekta bezbednosne analitike i upravljanja krizama", broj ФПДХ/БЕЗ/01241225/2024-2025. Refer.: Stanković, V, & Otašević, B. (2024). Inicijative Evropske unije za suzbijanje organizovanog kriminala na Zapadnom Balkanu. U: Forca, Božidar (ur.), Sekulović, Dragoljub (ur.). Tematski zbornik radova. Evropa na raskrsnici-upravljanje krizama. Beograd: Fakultet za poslovne studije i pravo, str. 185-209.
The European Union responded to the propositions of the OECD in the BEPS Action 12 Final Report on Mandatory Disclosure Rules (MDR) by creating its own rules in the form of Council Directive 2018/822 of 25 May 2018, which is the sixth amendment of Directive 2011/16/EU on administrative cooperation in the field of taxation (DAC 6). This article focuses on the controversial aspects of DAC 6, namely its impact on the fundamental rights of taxpayers. It investigates (i) how the European MDR indirectly affect the taxpayers’ right to legal certainty and legitimate expectations through active prevention of “aggressive” or “potentially aggressive” tax schemes by rapid changes in legislation; (ii) how they will impact the taxpayers’ right to legal advice and legal representation, as well as the right not to self-incriminate; and (iii) what the interplay is between taxpayers’ right to privacy and data protection and the reporting requirements.
In this work, the call for a broader perspective in data protection law is deduced in three parts: the first, historical part shows that personal data processing has always been linked to information flows and society institutions, and not just to individual subjects. The second part exposes three structural hallmarks of the DPA. The third part addresses impact deficits of data protection law, the challenges raised by new technologies and commercialization, and the latest approaches to solving them. The author suggests a shift in paradigm: the future data protection law must be a law of systemic data protection, which includes the protection of individual rights.
This chapter introduces the EU data protection legislation. EU law regulates data protection both on the level of the primary law in Articles 8 CFR and Article 16 TFEU, and on the level of the secondary law with the second generation of EU data protection legislation, i.e. the GDPR, DPR-EU, LED and ePD. The primary law has been reverse-engineered from the provisions of the first generation of secondary EU data protection legislation. The current secondary EU data protection legislation meanwhile is an evolution of the first generation. It introduces some new principles and instruments and further substantiates others that were previously established. This is particularly true for the principles of the EU data protection legislation, which form its basis. However, the principles expressly included in the relevant provisions are not representative of all of the general rules of the legislation and will therefore have to be enhanced, which will be achieved in Chap. 5.KeywordsLawfulnessFairnessTransparencyPurpose LimitationData MinimisationAccuracyStorage LimitationIntegrityConfidentialityAvailabilityAccountabilityNecessityData Protection PrinciplesSpecial CategoriesSensitive DataSupervisory AuthorityData Protection AuthorityThird Country TransfersData Protection Impact AssessmentData Subject Rights
This paper is focused on several important issues that deal with special investigation measures. The main perspective of the analysis is based on the ECtHR case law on this issue. Two issues are from primary interests: secret monitoring of communication and undercover investigator. Intensive ICT development enables various modern techniques and methods of crime investigation but also results in some new types of crime that could be committed using ICT. Expansion of the fundamental rights and their protection, especially in Europe, raised global awareness of the right to privacy and the need to protect it. Having that in mind, it seems that the main question that should be answered by legislator is: Where is the borderline between the right to privacy and the public interest to investigate or prevent crime and collect evidence? The undercover investigator falls under Article 6 of the Convention and there are different rules on the admissibility of such evidence. Serbian Criminal Procedure Law on some points is in line with ECtHR standards, but some very important provisions, as well as practice, are not.
El texto de este artículo tiene por objeto dar noticia y ofrecer una visión general de la última propuesta de Reglamento presentada por la Comisión Europea en materia de protección de datos, con la intención de destacar aquellos elementos más innovadores en relación con la normativa actualmente vigente. No pretende ser un análisis exhaustivo del articulado que sin lugar a dudas en el momento de su aprobación definitiva merecerá un estudio más pormenorizado, pero sí destacar aquellas cuestiones que, a criterio de la autora, pueden ser más llamativas o suponer un cambio de paradigma y que aunque a día de hoy todavía no hayan entrado en vigor, sí dejan entrever el enfoque final que pueda acabar imponiéndose en la materia.
Artikulu honen helburua Europako Batzordeak datu-babesaren arloan aurkeztutako azken erregelamendu-proposamenaren berri ematea da, eta proposamen horren ikuspegi orokor bat eskaintzea, gaur egun indarrean dagoen araudiarekiko berrikuntzarik nabarmenenak azpimarratzeko asmoz. Erregelamendua behin betiko onartzen denean azterketa xeheago bat egin beharko bada ere, testu honen asmoa ez da artikuluen analisi sakon bat egitea, baizik eta egilearen ustez azpimarragarrienak izan daitezkeen eta paradigma-aldaketa bat ekar dezaketen auziak nabarmentzea, auzi horiek, gaur egun oraindik indarrean ez badaude ere, gai honetan zein ikuspegi nagusituko den antzematen laguntzen dute eta.
The text of this article has the aim of informing and providing a general vision about the last proposal of Regulation drafted by the European Commission regarding the data protection with the intention of highlighting those more innovatives elements in relation to the current legislation. It does not pretend to be an exhaustive analysis of the articles, which will be necessary in any case once the Regulation is enacted, but to emphasize those questions which the author considers more striking or that mean a change of paradigm. Albeit the regulation is not in force yet, it seems to suggest the final approach that may prevail on the matter.
Following a terrorist attack in Paris and the peak of the migrant crisis in Europe, in December 2015 the European Council highlighted the urgent need to enhance information sharing between actors in the area of freedom, security and justice. In the subsequent years the EU introduced a number of legislative proposals with the aim of ensuring more efficient border and migration management and enhancing the internal security of the Union. In addition to the existing information systems in the area of freedom, security and justice, it established two additional databases (the Entry/Exit System and the European Travel Information and Authorisation System) and is planning to make them fully interoperable in the near future. Even more disturbingly, as a measure in the fight against terrorism and organised crime, the EU has gradually allowed law enforcement authorities to access information systems originally created for border control purposes and to use the data contained therein to prevent, detect and investigate crimes. Although numerous NGOs and even some EU institutions, including the European Data Protection Supervisor (EDPS) and the EU Agency for Fundamental Rights, have expressed grave concerns as regards the human rights implications of the measures taken by the EU, the Commission insists on protecting EU citizens at the expense of the rights of third-country nationals. This chapter is aimed at exploring whether the EU’s data gathering practices are following the path taken by the USA in the fight against terrorism following the 9/11 attacks by conducting mass surveillance of foreign nationals, which is incompatible with its own data protection framework.
The principle of subsidiarity is of particular relevance when the role of the EU in policy and law-making is contested. This chapter builds upon the hypothesis that the situation is ambiguous for internal security: on the one hand, national sovereignty still plays an important role in this field, at least in the official discourse of certain actors in the member states. On the other hand, policy makers and security agencies more frequently recognise the necessity of effective coordination and cooperation in dealing with transnational threats; especially those related to international terrorism.
Bu çalışma Genel Bilgi Toplama sisteminde kişilere ilişkin kayıt tutulmasının Avrupa İnsan Hakları Sözleşmesi’ne (AİHS) ve Türk Anayasası’na uygunluğunu incelemeyi hedeflemektedir. Kişisel veriler, 108 sayılı Kişisel Verilerin Otomatik İşleme Tabi Tutulması Karşısında Bireylerin Korunması Sözleşmesi’nin (108 sayılı Sözleşme) 2. maddesinde kimliği belirli veya belirlenebilir bir gerçek kişi hakkındaki tüm bilgiler olarak tanımlanmıştır. Bu bağlamda yakalama kararı, ceza kovuşturma bilgisi veya kimi suçlardan mahkûmiyet hükümlerinin tutulması, kişisel verilerin işlenmesi anlamına gelmektedir. Kişisel veriler, özel yaşama saygı hakkının bir parçasıdır. Özel yaşama saygı hakkı ise AİHS m. 8 ve Türk Anayasası m. 17 ve m. 20 ile korunmaktadır. O halde GBT sisteminde söz konusu maddelere uygun bir şekilde kayıt tutulması gerekmektedir. Bu sebeple GBT sistemi, yasallık (hukukilik), meşru amaç ve demokratik toplum düzeninde gerekli olma ve ölçülülük testlerine tabi tutulmuştur. GBT sisteminin yasal dayanağı olan Bilgi Toplama Yönergesi, “Hizmete özel” olması nedeniyle Resmî Gazete’de yayımlanmamıştır. Ayrıca sisteme işlenen mahkûmiyet hükümleri kişinin ölümüne kadar silinmemektedir. Bu iki durum, GBT sisteminin söz konusu testlerden geçememesinin en önemli iki nedenidir.
This chapter explores the relationship between cybersecurity on the one hand and data protection and privacy on the other. It analyzes potential methodological approaches to the study of this complex relationship between data protection and cybersecurity from a transdisciplinary legal and public policy perspective. Synergies between cybersecurity and data protection occur where measures taken in favor of cybersecurity contribute to protect personal data against data breaches. Data protection laws prohibit the use of false or outdated personal data in the interest of the individuals concerned. While cyber threats such as hacking, cyber‐attacks and the darknet can only be researched with specific approaches that take into account the opacity of these phenomena, legal and public policy research perspectives look at the reactions to cyber threats. Combining legal and public policy perspectives in a transdisciplinary approach can be a fruitful method for the study of the relationship between cybersecurity and data protection.
Die Gründung der Europäischen Union in ihrer ursprünglichen Form durch den Vertrag von Maastricht ist eng mit dem Bedeutungsgewinn der Justiz- und Innenpolitik für die europäische Integration verbunden. Mit dem Maastricht-Vertrag wurde die „dritte Säule“ etabliert, ursprünglich mit der Absicht, die Zusammenarbeit zwischen den Mitgliedstaaten in der Innen- und Justizpolitik zu verbessern. Zugleich integrierte diese intergouvernementale EU-Säule informelle Kooperationsformen, die sich in den
Jahrzehnten zuvor entwickelt hatten, in einen offizielleren Rahmen. Erst
mit dem Vertrag von Lissabon wurden Themen innerer Sicherheit zum
Bestandteil der neu konzipierten EU – allerdings mit verbleibenden Besonderheiten.
Dieser Beitrag geht den Fragen nach, wie sich neuere Entwicklungen auf diesem Politikfeld und Rechtsgebiet in einem längerfristigen Kontext interpretieren lassen und inwieweit sich im Zuge zahlreicher neuerer Initiativen der Europäischen Kommission der Raum der Freiheit, der Sicherheit und des Rechts, wie er in den 1990er Jahren mit dem Vertrag von Amsterdam etabliert wurde, zu einer Sicherheitsunion entwickelt hat. Hierfür analysiert der Beitrag Entwicklung, Stand und Perspektiven der Polizei- und Strafjustizzusammenarbeit in der EU.
This study critically analyzes the notion of counter-performance that has been
proposed in the European Commission’s proposal of 9 December 2015 for a Directive
on certain aspects concerning contracts for the supply of digital content (DCD)
(COM(2015) 634 final). In this research, there have been made certain comparisons
amongst other EU law materials to reveal how the DCD relates to those, primarily to
the General Data Protection Regulation (GDPR)(2016/679). The analysis has mainly
been made from a contractual point of view.
The aim of this paper is to evaluate whether the notion of counter-performance
is in line with the GDPR and general rules of contract law.
The briefing paper is structured as follows:
Part 1 will give a background of the GDPR and DCD, including the definition
of personal data and payment.
Part 2 will focus on contractual relationship between the DCD and other EU
law materials in terms of data. In this part, the active and passive provision of data
and the notion of free-services will be analyzed and the problem of data as a tradable
commodity will be scrutinized.
Part 3 will address the DCD’s notion of counter-performance in terms of
consent, conformity, remedies, and termination.
Finally, the last part will conclude.
In the evaluation of the rules, where relevant, there will be certain national
laws comparisons made, in particular, from a traditional contract law perspective.
Im Ergebnis sollte wesentlich stärker als in dem Antrag zwischen den in dieser Stellungnahme aufgezeigten Dimensionen einer möglichen Weiterentwicklung von Europol unterschieden werden:
- Unterscheidung zwischen den (begrenzten) Optionen unter den Rahmenbedingungen des Primärrechts auf dem Stand des Vertrags von Lissabon und neuen Optionen im Rahmen einer evtl. Vertragsrevision;
- Konsequente Einbindung von Europol in das entstehende EU-Straf-justizsystem – Ermittlungstätigkeit unter Verfahrensleitung der EUStA;
- Verbesserung der Rahmenbedingungen für gut funktionierende Kooperationsinstrumente, insbesondere für die Tätigkeit der Joint Investigation Teams;
- Koordination der Accountability-Strukturen, wobei die mitgliedstaatli-chen Parlamente im Rahmen des Art. 51 Europol-VO eine gestaltende und wesentlich aktivere Rolle übernehmen sollten;
- Kritische Begleitung des Informationsaustausches, auch im Hinblick auf die Interoperabilitäts-Verordnungen und Hinwirken auf ein verbessertes Daten-Qualitätsmanagement zur Vermeidung ineffek-tiven oder rechtswidrigen Polizeihandelns.
Europol a été bâti sur les bases du secret, ceci au nom du fait que la police – et a fortiori de la coopération policière – doit disposer, pour être efficace, de la plus grande discrétion. De surcroît, Europol s’est développé, drapé dans le secret de la diplomatie d’une collaboration policière européenne fondée sur une logique intergouvernementale. Une telle logique du secret a été contestée par le Parlement européen qui a souligné la nécessité du renforcement du contrôle démocratique de l’office. Les réformes successives du droit instituant Europol marquent, à cet égard, l’affermissement régulier de ce type de contrôle au nom du respect de l’État de droit.
This Chapter analyses the changing scenario of information technology cooperation for law enforcement purposes in the EU. It proposes a taxonomy of existing information cooperation tools, based on two criteria: the cooperation techniques and the institutional settings governing information exchange. On this basis, the analysis briefly addresses the increasing involvement of private (economic) actors in contributing to cooperation in criminal matters and the quest for a higher degree of interoperability among various information systems. While highlighting the risks connected to prioritizing security concerns, the Chapter also underscores the integrative potential of information cooperation in a common European space without internal borders.
The European Public Prosecutor’s Office (the ‘EPPO’) necessarily processes personal data in order to fulfil its mission; As such, it falls squarely within the European Union (EU) data protection regulatory landscape. However, because the EU data protection regulatory landscape itself is currently found at a crossroads, an analysis of the EPPO data protection model may be twofold: First, placing it within the proper cross-organization dialogue currently taking place on the future regulatory model of personal data processing for law enforcement purposes carried out at EU level. Second, at an EPPO-specific level, whereby the actual data protection regime afforded to it may be assessed. This article purports to elaborate upon the above two data protection dimensions of EPPO personal data processing activities: It presents considerations and policy options during the lawmaking period that resulted in the establishment of the EPPO, it analyses the data protection regime ultimately awarded to it and attempts to, critically, place the EPPO data protection model within its proper operational and legislative environment.
In the light of the Snowden revelations in 2013, Maximilian Schrems instituted the proceedings against the Irish Data Protection Commissioner which resulted with the invalidation of the Safe Harbour Agreement by the CJEU. The Safe Harbour Agreement, the framework under which EU citizens’ personal data were being transferred to the US, was replaced by the EU-US Privacy Shield which put in place rules and procedures for more effective protection of personal data. Apart from the adequacy decisions such as Safe Harbour and Privacy Shield, the Data Protection Directive envisages adequate safeguards, such as contractual clauses, binding corporate rules and derogations as bases for transfer of personal data to third countries. Despite the fact that these bases are maintained in the General Data Protection Regulation, its entry into force in May 2018 brought some changes in this respect. It was already suggested that the EU-US Privacy Shield will have to be significantly amended. Furthermore, the validity of standard contractual clauses will be inspected by the CJEU since the Irish High Court decided to refer the question for the preliminary ruling on this matter in October 2017. This paper analyses the bases and conditions for transfer of personal data to third countries, novelties introduced by the new General Data Protection Regulation and pinpoints the matters which might present the greatest challenge for efficient data protection, the area of EU law surrounded by much controversy.
This chapter explores the forms of governance that the EU–US PNR, TFTP, Privacy Shield and Umbrella Agreement have established in the transatlantic data space by looking at the relevant rules, procedures and institutions. It concludes that transatlantic institutionalisation in the sphere of data protection is weak and has not achieved a locus of legitimation as these agreements have been mainly negotiated by the executive serving national security interests and contain a complex set of fragmented, uncertain rules that in their substance have weakened fundamental rights’ protection. This chapter advocates that potential solutions for the current inadequate transatlantic data privacy framework could be searched at the domestic level through the emergence of new actors, such as private individuals and independent authorities that can act as watchdogs for the protection of data privacy rights beyond the EU borders.
This study aims to identify and explore the challenges in the implementation of Resolution No. 4/2016 of the ICPO-INTERPOL concerning sharing and exchanging biometric data among the members of ICPO-INTERPOL in order to counter terrorist foreign fighters (FTFs). This research also aims to elaborate and describe the mechanism of collecting, recording, storing, and exchanging biometric data conducted by the Indonesian government.
The mechanism of collecting, recording, and storing biometric data works through 3 main doors, namely: 1) in the process of making electronic Resident’s ID Cards (e-ID Cards); 2) in the process of making SKCK (Certificates of Police Record); 3) in the process of making e-Passports. In the implementation of Resolution No. 4/2016 of ICPO-INTERPOL, the most obvious obstacles and challenges are the absence of regulations concerning the protection of personal data, and also the fact that the biometric data system itself is still relatively new and the database is not fully developed. Until today, the INTERPOL National Central Bureau (NCB) for Indonesia does not have its own biometric database system; instead they are using the database that is centralized at Pusinafis Polri (the Indonesian National Police’s Center of Automatic Fingerprint Identification System).
The results of the study reveal that the biometric data recorded, collected, and stored are big data, but so far in supporting law enforcement and crime prevention processes the data have only been used as comparative data. In addition, there have also been found indications of violations of personal data and privacy, for example in relation to the absence of mechanism for data retention, consent, processing, notification, and disclosure.
This study aims to identify and explore the challenges in the implementation of Resolution No. 4/2016 of the ICPO-INTERPOL concerning sharing and exchanging biometric data among the members of ICPO-INTERPOL in order to counter terrorist foreign fighters (FTFs). This research also aims to elaborate and describe the mechanism of collecting, recording, storing, and exchanging biometric data conducted by the Indonesian government. The mechanism of collecting, recording, and storing biometric data works through 3 main doors, namely: 1) in the process of making electronic Resident's ID Cards (e-ID Cards); 2) in the process of making SKCK (Certificates of Police Record); 3) in the process of making e-Passports. In the implementation of Resolution No. 4/2016 of ICPO-INTERPOL, the most obvious obstacles and challenges are the absence of regulations concerning the protection of personal data, and also the fact that the biometric data system itself is still relatively new and the database is not fully developed. Until today, the INTERPOL National Central Bureau (NCB) for Indonesia does not have its own biometric database system; instead they are using the database that is centralized at Pusinafis Polri (the Indonesian National Police's Center of Automatic Fingerprint Identification System). The results of the study reveal that the biometric data recorded, collected, and stored are big data, but so far in supporting law enforcement and crime prevention processes the data have only been used as comparative data. In addition, there have also been found indications of violations of personal data and privacy, for example in relation to the absence of mechanism for data retention, consent, processing, notification, and disclosure.
Since 2014, millions of refugees and migrants have arrived at the borders of Europe. This article argues that, in making their way to safe spaces, refugees rely not only on a physical but increasingly also digital infrastructure of movement. Social media, mobile devices, and similar digitally networked technologies comprise this infrastructure of “digital passages”—sociotechnical spaces of flows in which refugees, smugglers, governments, and corporations interact with each other and with new technologies. At the same time, a digital infrastructure for movement can just as easily be leveraged for surveillance and control. European border policies, in particular, instantiate digital controls over refugee movement and identity. We review the actors, technologies, and policies of movement and control in the EU context and argue that scholars, policymakers, and the tech community alike should pay heed to the ethics of the use of new technologies in refugee and migration flows.
Information is often systemically invisible within the EU governance structure because it is shared and used at different levels of governance, across different policy areas and also among government actors and private companies. The composite governance structure of the EU - combined with insufficient accountability mechanisms – is conducive to the emergence of what I term second order secrecy. Citizens become ever more transparent to their governments but at the same time they find it increasingly complex to understand which governmental organisations or private entities hold which information about them. Citizens do not see how the access to their personal data transforms the way in which governmental bodies make use of their administrative discretion and how this affects the effectiveness of legal and constitutional control. This article deals with the phenomenon of second order secrecy from a broad constitutional law perspective. It explores how law is and can further be used to cope with the challenges that second order secrecy poses to the fundamental rights of citizens. I argue that in iterative and seemingly unrelated lines of cases by the Court of Justice, the very beginnings of a system of second order publicity in the EU is emerging. It is however partial – as implied by the term ‘mosaics’ – and there are clear gaps where the secrecy is more systemic and less accessible to legal challenge.
This paper considers select emergent issues arising from the reform of the EU data protection framework, and how these might impact upon data processing in the law enforcement and criminal justice sectors. It analyses those aspects of the recently enacted Directive 2016/680 on data protection in the police and criminal justice sectors that will be determinative of its effective and consistent application in practice. It considers the extent to which the Principles laid down in Council of Europe Recommendation R(87)15 regulating the use of personal data in the police sector have been retained, adapted, strengthened, weakened or abandoned in Directive 2016/680. Certain problems arising from the Directive, not to mention the very medium of a Directive, separate from the General Regulation, as the instrument of choice, could be said to have been ‘writing on the wall’, as evidenced by the on-going discussions in the Commission expert group on the Regulation 2016/679 and Directive 2016/680 (E03461) on, for example, the complicated matter of delimitation between Directive 2016/680 and the General Data Protection Regulation (2016/679), oversight and enforcement; in particular, ensuring control by independent Supervisory Authorities, and international transfers and transfers to private parties.
Although OLAF has numerous areas of activity – such as performing coordination, assistance and monitoring functions, improving cooperation with and between the Member States and developing anti-fraud policy – its investigation function is of prime importance. When OLAF carries out internal and external investigations, it should obviously do so with integrity, impartiality and professionalism, respecting above all individuals’ fundamental rights and freedoms. Unfortunately, this is not always the case in practice. OLAF is indeed in a delicate position and has to balance the effectiveness of its investigations and the so-called “culture of accountability”. Problematically, the judicial review of OLAF’s acts is still very weak and the action in damages is often the only remedy available to the persons in the investigatory process. This lack of protection has been a matter of constant worry since OLAF’s establishment. The case law of the Union judicature is nowadays particularly active and rather progressive when it comes to the protection of the rule of law within OLAF’s investigations. Notably, the Civil Service Tribunal has delivered some very innovative rulings on this matter which depart from the mainstream case law. This judicial tension reflects, arguably, a deeper malaise. Perhaps, an institutional reform should be undertaken. This is all the more true since the Lisbon Treaty clearly brings to us new perspectives on the protection of Union financial interests, for instance developments in EU criminal law and the possibility of a European Public Prosecutor.
In this article the authors discuss the interoperability of police data bases in the EU with reference to the 24 November 2005 Communication from the Commission to the Council and the European Parliament on improved effectiveness, enhanced interoperability and synergies among European databases in the area of Justice and Home Affairs. The authors identify different levels of interoperability. Straightforward interoperability within the EU is distinguished from four more controversial levels of interoperability, such as interoperability with atypical systems and interoperability with systems outside the EU. On the basis of this analysis the question of the desirability and suitability interoperability will be addressed, followed by a discussion of the necessary guarantees to be included. Contrary to what is often suggested, interoperability is a highly sensitive political issue. The attempt of the Commission's 2005 Communication, to make it look like a mere technical issue does not create the right context for a serious and in-depth discussion.
Drs Hofmann and Türk made a name for themselves in the field of EU administrative law with their first collection of edited essays, EU Administrative Governance (Edward Elgar) 2006, which was well reviewed and made an important contribution to the subject. The focus of their new collection, Legal Challenges in EU Administrative Law, is accountability, internal through structures and procedures and external through courts and auditors. With its many useful contributions from well-known experts it promises well.
This volume explores the main areas of legal development under the so-called 'Area of Freedom, Security, and Justice' (AFSJ), which was introduced into European law under the Treaty of Amsterdam of 1997. It examines the main subject matter of the new AFSJ: migration, family reunion, asylum, police co-operation, and co-operation in matters of criminal law and criminal procedure, and brings together two main areas of the AFSJ: the law of migration and the police and criminal justice. It includes discussion of the future of the AFSJ against the background of the current drafting of a first Constitution for the European Union. The book is of particular interest in the light of matters of internal security following September 11th.
Seamless air commuting between the EU and the USA appears to constitute nowadays a much sought-after but nevertheless still elusive cause. The level of co operation between the two parties has had, and is still having, its best and worst days. The protection of individual privacy continues to constitute one of the causes for much controversy. In Europe, the formal recognition of a right to data protection, in addition to the right to privacy, has led to an elaborate framework for the protection of individuals; however, internal, institutional difficulties have frequently caused confusion as to the appropriate legal treatment of different situations. In the USA individual privacy and personal data are protected through a mixture of sources: Constitutional law, Supreme Court case law, federal legislation, sector-specific legislation, etc. The difference in approach is obvious and has fed European belief about having higher standards in protection of personal data. After 9/11, the request of American security authorities to have increased access to the personal data of passengers (PNR data) visiting the USA, inevitably led to yet another confrontation of the two systems. The conflict was attempted to be resolved by a First (2004) PNR Agreement, that was annulled by the European Court of Justice, then by an Interim PNR Agreement and, finally, by the, in effect, Second (2007) PNR Agreement. The paper attempts to bring forward the route to the conclusion of the PNR Agreements, as well as to asses the effectiveness of the policy choices and the PNR Agreement model itself for the protection of individual privacy.
Purpose
The purpose of this paper is to analyse the extent to which the (changing) European Union (EU) constitutional context impacts on the investigation of fraud affecting the EU budget, with a focus on fraud affecting expenditure.
Design/methodology/approach
The paper is based on legal issues perceived by a European law specialist working within OLAF. The legal framework and several cases are used to illustrate various difficulties in operational work. First of all, the paper argues that cooperation between EU bodies such as Europol, Eurojust, the European Judicial Network and European Anti‐Fraud Office (OLAF) is not yet optimal. Nor is the legal framework for OLAF's work. Internal blockages exist. This is illustrated in relation to a number of operational issues.
Findings
The paper argues that much has been achieved through secondary legislation in the criminal law sphere under the Treaty of Nice but real difficulties continue at the operational level. As far as operational cooperation, effectiveness and defence rights are concerned, some of the legal problems and internal blockages identified here can be removed regardless of the eventual situation in relation to the establishment of a European Public Prosecutor.
Research limitations/implications
The paper focuses on legal problems and blockages experienced by OLAF investigators in the present legal framework.
Practical implications
The paper should be of interest to anyone engaging in the study of anti‐fraud enforcement and to investigators and prosecutors.
Originality/value
The paper provides an insight into European Commission anti‐fraud enforcement.
On May 30 2006 the ECJ handed down a significant judgment which, amongst other things, attests to the continuing complications posed by the EU’s Byzantine pillar structure. At issue was a Commission adequacy decision, in the Data Protection Directive framework, which recognised the US as providing an adequate level of protection for the transfer of Passenger Name Record (PNR) data and the related first pillar international agreement. The adequacy decision and the Council Decision concerning conclusion of the agreement were both annulled because the personal data processing at issue was outside the Directive’s scope concerning as it did public security and State activities in the areas of criminal law. The judgment thus offers important clarification as to what is subject to first pillar data protection standards and its ramifications will be felt well beyond the PNR field.
The EU has now concluded a new international agreement with the US under the third pillar which, to the discredit of the European negotiators, is even more questionable on fundamental rights grounds than its predecessor. Whilst the standards of the Data Protection Directive do not apply to this third pillar measure, ECHR standards remain applicable and it is possible that unlike in its first judgment the ECJ may find itself unable to avoid pronouncing on whether this new Agreement meets the standards articulated by the Strasbourg Court.
The margin of appreciation doctrine has become a fundamental part of the jurisprudence of the European Court of Human Rights. It has played a central role in most of the cases decided by that Court, including many of its most significant and controversial, and until recently has been the subject of remarkably little analysis. However, there has been a spate of interest in the doctrine in the last year or so. ¹ Most of this debate has concerned the details of how the margin of appreciation operates in the context of particular articles of the European Convention on Human Rights. This article's purpose is to look at the wider picture. After an outline of the essential characteristics of the doctrine, I will examine the nature of the margin and its role in adjudication. I will suggest that there are logical flaws in the margin as currently conceived, and that these undermine the quality and coherence of the Court's judgments.
The article surveys action taken by the European Community to combat fraud affecting its financial interests, focusing on the development of investigative authority granted to OLAF, the EuropeanOffice Pour La Lutte Anti Fraude and its impact on the procedural rights of the alleged defrauder. It shows that the involvement of OLAF can be crucial for a national fraud investigation and subsequent criminal prosecution and that it meets the criteria set out by the Strasbourg organs for the applicability of Article 6 ECH. The article explores whether the legal sources governing the activities of OLAF or nationalor rather, Communitylaw guarantee sufficient protection for the alleged defrauder and thus pay respect to principles arising from the rule of law in law enforcement. It is shown that general principles of Community law, which were mostly established in antitrust law, may provide a certain protection for the suspect, but may not protect him in all regards. It is thus argued that, in the long run, it will be necessary to provide special fair-trial rights which offer protection to alleged defrauders from those infringements arising out of the specific features of a Community investigation.
This article examines calls for a global legal framework for data protection, and in particular suggestions that have been made in this regard by the International Law Commission and various national data protection authorities. It first examines the scope of a potential legal framework, and proceeds to analyze the status of data protection in international law. The article then considers the various options through which an international framework could be enacted, before drawing some conclusions about the form and scope such a framework could take, the institutions that could coordinate the work on it, and whether the time is ripe for a multinational convention on data protection.
The accession of the European Union to the ECHR raises fundamental questions surrounding the protection of individual rights in the Strasbourg court and the autonomy of EU law. It is argued that any solution should ensure an effective protection for the individual applicant. Thus the appropriate respondent in Strasbourg should be the party which has acted in the concrete case as it can be easily identified. The European Union’s autonomy can be preserved by allowing it to join as a co-respondent. Since the individual has no influence over whether a national court makes a reference under art.267 TFEU, the lack of such a reference should not lead to the inadmissibility of the complaint.