TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | After Schrems, After Paris: What Next? Related reading: Blockchain and the GDPR: Addressing the compliance challenge

rss_feed

""

PrivacyTraining_ad300x250.Promo1-01

The Paris attacks of November 13 left 130 murdered and 368 injured; a deadly demonstration that the EU is losing the fight against cross-border crime and terrorism. Those attacks demonstrated deficiencies in the gathering, processing and sharing of police and criminal intelligence within the EU. Last week saw EU justice ministers agree on a number of key initiatives designed to remedy these deficiencies. 

Firstly they reached an agreement with the EU Parliament on the gathering and sharing of airline passenger name record (PNR) data. This may enhance the ability of EU Member States to track airline passengers within the EU. 

Secondly, EU justice ministers “… underlined the importance of accelerating the implementation” of counter-terrorism measures such as information sharing and co-operation with the EU’s international partners, such as the U.S. 

Thirdly, they confirmed that an agreement had been reached on a proposal for an amended Europol regulation (the EU agency for police co-operation and training) which will amongst other things provide “… Europol with a flexible and modern data management regime.”

Finally, EU Justice Ministers discussed whether a new EU measure on the retention of telecommunications metadata, such as source, destination and other communications data other than content, should be proposed.  They concluded that “… an EU-wide approach has to be considered in order to put an end to the fragmentation of the legal framework on data retention.”  The previous Data Retention Directive had been struck down by the Court of Justice of the EU (CJEU) in Digital Rights IrelandIt will be interesting to see whether the EU Commission will now propose new data retention measures and what form those proposals will take. 

Some may question whether such measures will survive review by the CJEU in Luxembourg; that question which may shortly be answered, for the English Court of Appeal has referred further questions to the CJEU about the interpretation of its judgment in Digital Rights Ireland. In Digital Rights Ireland, the CJEU found the EU’s Data Retention Directive to be invalid as it failed to properly respect the rights of privacy and data protection provided by the EU Charter of Fundamental Rights. The CJEU is being asked whether that judgment applies only to EU laws or whether it can be extended to national laws (the English Court thinks not).  The CJEU is also being asked whether that judgment expands the rights of privacy and data protection provided by the EU Charter of Fundamental Rights or whether the CJEU simply applied the existing law.

The answers to these questions will have implications for member states such as the UK which are adopting national laws on data retention. As the English Court says “… the true effect of the judgment in Digital Rights Ireland will remain central to the validity of all future legislation enacted by the member states in this field.” And so it asks that the CJEU “ … look favorably on a request from this court for the expedition of a reference."   

How the CJEU will answer these questions remains to be seen. Precedent is not necessarily any guide, as the CJEU is not bound by precedent as is a Court of Common Law. The Digital Rights Ireland decision is itself a “striking” demonstration of this reality.  In that case the CJEU found the EU’s Data Retention Directive to be invalid because of the manner in which it allowed EU police forces to process that data; this required that the CJEU ignore its earlier judgment that the directive did not “ … contain any rules governing the activities of public authorities for law-enforcement purposes.” 

It must also be kept in mind that the CJEU defines itself as “ … the engine of European integration." That integration is now under threat. The Schengen Agreement has long been one of the most visible demonstrations of that integration, allowing anyone to travel between the Schengen states without being subject to passport controls; Schengen allowed the Paris attackers to travel freely between Brussels, Paris and elsewhere. EU justice ministers have agreed that such controls may be “temporarily” re-imposed for up to two years (which may have particular implications for anyone living or working in smaller member states such as Luxembourg). This directly impacts upon free movement, which one of the rights provided by the EU Charter of Fundamental Rights and one of the underlying principles of the EU treaties. The CJEU’s answers to the questions posed by Secretary of State for the Home Department v Davis may allow it to re-articulate where it feels the balance between privacy, data protection and other rights may now lie. 

It remains to be seen how these various developments will impact upon negotiations between the EU Commission and U.S. government on a new Safe Harbor agreement. The EU Commission still hopes to have a new agreement in place by the end of January 2016. But Ard van der Steur, the Dutch minister for justice, has warned that, “It is not expected that the negotiations with the U.S. will be completed very shortly.” This is worrying, as the Dutch will take over the EU presidency at the start of January 2016.

However those negotiations are ongoing, we do not yet know what their outcome will be. 

photo credit: Cold response via photopin (license)

Comments

If you want to comment on this post, you need to login.