Search

Your search keyword '"Paul de Hert"' showing total 89 results
Start Over Author "Paul de Hert" Topic law
89 results on '"Paul de Hert"'

2. The use of municipal administrative sanctions by the municipalities of Brussels

Author

Paul De Hert, Karen Meerschaut, Serge Gutwirth, and Ann Vander Steene

Subjects
municipal administrative sanctions, law, insecurity, incivilities, security, Social Sciences
Abstract

The laws of 1999 and 2004 concerning the implementation of municipal administrative sanctions (in short GAS legislation) gave local authorities new legal instruments to act more vigourously against phenomena of nuisance. Local authorities can now impose an administrative fine of up to 250 euros for behaviour which is contrary to public order (cleanliness, safety and quiet enjoyment) or which causes “public nuisance”. This publication purports to assess how the 19 municipalities of Brussels Capital Region formulate and apply this local “nuisance law”. Many differences emerge in terms of the content, the procedure and the modalities of municipal administrative sanctions (mediation, taking the minutes, amounts) and in terms of the choice between fines or police punishments. Even though some de facto harmonisation has taken place among Brussels police and security matters and the Region intervenes to make adjustments where necessary, the Brussels Region needs more institutionally-based guidance.

Published
2008
Full Text
View/download PDF

3. When GDPR-principles blind each other: Accountability, not transparency, at the heart of algorithmic governance

Author

Paul De Hert, GUILLERMO LAZCOZ, TILT, Metajuridica, and Fundamental rights centre

Subjects
accountability, transparency, GDPR, algorithmic decision-making, artificial intelligence, Law
Abstract

Transparency has been at the centre of the debate on algorithmic governance. However, when the GDPR was adopted in 2016, the legislator preferred to establish accountability as the core of the Regulation's principles, rather than transparency. Unfortunately, accountability does not yet seem to be playing the role it was assigned in the data protection ecosystem, at least when it comes to algorithmic decision-making. To turn this scenario around, we propose a reflective exercise in which we look at the concept of accountability and how it was introduced in the GDPR. By emphasising on the human element in algorithmic decision-making, we find a systematic and process-oriented accountability present in the GDPR. Following arguments already made in the literature, we hold that this kind of accountability is well suited for algorithmic governance. Moreover, we argue that it could be strengthened by the Commission's proposal for a Regulation on Artificial Intelligence.

Published
2022

4. Data Protection and the EPPO

Author

Vagelis Papakonstantinou, Paul De Hert, TILT, Brussels Interdisciplinary Research centre on Migration and Minorities, University of Brussels - European Criminal Law, Metajuridica, Law Science Technology and Society, and Fundamental rights centre

Subjects
History, Polymers and Plastics, Order (business), Political science, Law, media_common.cataloged_instance, Data Protection Act 1998, Business and International Management, European union, European Public Prosecutor, Industrial and Manufacturing Engineering, Data Protection Directive, media_common
Abstract

The European Public Prosecutor’s Office (the ‘EPPO’) necessarily processes personal data in order to fulfil its mission; As such, it falls squarely within the European Union (EU) data protection regulatory landscape. However, because the EU data protection regulatory landscape itself is currently found at a crossroads, an analysis of the EPPO data protection model may be twofold: First, placing it within the proper cross-organization dialogue currently taking place on the future regulatory model of personal data processing for law enforcement purposes carried out at EU level. Second, at an EPPO-specific level, whereby the actual data protection regime afforded to it may be assessed. This article purports to elaborate upon the above two data protection dimensions of EPPO personal data processing activities: It presents considerations and policy options during the lawmaking period that resulted in the establishment of the EPPO, it analyses the data protection regime ultimately awarded to it and attempts to, critically, place the EPPO data protection model within its proper operational and legislative environment.

Published
2019

5. Regulating Big Data in and out of the Data Protection Policy Field

Author

Juraj Sajfert and Paul De Hert

Subjects
business.industry, Big data, Law enforcement, Directive, Convention, General Data Protection Regulation, Political science, Data Protection Act 1998, media_common.cataloged_instance, European union, business, Law, Soft law, Law and economics, media_common
Abstract

Why is Big Data absent in the recent basic data protection documents of the European Union (EU) and the Council of Europe (CoE)? Why not one single reference to Big Data practices - be it to regulate or to prohibit it - in the recent General Data Protection Regulation (EU) 2016/679, the Data Protection Law Enforcement Directive (EU) 2016/680 and the Modernised CoE Convention 108 for the Protection of Individuals with Regard to the Processing of Personal Data (Convention 108+)? Some actors in the policy field considered Big Data too dan- gerous and counted on existing data protection principles to tame the beast. Others simply ignored the phenomenon or were not aware of the potential benefits of Big Data for economy and governments (the rendez-vous was missed). Our discussion of no less than six recent initiatives, - standalone laws and soft law instruments - is an indication that Europe is embracing Big Data but is seemingly hesitant to confront Big Data within the classical paradigm (field) of data protection law. Concrete guidance for Big Data practices is now spread over multiple texts emanating outside the data protection field.

Published
2019

6. Framing big data in the Council of Europe and the EU data protection law systems: Adding 'should' to 'must' via soft law to address more than only individual harms

Author

Vagelis Papakonstantinou, Paul De Hert, TILT, Metajuridica, Law Science Technology and Society, Fundamental rights centre, and Faculty of Law and Criminology

Subjects
Big Data, Computer Networks and Communications, business.industry, Business, Management and Accounting(all), Big data, Council of Europe Convention 108+, General Business, Management and Accounting, Data Protection Directive, Terminology, Convention, Council of Europe guidelines, Framing (social sciences), Political science, Data Protection Act 1998, business, Law, Law and economics, Soft law
Abstract

On 19 November 2019 the Council of Europe hosted an international conference, immediately preceding the annual plenary meeting of its Committee of Convention 108, on "Convention 108 + and the future data protection global standard". One of the authors made a presentation on "Comparing the EU and Council of Europe approach to Big Data", and it is its contents and findings that are further elaborated in this paper; Its aim is, in essence, to incorporate the feedback received and to adapt past research on Big Data, that was mostly relevant to the EU, also on the Council of Europe data protection system. After a few preliminary remarks on Big Data terminology and possible regulatory approaches, Big Data regulation is examined against the EU and the Council of Europe data protection systems. Particular emphasis is given to the Council of Europe regulatory approach both in terms of Convention 108 + and with regard to its Guidelines on Big Data and AI. The authors believe that, because both the EU and the Council of Europe have avoided to refer to Big Data in their basic data protection regulatory texts (a most likely intentional omission), guidance is indeed needed, and it may well come in the form of soft law. The Council of Europe has taken the lead in this through its Guidelines; Their timely, comprehensive and balanced approach showcases the Council's will for such processing to indeed take place, but within a well-regulated environment, albeit not under a rigid regulatory construction. (c) 2020 Paul de Hert and Vagelis Papakonstantinou. Published by Elsevier Ltd. All rights reserved.

Published
2021

8. Adding and Removing Elements of the Proportionality and Necessity Test to Achieve Desired Outcomes. Breyer and the Necessity to End Anonymity of Cell Phone Users

Author

Paul De Hert, George Bouchagiar, Metajuridica, Faculty of Law and Criminology, Brussels Interdisciplinary Research centre on Migration and Minorities, Law Science Technology and Society, and Fundamental rights centre

Subjects
Human rights, business.industry, media_common.quotation_subject, Internet privacy, Proportionality (law), Telecommunications service, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Convention, Phone, Data Protection Act 1998, Margin of appreciation, business, Law, Anonymity, media_common
Abstract

Case of Breyer v Germany Application no 50001/12 (ECtHR, 30 January 2020): The Breyer judgment concerns the storage of subscriber data by telecommunications service providers. To the Court, the collection and storage of such data amounted to interference of a rather limited nature. Additional safeguards were provided in the relevant German laws and there was independent supervision by the data protection authorities. The German lawmaker had not exceeded the margin of appreciation. There had been no violation of Article 8 of the European Convention on Human Rights.

Published
2021

9. Big data analytics in electronic communications

Author

Paul De Hert, Vagelis Papakonstantinou, Metajuridica, Law Science Technology and Society, and TILT

Subjects
Black box (phreaking), Scope (project management), business.industry, Computer science, Computer Networks and Communications, Profiling, Big data, Business, Management and Accounting(all), Context (language use), privacy, General Business, Management and Accounting, Data science, Inferences, Algorithms, Big data, Interim, surveillance, Data Protection Act 1998, Mainstream, Profiling (information science), Chilling effects, Digital footprints, business, Law, Data protection
Abstract

Over the past few years big data analytics have forcefully entered the mainstream. Admittedly, modern life would be inconceivable without the services afforded by this type of processing in the field of electronic communications. At the same time public administrations are increasingly discovering the benefits of big data analytics afforded to them by telecommunications operators. Nevertheless, despite public attention and high volumes of expert analyses, the majority of approaches on the challenges to personal data protection by this type of data processing remains theoretical; Tellingly, the EDPS speaks of the “black box” of big data analytics. However, the authors were able to open, and stare into, the “black box” of big data analytics in the electronic communications field in 2017 and 2018 in the context of GDPR compliance assessments. Their analysis first attempts to set the legal scene today, answering two crucial questions on scope and applicable law, before presenting a typology for a scalable and granular approach that the authors feel is necessary but nevertheless is missing from the text of the draft ePrivacy Regulation. The authors therefore conclude that processing requirements and particularities, as evidenced under the big data analytics paradigm, make necessary a much more detailed approach than the one afforded by the draft ePrivacy Regulation today. Until these needs are met, through the introduction of a new, fundamentally amended text, the authors suggest that the current regulatory framework and the mechanisms afforded by it be extended for an interim period, so as to afford legislators with the necessary space and time to revise their work.

Published
2020

11. European Law Enforcement and US Data Companies: A Decade of Cooperation Free from Law

Author

Paul De Hert and Angela Aguinaldo

Subjects
European Union law, Law, Political science, Law enforcement, media_common.cataloged_instance, Data Protection Act 1998, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Constitutional court, European union, Enforcement, Unilateralism, Criminal investigation, media_common
Abstract

Online evidence has been indispensable in criminal matters but due to its transnational and volatile nature, there have been issues and challenges as regards access, transfer, and usage in criminal investigations and prosecutions. In recent years, practices have been established to overcome the hurdles of cross-border access to online evidence. One of these practices is direct cooperation between law enforcement authorities and data companies, the latter of which are mostly based in the US. While this cooperation has been less blatant and apparent in its earlier years due to the want of legal basis, law enforcement authorities have been less coy towards the practice more recently. The present contribution walks the reader through the recent developments on codifying the practice of direct cooperation between European law enforcement authorities and US data companies. These developments evince how law enforcement authorities are willingly and wittingly overlooking protective safeguards and issues that ought to be addressed and thoroughly discussed. By sanctioning a relationship of direct cooperation, not only are state interests affected, but likewise issues of trust, MLA rights, privacy and data protection are affected. There ought to be a thorough discussion on these issues and hopefully the lessons learned from the recent CJEU judgments and the German Federal Constitutional Court are taken into consideration.

Published
2020

12. Structuring modern life running on software. Recognizing (some) computer programs as new ' digital persons '

Author

Vagelis Papakonstantinou, Paul De Hert, and TILT

Subjects
History, Property (philosophy), Profit (real property), Polymers and Plastics, Computer Networks and Communications, 05 social sciences, 010501 environmental sciences, Intellectual property, 01 natural sciences, General Business, Management and Accounting, Industrial and Manufacturing Engineering, Intervention (law), Incentive, Artificial life, Political science, 0502 economics and business, digital persons, robots, Legal fiction, Business and International Management, Law, 050203 business & management, The Imaginary, 0105 earth and related environmental sciences, Law and economics
Abstract

Saudi Arabia grants nationality to an AI robot; the first “clash of robots” took place in Japan; and, Bill Gates suggests that robots start paying taxes. We believe that these developments justify new legal fiction interventions. Software has long now exceeded the intellectual property boundaries. It is no longer merely property; it has assumed life of its own. It does not matter that such life is imaginary today. Legal persons were brought to life through legal fiction intervention that was based on much less motivation – merely the human incentive for profit. Software is certainly connected today with profit, given that the world's most valued corporations are software companies. However, it has moved much further than that, to assume in many ways artificial life of its own. We think that it is time that the dichotomy between natural and legal persons, that has served humanity so well over the past centuries, now be trisected: A new, digital person, ought to be added to it.

Published
2018

13. Data protection as bundles of principles, general rights, concrete subjective rights and rules

Author

Paul De Hert, TILT, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, and Metajuridica

Subjects
media_common.quotation_subject, Stability (learning theory), Computer security, computer.software_genre, Data Protection, Data Protection Directive, Topos theory, Political science, Data Protection Act 1998, Law, computer, Seriousness, The Imaginary, data protection law, Law and economics, media_common
Abstract

After having reflected about technologies and the role of non-political guidance in EU data protection law in previous editorials, I now turn to the thorny question about the proper place of data protection law. In search of a substance, I use Murakami’s imaginary to prepare for the worst: not all things, concepts and beings are blessed with substance. After having managed (lowered) possible expectations about the essence of data protection law, I turn to a first approach to understanding data protection law as a bundle of principles. Principles are powerful legal topoi that create seriousness about legal domains. They are defended by the best scholars and much appreciated by courts in their role as judicial lawmakers. They look God-given, but are man-made. Unable to fix their number and precise nature, I will challenge them by inflating their number.

Published
2017

14. Data Protection’s Future without Democratic Bright Line Rules. Co-existing with Technologies in Europe after Breyer

Author

Paul De Hert, TILT, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, and Metajuridica

Subjects
media_common.quotation_subject, Bruno Latour, 020207 software engineering, 02 engineering and technology, Morality, Transparency (behavior), technology & law, Ideal (ethics), Epistemology, Dignity, 020204 information systems, Moral agency, 0202 electrical engineering, electronic engineering, information engineering, Data Protection Act 1998, Sociology, Neutrality, Praise, Law, media_common
Abstract

Careful to avoid uninformed positioning, I limited myself in my previous contribution to a Science & Technology Studies (STS)-flavoured stance about the need for closer scrutiny of existing or novel technologies when considering the role of law and regu- lation. Detailed accounts of individual technologies allow better assessments of pos- sible ethical dilemmas created by these technologies. Although authors disagree about the degree of moral agency of artefacts or things, most agree that these are more than simple passive instruments. Things influence us and our perceptions about good and bad. Things act and interact. They mediate and impact on our moral understandings.9 Knowledge about how things do that is not easy. Latour, in particular, criticises every ideal of knowledge and mastery in this area. Technologies simply escape mastery. They are the source of a continuous paradox for humans that praise technology for its functional utility, for its neutrality (neither good or bad) and for it being a means toan end, while these technologies never cease to introduce a history of enfoldings, detours, drifts, openings and translations that abolish ideas like ‘function’ and ‘neutrality’. Latour therefore sheds a critical light on modern humans that have acquired the habit to dominate but fail to see that there are no masters anymore, no clear distinctions between means and end that would allow to identify crazed technologies and ‘to bind back the hound of technology to its cage’. Morality and technology interact, often in unpredictable ways, and there is a need to conceive another history, another reassembly of morality and technology. How Latour conceives this reassembly in practice is not clear. A process with open- ness for predictable and unpredictable outcomes could bring about the necessary dig- nity of both morality and technology, whereby we renounce the idea of putting the first on the side of means and the second on the side of ends. Latour is no believer in contemporary mantras such as more transparency,or more accountability, assessment and evaluation of options. Wrongly applied, these approaches would lead us again to the impossible ideal of mastery and knowledge of things.

Published
2017

15. The new EU cybersecurity framework: The NIS Directive, ENISA's role and the General Data Protection Regulation

Author

Paul De Hert, Vagelis Papakonstantinou, Dimitra Markopoulou, TILT, Metajuridica, Faculty of Law and Criminology, Law Science Technology and Society, University of Brussels - European Criminal Law, and Fundamental rights centre

Subjects
Cybersecurity, Emerging technologies, Computer Networks and Communications, Business, Management and Accounting(all), Legislation, 02 engineering and technology, Computer security, computer.software_genre, Domestic market, Data Protection Directive, 020204 information systems, 0502 economics and business, Common knowledge, 0202 electrical engineering, electronic engineering, information engineering, Information system, 050207 economics, 050208 finance, 05 social sciences, NIS Directive, 020207 software engineering, Directive, General Business, Management and Accounting, EU data protection, General Data Protection Regulation, Business, ENISA, computer, Law
Abstract

The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive's addressees particularly with regard to their compliance obligations as well as Member States’ obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU's General Data Protection Regulation.

Published
2019

16. Belgium, Courts, Privacy and Data Protection: An Inventory of Belgian Case Law From the Pre-GDPR Regime (1995–2015)

Author

Paul De Hert

Subjects
Constitution, General Data Protection Regulation, Political science, Common law, media_common.quotation_subject, Law, The Right to Privacy, Data Protection Act 1998, Constitutional court, Workplace privacy, Directive, media_common
Abstract

This Contribution focuses on the use made by the Belgian Constitutional Court, the Cour de Cassation and the ordinary courts of the right to privacy and the right to have personal data protected as anchored in the Belgian Constitution, the Belgian Data Protection Act and the European sources. A selection of their judgements, all dating from the era before the new EU Data Protection Regulation, are discussed along the lines of their impact on health privacy, workplace privacy, surveillance and social media privacy. Our analysis shows a great deal of European loyalty on behalf of the Belgian Constitutional Court towards European trends to favour privacy and data protection. In stark contrast stands the case law of the Cour de Cassation mainly focused at preserving prosecutorial interests and employer’s interests at the detriment of privacy and data protection interests. In our conclusions we discuss tendencies towards cosmopolitanism and tribalism, the dramatic impact of evidence law and patterns of litigation. Our analysis covers the data protection era where Belgian law was indirectly governed by EU Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23 November 1995, 31). The Directive contributed to the roll-out of data protection and harmonized the data protection provision in the EU Member States but suffered from implementation weaknesses and lack of recognition. A certain lack of recognition of the importance of data protection in the European (and Belgian legal) landscape disappeared with the the EU General Data Protection Regulation 2016/679 (“GDPR”) (OJ L 119, 5 Ma.2016, 1–88 ) that repealed Directive 95/46/EC and came into force on 25 May 2018 with direct applicable provisions. Further studies are needed to study the impact of the new European provisions on the work and output of the Belgian courts.

Published
2019

17. Understanding the legal provisions that allow processing and profiling of personal data—an analysis of GDPR provisions and principles

Author

Paul De Hert, Elena Gil González, Metajuridica, Law Science Technology and Society, Fundamental rights centre, and TILT

Subjects
050502 law, 05 social sciences, Vagueness, Separation of powers, 02 engineering and technology, Competition law, Public international law, 020204 information systems, General Data Protection Regulation, Political Science and International Relations, 0202 electrical engineering, electronic engineering, information engineering, Legal certainty, Data Protection Act 1998, Profiling (information science), Law, 0505 law, Law and economics
Abstract

This contribution looks at the legal grounds for data processing (‘when is one allowed to collect and use data on others?’) according to the General Data Protection Regulation (GDPR). It then addresses the specific regime for profiling both by solely automated and non-automated means. What is the most suitable lawful basis for this specific, sometimes controversial kind of processing? The vagueness and subjectivity of various relevant GDPR provisions in this matter can undermine legal certainty. Data protection principles such as transparency and overall fairness as enshrined in Article 5 GDPR may in this case serve as a resort to identify appropriate checks and balances. Additional understanding can be found outside data protection legislation—for instance, in competition law.

Published
2019

18. Conducting research with school children and data in line with 'ethical principles' lawyers at work in the ethics management of the H2020 mathisis project

Author

Istvan Mate Borocz, Eugenio Mantovani, Paul De Hert, Metajuridica, Law Science Technology and Society, Faculty of Law and Criminology, Fundamental rights centre, University of Brussels - European Criminal Law, and TILT

Subjects
Personal data protection law, Computer Networks and Communications, Emerging technologies, Research, 020207 software engineering, Ethical principles, 02 engineering and technology, General Business, Management and Accounting, Article, National schooling systems, Work (electrical), School children, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Engineering ethics, Obligation, Sociology, Line (text file), School children with special needs, Law, Curriculum
Abstract

Recent advancements in human-computer interaction, machine learning and in artificial intelligence hold the potential to influence both the curriculum and the pedagogy of school children. While the impacts of new technologies remain uncertain, ongoing research and innovation projects are already developing and testing such technologies in schools. This article builds on the experience of the authors as advisors for a Horizon 2020 (H2020) project conducting research with schoolchildren in twenty schools across the United Kingdom, Italy and Spain (the project MaTHiSiS). This contribution presents and discusses how the authors lived up to the obligation of conducting research in line with “ethical principles”.

Published
2020

19. The right to data portability in the GDPR: Towards user-centric interoperability of digital services

Author

Ignacio Sanchez, Vagelis Papakonstantinou, Laurent Beslay, Gianclaudio Malgieri, Paul De Hert, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, Metajuridica, Faculty of Law and Criminology, and TILT

Subjects
EU General Data Protection Regulation, Computer science, Computer Networks and Communications, Interoperability, Business, Management and Accounting(all), 02 engineering and technology, Intellectual property, Computer security, computer.software_genre, Data Protection Directive, Software portability, 020204 information systems, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, right to data portability, Data Protection Act 1998, 05 social sciences, gdpr, Consumer protection, General Business, Management and Accounting, EU data protection, General Data Protection Regulation, Privacy-enhancing technologies, computer, Law, 050203 business & management
Abstract

The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.

Published
2018

20. The cybercrime convention committee's 2017 guidance note on production orders: Unilateralist transborder access to electronic evidence promoted via soft law

Author

Paul De Hert, Juraj Sajfert, Cihan Parlar, TILT, Fundamental rights centre, University of Brussels - European Criminal Law, Metajuridica, and Faculty of Law and Criminology

Subjects
Computer Networks and Communications, Mutual legal assistance, Business, Management and Accounting(all), Fundamental rights, 050801 communication & media studies, Criminal justice in cyberspace, 0603 philosophy, ethics and religion, Convention, 0508 media and communications, Political science, Treaty, Service providers, Electronic evidence, Law and economics, Sovereign state, Production order, Jurisdiction, 05 social sciences, Enforcement jurisdiction, Law enforcement, 06 humanities and the arts, Budapest (cybercrime) convention, sovereignty, General Business, Management and Accounting, Cybercrime, extraterritoriality, cyber jurisdiction, cybercrime, 060301 applied ethics, Law, Soft law
Abstract

This article provides a critical analysis of the Council of Europe Cybercrime Convention Committee's Guidance Note of Production Orders, published on 1 March 2017. The article looks at the legal controversies surrounding production orders with a cross-border element. It explains the Guidance Note's background and origins, the basic provisions in the Cybercrime Convention allowing the law enforcement authorities to order and obtain certain information and discusses the requirements that follow from the relevant provisions of the Convention. This analysis is complemented by four critical remarks on the way the Guidance Note pushes the boundaries of acceptable treaty interpretation on the necessity of the Guidance Note, its position in regard to extraterritorial enforcement jurisdiction and sovereignty, its reticence towards fundamental rights and its refusal to define or clarify the important notion of “subscriber information”. The article argues that unilateralism is not a solution. Instead of soft law plumbing, what is needed is an agreement between sovereign states checked by their constituencies.

Published
2018

21. Legal arguments used in courts regarding territoriality and cross-border production orders: From Yahoo Belgium to Microsoft Ireland

Author

Paul De Hert, Johannes Thumfart, Cihan Parlar, University of Brussels - European Criminal Law, Metajuridica, Fundamental rights centre, and TILT

Subjects
Jurisdiction, Political science, Law, Production (economics), Territoriality
Abstract

This contribution reflects on recent cases involving cross-border data production orders such as Yahoo Belgium, Skype Belgium and Microsoft Ireland. Cross-border data production orders are found to generally involve conflicts regarding sovereignty and enforcement jurisdiction and to frequently include voluntary cooperation of companies for which the legal framework is lacking (Introduction). The Lotus principle, which recognizes a broad extraterritorial jurisdiction to prescribe and limits extraterritorial enforcement jurisdiction, is reconsidered concerning those issues (see the ‘International law pragmatism for jurisdiction to prescribe, but not for jurisdiction to enforce’ section) and the use of mutual legal assistances, which should be the rule, is discussed with four caveats (see the ‘Four caveats to territorial sovereignty and the need for MLAs: Unclarities and politics’ section). Twelve typical arguments are identified, which are employed in courtrooms when cross-border data production orders are discussed, for example, arguments regarding territorial sovereignty, the location of servers, the virtual presence of businesses via the Internet or the nationality of the data subject (see the ‘Arguments in courtrooms in favour or against informal-based cross-border investigations’ section). Subsequently, from fourth to seventh sections, those arguments are investigated regarding their context in the cases Yahoo! Belgium (2007–2015), Skype Belgium (2012–2017), Microsoft Ireland (2013–2018) and Google in re Search Warrant (2017). Finally, a first step to evaluate and test the strength of those arguments is undertaken (see the ‘Assessing the arguments: From logically weak, to unpractical to law enforcement utilitarianism (give us everything)’ section).

Published
2018

22. The proceduralisation of data protection remedies under EU data protection law

Author

Antonella Galetta, Paul De Hert, Metajuridica, Law Science Technology and Society, Fundamental rights centre, University of Brussels - European Criminal Law, and TILT

Subjects
Convention, data protection, EU, remedies, Law, General Data Protection Regulation, Data Protection Act 1998, Directive on Privacy and Electronic Communications, Information privacy law, National data protection authority, Business, Directive, Data Protection Directive
Abstract

The proceduralisation of data protection remedies under EU data protection law: towards a more effective and data subject-oriented remedial system? The right to remedy breaches of data protection is laid down in both Directive 95/46/EC (Art. 22) and the Council of Europe Data Protection Convention no. 108 (Art. 8 (d)). Although data protection violations are remedied mainly at the national level, it is possible to identify a set of procedural rules on how to remedy data protection violations under EU law. Currently, there is a three-layered remedial system in place (composed of access rights, the administrative system and the court system). Worthy of attention are the EU’s data protection reforms which will introduce new provisions aimed at ‘proceduralising’ data protection remedies. This paper investigates how data protection breaches are remedied in the EU and under EU law in light of Directive 95/46/EC and the proposed reforms.

Published
2015

23. European Human Rights, Criminal Surveillance, and Intelligence Surveillance: Towards 'Good Enough' Oversight, Preferably but Not Necessarily by Judges

Author

Gianclaudio Malgieri and Paul De Hert

Subjects
Convention, Human rights, Jurisdiction, Judicial review, media_common.quotation_subject, Political science, Law, Law enforcement, Criminal law, media_common.cataloged_instance, Data Protection Act 1998, European union, media_common
Abstract

The two European Courts (the European Court of Human Rights, ECtHR and, to a lesser degree, the European Union Court of Justice, EUCJ) have contributed greatly to the development of a legal framework for surveillance by either law enforcement agencies in the criminal law area or by secret services. Both courts put great emphasis on a system of control ex ante and post hoc by independent supervisory authorities. A complex and controversial issue remains whether the human rights to privacy, respect of communications, and to an effective remedy (enshrined in Article 8 and 13 of European Convention on Human Rights (ECHR)), requires judicial review as a necessary safeguard for secret surveillance or alternatively, at which conditions, parallel systems of non-judicial review can be accepted as adequate safeguards against illegitimate interference in citizens’ private life. The European Courts have not yet established a clear doctrine in determining suitable thresholds and parameters. In particular, the ECtHR has a flexible approach in interpreting article 8 and 13 ECHR, depending on several factors (“vital” interests at stake, political considerations, etc.). In general terms, the Court has shown a preference towards judiciary oversight, but in the European legal order there are several examples of alternative oversight systems assessed positively by the Court, such as the quasi-judiciary systems (where the independency of the supervisory body, its wide jurisdiction, its power to data access and its power to effective reactions are proved) or the system of oversight set by Data Protection Authorities in the EU member states. However, in recent judgements of the ECtHR and the EUCJ we see an increasing emphasis on declaring the necessity of a “good enough” judicial (ex ante or post hoc) control over surveillance, meaning not simply a judicial control, but a system of oversight (judicial, quasi-judicial, hybrid) which can provide an effective control over surveillance, supported by empirical checks in the national legal system at issue.

Published
2017

24. The rich UK contribution to the field of EU data protection: Let's not go for 'third country' status after Brexit

Author

Vagelis Papakonstantinou, Paul De Hert, Metajuridica, Law Science Technology and Society, Fundamental rights centre, University of Brussels - European Criminal Law, and TILT

Subjects
0301 basic medicine, Process (engineering), Computer Networks and Communications, Field (Bourdieu), Vantage point, media_common.quotation_subject, 05 social sciences, Business, Management and Accounting(all), 050801 communication & media studies, Certainty, General Business, Management and Accounting, Data Protection Directive, EU data protection, UK data protection, 03 medical and health sciences, 030104 developmental biology, 0508 media and communications, Brexit, Law, Political science, Data Protection Act 1998, Law and economics, media_common
Abstract

The die is cast. At the time of drafting this paper the so-called Brexit, the exit of the UK from the EU, seems like a certainty after the poll results of 23 June 2016. Within such historic, indeed seismic, developments data protection seems but a minor issue, a footnote to a world-changing chapter waiting to be written. Yet, from our modest vantage point, undertaken after this Journal's kind invitation, we submit that data protection, although one out of the myriad legal aspects pertaining to Brexit that urgently await consideration, may prove to be a crucial issue in this process. Notwithstanding what happens in the immediate future, when attention will presumably be focused on coordinating the dates when Brexit may potentially occur and the GDPR comes into effect, long-term thinking is critical. We believe that, because developments in this field of law will be among those felt directly by individuals on both sides of the Channel, data protection has the potential to be among the issues that “make” or “break” a possibly successful Brexit – if success is perceived as minimal disturbance to an already functioning system. UK and EU data protection are intrinsically connected by now, by osmosis, after decades of mutual exchanges and intensive collaboration. If indeed, contrary to our wishes, a data protection Brexit does take place, the preferred way forward for the authors would be for the UK to unreservedly and permanently adhere to the EU data protection model. If this will not be the case, then we feel that a high-level principle-driven solution would serve data protection purposes better than a detailed and technical solution; the latter, if ever achievable, would essentially attempt the impossible: to surgically severe what is today an integral part of a living and functioning system.

Published
2017

25. Children’s Rights Law in the Global Human Rights Landscape

Author

Paul De Hert, Alexander Hoefmans, and Ann-Katrin Habbig

Subjects
Human rights, Inclusion (disability rights), media_common.quotation_subject, Political science, Field (Bourdieu), Law, Isolation (psychology), Treaty, Best interests, media_common
Abstract

Children’s rights law is often studied and perceived in isolation from the broader field of human rights law. This contribution explores the inter-relationship between children’s rights law and human rights law on older persons in order to see whether elements from each could successfully inform the other. Children’s rights law has a number of distinctive characteristics, such as the emphasis on the ‘best interests of the child’, the use of general principles, and the inclusion of ‘third parties’ (e.g. parents and other care-takers) in treaty provisions. In this contribution we ask two questions: whether these features could be a source of inspiration for elderly human rights law? And Whether children’s rights law could draw inspiration from developments with regard to the rights of older persons?

Published
2017

26. Integrating disability and elder rights into the ECHR: rewriting McDonald v the United Kingdom (ECtHR)

Author

Paul De Hert, Marijke De Pauw, Eva, Brems, Desmet, Ellen, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, and Metajuridica

Subjects
International level, Elder rights, Human rights, media_common.quotation_subject, Human Rights Law, elderly rights, Positive obligations, Un convention, Perception, Political science, Law, Enforcement, media_common, Soft law
Abstract

It is argued that McDonald is to be considered a missed opportunity to integrate two areas of human rights law in the judgment: disability human rights law and elderly human rights law. During the last decade, the area of disability rights has seen important developments at both the regional and international level. The adoption of several soft law instruments and particularly the high number of ratifications of the UN Convention on the Rights of Persons with Disabilities (CRPD) reflect an evolving perception of the status of this group within society. The CRPD is considered ground breaking in the sense that it creates clear positive obligations for member states regarding the enjoyment of socio-economic rights, such as the provision of care services. The recognition and enforcement of such rights, however, remains a delicate and complicated issue before the Strasbourg Court.

Published
2017

27. Gary Becker and the economics of trafficking in human beings

Author

Paul De Hert, Julia Muraszkiewic, Metajuridica, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, and TILT

Subjects
Work (electrical), Law, Criminal law, Tribute, Legislation, Human trafficking, Sociology, Criminology
Abstract

Gary Becker died on 3 May 2014. He was an economist, Noble prize winner and author. He was declared by Milton Friedman as the “the greatest social scientist who has lived and worked in the last half century”. His work focused on economics and sociology, and through the lenses of these disciplines he looked at many subjects, including crime and the criminal law. His crucial finding that crime is the sum of rational actors still has a lot to off er to criminologists and practitioners working in the area of criminal law. This editorial pays tribute to his analytical spirit by embracing it when assessing the EU legislation to combat human trafficking.

Published
2014

28. Self respect—A 'Rawlsian Primary Good' unprotected by the European Convention on Human Rights and its lack of a coherent approach to stigmatization?

Author

Paul De Hert, Paul Quinn, Metajuridica, Recht Wetenschap Technologie en Samenleving, Fundamentele rechten centrum, TILT, Law Science Technology and Society, and Fundamental rights centre

Subjects
050502 law, Public information, medicine.medical_specialty, 030505 public health, Sociology and Political Science, Human rights, Public health, media_common.quotation_subject, non discrimination law, Human Rights Law, 05 social sciences, Stigmatization, 16. Peace & justice, Self-respect, Convention, 03 medical and health sciences, Law, Political science, medicine, 0305 other medical science, 0505 law, media_common
Abstract

This article is primarily concerned with stigmatization resulting from public information campaigns such as public health information campaigns. Stigmatization as a concept has received much attention from social scientists but conversely little from the legal world, including the European Court of Human Rights. Stigmatization can be distinguished from other similar concepts, e.g. discrimination, stereotyping and marginalization, by its ability to induce a sense of “self-loathing.” The court’s limited discourse thus far raises questions as to whether it recognizes stigmatization as being capable of engaging human rights principles where no other engaging factors are present. Even if the court is willing to find engagement in such cases, it is likely that in most instances the court would find any incidental stigmatization justified given the potential benefits available. The lack of judicial engagement with such cases thus far may reflect the possibility that stigmatization occurring through expressive acts of public officials is located within a “nexus of non-justiciability” whereby the European Convention on Human Rights is generally not applicable.

Published
2013

29. Genetic Data and the Data Protection Regulation: Anonymity, multiple subjects, sensitivity and a prohibitionary logic regarding genetic data?

Author

Dara Hallinan, Paul De Hert, and Michael Friedewald

Subjects
Computer Networks and Communications, Process (engineering), Computer science, Genetic data, Bioethics, Computer security, computer.software_genre, Directive, General Business, Management and Accounting, Data Protection Directive, Risk analysis (engineering), Data Protection Act 1998, Sensitivity (control systems), Law, computer, Anonymity
Abstract

Owing to the unique qualities of genetic data, there have been numerous criticisms of the current data protection framework's ability to protect genetic data. It has been suggested that the Directive did not recognise the sensitivity of genetic data and that it ignored a number of legitimate interests in this data (in particular interests which multiple data subjects may have and those which may remain in anonymous data). In 2012, the first results of a reform process of EU data protection law were released. These results included a draft Regulation (to replace the Directive) which introduced a new framework for the protection of genetic data. This Article considers whether the innovative approach to genetic data in the Regulation will provide a more adequate framework for the protection of genetic data. It concludes that the Regulation has rectified the lack of recognition of sensitivity, but still stutters in recognising a number of legitimate interests.

Published
2013

30. Expanding the European data protection scope beyond territory: Article 3 of the General Data Protection Regulation in its wider context

Author

Paul De Hert, Michal Czerniawski, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, Metajuridica, and TILT

Subjects
0209 industrial biotechnology, Scope (project management), Jurisdiction, Operations research, 020208 electrical & electronic engineering, Context (language use), 02 engineering and technology, Data Protection, Data Protection Directive, Convention, 020901 industrial engineering & automation, jurisdiction, General Data Protection Regulation, Political science, 0202 electrical engineering, electronic engineering, information engineering, media_common.cataloged_instance, Data Protection Act 1998, European union, Law, media_common, Law and economics
Abstract

Jurisdiction based solely on the territoriality principle is becoming less evident in the digital age This article engages in a discussion with authors such as Kuner and Svantesson, that have expressed a critical view on expansive jurisdiction of the EU data protection regime in issue 4, November 2015, of this Journal. Our contribution focuses on the choices with regard to scope and jurisdiction made by the EU co-legislators in Article 3 of the new EU General Data Protection Regulation (hereinafter, ‘General Regulation’ or ‘GDPR’),6 which will apply from 25 May 2018, and compares this to the current regime under Article 4 of the Data Protection Directive. It also assesses whether the modernized Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data (No 108) is heading in a similar direction and highlights the Court of Justice of the European Union (CJEU) position on the territorial scope of the EU data protection law.

Published
2016

31. The new General Data Protection Regulation: Still a sound system for the protection of individuals?

Author

Vagelis Papakonstantinou, Paul De Hert, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, Metajuridica, and TILT

Subjects
Framework decision, Computer Networks and Communications, Computer science, 05 social sciences, 050801 communication & media studies, Information privacy law, 02 engineering and technology, National data protection authority, Directive, General Business, Management and Accounting, Data Protection Directive, 0508 media and communications, 020204 information systems, General Data Protection Regulation, Law, 0202 electrical engineering, electronic engineering, information engineering, Directive on Privacy and Electronic Communications, Data Protection Act 1998, Data protection
Abstract

The five-year wait is finally over; a few days before expiration of 2015 the “trilogue” that had started a few months earlier between the Commission, the Council and the Parliament suddenly bore fruit and the EU data protection reform package has finally been concluded. As planned since the beginning of this effort a Regulation, the General Data Protection Regulation is going to replace the 1995 Directive and a Directive, the Police and Criminal Justice Data Protection Directive, the 2008 Data Protection Framework Decision. In this way a long process that started as early as in 2009, peaked in early 2012, and required another three years to pass through the Parliament's and the Council's scrutiny is finished. Whether this reform package and its end-result is cause to celebrate or to lament depends on the perspective, the interests and the expectations of the beholder. Four years ago we published an article in this journal under the title “The proposed data protection Regulation replacing Directive 95/46/EC: A sound system for the protection of individuals”. This paper essentially constitutes a continuation of that article: now that the General Data Protection Regulation's final provisions are at hand it is possible to present differences with the first draft prepared by the Commission, to discuss the issues raised through its law-making passage over the past few years, and to attempt to assess the effectiveness of its final provisions in relation to their declared purposes.

Published
2016

32. The new police and criminal justice data protection directive: A first analysis

Author

Paul De Hert, Vagelis Papakonstantinou, TILT, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, and Metajuridica

Subjects
Criminal justice ethics, Right to be forgotten, 05 social sciences, Law enforcement, 050801 communication & media studies, 02 engineering and technology, Police science, Data Protection Directive, 0508 media and communications, 020204 information systems, Law, General Data Protection Regulation, Political science, 0202 electrical engineering, electronic engineering, information engineering, Data Protection Act 1998, Data protection, Criminal justice
Abstract

Allegedly the Police and Criminal Justice Data Protection Directive (henceforth, the “Directive”) is the little-known, much overlooked part of the EU data protection reform package that stormed into the EU legislative agenda towards the end of 2015. Its counterpart, regulating all other personal data processing activities, the General Data Protection Regulation (henceforth, the “Regulation”), is undoubtedly the text that fascinated legislators, legal scholars and even journalists over the four years since their simultaneous release in first draft formats, with its numerous noteworthy novelties: the right to be forgotten, the right to data portability, data protection impact assessments, privacy by design, consistency and one-stop-shop mechanisms among EU Data Protection Authorities etc. Compared to this impressive list the text of the Directive indeed sounds mundane and unimaginative. However, we firmly believe that the repercussions it will have in the EU personal data processing scene surrounding the work of law enforcement authorities, once it comes into effect, will be fundamental and will be equally felt by everybody exactly in the same way that its famous sibling intends to do.

Published
2016

33. Data protection authority perspectives on the impact of data protection reform on cooperation in the EU

Author

Cristina Pauner Chulvi, Paul De Hert, David Barnard-Wills, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, Metajuridica, and TILT

Subjects
Computer Networks and Communications, Process (engineering), 050801 communication & media studies, Context (language use), 02 engineering and technology, National data protection authority, Public administration, Data Protection Directive, 0508 media and communications, 020204 information systems, Political science, 0202 electrical engineering, electronic engineering, information engineering, Data Protection Act 1998, media_common.cataloged_instance, European Union, European union, Enforcement, media_common, Data protection, Reform, 05 social sciences, General Business, Management and Accounting, Privacy, Law, General Data Protection Regulation, Data protection authorities, International cooperation, data protection law
Abstract

This article presents the findings of interviews with representatives from the majority of EU data protection authorities in the context of the ongoing data protection reform process. It identifies commonalities between the authorities to the extent it is possible to speak about a EU DPA perspective, but also identifies areas of tension and disagreement as well as future intentions. The focus of the article is upon the impact of the data protection reform process on the way that these independent bodies, located in EU Member States will increasingly have to cooperate at an EU-level. Capturing these perspectives at this moment in the reform process provides insight into the process from a group of concerned stakeholders, but also insight into how these stakeholders are (re-)positioning themselves, planning, and anticipating the impacts of the reform. This article is based upon research conducted as part of the PHAEDRA II project ("Improving practical and helpful cooperation between data protection authorities" and the article is possible due to the assistance and contribution of all project partners. The project is co-funded by the European Union and the Fundamental Rights and Citizenship Programme (JUST/2013/FRAC/AG6068), however the contents of this article are the sole responsibility of the authors and cannot be taken to represent the views of the European Commission. More information on the project can be found at http://www.phaedra-project.eu/

Published
2016

34. The proposed data protection Regulation replacing Directive 95/46/EC: A sound system for the protection of individuals

Author

Vagelis Papakonstantinou and Paul De Hert

Subjects
Framework decision, Computer Networks and Communications, Law, General Data Protection Regulation, Directive on Privacy and Electronic Communications, Data Protection Act 1998, Information privacy law, Business, National data protection authority, Directive, General Business, Management and Accounting, Data Protection Directive
Abstract

The recent release by the European Commission of the first drafts for the amendment of the EU data protection regulatory framework is the culmination of a consulting and preparation process that lasted more than two years. At the same time, it opens up a law-making process that is intended to take at least as much time. The Commission has undertaken the herculean task to amend the whole EU data protection edifice, through the introduction of a General Data Protection Regulation, intended to replace the EU Data Protection Directive 95/46/EC, and a Police and Criminal Justice Data Protection Directive, intended to replace the Framework Decision 2008/977/JHA. This paper shall focus at the replacement of the EU Data Protection Directive by the draft General Data Protection Regulation. Due to the fact that the draft Regulation is a long (and ambitious) text, a selection has been made, with the aim of highlighting its treatment of basic data protection principles and elements, in order to identify merits and shortcomings for the general data protection purposes.

Published
2012

35. The European Patients’ Rights Directive: A clarification and codification of individual rights relating to cross border healthcare and novel initiatives aimed at improving pan-European healthcare co-operation

Author

Paul De Hert, Paul Quinn, Metajuridica, and Law Science Technology and Society

Subjects
Patients' rights, business.industry, Parliament, media_common.quotation_subject, General Medicine, Medical law, Directive, Context analysis, Law, Political science, Health care, Directive on Privacy and Electronic Communications, business, medical law, Reimbursement, media_common
Abstract

This paper undertakes a contextual analysis of the main aims of Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare, commonly known as the Patients’ Rights Directive (the PRD). The PRD itself does not aim to provide a new system for coordinating social security entitlements, leaving the regime laid down in (EEC) 1408/71 and later (EC) 883/2004 unaffected. Rather, it is intended that the PRD will supplement the rights that these instruments were intended to provide. The main aims of the PRD instead concern matters related to the prior authorisation of healthcare, the reimbursement of healthcare and the removal of unjustified obstacles from doing so. This paper explores how the Directive sets out to achieve these aims and analyses it within the context of other related European Union legislation and jurisprudence in the area. Alongside this primary aim of codifying European Court of Justice case law, the PRD also introduces novel initiatives aimed at fostering cross-border cooperation between various elements of national healthcare systems. These issues will be dealt with in detail in a subsequent paper.

Published
2012

36. International mutual legal assistance in criminal law made redundant: A comment on the Belgian Yahoo! case

Author

Monika Kopcheva and Paul De Hert

Subjects
Jurisdiction, Computer Networks and Communications, business.industry, Interpretation (philosophy), General Business, Management and Accounting, Supreme court, Made redundant, Order (business), Law, Political science, Criminal law, The Internet, Obligation, business
Abstract

This article offers a critical examination of the court judgements in a recent Belgian case against Yahoo!. It examines the challenges related to the establishment of jurisdiction for Internet-based services and the role that procedures of mutual legal assistance should play. Belgian law obliges providers of “electronic communications services/electronic communications networks” to cooperate with Belgian law-enforcement authorities and to handle over communication and personal data. Although the terms are derived from the EU Electronic Communications Regulatory Framework, a much broader interpretation to them was finally given by the Belgian Supreme Court. Seemingly this implies that, from now on, a US-based company such as Yahoo! is, at least under Belgian law, under a legal obligation to directly comply with an order issued by Belgian law-enforcement authorities.

Published
2011

38. The EU PNR framework decision proposal: Towards completion of the PNR processing scene in Europe

Author

Vagelis Papakonstantinou and Paul De Hert

Subjects
Framework decision, Computer Networks and Communications, Parliament, Law, media_common.quotation_subject, Political science, Data Protection Act 1998, Commission, Treaty, Ratification, General Business, Management and Accounting, media_common
Abstract

The entry into force of the Lisbon Treaty has suspended discussions over the release of a EU PNR processing system. Plans to introduce an intra-EU PNR processing system initiated since 2007, although strongly supported by the Commission and the Council, did not bear fruit before the ratification of the Lisbon Treaty and the, institutional, involvement of the Parliament. While discussions have been suspended since October 2009 and most probably a new draft proposal will be produced, it is perhaps useful to present in brief the proposal currently in place so as to highlight its shortcomings for European data protection and suggest ways individual protection may be strengthened in future drafts.

Published
2010

39. Protection des données personnelles et mesures de sécurité : vers une perspective transatlantique

Author

Paul De Hert, Rocco Bellanova, Bigo, Didier, Metajuridica, and Recht Wetenschap Technologie en Samenleving

Subjects
data protection, Ecology, Etats-Unis, United states, privacy in US, protection des données, droit, sécurité, European union, security, libertés fondamentales, fundamental liberties, transatlantic security, Insect Science, Political science, media_common.cataloged_instance, Union européenne, law, Humanities, Ecology, Evolution, Behavior and Systematics, Data protection, media_common
Abstract

Les enjeux de l’échange et de la protection des données personnelles ne sont pas une nouveauté dans les débats sur la gestion de la sécurité transatlantique et l’impact de certaines mesures sur les libertés fondamentales. La publication, en juin 2008, du Rapport final du groupe de contact à haut niveau, composé d’experts de l’Union Européenne et des Etats-Unis, ainsi que sa réception par les dirigeants politiques, a contribué à relancer le débat. Il paraît donc important de saisir cette occasion pour esquisser une première étude sur les systèmes européen et étatsunien de protection de données personnelles couvrant les activités de justice et affaires intérieures. Sans prétention à l’exhaustivité, cet article analyse les principes et les législations européenne et étatsunienne, en soulignant les limites implicites à chaque système et à la mise en relation des deux, ainsi que la nécessité d’un véritable débat politique et parlementaire pour les dépasser. Issues concerning information sharing and data protection are not a novelty in the debates on transatlantic security management and the impact of security measures on fundamental liberties. The debate has been re-launched by the publication, in June 2008, of the Final Report of the High Level Contact Group, formed by European Union and United States experts, as well as by its reception by political leaders. Therefore, this is an important occasion to draft a first study on the EU and US data protection systems covering the activities of justice and internal affairs. Surely not exhaustively, this article analyses EU and US relevant principles and legislations and it underlines the implicit limits in each system and in the set up of an agreement. Finally, it highlights the need for a real political and parliamentary debate in order to overcome the main differences and limits.

Published
2009

40. The data protection framework decision of 27 November 2008 regarding police and judicial cooperation in criminal matters – A modest achievement however not the improvement some have hoped for

Author

Vagelis Papakonstantinou and Paul De Hert

Subjects
European Union law, Framework decision, Computer Networks and Communications, General Data Protection Regulation, Law, Data Protection Act 1998, Information privacy law, Sociology, National data protection authority, Enforcement, General Business, Management and Accounting, Data Protection Directive
Abstract

After more than three years in the making, that have witnessed much controversy, several working texts and at least two altogether different versions, the Data Protection Framework Decision “on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters” (hereafter, the DPFD) was finally adopted on 27 November 2008. The DPFD was supposed to be celebrated as the Data Protection Directive equivalent in European law enforcement (Third Pillar) processing. However, since its formal adoption, and even before that, data protection proponents (the European Data Protection Supervisor, the Article 29 Working Party, national Data Protection Commissioners, NGOs) lamented its adoption as the result of changes that ultimately compromised data protection. Is the DPFD a disappointment to the great expectations that accompanied its first draft, back in 2006? An attempt to address this question shall be undertaken in this paper.

Published
2009

41. Senior citizens and the ethics of e-inclusion

Author

Guido Van Steendam, Paul De Hert, Antonio D'Amico, Emilio Mordini, Jesper Thestrup, Ira Vater, Eugenio Mantovani, David Wright, and Kush Wadhwa

Subjects
Population ageing, Human rights, business.industry, media_common.quotation_subject, Universal design, Library and Information Sciences, Public relations, Computer Science Applications, Dignity, Law, media_common.cataloged_instance, Sociology, Treaty, European union, business, Digital divide, Inclusion (education), media_common
Abstract

The ageing society poses significant challenges to Europe's economy and society. In coming to grips with these issues, we must be aware of their ethical dimensions. Values are the heart of the European Union, as Article 1a of the Lisbon Treaty makes clear: "The Union is founded on the values of respect for human dignity?". The notion of Europe as a community of values has various important implications, including the development of inclusion policies. A special case of exclusion concerns the gap between those people with effective access to digital and information technology and those without access to it, the "digital divide", which in Europe is chiefly age-related. Policies to overcome the digital divide and, more generally speaking, e-inclusion policies addressing the ageing population raise some ethical problems. Among younger senior citizens, say those between 65 and 80 years old, the main issues are likely to be universal access to ICT and e-participation. Among the older senior citizens, say those more than 80 years old, the main issues are mental and physical deterioration and assistive technology. An approach geared towards the protection of human rights could match the different needs of senior citizens and provide concrete guidance to evaluate information technologies for them.

Published
2009

42. Repeating the mistakes of the past will do little good for air passengers in the EU: The comeback of the EU PNR Directive and a lawyer’s duty to regulate profiling

Author

Vagelis Papakonstantinou, Paul De Hert, and TILT

Subjects
Framework decision, media_common.quotation_subject, Political science, Common law, Law, Data Protection Act 1998, Fundamental rights, Substantive law, Duty, Data Protection Directive, media_common, Criminal justice
Abstract

On the 17th of February an old data protection acquaintance, the EU PNR Directive1, returned to life. On that date the Parliament’s LIBE Committee released its Report2 on its rst (re-)reading of a dra that was otherwise presumed dead since 2011, when that same Committee found it unacceptable because of fundamental rights concerns and asked the Commission to withdraw it. The fact remains that the general data protection environment has in the meantime substantially changed: the PNR Directive’s provisions must now be reconciled with the latest case law of the Court of Justice on acceptable surveillance and with the EU data protection reform package, in particular with its dra Police and Criminal Justice Directive8 that is to replace the 2008 Framework Decision. is applies both to substantive law and supervision model

Published
2015

43. The Data Protection Regime in China. In-Depth Analysis

Author

Vagelis Papakonstantinou and Paul De Hert

Subjects
Law, General Data Protection Regulation, Civil law (legal system), Economics, Chinese law, Data Protection Act 1998, Information privacy law, National data protection authority, Enforcement, Data Protection Directive
Abstract

This in-depth analysis was commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee. One cannot talk of a proper data protection regime in China, at least not as it is perceived in the EU. The international data protection fundamentals that may be derived from all relevant regulatory instruments in force today, namely the personal data processing principles and the individual rights to information, access and rectification, are not unequivocally granted under Chinese law. An efficient enforcement mechanism, also required under European standards, is equally not provided for. China has no comprehensive data protection act but several relevant sectorial laws that, under a combined reading together with basic criminal and civil law provisions, may add up to a data protection ‘cumulative effect’. This assertion is examined and assessed in the analysis that follows. A list of realistic policy recommendations has been drawn up in order to establish whether China’s recent data protection effort is part of a persistent, yet concise, policy.

Published
2015

44. The EU, children under 13 years, and parental consent: A human rights analysis of a new, age-based bright-line for the protection of children on the Internet

Author

Lina Jasmontaite, Paul De Hert, TILT, Fundamental rights centre, Law Science Technology and Society, University of Brussels - European Criminal Law, and Metajuridica

Subjects
Human rights, business.industry, Data management, media_common.quotation_subject, Internet privacy, Information privacy law, privacy, Computer security, computer.software_genre, kids, General Data Protection Regulation, Data Protection Act 1998, The Internet, Parental consent, Information society, business, Psychology, Law, computer, media_common
Abstract

Empirical data show that increasingly younger children are engaging in online activities. Many children lack experience and knowledge of the implications and practices related to personal data management. However, under the current Euro- pean data protection regime, children become data subjects on the same legal basis as adults, with consent being the most popular method of obtaining personal data. The proposed EU Data Protection Regulation tackles this problem by introducing a requirement for data controllers providing information society services directed at children: the controllers should obtain parental consent in cases where the personal data of a child under the age of 13 are being processed in the online environment. In the view of the European Commission, this requirement will reduce online risks for children and prevent them from making ‘youthful’ indiscretions.

Published
2015

45. Reforming European Data Protection Law

Author

Ronald Leenes, Paul De Hert, Serge Gutwirth, and TILT

Subjects
data protection, privacy, data protection, regulation, EU, surveillance, ehealth, PIA, Engineering, Information privacy, Privacy by Design, ehealth, business.industry, Privacy policy, FTC Fair Information Practice, regulation, Information privacy law, privacy, Data Protection Directive, General Data Protection Regulation, Law, surveillance, Data Protection Act 1998, PIA, EU, business
Abstract

This book on privacy and data protection offers readers conceptual analysis as well as thoughtful discussion of issues, practices, and solutions. It features results of the seventh annual International Conference on Computers, Privacy, and Data Protection, CPDP 2014, held in Brussels January 2014.The book first examines profiling, a persistent core issue of data protection and privacy. It covers the emergence of profiling technologies, on-line behavioral tracking, and the impact of profiling on fundamental rights and values. Next, the book looks at preventing privacy risks and harms through impact assessments. It contains discussions on the tools and methodologies for impact assessments as well as case studies.The book then goes on to cover the purported trade-off between privacy and security, ways to support privacy and data protection, and the controversial right to be forgotten, which offers individuals a means to oppose the often persistent digital memory of the web. Written during the process of the fundamental revision of the current EU data protection law by the Data Protection Package proposed by the European Commission, this interdisciplinary book presents both daring and prospective approaches. It will serve as an insightful resource for readers with an interest in privacy and data protection.

Published
2015

47. The EU data protection reform and the (forgotten) use of criminal sanctions

Author

Paul de Hert, Metajuridica, and Law Science Technology and Society

Subjects
Member states, Directive, Computer security, computer.software_genre, Data Protection Directive, Nothing, Political science, Criminal law, Data Protection Act 1998, Sanctions, Enforcement, Law, computer, Law and economics, data protection law
Abstract

The proposed data protection regulation2 includes mention of the use of criminal and administrative sanctions. Both were possible in EU data protection law but, after the reform, the use of administrative sanctions will become mandatory. With regard to criminal sanctions to address data protection wrongs, nothing changes: member states can choose to create them or not. Why is the new EU, with its enhanced post-Lisbon powers, so timid and '1995-ish' with regard to criminal law? How is it possible that, to reform a set of rules created by a directive, a regulation is chosen with the aim of harmonising just about everything in EU data protection law, but not the chapter on sanctions and enforcement? This contribution lists some explanatory factors and reflects on future regulatory choices in member states.

Published
2014

48. The Council of Europe Data Protection Convention reform

Author

Paul De Hert, Vagelis Papakonstantinou, Metajuridica, Law Science Technology and Society, and TILT

Subjects
data protection, Computer Networks and Communications, Information privacy law, National data protection authority, General Business, Management and Accounting, Data Protection Directive, Insider, Convention, General Data Protection Regulation, Political science, Law, Milestone (project management), Data Protection Act 1998, data protection law
Abstract

The year 2010 set an important milestone in the development of data protection law in Europe: both Europe's basic regulatory texts, the EU Data Protection Directive and the Council's Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108), were placed at an amendment process, having served individual data protection for many years and witnessed in the meantime technological developments that threatened to make their provisions obsolete. After briefly presenting Convention 108, the analysis that follows will highlight the Council's data protection system currently in effect as well as developments relating to the Convention's amendment so far with the aim of identifying improvements and shortcomings. While doing this two separate points of view shall be adopted: at first a micro point of view will attempt to identify improvements and shortcomings through an ‘insider’ perspective, that is, judging only the merits and difficulties of the draft text at hand. Afterwards a macroscopic view will be adopted, whereby strategic issues will be discussed pertaining to the important issue of the relationship of the suggested draft with the EU data protection system, as well as, the same draft's potential to constitute the next global information privacy standard.

Published
2014

49. Complementing the surveillance law principles of the Court of Strasbourg with its environmental law principles. An integrated technology approach to a human rights framework for surveillance

Author

Paul De Hert, Antonella Galetta, and TILT

Subjects
surveillance technologies and surveillance law principles, Common law, Proportionality (law), private life interferences, Principle of legality, International law, Public law, Law, Political science, lcsh:K1-7720, The Right to Privacy, polluting technologies and environmental law principles, lcsh:Law in general. Comparative and uniform law. Jurisprudence, Sources of law, Right to privacy, Article 8 ECHR
Abstract

If one looks at the case law of the European Court of Human Rights on surveillance matters, a well mature set of principles emerge, namely: legality, legitimacy, proportionality (the standard check) and, if the Court is "on it", also necessity and subsidiarity (the closer scrutiny check). We pass the surveillance case law and the principles developed therein in review and note that 1) not all surveillance is considered relevant to the right to privacy (the threshold problem); 2) when surveillance is subjected to a privacy right analysis, concerns about rights contained in other provisions, such as Articles 6, 13 and 14 of the Convention, are added; 3) not all surveillance that interferes with privacy is considered as problematic, hence differences in the Court's view with regard to the legality requirement and intensity of the scrutiny arise. Beyond this analysis of the Court's surveillance case law, in the second part of this contribution we carry out further the research initiated by Murphy and Ó Cuinn about the existence of a 'new technology' approach in the Court's case law and on principles that apply to a wide range of technology-related issues (from surveillance, over biomedicine, to polluting technologies). We focus in particular on the case law of the Court on environmental matters. We find that greater coherence could be reached in the Court's case law on surveillance by integrating the environmental law principles of participation, precaution, access to information and to access justice into surveillance matters. Nevertheless, such move would be very desirable and give new momentum to the Court's case law on surveillance-related interferences.

Published
2014

50. The Data Protection Regime Applying to the Inter-Agency Cooperation and Future Architecture of the EU Criminal Justice and Law Enforcement Area

Author

Paul De Hert and Vagelis Papakonstantinou

Subjects
Criminal justice ethics, Inter agency, Process (engineering), Political science, Law, Law enforcement, Data Protection Act 1998, Architecture, Criminal justice
Abstract

This study aims, fi rst, at identifying data protection shortcomings in the inter-agency cooperation regime in the EU criminal justice and law enforcement area and, second, at outlining, under six possible scenarios, the interplay among the data protection legal instruments in the law-making process today in fi eld, as well as, the response each could provide to such shortcomings.

Published
2014

Catalog

Books, media, physical & digital resources
See catalog results