Posted in EU Data Protection

Opinion

European Court Gives a Boost to EU Data Protection Reform

On April 8, the Court of Justice of the European Union invalidated the EU Data Retention Directive 2006/24. Beyond its significance for data retention, this judgment has important implications for EU data protection law in general and the proposed General Data Protection Regulation (GDPR) in particular.

More from Christopher Kuner

Opinion

What a 21st Century Privacy Law Could—and Should—Achieve

By Phil Lee, CIPP/E, CIPM

It’s no secret that the EU’s proposed General Data Protection Regulation (GDPR) hangs in the balance. Some have even declared it dead (see here), though, to paraphrase Mark Twain, those reports are somewhat exaggerated. Nevertheless, 2014 will prove a pivotal year for privacy in the European Union: Either we’ll see some variant of the proposed regulation adopted in one form or another, or we’ll be heading back to the drawing board.

More from Phil Lee

Opinion

The Questionable Legality and Practicality of the EU’s Proposed “Anti-FISA” Clause

As it has been noted on these pages one of the tangible results of the Snowden revelations has been the (re)introduction of a provision in the EU’s proposed General Data Protection Regulation aiming to limit and control the transfer of personal data to authorities in third countries, the main concern motivating this initiative clearly being concerns regarding the transfer of personal data to U.S. intelligence and law enforcement authorities.

Originally, the European Commission had intended for such a provision to be included in Article 42 of the data protection reform proposal tabled in January 2012, but—if one chooses to believe the many press reports one the matter—due to intense lobbying pressure from the U.S. government, the provision was removed. That is, of course, not the full picture.

Opinion

The Baffling Case of the Headless EDPS

Peter Hustinx (right) reflects on a career in privacy, with Christopher Kuner, before a standing-room crowd at the IAPP Data Protection Congress 2013 in Brussels.

After working in Brussels for the last 15 years, I have become accustomed to the byzantine machinations of European politics. But the spectacle that is currently unfolding concerning appointment of a new European Data Protection Supervisor (EDPS) and Assistant Supervisor paints a particularly dismal picture of how data protection in the EU can become a political football.

More from Christopher Kuner

Opinion

Shutting Europe Down Is Not the Way To Defend Privacy

By Eduardo Ustaran, CIPP/E

When I was at university, I remember a lecturer who used to say the first rule that any law degree student should follow was “to not panic.” That is a rule that we should all apply when reading the draft report of the LIBE Committee of the European Parliament on the NSA surveillance programme. The prospect of a closed-down Europe that is advocated by the report is certainly daunting. Shutting down pretty much all transatlantic data flows in order to prevent unreasonable access to data by the U.S. intelligence services would not only be disproportionate, but it would be hugely damaging to the information society we all rely on.

More from Eduardo Ustaran

The Year in Review

2013: The Year of Privacy

Privacy Perspectives word cloud

If there ever was a “year of privacy,” surely it was 2013. A year that ends with dictionary.com selecting “privacy” as “word of the year;” with privacy making front-page headlines in The New York Times and The Washington Post (not to mention The Guardian) on a weekly, indeed almost daily, basis; with cross-Atlantic ties stretched to the limit over privacy issues, the UN passing a privacy resolution and armies of lobbyists spinning BCRs and Do-Not-Track in Washington bars and Brussels cafes—ladies and gentlemen, 2013 was the year of privacy.

More from Omer Tene

Opinion

Yes, Consent Is Dead. Further, Continuing To Give It A Central Role Is Dangerous

By Eduardo Ustaran, CIPP/E

At the just-concluded IAPP Data Protection Congress in Brussels, the audience heard a bold proposal from closing keynoter Viktor Mayer-Schönberger: “The naked truth is that informational self-determination has turned into a formality devoid of meaning and import.”

Contemporary ideas of notice and consent, he argued, are a farce.

In the moment, he was quite compelling. It is important that we as privacy professionals from time to time question the underpinnings of our training and, especially, our industry and profession.

More from Eduardo Ustaran

Opinion

Legal Reform Is Needed on Both Sides of the Atlantic, Not Just in Europe

I recall that in the 1990s and early 2000s, it was often a struggle to get people outside of Europe to take EU data protection law seriously. The perceived lack of enforcement in the EU, and the dynamic legislative climate in the U.S., meant that more attention was given to U.S. developments.

The situation is now reversed, and there has been intense interest in the European Commission’s proposal for a General Data Protection Regulation published in January 2012, and in related developments such as calls for reform of the EU-U.S. Safe Harbor. U.S.-based lobbyists have descended in hordes on the EU institutions; U.S. government representatives travel to Brussels to lobby the EU, and U.S. authors publish articles and papers on complex issues of EU law. Brussels has become the center of the global privacy world.

This causes us in Europe to wonder: Why doesn’t the U.S. work as hard to improve its own privacy law as it does to lobby for changes in the EU?

More from Christopher Kuner