ICT for growth: a targeted approach. Bruegel Policy Contribution 2012/10, June 2012

This Policy Contribution assesses the broad obstacles hampering ICT-led growth in Europe and identifies the main areas in which policy could unlock the greatest value. We review estimates of the value that could be generated through take-up of various technologies and carry out a broad matching with policy areas. According to the literature survey and the collected estimates, the areas in which the right policies could unlock the greatest ICT-led growth are product and labour market regulations and the European Single Market. These areas should be reformed to make European markets more flexible and competitive. This would promote wider adoption of modern data-driven organisational and management practices thereby helping to close the productivity gap between the United States and the European Union. Gains could also be made in the areas of privacy, data security, intellectual property and liability pertaining to the digital economy, especially cloud computing, and next generation network infrastructure investment. Standardisation and spectrum allocation issues are found to be important, though to a lesser degree. Strong complementarities between the analysed technologies suggest, however, that policymakers need to deal with all of the identified obstacles in order to fully realise the potential of ICT to spur long-term growth beyond the partial gains that we report.

Mass Surveillance of Personal Data by EU Member States and its Compatibility with EU Law. CEPS Liberty and Security in Europe No. 61, 6 November 2013

In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this paper assesses the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands. Given the large-scale nature of these practices, which represent a reconfiguration of traditional intelligence gathering, the paper contends that an analysis of European surveillance programmes cannot be reduced to a question of the balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy. It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations. The paper argues that these programmes do not stand outside the realm of EU intervention but can be analysed from an EU law perspective via i) an understanding of national security in a democratic rule of law framework where fundamental human rights and judicial oversight constitute key norms; ii) the risks posed to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners and iii) the potential spillover into the activities and responsibilities of EU agencies. The paper then presents a set of policy recommendations to the European Parliament.

The Political and Judicial Life of Metadata: Digital Rights Ireland and the Trail of the Data Retention Directive. CEPS Paper in Liberty and Security No. 65, May 2014

This paper examines the challenges facing the EU regarding data retention, particularly in the aftermath of the judgment Digital Rights Ireland by the Court of Justice of the European Union (CJEU) of April 2014, which found the Data Retention Directive 2002/58 to be invalid. It first offers a brief historical account of the Data Retention Directive and then moves to a detailed assessment of what the judgment means for determining the lawfulness of data retention from the perspective of the EU Charter of Fundamental Rights: what is wrong with the Data Retention Directive and how would it need to be changed to comply with the right to respect for privacy? The paper also looks at the responses to the judgment from the European institutions and elsewhere, and presents a set of policy suggestions to the European institutions on the way forward. It is argued here that one of the main issues underlying the Digital Rights Ireland judgment has been the role of fundamental rights in the EU legal order, and in particular the extent to which the retention of metadata for law enforcement purposes is consistent with EU citizens’ right to respect for privacy and to data protection. The paper offers three main recommendations to EU policy-makers: first, to give priority to a full and independent evaluation of the value of the data retention directive; second, to assess the judgment’s implications for other large EU information systems and proposals that provide for the mass collection of metadata from innocent persons, in the EU; and third, to adopt without delay the proposal for Directive COM(2012)10 dealing with data protection in the fields of police and judicial cooperation in criminal matters.

‘Wrong number?’ The Use and Misuse of Asylum Data in the European Union. CEPS Paper in Liberty and Security in Europe No. 69/December 2014

The Common European Asylum System (CEAS) is an EU policy area that is particularly evocative of the ‘politics of numbers’. The European Union has at its disposal a wide array of sources providing detailed information about the capacities and pressures of its member states’ asylum systems. This paper discusses the content of asylum data and the evolving interaction between its different sources, ranging from the United Nations High Commissioner for Refugees to the European Commission’s EUROSTAT and DG HOME, the European Asylum Support Office, FRONTEX, the European Migration Network (EMN) and national databases. However, the way in which such data are often misused, or even omitted, in political debate affects the soundness of policy decisions in the CEAS. Drawing on debates over the contested phenomenon of ‘asylum shopping’ and the exemption of victims of torture and unaccompanied minors from accelerated and border procedures in the recast asylum procedures Directive, this briefing paper argues that solid data-based evidence is often absent from political negotiations on CEAS measures affecting refugees and asylum-seekers.

Safe Harbour or into the storm? EU-US data transfers after the Schrems judgment. Liberty and security in Europe No. 85/November 2015

In its recent Schrems judgment the Luxembourg Court annulled Commission Decision 2000/520 according to which US data protection rules are sufficient to satisfy EU privacy rules regarding EU-US transfers of personal data, otherwise known as the ‘Safe Harbour’ framework. What does this judgment mean and what are its main implications for EU-US data transfers? In this paper the authors find that this landmark judgment sends a strong message to EU and US policy-makers about the need to ensure clear rules governing data transfers, so that people whose personal data is transferred to third countries have sufficient legal guarantees. Without such rules there is legal uncertainty and mistrust. Any future arrangement for the transatlantic transfer of data will therefore need to be firmly anchored in a framework of protection commensurate to the EU Charter of Fundamental Rights and the EU data protection architecture.

Migration and Asylum Data for Policy-making in the European Union – The problem with numbers. CEPS Liberty and Security in Europe No. 89/March 2016

Among many other problems, the migration, humanitarian and policy crises in the European Union in 2015 and early 2016 have highlighted a pressing need for reliable, timely and comparable statistical data on migration, asylum and arrivals at national borders. In this fast-moving policy field, data production and the timeliness of dissemination have seen some improvements but the sources of data remain largely unchanged at national level. In this paper the author examines the reasons for some of the problems with the data for policy and for public discussion, and makes a set of recommendations that call for a complete and updated inventory of data sources and for an evaluation of the quality of data used for policy-making.

La protection des données à caractère personnel dans le cadre des activités d’une mission civile de gestion de crise ou la recherche de « l’inaccessible étoile » ? Data Protection within the context of one ESDP Mission - The search for the unreachable star

La question de la protection des données à caractère personnel posée dans le cadre des activités d’assistance et de soutien des missions civiles de gestion de crise ne semble guère avoir suscité l’intérêt des instances en charge de leur gestion et ce en dépit de son importance majeure au regard des tâches exécutées quotidiennement par les agents de ces missions dans le domaine de la coopération policière et judiciaire en matière pénale. S’appuyant sur une expérience de terrain, l’auteur s’efforcera, dans ces lignes, de démontrer la nécessité d’entamer une réflexion de fond sur ce sujet afin, le cas échéant, de prendre les initiatives utiles destinées à porter remède aux difficultés qui, en ce domaine, pourraient apparaître.