The Political and Judicial Life of Metadata: Digital Rights Ireland and the Trail of the Data Retention Directive. CEPS Paper in Liberty and Security No. 65, May 2014

This paper examines the challenges facing the EU regarding data retention, particularly in the aftermath of the judgment Digital Rights Ireland by the Court of Justice of the European Union (CJEU) of April 2014, which found the Data Retention Directive 2002/58 to be invalid. It first offers a brief historical account of the Data Retention Directive and then moves to a detailed assessment of what the judgment means for determining the lawfulness of data retention from the perspective of the EU Charter of Fundamental Rights: what is wrong with the Data Retention Directive and how would it need to be changed to comply with the right to respect for privacy? The paper also looks at the responses to the judgment from the European institutions and elsewhere, and presents a set of policy suggestions to the European institutions on the way forward. It is argued here that one of the main issues underlying the Digital Rights Ireland judgment has been the role of fundamental rights in the EU legal order, and in particular the extent to which the retention of metadata for law enforcement purposes is consistent with EU citizens’ right to respect for privacy and to data protection. The paper offers three main recommendations to EU policy-makers: first, to give priority to a full and independent evaluation of the value of the data retention directive; second, to assess the judgment’s implications for other large EU information systems and proposals that provide for the mass collection of metadata from innocent persons, in the EU; and third, to adopt without delay the proposal for Directive COM(2012)10 dealing with data protection in the fields of police and judicial cooperation in criminal matters.

La protection des données à caractère personnel dans le cadre des activités d’une mission civile de gestion de crise ou la recherche de « l’inaccessible étoile » ? Data Protection within the context of one ESDP Mission - The search for the unreachable star

La question de la protection des données à caractère personnel posée dans le cadre des activités d’assistance et de soutien des missions civiles de gestion de crise ne semble guère avoir suscité l’intérêt des instances en charge de leur gestion et ce en dépit de son importance majeure au regard des tâches exécutées quotidiennement par les agents de ces missions dans le domaine de la coopération policière et judiciaire en matière pénale. S’appuyant sur une expérience de terrain, l’auteur s’efforcera, dans ces lignes, de démontrer la nécessité d’entamer une réflexion de fond sur ce sujet afin, le cas échéant, de prendre les initiatives utiles destinées à porter remède aux difficultés qui, en ce domaine, pourraient apparaître.

Data protection at the cost of economic growth? ECRI Commentary No. 11, 16 November 2012

The Data Protection Regulation proposed by the European Commission contains important elements to facilitate and secure personal data flows within the Single Market. A harmonised level of protection of individual data is an important objective and all stakeholders have generally welcomed this basic principle. However, when putting the regulation proposal in the complex context in which it is to be implemented, some important issues are revealed. The proposal dictates how data is to be used, regardless of the operational context. It is generally thought to have been influenced by concerns over social networking. This approach implies protection of data rather than protection of privacy and can hardly lead to more flexible instruments for global data flows.

Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such.

What drives the European Parliament? The Case of the General Data Protection Regulation. Bruges Political Research Papers 47/2015.

This paper evaluates which factors influence the European Parliament’s decision-making, based on a case study: the 2012 proposal for a General Data Protection Regulation. Following a ‘competitive testing’ approach, six different hypotheses are successively challenged in order to explain why the EP adopted a fundamental rights- oriented position. The first three factors relate to the internal organization of the EP’s work, i.e. the role played by the lead committee, by the rapporteur and by secretariat officials. The last three factors are external-related, i.e. lobbying activities, outside events and institutional considerations. Based on the empirical findings, it is argued that even though the EP’s position is due to a range of various factors, some of them prove to be more relevant than others, in particular the rapporteur and lead committee’s roles. New institutionalism theories also provide a comprehensive explanation for the EP’s willingness to achieve a fundamental rights oriented outcome.