Mass Surveillance of Personal Data by EU Member States and its Compatibility with EU Law. CEPS Liberty and Security in Europe No. 61, 6 November 2013

In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this paper assesses the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands. Given the large-scale nature of these practices, which represent a reconfiguration of traditional intelligence gathering, the paper contends that an analysis of European surveillance programmes cannot be reduced to a question of the balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy. It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations. The paper argues that these programmes do not stand outside the realm of EU intervention but can be analysed from an EU law perspective via i) an understanding of national security in a democratic rule of law framework where fundamental human rights and judicial oversight constitute key norms; ii) the risks posed to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners and iii) the potential spillover into the activities and responsibilities of EU agencies. The paper then presents a set of policy recommendations to the European Parliament.

Why come here if I can go there? Assessing the ‘Attractiveness’ of the EU’s Blue Card Directive for ‘Highly Qualified’ Immigrants. Paper on Liberty and Security in Europe No. 60, 14 October 2013

This paper analyses the attractiveness of the EU’s Blue Card Directive – the flagship of the EU’s labour immigration policy – for so-called ‘highly qualified’ immigrant workers from outside the EU. For this purpose, the paper deconstructs the understanding of ‘attractiveness’ in the Blue Card Directive as shaped by the various EU decision-making actors during the legislative process. It is argued that the Blue Card Directive sets forth minimum standards providing for a common floor – not a common ceiling: the Directive did not, as originally envisaged by the European Commission, create one European highly skilled admission scheme. This raises questions regarding its concrete use. A critical focus is placed on the personal scope of the Blue Card Directive and the level of rights offered, and a first comparative perspective on the implementation of the Directive in five member states is provided.

Nothing personal: The age of ego-diplomacy. EuropEos Commentary No. 7, 17 March 2011

A new EuropEos Commentary laments the decline of diplomacy and the rise of ‘summits’ in recent history as the predominant way of conducting international relations. World leaders are urged to pay more attention to the sound and unimpeded analysis of their ambassadors and professional diplomatic corps whenever possible.

Safe Harbour or into the storm? EU-US data transfers after the Schrems judgment. Liberty and security in Europe No. 85/November 2015

In its recent Schrems judgment the Luxembourg Court annulled Commission Decision 2000/520 according to which US data protection rules are sufficient to satisfy EU privacy rules regarding EU-US transfers of personal data, otherwise known as the ‘Safe Harbour’ framework. What does this judgment mean and what are its main implications for EU-US data transfers? In this paper the authors find that this landmark judgment sends a strong message to EU and US policy-makers about the need to ensure clear rules governing data transfers, so that people whose personal data is transferred to third countries have sufficient legal guarantees. Without such rules there is legal uncertainty and mistrust. Any future arrangement for the transatlantic transfer of data will therefore need to be firmly anchored in a framework of protection commensurate to the EU Charter of Fundamental Rights and the EU data protection architecture.