The Future of the European Security Architecture: A Debate Series

DEBATE

This debate series is dedicated to Ligue des Droits Humains – a case in which the CJEU decided on the fate of the Directive on the use of passenger name record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (in short: PNR Directive). The PNR Directive is one of the first major EU-wide examples of predictive policing – thus not just interesting in itself. Today, the EU security architecture relies on the extensive use of personal data, collected in large-scale, supranational databases, which are rendered interoperable and searchable through modern and potentially self-learning technologies. The CJEU’s ruling interrogates the emergence and gradual consolidation of this new security architecture in Europe.

12 May 2023

Daniel Mügge

Squaring the triangle of fundamental rights concerns

Ex ante, the July 2022 ruling by the Court of Justice of the EU on Passenger Name Records had a very specific scope — the use of passenger name records by government agencies. Upon closer inspection, however, it has important implications for the governance of algorithms more generally. That is true especially for the proposed AI Act, which is currently working its way through the EU institutions. It highlights, ultimately, how national, or in this case European, legal orders may limit the scope for international regulatory harmonization and cooperation.

Christian Thönnes, Niovi Vavoula

Automated predictive threat detection after Ligue des Droits Humains

The Ligue des droits humains ruling regarding automated predictive threat detection has implications for the European Travel Information and Authorisation System (ETIAS) Regulation and the EU Commission’s proposal for a Regulation on combating online child sexual abuse material (CSAM). Both legal instruments entail the use of potentially self-learning algorithms, and are spiritual successors to the PNR Directive (the subject of Ligue des droits humains).

11 May 2023

Chloé Berthélémy

EU Privacy and Public-Private Collaboration

Core state functions, such as law enforcement, are increasingly delegated to private actors. Nowhere is this more apparent than in the development and use of security technologies. This public-private collaboration harbours detrimental consequences for fundamental rights and the rule of law; in particular, for the principle of legality. The policy outcomes which result from this collaboration are not democratically accountable, and allow human rights to be superseded by private, profit-driven interests.

Evelien Brouwer

Challenging Bias and Discrimination in Automated Border Decisions

In Ligue des droits humains, the Court of Justice of the European Union explicitly addresses the fact that the use of AI and self-learning risk models may deprive data subjects of their right to effective judicial protection as enshrined in the Charter. The importance of this judgment cannot be understated for non-EU citizens and at the European borders more generally.

10 May 2023

Amanda Musco Eklund, Magdalena Brewczyńska

Foreseeability and the Rule of Law in Data Protection after the PNR judgment

The rule of law cannot be reconciled with the existence of secret laws, unclear laws and laws which cannot be obeyed. However, this may be difficult to realise in practice, where full transparency is at odds with the legislative goals; where a certain degree of flexibility of rules is necessary to address changing circumstances, in which these rules function; and where a disconnect occurs between the visions of the lawmaker and reality created by modern technologies that are utilized to pursue them. The CJEU's ruling in Lige des droits humains on Passenger Name Record Directive underscores the difficulty of foreseeability of algorithmic measures and the rule of law.

Elspeth Guild, Tamas Molnar

The European Legal Architecture on Security

As the European legal architecture on internal security is being built around large-scale databases, AI tools and other new technologies, the relationship between the public and private sectors has become increasingly complex. We examine one aspect of the Court of Justice of the European Union’s recent judgment in Ligue des droits humains, namely the data protection rules applicable to cooperation between the public and private entities in personal data sharing. The judgment enhances the ‘personal data autonomy’ of individuals and requires public authorities to justify to a high standard any obligations it seeks to place on the private sector to share personal data related, directly or indirectly, to travel by air.

09 May 2023

Thorsten Wetzling

Caution: Safeguards may appear more robust than they are

At a time when the European security architecture is evolving, and when national lawmakers must pay greater attention to an evolving set of common standards and safeguards to prevent disproportionate government access to data, it is essential to shed critical light on their implementation in actual practice. As different as the EU PNR Directive and the German legal framework are, they both include provisions that seek to prevent disproportionate government access and to ensure effective and independent review of data collection and subsequent data processing.

Didier Bigo, Stefan Salomon

Passengers Name Records and Security

The EU Passenger Name Records Directive is based on the logic of preventive security. Th CJEU ruling, Ligue des droits humains, offers an opportunity for national judges to question more radically the idea of generalised preventive security that seeks to anticipate human behaviour through the creation of risk profiles and statistical correlations (instead of causality).

08 May 2023

Janneke Gerards

Machine learning and profiling in the PNR system

Automated processing of personal data, which is what Passenger Name Record data are, can lead to forms of profiling; certain individuals or groups of people are more likely to be excluded based on the transfer of their data than others. In its Passenger Name Record judgment, the CJEU extensively discusses discrimination risks, and it set a number of conditions to prevent them. Unfortunately, not all of its considerations are perfectly clear and some of the solutions the CJEU proposes are not entirely satisfactory.

Christian Thönnes, Niovi Vavoula

Automated predictive threat detection after Ligue des Droits Humains

On 21 June 2022, the Court of Justice of the European Union released its judgment regarding the compatibility of the EU Directive on Passenger Name Record Data with the rights to privacy and personal data protection. Ligue des droits humains has already qualified as a landmark decision, where the Court had the opportunity, among other aspects, to provide comprehensive guidelines on how large-scale predictive policing should take place. The ruling could be used as an inspiration for the legal assessment of various new security law instruments which require automated predictive threat detection instruments.

Christian Thönnes, Stefan Salomon, Elspeth Guild, Evelien Brouwer

The Future of the European Security Architecture: A Debate Series

This debate series is dedicated to Ligue des Droits Humains – a case in which the Court of Justice of the European Union decided on the fate of one of the main drivers of this development: the Directive on on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. The PNR Directive, being one of the first major EU-wide examples of predictive policing, is not just interesting in itself. It exemplifies the emergence and gradual consolidation of a new security architecture in Europe.

Email
GE EN This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. I hereby subscribe to receive information about new articles and services of verfassungsblog.de. I know that I may withdraw my consent at any time. More information in the privacy policy.

Book Versions

Book Versions of Project