28 November 2024
The Future of GDPR Enforcement
The ongoing trilogue negotiations on the GDPR procedural regulation aim to address significant enforcement shortcomings. From strengthening complainants' rights to harmonising Data Protection Authorities' discretion and improving cross-border cooperation, these discussions carry major implications for data protection in Europe. This analysis highlights the urgent need for reforms to ensure effective and fair enforcement. Continue reading >>
0
27 November 2024
Die Vorratsdatenspeicherung
Die jüngeren Urteile des EuGHs zur Vorratsdatenspeicherung sind nicht als „kopernikanische Wende“ zu verstehen, in der der EuGH sein Selbstverständnis als Grundrechtsgericht aufgegeben hätte. Sie sind keine autoritär motivierte Abkehr von einer vormals grundrechtsfreundlichen Rechtsprechung. Vielmehr fügen sich die Urteile ein in die komplexe Entwicklung des ursprünglich national geprägten Sicherheitsverfassungsrechts. Diese Einordnung bedarf eines genaueren Blickes. Continue reading >>
0
27 November 2024
Data Retention
The recent judgements of the CJEU on data retention should not be regarded as an authoritarian move towards a less fundamental rights-sensible position of the Court. Rather, the case law adapts the ever more complex development of the constitutional security law, which was originally dominated by the Member States. As a European court, the CJEU cannot simply ban certain police measures but must respect the complexity and heterogeneity of national law enforcement agencies. Continue reading >>
0
26 November 2024
Protecting Victims Without Mass Surveillance
Mass data retention is on the rise. In the current heyday of security packages in Germany, we are now witnessing a “super grand coalition” in favor of mandatory IP address retention. Some are calling for greater protection for victims through data retention. Yet, what one often overlooks is the following: The investigative capacities of law enforcement authorities have never been better, and the digital data pools that can be analyzed have never been larger. Hence, victims must be protected without mass surveillance. Continue reading >>
0
26 November 2024
More Protection for Victims Through Data Retention
Mass data retention is all about proportionality. The threat level determines the proportionality of the means – both of which are subject to the perpetual flux of time. Data retention is intended to protect victims of digital crimes. To protect freedom online, our security services urgently need to be able to access stored IP addresses. The alarming developments in our security situation are calling many certainties from the past into question. This also involves a re-evaluation of traffic data retention. Continue reading >>
0
26 November 2024
Eyes Everywhere
Ten years after its groundbreaking judgment declaring the Data Retention Directive incompatible with the EU Charter, the Full Court significantly eased its previously strict requirements. On 30 April 2024, it issued La Quadrature Du Net II and, for the first time, declared the general and indiscriminate retention of IP addresses permissible for the purpose of fighting general crime. Given the CJEU’s fundamental change of heart, we have gathered a range of scholars to contextualize the judgment and situate it within the broader debate on mass data retention, online surveillance, and anonymity. Continue reading >>
0
14 August 2024
In the Shadows
Recent investigations by Netzpolitik and the German public service broadcaster Bayerischer Rundfunk into the company Datarade have shed light on a part of the digital economy that has so far operated mainly in the background: data trading. The key players in this sector are data brokers, whose business model is to trade in (non-)personal data. Data trading is a multi-billion-dollar component of the global digital economy and not a new phenomenon. This article outlines the legal implications of data trading in the context of the GDPR, the DSA and the AI Act. Continue reading >>
0
19 July 2024
Proximity, Amicable Settlements, and how the EU Guts GDPR Enforcement
The EU legislator is working on a new Regulation to modify the GDPR. Unfortunately, the reform features deeply troubling elements. It seeks to mainstream a controversial Irish approach to dealing with data protection complaints, namely “amicable settlements” between individuals and digital corporations. Further, and rather problematically, the reform foreshadows the end of the principle of proximity. Gutting – or at least eroding – the proximity principle should ring alarm bells for anyone concerned with effective judicial remedies in the EU. Continue reading >>
0
15 April 2024
GDPR Overreach?
After Meta introduced this model for its social networking services Facebook and Instagram in November 2023, several national data protection authorities called on the EDPB to clarify the compatibility of this model with the GDPR. Data protection law is to be used as a lever to prohibit media companies or online service providers from offering a service that is more data-minimalist than the traditional business model. Data protection authorities are therefore faced with the question of whether the GDPR should address "social justice" concerns. Continue reading >>
0
10 April 2024



