25 July 2020
Schrems II – A brief history, an analysis and the way forward
On July 16, 2020, the European Court of Justice (ECJ) invalidated the EU-US Privacy Shield – a framework that regulated Trans-Atlantic data transfers. Further, even though the court upheld the validity of Standard Contractual Clauses (SCC) - an EU-approved template to safeguard EU citizens’ data-transfer, it put forth important qualifications for data controllers to adhere to when using such SCCs. This article analyses the ECJ’s ruling, now known as Schrems II, in three parts. The first section sets the stage for the analysis by providing a brief history of EU-US data-flow arrangements and the developments leading up to Schrems II. The second section analyses the ECJ’s decision in Schrems II and finally, the third section concludes by exploring the implications of the ruling and evaluating the way forward. Continue reading >>
0 
25 July 2020
Diabolical Persistence
As Genna Churches and Monika Zalnieriute wrote here on 16 July, the day on which the Schrems II decision was published, reading the judgment gives more than a simple feeling déjà vu; it rather looks like a full-blown Groundhog Day: One has the impression of being trapped in a time loop that forces us to relive the day – 6 October 2015 – on which the Court of Justice of the European Union (CJEU) adopted Schrems I and invalidated the European Commission’s Safe Harbour Decision (Safe Harbour) adopted on 26 July 2000. More than a week after the Schrems II judgment was adopted, following the hundreds of comments made on the subject, I shall modestly attempt to consider the judgment (and the underlying saga) from two particular viewpoints. Continue reading >>
0
19 July 2020
Undercutting Internet Governance in Brazil
On June 30, 2020, the Brazilian Senate approved Draft Bill No. 2.630 of 2020, also known as “The Fake News Bill”. This bill applies to internet platforms with over 2 million users and seeks to address the warranted concerns presented by the recent spread of online disinformation and defamatory content. As it currently stands, the bill does little to address the individuals and organizations who finance the spread of fake news across social media platforms in Brazil. It also poses threats to user privacy, access to the internet, and freedom of association. Continue reading >>
0
16 July 2020
A Groundhog Day in Brussels
16 July 2020 feels like Groundhog Day in Brussels. For those, who did not see the famous film Groundhog Day, it’s about reliving the same experience again and again until the main protagonist gets ‘why’. Similarly, the much anticipated Schrems II decision, delivered by the Court of Justice of the European Union (CJEU) today, is almost a ‘reliving’ of its earlier decision in Schrems I. How many ‘Schrems’ are we going to have — and who is the protagonist that needs to get ‘why’? Let’s look at it all in more detail. Continue reading >>15 April 2020
Data crossing borders
The cross-border sharing of personal data to combat coronavirus raises questions under the EU General Data Protection Regulation 2016/679 (the GDPR) - two of which will be dealt with here. The first question is whether EU data protection law is flexible enough to allow the international sharing of personal data to fight the pandemic. Secondly, data protection law has traditionally been shaped by pivotal events in history (think of the effect that the reaction to the terrorist attacks of 11 September 2001 had on data protection law), and one can ask what implications the crisis will have on the future development of data transfer regulation. Continue reading >>
0
10 April 2020
Corona and the Absence of a Real Constitutional Debate in Sweden
Despite the horrors of the Corona disease, and indeed in order to combat it efficiently as a society, Sweden requires a robust and healthy constitutional and democratic debate. Corona is a human disaster and the suffering it spreads has yet to be accounted for. It is also an unprecedented challenge to our political and constitutional institutions and our almost nonexistent public discourse. Continue reading >>20 March 2020
Using Location Data to Control the Coronavirus Pandemic
In times of crisis like the Coronavirus pandemic strong and decisive measures to save the lives and livelihoods of people across all parts of the world are needed. There is an increased need for governments to monitor and control the public, which might make it necessary to limit individual freedom. The use of location data to control the coronavirus pandemic can be fruitful and might improve the ability of governments and research institutions to combat the threat more quickly. However, the use of data on such scale has consequences for data protection, privacy and informational self-determination. Continue reading >>25 September 2019
The Judgment That Will Be Forgotten
On September 24 2019, the ECJ delivered its judgment in Google vs CNIL (C-517/17) which was expected to clarify the territorial scope of the ‘right to be forgotten’. In fact, the ECJ’s decision is disappointing in several respects. The Court does not only open the door to fragmentation in European data protection law but also fails to further develop the protection of individual rights in the digital age. Continue reading >>25 June 2019
Where Citizenship Law and Data Protection Law Converge
Becoming a citizen of a country is a noteworthy event. But in light of increasing concerns over the protection of personal data, states face questions regarding the necessity of formal publication of the personal data of their new citizens. A closer look at Member States' practices reveals radical discrepancies between the national approaches taken across the EU. Continue reading >>
0
25 May 2019
Interoperability of Databases and Interstate Trust: a Perilous Combination for Fundamental Rights
On 14 May 2019, the Council adopted two regulations, Regulation 2019/817 and Regulation 2019/818, establishing a framework for the interoperability between EU information systems in the Area of Freedom, Security, and Justice. The new rules on interoperability, upon which the European Parliament agreed in April 2019, will allegedly provide for easier information sharing and ‘considerably improve security in the EU, allow for more efficient checks at external borders, improve detection of multiple identities and help prevent and combat illegal migration’. All this, according to the press release of the Council, ‘while safeguarding fundamental rights’. It is questionable whether this commitment made by the EU legislator is justified. Continue reading >>
0