10 Mai 2023
The European Legal Architecture on Security
As the European legal architecture on internal security is being built around large-scale databases, AI tools and other new technologies, the relationship between the public and private sectors has become increasingly complex. We examine one aspect of the Court of Justice of the European Union’s recent judgment in Ligue des droits humains, namely the data protection rules applicable to cooperation between the public and private entities in personal data sharing. The judgment enhances the ‘personal data autonomy’ of individuals and requires public authorities to justify to a high standard any obligations it seeks to place on the private sector to share personal data related, directly or indirectly, to travel by air. Continue reading >>
0 
09 Mai 2023
Caution: Safeguards may appear more robust than they are
At a time when the European security architecture is evolving, and when national lawmakers must pay greater attention to an evolving set of common standards and safeguards to prevent disproportionate government access to data, it is essential to shed critical light on their implementation in actual practice. As different as the EU PNR Directive and the German legal framework are, they both include provisions that seek to prevent disproportionate government access and to ensure effective and independent review of data collection and subsequent data processing. Continue reading >>
0
09 Mai 2023
Passengers Name Records and Security
The EU Passenger Name Records Directive is based on the logic of preventive security. Th CJEU ruling, Ligue des droits humains, offers an opportunity for national judges to question more radically the idea of generalised preventive security that seeks to anticipate human behaviour through the creation of risk profiles and statistical correlations (instead of causality). Continue reading >>
0
08 Mai 2023
Machine learning and profiling in the PNR system
Automated processing of personal data, which is what Passenger Name Record data are, can lead to forms of profiling; certain individuals or groups of people are more likely to be excluded based on the transfer of their data than others. In its Passenger Name Record judgment, the CJEU extensively discusses discrimination risks, and it set a number of conditions to prevent them. Unfortunately, not all of its considerations are perfectly clear and some of the solutions the CJEU proposes are not entirely satisfactory. Continue reading >>
0
08 Mai 2023
Automated predictive threat detection after Ligue des Droits Humains
On 21 June 2022, the Court of Justice of the European Union released its judgment regarding the compatibility of the EU Directive on Passenger Name Record Data with the rights to privacy and personal data protection. Ligue des droits humains has already qualified as a landmark decision, where the Court had the opportunity, among other aspects, to provide comprehensive guidelines on how large-scale predictive policing should take place. The ruling could be used as an inspiration for the legal assessment of various new security law instruments which require automated predictive threat detection instruments. Continue reading >>
0
08 Mai 2023
The Future of the European Security Architecture: A Debate Series
This debate series is dedicated to Ligue des Droits Humains – a case in which the Court of Justice of the European Union decided on the fate of one of the main drivers of this development: the Directive on on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. The PNR Directive, being one of the first major EU-wide examples of predictive policing, is not just interesting in itself. It exemplifies the emergence and gradual consolidation of a new security architecture in Europe. Continue reading >>
0
14 April 2023
Attention Is All You Need
Das Verbot ChatGPTs durch die italienische Datenschutzbehörde bietet Gelegenheit einen Klassiker neu aufzulegen: Eine bahnbrechende, Technologie aus dem Silicon Valley zerschellt am harten Beton des Brüsseler Datenschutzregimes. Während einige technikkritische Stimmen laut applaudieren, prügeln andere auf das vermeintlich innovationsfeindliche Datenschutzrecht ein. Doch gibt ChatGPT tatsächlich Anlass für derart fundamentale datenschutzrechtliche Bedenken im Hinblick auf generative KIs? Continue reading >>07 April 2023
Squaring the Circle
The Italian Data Protection Authority banned ChatGPT for violating EU data protection law. As training and operating large language models like ChatGPT requires massive amounts of (personal) data, AI's future in Europe, to an extent, hinges upon the GDPR. Continue reading >>20 Dezember 2022
The Right to be Forgotten in 2022
On 8 December 2022, the Court of Justice of the European Union delivered its latest landmark judgment on the ‘right to be forgotten’. Despite the largely incremental character, the continuing legal manifestation of the right to erasure/be forgotten/de-referencing raises more fundamental questions on the governance of the datafication of society in the EU. Continue reading >>
0
09 November 2022