Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

Who’s that?

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 1

Data protection – a history in 2 minutes

France, Germany, Denmark 1970s; Germany’s Volkszaehlung 1980s

Data protection in the EU – another minute

Data Protection and the Single market – the EC Directive

Data Protection in the Third Pillar – leading to the Framework Decision

Lisbon Treaty: the end of the pillars BUT:

Art. 39 TEU derogates from Art. 16 TEU: no guaranteed protection in the CSFP

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 2

The main challenges

• Technical developments: a global “data tsunami”

• Social-legal developments: preventing bad things

(terrorism, organised crime, paedophilia, but also obesity, teenage

pregnancies, “not fulfilling your potential” - UK in particular)

• Faith in the computer (“profiles”, algorithms and the “base-rate fallacy”)

 

 

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 3

What is being challenged?

• Democratic values

 • European human rights values: ECHR/Charter

 • European law primacy (the solange issue)

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 3

Fine words in the Stockholm Programme• The Union must secure a comprehensive strategy to protect data within the EU and in its relations with other countries.

In that context, it should promote the application of the principles set out in relevant EU instruments on data protection and the 1981 Council of Europe Convention on data protection as well as promoting accession to that convention. It must also foresee and regulate the circumstances in which interference by public authorities with the exercise of these rights is justified and also apply data protection principles in the private sphere.

• The Union must address the necessity for increased exchange of personal data whilst ensuring the utmost respect for the protection of privacy. The European Council is convinced that the technological developments not only present new challenges to the protection of personal data, but also offer new possibilities to better protect personal data.

• Basic principles such as purpose limitation, proportionality, legitimacy of processing, limits on storage time, security and confidentiality as well as respect for the rights of the individual, control by national independent supervisory authorities, and access to effective judicial redress need to be ensured and a comprehensive protection scheme must be established.

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 5

Others believe the trend is the other direction. This is how a new Statewatch book judges the situation:

“In cold war times, the West espoused liberal democracy and freedom from surveillance and control. It is thus ironic that with the cold war a distant memory — though it only ended less than twenty years ago — the EU and its member states are set on a path which will, in just a few years time, turn it into the most surveilled, monitored region in the world. The wider context for all this is increased state racism (both at the national and EU levels), combined with the emergence of the ‘policing state , engendered by a political and governmental authoritarianism that legitimises itself through the trappings of representative democracy."  

 

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 5

Basic principles especially not reflected in the new CSFP. As the UK House of Lords put it:

“The new data protection provision in the CFSP field is significant because of its possible repercussion on the area of EU home affairs. Article 39 TEU is conspicuously different from Article 16 TFEU as a Treaty basis for data protection measures because it does not govern the activities of the EU institutions and bodies, and excludes oversight by the European Parliament and the Court of Justice. Clarity is needed as to the scope and purpose of Article 39.”

THIS IS A DIRECT THREAT TO UNION LAW IN A CRUCIAL AREA!

 

 

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 5

How to achieve full protection: the basic principles

• ECHR principles, including “law”, “necessity”, “proportionality” and the need to prevent arbitrariness/need for a proper process/right to a remedy

• Data protection principles, including especially “purpose-limitation”

“no-one shall be subjected to a fully-automated decision that significantly affects him”

• The bottom line: “Informatics must serve mankind” (France)

“Respect for human personality” (Germany)

 

 

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 6

We need a comprehensive EU-wide data protection regime,

based on these basic principles – but that will not be easy

We will need political will, also at (Inter-)Governmental level;

strong democratic input (EP, national parliaments, NGOs);

and not least real understanding of the implications and

limitations of new technologies

 

Douwe Korffprofessor of international law

London Metropolitan Universityd.korff@londonmet.ac.uk

Asser Round Table On The Stockholm Programme

DATA PROTECTION IN THE EU AFTER LISBON:

Fundamental Challenges

SLIDE 7

Some references:Douwe Korff & Ian Brown (et al.), Comparative Study on Different Approaches to New Privacy Challenges, in particular in the light of technological

developments (November 2009), report on a study commissioned by the European Commission (to be published shortly)

Douwe Korff & Ian Brown, Privacy and Law Enforcement (2004), study for the UK Information Commissioner, released on as “Striking the Right Balance: Respecting the Privacy of Individuals and Protecting the Public from Crime”: http://www.informationcommissioner.gov.uk/eventual.aspx?id=6840

Protecting the Right to Privacy in the Fight against Terrorism, Issue paper of the Council of Europe Commissioner for Human Rights (2008): http://www.coe.int/t/commissioner/Activities/IPList_en.asp

Martin Scheinin et al., Law and Security – Facing the Dilemmas, EUI (2009), which includes Tuomas Ojanen, Human Rights Dilemmas in Terrorist Profiling:

http://cadmus.eui.eu/dspace/bitstream/1814/12233/3/LAW_2009_11.pdf

Michele Nino, The protection of personal data in the fight against terrorism: New perspectives of PNR European Union instruments in the light of the Treaty of Lisbon, Utrecht Law Review (2010):

http://www.utrechtlawreview.org/publish/articles/000119/article.pdf

House of Lords EU Select Committee, 10 th report, paras. 7-37 to 7-50: http://www.parliament.the-stationery-office.co.uk/pa/ld200708/ldselect/ldeucom/62/6212.htm