Online political microtargeting involves monitoring people’s online behaviour, and using the collected data, sometimes enriched with other data, to show people-targeted political advertisements. Online political microtargeting is widely used in the US; Europe may not be far behind. This paper maps microtargeting’s promises and threats to democracy. For example, microtargeting promises to optimise the match between the electorate’s concerns and political campaigns, and to boost campaign engagement and political participation. But online microtargeting could also threaten democracy. For instance, a political party could, misleadingly, present itself as a different one-issue party to different individuals. And data collection for microtargeting raises privacy concerns. We sketch possibilities for policymakers if they seek to regulate online political microtargeting. We discuss which measures would be possible, while complying with the right to freedom of expression under the European Convention on Human Rights.

At the EU-Japan Summit in July this year the European Union (EU) and Japan have achieved a political agreement in principle on the content of the Japan EU Economic Partnership Agreement. For Japan including data flows in the trade deal with the EU has been an important political goal besides mutual recognition of their privacy laws. The EU is currently not favorably disposed to allow data flows provisions into trade deals. Building a ‘state of the art’ digital economy between Japan and the EU is certainly possible in conformity with their data privacy laws and the classical trade law disciplines. Our brief unpacks how flows of personal data will governed in the relationship between Japan and the EU. As a point of departure we look at the extent to which the prospective trade deal between the two economies would already cover data flows, including personal data. Next, we will take a look at the prospects for a regulatory handshake between Japan and EU providing for mutual recognition of data privacy and flows of personal data. The brief concludes with findings and recommendations on the future directions of Japan EU Economic Partnership Agreement.

Amsterdam / Hong Kong: IViR, 2017.

This report presents and draws on multidisciplinary insights into what characterises effective user control over the collection and use of personal data. User controls arise from the interplay of a number of conditions. These are partly technical but also connected to different aspects of user behaviour, the intricacies of design, as well as the internal and external incentives in privacy governance that exist today. Our review of the state of research underscores that devising effective user controls require close collaboration between different disciplines, clear regulatory guidance and scientifically-backed assessments.

This study, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee, appraises the European Commission’s proposal for an ePrivacy Regulation. The study assesses whether the proposal would ensure that the right to the protection of personal data, the right to respect for private life and communications, and related rights enjoy a high standard of protection. The study also highlights the proposal’s potential benefits and drawbacks more generally.

Algorithmic agents permeate every instant of our online existence. Based on our digital profiles built from the massive surveillance of our digital existence, algorithmic agents rank search results, filter our emails, hide and show news items on social networks feeds, try to guess what products we might buy next for ourselves and for others, what movies we want to watch, and when we might be pregnant. Algorithmic agents select, filter, and recommend products, information, and people; they increasingly customize our physical environments, including the temperature and the mood. Increasingly, algorithmic agents don’t just select from the range of human created alternatives, but also they create. Burgeoning algorithmic agents are capable of providing us with content made just for us, and engage with us through one-of-a-kind, personalized interactions. Studying these algorithmic agents presents a host of methodological, ethical, and logistical challenges. The objectives of our paper are two-fold. The first aim is to describe one possible approach to researching the individual and societal effects of algorithmic recommenders, and to share our experiences with the academic community. The second is to contribute to a more fundamental discussion about the ethical and legal issues of “tracking the trackers”, as well as the costs and trade-offs involved. Our paper will contribute to the discussion on the relative merits, costs and benefits of different approaches to ethically and legally sound research on algorithmic governance. We will argue that besides shedding light on how users interact with algorithmic agents, we also need to be able to understand how different methods of monitoring our algorithmically controlled digital environments compare to each other in terms of costs and benefits. We conclude our article with a number of concrete suggestions for how to address the practical, ethical and legal challenges of researching algorithms and their effects on users and society.

Blogpost at Internet Policy Review: Journal of internet regulation

Speaking notes for a panel debate hosted by MEP Viviane Reding at the European Parliament on 12 October 2016.

Study carried out for the European Commission by Visionary Analytics in cooperation with SQW Limited, Ramboll Management Consulting and with support from the Advisory Board: Dr. K. Irion, M. Ledger, Dr. E. Varney, A. Moledo, Brussels: European Commission, 2016.

The current EU rules on the independence of audiovisual media regulators (Article 30 AVMSD) have little to no impact on the actual performance of regulators, which are under the discretion of MS. […] [E]stablishment of concrete requirements have the largest potential for de facto safeguarding independence of regulators and thus more effective transposition of the AVMSD and the preservation of free and pluralistic media.

Prepublication version of the article.

The article focuses on the interplay between European Union (EU) law on privacy and data protection and international trade law, in particular the General Agreement on Trade in Services (GATS) and the WTO dispute settlement system. The argument distinguishes between the effects of international trade law in the EU legal order on the one hand, and, on the other hand, how EU data protection law would fare in a hypothetical challenge under the GATS. The contribution will apply international trade law and the general exception in GATS Article XIV to typical requirements stemming from EU data protection law, especially on transfers of personal data to third countries. The article enumerates the specific legal risks for defending EU law on privacy and data protection and explains the practical implications of its hypothetical challenge under the GATS. These insights could be useful for the EU’s negotiators of the future bi- or multilateral free trade agreements, notably the Transatlantic Trade and Investment Partnership and the Trade in Services Agreement.

Presentation delivered at the public conference organized by the Greens/EFA, 6 April 2016, European Parliament, Brussels.

IRIS Special, European Audvisual Observatory, Strasbourg 2016.
ISBN 9789287182395.
See here for more information and ability to purchase publication.

The structure of this study is built around the following questions:
- What is smart TV?
- How does smart TV compare with other forms of audiovisual media?
- What regulatory frameworks govern smart TV?
- What guidance can be found in selected country-specific case studies?
- What are the dangers associated with the collection, storage and processing of private user information by commercial parties?
- How are relevant regulatory frameworks likely to evolve?

Samsung have warned owners of their smart TVs that the system’s voice recognition could actually be recording and sharing their private conversations. This “bad buzz” comes at a time when Brussels is in the process of adopting new legislation – the General Data Protection Regulation (GDPR) - aimed at protecting us from abuse and misuse of our private data and consumer behaviour big data collected by smart equipment such as television sets. The European Audiovisual Observatory, part of the Council of Europe in Strasbourg, is keeping track of these developments and has published this IRIS Special report entitled "Smart TV and data protection".

This is a joint publication by the Observatory and partner institution, the Dutch Institute for Information Law (IViR in Amsterdam). It inspired an expert workshop organised in Strasbourg December 2015, which looked at “the grey areas between media regulation and data protection”.

In: Festschrift für Wolfhard Kohte, Faber et al (eds.), Baden-Baden: Nomos, forthcoming 2016.

The frequency with which the Court of Justice of the European Union (CJEU) rules on the interpretations of the rights to privacy and data protection in European Union (EU) law is constantly accelerating. The increasing case-load can certainly be attributed to the contemporary relevance of these issues in a data-driven society which leads to more cases being referred to the CJEU. However, contrary to earlier case-law, which had a rather limited effect, the recent CJEU decisions have gained prominence for their principle contribution to EU law. In 2014, the Court issued a landmark ruling in the case <em>Digital Rights Ireland and Seitlinger v Minister for Communications, Marine and Natural Resources</em> which catapulted EU citizens’ privacy and data protection rights from the margins of EU law to the center stage. Already in 2015, in the case <em>Maximillian Schrems v Data Protection Commissioner</em>, the Court has had another occasion to review EU legislation for its compliance with the rights to privacy and data protection under the EU Charter. The invalidation of the EU-U.S. Safe Harbour agreement by the Court has been stirring a global resonance in addition to receiving ample and arguably controversial coverage in international news.

This contribution looks at how the fundamental rights to privacy and data protection are protected in the EU legal order. It primarily assesses the CJEU’s case-law’s trajectory in this field as well as the impact of its decision practice in EU law. Hereby I discuss whether the CJEU holds a particular regard for the rights to privacy and data protection since the Charter of Fundamental Rights of the EU (CFR) was accorded binding legal value in 2009.5 Particular focus is given to the discussion of the two judgments in 2014 and 2015 cited above with which the Court underscored its determination to effectively protect these fundamental rights in the scope of EU law.

Study commissioned by the Council of Europe, Amsterdam/Edinburgh/Tirana, August 2015.

Comment in Internet Policy Review, 23 October 2015.

At the time of writing I am at the Computer Privacy and Data Protection Conference, for insiders just CPDP 2015, one of several mega-events with more than 1,000 participants from governments, European Union (EU) institutions, corporations, civil society and privacy advocates, and plenty of lawyers and academics just like me. This is emblematic of the transformation privacy and data protection have undergone from a somewhat dull area of law to a very visible cutting-edge legal expertise.

In Digital Rights Ireland, the Court of Justice invalidated the 2006 Data Retention Directive, which required private providers to retain for a considerable period electronic communication metadata for law enforcement purposes. In this landmark ruling, the EU judiciary introduced a strict scrutiny test for EU legislative acts that interfere seriously with important rights protected by the Charter of Fundamental Rights and the European Convention on Human Rights—in this case, the rights to privacy and data protection—and applied a rigorous assessment of the proportionality of the measure under the Charter, criticising numerous aspects of the Directive. This article presents and analyses the judgment, discussing its implications for constitutional review and constitutionalism in the European Union, and the substantive and procedural constraints that it imposes on EU and national data retention schemes. It concludes by reflecting on the ruling’s impact on European integration and data related policies.

Study commissioned by the Council of Europe, October 2014.

Pre-publication version also available at SSRN.

International media assistance programs accompanied the democratic media transition in Albania, Bosnia and Herzegovina, Kosovo, Macedonia and Serbia with varying intensity. These countries untertook a range of media reforms to conform with accession requirements of the European Union (EU) and the standards of the Council of Europe, among others. This article explores the nexus between the democratic transformation of the media and international media assistance (IMA) as constrained by the local political conditions in the five countries of the Western Balkans. It aims to enhance the understanding of conditions and factors that influence media institution building in the region and evaluates the role of international assistance programs and conditionality mechanisms herein.

The cross-national analysis concludes that the effects of IMA are highly constrained by the local context. A decade of IMA of varying intensity is not sufficient to construct media institutions when, in order to function properly, they have to outperform their local context. From today’s vantage point it becomes obvious, that in the short-term scaling-up IMA does not necessarily improve outcomes. The experiences in the region suggest that imported solutions have not been sufficiently cognitive of all aspects of local conditions and international strategies have tended to be rather schematic and have lacked strategic approaches to promote media policy stability, credible media reform and implementation. To a certain extent, the loss of IMA effectiveness is also self-inflicted.

In: M. Rotenberg, J. Horwitz & J. Scott, eds., Visons of Privacy in a Modern Age, New York: New Press, 2015. Also available at SSRN: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2528999. Chapter also available in Chinese: https://www.amazon.cn/%E5%9B%BE%E4%B9%A6/dp/B074JYGR3B

The innovations on which today’s Internet proliferated have been a major gift from its founders and the US government to the world. Ever since the rise of the Internet it has attracted utopian ideas of a free and borderless cyberspace, a men-made global commons that serves an international community of users. First commercialization and now the prevalence of state surveillance have significantly depreciated the utopist patina. Internet’s borderless nature which was once heralded to rise above the nation state has actually enabled some states to rise above their borders when engaging in mass surveillance that affects users on a global scale. International human rights law and emerging Internet governance principles have not been authoritative enough to protect users’ privacy and the confidentiality of communications. More or less openly, Western democracies embarked on the path of mass surveillance with the aim to fight crime and defend national security. Although country specific approaches vary, reflecting political and ideological differences, mass surveillance powers frequently raise issues of constitutional compatibility. Beyond striking the balance between public security and privacy, systemic surveillance carries the potential to erode democracy from the inside. This chapter’s focus is on the safeguards and accountability of mass surveillance in Europe and the US and how this affects transatlantic relations. It queries whether national systems of checks and balances are still adequate in relation to the growth and the globalization of surveillance capabilities. Lacking safeguards and accountability at the national level can exacerbate in the context of transnational surveillance. It can lead to asymmetries between countries which are precisely at the core of the transatlantic rift over mass surveillance. The chapter concludes with a brief review of proposals how to reduce them.

Blogpost on LSE Media Policy Project, published on 30 April 2014.

Working paper

prepublication