New technologies, purposes and applications to process individuals’ personal data are being developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. Against the backdrop of big data applications, we evaluate how the implementation of privacy and data protection rules protect against the short- and long-term effects of contemporary data processing. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches instead of relying on EU data protection law alone to cope with contemporary data processing.

This book compares the results of twenty years of international media assistance in the five countries of the western Balkans. It asks what happens to imported models when they are applied to newly evolving media systems in societies in transition. Albania, Bosnia-Herzegovina, Kosovo, Macedonia, and Serbia undertook a range of media reforms to conform with accession requirements of the European Union and the standards of the Council of Europe, among others. The essays explore the nexus between the democratic transformation of the media and international media assistance in these countries. The cross-national analysis concludes that the effects of international assistance are highly constrained by local contexts. In hindsight it becomes clear that escalating media assistance does not necessarily improve outcomes.

In this chapter we argue that the right to data protection is the posterchild of EU citizenship in the digital era. We start by providing a brief overview of the gradual construction of the right to personal data protection in the EU. We then identify a range of actors who have played a particular role in the building process, including EU citizens themselves. Next, we review the current legal ‘architecture’ of the right to the protection of personal data and discuss whether it could serve as a model for the future development of EU citizenship, notwithstanding remaining challenges at the level of national implementation and public and private compliance with EU rules. Finally, we reflect on the future of the right to data protection, and its contribution to the development of EU citizenship as a legal regime.

The California Consumer Privacy Act (CCPA), slated to enter into force on 1 January 2020, borrows some cutting edge ideas from the EU and others’ privacy regimes while also experimenting with new approaches to data privacy. Importantly, the CCPA envisages an online advertisement market in which business are prevented from “getting high on information,” 1 breaches are promptly notified, and consumers are autonomous participants with the ability to sell their data at will. Where the CCPA breaks new ground is in protecting consumers from retaliation for opting out of the sale of their data. Thus, if it lives up to its potential, the CCPA could catalyse a permanent restructuring of the online data mining business. Our contribution will shed light on the new CCPA and offer some observations in comparing it with EU’s General Data Protection Regulation (GDPR).

Online political microtargeting involves monitoring people’s online behaviour, and using the collected data, sometimes enriched with other data, to show people-targeted political advertisements. Online political microtargeting is widely used in the US; Europe may not be far behind. This paper maps microtargeting’s promises and threats to democracy. For example, microtargeting promises to optimise the match between the electorate’s concerns and political campaigns, and to boost campaign engagement and political participation. But online microtargeting could also threaten democracy. For instance, a political party could, misleadingly, present itself as a different one-issue party to different individuals. And data collection for microtargeting raises privacy concerns. We sketch possibilities for policymakers if they seek to regulate online political microtargeting. We discuss which measures would be possible, while complying with the right to freedom of expression under the European Convention on Human Rights.

At the EU-Japan Summit in July this year the European Union (EU) and Japan have achieved a political agreement in principle on the content of the Japan EU Economic Partnership Agreement. For Japan including data flows in the trade deal with the EU has been an important political goal besides mutual recognition of their privacy laws. The EU is currently not favorably disposed to allow data flows provisions into trade deals. Building a ‘state of the art’ digital economy between Japan and the EU is certainly possible in conformity with their data privacy laws and the classical trade law disciplines. Our brief unpacks how flows of personal data will governed in the relationship between Japan and the EU. As a point of departure we look at the extent to which the prospective trade deal between the two economies would already cover data flows, including personal data. Next, we will take a look at the prospects for a regulatory handshake between Japan and EU providing for mutual recognition of data privacy and flows of personal data. The brief concludes with findings and recommendations on the future directions of Japan EU Economic Partnership Agreement.

Amsterdam / Hong Kong: IViR, 2017.

This report presents and draws on multidisciplinary insights into what characterises effective user control over the collection and use of personal data. User controls arise from the interplay of a number of conditions. These are partly technical but also connected to different aspects of user behaviour, the intricacies of design, as well as the internal and external incentives in privacy governance that exist today. Our review of the state of research underscores that devising effective user controls require close collaboration between different disciplines, clear regulatory guidance and scientifically-backed assessments.

This study, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee, appraises the European Commission’s proposal for an ePrivacy Regulation. The study assesses whether the proposal would ensure that the right to the protection of personal data, the right to respect for private life and communications, and related rights enjoy a high standard of protection. The study also highlights the proposal’s potential benefits and drawbacks more generally.

Algorithmic agents permeate every instant of our online existence. Based on our digital profiles built from the massive surveillance of our digital existence, algorithmic agents rank search results, filter our emails, hide and show news items on social networks feeds, try to guess what products we might buy next for ourselves and for others, what movies we want to watch, and when we might be pregnant. Algorithmic agents select, filter, and recommend products, information, and people; they increasingly customize our physical environments, including the temperature and the mood. Increasingly, algorithmic agents don’t just select from the range of human created alternatives, but also they create. Burgeoning algorithmic agents are capable of providing us with content made just for us, and engage with us through one-of-a-kind, personalized interactions. Studying these algorithmic agents presents a host of methodological, ethical, and logistical challenges. The objectives of our paper are two-fold. The first aim is to describe one possible approach to researching the individual and societal effects of algorithmic recommenders, and to share our experiences with the academic community. The second is to contribute to a more fundamental discussion about the ethical and legal issues of “tracking the trackers”, as well as the costs and trade-offs involved. Our paper will contribute to the discussion on the relative merits, costs and benefits of different approaches to ethically and legally sound research on algorithmic governance. We will argue that besides shedding light on how users interact with algorithmic agents, we also need to be able to understand how different methods of monitoring our algorithmically controlled digital environments compare to each other in terms of costs and benefits. We conclude our article with a number of concrete suggestions for how to address the practical, ethical and legal challenges of researching algorithms and their effects on users and society.

Blogpost at Internet Policy Review: Journal of internet regulation

Speaking notes for a panel debate hosted by MEP Viviane Reding at the European Parliament on 12 October 2016.

Study carried out for the European Commission by Visionary Analytics in cooperation with SQW Limited, Ramboll Management Consulting and with support from the Advisory Board: Dr. K. Irion, M. Ledger, Dr. E. Varney, A. Moledo, Brussels: European Commission, 2016.

The current EU rules on the independence of audiovisual media regulators (Article 30 AVMSD) have little to no impact on the actual performance of regulators, which are under the discretion of MS. […] [E]stablishment of concrete requirements have the largest potential for de facto safeguarding independence of regulators and thus more effective transposition of the AVMSD and the preservation of free and pluralistic media.

Prepublication version of the article.

The article focuses on the interplay between European Union (EU) law on privacy and data protection and international trade law, in particular the General Agreement on Trade in Services (GATS) and the WTO dispute settlement system. The argument distinguishes between the effects of international trade law in the EU legal order on the one hand, and, on the other hand, how EU data protection law would fare in a hypothetical challenge under the GATS. The contribution will apply international trade law and the general exception in GATS Article XIV to typical requirements stemming from EU data protection law, especially on transfers of personal data to third countries. The article enumerates the specific legal risks for defending EU law on privacy and data protection and explains the practical implications of its hypothetical challenge under the GATS. These insights could be useful for the EU’s negotiators of the future bi- or multilateral free trade agreements, notably the Transatlantic Trade and Investment Partnership and the Trade in Services Agreement.

Presentation delivered at the public conference organized by the Greens/EFA, 6 April 2016, European Parliament, Brussels.

IRIS Special, European Audvisual Observatory, Strasbourg 2016.
ISBN 9789287182395.
See here for more information and ability to purchase publication.

The structure of this study is built around the following questions:
- What is smart TV?
- How does smart TV compare with other forms of audiovisual media?
- What regulatory frameworks govern smart TV?
- What guidance can be found in selected country-specific case studies?
- What are the dangers associated with the collection, storage and processing of private user information by commercial parties?
- How are relevant regulatory frameworks likely to evolve?

Samsung have warned owners of their smart TVs that the system’s voice recognition could actually be recording and sharing their private conversations. This “bad buzz” comes at a time when Brussels is in the process of adopting new legislation – the General Data Protection Regulation (GDPR) - aimed at protecting us from abuse and misuse of our private data and consumer behaviour big data collected by smart equipment such as television sets. The European Audiovisual Observatory, part of the Council of Europe in Strasbourg, is keeping track of these developments and has published this IRIS Special report entitled "Smart TV and data protection".

This is a joint publication by the Observatory and partner institution, the Dutch Institute for Information Law (IViR in Amsterdam). It inspired an expert workshop organised in Strasbourg December 2015, which looked at “the grey areas between media regulation and data protection”.

In: Festschrift für Wolfhard Kohte, Faber et al (eds.), Baden-Baden: Nomos, forthcoming 2016.

The frequency with which the Court of Justice of the European Union (CJEU) rules on the interpretations of the rights to privacy and data protection in European Union (EU) law is constantly accelerating. The increasing case-load can certainly be attributed to the contemporary relevance of these issues in a data-driven society which leads to more cases being referred to the CJEU. However, contrary to earlier case-law, which had a rather limited effect, the recent CJEU decisions have gained prominence for their principle contribution to EU law. In 2014, the Court issued a landmark ruling in the case <em>Digital Rights Ireland and Seitlinger v Minister for Communications, Marine and Natural Resources</em> which catapulted EU citizens’ privacy and data protection rights from the margins of EU law to the center stage. Already in 2015, in the case <em>Maximillian Schrems v Data Protection Commissioner</em>, the Court has had another occasion to review EU legislation for its compliance with the rights to privacy and data protection under the EU Charter. The invalidation of the EU-U.S. Safe Harbour agreement by the Court has been stirring a global resonance in addition to receiving ample and arguably controversial coverage in international news.

This contribution looks at how the fundamental rights to privacy and data protection are protected in the EU legal order. It primarily assesses the CJEU’s case-law’s trajectory in this field as well as the impact of its decision practice in EU law. Hereby I discuss whether the CJEU holds a particular regard for the rights to privacy and data protection since the Charter of Fundamental Rights of the EU (CFR) was accorded binding legal value in 2009.5 Particular focus is given to the discussion of the two judgments in 2014 and 2015 cited above with which the Court underscored its determination to effectively protect these fundamental rights in the scope of EU law.

Study commissioned by the Council of Europe, Amsterdam/Edinburgh/Tirana, August 2015.

Comment in Internet Policy Review, 23 October 2015.

DOI: <a href="http://dx.doi.org/10.1108/info-07-2015-0038">http://dx.doi.org/10.1108/info-07-2015-0038</a>

At the time of writing I am at the Computer Privacy and Data Protection Conference, for insiders just CPDP 2015, one of several mega-events with more than 1,000 participants from governments, European Union (EU) institutions, corporations, civil society and privacy advocates, and plenty of lawyers and academics just like me. This is emblematic of the transformation privacy and data protection have undergone from a somewhat dull area of law to a very visible cutting-edge legal expertise.

In Digital Rights Ireland, the Court of Justice invalidated the 2006 Data Retention Directive, which required private providers to retain for a considerable period electronic communication metadata for law enforcement purposes. In this landmark ruling, the EU judiciary introduced a strict scrutiny test for EU legislative acts that interfere seriously with important rights protected by the Charter of Fundamental Rights and the European Convention on Human Rights—in this case, the rights to privacy and data protection—and applied a rigorous assessment of the proportionality of the measure under the Charter, criticising numerous aspects of the Directive. This article presents and analyses the judgment, discussing its implications for constitutional review and constitutionalism in the European Union, and the substantive and procedural constraints that it imposes on EU and national data retention schemes. It concludes by reflecting on the ruling’s impact on European integration and data related policies.

Study commissioned by the Council of Europe, October 2014.

Pre-publication version also available at SSRN.

International media assistance programs accompanied the democratic media transition in Albania, Bosnia and Herzegovina, Kosovo, Macedonia and Serbia with varying intensity. These countries untertook a range of media reforms to conform with accession requirements of the European Union (EU) and the standards of the Council of Europe, among others. This article explores the nexus between the democratic transformation of the media and international media assistance (IMA) as constrained by the local political conditions in the five countries of the Western Balkans. It aims to enhance the understanding of conditions and factors that influence media institution building in the region and evaluates the role of international assistance programs and conditionality mechanisms herein.

The cross-national analysis concludes that the effects of IMA are highly constrained by the local context. A decade of IMA of varying intensity is not sufficient to construct media institutions when, in order to function properly, they have to outperform their local context. From today’s vantage point it becomes obvious, that in the short-term scaling-up IMA does not necessarily improve outcomes. The experiences in the region suggest that imported solutions have not been sufficiently cognitive of all aspects of local conditions and international strategies have tended to be rather schematic and have lacked strategic approaches to promote media policy stability, credible media reform and implementation. To a certain extent, the loss of IMA effectiveness is also self-inflicted.

Pre-publication.<br /> In: E. Psychogiopoulou (ed.), <em>Cultural Governance and the European Union</em>, Houndmills and New York: Palgrave MacMillan 2015 in press.<br /> Also available at SSRN: <a href="http://ssrn.com/abstract=2529044" target="_blank">http://ssrn.com/abstract=2529044</a>

Cultural diversity is a multifaceted concept that differs from the notion of media pluralism. However, the two concepts share important concerns particularly as regards content production, content distribution and access to content. This chapter considers the EU’s role in contributing to diverse audiovisual and online content and assesses its limits.<br /> Although a signatory of the UNESCO Convention on the Protection and Promotion of the Diversity of Cultural Expressions, the ability of the EU to foster cultural diversity in the digital environment is confined on account of its constrained competences in the field of audiovisual media and online content. Notwithstanding, the EU develops a number of substantive policies that benefit the creation and circulation of cultural content either in an explicit or in an implicit manner. Following a value-chain approach, this chapter discusses the complementary role of various EU sectoral regulations towards this aim. The analysis focuses on the Audiovisual Media Services (AVMS) Directive (Directive 2007/65/EC – 2010/13/EU) and various aspects of the EU regulatory framework for electronic communications, particularly in relation to non-discriminatory access to bottlenecks in the distribution infrastructure and online platforms.<br /> The chapter advances the argument that existing EU policies have an important role to play for ensuring the free circulation of, and access to, cultural content. At the same time, aside from the cultural quotas in the above mentioned AVMS Directive, EU activity is less prominent in the field of content production. The analysis concludes by stressing the complexity of promoting cultural diversity in light of both cultural content supply and demand considerations. It also emphasises the importance of emerging policy issues, in particular net neutrality and findability.

Blogpost on LSE Media Policy Project, published on 30 April 2014.

Working paper

prepublication