Gemeentelijke grip op private sensorgegevens: Juridisch kader voor het gemeentelijke handelingsperspectief bij de verwerking van private sensorgegevens in de openbare ruimte

On 16 July 2020 the Court of Justice of the European Union (CJEU) composed as Grand Chamber delivered its landmark ruling Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (case C-311/18, “Schrems II”). The focus of my commentary will be on the aspect that EU law on cross-border transfers of personal data to a third country is not deferential to national security powers of that third country. This judgment is remarkable provided that electronic surveillance conducted by Member States’ intelligence authorities for the purpose of national security is off limits for EU law and that exceptions in international agreement are fairly regularly made for national security. This contribution will deal with the embedded assessment of a third country’s national security powers under the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and will address the criticism that a third country is held to stricter standards than a Member State of the Union.

Links

https://europeanlawblog.eu/2020/07/24/schrems-ii-and-surveillance-third-countries-national-security-powers-in-the-purview-of-eu-law/

adequacy decision, C-311/18, Charter of Fundamental Rights, Facebook, frontpage, GDPR, General Data Protection Regulation, national security, Privacy Shield, Schrems II, Standard Contractual Clauses, Surveillance, united states

Bibtex

Online publication{Irion2020c,
	title = {Schrems II and Surveillance: Third Countries’ National Security Powers in the Purview of EU Law, European Law Blog},
	author = {Irion, K.},
	url = {https://europeanlawblog.eu/2020/07/24/schrems-ii-and-surveillance-third-countries-national-security-powers-in-the-purview-of-eu-law/},
	year = {0724},
	date = {2020-07-24},
	abstract = {On 16 July 2020 the Court of Justice of the European Union (CJEU) composed as Grand Chamber delivered its landmark ruling Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (case C-311/18, “Schrems II”). The focus of my commentary will be on the aspect that EU law on cross-border transfers of personal data to a third country is not deferential to national security powers of that third country. This judgment is remarkable provided that electronic surveillance conducted by Member States’ intelligence authorities for the purpose of national security is off limits for EU law and that exceptions in international agreement are fairly regularly made for national security. This contribution will deal with the embedded assessment of a third country’s national security powers under the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and will address the criticism that a third country is held to stricter standards than a Member State of the Union.},
	keywords = {adequacy decision, C-311/18, Charter of Fundamental Rights, Facebook, frontpage, GDPR, General Data Protection Regulation, national security, Privacy Shield, Schrems II, Standard Contractual Clauses, Surveillance, united states},
}

Geen Spelen of verkiezingen zonder digitale oorlogsvoering external link

Arnbak, A.

Het Financieele Dagblad, vol. 2018, 2018

Links

https://axelarnbak.nl/2018/03/25/45e-fd-column-geen-spelen-of-verkiezingen-zonder-digitale-oorlogsvoering/

China, cybersecurity, ddos, digitale oorlogsvoering, hacking, informatierect, Surveillance

Bibtex

Het kabinet past bescheidenheid bij uitvoering van de inlichtingenwet external link

Arnbak, A.

Het Financieele Dagblad, vol. 2018, 2018

Links

https://axelarnbak.nl/2018/03/25/46e-fd-column-het-kabinet-past-bescheidenheid-bij-uitvoering-van-de-inlichtingenwet/

Data protection, ECHR, frontpage, overheid, referendum, Surveillance, Wet op de inlichtingen- en veiligheidsdiensten (Wiv), wiretapping

Bibtex

Geheime surveillance en opsporing: Richtsnoeren voor de inrichting van wetgeving external link

Eskens, S., van Daalen, O. & van Eijk, N.

2016

Links

http://www.ivir.nl/publicaties/download/Geheime-surveillance-en-opsporing.pdf

frontpage, hacken, Informatierecht, opsporing, richtsnoeren, Surveillance, Telecommunicatierecht, toezicht, wetgeving

Bibtex

10 Standards for Oversight and Transparency of National Intelligence Services external link

Eskens, S., van Daalen, O. & van Eijk, N.

Journal of National Security Law & Policy, vol. 8, num: 3, pp: 553-594, 2016

Links

http://jnslp.com/2016/07/25/10-standards-oversight-transparency-national-intelligence-services/ https://www.ivir.nl/publicaties/download/JNSLP_2016_3.pdf

European Convention on Human Rights, frontpage, Privacy, Surveillance

Bibtex

New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case external link

Zuiderveen Borgesius, F. & Arnbak, A.

2015

Abstract

This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe to retain metadata of all their customers for intelligence and law enforcement purposes, for a period of up to two years. In the ruling, the Court declared the directive in violation of the human rights to privacy and data protection. The Court also confirmed that the mere collection of metadata interferes with the human right to privacy. In addition, the Court developed three new criteria for assessing the level of data security required from a human rights perspective: security measures should take into account the risk of unlawful access to data, and the data’s quantity and sensitivity. While organizations that campaigned against the directive have welcomed the ruling, we warn for the risk of proceduralization of mass surveillance law. The Court did not fully condemn mass surveillance that relies on metadata, but left open the possibility of mass surveillance if policymakers lay down sufficient procedural safeguards. Such proceduralization brings systematic risks for human rights. Government agencies, with ample resources, can design complicated systems of procedural oversight for mass surveillance – and claim that mass surveillance is lawful, even if it affects millions of innocent people.

Links

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2678860

Data protection, data retention, GCHQ, Grondrechten, metadata, NSA, Privacy, security, Snowden, Surveillance, traffic data

Bibtex

Article{nokey,
	title = {New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case},
	author = {Zuiderveen Borgesius, F. and Arnbak, A.},
	url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2678860},
	year = {1027},
	date = {2015-10-27},
	abstract = {This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe to retain metadata of all their customers for intelligence and law enforcement purposes, for a period of up to two years. In the ruling, the Court declared the directive in violation of the human rights to privacy and data protection. The Court also confirmed that the mere collection of metadata interferes with the human right to privacy. In addition, the Court developed three new criteria for assessing the level of data security required from a human rights perspective: security measures should take into account the risk of unlawful access to data, and the data’s quantity and sensitivity. While organizations that campaigned against the directive have welcomed the ruling, we warn for the risk of proceduralization of mass surveillance law. The Court did not fully condemn mass surveillance that relies on metadata, but left open the possibility of mass surveillance if policymakers lay down sufficient procedural safeguards. Such proceduralization brings systematic risks for human rights. Government agencies, with ample resources, can design complicated systems of procedural oversight for mass surveillance – and claim that mass surveillance is lawful, even if it affects millions of innocent people.},
	keywords = {Data protection, data retention, GCHQ, Grondrechten, metadata, NSA, Privacy, security, Snowden, Surveillance, traffic data},
}

Accountability unchained: Bulk Data Retention, Preemptive Surveillance, and Transatlantic Data Protection external link

Irion, K.

2014

Abstract

The innovations on which today’s Internet proliferated have been a major gift from its founders and the US government to the world. Ever since the rise of the Internet it has attracted utopian ideas of a free and borderless cyberspace, a men-made global commons that serves an international community of users. First commercialization and now the prevalence of state surveillance have significantly depreciated the utopist patina. Internet’s borderless nature which was once heralded to rise above the nation state has actually enabled some states to rise above their borders when engaging in mass surveillance that affects users on a global scale. International human rights law and emerging Internet governance principles have not been authoritative enough to protect users’ privacy and the confidentiality of communications. More or less openly, Western democracies embarked on the path of mass surveillance with the aim to fight crime and defend national security. This chapter’s focus is on the safeguards and accountability of mass surveillance in Europe and the US and how this affects transatlantic relations. It queries whether national systems of checks and balances are still adequate in relation to the growth and the globalization of surveillance capabilities. Lacking safeguards and accountability at the national level can exacerbate in the context of transnational surveillance. It can lead to asymmetries between countries which are precisely at the core of the transatlantic rift over mass surveillance. The chapter concludes with a brief review of proposals how to reduce them.

Links

https://www.ivir.nl/accountability-unchained-kristina-irion_final/

accountability, Democracy, electronic communications, Grondrechten, Privacy, Surveillance

Bibtex

Other{Irion2014,
	title = {Accountability unchained: Bulk Data Retention, Preemptive Surveillance, and Transatlantic Data Protection},
	author = {Irion, K.},
	url = {https://www.ivir.nl/accountability-unchained-kristina-irion_final/},
	year = {1121},
	date = {2014-11-21},
	abstract = {The innovations on which today’s Internet proliferated have been a major gift from its founders and the US government to the world. Ever since the rise of the Internet it has attracted utopian ideas of a free and borderless cyberspace, a men-made global commons that serves an international community of users. First commercialization and now the prevalence of state surveillance have significantly depreciated the utopist patina. Internet’s borderless nature which was once heralded to rise above the nation state has actually enabled some states to rise above their borders when engaging in mass surveillance that affects users on a global scale. International human rights law and emerging Internet governance principles have not been authoritative enough to protect users’ privacy and the confidentiality of communications.

More or less openly, Western democracies embarked on the path of mass surveillance with the aim to fight crime and defend national security. This chapter’s focus is on the safeguards and accountability of mass surveillance in Europe and the US and how this affects transatlantic relations. It queries whether national systems of checks and balances are still adequate in relation to the growth and the globalization of surveillance capabilities. Lacking safeguards and accountability at the national level can exacerbate in the context of transnational surveillance. It can lead to asymmetries between countries which are precisely at the core of the transatlantic rift over mass surveillance. The chapter concludes with a brief review of proposals how to reduce them.},
	keywords = {accountability, Democracy, electronic communications, Grondrechten, Privacy, Surveillance},
}

Deltaplan voor online privacy & beveiliging external link

Arnbak, A.

Het Financieele Dagblad, 2014

Links

https://www.axelarnbak.nl/2014/11/04/derde-column-in-financieele-dagblad-deltaplan-online-privacy-en-beveiliging/

cybersecurity, data retention, ECHR, Grondrechten, hacking, NSA, Privacy, Surveillance, wiretapping