Pre-legislative authorisation of interception of communication – a genealogy of the warrant

This archival study of the interception warrant offers a history of a secret governmental practice. Despite the lack of a coherent archival record of interception warrants, some traces remain. They reveal the changing organisational structure in which secret surveillance was operationalised. Moreover, recurrent memos and policy notes reveal the organisational steps taken to preserve official secrecy. Disclosure of material to courts or MPs was prohibited, even as new technologies and changes in administrative law led to the conclusion within the Home Office that the legality of interception was questionable, at best. Anticipating the eventual result in Malone v UK (1985) before the ECtHR, a working party convened by the Home Office sought to design legislation to create an administrative review system that would ensure no complaints were ever heard in public. The results of this study contextualise recent developments in the law in the aftermath of the Snowden disclosures.

Secret Service Access to Metadata in Portugal: The Making of a Constitutional Trilogy?

Last August, the Portuguese Legislative Assembly approved a law that regulates secret service access to telecommunications and internet data (i.e., the identification, localization, and traffic of users of electronic communications services in the following situations: national defense; prevention of sabotage; espionage; terrorism; proliferation of weapons of mass destruction; highly organized crime). Consequently, access is restricted and subject to certain conditions, including judicial control. The legislation in question constitutes the second attempt by Parliament to regulate this matter. The first law was declared to be unconstitutional by the Portuguese Constitutional Court. This second attempt seeks to resolve the constitutional questions that were raised in that decision. However, a constitutional challenge against the new law has been filed. Therefore, a third law or a constitutional amendment may be needed in order to balance the fundamental rights to privacy and security.

European constitutional courts towards data retention laws

One of the most commonly applied measures to combat terrorism is a mechanism of telecommunications data retention. Serious doubts regarding its intrusive nature were raised. State authorities being in possession of traffic and location metadata may monitor social behavior of individuals, detect sources (journalism) or political opponents. Our paper explores constitutional limits for legislative interference in privacy and freedom of communication in EU Member States. Data retention law was introduced in the EU by the directive 2006/24/EC. In 2014 the directive was declared invalid by the ECJ. Between 2009 and 2016 data retention laws of 11 EU Member States were declared unconstitutional. We will analyze this case law and assess whether a common European standard for privacy protection in the digital age has been developed. We will also explore whether in times of a constant threat of terrorism and widespread surveillance, privacy is still protectable or whether it still exists at all.

Fundamental Rights and Security in the Digital Era – the Case of Data Retention

In the past decade, European courts have struggled with the challenge of reconciling fundamental rights and security in the digital era. Nowhere has this challenge come to the fore more acutely than in the case of data retention. In its landmark judgment of April 2014 in Digital Rights Ireland, the Court of Justice of the European Union struck down the ill-fated Data Retention Directive. In its subsequent judgment in Tele2 Sverige/Watson, the Court appears to have sounded the death knell for data retention generally. Yet the afterlife of data retention continues to challenge both the courts and legislatures at national and EU levels. This paper argues that, while there is much to admire in the Court of Justice’s robust protection of fundamental rights in its jurisprudence in this field, the case-law also raises unsettling issues about the proper role of the courts and the political organs in this field.

Privacy, Data Protection and National Security: The EU-Canada PNR Agreement Before the CJEU

This analysis examines the balance between the right to privacy and national security, as framed in Opinion 1/15 of the CJEU on the draft agreement between Canada and the European Union dealing with the transfer of PNR data. Moving from this case-study and taking into account previous landmark judgments on personal data (Digital Rights Ireland, Schrems and Tele2 Sverige), this work argues that the CJEU is increasingly managing to take a right-oriented stance, without disregarding actual security needs. In this decision, the CJEU held mass surveillance not incompatible with EU law. Nonetheless, it laid down strict conditions to be respected in order not to impair privacy and data protection. Furthermore, Opinion 1/15 will have two sets of consequences, addressed by this study. First, it will impact on other PNR agreements, both in place (e.g. with the US and Australia) and forthcoming (e.g. with Mexico, Argentina, Japan); second, the EU institutional framework will be affected.

Data and fundamental rights

This presentation provides an overview of the relationship between data and fundamental rights at the current point in time, and directions as to where and how this relationship might continue. At the basis of this relationship are the fundamental rights to privacy and free expression; however with the digital society being more pervasive, other fundamental rights, including freedom from discrimination and labour rights are now implicated by data. The role of private actors is prominent in discussions on data and fundamental rights given their key role in providing data infrastructure and services, in ways which may infringe users’ fundamental rights. These topics will be explained before concluding with an outline of some possible future developments for data and fundamental rights.