Articles for tag: DatenschutzDSGVOMaschinelles LernenPassenger Name Record (PNR)PNRPrivatsphäreSicherheit

Foreseeability and the Rule of Law in Data Protection after the PNR judgment

&

The rule of law cannot be reconciled with the existence of secret laws, unclear laws and laws which cannot be obeyed. However, this may be difficult to realise in practice, where full transparency is at odds with the legislative goals; where a certain degree of flexibility of rules is necessary to address changing circumstances, in which these rules function; and where a disconnect occurs between the visions of the lawmaker and reality created by modern technologies that are utilized to pursue them. The CJEU's ruling in Lige des droits humains on Passenger Name Record Directive underscores the difficulty of foreseeability of algorithmic measures and the rule of law.

10. Mai 2023

, , , , , ,

The European Legal Architecture on Security

As the European legal architecture on internal security is being built around large-scale databases, AI tools and other new technologies, the relationship between the public and private sectors has become increasingly complex. We examine one aspect of the Court of Justice of the European Union’s recent judgment in Ligue des droits humains, namely the data protection rules applicable to cooperation between the public and private entities in personal data sharing. The judgment enhances the ‘personal data autonomy’ of individuals and requires public authorities to justify to a high standard any obligations it seeks to place on the private sector to share personal data related, directly or indirectly, to travel by air.

10. Mai 2023

, , , , , ,

Caution: Safeguards may appear more robust than they are

At a time when the European security architecture is evolving, and when national lawmakers must pay greater attention to an evolving set of common standards and safeguards to prevent disproportionate government access to data, it is essential to shed critical light on their implementation in actual practice. As different as the EU PNR Directive and the German legal framework are, they both include provisions that seek to prevent disproportionate government access and to ensure effective and independent review of data collection and subsequent data processing.

9. Mai 2023

, , , , , ,

Passengers Name Records and Security

&

The EU Passenger Name Records Directive is based on the logic of preventive security. Th CJEU ruling, Ligue des droits humains, offers an opportunity for national judges to question more radically the idea of generalised preventive security that seeks to anticipate human behaviour through the creation of risk profiles and statistical correlations (instead of causality).

9. Mai 2023

, , , , , ,

Machine learning and profiling in the PNR system

Automated processing of personal data, which is what Passenger Name Record data are, can lead to forms of profiling; certain individuals or groups of people are more likely to be excluded based on the transfer of their data than others. In its Passenger Name Record judgment, the CJEU extensively discusses discrimination risks, and it set a number of conditions to prevent them. Unfortunately, not all of its considerations are perfectly clear and some of the solutions the CJEU proposes are not entirely satisfactory.

8. Mai 2023

, , , , , ,

The Future of the European Security Architecture: A Debate Series

This debate series is dedicated to Ligue des Droits Humains – a case in which the Court of Justice of the European Union decided on the fate of one of the main drivers of this development: the Directive on on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. The PNR Directive, being one of the first major EU-wide examples of predictive policing, is not just interesting in itself. It exemplifies the emergence and gradual consolidation of a new security architecture in Europe.

8. Mai 2023

, , ,

Attention Is All You Need

Das Verbot ChatGPTs durch die italienische Datenschutzbehörde bietet Gelegenheit einen Klassiker neu aufzulegen: Eine bahnbrechende, Technologie aus dem Silicon Valley zerschellt am harten Beton des Brüsseler Datenschutzregimes. Während einige technikkritische Stimmen laut applaudieren, prügeln andere auf das vermeintlich innovationsfeindliche Datenschutzrecht ein. Doch gibt ChatGPT tatsächlich Anlass für derart fundamentale datenschutzrechtliche Bedenken im Hinblick auf generative KIs?

14. April 2023

, , ,

The Right to be Forgotten in 2022

On 8 December 2022, the Court of Justice of the European Union delivered its latest landmark judgment on the ‘right to be forgotten’. Despite the largely incremental character, the continuing legal manifestation of the right to erasure/be forgotten/de-referencing raises more fundamental questions on the governance of the datafication of society in the EU.

20. Dezember 2022

,

Nicht genug geärgert für immateriellen Schadensersatz

Die in Art. 82 Abs. 1 DSGVO vorgesehene Ersatzfähigkeit immaterieller Schäden aus DSGVO-Verletzungen sorgt vor den Gerichten der Mitgliedstaaten für beträchtliche Unsicherheiten, was sich in gegenwärtig neun Vorabentscheidungsersuchen an den EuGH zu dieser Thematik äußert. In dem am weitesten fortgeschritten Verfahren wurden am 06.10.2022 die Schlussanträge von General Generalanwalt Sánchez-Bordona veröffentlicht, die bedauerlich wenig zur Debatte beitragen, teils an der Sache vorbei argumentieren und den Gerichten schlicht keine praktikable Lösung zu den gestellten Vorlagefragen liefern.

14. November 2022

, , ,

Compensation for non-material damages under the GDPR

On 6 October 2022, Advocate General Campos Sánchez-Bordona delivered his Opinion in case C‑300/21. At stake is the interpretation of Article 82 of the General Data Protection Regulation, which provides compensation for non-material damages. The Opinion opts for a strict interpretation of this provision, but a broader reading is possible, and even desirable, in light of the GDPR’s objectives and the many barriers impeding effective enforcement of data protection rights.

9. November 2022

,