David Barnard-Wills, The technology foresight activities of European Union data protection authorities, Technological Forecasting and Social Change, October 2016. LINK
David Barnard-Wills, Cristina Pauner Chulvi and Paul De Hert, Data protection authority perspectives on the impact of data protection reform on cooperation in the EU, Computer Law and Security Review, Vol. 32, No. 4, August 2016, pp. 587–598. LINK
Dariusz Kloza, Opinion for the Council of Europe for the 37th Bureau meeting of the Consultative Committee of the Convention for the Protection of individuals with regard to automatic processing of personal data (T-PD-BUR) on the compatibility of the Global Cross Border Enforcement Cooperation Arrangement (Mauritius Arrangement) with the said Convention, Council of Europe, Directorate General of Human Rights and Rule of Law, T-PD-BUR(2016)04, Strasbourg, 28 June 2016. LINK
Antonella Galetta and Dariusz Kloza, Cooperation Among Data Privacy Supervisory Authorities: Lessons from Parallel European Mechanisms,
in: Erich Schweighofer, Franz Kummer, Walter Hötzendorfer, Georg Borges (Hrsg./Eds.) Netzwerke/Networks. Tagungsband des 19. Internationalen Rechtsinformatik Symposions IRIS 2016, Österreichische Computer Gesellschaft, Wien 2016, pp. 495-498. LINK
Cross-border cooperation among supervisory authorities in data privacy law needs to be strengthened due to expectations and hopes vested therein as well as to cope with the contemporary challenges of digitalized and globalized world. The quest for solutions habitually stays within the domain of data privacy law, but the notion of cooperation has been present also in other legal areas. A comparative analysis of parallel cooperation mechanisms, which have already achieved relative maturity, efficiency and success, offers lessons for overcoming inefficiencies in cooperation in data privacy law.
Paul De Hert, Dariusz Kloza and Paweł Makowski (eds.),
Enforcing privacy: lessons from current implementations and perspectives for the future,
Wydawnictwo Sejmowe, Warszawa, 2015. DOWNLOAD
“It will be a truism to state that globalisation and recent rapid development of information and communications technologies have resulted in increased trans-border personal data transfers and – at the same time – in the elevation of corresponding risks. This phenomenon both has placed the governance of privacy and personal data protection at the international level and has made data privacy violations with cross-border implications much more frequent. As a result, there grew a critical need for stronger, more enhanced and more efficient cross-border cooperation between relevant supervisory authorities, i.e. between those public bodies that are tasked with “the day-to-day protection of data privacy”, on whose shoulders “lies the main burden of effective protection”.
The status quo of such cooperation leaves much to be desired. Nowadays – to ensure an appropriate level of protection of privacy and personal data and to investigate and prosecute violations, should they occur – these supervisory authorities face constraints by way of human and/or budgetary shortages, practical, institutional and legislative set-ups and similar factors. Often, due to the lack of cooperation and coordination, these resource-constrained authorities may also investigate the same privacy issue, which is, in effect, a duplication of effort.
For these reasons, policy-makers, authorities themselves and academics – since as early as 2000s – became preoccupied with diagnosing the problem and with the quest for solutions. […]
The PHAEDRA research project, or “Improving Practical and Helpful cooperAtion betweEn Data Protection Authorities” (2013–2015), co-funded by the EU under its Fundamental Rights and Citizenship Programme, has been aimed precisely to contribute to this debate. […]
This book is composed of selected interventions made at the final conference of the PHAEDRA project, held on 12 December 2014 in Kraków, Poland. These contributions are preceded by invited comments written by the experts in the field. Each of these papers – in one way or another touching upon various aspects of cooperation between supervisory authorities – contributes to the unambiguous conclusion that the efficiency of such cooperation is an essential element of the effective protection of the fundamental rights to privacy and personal data protection.” – from Introduction by the editors
Table of Contents
- Opening letter from Edyta Bielak-Jomaa, Inspector General for Personal Data Protection
- Wojciech R. Wiewiórowski, Foreword: European and international cooperation in enforcing privacy – expectations and solutions for a reinforced cooperation
- Paul De Hert, Dariusz Kloza and Paweł Makowski, Introduction
- Blair Stewart, On PHAEDRA’s final recommendations: A few “helpful” tips on how “practical” progress can best be made in enforcement cooperation
- David Wright and Kush Wadhwa, Cooperation and coordination viewed by supervisory authorities themselves: results of PHAEDRA surveys
- Paul De Hert and Auke Willems, Dealing with overlapping jurisdictions and requests for mutual legal assistance while respecting individual rights. What can data protection law learn from cooperation in criminal justice matters?
- Dariusz Kloza and Antonella Galetta, Towards efficient cooperation between supervisory authorities in the area of data privacy law
- Endre Győző Szabó, The Weltimmo case in light of the future one-stop-shop regime
- Marek Múčka, Biometrics in the context of different legal approaches
- Dimitar Gjeorgievski, Institutional experience from international cooperation and joint investigation
- Lahoussine Aniss, Cooperation between data protection authorities: the Moroccan experience
Dariusz Kloza and Antonella Galetta, “Towards efficient cooperation between supervisory authorities in the area of data privacy law“, Brussels Privacy Hub Working Papers, Vol. 1, No. 3, October 2015, pp. 1-25. LINK
As research conducted in the framework of the PHAEDRA project (Improving Practical and Helpful cooperAtion betweEn Data Protection Authorities, 2013-2015) demonstrated, numerous cross-jurisdictional cooperation initiatives in the area of data privacy have flourished in the recent decades at bilateral, regional, supranational and international levels. However, it was also determined that these initiatives are still too immature to reach their final aim, i.e. the efficient protection of data privacy in matters producing implications in more than one jurisdiction. Therefore, this contribution discusses how to make such cooperation more efficient and how this goal could be achieved. A set of 23 legal and practical recommendations that might help both policy-makers and supervisory authorities overcome contemporary inefficiencies are proposed, including a modest action plan to that end. As a conclusion, a line is drawn between binding and non-binding types of cooperation.
Andra Giurgiu, Gertjan Boulet and Paul De Hert, “EU’s One-Stop-Shop Mechanism: Thinking Transnational“, Privacy Laws & Business, Issue 137, October 2015, pp. 16-18. LINK
David Wright and Paul De Hert (eds.), Enforcing Privacy. Regulatory, Legal and Technological Approaches, Springer, Dordrecht, 2016. LINK
“This book is about enforcing privacy and data protection. It demonstrates different approaches – regulatory, legal and technological – to enforcing privacy.
If regulators do not enforce laws or regulations or codes or do not have the resources, political support or wherewithal to enforce them, they effectively eviscerate and make meaningless such laws or regulations or codes, no matter how laudable or well-intentioned. In some cases, however, the mere existence of such laws or regulations, combined with a credible threat to invoke them, is sufficient for regulatory purposes. But the threat has to be credible. As some of the authors in this book make clear – it is a theme that runs throughout this book – ‘carrots’ and ‘soft law’ need to be backed up by ‘sticks’ and ‘hard law’.
The authors of this book view privacy enforcement as an activity that goes beyond regulatory enforcement, however. In some sense, enforcing privacy is a task that befalls to all of us. Privacy advocates and members of the public can play an important role in combatting the continuing intrusions upon privacy by governments, intelligence agencies and big companies.
Contributors to this book – including regulators, privacy advocates, academics, SMEs, a Member of the European Parliament, lawyers and a technology researcher – share their views in the one and only book on Enforcing Privacy.”
- David Wright and Paul De Hert, “Introduction to Enforcing Privacy”
- Iván Székely, “From a model pupil to a problematic grown-up: Enforcing privacy and data protection in Hungary”
- Hiroshi Miyashita, “Enforcing Privacy with Hard Power and Soft Power in Japan”
- Artemi Rallo Lombarte, “The Spanish experience of enforcing privacy norms: two decades of evolution from sticks to carrots”
- Ana Brian Nougrères, “Data protection and enforcement in Latin America and in Uruguay”
- David Wright, “Results from the PHAEDRA project”
- Dan Jerker B. Svantesson, “Enforcing privacy across different jurisdictions”
- Alexander Dix, “The International Working Group on Data Protection in Telecommunications – contributions to transnational privacy enforcement”
- Wojciech Wiewiórowski, “Interoperability between different national and regional enforcement arrangements as a means of enforcing privacy”
- Chris Connolly and Peter van Dijk, “Enforcement and Reform of the EU-US Safe Harbor”
- Paul De Hert and Gertjan Boulet, “Choosing between administrative and criminal law approaches to enforcing privacy”
- Hazel Grant and Hannah Crowther, “How effective are fines in enforcing privacy?”
- Marc Rotenberg and David Jacobs, “Enforcing Privacy Rights: Class Action Litigation and the Challenge of Cy Pres”
- Kirsten Bock, “Data Protection Certification: Decorative or Effective Instrument? Audit and seals as a way to enforce privacy”
- Daniel Le Métayer, “Whom to trust? Using technology to enforce privacy”
- Blair Stewart, “Cross-border breach notification as a means of enforcing privacy”
- Graham Greenleaf, “Responsive regulation of data privacy: Theory and Asian examples”
- Bob Gellman and Pam Dixon, “Failures of Privacy Self-Regulation in the United States”
- Billy Hawkes, “Data protection enforcement challenges facing smaller DPAs”
- Jacob Kohnstamm, “Getting our act together: European Data Protection Authorities face up to Silicon Valley”
- Jan Philip Albrecht, “Regaining control and sovereignty in the digital age”
- David Wright and Paul De Hert, “Findings and recommendations”
- James Rule, “Envoi: The future of privacy [enforcement] – Will enforcement “save” privacy?”
Rallo Lombarte Artemi, Rosario García Mahamut and Jorge Viguri Cordero, “Cooperación y coordinación entre Autoridades de Protección de Datos” (Cooperation and coordindation between Data Protection Authorities), in Tirant lo Blanch (ed.), Hacia un nuevo derecho europeo de protección de datos (Towards a new European data protection regime), Valencia, 2015. LINK
Kloza Dariusz and Anna Mościbroda, “Making the case for enhanced enforcement cooperation between data protection authorities: insights from competition law”, International Data Privacy Law, 2014, Vol. 4, No. 2, pp. 120-138. LINK
Rallo Lombarte Artemi, “La Protección de la Privacidad en las Redes Sociales de Internet: la Experiencia Canadiense con Facebook, Google y otros” (Law and Social Networks in Canada), in Artemi Rallo Lombarte & Ricard Martínez Martínez (eds.), Derecho y Redes Sociales, 2nd edition, Civitas & Thomson Reuters, 2013, pp. 257-284. LINK
Kloza Dariusz, Anna Moscibroda and Gertjan Boulet, “Improving Co-operation Between Data Protection Authorities: First Lessons from Competition Law”, Jusletter IT. Die Zeitschrift für IT und Recht, published by Weblaw AG, 2013, Issue 20. LINK