'Data Protection and Freedom of Information', Chapter 16 in
Pattenden and Sheehan (eds.) The Law of Professional-Client Confidentiality
(2nd ed.) (OUP 2016)
'Beyond Privacy: The Data Protection Implications of the IP
Bill' LSE Law Policy Briefing Papers: SPECIAL ISSUE: The Investigatory Powers
Bill (15/2015)
In an era of digital communications, personal data flows do
not respect national borders. UK residents communicate with friends and
family living outside the UK’s borders while internet communications are
routed all over the world when making their way from our computers and other
connected devices to their final destination. At the same time, there is
increasing public awareness of the dangers caused by mass data collection
and data profiling. The Talk Talk and Ashley Madison data breaches, the
Snowden revelations, the suspension of Safe Harbor data transfers between
the EU and the US and the (misnamed) ‘Right to be Forgotten’ judgment by the
EU Court of Justice (CJEU) have all made news headlines in recent years, and
stakeholders – activists, businesses, policy-makers, the judiciary – are
increasingly aware of the need to take personal data protection seriously. This dual dynamic – the global nature of digital
information flows and the increased awareness of data protection and privacy
issues – poses a challenge for national lawmakers. Any law introduced
influencing the flow of information, such as the proposed Investigatory
Powers Bill (IP Bill), will have effects in other countries beyond the UK,
and will influence where companies outside choose to invest and to develop
their operations. This Briefing Paper will therefore put the IP Bill in its EU law context. It suggests that, beyond privacy, the IP Bill will
jeopardise two aspects of the right to data protection: individual autonomy
and personal data security. In addition to these rights implications, the IP
Bill may also have economic implications by discouraging technology industry
investment in the UK.
click here
for full text [SSRN]
'The Internal and External Constraints of Data Protection on
Competition Law in the EU' LSE Law Society and Economy Working Paper Series,
WPS 25-2015
Personal data has both an economic and a dignitary value. This begs the question
of whether competition law should respect the dual nature of personal data,
given that the regulation of competition is chiefly dictated by economic
concerns. This article addresses that question by mapping the potential
intersections between EU data protection law and competition law. In particular,
it argues that data protection law exercises an internal and an external
constraint on competition law. On the one hand, competition law involves
judgments about ‘normal competition’ and consumer welfare which may require a
normative contribution by data protection law. Using data protection as a
normative benchmark in this way does not depart from the logic of competition
law as data protection still requires a competitive concern hook on which to
hang. Data protection would thus act as an ‘internal constraint’ on competition
law. On the other hand, regardless of such logic, competition authorities are
bound to respect the fundamental right to data protection. This requires them to
restrict the scope of competition law and to guarantee the effectiveness of that
fundamental right. In this way, data protection acts as an ‘external constraint’
on competition law. Recognising these constraints would pave the way for a more
coherent EU law approach to consumer concerns in a digital society.
click here for full text [SSRN]
'Control over personal data in a digital age: Google Spain v
AEPD and Maria Costeja Gonzalez' Modern Law Review (2015) 78 3 pp.522-534
Examines the ECJ ruling in Google Spain SL v Agencia Espanola de Proteccion de Datos (AEPD) (C-131/12) that a search engine was required to remove links to web pages displayed in search results where the processing of the data would be incompatible with Directive 95/46 (Data Protection Directive). Notes that the ECJ's ruling differed from the Advocate General's Opinion. Argues that the description "a right to be forgotten" is misleading.
'The Data Retention Directive is incompatible with the rights
to privacy and data protection and is invalid in its entirety: Digital Rights
Ireland' C.M.L. Rev. 2014, 51(6), pp.1789-1811.
'Deconstructing data protection: the "added-value" of a right
to data protection in the EU legal order' International and Comparative Law
Quarterly (2014) 63 (3) pp.569-597
Article 8 of the EU Charter of Fundamental Rights sets out a right to data protection which sits alongside, and in addition to, the established right to privacy in the Charter. The Charter's inclusion of an independent right to data protection differentiates it from other international human rights documents which treat data protection as a subset of the right to privacy. Its introduction and its relationship with the established right to privacy merit an explanation. This paper explores the relationship between the rights to data protection and privacy. It demonstrates that, to date, the Court of Justice of the European Union (CJEU) has consistently conflated the two rights. However, based on a comparison between the scope of the two rights as well as the protection they offer to individuals whose personal data are processed, it claims that the two rights are distinct. It argues that the right to data protection provides individuals with more rights over more types of data than the right to privacy. It suggests that the enhanced control over personal data provided by the right to data protection serves two purposes: first, it proactively promotes individual personality rights which are threatened by personal data processing and, second, it reduces the power and information asymmetries between individuals and those who process their data. For these reasons, this paper suggests that there ought to be explicit judicial recognition of the distinction between the two rights.
click here for full text via
CUP [ON
CAMPUS]
click here for full text via
CUP [OFF CAMPUS]
'From Market-Making Tool to Fundamental Right: the Role
of the Court of Justice in Data Protection's Identity Crisis', chapter in
Serge Gutwirth et al (eds) European Data Protection: Coming of Age (Springer
2013) pp.59-84
The European Data Protection Directive pursues dual, and potentially conflicting, objectives; it aims to facilitate the establishment of the internal market be enabling the free flow of personal data and to protects fundamental rights. This paper will examine the peculiar relationship between these dual objectives. Its aim is twofold. Firstly, to demonstrate that the ambiguity regarding the relationship between the Directive’s dual objectives could lead to doubts concerning its validity. Secondly, to demonstrate, by reference to the case law of the Court of Justice, that the Directive’s market-making characteristics have played second fiddle to its fundamental rights dimension in recent years; the Court has loosened the Directive’s links to the internal market while placing increasing emphasis on the fundamental rights vocation of data protection. One common theme emerges from the paper; the aims of European Data Protection policy are unclear and as such it is bound to suffer an 'identity crisis'.
'Track[ing] Changes: An Examination of EU Regulation of Online
Behavioural Advertising through a Data Protection Lens' 2011(36) 6 European
Law Review 874-886
This article examines the proportionality, from a data
protection perspective, of the regulatory regime applicable in the
European Union to online behavioural advertising in light of recent
amendments to the E-Privacy Directive. In this regard, first, the
concept of behavioural advertising is explained. Secondly, the relevant
legal framework is set out; particular attention is paid to the changes
to the E-Privacy Directive that now mandate a user “opt-in” for targeted
advertising. Thirdly, the harms to which behavioural advertising may
give rise are outlined in order to facilitate the analysis of whether
the recent changes constitute a proportionate response to these harms.
It will be demonstrated that the European Union's protective regime will
come at a cost for internet users; however, it is in keeping with the
now prominent position of the right to data protection in the European
legal order.
click
here for access via Westlaw [ON CAMPUS]
click
here for access via Westlaw [OFF CAMPUS]
'The extent to which the EC legislature takes into account WTO
obligations - jousting lessons from the European Parliament' (co-authored by
Jacques Bourgeois), chapter in Dashwood and Maresceau (eds.) Law and Practice
of EU External Relations (Cambridge University Press, 2008)
'The ever-longer arm of EC law: the extension of Community
competence into the field of criminal law' 2008 (45)1 Common Market Law
Review 131-158 (co-authored by A. Dawes)
The physical and legal borders of the European Community
have been subject to a large number of changes in recent years. Throughout
this period of transition Member States have sought to ensure that certain
parameters remain unchanged. One such example is the province of Member
States to determine which behaviour to punish by way of criminal sanctions.
However, the recent judgments of the (ECJ) in the Cases C-176/03 and
C-440/05 have changed these parameters by confirming that the European
Community may provide for the imposition of criminal sanctions in certain
policies. This article outlines these judgments and examines their impact,
addressing a number of questions they left open. It also seeks to highlight
the challenges the Community legislature will face should it seek to
integrate criminal sanctions into EC legislation. While the shortfalls of
the 'double text' situation cannot be denied, these flaws result from a
deliberate decision by the Member States to attribute criminal competence to
the EU under the Third Pillar, rather than to the EC under the First Pillar.
It is thus unfortunate that such a consideration was not given greater
weight by either the ECJ in its judgments, or the Commission in its
extensive interpretation of the Court's judgment in Case C-176/03.
click here for full text via Swetwise [ON
CAMPUS]
click here for full text via Swetwise [OFF CAMPUS]
'The application of Article 86(2) EC to measures which do not
fulfil the Altmark criteria; institutionalising incoherence in the legal
framework governing state compensation of public service obligations' 2007 30(1)
World Competition 153-168
'Giving with one hand and taking away with another: A critical
analysis of the Asylum Procedures Directive', Focus article, European Current
Law, August 2006
'Complementing and completing the Common European Asylum
System: a legal analysis of the emerging extraterritorial elements of EU refugee
protection policy' (2006) 31(2) European Law Review 230-250
