The proposed framework represents a sensible and thoughtful basis to guide the EU’s consideration of legislation to help direct the development of AI applications.
Kenneth Propp teaches European Union law at Georgetown University Law Center, and is a Non-Resident Senior Fellow with the Future Europe Initiative at the Atlantic Council. From 2011-2015 he served as Legal Counselor at the U.S. Mission to the European Union in Brussels, Belgium.
Subscribe to this Lawfare contributor via RSS.
The context and possible implications of Advocate General Henrik Saugmandsgaard Øe’s opinion in Data Protection Commissions v. Facebook Ireland.
As opposition grows in the British Parliament to the nearly 600-page agreement negotiated by Prime Minister Theresa May’s government to withdraw the United Kingdom from the European Union, it’s increasingly clear that the current text will not be the final word. But even if the British government is ignominiously sent back to the negotiating table with Brussels, it would be a mistake to dismiss the behemoth withdrawal agreement, and the accompanying 26-page political declaration on the future U.K.-EU relationship, as headed for the trash heap.
As the United Kingdom approaches the early 2017 start of negotiations on its departure from the European Union, questions are emerging about the future direction of the country’s EU-based data privacy laws. In parallel, the British Parliament is close to completing a comprehensive overhaul and expansion of its controversial surveillance laws. At stake in these two exercises is whether the UK will retain a recognizably European balance between privacy and security, or will move closer in approach to its American cousin.
Brexit: When and How?
Over the past fifteen years, an uneasy trans-Atlantic equilibrium between U.S. law enforcement and security agencies’ collection of personal information, sometimes on a bulk basis, and European privacy protection imperatives has prevailed—even despite Edward Snowden's disclosures. Most notably, beginning in the immediate post-9/11 era, international agreements enabling U.S. access to Europeans’ airline passenger name records (PNR) and international bank transaction data were reached, and have been quietly functioning.
In the years since Edward Snowden claimed that U.S. intelligence agencies were tapping into Europeans’ personal data flowing to the United States through undersea cables, an icy distrust has prevailed between Washington and Brussels on the subject of privacy and security. Tensions reached a new high last fall, when the European Court of Justice (ECJ) invalidated the principal legal mechanism for trans-Atlantic data flows, the U.S.-EU Safe Harbor Framework on protecting personal information in the commercial context.