Global Privacy Concerns and Regulation-- Is the United States a World Apart?

The regulatory approach to privacy protection taken by many foreign jurisdictions is markedly different from that of the United States. The European Union (EU) best illustrates the international approach with its comprehensive privacy directive that applies to all EU members. By contrast, the approach regarding data privacy in the United States has been to pass industry-specific laws and often only in response to public outcry over some privacy concern. These fundamental differences have been the source of some conflict in international commercial transacting. Now that the global community is committed to eliminating terrorism, it remains to be seen if these different attitudes toward privacy by the United States and much of the rest of the world will affect global attempts to weed out terrorists. This article discusses the constitutional basis for most US policy approaches to privacy regulation. The article explains how the US constitution is the source for most of the differences between the US and international regulatory approaches to information privacy. Finally, the discussion addresses how new issues regarding privacy in the war on terrorism may be addressed by US Constitutional law.     

Medical data breaches: Notification delayed is notification denied

The EU and the United States have implemented data breach notification rules that cover the health sectors. Nevertheless, data breach incidents involving medical data continue to rise, especially in the US and the UK. The HITECH Act, Pub. L. 111-5 Title XIII is the first federal health breach notification law in the US to be characterized by less government intrusions, while the revised EU Privacy Directive, 2009/136/EC calls for tougher privacy protection for data held by electronic communication providers. While the EU law sets a global de facto standard, the law remains toothless without strong enforcement mechanisms.     

CLOUD act agreements from an EU perspective

For many years, transatlantic cooperation between the EU and the US in the area of personal data exchange has been a subject of special interest on the part of lawmakers, courts – including supranational ones – NGOs and the public. When implementing recent reform of data protection law, the European Union decided to further strengthen guarantees of the protection of privacy in cyberspace. At the same time, however, it faced the practical problem of how to ensure compliance with these principles in relation to third countries. The approach proposed in the GDPR, which is based on a newly-defined territorial scope of application, clearly indicates an attempt to apply EU rules extraterritorially in relation to data processors in third countries.Irrespective of EU activity, the United States has also introduced its own regulations addressing the same problem. An example is the federal law adopted in 2018, specifying how to execute national court orders for the transfer of electronic data. The CLOUD Act was established in response to legal doubts raised in the Microsoft v United States case regarding the transfer of electronic data stored in the cloud by US obliged entities to law enforcement authorities, as well as in cases where this data is physically located in another country and its transfer could result in violating the legal norms of a foreign jurisdiction. The CLOUD Act also facilitates bilateral international agreements that enable the cross-border transfer of e-evidence for the purposes of ongoing criminal proceedings. Both the content of the new regulations and the model proposed by the US legislature for future agreements concluded on the basis of the CLOUD Act can be seen as an alternative to regulations arising from EU law.The purpose of this paper is to analyse the CLOUD Act and CLOUD Act Agreements from the perspective of EU law and, in particular, attempt to answer the question as to whether this new legal mechanism brings the EU and the USA closer to finding common ground with regard to a coherent model of exchange and protection of personal data.     

What Does Free Movement Mean in Theory and Practice in an Enlarged EU?

Abstract The purpose of this article is to review the main challenges to the principle of free movement of persons in theory and practice in an enlarged European Union. The right to move freely represents one of the fundamental freedoms of the internal market as well as an essential political element of the package of rights linked to the very status of EU citizenship. The scope ratione personae and the current state of the principle of free movement of persons is assessed by looking at the most recent case law of the Court of Justice and the recently adopted Directive on the rights of citizens of the Union and their family members to move and reside freely within the territory of the Member States. But what are the hidden and visible obstacles to free movement of persons in Europe? How can these barriers be overcome to make free movement and residence rights more inclusive? This article addresses these issues along with the following questions: Who are the beneficiaries of the free movement of persons in an enlarged Europe? What is the impact of the recent legal developments in the freedom of movement dimension, such as the European Court of Justice case law and the new Directive? And to what extent are pro‐security policies such as the Schengen Information System II and an enhanced interoperability between European databases fully compatible with the freedom of movement paradigm?     

EU Refugee Qualification Directive: a Brave New World?

This article aims to map some of the major implications forasylum–related law in Europe of the Refugee QualificationDirective, which twenty-four EU Member States were requiredto implement by 10 October 2006. It seeks to build on importantstudies of the Directive completed by, among others, Hemme Battjes,in his book European Asylum Law and International Law, Nijhoff2006, and Jane McAdam, in her book Complementary Protectionin International Refugee Law, OUP 2007, albeit it takes a differentview of some key questions. Part 2 deals with the impact of the Directive on the applicationand interpretation of the 1951 Refugee Convention and its 1967Protocol. It is argued that, even read simply as a set of provisionsgiving interpretive guidelines on the application of the RefugeeConvention, it affects many things concerned with refugee eligibility,since these provisions cover key elements of the refugee definition. Part 3 deals with the impact of the Directive on the asylum-relatedhuman rights jurisdiction that currently prevails in Europein one form or another.¹ It is argued that the effect of theDirective is and must be to render Article 3 ECHR protection– or its domestic equivalent – a largely residualcategory, save in exclusion cases. Part 4 addresses to what extent, if at all, the Directive containsmandatory provisions and how, post-implementation, these canbe integrated into the national law of Member States. It isargued that, considered in purely textual terms, the key definitionaland interpretive provisions of the Directive are mostly in mandatoryform. Further, that whilst, by virtue of being a minimum standardsdirective, the Directive allows Member States to introduce orretain more favourable standards (A3), the same article stipulatesthat such standards must be compatible with the Directive. Thatproviso is of some importance given that the Directive’spreamble (at R7) identifies as one objective the avoidance ofsecondary movements. In relation to articles of the Directivewhich specify in mandatory terms how elements of the refugeedefinition are to be applied, Member States cannot be free tointroduce or retain differing standards. Parts 5 and 6 analyse suggested differences, first, betweenthe Directive’s refugee definition and the Refugee Convention(it is argued that the only potential difference of real significanceconcerns the Directive’s rendering of the Article 1F exclusionclauses of the Refugee Convention) and, secondly, between theDirective’s subsidiary protection definition and Article3 ECHR. The extent of symmetry between the new subsidiary protectioncriteria and ECHR protection under Article 3 is explored, inparticular, arguing that, whilst there are three respects inwhich subsidiary protection criteria are narrower (relatingto personal scope; the existence of cessation and exclusionclauses; and limited application to ‘health cases’),there may be limited respects in which it may be broader inscope than Article 3 ECHR. Part 7 examines patterns of implementation in the light of earlyevidence to hand from, for example, the November 2007 UNHCRsurvey of five Member States. The UK is considered as a furtherexample, that of a member state where, despite it being seenas unnecessary to make any substantial changes, the implementingmeasures have required important changes in method of approachand in conceptual language.     

The Patients’ Rights Directive (2011/24/EU) – Providing (some) rights to EU residents seeking healthcare in other Member States

This article presents the main elements of Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare, commonly known as the Patient’s Rights Directive. It is the latest EU initiative with regard to European Health Care and the Single Market. The main elements of the Directive contain provisions related to the prior authorisation of health care in another Member State, the reimbursement of such health care and the removal of unjustified obstacles to achieving these aims.These provisions largely reflect the recent case law of the European Court of the Justice (ECJ). Amongst these are provisions involving the use of personal data. Such provisions will engage data protection issues and will have to be carried out according to the data protection directives. Alongside this primary aim of codifying ECJ case law the Patient’s Rights Directive also introduces novel initiatives aimed at fostering cross border cooperation between various elements of national healthcare systems.Part 1 of this contribution will describe the legal basis and the aims of the PRD, Part 2 will describe the principle obligations placed on the Member States with regard to reimbursement, Parts 3 and 4 will describe other informational and procedural requirements placed upon the Member States of Treatment and Affiliation. Finally Part 5 will outline some of the novel initiatives that have been included in the PRD.The increases in the frequency of cross border-treatment that this directive attempts to facilitate are likely to see a concurrent increase in cross-border patient information flows. Such data flows will be subject to the Union’s provisions on Data Protection. It remains uncertain whether the EU’s Data Protection regime will act as inhibitor to cross-border medical treatment or rather represent a gold standard that allows patients to engage in such activities with peace of mind. The Patient’s Rights Directive will form part of the EU’s future e-Health strategy which envisages a large increase in the fluidity of patient data. A discussion of this directive is therefore merited in this journal.     

欧盟所得税协调与税收非歧视待遇的发展

为了保障共同市场中服务、人员和资本等要素的自由流动,欧盟禁止成员国所得税法采取基于国籍的歧视措施,也禁止成员国税法限制本国国民在共同市场内行使自由流动的权利。欧盟的实践拓展了双边税收协定中的非歧视待遇,是所得税区域性协调的尝试。但是,欧盟现行机制制约了税收非歧视待遇的进一步发展。     

REFLECTIONS ON EU INTERNATIONAL TRADE LAW: AN INTROSPECTIVE VIEW

This article presents three main arguments: First, shared competence exists between the national and supranational levels within the European Union (EU) because EU Member States do not trust the European Commission in the external relations law of the EU. Second, the EU will have greater bargaining power in international negotiations if it speaks in a single voice. Within the EU-27, we have compatible values, overlapping interests, shared goals, as well as economic, social and political ties. Therefore, there is a presumption of collective action in the EU’s external relations. However, EU Member States disagree on many issues before they start negotiations, while trying to define a mission together as partners of the European project. Third, Member States confer specific negotiating powers on the EU only when it is in their own national interest to have a common European position on international negotiations.     

欧美金融隐私保护法律制度比较

欧美金融隐私权保护由于不同隐私保护体系而显得区别很大.欧盟综合性的保护方式为金融隐私权提供了较高的保护水平,但是实践中各国适用并不一致.美国单独立法的方式使得其金融隐私保护错综复杂,市场力量、行业自律也在保护金融隐私方面发挥重要作用.我国金融隐私立法应参照欧美法律和实践两个方面的情况.     

US war on terror EU SWIFT(ly) signs blank cheque on EU data

The EU and the United States signed the Terrorist Finance Tracking Program (also known as SWIFT Agreement) agreement giving the US authorities access to bulk data containing the millions of records in the EU to enable the US authorities to trace financial transactions related to suspected terrorist activity (or to put it bluntly, against US interest). The SWIFT Agreement added some data protection safeguards, but the United States has been found to circumvent the agreement with the aid of the Europol. The EU Commission and the Europol have classified all documents concerning the SWIFT Agreement as secret. EU citizens confront a dark future where unelected EU bureaucrats continue to betray the trust of the people handing out bulk data to “counter terrorism” but at the same time undermining cherished values and violating human right standards and principles.     

Ironies in Human Rights Protection in the EU: Pre-Accession Conditionality and Post-Accession Conundrums

In the wake of the extensive scrutiny of the human rights credentials of the new Member States under the EU pre-accession conditionality, which itself was riddled with paradoxes, this article considers a rather unexpected irony thrown up by the accession of these countries. It is that the post-communist constitutional courts, which have been applauded for vigorous protection of fundamental rights after the fall of the Communist regime that was marked by nihilism to rights, have come rather close to having to downgrade the protection standards after accession, due to the new constraints of supremacy of EC law. The article will consider the sugar market cases of the Hungarian and Czech Constitutional Courts and of the Estonian Supreme Court, which appear to add weight to the concerns that have been voiced in some older Member States about the fundamental rights protection in the EU. Indeed such concerns were recently also addressed in the concurring opinions to the Bosphorus judgment of the European Court of Human Rights.     

Foreign Investors in the EU—Which ‘Best Treatment’? Interactions Between Bilateral Investment Treaties and EU Law

Abstract: This article discusses the main interactions between bilateral investment treaties (BITs) and EU law. The European Commission identified a number of incompatibilities in BITs signed by eight recent Member States with the USA, proposing solutions for their adjustment in conformity with EU law, but was this step sufficient? The risk of disputes remains, as long as the proposed adjustments do not achieve legal force and as long as other BITs still need to be harmonised with EU law. Moreover, provisions in BITs that are not in conflict with EU law could still be challenged if the application of certain EU requirements by Member States interferes with foreign investors' rights. To avoid such risks, coherence between different commitments and practices of the Member States is needed and coordination at the EU level is highly desirable.     

The Cyprus and other EU court rulings on data retention: The Directive as a privacy bomb

This paper discusses the controversy surrounding the Data Retention Directive with an emphasis on the 2011 decision of the Cyprus Supreme Court which has annulled several district court orders that allowed the police access to telecommunications data relating to certain persons relevant to criminal investigations. The annulment has been on the ground that the legal provisions upon which the orders have been issued are unconstitutional. It will suggest that the decision does not entail a direct rejection of the EU Data Retention Directive and that in any event, Cyprus is not a Member State resisting the particular measure. This is because the legal provisions are deemed unconstitutional, though part of the law that has transposed the relevant Directive into national law are provisions that go beyond what the EU legislator intended to regulate through that Directive. Still, the particular Directive sits rather uneasily within the ‘human rights’ regime, in particular the one governing the individual right of privacy.     

Private Damages Actions Under EU Competition Policy: An Exploration of the Ongoing Sea Change in Respect of Such Actions Concerning Articles 101 and 102 TFEU Infringements

The EU has an established history of public enforcement concerning antitrust infringements under what are now Articles 101 and 102 of the Treaty of the Functioning of the European Union (TFEU). Yet, until recently, this has not been true in respect of private compensatory damages actions in relation to the said articles. Hence, these actions are now seen as reinforcing the existing deterrent provided by pubic enforcement fines. This paper focuses upon the ongoing sea change that aims to enable and encourage compensatory damages claims in relation to harm caused by breaches of 101 and 102 TFEU. It reveals that both the Court of Justice of the European Union (CJEU) and the European Commission have played pioneering roles in advancing this sea change. It further asserts that, although the rulings of the CJEU have created a hybrid architecture that makes possible private actions in relation to the said breaches under Member state procedural laws before national courts, the architecture itself is problematic as it fails to guarantee that Member states’ procedural rules have a high degree of uniformity, thereby failing to guarantee a regulatory level playing field across the Union concerning the said damages actions. Moreover, not only is the architecture problematic, but it needed further development in respect of rules and requirements in several key areas, such as the right of evidential disclosure, the limitation period issue, collective redress and the quantification of harm, so as to facilitate and encourage claims. The Commission was aware of these concerns, and this paper explores its response. The issues could have been addressed by the establishment of a set of EU procedural rules which national courts would apply in the said actions but the Commission decided upon a different way forward. Working with the said hybrid architecture, and through the vehicle of the 2014 Directive on certain rules governing actions for damages under national law for infringements of the competition law provisions of the Member States and of the European Union, the Commission has amended and created rules and requirements which will form part of Member states’ domestic procedural law—and therefore will be applied by national courts—in order to establish a more level regulatory playing field across the Union which should facilitate and encourage private compensatory damages actions for harm caused by EU antitrust breaches. Of course, a more level playing field means that differences will still remain. Moreover, it will be some time before the success of the Directive can be gauged, and further measures may be required in the future.     

Free movement of patients: Directive 2011/24 on the application of patients' rights in cross-border healthcare

This contribution comments on Directive 2011/24, providing a legal framework for cross border healthcare 13 years after the famous Kohll and Decker case law. The Directive contains provisions concerning the reimbursement of costs, the responsibilities of the Member States and their mutual cooperation in healthcare. Analysing the (potential) impact of the Directive 2011/24 on EU healthcare systems, patients and healthcare providers, it becomes clear that the impact of the Directives reaches far beyond patient mobility. The Directive creates patients' rights, pays attention to the quality and safety of healthcare services and creates an excessive structure of cooperation in the field of healthcare. The European Union seems ready to use its economies of scale to improve healthcare for all European patients.     

The economic costs and consequences of mass communications data retention: is the data retention directive a proportionate measure?

This article seeks to determine the economic costs and consequences of implementing the Data Retention Directive (Directive 2006/24/EC), an extraordinary counter terrorism measure that mandates the a priori retention of communications data on every European citizen, by drawing on the insights of economic analysis. It also explores the monetary costs of the Directive on subscribers and communications service providers of Member States within the EU. Furthermore, it examines the implications of the Directive on the economic sector of the European Union, by focusing on the Directive’s impact on EU competitiveness and other EU policies such as the Lisbon Strategy. This analysis is motivated by the following questions: what are the monetary costs of creating and maintaining the proposed database for data retention? What are the effects of these measures on individuals? What obstacles arise for the global competitiveness of EU telecommunications and electronic communications service providers as a result of these measures? Are other policies in the European Union affected by this measure? If so, which ones?     

EU Accession to the ECHR: Between Autonomy and Adaptation

After the European Union's accession to the European Convention on Human Rights the EU will become subject to legally binding judicial decisions of the European Court of Human Rights (ECtHR) and participate in statutory bodies of the Council of Europe (Parliamentary Assembly; Committee of Ministers) when they act under the Convention. Convention rights and their interpretation by the ECtHR will be directly enforceable against the EU institutions and against Member States when acting within the scope of EU law. This will vest the ECHR with additional force in a number of Member States, including Germany and the UK. All Member States will further be subject to additional constraints when acting under the Convention system. The article considers the reasons for, and consequences of the EU's primus inter pares position under the Convention and within the Council of Europe, and the likely practical effect of the EU's accession for its Member States.     

The legal effect of EU Regulations

The EU institutions are increasingly addressing harmonisation by means of regulation rather than the traditional use of directives. This is particularly impacting areas such as data protection, financial services regulation and European standardisation in Information and Communications Technology. More broadly, using directly applicable regulations which may have horizontal and vertical direct effect rather than directives has important administrative and constitutional implications for their application in national law and impacts on Member States' discretion to implement supplementary legislation which falls within the remit of the regulation in question. This is of particular concern where governments implement policies which might be in contravention of these rules. This may be the case in relation to the UK government's public procurement policy which mandates royalty free standards rather than royalty bearing standards with the option for the licence holder to licence royalty free.     

The Trade Union Movement and the European Union: Judgment Day

Abstract: The trade union movement faces a challenge to the legality of transnational collective action as violating economic freedoms in the EC Treaty. How are disparities in wages and working conditions among the Member States to be accommodated? Are national social models protected? Does the internal market allow for trade union collective action? How does EU law affect the balance of economic power in a transnational economy? What is the role of courts in resolving economic conflicts? This article analyses the responses to these questions as referred to the European Court of Justice by the English Court of Appeal and offers some conclusions. The purpose is to highlight the different positions adopted by the old Member States and the new accession Member States as regards the underlying substantive issues, and the options available to the Court of Justice in answering the questions posed.     

EU Citizenship and Political Identity: The Demos and Telos Problems

Citizenship is the cornerstone of a democratic polity. It has three dimensions: legal, civic and affiliative. Citizens constitute the polity's demos, which often coincides with a nation. European Union (EU) citizenship was introduced to enhance ‘European identity’ (Europeans’ sense of belonging to their political community). Yet such citizenship faces at least two problems. First: Is there a European demos? If so, what is the status of peoples (nations, demoi) in the Member States? The original European project aimed at ‘an ever closer union among the peoples of Europe.’ Second: Citizens are members of a political community; to what kind of polity do EU citizens belong? Does the EU substitute Member States, assume them or coexist alongside them? After an analytical exposition of the demos and telos problems, I will argue for a normative self‐understanding of the EU polity and citizenship, neither in national nor in federal but in analogical terms.