Suchergebnisse

Intro -- Acknowledgements -- Contents -- Abbreviations -- Tables and Figures -- Table of Cases -- Table of Legislation -- Introduction -- I. Investigating the Relationship of the Triad -- II. Plan of the Book -- PART 1: INTRODUCING CYBERSECURITY, PRIVACY AND DATA PROTECTION LAW AND THEIR INTERPLAY -- 1. Cybersecurity, Privacy and Data Protection: An Analytical Framework -- I. Studying the Relationship between Cybersecurity, Privacy and Data Protection -- II. The Triad within the EU Constitutional Architecture: A Policy, Law and Technology Analysis -- III. Conclusion: An Analytical Framework to Study the Relationship of the Triad -- 2. The EU Cybersecurity Policy -- I. The Development of the EU Cybersecurity Policy -- II. The EU Cybersecurity Policy and Law Landscape -- III. Conclusion: Tensions within Cybersecurity and the Way Forward -- 3. Privacy: The Right to Respect for Private and Family Life -- I. Sources and Scope of Article 7 CFR -- II. Essential Components of Article 7 of the Charter -- III. Conclusion: Essential Components of Article 7 CFR, Essence -- 4. The Right to the Protection of Personal Data -- I. Sources of Article 8 CFR -- II. Essential Components of Article 8 CFR -- III. Conclusion: Essential Components of Article 8 CFR, Essence -- PART 2: TECHNOLOGY AND THE TRIAD IN THE DSM, THE AFSJ AND THE EA -- 5. Cybersecurity, Privacy and Data Protection as Techno-Legal Objects: Investigating the Role of Technology -- I. Leveraging Technology to Appraise the Reconciliation of the Triad -- II. Technology as a Regulatory Target: The Effacement of Technology from the Law and its Consequences -- III. Courts, the Effacement of Technology and the Indeterminacy Loop -- IV. Conclusion -- 6. The DSM: Network and Information Security (NIS), Privacy and Data Protection.

This report illustrates a selection of the results of the CharterClick! Project Questionnaire on the use of the Charter of Fundamental Rights by National Data Protection Authorities (hereafter NDPAs) and the EDPS in their day-to-day activities. The questionnaire was circulated at the end of September 2016, and responses were collected up until January 2017. This is a crucial period to study the use of the Charter by (N)DPAs, since authorities are preparing the enforcement of the General Data Protection Regulation (hereafter GDPR) and the Directive 2016/680, which represent the first, important, steps of the complete overhaul of the data protection legal framework. Both texts testify to the double significance that the Charter should already have for NDPAs. First, the protection of personal data has the status of a fundamental right (independent from the right to respect for private and family life) in the Charter. Secondly, the Charter enjoys primacy in the hierarchy of sources of Union law. Hence, NDPAs should interpret the national applicable law falling within the scope of EU law (enforcement of primarily Directives 1995/46 and 2002/58), and the impending GDPR and Directive, in the light of both the Charter, and the related case law of the Court of Justice of the European Union (hereafter CJEU).

Defence date: 30 March 2017 ; Examining Board: Professor Marise Cremona, EUI (Supervisor); Professor Deirdre Curtin, EUI; Professor Anne Flanagan, Queen Mary University of London; Professor Ronald Leenes, Tilburg University ; This thesis concerns a specific instance of the trade-off between security and 'privacy rights', namely cybersecurity, as it applies to EU Law. The research question is whether, and how, the pursuit of cybersecurity can be reconciled with the protection of personal data and respect for private and family life, which I treat as two independent rights. Classic legal argumentation is used to support a normative critique against the trade-off; an in-depth scrutiny of '(cyber)security' and 'privacy' further shows that the trade-off is methodologically flawed: it is an inappropriate intellectual device that offers a biased understanding of the subject matter. Once the terms of discussion are reappraised, the relationship between cybersecurity and privacy appears more nuanced, and is mediated by elements otherwise overlooked, chiefly technology. If this fatally wounds the over-simplistic trade-off model, and even opens up avenues for integration between privacy and cybersecurity in EU law, on the other hand it also raises new questions. Looked at from the perspective of applicable law, technology can both protect and infringe privacy rights, which leads to the paradox of the same technology being both permissible and impermissible, resulting in a seeming impasse. I identify the problem as lying in the combination of technology neutrality, the courts' avoidance in pronouncing on matters of technology, and the open-ended understanding of privacy rights. To appraise whether cybersecurity and privacy rights can be reconciled, I develop a method that bridges the technological and legal understandings of information security and privacy, based on the notions/methods of protection goals, attributes and core/periphery or essence, and which has the advantage of highlighting the independence of the two privacy rights. A trial run of the method discloses aspects of the 'how' question that were buried under the trade-off debate, viz. the re-appropriation of the political and judicial process vis-àvis technology. ; Chapter 4 draws upon an article in Neue Kriminalpolitik 4/2013

(This working paper is a revised version of Ms. Porcedda's EUI LL.M. thesis, 2012.) ; Cybercrime and cyber-security are attracting increasing attention, both for the relevance of Critical Information Infrastructure to the national economy and security, and the interplay of the policies tackling them with 'ICT sensitive' liberties, such as privacy and data protection. This study addresses the subject in two ways. On the one hand, it aims to cast light on the (legal substantive) nature of, and relationship between, cybercrime and cyber security, which are currently 'terms of hype' (and therefore it is descriptive). On the other, it explores the possibility of reconciling data protection and privacy with the prevention of cybercrime and the pursuit of a cyber-security policy (and therefore it explores causation). As such, the subject falls in the 'security vs. privacy' debate, and wishes in particular to investigate whether it is possible to build 'human rights by design' security policies, i.e. a security policy that reconciles both security and human rights. My argument hinges on a clarification of the term 'cybercrime' (and cyber-security), both by building on the literature – which recognises the mix of traditional crimes committed by electronic means (broad cybercrime or off-line crimes), and novel crimes possible only in the online environment (narrow cybercrime or online crimes) –and on original interpretations as far as the relationship between cybercrime and cyber-security is concerned. I argue that narrow (or online) crimes and broad (or off-line) crimes are profoundly different in terms of underlying logics while facing the same procedural challenges, and that only narrow cybercrime pertains to cyber-security, understood as a policy. Yet, the current policy debate is focussing too much on broad cybercrimes, thus biasing the debate over the best means to tackle ICT-based crimes and challenging the liberties involved. I then claim that the implementation of data protection principles in a cyber-security policy can act as a proxy to reduce cyber threats, and in particular (narrow) cybercrime, provided that the following caveats are respected: i) we privilege a technical computer security notion; ii) we update the data protection legislation (in particular the understanding of personal data); and iii) we adopt a coreperiphery approach to human rights. The study focuses on the European Union. The interaction between privacy and data protection and other liberties involved, as well as purely procedural issues, are outside of the scope of this research.

Ausgangsthese des Buches ist, dass die verbreitete Metapher einer Abwägung zwischen Sicherheit und Privatheit konzeptuell inadäquat ist und zentrale Aspekte von Überwachungs- und Kontrollmaßnahmen verdeckt. Die Autoren betonen hingegen die symbiotische Beziehung zwischen Freiheit und Sicherheit und zeigen die Leere beider Konzepte auf, sobald sie voneinander isoliert und außerhalb konkreter Machtverhältnisse verstanden werden. Über eine stärkere Kontextualisierung von Risikokonzeptionen, Überwachungs- und Kontrollpraktiken zeigen sie dabei den Wert von Privatheit und Datenschutz auf. Als Kaleidoskop von Perspektiven, die von den Critical Studies über Internationale Beziehungen, Rechtswissenschaften und Philosophie bis hin zur Soziologie reichen, macht das Buch deutlich, dass Überwachungs- und Kontrolltechniken keineswegs immer mehr Sicherheit und weniger Privatheit implizieren – und umgekehrt, dass der Schutz von Privatheit nicht nur zuungunsten von Sicherheit zu haben ist.