May I have some artificial intelligence with my human rights? About the recent European Commission’s Proposal on a Regulation for Artificial Intelligence

by Vera Lúcia Raposo*

 

On 21 April 2021, the European Commission released a proposal for a future European Union (EU) regulation on Artificial Intelligence (hereafter, the ‘Proposal). While its structure sought inspiration in the General Data Protection Regulation (GDPR), the content was built upon other relevant EU interventions, namely the EC’s White Paper on Artificial Intelligence (AI), released in February 2020. The aim is to facilitate and develop the use of Artificial Intelligence within the EU to create a truly Digital Single Market while still protecting fundamental rights, EU values, and ethical principles that are potentially threatened by AI features such as its opacity (some have called it a black box), complexity, the demand for copious amounts of data (big data, with all the attached concerns), and the possibility of automation. So far, so good. We expected nothing less from the European Commission (EC). However, the proposed regulation might fall short regarding its aim.

The definition of AI used by the Proposal is presented as being broad enough to encompass future developments of this technology. However, the fast pace of technology advancement implies that it will eventually be outdated.

The proposal is based on a risk-assessment model, under which three categories of AI emerge:

  • Unacceptable risk AI, banned in Title II of the Proposal. This category includes AI that distorts behaviours (dark patterns), explores the vulnerabilities of specific groups (micro-targeting), scores people based on their behaviours (social scoring), and proceeds to real-time biometric identification for law enforcement purposes in public spaces (facial identification);
  • High-risk AI, as referred to in Title III of the Proposal are allowed, albeit under particularly strict standards;
  • Low-risk AI, for which only transparency requisites are demanded in some cases (namely chatbots and deep fakes), as established in Title IV of the Proposal.

The identification of a serious risk is based on the potential menace to health, safety, and/or fundamental rights. Notably, not only does the label of ‘high-risk’ depend on the specific task performed, but also on its purpose. Moreover, in case AI systems are erroneously classified, the consequences are not clearly defined in the Proposal. A correction mechanism should be in place to amend any wrong classification, but the Proposal remains silent on this issue.

High-risk AI systems are products or safe components of products, whose regime has been harmonised under EU law by the legislation listed in Annex II (medical devices, toys, elevators, and many others); or stand-alone AI systems that pose special threats to fundamental rights and that are referred in Annex III. These lists shall be updated in accordance with the latest technological developments.

For high-risk AI, a two-step system of control and monitoring is built. First, the control is performed through mandatory requirements to be complied with by AI systems before entering into the market. A conformity assessment is undertaken by a third party following harmonised standards, which may lead to the issuance of the ‘CE marking of conformity’. Second, an ex-post monitoring mechanism will be put in place by market surveillance authorities which use the powers conferred to them by Regulation (EU) 2019/1020 on market surveillance. Moreover, AI providers are also obliged to report severe incidents and malfunctions.

Low-risk AI systems almost go unnoticed in the Proposal, except for the provisions on transparency. The two-step procedure is not required in this case. However, providers can voluntarily accept to do so by creating their own codes of conduct (Article 69).

source: https://euraxess.ec.europa.eu/

Such legal framework requires the set-up of specific organs at the national level (notifying authorities and notifying bodies), as well as the European level, particularly the European Artificial Intelligence Board. The latter is a supranational supervisory authority, similar to the European Data Protection Board (EDPB), created under the umbrella of the GDPR, and also to the recently proposed European Board for Digital Services established in the proposal of the Digital Services Act.

Another innovation is the EU database, in which stand-alone high-risk AI must be registered before entering into the market, to facilitate transparency and tracking. The information is supposed to be upload to the database by the provider of high-risk AI systems. Neutral entities, such as the notifying bodies, could be entrusted with this task for all AI systems. Such solution would lead to better results in terms of AI’s safety and transparency.

Accountability is another matter of concern. Indeed, compliance requirements are carried out by AI providers, i.e., the ones that develop the AI and put the AI system (or its outputs) on the EU market, even if they are not established within the EU territory. In addition to the above-mentioned tasks on control, monitoring and information update, their obligations include the implementation of risk management and quality management systems, the development of detailed technical documentation, the maintenance of automatically generated logs, and transparency obligations which require that the ones interacting with AI systems must be informed that they are.  Moreover, compliance is also expected from AI users, i.e., people or entities established in the EU using AI in a professional context, or not established in the EU but whose outputs are used in the EU, along with distributors and importers. In the event of non-compliance, the Proposal foresees maximum administrative fines of up to €20m or 4% of total worldwide annual turnover, similarly to the GDPR clauses. However, no accountability mechanisms are in place. Individuals harmed by AI systems can barely obtain redress. The 2019 report on Liability for Artificial Intelligence and other Emerging Digital Technologies and the European Parliament Resolution of 20 October 2020 on a Civil Liability Regime for Artificial Intelligence suggest that such a mechanism might be put in place, as it is also supported by Coordinated Plan on Artificial Intelligence, released together with the Proposal.

source: https://digital-strategy.ec.europa.eu/

Some highly controversial topics, such as facial recognition technologies (FRT), are expected to raise discussion amongst experts. Interestingly, the 2020 White Paper did not ban FRT, although a draft version had suggested a time limited ban on the use of FRT in public spaces. The White Paper merely recommended the use of appropriate cautions, without giving much detail on such recommendations. Instead, Article 5 of the Proposal clearly prohibits the use of some forms of FRT. It is expected that Article 5/1/d, in particular, will be contested by the ones defying this technology. The norm bans ‘real-time remote biometric identification systems in publicly accessible spaces for law enforcement purposes, allegedly one of its more threatening uses from the perspective of fundamental human rights. Considering its potential added value for crime control, the proposal provides for some exceptions: the search of crime victims, including missing children, ‘specific, substantial and imminent threat to the life or physical safety of natural persons, or of a terrorist attack’, and the detection, localisation, identification, or prosecution of a perpetrator or suspect of crimes referred to in Article 2/2. The latter includes grievous crimes, such as terrorism, tariffing of humans beings, murder, rape, but also different crimes such corruption, fraud, facilitation of unauthorised entry and residency. Moreover, the ban leaves several loopholes: it does not cover the use of FRT for law enforcement purposes that does not take place in real-time or that is not carried out in public spaces; FRT by other public entities not related to law enforcement; and FRT used by private individuals and companies. Critics might argue that still many doors are left open.

Overall, the Proposal is more human-rights-friendly than the White Paper, but eventually also more conservative, a potential downside for EU’s competitive digital capacity at a global scale.  At its core, the regulatory ideas – the categorisation of AI systems per levels of risk – are the same in the Proposal and the White Paper. However, the White Paper had a more pro-technology approach and unlike the Proposal it did not elaborate in detail the potential human rights violations. Some have even pointed out that the White Paper was more concerned with the economic outputs of a massive investiment in AI than with its consequences for human rights. Although the critic might be excessive, the White Paper did contain a stronger emphasis on technological development, as it results from the various sections dedicated to this aim (comparatively, there is proportionately more discussion on development and innovation than in the Proposal).

In contrast, the Proposal gives more space to the protection of fundamental rights (though many will argue that not enough), as expressed in multiple binding norms imposing risk assessments and safety requisites, whose violation can lead to severe economic penalties. Assuming this proposal becomes indeed the new AI Regulation, my guess is that European AI developers and manufacturers will be asked to comply with so many different requirements also coming from other norms, the GDPR, the Medical Devices Regulation, the In Vitro Diagnostic Devices Regulation, the Data Governance Act proposal, that AI in Europe will become a scientific topic, not a real industry though.

In sum, the Proposal essentially pivots around two core concepts. The first is compliance, based on a system of harmonised rules, monitoring, and good governance. Consequentially, the second is the principle of trust (‘trust’ and ‘trustwhorty’ are emphasised along the Proposal). On the one hand, developers of AI shall be able to rely on rules to carry out their businesses within the EU market by complying with a unified body of rules for all Member States. On the other hand, AI users should be able to rely on its safety.

Innovation should have been the third characteristic. The impetus to bring about innovation in AI technologies is restricted to Chapter V which, albeit introducing interesting provisions, falls short of what would be required for a truly digital single market. The most promising initiative is the creation of regulatory sandboxes to encourage innovation, though under strict (too strict?) requirements. AI investment in the EU might be hampered by such ‘innovation hole’ which could advantage other leading players. Given the outstanding Chinese technological development, including on AI, the EU might not be able to reach China in the near future (or ever). Whether the Proposal reached a fair balance between innovation and human rights, or conversely whether it will lead the EU to stagnation in the domain of AI remains to be seen.

 

*Vera Lúcia Raposo  is Associate Professor at the Faculty of Law of the University of Macau, China, and Assistant Professor at the Faculty of Law of the University of Coimbra, Portugal. Her main lines of research are health law and digital law.

Inadmissibility of the Action Against the EU Climate and Energy Framework

Some Reflections on the People’s Climate Case

by Enzo Elia*

The applicants of the case Carvalho v. Parliament and Council, also known as the people’s climate case, claim that their homes, livelihoods, traditional family occupation and culture are affected by climate change.

Climate change already has severe impacts on ecosystems, the economy, human health, and the well-being of the people around the world, including Europe. We can observe an increasing number of people claiming for more ambitious climate action from their governments and taking action to fight against climate change.

The applicants of the people’s Climate Case, supported by a broad range of NGOs, lawyers, citizens and scientists, are calling for a significant push on the EU agenda regarding its climate action and its 2030 climate target fixed by the 2018 Climate and Energy Framework.

The applicants underline that the climate protection is no longer a political or diplomatic issue rather, climate change has become a concrete problem which severely impacts their homes, livelihoods, and hinders their children’s future. Furthermore, the applicants also argue that a more ambitious EU 2030 climate target below 2 °C, or ideally 1,5 °C would also support the global community to keep within the range of the Paris Agreement’s long-term temperature goal. This would allow the objective to keep temperature rise within globally “safe limits”.

Facts of the Case

The case was filed in 2018 by 36 different applicants from five EU Member States Germany, France, Italy, Portugal, and Romania and two countries Kenya and Fiji, as well as a Swedish association representing indigenous Sámi youth before the General court.

Directly affected by rising sea levels, floods or drought – consequences of climate change – the applicants challenged the 2018 Climate and Energy Framework measures regulating greenhouse gas emissions for the years 2021 to 2030 namely the EU Emissions Trading System Directive, the Effort Sharing Regulation and the LULUCF Regulation. These EU instruments set an overall target of reducing annual greenhouse gas emissions by 40% compared to 1990 emission levels. Alleging a violation of their fundamental rights and invoking the Paris Agreement, the applicants requested the followings from the court : (i) to annul the Union’s legislative package insofar as it sets a target of 40% reduction in greenhouse gas emissions by 2030 compared to the level of the year 1990, and (ii) to order the Council and the European Parliament to adopt measures imposing a reduction of GHG at least between 50 and 60%, in lieu of monetary compensation for their alleged individual losses under Article 240(2) TFEU.

The General Court of the European Union

By order of 8 May 2019, the General Court ruled that the action was inadmissible on the basis that the applicants bringing the action failed to satisfy any of the locus standi criteria. Referring to a strict application of the Court of Justice of the European Union (CJEU) judgement Plaumann of 1963, the General Court decided that the applicants were not individually concerned by the EU Climate and Energy Framework.

The General Court stated that despite the effects of climate change may be different for one person to another, this does not mean that there exist reasons to bring an action against a measure of general application. In its view, a different approach has the effect of rendering the requirements of the Treaty on the Functioning of the European Union (TFEU) meaningless and creating locus standi for all. The General Court then ruled on the claim that the Council and the Parliament should be ordered to adopt more severe measures, which was made in the form of a claim for damages. the General Court considered that this claim sought, in reality, to obtain a result similar to the result of annulling the acts at issue and that, consequently, it also had to be declared inadmissible.

The applicants then appealed against the order of the General Court with the objective of the CJEU authorizing to rely on a possible infringement of fundamental rights to satisfy the conditions of the Plaumann judgment.

The Court of Justice of the European Union

The CJEU reiterated what the General Court held in Sabo, another climate action case. In Sabo, the General Court held that claiming that an act of the Union infringes fundamental rights is not sufficient to establish that the action brought by an individual is admissible.  This would risk violating the conditions of admissibility laid down in Article 263(4) TFEU. The CJEU recalled that the Courts of the European Union may not, without going beyond their jurisdiction, read those conditions in a way which has the effect of setting aside what is expressly laid down in the TFEU, even in the light of the fundamental right to effective judicial protection enshrined in the Charter of Fundamental Rights of the European Union.

Comment

Wouldn’t it have been better to question the relevance, today, of the criteria set out in Plaumann case law, regarding climate actions? Article 263(4) TFEU includes the notion of individual concern. One should not be obliged to read into this notion a requirement that an individual applicant seeking to challenge a general measure must be differentiated from all others affected by it in the same way as an addressee. On that reading, the greater the number of persons affected by a measure the less likely it is that judicial review under the fourth paragraph of Article 263(4) TFEU will be made available. The fact that a measure adversely affects many individuals, causing widespread rather than limited harm, provides a positive reason for accepting a direct challenge by one or more of those individuals. It should therefore be accepted that a person is to be regarded as individually concerned by an EU measure where, by reason of his particular circumstances, the measure has, or is liable to have, a substantial adverse effect on his interests.

In a nutshell, the Plaumann criteria are too restrictive and do not allow adequate access to justice for environmental and climate actions. Climate change, by its nature, affects everyone, present and future generations alike. Following the case-law of the CJEU, the mere fact that the effects of climate change are general renders the corresponding legal acts unsuitable for judicial review.

For the applicants to argue the infringement of their fundamental rights, they relied, inter alia, on the Codorníu case. In Codorníu a Spanish producer of sparkling wines sought to challenge a provision of a regulation which reserved the use of the designation crémant for wines produced in certain areas of France and Luxembourg. That provision could affect the position of all producers of sparkling wines in the EU using, or desiring to use, the designation crémant. The Court found nonetheless that Codorníu registered the graphic trademark Gran Crémant de Codorníu in Spain in 1924 and traditionally used that mark both before and after registration. By reserving the right to use the term crémant to French and Luxembourg producers, the contested provision prevents Codorníu from using its graphic trademark, and it concluded that Codorníu had therefore established the existence of a situation which from the point of view of the contested provision, differentiated it from all other traders.

Therefore, in Codorníu it was established that the applicant was harmed by a legislative act of general application by his individual interest derived from an individual trademark right he had acquired. However, the CJEU rejected the argument claiming the analogy between the people’s climate case with the Codorníu case. As noted in a comment on the Sabo case, the reasoning of the  CJEU was in essence that the Codorníu case concerned the loss of the acquired specific right to use a word within a trademark, while the people’s climate case concerned the protection of their fundamental rights, which are original and universal. Thus, in the current state of CJEU case law, the loss of a specific acquired right that is not originally possessed by its owner would find greater judicial protection than the infringement of fundamental rights granted to one or more individuals.

Given the rigidity of the Plaumann criteria, applicants are inclined to find – sometimes using a loophole as an alternative – other reasons for their claims, rather than relying directly on the violation of fundamental rights. Admissibility is therefore one problem – but not the only one – with which litigation on environmental protection and the fight against climate change must contend. The criteria imposed by Plaumann should be revised to adapt them to the needs of environmental protection. In fact, criteria designed to be applied to human beings are ill-suited to environmental protection, which would only be able to comply with them indirectly using other justifications aimed at demonstrating the presence of an individual interest.

It is also worth recalling that the European Union is bound by the Aarhus Convention. Article 9(3) of the Aarhus Convention requires that “members of the public […] may initiate administrative or judicial proceedings to challenge acts and omissions by private persons or public authorities which contravene provisions of national law relating to the environment”. As noted in another comment on the case, the Compliance Committee of the Aarhus Convention has stated in two reports published in 2011 and in 2017,that the criteria established by the Plaumann judgment were “too strict to meet the Convention’s criteria” because “persons cannot be individually affected if the decision or regulation takes effect by virtue of an legal objective legal or factual situation”.

However, beyond the question of admissibility, it could be argued, as some scholars did, that the possibility for an individual applicant to trigger a reference for a preliminary ruling under Article 267 TFEU provides full and effective judicial protection against general measures, such as measures related to environmental protection and the fight against climate change.

AG Jacobs in his opinion in Unión de Pequeños Agricultores case of 2002 criticised this assumption.

In fact, under the preliminary ruling procedure the applicant has no right to decide whether a reference is made, which measures are referred for review or what grounds of invalidity are raised and thus no right of access to the Court of Justice; on the other hand, the national court cannot itself grant the desired remedy to declare the general measure in issue invalid. Furthermore, there may be a denial of justice in cases where it is difficult or impossible for an applicant to challenge a general measure indirectly (e.g. where there are no challengeable implementing measures or where the applicant would have to break the law in order to be able to challenge ensuing sanctions. Finally, indirect challenges to general measures through references on validity under Article 267 TFEU present several procedural disadvantages in comparison to direct challenges under Article 263 TFEU before the General Court as regards for example the participation of the institutions which adopted the measure, the delays and costs involved, the award of interim measures or the possibility of third-party intervention.

Conclusion

In 2002 AG Jacobs has started calling for the Plaumann criteria to be significantly revised and this is more than acceptable. However, the CJEU has strictly applied the individual concern requirement up to now. While the preliminary ruling does not represent a complete protection against infringements resulting from measures of general application, it is also true that it can confer some protection on individuals and can therefore be an alternative to direct action at least until the CJEU is willing to change its approach on the concept of individual concern.

Beyond the question of the application of Article 267 TFEU, in a case like the people’s climate case, appeals under Articles 263 and 277 TFEU would also have failed. The Plaumann criteria would have constituted an obstacle to the application of Article 277 TFEU. Furthermore, the level of partial harmonisation of the 2018 Climate and Energy Framework would have made a possible appeal to the CJEU under Article 263 TFEU against the implementing acts of the member states inadmissible.

The CJEU’s restrictive approach now differs from those adopted by national courts regarding the locus standi of natural persons in climate actions. But the admissibility of a climate action at national level to safeguard a fundamental right is influenced by national laws, which leads to differences in protection depending on the Member State in which action is taken. A second problem is the often very high costs that claimants must bear for a nationwide action, as well as possible delays in the procedure.

Today, the European Union is one of the main global actors for the adoption of ambitious climate policies, but there is still a lot to be done in terms of access to justice for environmental and climate action.

* Enzo Elia is a teaching and research assistant, and he is carrying out a Ph.D. in EU and international climate change law at the University of Geneva. His Ph.D. research aims to understand how and to what extent the EU contributes to the development and implementation of the global climate regime through the analysis of the compositional elements of the concept of EU actorness. The analysis will lead to the redefinition of the concept of EU actorness in the field of climate change. Furthermore, ascertained that the discipline still lacks a generalizable conceptual framework, an attempt will be made to propose a new model to bring research on actorness to a systematic level.

His current areas of interest and activity include EU and international environmental and climate change law, EU and international governance, the relationship between climate change and human rights, the relationship between the global climate change regime and other global regimes, the systemic relationships between regional and international organisations, international dispute settlement, sustainable development.

 

European Law and Policies against Hybrid Threats

The KLSR EU law blog is delighted to publicise a conference organised by the University College Cork School of Law  on the theme of European Law and Policies against Hybrid Threats. The event will be held on zoom on 20 and 21 May. You can see the programme and register here.

source: epthinktank.eu

This two-day event, organised by Dr Luigi Lonardo, will consider a range of legal and policy issues through four panel discussions with leading experts from academia, think tanks, and practice on the topics of disinformation, border issues, lawfare and hostile investment. The event will welcome Dr. Antonio Missiroli, former NATO Assistant Secretary General for Emerging Security Challenges and Director, European Union Institute for Security Studies who will deliver a keynote lecture on “Hybrid threats: cyberspace as arena and enabler”.

For any info you may contact Dr Luigi Lonardo at llonardo@ucc.ie

 

The UK Adequacy Decision and the Looming Possibility of a Schrems III

by Osal Stephen Kelly*

Introduction

In July 2020, the Court of Justice of the European Union (“CJEU”) delivered its judgment in the Schrems II case brought by the Austrian lawyer and activist Max Schrems, with far-reaching implications for data protection policy and practice. One question of particular urgency is what the consequences will be for the continued flow of personal data from the EU to the UK; while the EU-UK Trade and Cooperation Agreement temporarily allows these flows to continue on the same terms as between member states, this will end on 30th June 2021.  The purpose of this period is to allow for the EU Commission to determine whether or not to grant an “adequacy decision” that would confirm that the UK provides a level of protection essentially equivalent to that of member states, which would allow for these important transfers to continue indefinitely. While the Commission has issued a draft adequacy decision, some of the issues identified by the European Data Protection Board (“EDPB”) in its recent opinion on the draft expose frailties in these protections that could form the basis for a legal challenge in the future. It is submitted that there are two areas of particular vulnerability that would be key in any such challenge. First, there are serious unresolved questions around the powers of UK and US authorities to access data for security purposes. Second, the UK’s emerging post-Brexit constitutional and legal framework is likely to be somewhat less advantageous to data subjects vindicating their rights than was the case when EU law had direct effect.

Schrems II

Schrems II comes after another case brought forward by Mr Schrems who had already challenged the previous framework as well (Schrems I). The Schrems II case arose from a complaint concerning the transfer of his data from Facebook Ireland to Facebook Inc. (based in the United States). The complaint was made to the Irish Data Protection Commissioner and resulted in the Irish High Court making a preliminary reference to the CJEU. In its submissions, Facebook sought to justify these transfers as permitted by the EU Commission’s Privacy Shield decision, which set additional safeguards for data moving from the EU to the US.  However, the Court found that the Privacy Shield was invalid as the protections offered by US law did not in fact afford the required level of protection. The Court stressed the importance of “effective and enforceable data subject rights” (para. 177 of judgment) and found that data subjects did not enjoy such rights under the Privacy Shield. Particular emphasis was placed on the lack of limits on the power of surveillance agencies to collect data on individuals held by companies such as Facebook (para. 180). While the Court recognised that data controllers could in principle rely on standard contractual clauses approved by the Commission to allow cross-border data transfers to continue, it noted that such clauses did not necessarily protect data from unlawful access by the authorities of the receiving country (para. 141).

from jonesday.com

Schrems III?

Although the UK ceased to be subject to EU law from 31st December 2020, the GDPR has been incorporated (with amendments) into UK domestic law, in line with Section 3 of the European Union (Withdrawal) Act 2018. This amended version, referred to as the “UK GDPR”, now forms the basis of the UK’s legal framework for data protection, along with the UK’s existing Data Protection Act 2018 (draft adequacy decision, Recital 14), and this is the framework that was examined in the Commission’s draft adequacy decision, and, subsequently, the EDPB’s opinion, released on 13th April 2021. Although important, the opinion in itself is non-binding and the final decision on adopting the adequacy decision rests with the Commission, so it is likely to be approved.

The EDPB opinion, read in light of Schrems II, would require the UK’s intelligence operations to apply particular scrutiny over the compliance with the (EU) GDPR. While the tone of the opinion as a whole is very measured, the EDPB nonetheless expresses “strong concerns(para. 88 of opinion) over the data-sharing agreement between US and UK authorities pursuant to the US CLOUD Act. The Act requires US companies to disclose information stored on overseas-based servers on foot of a valid warrant. The EDPB notes that the Commission’s draft decision refers to non-binding “explanations that were provided to it by UK authorities (para. 88 of opinion). Critically, however, the EDPB notes that these explanations did not seem to comprise “any concrete written assurance or commitment” on the part of the UK Government. It is difficult to see how mere explanations without substantive legal force could be relied upon by data subjects in enforcing their rights, which is concerning, given that the existence of “effective and enforceable data subject rights” was deemed vitally important in Schrems II.

Moreover, para. 189 of the opinion highlights how broad the general exemption is for intelligence-related processing, stating that “national security certificate DPA/S27/Security Service provides that until 24 July 2024, personal data processed ‘for, on behalf of, at the request of or with the aid or assistance of the Security Service or’ and ‘where such processing is necessary to facilitate the proper discharge of the functions of the Security Service described in section 1 of the Security Service Act 1989’ are exempted from the corresponding provisions in UK law to Chapter V GDPR in relation to transfers of personal data to third countries or international organisations”.

This provision is similarly open-ended to Section 702 of the US Foreign Intelligence Surveillance Act, which had been considered not to afford a sufficient level of protection to data flows in Schrems II (para. 180 of judgment). If Part V GDPR (and equivalent provisions in the UK GDPR) does not apply to intelligence processing, personal data would be transferred to US authorities and thus fall within the scope of the Court’s ruling in Schrems II.

Given that the UK is no longer a member of the EU and subject to the jurisdiction of the CJEU, issues also arise in relation to the UK’s overall legal framework (para. 54 of opinion). The Commission has placed great emphasis on the fact that the UK will continue to be a party to the European Convention on Human Rights (“ECHR”) and thus of the “European privacy family” (press release accompanying the adequacy decision). However, while the set of rights listed in the ECHR are also included in the EU’s Charter of Fundamental Rights, in Schrems II the Court notes that the ECHR is not part of the EU law acquis (paras. 98, 99 of judgment). Furthermore, the UK Government will review the Human Rights Act 1998 which implements the ECHR in the UK. The review will consider whether courts have been “unduly drawn into matters of policy”. Given that the CJEU identified “effective and enforceable data subject rights” as key in determining whether a country provided an adequate level of protection (para. 45 of judgment), any dilution of the rights of citizens to invoke their ECHR rights would be likely to count against the UK in the event of a legal challenge.

Conclusion

The foregoing indicates that a credible case could be brought before the Court to challenge the validity of the adequacy decision in the future. On a practical note, data controllers can at least be reassured by the CJEU’s clarification in Schrems II that an adequacy decision enjoys, in effect, a presumption of legality until it is successfully challenged (para. 156 of judgment), and accordingly they should not incur any liability for data transfers while the adequacy decision remains in place, for whatever period that may be.

*Osal Kelly is a postgraduate Law student in the Law Society of Ireland in Dublin and holds an undergraduate degree in Philosophy from Trinity College, Dublin. He currently works in the Irish public service. This article is written in a personal capacity.

 

NEW PUBLICATIONS IN THE FIELD OF EU LAW

The editors of the KSLR EU Law Blog are pleased to announce recent publications in the field of EU law, with a discount attached for our readers.

 

EU Soft Law in the Member States

Theoretical Findings and Empirical Evidence

Edited by Mariolina Eliantonio, Emilia Korkea-aho and Oana Stefan

This volume analyses, for the first time in European studies, the impact that non-legally binding material (otherwise known as soft law) has on national courts and administration.

The study is founded on empirical work undertaken by the European Network of Soft Law Research (SoLaR), across ten EU Member States, in competition policy, financial regulation, environmental protection and social policy. The book demonstrates that soft law is taken into consideration at the national level and it clarifies the extent to which soft law can have legal and practical effects for individuals and national authorities.

The national case studies highlight the points of convergence or divergence in the way in which judges and administrators approach soft law, while reflecting on the reasons for and consequences of various national practices.

A series of horizontal studies connect this research to the rich literature on new modes of governance, by revisiting traditional theories on soft law, and by reflecting on the potential of such instruments to undermine or to foster rule of law values.

Mariolina Eliantonio is Professor at the University of Maastricht.

Emilia Korkea-aho is Associate Professor at the University of Eastern Finland Law School.

Oana Stefan is Reader in Law at King’s College, London.

Mar 2021   |   9781509932030   |   496pp   |   Hbk   |    RSP: £75

Discount Price: £60. Order online at www.hartpublishing.co.uk – use the code UG7 at the checkout to get 20% off your order!

 

Standing to Enforce European Union Law before National Courts

Hilde Ellingsen

The right to access to court is long recognised as an essential element of a Union based on the rule of law. This book asks how can member states insure that their individual rules on standing guarantee that right? The book answers the question by analysing EU law’s requirements from two angles: first, the effective protection of Union rights; second, the effectiveness of Union law per se. With inductive case law examination, it formulates an autonomous Union law doctrine of standing. The book then goes further, setting out an effectiveness test of member states’ enforcement mechanism, preventing practical impediments to the right to access to court. This is a rigorous study on a question of immense importance.

Hilde Ellingsen is Senior Lecturer at the University of Olso.

Apr 2021   |   9781509937141   |   384pp   |   Hbk   |    RSP: £90

Discount Price: £72. Order online at www.hartpublishing.co.uk – use the code UG7 at the checkout to get 20% off your order!

 

The External Dimension of the EU’s Policy against Trafficking in Human Beings

Chloé Brière

This book explores the external dimension of the ambitious EU policy on human trafficking. Through this policy the EU institutions and Member States promote the eradication of human trafficking and support, to that end, cooperation with their partners, being third States or international organisations.

Analysing the unilateral and multilateral mechanisms the EU uses to achieve these aims, the book questions whether the EU’s external response to human trafficking addresses it in all its dimensions, and whether it does so in a coherent way. As a case study, the book explores the cooperation of the EU with countries of the Western Balkans, which constitutes a specific unilateral mechanism. The analysis of the multilateral mechanisms covers the cooperation of the EU with key international and regional organisations combating human trafficking, including but not limited to the Council of Europe or the United Nations Office on Drugs and Crime.

The book also examines the impact of the evolution of migration flows and the increasing reliance of military tools on the EU’s response to human trafficking.

Chloé Brière is a Post-doctoral Research Fellow funded by the Belgian National Research Fund (FNRS) and a professor of EU law at the Centre for European Law of the Université libre de Bruxelles.

Apr 2021   |   9781509932825   |   328pp   |   Hbk   |    RSP: £85

Discount Price: £68. Order online at www.hartpublishing.co.uk – use the code UG7 at the checkout to get 20% off your order!

 

Countering Tax Crime in the European Union

Benchmarking the OECD’s Ten Global Principles

Umut Turksen

This book seeks durable solutions for tax crime and is a great resource for the development of knowledge, policy and law on tax crime. The book uniquely blends current practice with new approaches to countering tax crime. With insights from the EU-funded project, PROTAX, which conducts advanced research on tax crimes, the book comparatively analyses the EU’s tax crime measures and the Ten Global Principles (TGPs) on fighting tax crime by the Organisation for Economic Cooperation and Development (OECD).

The study critically examines how the TGPs can serve as minimum standards for the EU to counter tax crime such as tax evasion and tax fraud. The study also analyses how the anti-tax avoidance package can be graduated to fight tax crime in the EU. When escalated, the strengths of the EU tax crime measures and TGPs can form a fortress in which criminal law can be empowered to mitigate tax crimes with greater effect.

The book will be particularly useful for end-user stakeholders such as tax policy makers, LEAs, professional enablers as well as academics and students interested in productive interaction between tax, criminal and administrative laws.

Umut Turksen is Professor of Law at the Centre for Financial and Corporate Integrity, Coventry University, UK.

Mar 2021   |   9781509937950   |   336pp   |   Hbk   |    RSP: £75

Discount Price: £60. Order online at www.hartpublishing.co.uk – use the code UG7 at the checkout to get 20% off your order!