Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such

Fundamental Rights of workers in the Digital Age: A methodological approach from a case study. WP C.S.D.L.E. "Massimo D'Antona" .INT - 89/2011

The relationship between employer and worker is not only obligatory but above all, as Sinzheimer said, a ‘relationship of power’. In the Digital Age this statement is confirmed by the massive introduction of ICT in most of the companies that increase, in practice, employer’s supervisory powers. This is a worrying issue for two reasons: on one hand, ICT emerge as a new way to weaken the effectiveness of fundamental rights and the right to dignity of workers; and, on the other hand, Spanish legal system does not offer appropriate solutions to ensure that efficacy. Moreover, in a scenario characterized by a hybridization of legal systems models –in which traditional hard law methods are combined with soft law and self regulation instruments–, the role of our case law has become very important in this issue. Nevertheless, despite the increase of judicialization undergone, solutions offered by Courts are so different that do not give enough legal certainty. Facing this situation, I suggest a methodological approach –using Alchourron and Bulygin’s normative systems theory and Alexy’s fundamental rights theory– which can open new spaces of decision to legal operators in order to solve properly these problems. This proposal can allow setting a policy that guarantees fundamental rights of workers, deepening their human freedom in companies from the Esping-Andersen’s de-commodification perspective. With this purpose, I examine electronic communications in the company as a case study

The ethics of uncertainty for data subjects

Modern health data practices come with many practical uncertainties. In this paper, I argue that data subjects’ trust in the institutions and organizations that control their data, and their ability to know their own moral obligations in relation to their data, are undermined by significant uncertainties regarding the what, how, and who of mass data collection and analysis. I conclude by considering how proposals for managing situations of high uncertainty might be applied to this problem. These emphasize increasing organizational flexibility, knowledge, and capacity, and reducing hazard

Welcome to the Last Frontier, Professor Gardner: Alaska’s Independent Approach to State Constitutional Interpretation

Kommuner är en verksamhet som påverkar oss medborgare dagligen och finansieras av skatteintäkter som vi betalar in. Under de senaste åren har det rapporterats om skandaler inom kommunal verksamhet som har berott på bristfälliga kontroller inom verksamheten och att rutiner inte har följts vilket har fått konsekvenser. Det har även presenterats en rapport från Europakommissionen om att mutor är förekommande inom kommunal verksamhet även i Sverige vilket kan leda till att den makt kommunerna har används på ett felaktigt sätt. Dessa problem kan anses vara risker för den kommunala verksamheten att nå sina mål och det kan därför finnas ett behov förbättra ledningen av verksamheten för att åtgärda riskerna. Ett sätt att förbättra ledningen är att använda sig av riskhantering vilket är ett ledningsverktyg som har blivit allt mer förekommande för att hantera risker och effektivisera verksamheterna. Det har genom åren arbetats fram lagar och riktlinjer om hur en bättre kontroll av verksamheten ska ske som på senare år resulterat i ett ramverk för riskhantering, “Enterprise risk management” (ERM) vilket skapades för att hantera riskerna för verksamhetens samtliga mål.   Tidigare studier har visat att ERM går att använda i kommunal verksamhet men att det saknas studier som undersöker hur det går till i en svensk miljö. Den forskning som vi har tagit del av visar att det finns behov av att anpassa riskhanteringsarbetet till den specifika verksamhet som ERM används inom och det är det den här studien ämnar förklara hur arbetet går till i en kommun. Det har även visats i forskning att det finns två delar som är viktiga för att riskhanteringen ska fungera på ett bra sätt, vilka är riskbedömningen och kommunikationen kring risker inom en verksamhet. Dessa områden kommer vi att beröra utförligare i vår studie samt att vi även kommer att beskriva om det fanns några problemområden i arbetsprocessen kring riskhantering. Vi har utifrån det formulerat följande problemformulering: Hur arbetar kommuner med riskhantering för att leda sin verksamhet? Studien genomfördes genom att intervjua nio tjänstemän som arbetar med riskhantering inom Umeå kommun. När vi analyserat den information vi samlat in genom intervjuerna kunde vi beskriva hur Umeå kommun arbetar med riskhantering och vilka problemområden som vi upplevde att de hade i sitt arbete. Umeå kommun arbetar med riskhantering genom att skapa bra förutsättningar för personalen genom att beskriva hur arbetet ska gå till i interna dokument samt att det har blivit ett större fokus på samtliga risker som påverkar målen för verksamheterna. De problemområden vi såg var att riskbedömningen ansågs vara problematisk eftersom det var svårt att avgöra hur de skulle bedömas utifrån de kriterier som fanns och att denna bedömning ofta påverkades av personliga åsikter. Ytterligare ett problemområde som vi identifierat var att det fanns behov av att förbättra kommunikationen inom kommunen vilket påverkar hur effektiv deras riskhantering är. Kommunikationen i nuläget mellan nämnderna brister vilket leder till att beslut fattas som motverkar varandra samt att det finns en risk att politikerna inte får den information de behöver för att fatta bra beslut för kommunen. Vi upplever att om dessa områden förbättras kommer Umeå kommuns riskhantering bli bättre vilket i slutändan leder till att de samhälleliga tjänster som erbjuds medborgarna kan hålla en högre kvalité

Fourth Amendment Codification and Professor Kerr\u27s Misguided Call for Judicial Deference

This essay critiques Professor Orin Kerr\u27s provocative article, The Fourth Amendment and New Technologies: Constitutional Myths and the Case for Caution, 102 Mich. L. Rev. 801 (2004). Increasingly, Fourth Amendment protection is receding from a litany of law enforcement activities, and it is being replaced by federal statutes. Kerr notes these developments and argues that courts should place a thumb on the scale in favor of judicial caution when technology is in flux, and should consider allowing legislatures to provide the primary rules governing law enforcement investigations involving new technologies. Kerr\u27s key contentions are that (1) legislatures create rules that are more comprehensive, balanced, clear, and flexible; (2) legislatures are better able to keep up with technological change; and (3) legislatures are more adept at understanding complex new technologies. I take issue with each of these arguments. Regarding Kerr\u27s first contention, I argue that Congress has created an uneven fabric of protections that is riddled with holes and weak safeguards. Kerr\u27s second contention - that legislatures are better able to update rules quickly as technology shifts - is belied by the historical record, which suggests Congress is actually far worse than the courts in reacting to new technologies. As for Kerr\u27s third contention, shifting to a statutory regime will not eliminate Kerr\u27s concern with judges misunderstanding technology. In fact, many judicial misunderstandings stem from courts trying to fit new technologies into an old statutory regime that is built around old technologies. Therefore, while Kerr is right that our attention must focus more on the statutes, he is wrong in urging for a deferential judicial approach to the Fourth Amendment

Scenarios for the development of smart grids in the UK: synthesis report

‘Smart grid’ is a catch-all term for the smart options that could transform the ways society produces, delivers and consumes energy, and potentially the way we conceive of these services. Delivering energy more intelligently will be fundamental to decarbonising the UK electricity system at least possible cost, while maintaining security and reliability of supply. Smarter energy delivery is expected to allow the integration of more low carbon technologies and to be much more cost effective than traditional methods, as well as contributing to economic growth by opening up new business and innovation opportunities. Innovating new options for energy system management could lead to cost savings of up to £10bn, even if low carbon technologies do not emerge. This saving will be much higher if UK renewable energy targets are achieved. Building on extensive expert feedback and input, this report describes four smart grid scenarios which consider how the UK’s electricity system might develop to 2050. The scenarios outline how political decisions, as well as those made in regulation, finance, technology, consumer and social behaviour, market design or response, might affect the decisions of other actors and limit or allow the availability of future options. The project aims to explore the degree of uncertainty around the current direction of the electricity system and the complex interactions of a whole host of factors that may lead to any one of a wide range of outcomes. Our addition to this discussion will help decision makers to understand the implications of possible actions and better plan for the future, whilst recognising that it may take any one of a number of forms

DRM and Privacy

Interrogating the relationship between copyright enforcement and privacy raises deeper questions about the nature of privacy and what counts, or ought to count, as privacy invasion in the age of networked digital technologies. This Article begins, in Part II, by identifying the privacy interests that individuals enjoy in their intellectual activities and exploring the different ways in which certain implementations of DRM technologies may threaten those interests. Part III considers the appropriate scope of legal protection for privacy in the context of DRM, and argues that both the common law of privacy and an expanded conception of consumer protection law have roles to play in protecting the privacy of information users. As Parts II and III demonstrate, consideration of how the theory and law of privacy should respond to the development and implementation of DRM technologies also raises the reverse question: How should the development and implementation of DRM technologies respond to privacy theory and law? As artifacts designed to regulate user behavior, DRM technologies already embody value choices. Might privacy itself become one of the values embodied in DRM design? Part IV argues that with some conceptual and procedural adjustments, DRM technologies and related standard-setting processes could be harnessed to preserve and protect privacy