A paradigm shift in the EU's Common Foreign and Security Policy: from transformation to resilience

The EU's Common Foreign and Security Policy (CFSP) is thriving. To the great surprise of many observers, there has been a strong increase in the conceptual and practical activity of the CFSP over the past few months, comparable only to its revival after the Kosovo crisis. In a speech in June 2017, German Chancellor Angela Merkel evoked the European spirit and affirmed that Europe would no longer be able to rely solely on others in the future. In all European policy areas that deal with foreign, security and defence issues, new institutions and political initiatives are being created, joint security research is being initiated, and new acts of law are being prepared. How can we explain this renaissance of a policy area that was assumed dead? What legal and political dynamics have contributed to its revival? It is significant that foreign and security policy, which used to be purely political areas, are increasingly subject to legal reform and incorporation into the European legal community. Moreover, the ECJ is more and more active in dissolving the old distinctions between political and legal integration and between the EU's internal and external dimensions. (author's abstract

The global strategy for the EU's foreign and security policy

Just a few days after the Brexit referendum, the EU heads of state and government welcomed the “Global Strategy for the European Union’s Foreign and Security Policy”. The document, which CFSP High Representative Federica Mogherini spent a year preparing, reads as yet another declaration of intent, calling for greater unity in the CFSP. It argues for what is at first glance an astonishingly defensive foreign policy orientation revolving around the concept of resilience. The upshot is a boost to transatlantic security relations, especially between the EU and NATO. (author's abstract

The networking of European foreign policy: from cacophony to choir?

The European Commission has created a new foreign affairs project team led by Federica Mogherini, the High Representative of the European Union for Foreign Affairs and Security Policy. This institutional reform represents yet another attempt to overcome the incoherence between the CFSP and the European Union’s external relations. The expectations of a more networked foreign policy will only be fulfillable if the EEAS takes over inter-departmental strategic planning and Germany plays a leading role in flexibilising the CFSP/CSDP. (Autorenreferat

Due diligence in cyberspace: guidelines for international and European cyber policy and cybersecurity policy

Global cyberspace is undergoing fundamental change. There are now frequent references to a "fragmentation of the Internet", but many European and international working groups are also increasingly aware that "a free, open and at the same time secure Internet" is a global public good. However, the political rules adopted for International and European cyber policies and cybersecurity policies will always lag behind technological developments. It is the more important, therefore, to subject these rules to the over-arching norm of due diligence in cyberspace, and to do so on the national, European and international levels. This generates three requirements for Germany's future strategic orientation in cyberspace: European cooperation: integrating national policies into the European framework; inclusiveness: giving different interest groups broad and publicly accessible representation in formulating policies; civilian response: prioritising the civilian component over the military component, particularly in times of peace. However, Germany's major partners are confused as to what goals precisely it is pursuing in cyberspace. It is therefore advisable for Berlin to improve its coordination and communication of responsibilities at the national and EU levels, be it on issues of Internet Governance, the fight against cybercrime, or cyberdefence. (author's abstract

The new 'Europe of security': elements for a European white paper on security and defence

With the Estonian Presidency of the EU Council from July until December 2017, the main topics will be digitalization and “a safe and secure Europe”. The Council Presiden-cy will, therefore, be tackling Europe’s major challenges. At the same time, it can make use of a wide-open window of opportunity, since the governments of the EU Member States are more willing than ever to consider deepening European foreign and security policy. The issue of security has also been a constant concern for the Commission since the beginning of its term – from President Juncker’s Political Guidelines in July 2014 to his most recent State of the Union Address in September 2016. Politics and society sup-port a ‘Europe of Security’ based on three major projects of current European policy: a security union, a defence union and close cooperation between NATO and the EU. When protecting critical infrastructures, i.e. cybersecurity, these projects merge. All three should be given a shared strategic vision in an overarching White Paper. (Autorenreferat

European Cyber Security Policy

The gradually developing European cyber security policy tries to establish minimum standards in all EU member states with regard to prevention, resilience and international cooperation. It aims to foster national security without compromising democratic principles or unduly limiting individual liberties. However, it is hard to find a balance between these goals, and the EU’s measures thus inevitably raise questions about the democratic implications of European cyber security policy. Are the institutional structures and instruments of European cyber security policy compatible with the criteria of democratic governance? In order to answer this question, this study first outlines the main challenges related to the promotion of Internet security. After that, the study presents the institutional architecture of global cyber security policy and identifies the key principles of organisation behind European cyber security policy. In conclusion, the study assesses how compatible the institutional framework of European cyber security policy is with democratic criteria and discusses ways to enhance cyber security without violating democratic principles. (author's abstract

The EU as a force for peace in international cyber diplomacy

Ever since the cyber attacks against the computer networks of European governments and defence and foreign ministries have become public knowledge, security policy-makers have insisted that the EU Member States need to develop more adequate cyber-defence and cyber-retaliation capabilities. However, the EU continues to base its cyber-security strategy on the resilience of Information and Communication Technology Infrastructures and cyber diplomacy as part of its Common Foreign and Security Policy (CFSP) so as to position itself as a force for peace. Its Joint EU Diplomatic Response to Malicious Cyber Activities, adopted in October 2017, primarily stipulates non-military instruments that could contribute to "the mitigation of cybersecurity threats, conflict prevention and greater stability in international relations". Faced with increasing activities infrastructures, Europe would be well-advised to adhere to the step-by-step cyber-diplomacy plan, which is based on the principle of due diligence. (author's abstract

Tests of partnership: transatlantic cooperation in cyber security, internet governance, and data protection

"Although relations are currently being tested, the transatlantic cyber partnership continues to stand on a solid normative and institutional foundation. Both sides agree on the fundamentals of Internet regulation. Both are of the conviction that universal accessibility to the Internet is extraordinarily useful not only for democratic decision-making and free markets but also for the future of the liberal democratic order. And both sides are united also in the search for effective means to limit malicious software, to fight crime, and to secure critical infrastructure. The controversy surrounding the NSA’s espionage activities exposed differences in what the United States and EU member countries consider to be the legitimate means and methods of reaching their common goals. It also revealed that they have different approaches to handling normative dissonance. Nevertheless, it certainly should not be misunderstood as an existential threat to the transatlantic partnership. Instead, transatlantic differences can and should be speedily resolved through political dialogue. Three major problem areas must be dealt with in this process: firstly the critical infrastructure protection in transatlantic cyber security, secondly the development of an inclusive multistakeholder-model in Internet governance and thirdly the adoption of the so-called umbrella agreement in data protection between the US and the EU." (author's abstract

Externalizing Europe: the global effects of European data protection

Purpose: This paper aims to explain how the EU projects its own data protection regime to third states and the US in particular. Digital services have become a central element in the transatlantic economy. A substantial part of that trade is associated with the transfer of data, most of it personal, requiring many of the new products and services emerging to adhere to data protection standards. Yet different conceptions of data protection exist across the Atlantic, with the EU putting a particular focus on protecting the fundamental right to privacy. Design/methodology/approach: Using the distinction between positive and negative forms of market integration as a starting point (Scharpf, 1997), this paper examines the question of how the EU is projecting its own data protection regime to third states. The so-called California effect (Vogel, 1997) and the utilization of trade agreements in the EU's foreign policy and external relations are well researched. With decreasing effectiveness and limited territorial reach of its enlargement policy, the EU found trade agreements to be particularly effective to set standards on a global level (Lavenex and Schimmelfennig, 2009). The existence of the single market makes the Union not only an important locus of regulation but also a strong economic actor with the global ambition of digital assertiveness. In the past, establishing standards for the EU's vast consumer market has proven effective in compelling non-European market participants to join. Findings: As the globe's largest consumer market, Europe aims to project its own data protection laws through the market place principle (lex loci solutionis), requiring any data processor to follow its laws whenever European customers' data are processed. This paper argues that European data protection law creates a "California Effect", whereby the EU exerts pressure on extra-territorial markets by unilateral standard setting. Originality/value: With its GDPR, the EU may have defused the problem of European citizens' data being stored and evaluated according to the US law. However, it has also set a precedent of extra-territorial applicability of its legislation - despite having previously criticized the USA for such practices. By now, international companies increasingly store data of European customers in Europe to prevent conflicts with EU law. With this decision, the EU will apply its own law on others’ sovereign territory. Conflicts created through the extra-territorial effects of national law may contradict the principle of due diligence obligations but are nevertheless not illegitimate. They may, however, have further unintended effects: Other major economies are likely to be less reluctant in the future about passing legal provisions with extra-territorial effect

European Union data protection and external trade: having the best of both worlds?

The trade in digital technology and services has become an absolutely central element of international economic relations. A substantial part of this trade is associated with the transfer of data, some of it personal, and many of the new products and services emerging in connection with the internet exhibit new characteristics of relevance for data protection. A significant need for regulation has thus arisen, requiring closer cooperation between experts for trade law, data protection, and information and communication technology (ICT). This applies above all to the current negotiations on the Transatlantic Trade and Investment Partnership (TTIP) and to the new agreement on transatlantic data transfer (EU-US Privacy Shield). (author's abstract