About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

8 Int'l Data Priv. L. 1 (2018)

handle is hein.journals/intldatpc8 and id is 1 raw text is: 


International Data Privacy Law, 2018, Vol. 8, No. 1


An unstoppable force and an

immoveable object? EU data protection

law and national security

Christopher Kuner*, Fred Cate**, Orla Lynskey**,
Christopher Millard**, Nora Ni Loideain** and Dan Svantesson**


The  Grand  Chamber   of the Court  of Justice of the
European  Union  (EU)  (CJEU/Luxembourg   Court), the
EU's highest court, is gaining a reputation for its more
purposive and expansive interpretation and application
of EU data protection law. This is particularly so in rela-
tion to the right to data protection, as guaranteed by
Article 8 of the EU Charter of Fundamental Rights (EU
CFR)  which became  part of EU  law in 2009 following
the entering into force of the Lisbon Treaty [Treaty on
the Functioning of the EU (TFEU)].
   In addition to Article 8 EU CFR, another important re-
form  of EU data protection law in 2009 was Article 16
TFEU  which provides an explicit legal basis for data pro-
tection legislation. Consequently, this relatively new legal
framework  (especially Article 8 EU CFR) has played an in-
strumental role in a succession of landmark judgments
concerning the requirements and  minimum   safeguards
that must be applied by EU Member States when personal
data is processed for the purposes of law enforcement and
public security, or even national security with respect to
third countries (non-EU states). One such new require-
ment is the need to provide that personal data is retained
in the EU in order to ensure that it is subject to the inde-
pendent  supervision of EU data protection authorities.
In its 2014 judgment of Digital Rights Ireland, the CJEU
determined that this is 'an essential component' for the
protection of individuals under EU data protection law.
   Notwithstanding the apparently unstoppable force of
the expanding scope of EU  data protection law, EU law
[Article 4(2) of the Treaty of the EU (TEU)] states that
the EU
  shall respect the equality of Member States before the
  Treaties as well as their national identities, inherent in their
  fundamental  structures, political and constitutional,


Editor-in-Chief.
Editor.
See our Editorial on 'PRISM and Privacy: Will This Change Everything?'
(2013) 3(4) International Data Privacy Law 217 <http://idpl.oxfordjour


  inclusive of regional and local self-government. It shall re-
  spect their essential State functions, including ensuring the
  territorial integrity of the State, maintaining law and order
  and safeguarding national security. In particular, national
  security remains the sole responsibility of each Member
  State.

Notably, Article 4 TEU clearly stresses that 'national se-
curity remains the sole responsibility of each Member
State'. Hence, this exemption from EU law should mean
that Article 8 EU CFR and Article 16 TFEU  should not
apply to any national security matters governed by do-
mestic law  as these provisions  are only relevant to
'Member   States when  carrying out activities that fall
within the scope of EU law.'
   Soon after these major legal changes within EU law
(particularly the elevation of data protection to a funda-
mental right) the Snowden  revelations concerning sys-
tematic government  surveillance, in the US and beyond,
began to emerge. As we have discussed previously, expo-
sure of these national security programmes has since led
to  soul-searching by policymakers  worldwide   about
both the relevance and the effectiveness of existing legal
frameworks  for ensuring the adequate protection and
security of privacy and personal data.' In particular,
these revelations have cast a rather stark light on the ex-
tent to which legislators and courts have deferred to a
State's interpretation of the situations it faces in permit-
ting limitations on the rights of individuals where mat-
ters of national security arise given the sensitive and
confidential nature of the information collected, ana-
lysed, and shared. Of course, at the EU level, as noted
above,  any   fundamental   rights-based     scrutiny   of
Member   State law governing national security has been
deemed  to fall outside of the competence of the CJEU.

   nals.org/content/3/4/217.full.pdf+html?sid=b7d1 89ef-Oab 1-4b92-8dd9-
   dbaa2b4bO24f>.


© The Author(s) 2018. Published by Oxford University Press. All rights reserved. For permissions, please email: journals.permissions@oup.com


1


1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most