Tải bản đầy đủ - 0 (trang)
14 Multilateral Strategy: Towards Global Protection in the Framework of the UN

14 Multilateral Strategy: Towards Global Protection in the Framework of the UN

Tải bản đầy đủ - 0trang

9.14 Multilateral Strategy: Towards Global Protection in the Framework of the UN



491



in view of the moral imperative under Articles 3(5) and 21 TEU. Diogenes’ citizen

of the world deserves strong protection.238 Second, a reason for the European Union

to pursue global rules on data protection would be to avoid the protection of individuals within the Union being compromised because of the fact that the rules in

other parts of the world are more lenient.239 Third, economic reasons could provide

a motivation, because global standards could contribute to creating a level playing

field for economic actors.240

Although, in the area of privacy and data protection, there is no global consensus

on the values of protection and the ways to deliver protection, this multilateral strategy would not start from scratch. As confirmed by the United Nations High

Commissioner for Human Rights: “International human rights law provides a clear

and universal framework for the promotion and protection of the right to privacy,

including in the context of domestic and extraterritorial surveillance, the interception of digital communications and the collection of personal data.”241 Furthermore,

in the context of the UN online privacy is high on the agenda, although no concrete

initiatives for a global agreement have yet been taken.242 On a more practical level,

suggestions have been made for global standards. An example is known as the

‘Madrid Resolution’ on international privacy standards, adopted by the International

Conference of Privacy and Data protection authorities in 2009.243

The multilateral strategy is rather a long shot.244 There is absence of global consensus at an aspirational level, in particular, where this approach implies agreement

with countries that do not share basic democratic values. Moreover, there are diverging views on the level of preferred legislative arrangements, with the transatlantic

divide relating to supervisory arrangements as the obvious example.245 Divergence

238



 See Sect. 9.5 above.

 In this sense, but not specifically on data protection: Anu Bradford, “The Brussels Effect”,

Northwestern University Law Review, Vol. 107, No. 1, 2012, at 46–47.

240

 Bradford specifies this in an interesting way. Even where harmonisation takes place in the market (on a level aspired by the EU) it would make sense to pursue legally binding harmonisation, to

“lock in” EU standards; Anu Bradford, “The Brussels Effect”, Northwestern University Law

Review, Vol. 107, No. 1, 2012, at 47.

241

 The right to privacy in the digital age, Report of the Office of the United Nations High

Commissioner for Human Rights, 30 June 2014..

242

 E.g., The right to privacy in the digital age, Report of the Office of the United Nations High

Commissioner for Human Rights, 30 June 2014, http://www.ohchr.org/EN/HRBodies/HRC/

RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf

243

 Adopted in 2009, by the 31st International Conference. See www.privacyconference2009.org

244

 These three obstacles are also, albeit with different wording, listed in: De Hert, P. and

Papakonstantinou, V., “Three scenarios for international governance of data privacy: towards an

international data privacy organization, preferably a UN agency?”, A Journal of Law and Policy

for the Information Society, vol. 9, no. 2, 271–324, 2013, at 315–322.

245

 Lee A. Bygrave, Data Privacy Law, An International Perspective, Oxford University Press 2014,

at 3F. Also: David C. Vladeck, A U.S. Perspective on Narrowing the U.S.-EU Privacy Divide, in

“Hacia un Nuevo derecho europea de protección de datos, Towards a new European Data Protection

Regime, Artemi Rallo Lombarte, Rosario García Mahamut (eds), Tirant lo Blanch, 2015.

239



492



9  Understanding the EU Mandate Under Article 16 TFEU in the External Domain…



also exists as to the preferred legal instrument for global privacy and data protection. Should this be a multilateral treaty or a lighter instrument like, for instance, a

UN model law?246

Furthermore, the institutional cooperation in the area of privacy and data protection is incomplete. Various international organisations are active in this area, but –

as Kuner explains – it is not evident which organisation should take the lead. The

OECD is not an organisation that produces binding agreements, the Council of

Europe may be regarded as being too European and specialised UN agencies such

as UNCITRAL and UNIDROIT have not yet become involved in data

protection.247

In addition, one could question the legitimacy of the United Nations to set global

rules on the fundamental rights of privacy and data protection. As such, the United

Nations as a global organisation would qualify for taking the lead in this domain, if

only because of its number of members.248 However, a large number of states within

the United Nations do not share the essential democratic values of the European

Union and the United States.249 As Mazower explains, objections against involvement of the United Nations are common in the United States, for a number of reasons, but also because non-Western/non-democratic countries have a large say on

the policies of the United Nations.250



9.14.1  H

 owever, There Are Incentives for the EU to Pursue

the Multilateral Strategy

The most important incentive for the European Union251 to pursue a multilateral

strategy for privacy and data protection is probably the scale of the problem. The

effect of technological developments such as big data or mass surveillance might –

or better: should – create a sense of urgency to seek global solutions, as the most

effective answer to global developments in the information society. This sense of

urgency may even increase because of grown public awareness. The need to join

246



 See more in detail: De Hert, P. and Papakonstantinou, V., “Three scenarios for international

governance of data privacy: towards an international data privacy organization, preferably a UN

agency?”, A Journal of Law and Policy for the Information Society, vol. 9, no. 2, 271–324, 2013,

at 318–319.

247

 Christopher Kuner, Transborder Data Flows and Data Privacy Law, Oxford University Press,

2013, at 163.

248

 The United Nations has 193 states as members (July 2015).

249

 The report by Freedom House on Freedom of the World 2014 mentions a number of 55 % of the

countries in the world (on a total of 185 included in report) considered not free, or only partly free,

https://freedomhouse.org/report/freedom-world/freedom-world-2014.

250

 Mark Mazower, Governing the World: The History of an Idea– September 13, 2012.

251

 See on the incentives, De Hert, P. and Papakonstantinou, V., “Three scenarios for international

governance of data privacy: towards an international data privacy organization, preferably a UN

agency?”, A Journal of Law and Policy for the Information Society, vol. 9, no. 2, 271–324, 2013,

at 308–310



9.15 The Meaning of the Three Strategies for the CJEU: Google Spain…



493



forces might also result from considerations of cost effectiveness or scarce

resources.252

A multilateral, global agreement, possibly under the umbrella of the United

Nations would – despite the objections mentioned above, for the long term in any

event – be the most appropriate instrument of effectively ensuring privacy and data

protection on a global scale. As observed above in relation to bilateral agreements,

an agreement does not necessarily include an approximation of standards of privacy

and data protection, but could also focus on mutual recognition, standardisation

processes or enforcement cooperation.

Privacy and data protection are also connected to the global cooperation within

the World Trade Organization,253 because of the fact that data protection rules regulate and even restrict transborder data flows. The General Agreement on Trade and

Services liberalised the provision of services, but contains an exception for the rules

necessary to ensure compliance with rules for the protection of privacy in relation to

the processing and dissemination of personal data.254 This provision confirms that

privacy and data protection should not be integrated into trade agreements nor into

activities of the WTO, as an organisation whose task is to supervise and liberalise

international trade, not to protect fundamental rights. At the same time, privacy and

data protection as fundamental rights should not be negotiable in the context of a

trade agreement. These arguments are used mostly in the European Union, also in

relation to the Transatlantic Trade and Investment Partnership (TTIP), an agreement

that is currently being negotiated between the EU and the US.255 Since the inclusion

of privacy and data protection in trade agreements is a very controversial issue, it

will not be further discussed here as a promising avenue for EU action on the international scene.256



9.15  T

 he Meaning of the Three Strategies for the CJEU:

Google Spain as an Illustration of the Unilateral

Strategy Under Article 16 TFEU

The ruling in Schrems257 can be seen as a typical illustration of a unilateral strategy

of the European Union, if only because of the high requirement for adequacy of the

protection in a third country, under Article 25 of Directive 95/46, which the Court

252



 Financial resources of governments as well as the limited availability of highly qualified staff.

 The WTO has 161 states as members (July 2015).

254

 Article XIV(c)(ii) GATS, available on: https://www.wto.org/english/docs_e/legal_e/26-gats_01_e.htm.

255

 E.g., Giovanni Buttarelli, European Data Protection Supervisor, “Trade agreements and data

flows”, speech given at the Joint Hearing of the INTA and LIBE committees, European Parliament,

Brussels, 16 June 2015, https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/

Documents/EDPS/Publications/Speeches/2015/15-06-16_INTA_LIBE_EN.pdf.

256

 Further read: Christopher Kuner, Transborder Data Flows and Data Privacy Law, Oxford

University Press, 2013, at 163, at 52, and footnotes mentioned there.

257

 Case C-362/14, Schrems, EU:C:2015:650

253



494



9  Understanding the EU Mandate Under Article 16 TFEU in the External Domain…



of Justice understands as a level of protection that is essentially equivalent to the

level guaranteed within the Union.258

The ruling of the Court of Justice in Google Spain and Google Inc.259 is the second example of how the unilateral strategy is integrated in the case law of the Court

of Justice. This ruling is the focus of this section, also because at time of writing the

consequences of Schrems were still unclear.

In its ruling, the Court confirmed the wide external effect of European data protection law on the internet. It referred to the objective of ensuring effective and

complete protection of fundamental rights and, in connection with this objective, to

the particularly broad territorial scope of Directive 95/46.260 The Court declared

expressis verbis that it “cannot be accepted that the processing of personal data carried out for the purposes of the operation of the search engine should escape the

obligations and guarantees laid down by Directive 95/46”.261

Hence, for the Court of Justice effectiveness of the protection of Europeans is the

main reason to unilaterally accord a wide external effect of EU law in this area. This

is in line with the claim in the Treaty on European Union that fundamental rights are

universal.262

However, the Court did not address the impact of its ruling on competing jurisdictions on the internet. This problem provoked a debate on the jurisdictional

aspects of the Court’s ruling, revealing a number of sensitivities incited by the wide

territorial scope of EU law on the internet, as interpreted by the Court of Justice.263

In this context, Kuner refers to the growing insularity of EU law.264 These sensitivities come from two seemingly opposite perspectives. On the one hand, there is the

viewpoint that the application of EU law would potentially cover the entire internet,

and thus directly interfere in other jurisdictions. On the other hand, it is argued that

the effect of the ruling could be a fragmented internet, which would prejudice the

benefits of the internet as a global network.265

The implementation of the ruling by Google aims to address these two viewpoints, by deleting the links to individuals266 only from its European-directed search



258



 At 73 of the ruling.

 Case C-131/12, Google Spain and Google Inc., EU:C:2014:317

260

 At 53–54 of the ruling.

261

 At 58 of the ruling

262

 As expressed in the preamble and in Article 21 of the TEU.

263

 The sensitivities around the balance between privacy and data protection and freedom of expression are not addressed – not relating to jurisdiction – are addressed in Chap. 5.

264

 Christopher Kuner, The European Union and the Search for an International Data Protection

Framework, Groningen Journal of International Law, volume 2 number 2, pp. 55–71, 2014, at

III.4.

265

 Further read on the consequences of the ruling, Christopher Kuner, The European Union and the

Search for an International Data Protection Framework, Groningen Journal of International Law,

volume 2 number 2, pp. 55–71, 2014, at III.4.

266

 See on this Chap. 5, Sects. 5.12 and 5.13 of this book.

259



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

14 Multilateral Strategy: Towards Global Protection in the Framework of the UN

Tải bản đầy đủ ngay(0 tr)

×