EU Law Enforcement

Introduction

The EU has some of the world’s most ambitious and highly developed environmental laws on its books, in fields ranging from climate law to industrial emissions, water and air pollution, nanotechnology and nature conservation.

The effectiveness of these laws is, however, severely compromised by under-enforcement. In fact, environmental law has consistently been one of the EU’s areas with the highest number of infringement cases as well as citizen complaints regarding non-compliance. In its Seventh Environmental Action Programme (2013 – 2020), the EU already announced that improving the implementation of EU environmental law would be given ‘top priority’.

The risks associated with under-enforcement manifest in various ways, from reduced water quality, air pollution, biodiversity loss and more. The economic costs and benefits foregone from not achieving the environmental targets specified in EU environmental legislation have further been estimated at no less than 55 billion euros per year.

Continue reading “Enforcing EU environmental law: putting law’s effectiveness to the test”

Yane Svetiev’s book, Experimentalist Competition Law and the Regulation of Markets, was launched at an event organized by the University of Amsterdam’s Centre for European Law and Governance (ACELG) and Centre for European Studies (ACES). The book provides an account of the evolution of EU competition law enforcement through the prism of experimentalist governance. Within an experimentalist governance architecture, regulation and enforcement are recursively re-formulated through monitoring and comparing implementation experience from different local contexts. Compared to more traditional legal enforcement that proceeds through identifying and punishing infringements, experimentalist implementation is problem-oriented and collaborative. Moreover, experimentalist governance does not rely on controlled experiments to identify universal causal mechanisms or successful interventions. Rather, as Svetiev explains, it is pragmatic: it relies on “prototyping solutions to specific problems followed by iterative adaptation to refine the prototype” and to then  “possibly scale it up or diffuse it” to other contexts.

Continue reading “Experimentalist Enforcement in the European Union: A New Cookbook for Emergent Recipes?”

After rather chaotic initial responses to the spreading pandemic in the first months of 2020, the Commission nowadays appears eager to look and move ahead. As a case in point, its recently proposed reform of Schengen governance seeks to create a ‘fully functioning and resilient Schengen area’. To that end, the Commission inter alia acknowledges the need for strengthened enforcement. As this blog post will argue, however, that commitment may be belied by the substance of reform. The Commission’s announcement to use enforcement measures more actively may be undone by a relaxation of standards delineating Member States’ latitude under the Schengen acquis. Accordingly, the view will be posited that the Commission’s reforms are not aimed at stronger enforcement as an end in itself, but rather at avoiding open conflict with Member States over the reintroduction of internal border controls.

Continue reading “The Commission’s proposed reform of the Schengen area – stronger enforcement or conflict aversion?”

In 2021 members of the European Parliament passed a resolution to endorse the report of the Civil Liberties Committee. The report expresses an opposition to the use of predictive policing tools which operate on artificial intelligence (hereinafter AI) software in order to make predictions about the behaviour of individuals or groups “on the basis of historical data and past behaviour, group membership, location, or any other such characteristics.” (par. 24) This opposition is based on the fact that predictive policing tools cannot make reliable predictions about the behaviour of individuals. (par. 24) Additionally, the report notes that AI applications have a potential for reinforcing bias and discrimination. (par. 8) Although this resolution is non-binding, Melissa Heikkilä believes that it conveys a message of how the European Parliament is likely to vote on the AI Act. There is a need for a legally enforceable ban on the use of AI predictive policing tools in respect of human beings. As discussed below, the use of AI can lead to inaccurate assessments due to the inherent character of the data. The basing of decisions on group data is inconsistent with protecting individuals from discrimination.

Continue reading “A ban on using predictive policing to forecast human behaviour: a step in the right direction”

The July 2020 judgement of the Court of Justice of the European Union (CJEU) in the so-called Schrems II case has resulted in a great deal of uncertainty for organizations engaging in the transnational transfer of personal data and in particular when those transfers are to entities in the United States. This post will investigate the enforcement issues on which the Schrems II reasoning is based, and discuss the potential effects that the decision has for General Data Protection Regulation (GDPR) enforcement.

Schrems II is the most recent installation of an ongoing litigation that resulted from a complaint that Maximilian Schrems levied against Facebook with the Irish Data Protection Commissioner (DPC) in 2013. Schrems’ complaint objected to Facebook transferring personal data to the United States (US) as contrary to the protections provided by the GDPR. It was based in part on the US National Security Agency (NSA) documents leaked by Edward Snowden in the summer of 2013. These documents revealed a mass surveillance program run by the NSA under Sec. 702 of the Foreign Intelligence Surveillance Act (FISA). This surveillance included direct collection from major US telecommunication providers, internet service providers, and Internet content providers under a program code named PRISM. Schrems’ complaint was rejected by the DPC and Schrems sought judicial review. It eventually led to an assessment of data protection adequacy decisions specifically regarding transfers to the US. The CJEU twice in Schrems I and Schrems II struck down adequacy decisions with the United States.

Continue reading “Schrems II and the Data Protection Enforcement Gap”

Since 2012, the European Commission has taken numerous steps in order to shape to EU’s digital future. One of these steps included the adoption of the General Data Protection Regulation (GDPR) which entered into force in May 2018. The GDPR aims to protect, in particular, the right of natural persons to the protection of personal data. At the end of 2020, the Commission went a step further and published its proposal for the Digital Services Act (DSA). As part of the EU’s Digital Strategy, it contains provisions to update the e-commerce legal framework.

Infringements of both the GDPR and the DSA do not stop at the Member States’ borders. An incident at Twitter, for instance, led to a situation where Twitter users had their Tweets, dating back to 2014,  publicly accessible without their knowledge. This breach of the GDPR affected at least 88.726 EU and EEA Twitter users all across the continent. For this reason, it is essential that national authorities of different Member States cooperate in order to adequately enforce such breaches. Cooperation is fundamental here because it enhances the enforcement capacity and quality (van der Heijden 2016) – e.g., when investigating and sanctioning infringements that take place in multiple Member States, authorities can benefit from sharing resources and knowledge, which also speeds up the enforcement process. Keeping enforcement mainly the responsibility of national authorities, also respects the Member States’ desire to keep these competences at national level and it offers functional benefits since national authorities often have better access to information at national level (Hofmann 2008; Coen and Thatcher 2008; Eberlein and Grande 2005. Börzel and Heard-Lauréote 2009). Therefore, both the GDPR and the DSA provide that national  authorities of different Member States cooperate, under the coordination of an EU body. Nevertheless, the GDPR experience proved that enforcement of cross-border infringements is not an easy task and the complexity of such structures could even lead to under-enforcement.

This blogpost aims to shed light on the complex enforcement procedures and speculates as to whether the Commission has learnt any lessons from the enforcement challenges that materialize under the GDPR. In order to assess the potential of the DSA enforcement structure, we discuss the horizontal (national authorities cooperating) and vertical (national authorities cooperating with an EU body) enforcement procedures of both systems, and the challenges that arise under the GDPR system.

Continue reading “The DSA Enforcement Framework, Lessons Learned from the GDPR?”