Enforcement of the General Data Protection Regulation (Regulation 2016/679 or GDPR) is organized mainly alongside decentralized procedures, where national supervisory authorities (SAs) are responsible for monitoring and supervising the diverse market of small and large data controllers and processors. Since processing often has a transnational character, enforcement becomes a transnational affair too. Therefore, the GDPR lays down a (complex) cooperation mechanism according to which national SAs in different Member States shall coordinate the outcome of enforcement procedures, in order to address violations together – potentially with involvement of the European Data Protection Board (EDPB) too. While this procedure was, from the outset, infamous for its complexity, concerns regarding under-enforcement of cross-border cases now seem to materialize in practice. This blogpost highlights a number of recommendations that aim to increase the effectiveness of cross-border GDPR enforcement and the protection of data subjects within these procedures.
Continue reading “Effectiveness and Procedural Protection in Cross-Border GDPR Enforcement”Not so flexible? The instrumental usage of soft law in EU telecommunications regulation
What is ‘instrumental usage’ of soft law and why does it matter?
At the hand of a case study in the telecom sector, this blogpost maintains that soft laws can erode the principles of accountability and vertical division of powers when used instrumentally/strategically by enforcers. An example of such strategic use will be the instance when, due to its ineffectiveness, a soft law instrument is converted/leveraged into hard law. The working definition of instrumental use coined by this author is as follows: deploying soft law in order to obtain enforcement outcomes that are consistent with an enforcer’s own vision of the ‘correct’ modus operandi of EU (utility) regulation (and away from public interest/public good considerations).
Continue reading “Not so flexible? The instrumental usage of soft law in EU telecommunications regulation”The Jean Monnet Network on enforcement of EU law (EULEN): results and conclusions
By the Network members
The Jean Monnet Network on enforcement of EU law (EULEN) was launched in September 2019. This ERASMUS+ project has been funded for four years; it came to an end in September 2023. This blog post offers a recap of the network’s departing points, results and conclusions. The EULEN network aims at developing further, including holding an annual conference with a call for papers (to be announced in due time), in order to contribute to research and practice in the field of enforcement of EU law.
Continue reading “The Jean Monnet Network on enforcement of EU law (EULEN): results and conclusions”
A “bi-partite” AI Liability framework: Compensatory measures to enforce compliance with preventive measures
Redefining Liability
Current regimes and traditional notions of liability, in Europe and elsewhere, have been challenged by the emergence of Artificial Intelligence (AI) and its specific features. On one side, the combination of the features of openness, data-drivenness and vulnerability, enables the harm of further categories of protected interests – such as privacy, confidential information, cybersecurity, etc. – which in turn challenges the notion of damage. On the other side, the characteristics of autonomy, unpredictability, opacity, and complexity, impact the notions of causation and duty of care. All these features render liability assessments difficult, unless AI systems are adequately governed.
So far, the EU’s liability framework has only been partially harmonized. For instance, the current Product Liability Directive (Directive 85/374/EC, “PLD”), implemented into Member State law, dates back to 1984 and fails to encompass AI-related harm. Fragmentation in the EU’s existing liability regime call for its revision, to catch up with the rapid changes brought by AI. This is what the proposed framework on AI liability, which can be defined as “bi-partite”, aims to achieve.
The proposed AI Act, part of the Commission’s 2021 AI package – and coupled with the proposed Machinery Regulation – constitutes preventive, ex-ante measures adopting a risk-based approach to govern AI systems. Gaps in redress mechanisms under the AI Act, and doubts surrounding its surveillance authority system and AI auditing ecosystem, raise questions regarding the regulation’s enforcement. To face the scenario where a lack of compliance generates damages, the ex-ante legislation has been complemented by two proposals for compensatory, ex-post measures: the revised Product Liability Directive (“revised PLD”) and AI Liability Directive (“AILD”). We look into how the revised PLD and the AILD contribute to the enforcement of the preventive measures, by pushing for compliance with the obligations they introduce.
Continue reading “A “bi-partite” AI Liability framework: Compensatory measures to enforce compliance with preventive measures”
EU-law in practice: Compliance of the Netherlands with EU-law 2010-2020
As a member of the EU, the Netherlands is obliged to implement and comply with EU law. The European Commission investigates non-compliance of EU-law, for example by means of a formal infringement procedure. The Dutch ministry of Foreign Affairs informs parliament every three months about infringement procedures, and cases before the Court of Justice of the EU (CJEU). However, not much is known about what happens behind the scenes. For example, how often are there EU Pilot procedures, i.e. informal pre-infringement procedures? And do informal procedures help to resolve possible non-compliance and prevent the Commission from starting a formal procedure? A 2018 report by the European Court of Auditors makes an inventarisation of enforcement instruments of the Commission, but it does not provide empirical evidence. On 15 June 2023 the Netherlands Court of Audit published the report EU-law in practice. It examined all formal and informal procedures between the Commission and the Netherlands regarding incorrect or incomplete implementation of EU-law (2010-2020). It also investigated government coordination regarding compliance with EU-law, and what lessons were drawn from closed procedures. In addition, nine cases were analysed to determine how procedures were conducted in practice, and to understand the problems that arose. The nine cases included such topics as the enforcement of Water Framework Directive, Corona Flight Vouchers, Residence Permit Fees for third-country nationals and the European Arrest Warrant. In this post the main results of the report are discussed.
Continue reading “EU-law in practice: Compliance of the Netherlands with EU-law 2010-2020”The CJEU Judgment in C-46/21 P, Aquind v ACER: Boards of Appeal as expert mechanisms of conflict resolution to conduct a ‘full review’ of contested decisions.
On 9 March 2023, the European Court of Justice delivered its long-awaited judgment in the Aquind-case shedding light on the intensity of review conducted by the boards of appeal of European Union agencies. This case concerned the Board of Appeal of the European Agency for the Cooperation of Energy Regulators (ACER) which limited itself to assessing manifest errors of assessment in its decision-making. The Court struck down this limited approach; the ACER Board of Appeal consists of both legal and technical experts and therefore must, in principle, conduct a full review of the agency’s decision. This judgment is significant as it relates to the quality of (quasi-)judicial control of administrative decision-making. This blog post aims to discuss this judgment and its implications for the system of judicial review in the EU.
How and why is expert knowledge used by the Commission in antitrust decisions against Google?
Even though the digital economy has been around for some time now, there are still doubts concerning, e.g., the way that law should be enforced in the digital context. Hence, the crucial role of expert knowledge in providing relevant insight is understandable. Due to its importance, the question of which sources, and for what reasons, should be considered as providing the relevant expertise is worth examining. In the post, I present the results of an analysis of references from the Commission’s decisions in three cases concerning Google published recently in the form of an article. The goal of the analysis was to identify references to expert knowledge, provide a classification of the roles played by these references, and confront them with the standards that the evidence used by the Commission should fulfil, as presented in the case law of the Court of Justice of the European Union (CJEU) and in doctrine. The results show that due to the variety of roles played by references to expert knowledge in the Commission’s decisions, the importance of following CJEU’s remarks on standards concerning expert knowledge is especially crucial when these sources are:
- used to support authoritative claims about digital technologies and markets, and
- in other cases, when they are indispensable for substantive analysis of the infringement itself or are not corroborating other types of evidence.
The first Annual Conference of the European Commission Legal Service:celebrating 70 years of EU law by discussing DSA, DMA, intergenerational justice and climate litigation
The European Commission Legal Service held its first Annual Conference, during which many speakers discussed the crucial changes brought by the entry into force of the Digital Services Act and the Digital Markets Act and debated on the pressing matters of intergenerational justice and climate litigation. This post aims at giving a brief summary of the event.
The first Annual Conference organised by the European Commission Legal Service was held on 17 March 2023 in Brussels. The event was also streamed online, and it represented a timely opportunity to celebrate the 70th anniversary of EU law and of the Legal Service itself. In fact, the creation of the Legal Service came with the entry into force of the Treaty of Paris establishing the European Coal and Steel Community in 1952.
The conference was kicked-off by the welcoming remarks of Mr. Daniel Calleja Crespo, Director-General of the EC Legal Service. The Director-General highlighted the importance of the two topics of the Conference, namely internet and platforms regulation (morning session) and intergenerational justice and climate litigation (afternoon session). Both topics address two Commission’s priorities for the years 2019-2024, notably “A Europe fit for the digital age” and “A European Green Deal”.
Challenges and Opportunities for algorithmic crowd surveillance
Artificial intelligence brings numerous challenges to law enforcement frameworks. As States intend to ever more rely on artificial intelligence, such use remains challenging under European law. The intent of the French government to use algorithmic crowd surveillance reflects such challenges.
Continue reading “Challenges and Opportunities for algorithmic crowd surveillance”
Synthesis: “From better enforcement to better lawmaking?”
On Friday 17 March RENFORCE organized a symposium with the title: From better enforcement to better lawmaking. Speakers included Prof. Gert Jan Veerman (Maastricht University), Dr. Mira Scholten (Utrecht University), Mr. Rob van de Westelaken (European Parliament), and ms. Anne-Jel Hoelen (Netherlands Authority for Consumers and Markets). The symposium sought to bridge not only lawmaking and enforcement but equally the EU and national levels; academia and practice as well as the political/technocratic divide.
Continue reading “Synthesis: “From better enforcement to better lawmaking?””