@article{38ec4807b5284589aa8cac8d483b2e39,
title = "Digital Rights Ireland as an Opportunity to Foster a Desirable Approximation of Data Retention Provisions",
abstract = "Directive 2006/24/EC sets out data retention rules and is a useful tool for the investigation, detection and prosecution of serious crimes. The implementation process has been complex mainly due to concerns about data privacy rights, and led to {\textquoteleft}patchwork{\textquoteright} approximation of data retention provisions within the EU. The CJEU's ruling in Digital Rights Ireland eventually invalidated the Directive so that EU policy makers must urgently reinvent the entire framework. In this context, this article argues that approximation is the most desirable policy option to ensure a balance between enhancing security and safeguarding data privacy rights, and assesses what form the new instrument could take. It explores selected factors that are likely to influence the policy design: unresolved issues at the time the Directive was negotiated; interplay between national/EU data retention frameworks; CJEU's stringent requirements set out in Digital Rights Ireland and Schrems; current progress of the Data Protection Package.",
keywords = "approximation, data privacy rights, data retention, law enforcement",
author = "Francesca Galli",
note = "Funding Information: A self-certification process entails that US companies may self-certify that they would comply with EU data protection standards in order to allow for transfer of personal data from the EU to the US. The CJEU considered in Schrems that although the Commission{\textquoteright}s adequacy decision could be based on self-certification, this has to be accompanied by {\textquoteleft}effective detection and supervision mechanisms{\textquoteright} ensuring that infringements of fundamental rights would be {\textquoteleft}identified and punished in practice{\textquoteright} (para. 81). Case C-362/14 Schrems, para. 82. Ibid., para. 91–92. Ibid., para. 93. Ibid., para. 94. In addition, the European Union has negotiated with the United States for an international framework agreement ({\textquoteleft}Data Protection Umbrella Agreement{\textquoteright}) in order to ensure a high level of protection of personal data transferred between the EU and the US for the prevention, detection, investigation and prosecution of criminal offences, including terrorism. See Europa Rapid Press Release, Questions and Answers on the EU-US data protection “Umbrella agreement”, 8 September 2015, MEMO/15/5612. Communication from the Commission to the European Parliament and the Council, Transatlantic Data Flows: Restoring Trust through Strong Safeguards, COM(2016) 117 final. For an in depth analysis of novelties and shortcomings enshrined in the privacy field see G. Vermeulen, {\textquoteleft}The Paper Shield{\textquoteright}, in D. Svantesson and D. Kloza (eds.), Transatlantic data privacy relationships as a challenge for democracy (Intersentia, 2016). Publisher Copyright: {\textcopyright} 2016 SAGE Publications.",
year = "2016",
month = jun,
day = "1",
doi = "10.1177/1023263X1602300305",
language = "English",
volume = "23",
pages = "460--477",
journal = "Maastricht Journal of European and Comparative Law",
issn = "1023-263X",
publisher = "SAGE Publications Ltd",
number = "3",
}