Law, Governance and Technology Series 31 Hielke Hijmans The European Union as Guardian of Internet Privacy The Story of Art 16 TFEU Law, Governance and Technology Series Volume 31 Series editors Pompeu Casanovas Institute of Law and Technology, UAB, Spain Giovanni Sartor University of Bologna (Faculty of Law-CIRSFID) and European University Institute of Florence, Italy The Law-Governance and Technology Series is intended to attract manuscripts arising from an interdisciplinary approach in law, artificial intelligence and information technologies The idea is to bridge the gap between research in IT law and IT-applications for lawyers developing a unifying techno-legal perspective The series will welcome proposals that have a fairly specific focus on problems or projects that will lead to innovative research charting the course for new interdisciplinary developments in law, legal theory, and law and society research as well as in computer technologies, artificial intelligence and cognitive sciences In broad strokes, manuscripts for this series may be mainly located in the fields of the Internet law (data protection, intellectual property, Internet rights, etc.), Computational models of the legal contents and legal reasoning, Legal Information Retrieval, Electronic Data Discovery, Collaborative Tools (e.g Online Dispute Resolution platforms), Metadata and XML Technologies (for Semantic Web Services), Technologies in Courtrooms and Judicial Offices (E-Court), Technologies for Governments and Administrations (E-Government), Legal Multimedia, and Legal Electronic Institutions (Multi-Agent Systems and Artificial Societies) More information about this series at http://www.springer.com/series/8808 Hielke Hijmans The European Union as Guardian of Internet Privacy The Story of Art 16 TFEU Hielke Hijmans Brussels, Belgium ISSN 2352-1902     ISSN 2352-1910 (electronic) Law, Governance and Technology Series ISBN 978-3-319-34089-0    ISBN 978-3-319-34090-6 (eBook) DOI 10.1007/978-3-319-34090-6 Library of Congress Control Number: 2016949456 © Springer International Publishing Switzerland 2016 This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG Switzerland Foreword Among the many challenges presently facing the European Union, this book – a revised version of the author’s dissertation which recently served as the basis for a joint doctorate at the University of Amsterdam and the Free University of Brussels – addresses a subject which is by its very nature rather invisible, but arguably also one of the most far-reaching and consequential areas within the Union’s competence, where it is currently operating with a remarkable degree of success: namely the protection of privacy and personal data, notably on the Internet Today, information about the activities of every individual, at every moment of the day, is exploding as a result of different social and technological factors The exponential growth of information and communication technologies, and the popularity of systems and devices allowing their mobile use to everyone at a global scale, have exposed the private lives and personal data of every individual to new hazards which are only gradually understood beyond the limited circles of specialists in this field The Internet and a growing number of networked services connected to it, serve as the driving forces of this development which is likely to reshape our societies in the coming years It is no wonder therefore that public policymakers, as well as industry and civil society, are now looking at the implications of this trend and at different ways to enhance its positive and reduce its negative sides Due to the Lisbon Treaty’s entering into force in 2009, the European Union has received a strong mandate for the protection of personal data, not only at the level of the EU institutions and bodies, but also at the level of the Member States when acting within the scope of EU law The author has taken up this mandate – laid down in Article 16 of the Treaty on the Functioning of the European Union and Articles and of the EU Charter of Fundamental Rights – as a starting point for his analysis, and looked at the ways in which the different key actors involved – the European Court of Justice, the EU’s legislative institutions, the independent Data Protection Authorities at national and EU level, including their cooperation mechanisms, and those acting in the external relations with third countries – should play their role to ensure the legitimacy and the effectiveness of their actions in the mandate The question how and to what extent the EU can – both legitimately and effectively – act in a global environment, such as the Internet, is one of the central themes of the book v vi Foreword In this way, the author has developed a range of views and perspectives which have truly enriched the scholarly literature, both in the field of data protection and EU institutional law, and the increasingly relevant interfaces between them He was also eminently qualified for this task, due to his extensive experience in most of the relevant areas: first as a legislative adviser in the Dutch Ministry of Justice, second as a senior legal adviser of an Advocate General at the European Court of Justice, and third as the head of unit responsible for Policy and Consultation at the European Data Protection Supervisor’s Office All these tasks involved extensive work in and exposure to the development of EU law In his third capacity, we have worked together closely for more than 10 years in Brussels It is therefore a very special privilege for me to be able to contribute these words of introduction to this book The first chapter mentions that this book was triggered by a perceived loss of control of governments over societal developments, due to globalisation and technological developments, which inhibit the effective protection of essential values in democratic societies Three examples are provided to illustrate this problem These examples also illustrate a widespread feeling of citizens that they are losing control over their own personal data This double loss of control could easily undermine the quality of our democracies under the rule of law These are key elements of the need to reinforce the existing legal framework for data protection and its impact in practice That this book appears as the European legislators are about to complete a comprehensive review of that framework and to open a new chapter for data protection in the EU is a coincidence that can hardly be overrated Rendering justice in this domain is a task that continues to be relevant and – in a true sense – will never be finished European Data Protection Supervisor (2004–2014) Leiden, The Netherlands February 2016 Peter Hustinx Preface An academic sabbatical for over a year resulted in this book I recommend such a sabbatical to everyone It was a luxury to have time and space to think After 30 years of office life, a dramatic change of life: no specific place to go in the morning and being able to decide whether to go to the university or to stay at home, to read or to write I started my sabbatical with the ambition to demonstrate that our much criticized European Union can make a difference and is capable of protecting individuals in a complex society During the period of sabbatical however, much happened and the Union tumbled into a crisis We saw, most importantly, that the Union did not manage to protect people who needed it the most, particularly those who run the risk of drowning in the Mediterranean on their way to seeking asylum in Europe This background made my academic adventure even more academic, because my main argument was that Europe can make a difference and is capable of guaranteeing individuals’ fundamental rights This trust in Europe still stands, as this book demonstrates, but it is not self-evident We see a lack of solidarity between the European countries and a fading belief in Europe which in my view should not just be a market where one can pick and choose We need a strong Union based on values This book was written before the Brexit made the EU even more vulnerable This book is based on combined knowledge and experience gained at different stages of my career, at various ministries within the Dutch government, the EU Court of Justice and, in the last decade, with the European Data Protection Supervisor (EDPS) It is motivated by my convictions that we need a strong state that is capable of protecting its citizens, that Europe can offer solutions and that we should not give up on our European values in a globalised world It is the slightly modified version of my doctorate thesis, which I defended on February 2016, and resulted in a joint doctorate in law at the University of Amsterdam and the Vrije Universiteit Brussels Supervisors were Nico van Eijk and Paul de Hert The jury consisted of Sacha Pechal, Christopher Kuner, Serge Gutwirth, Corien Prins, Natali Helberger and Annette Schrauwen Valsamis Mitsilegas was guest opponent vii viii Preface This book also fits within my personal background Both my parents spent most of their professional lives in academia and they always stimulated me to follow their path For a long time, this was precisely the reason not to envisage an academic career or to write a doctorate thesis Yet, at this mature age, I changed my mind and I am happy that my father is still around to see the result of my work and to see how this makes him happy I am sure that I would have made my mother extremely proud when she could realise that I succeeded in what determined much of her life, academic research Life goes on, and in recent years I not only enjoyed the continuing friendship of my old circle of friends, but also the warmth of my own loving family.  To you, Zeta, my big love, and to my daughters Nina, Sophie and Nikki, who make me on my turn proud, I dedicate this book The times we spend together makes life even more wonderful.  Brussels, Belgium Hielke Hijmans Contents Introduction����������������������������������������������������������������������������������������������    1 1.1 Trigger of This Book: A Perceived Loss of Control ��������������������    1 1.2 A First Outline of Article 16 TFEU����������������������������������������������    4 1.2.1 The EU Mandate Under Article 16 TFEU to Ensure Privacy and Data Protection�������������������������    4 1.2.2 Legitimacy and Effectiveness as Prerequisites for Trust������������������������������������������������������������������������    5 1.2.3 Background ������������������������������������������������������������������    6 1.3 The Structure of  This Book����������������������������������������������������������    7 1.4 Methodology ��������������������������������������������������������������������������������   11 1.5 Further Limitations�����������������������������������������������������������������������   13 1.6 Terminology����������������������������������������������������������������������������������   14 References��������������������������������������������������������������������������������������������������   15 Privacy and Data Protection as Values of the EU That Matter, Also in the Information Society��������������������������������������������������������������   17 2.1 Introduction ����������������������������������������������������������������������������������   18 2.2 Privacy and Data Protection as Part of an EU Based on Values: A General Design����������������������������������������������������������  19 2.2.1 Privacy, Data Protection and the Ambitions of the EU in Promoting Its Values��������������������������������   19 2.3 Privacy and Data Protection as Constitutional Values That Matter, Also on the Internet��������������������������������������������������   20 2.3.1 Two Elements Stand Out: There Are No Good or Bad People, and Monitoring Changes Behaviour ������������������������������������������������������   22 2.4 Ambitions of the EU in Promoting Democracy: Democracy Requires a Free Internet, but Not an Unprotected Internet����������������������������������������������������   24 2.4.1 Democracy as Guiding Principle in Relation to the Internet����������������������������������������������������������������   24 ix 590 Annex: Consulted Documents Giesen, Ivo, 2006, “Regulating regulators through liability, The case for applying normal tort rules to supervisors – abstract”, Utrecht Law Review, Special on Supervision and Supervisory Authorities, Vol 2, Issue 1, June 2006, 8–31 Goldsmith, Jack L., 1998, “Against Cyberanarchy”, 65 University of Chicago Law Review 1199 (1998) González Fuster, G., 2014, The Emergence of Personal Data Protection as a Fundamental Right of the EU, Springer, Law, Governance and Technology Series 16, 2014 González Fuster, Gloria, 2015, “Curtailing a right in flux: restrictions of the right to personal data protection” in: Artemi Rallo Lombarte, Rosario García Mahamut (eds), Hacia un Nuevo derecho europea de protección de datos, Towards a new European Data Protection Regime, Tirant lo Blanch González Fuster, Gloria, and Serge Gutwirth, 2013, “Opening up personal data protection: a conceptual controversy”, Computer Law & Security Review (CLSR) 29 (2013), 531–539 González Fuster, Gloria, and Serge Gutwirth, 2014, “Ethics, law and privacy: Disentangling law from ethics in privacy discourse”, Proceedings of the 2014 IEEE International Symposium on Ethics in Science, Technology and Engineering (2014), available on: eeexplore.ieee.org/xpl/articleDetails jsp?arnumber = 6893376 Goodman, J.W., 2006, Telecommunications Policy-Making in the European Union, Edward Elgar Publishing Govaere, Inge, “Setting the international scene: EU external competence and procedures post-Lisbon revisited in the light of ECJ Opinion 1/13”, Common Market Law Review 52, 1277–1307 Gragl, Paul, 2014, “A giant leap for European Human Rights? The Final Agreement on the European Union’s accession to the European Convention on Human Rights”, Common Market Law Review 51, 13–58 Granger, Marie-Pierre and Kristina Irion, 2014, “The Court of Justice and the Data Retention Directive In Digital Rights Ireland – Telling Off the EU Legislator and Teaching a Lesson in Privacy and Data Protection”, European Law Review, Issue Greenleaf, Graham, 2011, “Independence of data privacy authorities: International standards and Asia-Pacific experience”, University of Edinburgh, School of Law, Working Paper Series, No 2011/42 Greenleaf, Graham, 2012, “The influence of European data privacy standards outside Europe: implications for globalization of Convention 108”, International Data Privacy Law, 2012, Vol 2, No 2, 68–92 Greenwald, Glenn 2014, No Place to Hide: Edward Snowden, the NSA and the Surveillance State, Metropolitan Books/Henry Holt (NY) Greenwald, Glenn, 2014, “Why privacy matters”, TED Talk October 2014, interactive transcript available on:http://www.ted.com/talks/glenn_greenwald_why_ privacy_matters/transcript?language=en Annex: Consulted Documents 591 Gronden, Johan W van de, and Sybe A de Vries, 2006, “Independent competition authorities in the EU”, Utrecht Law Review, Special on Supervision and Supervisory Authorities, Vol 2, Issue 1, June 2006, 32–66 Grotius, Hugo, The Freedom of the Sea, Or, The Right Which Belongs to the Dutch to Take Part in the East Indian Trade, available on:http://upload.wikimedia.org/ wikipedia/commons/7/7b/Grotius_Hugo_The_Freedom_of_the_Sea_(v1.0) pdf Guild, Elspeth, and Sergio Carrera, 2014, “The Political and Judicial Life of Metadata, Digital Rights Ireland and the Trail of the Data Retention Directive”, SAPIENT Policy Brief D.6.8/May 2014 Gutwirth, S et al (eds), 2009, Reinventing data protection?, Springer Gutwirth, Serge, 2015, “Providing the missing link: law after Latour’s passage”, in: K. McGee (ed.), Latour and the passage of law, Edinburgh University Press Gutwirth, Serge, Ronald Leenes, and Paul de Hert (eds), 2014, “Reloading Data Protection”, in: Multidisciplinary Insights and Contemporary Challenges, Springer Gutwirth, Serge, Ronald Leenes, and Paul de Hert (eds.), “Reforming European Data Protection”, Law, Governance and Technology Series 20, 2014 Gutwirth, Serge, 1993, “De toepassing van het finaliteitsbeginsel van de Privacywet van December 1992 tot bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking van persoonsgegevens”, Tijdschrift voor Privaatrecht, TPR 1993.4, 1409–1477 Guðmundsdóttir, Dóra, 2015, “A renewed emphasis on the Charter’s distinction between rights and principles: Is a doctrine of judicial restraint more appropriate?”, Common Market Law Review 52, 685–719 Habermas, Jürgen, 2012, The Crisis of the European Union, A Response, Cambridge University Press Book Review by I. Pernice, Common Market Law Review 50, 1843–1874 Halberstam, Daniel, and Christoph Möllers, 2009, “The German Constitutional Court says “Ja zu Deutschland!””, 10 German Law Journal 1241–1258 (2009) Hall, Jeremy, and Philip Rosson, 2006, “The Impact of Technological Turbulence on Entrepreneurial Behavior, Social Norms and Ethics: Three Internet-based Cases”, Journal of Business Ethics (2006) 64: 231–248 Hancher, L., P. Larouche, and S. Lavrijssen, 2004, “Principles of Good Market Governance”, Tijdschrift voor Economie en Management, Vol XLIX, 2, 2004, 339–374 Hert, Paul De, 1998, Art E.V.R.M en het Belgisch Recht, Bescherming van privacy, woonst, gezin en communicatie, Mys en Breesch Hert, P. De, and V. Papakonstantinou, 2013, “Three scenarios for international governance of data privacy: towards an international data privacy organization, preferably a UN agency?”, A Journal of Law and Policy for the Information Society, Vol 9, No 2, 2013, 271–324 Hert, Paul De, and Vagelis Papakonstantinou, 2015, “Google Spain: Addressing Critiques and Misunderstandings One Year Later”, Maastricht Journal of European and Comparative Law, 2015, Vol 22, Issue 592 Annex: Consulted Documents Hert, Paul De, and Gertjan Boulet, Deliverable 2.2 – “Legal reflections for further improving cooperation between data protection authorities”, available on: www phaedra-project.eu Hert, Paul De, and Dimitra Stefanatou, 2015, “The accountability culture in its European Union dress Sticks but no carrots to make the proposed data protection regulation work”, in: Artemi Rallo Lombarte, Rosario García Mahamut (eds), Hacia un Nuevo derecho europea de protección de datos, Towards a new European Data Protection Regime, Tirant Lo Blanch Heumann, S., and B. Scott, “Law and Policy in Internet Surveillance Programs: United States, Great Britain and Germany”, published by Stiftung Neue Verantwortung, available on: https://netzpolitik.org/wp-upload/Nr.25_Law_ and_Policy_in_Internet_Surveillance_Programs.pdf Hijmans, H., 2006, “The European data protection supervisor: The institutions of the EC controlled by an independent authority”, Common Market Law Review 43, 1313–1343 Hijmans, Hielke, 2010, “Recent developments in data protection at European Union level”, ERA Forum (2010) 11, 219–231 Hijmans, H., 2012, “Nieuwe Europese regels voor privacy: commissie stelt pakket voor om gegevens ook in het informatietijdperk te beschermen”, Nederlands tijdschrift voor Europees recht, 2012/4 Hijmans, H., 2013, “De nieuwe Europese privacywetgeving: stand van zaken bijna twee jaar na Commissievoorstel”, Nederlands tijdschrift voor Europees recht, 2013/10 Hijmans, Hielke, 2014, “Right to have links removed: Evidence of effective data protection”, Maastricht Journal of European and Comparative Law, 2014(3) Hijmans, H., 2014, “De ongeldigverklaring van de dataretentierichtlijn: een nieuwe stap in de bescherming van de grondrechten door het Hof”, NTER, No 7, Sept 2014, 245–252 Hijmans, Hielke, 2014, “Book Review on Lee A. Bygrave, Data Privacy Law, an International Perspective”, International Data Privacy Law, (2015) (1), 88–90 Hijmans, Hielke, and Herke Kranenborg (eds), 2014, Data Protection Anno 2014: How to Restore Trust?, Contributions in honour of Peter Hustinx, European Data Protection Supervisor (2004–2014), Intersentia Hijmans, H., and A. Scirocco, 2009, “Shortcomings in EU data protection in the Third and the Second Pillars Can the Lisbon Treaty be expected to help?”, Common Market Law Review 46, 1485–1525 Hildebrandt, Mireille, 2013, “Extraterritorial jurisdiction to enforce in cyberspace?: Bodin, Schmitt, Grotius in cyberspace”, University of Toronto Law Journal, Vol 63, No 2, Spring 2013, 196–224 Hirsch, Dennis D., “In Search of the Holy Grail: Achieving Global Privacy Rules Through Sector Based Codes of Conduct”, Ohio State Law Journal, Vol 74:6, 1030–1069 Hofmann, Herwig C.H., and Morgane Tidghi, 2014, “Rights and Remedies in Implementation of EU Policies by Multi-Jurisdictional Networks”, European Public Law 20, No (2014), 147–164 Annex: Consulted Documents 593 Hooghe, Liesbet, and Gary Marks, 2003, “Unraveling the Central State, but How? Types of Multi-level Governance”, American Political Science Review, Vol 97, No 2, May 2003 Hornung, Gerrit, and Christoph Schnabel, “Data protection in Germany I: The population census decision and the right to informational self-determination”, Computer Law & Security Report, Vol 25, Issue 1, 2009, 84–88 Hustinx, Peter, 2013, “EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed General Data Protection Regulation”, in: Collected Courses of the European University Institute’s Academy of European Law, 24th Session on European Union Law, 1–12 July 2013 Hüttl, Tivadar, 2012, “The content of ‘complete independence’ contained in the Data Protection Directive”, International Data Privacy Law, 2012, Vol 2, No Iglesias Sánchez, Sara, 2012, “The Court and the Charter: The impact of the entry into force of the Lisbon Treaty on the ECJ’s approach to fundamental rights”, Common Market Law Review 49, 1565–1611 Information Policy Centre, 2014, “An Initial Issues Paper for Privacy Risk Framework and Risk-based Approach to Privacy Project Workshop I”, Paris, France, 20 March 2014, available on:http://www.informationpolicycentre.com/ files/Uploads/Documents/Centre/Centres_Privacy_Risk_Framework_ Workshop_I_Initial_Issues_Paper.pdf Internet Governance Forum, 2014, “The Global Multistakeholder Forum for Dialogue on Internet Governance Issues”, available on: http://intgovforum.org/ cms/2014/IGFBrochure.pdf Irion, K., 2015, “Accountability unchained: Bulk Data Retention, Preemptive Surveillance, and Transatlantic Data Protection” in: M. Rotenberg, J. Horwitz, and J. Scott (eds), Visions of Privacy in a Modern Age, New Press Irion, Kristina, and Roxana Radu, 2013, “Delegation to independent regulatory authorities in the media sector: A paradigm shift through the lens of regulatory theory” in: W. Schulz, P. Valcke, and K. Irion (eds), The Independence of the Media and Its Regulatory Agencies Shedding New Light on Formal and Actual Independence Against the National Context, Intellect, 15–54 Irion, K., and P. Valcke, 2014, “Cultural diversity in the digital age: EU competences, policies and regulations for diverse audiovisual and online content” in: E. Psychogiopoulou (ed.), Cultural Governance and the European Union, Palgrave Macmillan Ishay, Micheline R., 2008, The History of Human Rights: From Ancient Times to the Globalization Era, University of California Press Jaeger-Fine, Desiree, 2013, Internet Jurisdiction: A Survey of German Scholarship and Cases, Fordham CLIP Jančić, Davor, 2015, “The game of cards: National parliaments in the EU and the future of the early warning mechanism and the political dialogue”, Common Market Law Review 52, 939–975 Johnson, David R., and David G. Post, 1996, “Law And Borders: The Rise of Law in Cyberspace”, 48 Stanford Law Review 1367 594 Annex: Consulted Documents Jóri, András, 2015, “Shaping vs applying data protection law: two core functions of data protection authorities”, International Data Privacy Law, 2015, Vol 5, No Kardasheva, Raya, 2012, “Trilogues in the EU legislature”, King’s College London, Department of European and International Studies, Research Paper, 30 April 2012 Kelemen, R. Daniel, 2006, “Suing for Europe, Adversarial Legalism and European Governance”, Comparative Political Studies, Vol 39, No 1, February 2006, 101–127 Kloza, Dariusz, and Anna Moscibroda, 2014, “Making the case for enhanced enforcement cooperation between data protection authorities: insights from competition law”, International Data Privacy Law, 2014, Vol 4, No Kokott, Juliane, and Christoph Sobotta, 2015, “Protection of Fundamental Rights in the European Union: On the Relationship between EU Fundamental Rights, the European Convention and National Standards of Protection”, Yearbook of European Law Komarek, J., 2005, “Federal Elements in the Community Judicial System: Building Coherence in the Community Legal Order”, Common Market Law Review 42, 9–34 Kosta, Eleni, 2015, “Construing the Meaning of ‘Opt-Out’ – An Analysis of the European, U.K and German Data Protection Legislation”, European Data Protection Law Review 1/2015, 16–31 Kotschy, Waltraut, 2014, “The proposal for a new General Data Protection Regulation— problems solved?”, International Data Privacy Law, 2014, Vol 4, No Kranenborg, Herke, 2008, “Access to documents and data protection in the European Union: On the public nature of personal data”, Common Market Law Review 45, 1079–1114 Kranenborg, Herke, 2015, “Google and the right to be forgotten”, EDPL 2015, Issue Kranenborg, H.R., and L.F.M. Verheij, 2011, Wet bescherming persoonsgegevens in Europees perspectief, Kluwer Kris, David S., and J. Douglas Wilson, 2012, National Security Investigations & Prosecutions 2d, Volume 1, Thomson/West Kuijper, P.J., J. Wouters, F. Hoffmeister, G de Baere, and T. Ramopoulos, 2013, The Law of EU External Relations, Cases, Material and Commentary on the EU as an International Legal Actor, Oxford University Press Kulk, Stefan, and Frederik Zuiderveen Borgesius, 2012, “Filtering for Copyright Enforcement in Europe after the Sabam cases”, European Intellectual Property Review 2012, Issue 11, 54–58 Kulk, Stefan, and Frederik J. Zuiderveen Borgesius, 2014, “Google Spain v González: Did the Court Forget About Freedom of Expression?”, European Journal of Risk Regulation, Sept 2014, 389–398 Kulk, Stefan, and Frederik Zuiderveen Borgesius, 2015, Freedom of Expression and ‘Right to Be Forgotten’ Cases in the Netherlands After Google Spain”, EDPL 2015/2, 113–124 Kuner, Christopher, 2007, European Data Protection Law, Corporate Compliance and Regulation (second edition), Oxford University Press Annex: Consulted Documents 595 Kuner, Christopher, 2010, “Data Protection Law and International Jurisdiction on the Internet (Part 1)”, International Journal of Law and Information Technology Vol 18, No 2, 2010, 176–193 Kuner, Christopher, 2010, “Data Protection Law and International Jurisdiction on the Internet (Part 2)”, International Journal of Law and Information Technology Vol 18, No 3, 2010, 227–247 Kuner, Christopher, 2013, Transborder Data Flows and Data Privacy Law, Oxford University Press Kuner, Christopher, 2014, The Court of Justice of the EU Judgment on Data Protection and Internet Search Engines: Current Issues and Future Challenges, in: Burkhard Hess and Cristina M. Mariottini (eds.), Protecting Privacy in Private International and Procedural Law and by Data Protection 19–55, Nomos Verlagsgesellschaft Kuner, Christopher, 2014, “Data Nationalism and its Discontents”, Emory Law Journal 2014, 2089–2098 Kuner, Christopher, 2014, “The European Union and the Search for an International Data Protection Framework”, Groningen Journal of International Law, Vol 2, No 2, 55–71 Kuner, Christopher, 2015, “Google Spain in the EU and international context”, Maastricht Journal of European and Comparative Law, 2015(1), 158–164 Kuner, Christopher, Fred H. Cate, Christopher Millard, Dan Jerker B. Svantesson, and Orla Lynskey, 2015, “Internet Balkanization gathers pace: is privacy the real driver?”, International Data Privacy Law, 2015, Vol 5, No Kuner, Christopher et al., 2015, “Risk management in data protection”, International Data Privacy Law (2015) (2), 95–98 Kuner, Christopher et al., 2015, “The data protection credibility crisis”, International Data Privacy Law, 2015, Vol 5, No Kurbalija, Jovan, 2014, Introduction to Internet Governance (sixth edition), DiploFoundation Kuschewsky, Monika (ed.), 2014, Data Protection & Privacy, Jurisdictional Comparisons (second edition), Thomson Reuters Lautenbach, Geranne, 2013, The Concept of the Rule of Law and the European Court of Human Rights, Oxford University Press Lavrijssen, Saskia, and Annetje Ottow, 2012, “Independent Supervisory Authorities: A Fragile Concept”, Legal Issues of Economic Integration 39, No (2012), 419–446 Lavrijssen, Saskia, and Maartje de Visser, 2006, “Independent administrative authorities and the standard of judicial review”, Utrecht Law Review, Special on Supervision and Supervisory Authorities, Vol 2, Issue 1, June 2006, 111–135 Leczykiewicz, D., 2013, “Melloni and the future of constitutional conflict in the EU”, UK Constitutional Law Blog of 22 May 2013, available on: http://ukconstitutionallaw.org Lenaerts, Koen, and Jose A. Gutiérrez-Fons, 2010, “The constitutional allocation of powers and general principles of EU law”, Common Market Law Review 47, 1629–1669 596 Annex: Consulted Documents Lenaerts, Koen, Ignace Maselis, and Kathleen Gutman, 2014, EU Procedural Law, Oxford University Press Lenaerts, Koen, and Piet van Nuffel, 2011, European Union Law (third edition), Sweet & Maxwell Lenk, Hannes, 2015, “A Transatlantic Community of Law Legal Perspectives on the Relationship Between the EU and US Legal Order, edited by Elaine Fahey and Deirdre Curtin”, Common Market Law Review 52, 852–854 Lind, Anna-Sara, and Jane Reichel, 2014, “Administrating Data Protection – or the Fort Knox of the European Composite Administration”, Critical Quarterly for Administration and Law (EuCritQ), 2014, 1, 44–57 Lindroos-Hovinheimo, Susanna, 2015, “The Emergence of Personal Data Protection as a Fundamental Right of the EU, by Gloria González Fuster”, Common Market Law Review 52, 1139–1142 Locke, John, 1689, Second Treatise of Government, available on: http://www.earlymoderntexts.com/pdfs/locke1689a.pdf Lottini, Micaela, 2014, “An Instrument of Intensified Informal Mutual Assistance: The Internal Market Information System (IMI) and the Protection of Personal Data”, European Public Law 20, No (2014), 107–126 Lynskey, Orla, 2015, “Control over Personal Data in a Digital Age: Google Spain v AEPD and Mario Costeja Gonzalez”, The Modern Law Review, Vol 78, Issue 3, 522–534 Lynskey, Orla, 2014, “The Data Retention Directive is incompatible with the rights to privacy and data protection and is invalid in its entirety: Digital Rights Ireland”, Common Market Law Review 51, 1789–1811 Lynskey, Orla, 2014, “Deconstructing Data Protection: The ‘added-value’ of a right to data protection in the EU legal order”, International and Comparative Law Quarterly, Vol 63, Issue 3, July 2014, 569–597 Maastricht Journal of European and Comparative Law, Special issue: “The Constitutional Adulthood of Multi-Level Governance”, 2014, Vol 21, No MacCallum Jr, Gerald C., 1967, “Negative and Positive Freedom”, The Philosophical Review, Vol 76, Issue (July 1967), 312–334 Majone, Giandomenico, 1998, “Europe’s ‘Democratic Deficit’: The Question of Standards”, European Law Journal, Vol 4, No 1, March 1998, 5–28 Marks, Gary, and Liesbet Hooghe, 2004, “Contrasting Visions of Multi-Level Governance”, in: Ian Bache and Matthew Flinders (eds), Multi-Level Governance, Oxford University Press, at 15–30 Marques da Silva, Sofia, 2015, “Law and Security in Europe: Reconsidering the Security Constitution, by Massimo Fichera and Jens Kremer”, Common Market Law Review 52, 1167–1169 Marsch, Nikolaus, 2014, “Network of Supervisory Bodies for Information Management in the European Administrative Union”, European Public Law 20, No (2014), 127–146 Mayer-Schönberger, Viktor, and Kenneth Cukier, 2013, Big Data: A Revolution That Will Transform How We Live, Work, and Think, Eamon Dolan/Houghton Mifflin Harcourt Annex: Consulted Documents 597 Mayr, Stefan, 2012, “Putting a Leash on the Court of Justice? Preconceptions in National Methodology v Effet Utile as a Meta-Rule”, European Journal of Legal Studies, Vol 5, Issue (Autumn/Winter 2012/13), 8–21 Mazower, Mark, 2012, Governing the World: The History of an Idea, Penguin Putnam Inc Menon, Anand, and Stephen Weatherill, 2007, “Democratic politics in a globalising world: supranationalism and legitimacy in the European Union (2007)”, LSE law, society and economy working papers No 13–2007, London School of Economics and Political Science, Department of Law Micossi, Stefano, and Gian Luigi Tosato (eds), 2009, Europe in the 21st Century: Perspectives from the Lisbon Treaty, CEPS Studies Middelaar, Luuk van, 2009, De passage naar Europa Geschiedenis van een begin (published in English as: The Passage to Europe: How a Continent Became a Union), Historische Uitgeverij Milanovic, Marko, 2015, “Human Rights Treaties and Foreign Surveillance: Privacy in the Digital Age”, Harvard International Law Journal, 56 (2015), 81–146 Miller, Arthur R., 1971, The Assault on Privacy, University of Michigan Press Mitsilegas, Valsamis, 2006, “The constitutional implications of mutual recognition in criminal matters in the EU”, Common Market Law Review 43, 1277–1311 Mitsilegas, Valsamis, 2015, “The Transformation of Privacy in an Era of Pre-­ emptive Surveillance”, Tilburg law review 20 (2015), 35–57 Mol, Mirjam de, 2011, “The novel approach of the CJEU on the horizontal direct effect of the EU principle of non-discrimination: unbridled expansionism of EU law?”, Maastricht Journal of European and Comparative Law, 2011 (1–2), 109–135 Moravcsik, Andrew, 1993, “Preferences and Power in the European Community: A Liberal Intergovernmentalist Approach”, Journal of Common Market Studies (JCMS), Vol 31, Issue 4, 473–524 Muir, Elise, 2014, “The fundamental rights implications of EU legislation: Some constitutional challenges”, Common Market Law Review 51, 219–245 Murphy, Cian C., 2014, “Using the EU Charter of Fundamental Rights Against Private Parties after Association de Médiation Sociale”, European Human Rights Law Review (forthcoming) Murphy, Erin, 2013, “The Politics of Privacy in the Criminal Justice System: Information Disclosure, The Fourth Amendment, and Statutory Law Enforcement Exemptions”, Michigan Law Review, Vol 111, No (2013), 485–546 Nazzini, R., 2012, “Administrative enforcement, judicial review and fundamental rights in EU competition law: A comparative contextual-functionalist perspective”, Common Market Law Review 49, 971–1005 Nicholas, Mary Lynn, 1990, “United States v Verdugo-Urquidez: Restricting the Borders of the Fourth Amendment”, Fordham International Law Journal, Vol 14, Issue 1990 Nissenbaum, Helen, 2010, Privacy in context, Stanford University Press Nolte, Georg (ed.), 2005, European and US Constitutionalism, Cambridge Books Online 598 Annex: Consulted Documents Obama, Barack, 2014, Speech on NSA reforms, available on: http://www.washingtonpost.com/politics/full-text-of-president-obamas-jan-17-speech-on-nsareforms/2014/01/17/fa33590a-7f8c-11e3-9556-4a4bf7bcbd84_story.html O’Donnell, Guillermo, 2004, “The Quality of Democracy, Why the Rule of Law matters”, Journal of Democracy 15, 32–46, (including update), available on:home.comcast.net/~lionelingram/odonnell_WhyRuleOfLawMatters.pdf Ogus, A., 2002, “Regulatory Institutions and Structures”, Annals of Public and Cooperative Economics 73:4 2002, 627–648 Oliver, P., 2009, “The protection of privacy in the economic sphere before the European Court of Justice”, Common Market Law Review 46, 1443–1483 Ottow, A., 2015, Market & Competition Authorities, Good Agency Principles, Oxford University Press Payandeh, Mehrdad 2011, “Constitutional review of EU law after Honeywell: Contextualizing the relationship between the German Constitutional Court and the EU Court of Justice”, Common Market Law Review 48, 9–38 Pech, L., 2012, “Rule of law as a guiding principle of the European Union’s external action”, Centre for the Law of EU External Relations (CLEER), T.M.C. Asser Instituut, available on: http://www.asser.nl/upload/ documents/2102012_33322cleer2012-3web.pdf Peers, S., 2014, “The CJEU’s Google Spain judgment: failing to balance privacy and freedom of expression”, EU Law Analysis (2014), available on:http://eulawanalysis.blogspot.be/2014/05/the-cjeus-google-spain-judgment-failing.html Peers, Steve, Tamara Hervey, Jeff Kenner, and Angela Ward (eds.) 2014 The EU Charter of Fundamental Rights, a commentary Oxford: Hart Publishing Pérez Asinari, María Verónica, and Pablo Palazzi (eds.), 2008, Défis du droit la protection des données, Perspectives du droit Européen et Nord-Américain – Challenges of privacy and data protection law, Perspectives of European and North-American Law, Cahiers du Centre de Recherches Informatique et Droit Poiares Maduro, Miguel, 2007, “So close and yet so far: the paradoxes of mutual recognition”, Journal of European Public Policy 14:5 August 2007, 814–825 Poiares Maduro, Miguel, 2004, “How Constitutional Can the European Union Be? The Tension Between Intergovernamentalism and Constitutionalism in the European Union” in: Joseph Weiler and Christopher Eisgruber (eds.), Altneuland: The EU Constitution in a Contextual Perspective, Jean Monnet Working Paper 5/04 Popelier, P., 2014, “Europe Clauses’ and Constitutional Strategies in the Face of Multi-Level Governance”, Maastricht Journal of European and Comparative Law 2014, Vol 21, No 2, 300 Post, David G., 2002, “Against Against Cyberanarchy”, 17 Berkeley Technology L aw Journal 1365 (2002) Poullet, Yves, 2009, “Transborder Data Flows and Extraterritoriality: the European Position”, Journal of International Commercial Law and Technology 141 (2009) Prechal, Sacha, 2015, “The Court of Justice and Effective Judicial Protection: What Has the Charter Changed?”, in: Christophe Paulussen, Tamara Takács, Vesna Annex: Consulted Documents 599 Lazic, and Ben Van Rompuy (eds), Fundamental Rights in International and European Law – Public and Private Law Perspectives, T.M.C. Asser Press/ Springer, 143–160 Prechal, Sacha, and Marleen van Rijswick, 2006, “Supervision and supervisory authorities A few introductory remarks”, Utrecht Law Review, Special on Supervision and Supervisory Authorities, Vol 2, Issue 1, June 2006, 1–7 Princen, S.B.M., 2002, The California Effect in the transatlantic relationship, dissertation Utrecht University PRISMS project, sponsored by the EU under the 7th Framework Programme, available on: http://prismsproject.eu/ Privacy Bridges, EU and US privacy experts in search of transatlantic privacy solutions, Amsterdam/Cambridge, September 2015, available on:https://www.cbpweb.nl/sites/default/files/atoms/files/privacy_bridges_paper.pdf Purtova, Nadezhda, 2009, “Property Rights in Personal Data: Learning from the American Discourse”, Computer Law & Security Review, Vol 25, No 6, 2009, 507–521, available on: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1554341 Raab, Charles D., 2010, “Information Privacy: Networks of Regulation at the Subglobal Level”, Global Policy 2010, 1:3 Raab, Charles D., 2011, “Networks for Regulation: Privacy Commissioners in a Changing World”, Journal of Comparitive Policy Analysis, Vol 13, No 2, April 2011, 195–213 Raab, Charles D., 2014, Submission to Intelligence and Security Committee of Parliament, Privacy and Security Inquiry, 7th February 2014 Rainey, Bernadette, Elizabeth Wicks, and Clare Ovey, 2014, Jacobs, White & Ovey: The European Convention on Human Rights (sixth edition), Oxford University Press Read, Darren, 2012, “Net neutrality and the EU electronic communications regulatory framework”, International Journal of Law and Information Technology Vol 20 No Reding, Viviane, 2012, “The European data protection framework for the twenty-­ first century”, International Data Privacy Law, 2012, Vol 2, No 3, 119–129 Reidenberg, Joel, 1996, “Governing Networks and Cyberspace Rule-Making”, 45 Emory Law Journal 911 Reidenberg, Joel R., 2001, “The Yahoo! Case and the International Democratization of the Internet”, Fordham Law & Economics Research Paper No 11, 2001 Reidenberg, Joel R., 2005, “Technology and Internet Jurisdiction”, University of Pennsylvania Law Review, Vol 153/1951 (2005) Reidenberg, Joel, 2013, “The Data Surveillance State in the United States and Europe”, Fordham Law Legal Studies Research Paper No 2349269, (Princeton University – Center for Information Technology Policy/Fordham University School of Law), Wake Forest Law Review, November 2013 Reidenberg, Joel R., 2014, “Privacy in Public”, Fordham Law Legal Studies Research Paper No 2493449, 69 University of Miami Law Review 141 (2014) Reidenberg, Joel R a.o., 2013, Internet Jurisdiction, Survey of Legal Scholarship Published in English and United States Case Law, Fordham Center on Law and Information Policy 600 Annex: Consulted Documents Research Network on EU Administrative Law, 2014, “ReNEUAL Model Rules on EU Administrative Procedure: Introduction to the ReNEUAL Model Rules”/ Book I – General Provisions, On Line version; Book V – Mutual Assistance; Book VI – Administrative Information Management Riviốre, Hippolyte-Ferrộol, 1878, Codes Franỗais et Lois Usuelles, A. Maresq Ainé Roberts, Andrew, 2015, “Privacy, Data Retention and Domination: Digital Rights Ireland Ltd v Minister for Communications”, The Modern Law Review, Vol 78, Issue 3, 535–548 Rosas, Allan, and Lorna Armati, 2010, EU Constitutional Law, an Introduction, Hart Publishing Rosen, Jeffrey, 2012, “The right to be forgotten”, Stanford Law Review Online 88, available on: http://www.stanfordlawreview.org/sites/default/files/online/ topics/64-SLRO-88.pdf Rosen, Jeffrey, 2013, “Inside the Stunning Court Smackdown on NSA Spying”, The New Republic, available on:http://www.newrepublic.com/article/115962/ courts-nsa-ruling-against-metadata-collection-fourth-amendment-win Rotenberg, Marc, 2006, “The Sui Generis Privacy Agency: How the United States Institutionalized Privacy Oversight After 9-11”, Research Paper, available on: epic.org/epic/ssrn-id933690.pdf Rotenberg, Marc, 2014, “On International Privacy: A Path Forward for the US and Europe”, Harvard International Review, Vol XXXV, No 4, available on: http:// hir.harvard.edu/archives/5815 Rotenberg, Marc, Julia Horwitz, and Jeramie Scott (eds), 2015, Privacy in the Modern Age, The Search for Solutions, The New Press Rotenberg, Marc, and David Jacobs, 2013, “Updating the law on information privacy: The new framework of the European Union”, Harvard Journal of Law & Public Policy, Vol 36, No 2, 605–652, available on: www.harvard-jlpp.com/ wp-content/…/36_2_605_Rotenberg_Jacobs.pdf Rubenfeld, Jed, 2004, “Unilateralism and Constitutionalism”, Yale Law School, Faculty Scholarship Series Paper 1553, available on:http://digitalcommons.law yale.edu/cgi/viewcontent.cgi?article=2553&context=fss_papers Rubinstein, Ira, 2011, “Privacy and Regulatory Innovation: Moving Beyond Voluntary Codes”, NYU School of Law, Public Law Research Paper No 10–16, available on:http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1510275 Rubinstein, Ira, and Joris Van Hoboken, 2014, “Privacy and Security in the Cloud: Some Realism About Technical Solutions to Transnational Surveillance in the Post-Snowden Era”, 66 Maine Law Review 488 (2014) Rule, James, Douglas McAdam, Linda Stearns, and David Uglow, 1980, The Politics of Privacy, Planning for Personal Data Systems as Powerful Technologies, Elsevier Ryngaert, Cedric, 2007, Jurisdiction in International Law, United States and European Perspectives, dissertation KU Leuven Sartor, Giovanni, and Mario Viola de Azevedo Cunha, 2010, “The Italian Google-­ Case: Privacy, Freedom of Speech and Responsibility of Providers for User-­ Annex: Consulted Documents 601 Generated Contents”, International Journal of Law and Information Technology, Vol 18, No (2010) Schaar, Peter, 2015, “Privacy as a human right, Edward Snowden and the control of power”, available on: http://www.eurozine.com/articles/2015-02-27-schaar-en html Schiavo, Gianni Lo, 2015, “A Judicial Re-Thinking on the Delegation of Powers to European Agencies under EU Law? Comment on Case C-270/12 UK v Council and Parliament”, 16 German Law Journal Schmidt, Eric, and Jared Cohen, 2015, The New Digital Age, Hodder & Stoughton Schneier, Bruce, 2015, Data and Goliath, W.W. Norton & Company Scholten, M., 2014, The Political Accountability of EU Agencies: Learning from the US Experience, dissertation Maastricht University, available on: http://digitalarchive.maastrichtuniversity.nl/fedora/get/guid:be4ab50f-ee14-46d1-b0ef712fe4d07a3f/ASSET1 Scholten, Miroslava, 2012, “The newly released ‘common approach’ on EU agencies: Going forward or standing still?”, The Columbia Journal of European Law online, Columbia Journal of European Law, Vol 19, No 1, F.1 Schrauwen, Annette, 2013, Burgerschap onder gedeeld gezag, Vossiuspers Schütz, Philip, 2012, “Comparing formal independence of data protection authorities in selected EU Member States”, Conference Paper, ECPR Standing Group on Regulation & Governance (Biennial Conference)