Buongiorno, Schrems II ciao ciao!?! https://www.lawfareblog.com/how-europes-intelligence-services-aim-avoid-eus-... --8<---------------cut here---------------start------------->8--- How Europe’s Intelligence Services Aim to Avoid the EU’s Highest Court—and What It Means for the United States By Theodore Christakis, Kenneth Propp Monday, March 8, 2021, 3:01 PM [...] In the fall of 2020, the court softened that bitter pill when, for the first time, it also imposed limits on EU member states’ intelligence services’ own data collection and retention activities. But now the member state governments have struck back against the Luxembourg-based court, quietly slipping into their version of the EU’s ePrivacy legislative reform proposal a provision that would put these contested national security activities beyond the court’s reach. The U.S. government is already [on record] as objecting to what it perceives as a laxer data protection standard being applied by European courts to their own national intelligence services. This latest move in Brussels has only accentuated the sense of a disparity in treatment. This post explores the ongoing struggle within the European Union to delimit the national security exception in its data protection law for the activities of member state intelligence services, and the corresponding impact this Brussels debate could have on the ongoing transatlantic negotiations to restore a secure basis for commercial data transfers from the European Union to the United States. [...] Conclusion The Council of the European Union’s action in the ePrivacy saga has revealed that many EU member states were so deeply uncomfortable with the evolution of CJEU jurisprudence on surveillance, that they decided to do something radical about it. They acted to interpose a broad national security exception in the ePrivacy regulation because they saw it as the only way to preserve freedom of action in the areas of data collection and retention for their intelligence agencies. France also recently has taken a unilateral [additional action] in order to escape the data retention case law of the CJEU: It asked the country’s highest administrative court—the Council of State—to ignore the CJEU ruling in the LQDN case. French government lawyers contend that the CJEU acted outside its scope (ultra vires) by usurping for the EU an important “sovereign” competence—national security and protection of public order—that member states had never transferred to it. In effect, the French government’s concern about the CJEU’s intrusion into its intelligence and law enforcement activities is so great that it has asked its highest court to choose between an EU member state’s duty to respect, as a matter of principle, the jurisprudence of the CJEU and its own interpretation of its core constitutional prerogatives. The United States, by contrast, can make no comparable Houdini-like escape from the Schrems II judgment. EU law provides no national security exemption that may be invoked on behalf of third-state intelligence services. The United States, as well as other third countries, will remain under the close scrutiny of the CJEU in Schrems-like cases addressing their “adequacy” and “essential equivalence.” Similarly, while national data protection authorities in Europe have no basis in EU law to sanction a company responding to an EU member state request for data on national security grounds, they will be able to heavily fine companies transferring data to the United States, on the basis that U.S. national security laws do not meet the Schrems II and the European Data Protection Board’s restrictive surveillance standards. There can be little doubt that the NSA’s counterparts in European capitals sympathize with its uncomfortable position. After all, these European agencies richly benefit from U.S. intelligence in combating terrorism and other national security threats, and would be loath to lose such a valuable source. One also can presume that Washington is encouraging EU member state governments to bring the same level of appreciation of surveillance interests to the international negotiations for a successor to the Privacy Shield that they brought to their own Brussels deliberations on the ePrivacy regulation. In both contexts, governments are weighing traditional national security surveillance prerogatives against an increasing and insistent “judicialization” of the fundamental right to data protection in all settings. The situation is in flux both within the European Union and in transatlantic relations. If there is an eventual balance that excludes from the scrutiny of the CJEU the data retention laws and practices of European national security services, but not those of their U.S. counterpart, it might well be unstable. Whether and how U.S. and European diplomats can deliver their governments from this unsustainable situation remains to be seen. [on record] <https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t0000000Y...> [additional action] <https://www.politico.eu/article/france-data-retention-bypass-eu-top-court/> --8<---------------cut here---------------end--------------->8--- Saluti, Giovanni -- Giovanni Biscuolo