Vagelis Papakonstantinou

Abstract: The five-year wait is finally over; a few days before expiration of 2015 the “trilogue” that had started a few months earlier between the Commission, the Council and the Parliament suddenly bore fruit and the EU data protection reform package has finally been concluded. As planned since the beginning of this effort a Regulation, the General Data Protection Regulation is going to replace the 1995 Directive and a Directive, the Police and Criminal Justice Data Protection Directive, the 2008 Data Protection Framework Decision. In this way a long process that started as early as in 2009, peaked in early 2012, and required another three years to pass through the Parliament's and the Council's scrutiny is finished. Whether this reform package and its end-result is cause to celebrate or to lament depends on the perspective, the interests and the expectations of the beholder. Four years ago we published an article in this journal under the title “The proposed data protection Regulation replacing Directive 95/46/EC: A sound system for the protection of individuals”. This paper essentially constitutes a continuation of that article: now that the General Data Protection Regulation's final provisions are at hand it is possible to present differences with the first draft prepared by the Commission, to discuss the issues raised through its law-making passage over the past few years, and to attempt to assess the effectiveness of its final provisions in relation to their declared purposes.

Abstract: The recent release by the European Commission of the first drafts for the amendment of the EU data protection regulatory framework is the culmination of a consulting and preparation process that lasted more than two years. At the same time, it opens up a law-making process that is intended to take at least as much time. The Commission has undertaken the herculean task to amend the whole EU data protection edifice, through the introduction of a General Data Protection Regulation, intended to replace the EU Data Protection Directive 95/46/EC, and a Police and Criminal Justice Data Protection Directive, intended to replace the Framework Decision 2008/977/JHA. This paper shall focus at the replacement of the EU Data Protection Directive by the draft General Data Protection Regulation. Due to the fact that the draft Regulation is a long (and ambitious) text, a selection has been made, with the aim of highlighting its treatment of basic data protection principles and elements, in order to identify merits and shortcomings for the general data protection purposes.

Abstract: The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.

Abstract: Seamless air commuting between the EU and the USA appears to constitute nowadays a much sought-after but nevertheless still elusive cause. The level of co operation between the two parties has had, and is still having, its best and worst days. The protection of individual privacy continues to constitute one of the causes for much controversy. In Europe, the formal recognition of a right to data protection, in addition to the right to privacy, has led to an elaborate framework for the protection of individuals; however, internal, institutional difficulties have frequently caused confusion as to the appropriate legal treatment of different situations. In the USA individual privacy and personal data are protected through a mixture of sources: Constitutional law, Supreme Court case law, federal legislation, sector-specific legislation, etc. The difference in approach is obvious and has fed European belief about having higher standards in protection of personal data. After 9/11, the request of American security authorities to have increased access to the personal data of passengers (PNR data) visiting the USA, inevitably led to yet another confrontation of the two systems. The conflict was attempted to be resolved by a First (2004) PNR Agreement, that was annulled by the European Court of Justice, then by an Interim PNR Agreement and, finally, by the, in effect, Second (2007) PNR Agreement. The paper attempts to bring forward the route to the conclusion of the PNR Agreements, as well as to asses the effectiveness of the policy choices and the PNR Agreement model itself for the protection of individual privacy.

Abstract: This book on smart grid security is meant for a broad audience from managers to technical experts. It highlights security challenges that are faced in the smart grid as we widely deploy it across the landscape. It starts with a brief overview of the smart grid and then discusses some of the reported attacks on the grid. It covers network threats, cyber physical threats, smart metering threats, as well as privacy issues in the smart grid. Along with the threats the book discusses the means to improve smart grid security and the standards that are emerging in the field. The second part of the book discusses the legal issues in smart grid implementations, particularly from a privacy (EU data protection) point of view.

Abstract: American Bankruptcy Institute Law Review 17 Am. Bankr. Inst. L. Rev., No. 1, Spring, 2009. Boston College Law Review 50 B.C. L. Rev., No. 3, May, 2009. Boston University Public Interest Law Journal 18 B.U. Pub. Int. L.J., No. 2, Spring, 2009. Cardozo Journal of Conflict Resolution 10 Cardozo J. Conflict Resol., No. 2, Spring, 2009. Cardozo Public Law, Policy, & Ethics Journal 7 Cardozo Pub. L. Pol’y & Ethics J., No. 3, Summer, 2009. Chicago Journal of International Law 10 Chi. J. Int’l L., No. 1, Summer, 2009. Colorado Journal of International Environmental Law and Policy 20 Colo. J. Int’l Envtl. L. & Pol’y, No. 2, Winter, 2009. Columbia Journal of Law & the Arts 32 Colum. J.L. & Arts, No. 3, Spring, 2009. Connecticut Public Interest Law Journal 8 Conn. Pub. Int. L.J., No. 2, Spring-Summer, 2009. Cornell Journal of Law and Public Policy 18 Cornell J.L. & Pub. Pol’y, No. 1, Fall, 2008. Cornell Law Review 94 Cornell L. Rev., No. 5, July, 2009. Creighton Law Review 42 Creighton L. Rev., No. 3, April, 2009. Criminal Law Forum 20 Crim. L. Forum, Nos. 2-3, Pp. 173-394, 2009. Delaware Journal of Corporate Law 34 Del. J. Corp. L., No. 2, Pp. 433-754, 2009. Environmental Law Reporter News & Analysis 39 Envtl. L. Rep. News & Analysis, No. 7, July, 2009. European Journal of International Law 20 Eur. J. Int’l L., No. 2, April, 2009. Family Law Quarterly 43 Fam. L.Q., No. 1, Spring, 2009. Georgetown Journal of International Law 40 Geo. J. Int’l L., No. 3, Spring, 2009. Georgetown Journal of Legal Ethics 22 Geo. J. Legal Ethics, No. 2, Spring, 2009. Golden Gate University Law Review 39 Golden Gate U. L. Rev., No. 2, Winter, 2009. Harvard Environmental Law Review 33 Harv. Envtl. L. Rev., No. 2, Pp. 297-608, 2009. International Review of Law and Economics 29 Int’l Rev. L. & Econ., No. 1, March, 2009. Journal of Environmental Law and Litigation 24 J. Envtl. L. & Litig., No. 1, Pp. 1-201, 2009. Journal of Legislation 34 J. Legis., No. 1, Pp. 1-98, 2008. Journal of Technology Law & Policy 14 J. Tech. L. & Pol’y, No. 1, June, 2009. Labor Lawyer 24 Lab. Law., No. 3, Winter/Spring, 2009. Michigan Journal of International Law 30 Mich. J. Int’l L., No. 3, Spring, 2009. New Criminal Law Review 12 New Crim. L. Rev., No. 2, Spring, 2009. Northern Kentucky Law Review 36 N. Ky. L. Rev., No. 4, Pp. 445-654, 2009. Ohio Northern University Law Review 35 Ohio N.U. L. Rev., No. 2, Pp. 445-886, 2009. Pace Law Review 29 Pace L. Rev., No. 3, Spring, 2009. Quinnipiac Health Law Journal 12 Quinnipiac Health L.J., No. 2, Pp. 209-332, 2008-2009. Real Property, Trust and Estate Law Journal 44 Real Prop. Tr. & Est. L.J., No. 1, Spring, 2009. Rutgers Race and the Law Review 10 Rutgers Race & L. Rev., No. 2, Pp. 441-629, 2009. San Diego Law Review 46 San Diego L. Rev., No. 2, Spring, 2009. Seton Hall Law Review 39 Seton Hall L. Rev., No. 3, Pp. 725-1102, 2009. Southern California Interdisciplinary Law Journal 18 S. Cal. Interdisc. L.J., No. 3, Spring, 2009. Stanford Environmental Law Journal 28 Stan. Envtl. L.J., No. 3, July, 2009. Tulsa Law Review 44 Tulsa L. Rev., No. 2, Winter, 2008. UMKC Law Review 77 UMKC L. Rev., No. 4, Summer, 2009. Washburn Law Journal 48 Washburn L.J., No. 3, Spring, 2009. Washington University Global Studies Law Review 8 Wash. U. Global Stud. L. Rev., No. 3, Pp.451-617, 2009. Washington University Journal of Law & Policy 29 Wash. U. J.L. & Pol’y, Pp. 1-401, 2009. Washington University Law Review 86 Wash. U. L. Rev., No. 6, Pp. 1273-1521, 2009. William Mitchell Law Review 35 Wm. Mitchell L. Rev., No. 4, Pp. 1235-1609, 2009. Yale Journal of International Law 34 Yale J. Int’l L., No. 2, Summer, 2009. Yale Journal on Regulation 26 Yale J. on Reg., No. 2, Summer, 2009.

Abstract: The Internet of Things (IoT) has recently advanced from an experimental technology to what will become the backbone of future customer value for both product and service sector businesses. This underscores the cardinal role of IoT on the journey toward the fifth generation of wireless communication systems. IoT technologies augmented with intelligent and big data analytics are expected to rapidly change the landscape of myriads of application domains ranging from health care to smart cities and industrial automations. The emergence of multi-access edge computing (MEC) technology aims at extending cloud computing capabilities to the edge of the radio access network, hence providing real-time, high-bandwidth, low-latency access to radio network resources. IoT is identified as a key use case of MEC, given MEC’s ability to provide cloud platform and gateway services at the network edge. MEC will inspire the development of myriads of applications and services with demand for ultralow latency and high quality of service due to its dense geographical distribution and wide support for mobility. MEC is therefore an important enabler of IoT applications and services which require real-time operations. In this survey, we provide a holistic overview on the exploitation of MEC technology for the realization of IoT applications and their synergies. We further discuss the technical aspects of enabling MEC in IoT and provide some insight into various other integration technologies therein.

Abstract: Since their creation, the European Union and the Council of Europe have worked to harmonise the justice systems of their member states. This project has been met with a series of challenges. European Criminal Law offers a compelling insight into the development and functions of European criminal law. It tracks the historical development of European criminal law, offering a detailed critical analysis of the criminal justice systems responsible for its implementation. While the rapid expansion and transnationalisation of criminal law is a necessary response to the growing numbers of free movement of persons and goods, it has serious implications for the rights of European citizens and needs to be balanced with rights protections. With its close analysis of secondary legislation and reliance on a wide variety of original sources, this book provides a thorough understanding of European Criminal Law and the institutions involved.

Abstract: The field of electronic publishing has grown exponentially in the last two decades, but we are still in the middle of this digital transformation. With technologies coming and going for all kinds of reasons, the distribution of economic, technological and discursive power continues to be negotiated. This book presents the proceedings of the 20th Conference on Electronic Publishing (Elpub), held in Gottingen, Germany, in June 2016. This year’s conference explores issues of positioning and power in academic publishing, and it brings together world leading stakeholders such as academics, practitioners, policymakers, students and entrepreneurs from a wide variety of fields to exchange information and discuss the advent of innovations in the areas of electronic publishing, as well as reflect on the development in the field over the last 20 years. Topics covered in the papers include how to maintain the quality of electronic publications, modeling processes and the increasingly prevalent issue of open access, as well as new systems, database repositories and datasets. This overview of the field will be of interest to all those who work in or make use of electronic publishing.

Abstract: The General Data Protection Regulation (GDPR) will come into force in the European Union (EU) in May 2018 to meet current challenges related to personal data protection and to harmonise data protection across the EU. Although the GDPR is anticipated to benefit companies by offering consistency in data protection activities and liabilities across the EU countries and by enabling more integrated EU-wide data protection policies, it poses new challenges to companies. They are not necessarily prepared for the changes and may lack awareness of the upcoming requirements and the GDPR's coercive measures. The implementation of the GDPR requirements demands substantial financial and human resources, as well as training of employees; hence, companies need guidance to support them in this transition. The purposes of this study were to compare the current Data Protection Directive 95/46/EC with the GDPR by systematically analysing their differences and to identify the GDPR's practical implications, specifically for companies that provide services based on personal data. This study aimed to identify and discuss the changes introduced by the GDPR that would have the most practical relevance to these companies and possibly affect their data management and usage practices. Therefore, a review and a thematic analysis and synthesis of the article-level changes were carried out. Through the analysis, the key practical implications of the changes were identified and classified. As a synthesis of the results, a framework was developed, presenting 12 aspects of these implications and the corresponding guidance on how to prepare for the new requirements. These aspects cover business strategies and practices, as well as organisational and technical measures.