CPDP2017 presentation: The draft new Regulation 45/2001 and its relationship with Directive 680/2016

“The draft new Regulation 45/2001 and its relationship with Directive 680/2016”, panelist in the 10th International Computers, Privacy & Data Protection (CPDP) Conference.

Posted in Conferences Tagged with:

Καλές γιορτές – Season’s greetings!

Καλές γιορτές! Αντί εντύπων ευχετηρίων χριστουγεννιάτων καρτών η MPlegal υποστήριξε το Χαμόγελο του Παιδιού.

Posted in MPlegal Tagged with:

Athens Marathon, 13 Νοεμβρίου 2016


Posted in Marathon

Brussels Privacy Hub, 27 October 2016 • GDPR Workshop Series: What is to be done with the ePrivacy Directive?


Posted in Conferences Tagged with:

Νέο βιβλίο, Δίκαιο σημάτων, κατ’ άρθρον ερμηνεία

Το νέο μας βιβλίο, με τη Δήμητρα Μαρκοπούλου, “Ν.4072/2012 περί Σημάτων – Κατ’ άρθρον ερμηνεία” μόλις δημοσιεύθηκε από τις εκδόσεις Σάκκουλα.


Posted in Books/Βιβλία Tagged with: ,

Υποχρεωτική η (μετ)εκπαίδευση των δικηγόρων;

Δημοσιεύθηκε στο eThemis, 3 Ιουνίου 2016


Με αφορμή την ανακοίνωση για ένα summer school (θερινό σχολείο) με νομικό αντικείμενο, σκέφτομαι ότι ο τομέας της εκπαίδευσης  των νομικών – δικηγόρων έχει κάνει πραγματικά άλματα κατά τα τελευταία έτη: εκτός από τα συνέδρια, που έχουν γίνει πολλά και εξειδικευμένα, σεμινάρια διοργανώνουν τακτικά τόσο οι δικηγορικοί σύλλογοι όσο και  επιστημονικές ομάδες ή παρεμφερείς οργανώσεις και οργανισμοί, σύλλογοι φοιτητών, ακόμη και (νομικοί)  εκδότες.

Η συμμετοχή σε όλα αυτά τα εκπαιδευτικά προγράμματα, από κει που παλαιότερα ήταν αυτονόητα δωρεάν, τώρα έχει γίνει αντιληπτό ότι πρέπει να έχει κάποιο αντίτιμο. Οι ομιλητές, νομίζω, ακόμα κατά κανόνα δεν αμείβονται για τον κόπο τους. Για την παρακολούθησή τους από συναδέλφους δεν γνωρίζω – από εμπειρικά στοιχεία συμπεραίνω ότι σπάνια τα αμφιθέατρα είναι άδεια. Άλλωστε, αν ήταν δεν θα συνέχιζαν να οργανώνονται τόσα πολλά προγράμματα.

Αφού επομένως οι συνθήκες ωρίμασαν, και το κοινό είναι δεκτικό, μήπως, είναι ώρα να κάνουμε την (μετ-) εκπαίδευσή μας υποχρεωτική; Μήπως θα ήταν σκόπιμο, κάθε δικηγόρος, προκειμένου ν’ ανανεώνει κάθε  έτος την ταυτότητά του, να έχει πιστοποιημένα παρακολουθήσει τουλάχιστον ένα ή δύο από τα παραπάνω προγράμματα;

Τα οφέλη νομίζω ότι είναι προφανή. Η υποχρεωτική εκπαίδευση θ’ανεβάσει το συνολικό επίπεδο – κάτι που πρέπει ν’ αποτελεί το βασικό στόχο κάθε επιστημονικού συλλόγου και των μελών του. Επίσης, έμμεσα θα «καθαρίσει» το μητρώο. Συνάδελφοι εκτός αγοράς (όσοι έχουν απομείνει μετά την εισφορο – και – φορο – λαίλαπα) πιθανότατα να μην θελήσουν να χάσουν και χρόνο εκτός από τα χρήματά τους (κόστος διατήρησης της ιδιότητας). Τέλος, και η δημιουργία μιας νέας, μικρής αγοράς αποτελεί κι αυτό όφελος, στους χαλεπούς καιρούς που ζούμε.

Η πρακτική άλλωστε αυτή δεν είναι εξωτική ούτε πρωτοπόρα. Σε πολλούς δικηγορικούς συλλόγους του εξωτερικού, αντίστοιχη υποχρέωση υφίσταται εδώ και χρόνια για τα μέλη τους. Το ίδιο άλλωστε ισχύει και για τις επαγγελματικές πιστοποιήσεις (που, για παράδειγμα, σύντομα θα χρειαστούμε στο δίκαιο των δεδομένων προσωπικού χαρακτήρα).

‘Ηδη ακούω τις αντιρρήσεις, ότι μετά από πεντάμηνη αποχή δεν μπορεί να συζητάμε για οικονομική επιβάρυνση των συναδέλφων. Πολύ σωστά, όμως ο πήχης για αρχή δεν είναι ανάγκη να τοποθετηθεί ψηλά. Ένα ή δύο εκπαιδευτικά προγράμματα το χρόνο αρκούν. Άλλωστε, δεν είναι απαραίτητο όλα να χρεώνουν τη συμμετοχή σε αυτά – μπορεί να έχουν άλλους στόχους ή ν’αποβλέπουν σε έμμεσα έσοδα. Η μόνη προϋπόθεση θα είναι να έχουν πιστοποιηθεί από τον αντίστοιχο Δικηγορικό Σύλλογο.

Σε μία εποχή που (και) οι επαγγελματικοί σύλλογοι κατηγορούνται ότι ενδιαφέρονται μόνο για τα στενά οικονομικά συμφέροντα των μελών τους, νομίζω ότι η υποχρεωτική εκπαίδευση των μελών τους θα έδινε το σωστό μήνυμα – και στο εσωτερικό αλλά και στο εξωτερικό τους.


Posted in Blog posts Tagged with:

New article, The new General Data Protection Regulation: Still a sound system for the protection of individuals?



Paul de Hert and Vagelis Papakonstantinou have just published their latest article, The new General Data Protection Regulation: Still a sound system for the protection of individuals? in the Computer Law & Security Review, Volume 32 Issue 2.

Posted in Articles Tagged with: ,

Why the UN should be the world’s lead privacy agency

New blog post published in IAPP Privacy Perspectives by Paul de Hert and Vagelis Papakonstantinou on 28 April 2016.

IAPP Privacy Perspectives





While the protection of privacy constitutes by now a global concern, new technologies or methods of processing, such as big data, the Internet of Things, cloud computing, or smartphone applications, may easily drive to despair any legislator who attempts to apply local jurisdiction approaches on personal data processing that is by design addressed directly to individuals anywhere in the world and treats national borders as irrelevant.

Quite contrary to what is urgently needed, an entrenchment attitude may be identified even in data protection models devised today: The EU General Data Protection Regulation is intended to govern in a detailed and direct manner all personal data processing in the EU and place them under its strict conditions and procedures. Its extraterritorial effect is warranted not only through the adequacy criterion that is preserved more or less intact in its text but also through an ambitious approach on its scope, as recently reinforced by important CJEU case law.

The Council of Europe Data Protection Convention, also currently under a modernisation process, broadly follows the EU Regulation model, implementing an adequacy criterion and strict rules with regard to personal data processing. This probably explains why non-EU countries have viewed its ratification as a preliminary stage to be granted with “adequacy” finding by the EU. Even the OECD – through the amendment of its data protection guidelines that took place in 2013 – moved towards a more structured and formal approach to personal data processing.

On the other hand, the rest of the world shows an increased interest in data protection issues, with more than 100 countries having by now enacted some sort of data protection law within their respective jurisdictions. However, this does not necessarily mean that they all approve of and subscribe to the EU model – or even to models similar to it.

What we are therefore faced with is a chronicle of a collision foretold.

Regulatory approaches are diverging, failing to reach out to each other. Even compatibility among them is hard to achieve, as the current Privacy Shield saga demonstrates. While the right to privacy, or to data protection in the electronic context, is globally acknowledged as an important safeguard for individuals in the digital era, the way to protect it is understood differently in different parts of the world. Consequently, it appears that global cooperation and coordination is imperative. However, the ways to achieve it vary considerably and seemingly insurmountable obstacles lie ahead.

Some hope may come from the UN. Since July 2015, the UN Human Rights Council has appointed Prof. Joseph Cannataci  as its first-ever  Special Rapporteur on “The Right to Privacy in the Digital Age.” His mandate is, among others, to gather information, identify obstacles, take part in global initiatives, and raise awareness. Cannataci embarked enthusiastically on his new role, having undertaken an impressive number of initiatives during his first year in office. In mid-March 2016 he presented his first annual report to the UN Human Rights Council.

We have argued before about the need for an international treaty to govern data privacy; they have pointed to the WIPO and the intellectual property protection model as useful inspiration and have identified the UN Guidelines of 1991 as a suitable regulatory model that could meet global consensus and attain the basic data protection purposes, constituting the global information privacy minimum.

The hope for a global privacy treaty has also been expressed by Prof. Graham Greenleaf, as soon as the new Rapporteur has been appointed. A few months later, in October 2015, the 37th International Conference of Data Protection and Privacy Commissioners welcomed the new Rapporteur, reaffirmed its older idea on releasing an additional protocol to Article 17 ICPPR, and called upon him to promote the start of negotiations on such a protocol within his first mandate.

This opportunity was indeed duly noted by Cannataci, who took special care to insert in his first annual report as part of his “ten-point action plan” the “investment in international law.” While agreeing with the above approach of releasing an additional protocol to Art. 17 of the ICCPR, he takes a step further and carefully notes that “some other privacy-relevant matters, especially issues of jurisdiction and territoriality in cyberspace cannot be addressed satisfactorily unless there is a clear international agreement to that effect, one which would normally take the form of agreement in a multilateral treaty most probably on a specific topic or set of issues.” Nevertheless, he immediately clarifies that “for the avoidance of doubt it should be stated that what is envisaged is not one new global all-encompassing international convention covering all of privacy or Internet governance. It is far more realistic to expect that protection of privacy can be increased through incremental growth of international law,” leaving to mid- or long-term the development of entirely new legal instruments.

We feel that this approach, while sensible and even perhaps realistic, sets the bar too low.

Pressing global personal data processing concerns may not be addressed by means of obscure and remote to individuals additional protocols or incremental changes to existing instruments. Instead, we believe that it is time to launch the idea of setting up a new UN specialised agency to regulate data privacy globally. Its text of reference could very well be the UN 1991 Guidelines. They include all the basic components of good data protection legislation without at the same time threatening to stifle personal data processing. They are the right means to achieve global consensus on the absolutely minimum standards for personal data protection.

We believe that global issues cannot be addressed locally or even regionally. The protection of their privacy troubles individuals everywhere in the world. In response, countries and regions hurry to introduce some form of data protection legislation, indifferent to, if not competing with, the regulatory models of their neighbors.

A bottom-up approach, as the one applied today in practice, will not work. Instead, a top-down approach whereby an international organisation will set the global tone and minimum level of protection has far better chances to address individual concerns in a satisfactory way. The only candidate until today for this role has been the Council of Europe, which has cleverly opened up its Convention to ratification from non-members as well. However, by definition, the Council remains regional and therefore unable to convince individuals in other continents.

The UN is the obvious candidate for this role.

It has the necessary legal tools as well as the global visibility and good will – and now it also has a high-profile individual to use them and promote this cause and even take up the global go-to role when certain country approaches create difficulties to their citizens (as was already the case with the UK).

On the other hand, if the bar is set too low and global issues are addressed through specialised, little-known legal instruments, data protection could be lost in micro-management, implementing such complicated and remote to individuals schemes such as the Privacy Shield arrangement. We therefore believe that it is time to raise our eyes from the routine, legalistic treatment of personal data processing issues and face the greater picture. There has been until today no better time and no better circumstances to launch the idea of a new UN specialised agency for the protection of information privacy globally.



Posted in Blog posts

New article, The New Police and Criminal Justice Data Protection Directive. A first analysis



Paul de Hert and Vagelis Papakonstantinou just published a paper on The New Police and Criminal Justice Data Protection Directive. A first analysis in the New Journal of European Criminal Law, Vol. 7, Issue 1, 2016.

Posted in Articles Tagged with: ,

Milano Marathon


Posted in Marathon