"We suggest various strategies that may help prevent abuses:
1. Circumscribing the material scope of national security activities so as to make it more difficult for states to use national security as a spurious legal justification for activities directed at other purposes.
2. Circumscribing the personal scope of national security activities, excluding from it certain activities by private parties.
3. Including national security activity within the scope of data protection law, so as to ensure that
restrictions of data subject rights for national security purposes are subject to requirements of
legality and proportionality.
4. Supporting the adoption of adequate legal frameworks at the national level, since national security remains a reserved competence of Member States, and it is up to them to effectively ensure that their activity complies with the fundamental rights and principles of EU law. These frameworks
should comply with principles such as the following: legality, legitimate end, necessity,
proportionality, competent authority, due process, user notification, transparency, public
oversight, security and certification, and technical adjustability."
The case (2) is interesting in terms of public-private partnerships, but it is the case (3) that is quite fundamental as it would extend the scope of data protection law substantially.
2 comments
[ 3.2 ms ] story [ 14.4 ms ] thread1. Circumscribing the material scope of national security activities so as to make it more difficult for states to use national security as a spurious legal justification for activities directed at other purposes.
2. Circumscribing the personal scope of national security activities, excluding from it certain activities by private parties.
3. Including national security activity within the scope of data protection law, so as to ensure that restrictions of data subject rights for national security purposes are subject to requirements of legality and proportionality.
4. Supporting the adoption of adequate legal frameworks at the national level, since national security remains a reserved competence of Member States, and it is up to them to effectively ensure that their activity complies with the fundamental rights and principles of EU law. These frameworks should comply with principles such as the following: legality, legitimate end, necessity, proportionality, competent authority, due process, user notification, transparency, public oversight, security and certification, and technical adjustability."
The case (2) is interesting in terms of public-private partnerships, but it is the case (3) that is quite fundamental as it would extend the scope of data protection law substantially.