Crisis of Privacy and Sacrifice of Personal Data in the Name of National Security: The CJEU Rulings Strengthening EU Data Protection Standards

Abstract

Snowden’s surveillance revelations in 2013 raised the issue of privacy and security in the public spotlight. These revelations underlined the need for strong data protection framework. At the same time, the pressing demand to address security concerns and the threat of terrorist attacks might weaken privacy and data protection standards. Two landmark judgments of the Court of Justice of the European Union (the CJEU), namely, the Digital rights Ireland judgment which invalidates Data Retention Directive, and the Schrems judgment which invalidates Safe Harbour Decision forming a legal basis for transatlantic data transfers are of great significance in strengthening the rights to privacy and data protection in the context of digital mass surveillance. They will have far-reaching implications on EU and national data retention mechanisms, as well on cross-border data transfer framework. Through the lens of the CJEU the paper seeks to reveal the key challenges data protection law faces both at national and EU level that have to be overcome in response to mass surveillance in order to maintain a proper balance between privacy and national security.