European data protection authorities (EU DPAs) play crucial roles in protecting personal data rights. However, many EU DPAs do not have adequate access to resources in order to be effective data privacy protectors. Although the data privacy law literature recognizes that many EU DPAs operate within such constraints, to date, there has been a dearth of empirical studies on how limited resources can impact on enforcement. A new article* makes a modest attempt to address this empirical gap by analysing selected empirical findings of a recent project which examined the investigations of multinational cloud providers by EU DPAs (Cloud Investigations).
This article draws on the fields of socio-legal studies and regulation to interpret these empirical findings and advances three arguments. First, due to their fiscal constraints, some EU DPAs often have to make tactical enforcement decisions about initiating Cloud Investigations as well as the foci and methods of Cloud Investigations. The decision-making process can be very complex for some EU DPAs as they have to not only consider but also at times balance a broad range of factors including external pressures, law and enforcement styles. Second, hybrid forms of data governance can often emerge during Cloud Investigations as EU DPAs delegate their regulatory tasks to private and governmental (other than EU DPAs) actors due to the limited resources. Finally, this article suggests that hybrid data governance needs to be carefully designed in order to ensure effective and robust data governance. Suggestions are made on how the ‘regulatory space’ can be designed in order to promote accountability, trust, robust data protection and effective multi-actor collaboration.
Google has faced heightened scrutiny by numerous competition authorities worldwide since 2007. Most significantly the European Union (EU) fined Google a record €2.4bn ($2.7bn) for abusing its dominant position as a search engine. This blog post examines Google’s recent antitrust troubles in the EU and the United States (US) and analyzes whether the EU fine is likely to ignite further investigations against Google. Continue reading →
The past few years have witnessed a debate in the field of banking and broader financial services law: should the law relating to the duty of care owed by financial services firms to their customers be reformed? The Financial Services Consumer Panel (FSCP) argues that the answer to this question is yes; the current law does not provide consumers with adequate levels of protection, and thus the law needs to be. The current regulatory regime requires firms to treat their customers fairly, however the FSCP believes that banks and other financial services firms should be held to a higher standard and for this reason have advanced reform proposals to address this issue.
The purpose of this blog post is to analyse the content of the reform proposals and assess the viability of any reform, in light of the existing legal regime. It will be argued that, as indicated by the Parliamentary Commission on Banking Standards (PCBS) and the Financial Conduct Authority (FCA), the proposal advanced by the FSCP is unlikely to improve the law in this area. Continue reading →
EU public procurement law relies on the specific enforcement mechanisms of the Remedies Directive, which sets out EU requirements of administrative oversight and judicial protection for public contracts. Recent developments in the case law of the CJEU and the substantive reform resulting from the 2014 Public Procurement Package may have created gaps in the Remedies Directive, which led the European Commission to publicly consult on its revision in 2015. One year after, the outcome of the consultation has not been published, but such revision now seems to have been shelved. In a chapter* I am contributing to an edited collection, I take issue with the shelving of the revision process and critically assesses whether the Remedies Directive is still fit for purpose. Continue reading →