Paradoxically, it has been after Lisbon and the establishment of a specific legal basis in EU Treaties that data protection has been progressively dismantled by a combined action of the Commission and Interior Ministers in the Council. The European Parliament gave up. And only Data Protection Authorities and the Court of justice are still standing but with several difficulties as EU institutions do not comply with rulings on data protection (EU-US privacy Shield, PNR Directive, Data Retention). Moreover, in the JHA several instruments are being adopted based on a new private-government cooperation blurring the line between GDPR and LED, data controller and data processor, and territoriality (e-evidence). Further, intrusive instruments based on a “false” legal basis of Art. 114 are being adopted challenging classical law enforcement and data protection understanding (e-privacy derogation). The EU is following the preventive security model.
• Is the EU following the US and soon the Chinese model of Predictive policy?
• How such a trend can be reversed?
• How the tricky “consistency mechanism” of the Data Protection legal framework and the lack of a stronger role of the EDPB is de facto paving the way to dismantle Data Protection?
• How the European Parliament is cornered by the Council and the Commission and is losing its role of defending a true supranational freedom, security and justice area?
