This special issue aims to investigate the regulatory challenges facing theEU with regard to security governance in the broad area of the fight againstfinancial crimes and by adopting a wider outlook on how to map andunderstand these phenomena in their salient contexts. In recent years,security as a key word can be witnessed as increasingly penetrating policieson a national, international, and supranational level. This development isalso visible in EU policies, inter alia in the EU's policy concerning thearea of freedom, security, and justice (AFSJ). Coupling the word security tothe concept of governance in the somewhat thought-provoking phrase “securitygovernance” prominently cements its position in the entirety of processesand mechanisms that steer people as well as corporations or markets.Security in the EU internal context concerns to a great extent the fightagainst terrorism and its financing as well as the policing of EU borders.Security in this regard concerns the structure of EU law and how it can bejustified at the macro-level.

With increasing globalization, transnational crime in general, and humantrafficking in particular, a design of new legal framework is required inorder to effectively operationalize interstate law enforcement operationsand prosecutions. The development of a transnational criminal legalframework—or frameworks—can build on pre-existing transnational economicframeworks. There is also the need to extend the application of domestic lawbeyond national borders to influence transnational corporate behavior.Regulations based on reflexive law are one possible approach. Teubner's ideaof reflexive law has been informing developments in this area. This approachuses traditional national law to inform corporate governance strategies inorder to achieve effects on the market. A few jurisdictions have alreadyadopted measures modeled on this approach to tackle human trafficking andslavery-like conditions in global supply chains. Weaknesses in theapproaches adopted by the UK and the State of California have already beenidentified. If strengthened, this approach could be adopted in morejurisdictions—including the EU—and also to combat more areas oftransnational crime—such as money laundering. This paper will examine theresulting challenges using human trafficking as a case study.

Given the fast development of the field of AML Regulation, this Article aimsto answer the following questions: First, how is money laundering dealt withand regulated on the EU level? Second, to which legal concerns do the chosenregulatory strategy give rise? Accordingly, this Article provides anoverview of the various regulatory strategies in the global and EU regionalAML Regime while at the same time points out some of the most pressing legalconcerns in AML Regulation. These include the blurred line betweenadministrative and criminal law measures and the protection of individualrights and fundamental freedoms including data protection and privacy issuesin administrative and criminal law contexts respectively. Although brieflymentioning the global and international context, the focus of this Articleis the EU regulatory action, its outcome and critique, and possiblefuture.

This Article critically considers the effectiveness of the European Union's(EU) counter-terrorist financing (CTF) strategies. In particular, itconcentrates on the use of financial intelligence gathered from thesubmission of suspicious activity reports (SARs) by reporting entities toMember States Financial Intelligence Units (FIU). The Article identifies aseries of weaknesses in the United Kingdom's (UK) reporting regime:Defensive reporting, increased compliance costs, and the definition ofsuspicion. It concludes by making a series of recommendations that are aimedat improving the effectiveness of the EU and UK CTF reportingobligations.

Why is the fight against financial crimes such a central task for the EU?The EU has a strong interest to counter financial crimes and fraud againstthe EU budget as those crimes—so the EU legislator's claim is—hamper thetrust in the market and undermine consumer confidence to engage in internalmarket transactions. In this Article, we aim to discuss the establishment ofthe European Public Prosecutor Office as a federal agent and the effects ofthis agent for establishing a robust EU financial crimes regime. Comparisonswith the US system of US Attorneys—federal prosecutors—will be drawn to showthat this institution has been quite effective at enhancing the protectionof US financial market. The Article will then discuss to what extent the EUcan, and should, learn from the American experience. We are particularlyinterested in the strong security focus in the EU and its consequences whenit ventures into the area of financial crimes.

Considering the European Union's efforts to tackle various forms offinancial crime more effectively, especially since the financial crisis of2008, one would expect that the Union has also been strengthening its gripon national law with respect to corporate financial crime. Instead, thisArticle finds that the EU approach to corporate financial crime has actuallynot evolved that much over the past two decades. Moreover, this Articledemonstrates that EU law still fails to sufficiently take into account thespecific features of corporate entities (as opposed to individuals), as wellas to fully exploit the potential strengths of a criminal law approach, asopposed to an administrative or civil law approach. In the author's view,the EU should more carefully consider the objectives and strengths ofdifferent kinds of enforcement mechanisms and adopt a more coherentapproach, particularly with respect to corporations. Furthermore, when itcomes to corporate punishment, the EU seemingly lacks ambition andcreativity. EU legal instruments focus strongly on fines whileinsufficiently exploring other, potentially more adequate sanctions toachieve certain punishment goals. Ultimately, this may undermine theeffectiveness of the EU's fight against corporate financial crime.

Criminal offenses with the most different modi operandi and levels ofcomplexity can generate digital evidence, whether or not the actual crime iscommitted by using information and communication technology (ICT). Thedigital data that could be used as evidence in a later criminal prosecutionis mostly in the hands of private companies who provide services on theInternet. These companies often store their customers’ data on cloud serversthat are not necessarily located in the same jurisdiction as the company.Law enforcement and prosecution authorities then need to take two steps thatare not exclusive for evidence of a digital nature. First, they need todiscover where the data is located—with which company and in whichjurisdiction. Second, they need to obtain the data. In considering digitalevidence, the last step, however, is complicated by new issues that form thefocus of this paper. The first concern is the practice by companies todynamically distribute data over globally spread data centers in the blinkof an eye. This is a practical concern as well as a legal concern. Thesecond issue is the slowness of the currently applicable international legalframework that has not yet been updated to a fast-paced society whereincreasingly more evidence is of a digital nature. The slowness oftraditional mutual legal assistance may be no news. The lack of a suitablelegal framework for competent authorities that need to obtain digitalevidence in a cross-border manner, nonetheless, creates a landscape ofdiverse initiatives by individual states that try to remedy this situation.A third issue is the position that companies are put in by the new EUproposal to build a legal framework governing production orders for digitalevidence. With companies in the driver's seat of a cross-border evidencegathering operation, guarantees of the traditional mutual legal assistanceframework seem to be dropped. A fourth issue is the position of dataprotection safeguards. US based companies make for significant datasuppliers for criminal investigations conducted by EU based authorities.Conflicting legal regimes affect the efficiency of data transfers as well asthe protection of personal data to citizens.

As the use of the Internet and online platforms grows, the scale ofcollecting and processing personal data and turnovers have increased correspondingly.1 At the same time, public awareness about theInternet turning into a genuine profiling and advertisement machine, as wellas a powerful surveillance instrument, grows. More people today areconcerned about the ways in which public and private actors store and useprivate information. Many individuals note that they lose sight of theconsequences once they give consent to the collection of their sometimesmost intimate personal data. The Snowden revelations and the recent Facebookand Cambridge Analytica scandal have only reinforced this publicawareness.

Objections against these data processing practices cannot be explained asbreaches of data protection or privacy regulation alone. In this Article, itis argued that recently passed regulations fail to solve the unease of datasubjects as other, more fundamental values are at stake here. A different orcomplementary ethical and legal framework is needed to interpret thisgenerally felt unease vis-à-vis current data practices and secondly toconfront future developments on the data market. The concept of humandignity may be a helpful perspective in this respect. In the context of dataprocessing, human dignity is generally interpreted in a quite specificmanner, such as contributing to the empowerment and self-determination ofautonomous individuals. It can be argued, however, that human dignity—in thecontext of the commodification and commoditization of online personaldata—should be seen in a different, quite opposite, light. In sum, futureregulation of privacy and data protection attention should shift towardsmore constraining dimensions of human dignity.