Amid the spying by EU Member States’ intelligence agencies, is EU law silent?

I have been thinking further about the implications in terms of the GDPR of undue access to personal data on EU persons (and others) by EU Member States’ intelligence agencies. I believe that the Court’s recognition of the regrettable “hole” in the Treaties need not be the end in this regard. In this draft paper, I discuss my line of reasoning. In section 3, I discuss the implications (also in relation to “indirect access”); in section 4, the resulting dilemmas; and in section 5 I will note that the only way to address those dilemmas remains the international human rights law framework.