Towards a Declaration of Internet Rights

by Professor Stefano RODOTA’ (FREE Group member) (*)

For many years there has been a wide discussion about the possibility of adopting an Internet Bill of Rights, and debates have produced a considerable number of proposals. The Berkman Centre at Harvard University counted 87 of such proposals, to which we can add the Internet Magna Charta that Tim Berners-Lee is working on, and lastly the Declaration of the Rights of Internet Rights that has been drafted by a Committee established by the President of the Italian Chamber of Deputies. The novelty of the latter is that for the first time the proposal of an Internet Bill of Rights has not been produced by scholars, associations, dynamic coalitions, enterprises, or groups of stakeholders, but by an institutional entity.

It is necessary to recall that the debate on this topic dates back to the World Summit on the Information Society organised in 2005 by the UN in Tunis, where the need for an International Convention on Internet rights was explicitly underlined. This subject was deepened in the following UN Internet Governance Forums. But the international debate was progressively turned into precise rules within the European Union, even before the issue of the Internet Bill of Rights appeared in the international arena. These are not, however, parallel situationsdestined not to meet at any point. The European Union progressively brought to light the constitutional basis of the protection of personal data, finding its full recognition in Article 8 (**) of its Charter of Fundamental Rights. Here a strong similarity with the Internet Bill of Rights is identified, and it concerns precisely the constitutional scope of rules.

We are going through a phase of deep change in the way in which we are facing the problems highlighted by the Internet dynamics, in the passage from Web 1.0 to Web 2.0 and now to Web 3.0. It is not just a matter of following technological changes by adjusting legal provisions to suit them. A new definition is being developed of the rationale driving actions in this area, through a radical U-turn as regards the dynamics of the latest phase. A possible historical turning point is ahead of us, whose/that’s opportunities must be seized.

It seemed that an approach had become consolidated, which left little room to rights. From Scott McNealy’s abrupt statement of 1999 – “You have zero privacy. Get over it” – up to the recent hasty conclusion by Mark Zuckerberg about the end of privacy as a “social rule”, a line characterised by the intertwining of two elements emerged: technological irresistibility and the primacy of the economic logic. On the one side, in fact, it was highlighted how technological innovations and the new social practices made it increasingly difficult, not to say impossible, the safeguard of one’s private life and of the public liberties; on the other side, the statement on the “death of privacy” had become the argument to state that personal information had to be considered as property of those who collected it.

These certainties were radically challenged by Edward Snowden’s disclosure on the magnitude of the National Security Agency’s Prism programme and by the judgements of the European Court of Justice on data retention and Google. The idea according to which the protection of fundamental rights shall give way to the interests of security agencies and enterprises was rejected.

A new hierarchy has been established, with the fundamental rights as the first and starting point. The US President had to admit the inadmissibility of the procedures provided for by the Prism program and the Court of Justice, with its decision of 8th April, that declared that the Directive on data retention was illegal. And in the Google case the same Court explicitly stated that “the fundamental rights under Articles 7 and 8 of the Charter (…) override, as a norm (…) the economic interest of the operator of the search engine”, in a perspective broadening the European Union’s jurisdiction beyond its borders.

We are faced with a true “resurrection of privacy” and, more generally, with the primacy of the need and legitimacy of rules effectively protecting the rights of Internet users. Making reference to article 8 of the Charter, the Court of Justice was acting as a true constitutional court, opening a new and wide perspective.

The Italian initiative

This is the framework within which the Italian initiative on the Declaration of Internet Rights was adopted. Its goal is not limited to having a text to be used for national debate only.

The establishment of the Committee that drafted the document, in fact, was preceded by an international conference gathering some of the authors of the Brazilian Marco Civil, the representatives of European Institutions, and several experts from different Countries.

The text drafted by the Committee was presented on 13th October during a meeting at the Chamber of Deputies with the Presidents of the Parliamentary Committees of Member Countries in charge of fundamental rights.

The present draft is now submitted to a four-month public consultation on the Internet, at the end of which the Committee will draft the final text. Such consultation, however, is also being carried out at a European and international level, as shown by the contacts with other European Parliaments and by the video conference that will be held at the beginning of December between the Italian and the French Committees. Consultations are also taking place with experts and associations from non-European Countries.

An ambitious target was set: drafting a text allowing a common international debate, accompanied by a constant monitoring by the Chamber of Deputies. The goal is not limited to working in the complex and remote perspective of an international convention. Short-term and feasible results can be achieved, concerning the strengthening of the European system, its developments and the relationships with other countries, and most of all the consolidation of a culture highlighting common dynamics in the different legal systems. In this way, the debate around a future Internet Bill of Rights may lead to the awareness that in the different legal systems several elements already exist that, once connected to one another, establish an informal Internet Bill of Rights. An evidence of such trend is found in the decisions of the Courts of the different Countries and in the choice of legislative models, as shown by the clear influence of the European model on the Brazilian Marco Civil.

The Italian Declaration is characterised by a fundamental choice. Differently from almost all the other ones, it does not contain a specific and detailed wording of the different principles and rights already stated by international documents and national Constitutions. Of course, these are generally recalled as an unavoidable reference. But the attempt of the Declaration, as a matter of fact, was to identify the specific principles and rights of the digital world, by underlining not only their peculiarities but also the way in which they generally contribute to redefining the entire sphere of rights.

The key words – besides the most well-known ones concerning the protection of personal data and the right to the informational self-determination – include access, neutrality, integrity and inviolability of IT systems and domains, mass surveillance, development of digital identity, rights and guarantees of people in Internet platforms, anonymity and right to be forgotten, interoperability, right to knowledge and education, and control over Internet governance. The importance of the needs linked to security and to the market is obviously taken into consideration, but the balancing of these interests with fundamental rights and freedoms cannot take place on equal terms, in the sense of ensuring first and foremost the full respect for rights and freedom according to the clear provisions of the Charter of Fundamental Rights and to European case law.

In particular, security needs shall not determine the establishment of a society of surveillance, control and social sorting. Economic needs are taken into consideration in the framework of the neutrality principle that, by guaranteeing the generative nature of the Internet, keeps the possibilities for innovation unchanged, and prevents strong subjects from creating conditions of exclusion of possible competitors. Furthermore, whenever Internet platforms provide public services that are essential for the life and the activities of people, it is necessary to guarantee the conditions for a suitable interoperability in compliance with the principle of competition and equal treatment of people.

Provided that not all the issues can be analysed in this document, it is suitable recalling the need to consider the access to the Internet as a fundamental right of individuals (Tim Berners-Lee compared it to the access to water), as an essential guarantee not only against any form of censorship, but also against indirect limitations, such as taxation as it is presently happening in Hungary. The set of rights recognised do not guarantee a general freedom on the Internet, but specifically aims at preventing the dependency of people from the outside, the expropriation of the right to freely develop one’s personality and identity as it may happen with the wide and increasing use of algorithms and probabilistic techniques. The autonomy in the management of personal data, therefore, shall also consider new rights as those not to be tracked and to keep silent the chip. This perspective requires a particular in-depth analysis, since a deeply interconnected society is being developed, with a passage to Internet of Things in forms that have suggested some people to speak of an Internet of Everything, which determines a digitalisation of day-to-day lives that is able to transform any person and their bodies.

People cannot be reduced to objects of external powers, they must recover the sovereignty on their digital person. Identity is a key issue. The free development of one’s personality must be safeguarded.

Starting from this set of references, it is necessary to thoroughly examine the issue of the transformation of copyright, whose analysis was postponed to the end of the consultation, since knowledge on the Internet appears as a shared asset that can be considered as a common global resource.

A broader perspective is therefore opened by the Italian draft Declaration, in consideration of the large amount of topics to be tackled and the debate between different points of view; and such Declaration is significantly in line with the European Union policy that particularly emphasises the Charter of Fundamental Rights. The unquestionable aspect is the need to fine-tune a constitutional policy for the Internet, whose users – presently amounting to three billion people – cannot rely on a freedom guaranteed by the absence of rules, as it is still presently stated.

The reality is very different, showing an interconnected network heavily regulated by private subjects that cannot be controlled and that have no democratic legitimation, as it happens – beyond any disputes – with the “Over the Top” operating on the Internet. Internet rights are denied by totalitarian regimes and, unfortunately, by democratic regimes as well. The perspective of a Declaration of Internet rights aims at developing – through procedures different from the ones of the past – the constitutional rules that are fundamental in order to allow the Internet to keep its main feature as a place of freedom and democracy, as the widest space of the history of mankind.

NOTE

(*) Intervention at the Friedrich-Ebert-Stiftung -FREE Group experts meeting on :
Internet: only a “single digital market” or also a space to promote fundamental rights – Towards a European “Marco Civil”? (November 12, 2014). The main idea of this experts’ conference has been to have a first look to the impact of the EU Digital Agenda on fundamental rights as framed by the Treaties, the EU Charter and the recent CJEU jurisprudence (Data retention, Google Case..). As stated by the Charter the individual should be at the center of all EU policies and this objective underpins the recent proposal for an Internet Bill Of Rights of the Italian Chamber of Deputies as well as other national examples (Brasilian “Marco Civil” and recent US initiatives at government, congress and civil society level).
Bearing in mind that EU is competent on most of the aspects dealing with Internet the question arises how to preserve and promote individual rights notably in the pending negotiations on legislative proposals notably on Data Protection, Net Neutrality and Network Security (NIS). Moreover what should be the future initiatives to be developed by the a new Commission’s legislative programme impacting on Internet ? How the future EU single digital market could preserve the principles of non-discrimination, and of informational self determination by strengthening the access to internet as a public common good ?
Together with Stefano Rodotà took also part to the Seminar
Claude Moraes Chairman of the European Parliament Civil liberties Committee (which adopted in 2009 a first Internet Bill of Rights resolution)
Jan Philipp Albrecht EP Rapporteur for the Data Protection Regulaiton and for the transatlantic “umbrella” Agreement
Paul Nemitz Director at the European Commission
Giovanni Buttarelli, Assistant European Data Protection Supervisor
Marc ROTENBERG Professor at the Georgetown University and Director of EPIC and Marie GEORGES expert at the Council of Europe
as well as Joe Mc Namee, Executive Director, European Digital Rights (EDRi).

(**) Article 8 Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority

 

 

Tarakhel v Switzerland: Another nail in the coffin of the Dublin system?

ORIGINAL PUBLISHED HERE

by  Professor Steve Peers (FREE Group Member)

Introduction

Despite the EU’s purported adherence to high standards of human rights protection, the EU’s Dublin system, which allocates responsibility for each asylum-seeker’s application to a single Member State, has repeatedly run foul of human rights standards. Yesterday’s judgment of the European Court of Human Rights (‘ECtHR’, or ‘Strasbourg Court’) in Tarakhel v Switzerland, and the recent judgment of the same court in Sharifi v Italy and Greece, have further confirmed the problems in making this system compatible with ECHR obligations.

In fact, the Tarakhel judgment goes further than the prior judgments, which had merely exposed the lack of sufficient human rights protection in the EU legislation, as applied by Member States. Rather, it is now clear that the approach of the Court of Justice of the European Union (CJEU) in interpreting the Dublin rules is also incompatible with the ECHR.

Background

The Dublin rules initially appeared as part of the Schengen Convention, which bound only certain Member States. They were then set out in the form of the Dublin Convention,signed in 1990. This Convention was replaced by an EC Regulation (known as the ‘Dublin II Regulation’) from 2003. That Regulation was in turn replaced by the Dublin III Regulation, adopted in 2013, which applies to all applications made after 1 January 2014. Furthermore, the Dublin rules have been extended to the non-EU countries associated with the Schengen system, by means of treaties with Norway and Iceland on the one hand, and Switzerland and Liechtenstein on the other.

The previous leading cases on the compatibility of the Dublin regime with human rights were (for the Strasbourg court) the 2011 judgment in MSS v Belgium and Greece, and (for the CJEU) the judgment in NS, delivered later that same year. In MSS, the ECtHR ruled that Greece had violated Article 3 ECHR (the ban on torture or other inhuman or degrading treatment) in three ways: its treatment of the Afghan asylum-seeker in question in detention; its failure to secure adequate living conditions for him after release from detention; and its highly deficient asylum procedure. The evidence of these violations was found in numerous reports by NGOs and international bodies. The Court also ruled that Belgium had violated Article 3 ECHR because it had returned the same asylum-seeker to Greece (in accordance with the Dublin rules), even though it must have known of the situation there. For good measure, the Court also ruled that Belgium had violated Article 13 ECHR (the right to an effective remedy), since Belgium did not provide for sufficient reviews of the merits in cases such as this one.

Subsequently, the CJEU ruled in NS that asylum-seekers could not be returned to Greece, pursuant to the Dublin rules, because of systematic deficiencies in the asylum system in that country. Removals in such cases would constitute a breach of Article 4 of the EU Charter of Fundamental Rights (the equivalent of Article 3 ECHR). However, the Court distinguished such major breaches of fundamental rights from minor violations of EU or international rules relating to refugees, which would not require Member States to refrain from applying the Dublin rules.

Before the ECtHR could rule in Tarakhel, the CJEU clarified its position in its judgment in Abdullahi, delivered late in 2013. The Court started out by emphasising the presumption that all EU Member States protected human rights, noting that there was now second-phase legislation establishing the Common European Asylum System. It then characterised the Dublin rules as essentially regulating the relationship between Member States, referring in particular to the optional ‘sovereignty’ and ‘humanitarian’ clauses in the Dublin II Regulation, as well as the possibility of conciliation or separate arrangements between Member States. It followed that when two Member States agreed which of them was the Member State of first authorised entry (triggering responsibility under the Dublin rules), an asylum-seeker could ‘only’ challenge that decision by ‘pleading systemic deficiencies in the asylum procedure and in the conditions for the reception of applicants for asylum’ in the Member State which was deemed responsible for the asylum application.

Finally, the recent Sharifi judgment pf the Strasbourg Court established that Italy’s interception of asylum-seekers from Greece in the Adriatic, and their forced return to Greece, violated Article 3 ECHR as well as the ban on collective expulsions in the Fourth Protocol to the ECHR. In doing so, it confirmed a key corollary of the MSS ruling: Member States breach the ECHR if they stop asylum-seekers fleeing an unsafe country directly from crossing their borders. Although the rules on freedom to travel for third-country nationals in the Schengen Convention do not give asylum-seekers the right to move between Schengen States (unless, improbably, they have a visa or residence permit, or the visa requirement is waived for their country of origin), the ECHR nevertheless gives asylum-seekers the freedom to travel between Schengen countries (or any States) in such circumstances. Also, the right to move to another country extends beyond the three-month time limit on intra-Schengen travel, since asylum-seekers can in principle stay until their claim is finally rejected.

The Tarakhel judgment

Yesterday’s judgment concerned a family of eight Afghans, who entered the EU by crossing the Italian border first. This made Italy responsible for their applications under the Dublin rules. However, the family soon left the asylum-seekers’ reception centre which they were assigned to in Italy, on the grounds that conditions there were inadequate for families. They moved to Austria, which triggered the Dublin rules, asking Italy to take charge of them. Italy agreed, but before their transfer to Italy could be carried out, they moved on to Switzerland. That country in turn asked Italy to take charge of the family; Italy tacitly accepted.

However, they challenged their removal to Italy on the grounds that their treatment in that country, if they were removed there, would violate Article 3 ECHR. They lost their case in the Swiss courts, so asked the ECtHR to rule that their removal to Italy would constitute a breach of Article 3, as well as Article 8 ECHR (the right to family life). They also alleged a breach of Article 13.

The ECtHR rejected the Article 13 claim on the merits, since the Swiss courts had examined the merits of their legal arguments and they were allowed to stay on Swiss territory in the meantime. It held that it was not necessary to examine the Article 8 argument. Most importantly, by a majority of 14-3, it found that there was a breach of Article 3 ECHR.

Yet there are important differences between the MSS judgment and the Tarakheljudgment. Yesterday’s judgment does not state that Italy’s asylum system has effectively collapsed, as was the case in Greece. In particular, there were no allegations in Tarakhelrelating to flaws in Italy’s asylum procedures, or as regards detention. The argument instead was solely about living conditions in Italian detention centres.

The ECtHR began by reiterating its case law from MSS about reception conditions for asylum-seekers. While Article 3 ECHR did not guarantee a home or financial assistance, in cases involving EU Member States the Court took account of their specific obligations in that respect under the EU’s reception conditions Directive. Also asylum-seekers were an ‘underprivileged and vulnerable group’, and it was possible that extreme poverty could raise issues under Article 3. The Court also referred to other prior case law on the need to ensure that child asylum-seekers, who were in a position of ‘extreme vulnerability’, enjoyed ‘protection and humanitarian assistance’.

Next, the Court reiterated the usual rule that Article 3 prevents removal if ‘substantial grounds have been shown for believing’ that there is a ‘real risk’ of treatment contrary to Article 3 in the state of destination. The same rule could be used to rebut the assumption that countries applying the Dublin system were all safe. In this context, the ECtHR referred to the CJEU’s ‘systemic deficiencies’ test set out in the judgment in NS, but made no reference to the ruling in Abdullahi that this was the ‘only’ ground for challenging the application of the Dublin rules. However, the ECtHR also ‘notes’ the recent EM judgmentof the UK Supreme Court, which expressly stated that ‘systemic deficiencies’ were not the only ground for such challenges. Overall, the Court stated that these tests had to be applied by examining ‘the applicant’s individual situation in light of the overall situation prevailing’ in the state of destination.

Applying these rules to this case, the applicants had made three complaints about the situation of the Italian reception system. The first complaint, about the slowness of identification procedures, was dismissed out of hand, since the applicants had in fact been identified quickly. As for the second complaint, the Court accepted the evidence that there were not enough places for all asylum applicants. Thirdly, as for the reception conditions within the available facilities, a number of problems had been identified by the UNHCR and the Council of Europe’s Human Rights Commissioner.

Taken as a whole, then, the Court ruled that the ‘current situation in Italy can in no way be compared to the situation in Greece at the time of the MSS judgment’, where only a small fraction of asylum-seekers could be accommodated and ‘the conditions of the most extreme poverty…existed on a large scale’. So there could not be ‘a bar to all removals of asylum seekers to that country’. Having said that, the Court accepted that there was some risk that asylum-seekers might not get accommodation, or that the accommodation would be inadequate.

As for the individual position of the applicants, that was not comparable to the facts of theMSS case either.  The family in this case were taken care of immediately by the Italian government, rather than detained and then left to fend for themselves. But again, having said that, the Court was concerned that, in light of the vulnerability of asylum-seekers, and children in particular, there was no guarantee of (adequate) accommodation for families seeking asylum in Italy. So Switzerland could not send the family to Italy unless they obtained sufficient assurances on this point. This alone constituted a breach of Article 3 ECHR.

Interestingly, the majority judgment makes no reference to the alternative possibility of asylum-seekers obtaining private family housing at the expense of the State, which the CJEU developed in its recent Saciri judgment on the reception conditions Directive.

Comments

With great respect, there are many flaws with the CJEU’s judgment in Abdullahi. That judgment confuses Regulations (directly applicable in national legal systems) with Conventions (essentially governing relations between States). It places undue reliance on provisions of the Dublin II Regulation which were never applied in practice (conciliation) or were irrelevant to the case at hand (separate arrangements between Member States). It ignores the CJEU’s own case law on the ability to challenge Member States’ application of the Dublin II rules as regards unaccompanied minors (MA), humanitarian situations (K) or withdrawn applications (Kastrati). Its scope is unclear: does it only apply when Member States agree that the criterion regarding irregular entry is applicable, or in other cases as well? In any event, the judgment needs to be rethought in light of the Dublin III Regulation, which considerably expanded the procedural rights of asylum-seekers in the Dublin context. Why do that, if they can only challenge their transfer if there is a complete breakdown in the asylum system of the State responsible for their application?

But the most fundamental flaw in the Abdullahi judgment is exactly that: the CJEU’s statement that at least in some cases, the determination of the responsible Member State can ‘only’ be challenged if there are ‘systemic deficiencies’ in the asylum system of that State. Is that statement still correct after Tarakhel?

Certainly the statement is wrong if the CJEU meant (as it appeared to say) that both the asylum procedure and the reception conditions systems have to have failed in the responsible Member State, before a transfer to that State can be challenged. In Tarakhel, there is no issue raised regarding the asylum procedure in Italy. More generally, the Italian reception system is not in complete breakdown: the Tarakhel family faces neither extreme poverty nor vile detention conditions, but merely some risk that accommodation will either not be available or that it will be somewhat unpleasant. Accordingly, the Swiss obligations are nuanced: there is no ban on transfers, merely a procedural obligation to make arrangements with the Italian authorities.

It isn’t clear whether Tarakhel abandons the CJEU’s assumption that only ‘systemic deficiencies’ in the asylum system of a responsible State can justify a challenge to a Dublin transfer, or whether the judgment merely modifies the notion of ‘systemic deficiencies’ considerably, lowering the threshold for its application. On the first hypothesis, ‘systemic deficiencies’ are just one example of a situation that could lead to rebuttal of the assumption that another Dublin State is safe. Uncertainty about adequate reception conditions for families is another. But surely this cannot be an exhaustive list.

On the second hypothesis, a ‘systemic deficiency’ would not exist only where an asylum system had entirely collapsed, but where some particular aspect of the system was malfunctioning regularly to some extent. By analogy, a car needs to be fixed not only when the brakes entirely fail to work, but also when the windshield wipers occasionally malfunction. The risk is far greater in the first case, but the second case shouldn’t be ignored either. Again, the problems in Tarakhel cannot be the only example of a flaw in the asylum system of a responsible Member State that needs to be fixed before asylum-seekers can be transferred there.

There isn’t much difference between these two possible interpretations of Tarakhel. Although the first interpretation is in principle more open-ended than the second one, it shouldn’t take too much imagination to argue that any particular problem an asylum-seeker might face in the responsible Member State is ‘systematic’ in this very broad sense. The second interpretation does give the CJEU more leeway to back down from its head-banging judgment in Abdullahi, and explain that this was also what it had meant by ‘systemic deficiencies’ all along.

Of course, given the strong insistence on the efficiency of the Dublin system in theAbdullahi judgment, this is obviously not what the Court had meant at the time. Yet the clear message from the Tarakhel case is that there is not a simple binary distinction between cases when all Dublin transfers should stop, on the one hand, and cases when all Dublin transfers should go ahead at full speed, on the other. Instead, like a traffic light, yesterday’s judgment creates an intermediate category of cases in which national administrations must proceed with caution. This will undoubtedly make the Dublin system more costly and complex to administer, but that is often the only way to ensure that human rights are protected effectively.

Barnard & Peers:  chapter 9, chapter 26

THE PROPOSED GENERAL DATA PROTECTION REGULATION: SUGGESTED AMENDMENTS TO THE DEFINITION OF PERSONAL DATA

by Douwe Korff, Professor of International Law

(and FREE Group Member)

  1. Background

In a recent judgment (discussed previously on this blog) the third chamber of the CJEU has ruled that the concept of “personal data” in the 1995 data protection (DP) directive is limited to data directly relating to a person, and does not include legal analyses in the file on the person, on which the state (NL) relied in taking its decisions in relation to that person (Joined Cases C-141/12 and C-372/12). I believe the Court’s restriction of the concept is wrong and contrary to the intended purpose of data protection; and should be corrected in the new General Data Protection Regulation.

First of all, the Court based itself on the, in my opinion erroneous, view that the 1995 EC DP Directive was solely aimed at protecting privacy. In particular, it felt that the right of data subjects to access to their personal data should not extend to a legal analysis of their case, contained in a file on them, because (in the Court’s view) such an analyses “is not in itself liable to be the subject of a check of its accuracy by [a data subject]”, and data subjects should not be able to use data protection to seek a rectification of such an analysis (cf. para. 44 of the judgment).

Secondly, the Court also relied on the fact that data of the kind at issue in the joined cases was administrative data held by a public authority and, drawing a parallel with EU regulations on privacy and access to documents, held that access to the legal analysis should be addressed under the latter rules rather than the former. This failed to take into account the fact that the EU rules referred to apply only to public (i.e., EU) bodies, whereas the 1995 DP Directive applies also, and in indeed especially, to private-sector bodies (in particular companies) that are not subject to public-sector rules on access to administrative data.

The Court’s judgment, in sum, seriously limits the concept of personal data and the right of access to one’s personal data, and thus seriously limits the application of the entire EU data protection regime. It leaves individuals with seriously less rights in respect of data on them (or relating to them, or used to take decisions on them, or that affect them) than was previously thought.

Specifically,the judgment runs directly counter to the authoritative 2007 Article 29 Working Party (WP) Opinion on the concept of personal data (Opinion 4/2007, WP136, of 20 June 2007). This first of all noted that the purpose of data protection is not limited to a narrow concept of privacy – as is indeed also clear from the fact that data protection is guaranteed in the Charter of Fundamental Rights (CFR) as a separate right, sui generis, from the right to private life/privacy (data protection is guaranteed in Article 8 CFR; Privacy in Article 7 CFR). Astonishingly, given that the WP29 is expressly charged with providing guidance on the interpretation and application of the 1995 DP Directive, the Court did not even mention either the Working Party or this specific opinion.

In the opinion, the Working Party discussed four elements of the definition, from which it deduces the appropriate criteria for determining whether data should be regarded as personal data within the meaning of the directive. They can be paraphrased as follows:

The first element: “any information”:

The WP concludes that these words indicate that the concept of personal data should be interpreted broadly, and not limited to matters relating to a person’s private and family life stricto senso (as has wrongly been done in the UK under the Durant decision, and as appears to also underpin the Court’s judgment). It also covers information in any form, including documents, photographs, videos, audio and biometric data, body tissues and DNA.

The second element: “relating to”:

In general terms, information can be considered to “relate” to an individual when it is about that individual. However, data about “things” can also be personal data, if the object in question is closely associated with a specific individual (e.g., mobile phone location data). This is of increasing importance in the era of the Internet of Things. Important in relation to the CJEU judgment, the WP29 adds the following consideration, with reference to an earlier opinion, on radio frequency identification (RFID) tags, WP105 of 19 January 2005 (original italics and bold; underlining added):

In the context of discussions on the data protection issues raised by RFID tags, the Working Party noted that “data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated.“…

[I]n order to consider that the data “relate” to an individual, a “content” element OR a “purpose” element OR a “result” element should be present.

The “content” element is present in those cases where – corresponding to the most obvious and common understanding in a society of the word “relate” – information is given about a particular person, regardless of any purpose on the side of the data controller or of a third party, or the impact of that information on the data subject. (…)

Also a “purpose” element can be responsible for the fact that information “relates” to a certain person. That “purpose” element can be considered to exist when the data are used or are likely to be used, taking into account all the circumstances surrounding the precise case, with the purpose to evaluate, treat in a certain way or influence the status or behaviour of an individual. (…)

A third kind of ‘relating’ to specific persons arises when a “result” element is present. Despite the absence of a “content” or “purpose” element, data can be considered to “relate” to an individual because their use is likely to have an impact on a certain person’s rights and interests, taking into account all the circumstances surrounding the precise case. It should be noted that it is not necessary that the potential result be a major impact. It is sufficient if the individual may be treated differently from other persons as a result of the processing of such data.

These three elements (content, purpose, result) must be considered as alternative conditions, and not as cumulative ones. In particular, where the content element is present, there is no need for the other elements to be present to consider that the information relates to the individual. A corollary of this is that the same piece of information may relate to different individuals at the same time, depending on what element is present with regard to each one. The same information may relate to individual Titius because of the “content” element (the data is clearly about Titius), AND to Gaius because of the “purpose” element (it will be used in order to treat Gaius in a certain way) AND to Sempronius because of the “result” element (it is likely to have an impact on the rights and interests of Sempronius). This means also that it is not necessary that the data “focuses” on someone in order to consider that it relates to him. …

The “legal analyses” that the CJEU ruled were not personal data are clearly covered by the above: they are the very basis on which the data subjects in questions (asylum seekers) were “treated” and “evaluated”. To apply the reasoning of the Working Party: they determine whether Titius should be treated the same way as Gaius or not; and they may also have an impact on the rights and interests of Sempronius.

This is also crucially important in relation to “profiles”. Under the judgment, states and companies could argue that individuals should also not have a right to challenge the accuracy of a profile, any more than the accuracy of a legal analysis; and that, indeed, they are not entitled to be provided on demand with the elements used in the creation of a profile. After all, a profile, by definition, is also based on an abstract analysis of facts and assumptions not specifically related to the data subject – although both are of course used in relation to the data subject, and determine the way he or she is treated.

In my opinion, the above is the most dangerous limitation flowing from the Court’s judgment.

The third element: “identified or identifiable”:

Although this issue did not arise in the CJEU cases, it is still crucial, in particular in relation to the ever-increasing and ever-more-widely-available massive sets of “Big Data”. In the opinion of the WP, the core issue is whether a person is, or can be, singled out from the data, whether by name or not. A name sometimes suffices for this, but often not, while a photograph or an identity number often does allow such singling out even if no other details of the person are known. In relation to pseudonymised or supposedly anonymised data, the WP concluded (with reference to the recitals in the 1995 directive) that the central issue is whether the person can be identified (singled out), whether by the data controller or by any other person, “taking account of all the means likely reasonably to be used either by the controller or by any other person to identify that individual.

The fourth element: “natural person”:

In principle, personal data are data relating to identified or identifiable living individuals. There are some issues relating to data on deceased persons and unborn children: these can often still (also) relate to living individuals, in the way discussed above, and would then still be personal data in relation to those latter individuals. Data on legal entities can sometimes also, similarly, relate to living individuals associated with those entities. Also, in some contexts some data protection rights are expressly extended to legal persons (companies etc.) per se, in particular under the so-called “e-Privacy Directive”. But that is a special case. This too, however, was not an issue relevant to the CJEU judgment.

Until the CJEU judgment, it could be assumed that as long as the General Data Protection Regulation used the same definition of personal data as the 1995 DP Directive, the above elements and criteria could simply be read into the new instrument.

However, the judgment could result in the definition in the GDPR being read in accordance with the Court’s restricted views, rather than in line with the WP29 guidance.

In my opinion, if the EU wishes to retain a strong European data protection framework, as is often asserted, it is essential that the GDPR expressly (if of course briefly) endorses the WP29 view of the issue, rather than the CJEU’s one.

Below, I suggest amendments to the definition of the concept of personal data in the GDPR that would achieve that (some further amendments should be made to the recitals).

  1. Proposed amendments to the GDPR

As can be seen from the Annexes, with the different definitions of personal data and data subject in the Commission text of the GDPR and in the amended version of the Regulation adopted by the EP (and with the corresponding definitions in the current 1995 DP Directive), the definitions all say in essence that:

‘personal data’ means any information relating to a data subject (with ‘data subject’ then defined as “an identified or identifiable natural person”), or:

‘personal data’ means any information relating to an identified or identifiable natural person which comes to the same thing (and is in accordance with the current directive).

The EP text adds clarification on when a person can be regarded as “identifiable”, on the lines of the views of the Article 29 Working Party (drawing on a recital in the current directive); and more specific provisions on “pseudonymous data” and “encrypted data”.

However, neither text adds clarification on the question of when data can be said to “relate” to a (natural, living) persons – which is the issue so badly dealt with in the CJEU judgment.

I propose that the definition of “personal data” in the GDPR be expanded to expressly clarify the question of when data can be said to “relate” to a person, by drawing on the guidance of the Article 29 Working Party set out above; and by also expressly clarifying that “profiles” always “relate” to any person to whom they may be applied. Specifically, I propose that an additional paragraph be added to Article 2(2), spelling out that:

“data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in [Article 20 in the Commission text/Article 4(3a) of the EP text] by their nature relate to any person to whom they may be applied.”

The Annexes indicate more specifically how such an amendment could be incorporated into the current (Commission and EP) texts of the Regulation.

Annex I

PROPOSED AMENDMENTS TO ARTICLE 4 OF THE GENERAL DATA PROTECTION REGULATION:

(Added or amended text in bold)

The proposed amendments if applied to the Commission text:

(1)        ‘data subject’ means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;

(2)        ‘personal data’ means any information relating to a data subject;

(2a)      data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in Article 20 by their nature relate to any person to whom they may be applied.

The proposed amendments if applied to the EP text:

(2)        ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’);

(2a)      an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person;

(2b)     data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in paragraph (3a) by their nature relate to any person to whom they may be applied.

(2c) ‘pseudonymous data’ means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution;

(2d) ‘encrypted data’ means personal data, which through technological protection measures is rendered unintelligible to any person who is not authorised to access it;

NB: The actual Commission and EP texts are set out in Annex II

Annex II

The definition of “personal data” in the original Commission text of the GDPR and in the amended version of the Regulation adopted by the European Parliament:

Text proposed by the Commission Amendment
Definitions Definitions
For the purposes of this Regulation: For the purposes of this Regulation:
(1) ‘data subject’ means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;
(2) ‘personal data’ means any information relating to a data subject; (2) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject‘); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person;
(2a) ‘pseudonymous data’ means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution;
(2b) ‘encrypted data’ means personal data, which through technological protection measures is rendered unintelligible to any person who is not authorised to access it;

Cf. the following definition in the current 1995 DP Directive:

(a) ‘personal data ‘shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

Denmark and EU Justice and Home Affairs Law: Really Opting Back In?

Original published EU LAW ANALYSIS

by Steve Peers

On October 7th  the Danish Prime Minister made an announcement that Denmark would hold another referendum on EU matters in 2015. This was widely reported as a vote on whether Denmark would opt back in to EU Justice and Home Affairs (JHA) law. In fact, the government’s intention is to hold a vote on whether to replace a complete opt out with a selective opt-out. This blog post explains the detail of the issue, including a complete list of the measures which Denmark might opt back into if the Danish public approves the referendum proposal.

The Danish opt-out effectively dates back to the Danish referendum on the Maastricht Treaty in 1992. Following the initial Danish ‘no’ vote to that treaty, the EU’s Heads of State of Government adopted a Decision, which states that Denmark fully participates in EU JHA law. This was accompanied by a declaration stating that any transfer of powers to the European Community (as it then was) would be subject to a referendum in Denmark. This is generally regarded as the basis for Denmark’s opt-out on JHA matters.

This Decision is also often described as an opt-out on EU citizenship, although it is no such thing: it simply clarifies the relationship between Danish and EU citizenship. In fact, despite a widespread belief to the contrary, Denmark has no opt-out on EU citizenship at all. The JHA opt-out was formalised as a Protocol to the Treaties at the time of the Treaty of Amsterdam (in force 1999), and was then revised at the time of the Treaty of Lisbon (in force 2009). It currently appears as Protocol 22 to the Treaties.

In a nutshell, the legal position is as follows. Continue reading

Some questions to the would-be Commissioner for Better Regulation, Fundamental Rights and Rule of Law (Timmermans)

by Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be Commissioners for Better Regulation, Fundamental Rights and Rule of Law (Timmermans) will be questioned tomorrow by Members of the European Parliament (MEPs), to determine whether the EP should vote to confirm them in office. MEPs have already asked some written questions and the would-be Commissioner have replied. However, during the oral hearing will be an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments.
Rather strangely the hearing will not follow to the EP very detailed internal rules (of art.118 and Annex XVI (*) which require that hearing should take place before the Parliamentary committees Candidate Vice President Timmermans will instead be heard by the Conference of President of political Groups.

1.Rule of law / implementation of EU law
The confidence of all EU citizens and national authorities in the functioning of the rule of law in the Member States is vital to increase the mutual trust and to further develop the EU into “an area of freedom, security and justice without internal frontiers”.
In your written reply you strongly support the recent Commission proposal for a “common rule of law framework (COM(2014)158 as repeatedly advocated by the European Parliament (but criticized by the Council legal Service). However such an exercise risk which should cover all the EU member states, risk to be meaningless if the Commission does not strengthen the mechanisms which implement the principle of sincere cooperation with and between the MS. For instance there is no ground in the Treaty which justify confidential meetings between the Commission and the MS (even in the framework of the so called “EU Pilot mechanism”) when legal certainty on the exact scope of EU citizens rights and obligations are at stake.
As first steps to strengthen the rule of law would not then be appropriate :
- to update the way how the Commission on a daily basis debates with the Member states the implementation of EU legislation?
- make public the MS implementation plans as well as the table of correspondence between EU and national rules ?
- to implement, (five years after the Lisbon Treaty !), the art.70 mechanism on “objective and impartial evaluation of the implementation of the Union policies” in the FSJA by keeping informed the European and national parliaments ?
- to take stock every year of the ruling of the European Courts and of the measures taken at national level ?

2. Charter of Fundamental rights as “roadmap for the EU legislator ?
In a recent ruling the Court of Justice stroke down for the first time an EU Directive (the Data Retention Directive 2006/24) because “.., the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter. ” According to the CJEU the Directive “..does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter” and moreover “does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured…” In other terms from now on the Court of Justice will require a strict assessment of the proportionality and necessity of measures that constitute serious restrictions to fundamental rights, however legitimate the objectives pursued by the EU legislature.
On the basis of this landmark ruling do you not consider your priority to revise under the proportionality perspective the legislation falling in judicial and police cooperation in criminal matters adopted before the entry into force of the Charter and of the Treaty of Lisbon ?
Will you commit to develop a stronger and more transparent strategy to deal with infringements of EU law where the rights in the Charter are threatened by a Member State’s non-existent or incorrect implemenation of its EU law obligations?
Will not be sensible, taking in account your attachment to the REFIT exercise to review the legislation by establishing “sunset clauses” for measures limiting EU citizens rights? Moreover, by sticking on data protection aspects do you not consider that this ruling raise even bigger doubts on the compatibility with the proportionality principle of the EU-US agreements on PNR and TFTP and of the legislative proposals submitted by the Commission on the EU-PNR and the “Entry-Exit” (not to speak of the lack of compliance of the proposal on trusted traveller with the principle of non discrimination) ?  Continue reading

Some questions to the candidate High Representative for external relations (Federica Mogherini)

By Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be High Representative for the Common Foreign and Security Policy and Commission Vice President for external relations (Mogherini) will  questioned in the next two days by Members of the European Parliament (MEPs), to determine whether the EP should vote to confirm her in office. MEPs have already asked some written questions and the would-be Commissioners have replied. However, the oral hearings which will shortly take place are an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments.

The following are suggested questions on institutional issues, although of course MEPs should also ask questions on the substance of EU foreign policy.

QUESTIONS TO HIGH REPRESENTATIVE CANDIDATE MOGHERINI

1 External Internal Security Policy

In your written answer you claim the need of a consistent and global approach to external and internal security. However, legally these two dimensions have been artificially separated in the Treaties by a disconnection clause (art.40 of TEU) [1] according to which the external security will remain intergovernmental. This means that consensus between the 28 Member States will remain the main rule, there are no legislative powers and the Court of Justice has no full judicial oversight. Bearing in mind these flaws of the EU external security policy (also from the point of view of the democracy principle and of the rule of law) would not be better to achieve some of your goals by building them on the external dimension of “internal” policies (such as protection of borders, migration, judicial and police cooperation)? If so qualified majority will be the rule and external agreements will be approved by the EP (as already happened with some EU-US agreements) and EU acts will be under the control of the Court of justice…

2.Solidarity clause in case of terrorist attack or natural or man made disaster (art. 222 TFEU)

On a joint proposal of your predecessor and of the Commission on 24 June 2014 the Council adopted thearrangements for the implementation by the Union of the solidarity clause (art 222 TFEU)  to be activated  if a Member State is the object of a terrorist attack or the victim of a natural or man-made disaster. The text has been adopted without associating the EP and moreover it does not foresee any structured information of the European Parliament on the way in which threats are defined and monitored, not even in the case that such an event occurs. However even if the Treaty does not impose a requirement to provide this information nothing would had prevented the Council from  foreseeing it on its own initiative also because it would be bizarre that the members of the EP discover a terrorist attack from the press rather than from institutional channels. Will you propose an amendment to that Decision by recognising an adequate space for the EP?

3.Global Approach to Migration and mobility partnership as a binding act

As you rightly say in your written answer, EU development policy and international agreements could be the answer to address the root causes of displacement. However the Global Approach of Migration and the mobility partnership are only diplomatic instruments and are meaningless if not framed as full international agreements. Should they be transformed into legal binding acts (both for third countries and the EU and its Member States) and be accompanied by formal EU agreements with the relevant UN Agencies (UNHCR, IOM) tasking (and financing) them for the interventions in third countries? Continue reading

WARNING: THE EU COUNCIL IS TRYING TO UNDERMINE PRIVACY SEALS (and through this, the General Data Protection Regulation)

by Douwe KORFF (*)

(*) Professor Douwe Korff is an Associate of the Oxford Martin School of the University of Oxford and a Visiting Fellow at Yale University (Information Society Project). He helped to establish the European Privacy Seal (EuroPriSe) scheme discussed in the text.

  1. Introduction

Some people, including myself, believe that good privacy seals, managed by the right bodies, can make a serious contribution to high-level data protection – while bad seals, issued by bodies that are more interested in providing fig-leaves and making money, can seriously harm data protection. The arrangements for data protection certification in the new General Data Protection Regulation (hereafter: “the regulation”) are therefore important. The original draft of the regulation, issued by the Commission in January 2012, merely said that certification schemes should be “encouraged” (although it provided for some EU-level harmonisation of the frameworks).

The European Parliament’s amended text is much more ambitious in this regard and, if adopted, would make certification schemes both more integrated with the general data protection regime and stronger, also in terms of ensuring that no seals could be issued in one Member State that would undermine data protection in other Member States.

However, the text set out in an EU Council document dated 26 September 2014 and just leaked, shows that the Member States are trying to undermine the good proposals of Parliament.

At II, I first briefly set out the problems with European privacy seal schemes under the current rules. Next, at III, I analyse the relevant provisions in the different versions of the regulation, adopted by the Commission, Parliament and the Council. Finally, at IV, I conclude that if the Council text were to be adopted, the provisions on seals could become a Trojan Horse that could seriously undermine the in principle strong data protection regime in the regulation (pace other watering-down attempts by the Council). This note thus seeks to sound a warning to those involved in the upcoming trilateral negotiations on the regulation text, not to allow such a dangerous scheme (or rather, an ill-defined miscellany of schemes) to slip in.

  1. Data protection seals and the 1995 Data Protection Directive

There is no explicit provision on data protection- or privacy seals or certification schemes in the main EC data protection directive (Directive 95/46/EC, hereafter “the directive”), although other self-regulatory mechanisms, such as codes of conduct and contractual arrangements are encouraged under it (see Art. 27 re codes; Art. 26(2) re “appropriate contractual clauses”). Nevertheless, the European Commission has in practice encouraged the establishment of seals, in particular by supporting the establishment of the “European Privacy Seal” (EuroPriSe) scheme under an “e-TEN” programme; this was until recently operated by the data protection authority of the German Land of Schleswig-Holstein, the Independent Centre for Privacy Protection (or ULD after its German initials), but has recently been passed on to a private German company, 2B.[1] The French data protection authority, CNIL, has also established a certification scheme, under which controllers can certify that they meet certain CNIL-specified criteria (but so far only in relation to privacy training, data protection audit, and one product: cloud computing).[2]

Continue reading

Future of EU migration, home and justice policies. Some questions to the new candidates commissioners..

by Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be Commissioners for immigration and home affairs and Justice will shortly be questioned by Members of the European Parliament (MEPs) in hearings, to determine whether the EP should vote to confirm them in office. MEPs have already asked some written questions and the would-be Commissioners have replied. Since most of the written questions were not very searching (except for a couple of questions on data protection issues), the Commissioners did not reply in much detail. However, the hearings are an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments, in these fields. To that end, we have therefore suggested a number of oral questions which MEPs should ask in the hearings.

Immigration and asylum

The Commission consider that migration policy should be framed by the (non binding) objectives of the global approach to migration (GAMM) and relations with third countries should be dealt with by “Mobility Partnership” which are more diplomatic declarations than binding acts. Would you propose a binding legal basis for treaties with the countries concerned, grounded on Articles 77, 78 and 79 of the TFEU?

What actions will the Commission take to ensure that EU legislation in this field is fully and correctly implemented by the Member States?

Will the Commission propose an immediate amendment to the EU visa code, to confirm that Member States are obliged to give humanitarian visas to those who need them and who apply at Member States’ consulates in third countries?

When will the Commission propose EU legislation to guarantee mutual recognition of Member States’ decisions regarding international protection, including the transfer of protection?

When will the Commission make proposals for a framework for sharing responsibility for asylum-seekers and persons who have been granted international protection, starting with those who have applied outside the territory of the Member States?

Will the Commission propose an immigration code, and what will its main contents be?

The Court of Justice has recognised that search and rescue obligations are interlinked with external borders surveillance (Case C-355/10). The EU adopted rules in this field which governing only border control coordinated by Frontex. Do you intend to propose that such rules should apply to all Member States’ border controls as a general rule, by formally amending the Schengen Borders Code ?

What immediate and longer-term steps will the Commission take to address the death toll of migrants crossing the Mediterranean?

Will the Commission propose to amend the EU legislation on facilitation of unauthorised entry to confirm that anyone who saves migrants from death or injury during a border crossing, or who otherwise acts from humanitarian motives, is exempt from prosecution?

Internal Security and Police cooperation Continue reading

La nouvelle Commission Juncker et la JAI : que tout change pour que rien ne change ?

by Henri LABAYLE (CDRE)

Original published HERE

La composition de la nouvelle Commission a suscité nombre de commentaires dans les médias, souvent bienveillants sinon flatteurs. L’a priori favorable dont bénéficie son Président, Jean Claude Juncker, n’empêche pas de douter de leur bien-fondé en matière de Justice et d’affaires intérieures, à supposer d’ailleurs que ces commentaires se vérifient dans les autres domaines d’action de l’Union.

Après des discours encourageants semblant indiquer que les thèmes des valeurs de l’Union et de l’urgence migratoire avaient été pris en considération par le programme du candidat à la Présidence, le retour à la réalité est moins enthousiasmant. Sans procès d’intention, il faut se résoudre à penser que, non seulement le changement ici aussi n’est pas pour maintenant, mais qu’il n’est pas davantage dans l’esprit des dirigeants de l’Union.

On fera litière d’abord des éléments de communication habilement distillés dans les rédactions des grands médias européens, notamment via un document de presse intelligemment construit. En résumé, la nouvelle Commission serait aujourd’hui un animal « politique », par opposition à sa composition technocratique précédente. Cette option est résumée ainsi par son président : « les commissaires ne sont pas des fonctionnaires ». Est-on bien certain que l’inverse n’est plus vrai ?

Soit, même si à l’examen il est aisé de se rendre compte que nombre de ces politiciens ont plutôt leur avenir politique derrière eux (5 anciens premiers ministres, 4 vice-premiers ministres, 19 anciens ministres, 7 commissaires sortants, nous dit-on), à supposer parfois qu’ils en aient eu un. Reste alors l’habileté manœuvrière qui, si l’on se penche plus précisément sur la JAI, réclamera vraisemblablement davantage de solliciter celle de Jean Claude Juncker que de compter sur le dispositif proposé.

Quelle délimitation des composantes de l’Espace de liberté ?

Continue reading

The new Commission: first thoughts on Justice and Home Affairs issues

By Steve PEERS

ORIGINAL POSTED HERE

Today’s list of jobs for the next European Commission – and the accompanying major restructuring of the Commission – has major implications for every area of EU policy. But here are my initial thoughts about the impact upon Justice and Home Affairs (JHA) issues.

Of course, the next European Commission still has to be confirmed by the European Parliament (EP). The EP insisted on changes to the planned list of Commissioners in 2004 and 2009, so it might well do so again. But nevertheless, it’s an opportune moment to examine the new Commissioners who will have responsibility for JHA issues – as well as the revised structure of the Commission as it affects such issues.

Migration and Home Affairs

As before, the area of immigration and home affairs (ie policing and internal security) is assigned to a separate Commissioner. Therefore the suggestion in some quarters that there’s a new ‘Commissioner for immigration’ is just not true. There is also still a separate Directorate-General (DG) dealing with these issues. DG Home picks up responsibility for anti-drug policy and security research, and does not lose any policy responsibilities.

The new Commissioner is Dimitris Avramopolous. He has no background in this field, and his current job is Greek defence minister. But that’s misleading: he started out his career as a diplomat, became a popular mayor of Athens and was also an MP (for the conservative New Democracy party), holding ministerial posts for tourism, health and foreign affairs before becoming defence minister. So he has a broad diplomatic and political background.

The most striking thing about his appointment is his nationality. Greece is, of course, at the centre of the debate about the effectiveness of the EU’s ‘Dublin’ policy, which assigns responsibility for asylum applications to (in effect, in most cases) the first country which they enter. That is frequently Greece. So partly as a result of the Dublin rules, the Greek asylum system has broken down in recent years, and both the CJEU and the European Court of Human Rights have ruled that sending asylum-seekers to Greece would violate their fundamental rights.

Since Avramopolous never previously held a job relating to immigration policy, he can’t be blamed directly for these problems. Also, it must be recalled that because Commissioners are independent of the government which appointed them (although Commissioners have been known to forget this), it will not be his job to defend the Greek government, but rather to articulate and enforce EU policy in this area. Hopefully it will be an advantage, not a detriment, to have an immigration Commissioner from a Mediterranean state, given the crucial role which sea crossings play in EU immigration policy.

In light of the external impact of EU immigration policy, it also useful that the new Commissioner has diplomatic experience. In particular, it’s potentially significant that he is credited as one of the authors of the recent Greek-Turkish rapprochement. Migrants who come from Turkey and refugees who travel via Turkey are a significant part of those who come to the EU, and the EU/Turkey readmission agreement will come into force on 1 October. One of his chief tasks will be to ensure EU visa liberalisation for Turkey, as a quid pro quo for the readmission agreement and other changes in Turkish policy. On paper at least, he is the right man for this job.

Justice Continue reading