EU Internal Security strategy: towards a EU-USA common path?

The traditional meeting between the justice and home affairs ministerial representatives of the United States of America (USA) and of the European Union (EU) took place the 8th and 9th December 2010. Ms Janet Napolitano, from the Department of Homeland Security and Mr Eric Holder, General Attorney of the Department of Justice have discussed with the European Union presidency and the Commissioners Ms Cecilia Malmström and Ms Viviane Reding the transatlantic initiatives, both planned and underway- aimed at preventing and combating terrorism and organised crime.

The meeting confirmed the hegemonic and inspiring role that the American administration has towards the European Union when it comes to defining and implementing the European Internal Security Strategy (ISS).

This is true when it come to the synchronisation of the EU’ activities, since the Justice and Home Affairs Council which took place in Toledo in February 2010 adopted the strategy while the US administration approved the Fourth revision of its own internal security strategy.

It is also true in relation to the increasing concurrence of the objectives underpinning it. After all this is not so surprising for two allies which cooperate on a daily basis in all different domains, going from intelligence, money laundering, to the fight against drugs.

Therefore, the European ISS includes the fight against cyber crime, measures aimed at the protection of commercial flights and cargo safety, use of financial personal data and airplanes passengers. These objectives have been recalled by the Commission in its recent Communication entitled “The EU Internal Security Strategy in Action: Five steps towards a more secure Europe”.

The crucial element here is that while these objectives correspond to what the Congress requested, this is not the case for the European Union, where the position of the European Parliament – which should ensure the legislative transposition of some of these objectives- is much more cautious than the one of the Congress. This is even more striking  if one take into consideration the fact that the Congress is considered even more demanding than both the Bush and Obama Administration, for instance, concerning borders control with the creation of an entry-exit system and limits to visa liberalisation.

The opposition of the Strasbourg Assembly to the indiscriminate collection and systematic storage of personal data of millions of air passengers (PNR) for several years is renowned. Especially, because these data includes also those of individuals which are not wanted nor suspects and that, even after the controls, are not considered a danger for the flights safety.

That is why the Council of the European Union adopted the 3rd December 2010 a negotiation mandate to the Commission which should allow revising in a more restrictive manner the data protection provisions which are provisionally applied on the basis of the EU-USA agreement, since 2007.

It goes without saying that it would be rather naïve to expect the American Administration to welcome such a measure, especially because the new Republican majority in the Congress would interpret it as a lowering down of the guard. Nevertheless, it is also self-evident that the current agreement risks to be rejected by the European Parliament at any moment and this possibility would open a dangerous vacuum, also for the aviation companies.[1]

Rather, it is reasonable to expect a greater willingness from the European Parliament’s side to adopt measures concerning the fight against cyber-crime, one of the USA priority for a long time and recently recalled by the Obama Administration during the last EU-USA summit of 20th November 2010 in the Joint EU-US Statement. The summit promoted a EU-USA working group in the field of cyber security and cyber criminality, which within a year will present a report on a series of initiatives, such as those discussed in the recent EU-US-NATO summit of the 24th November. These measures includes among others,

–       the creation of Computer Emergency Response Team (CERTs) in each European country, along the lines of the corresponding American centres, with the support of the European Agency responsible for network security (ENISA)

–       – the implementation of an emergency network

–       The creation of a sort of control room at the European level, as indicated by the Commission in its proposal for an internal security strategy.

These measures should be complemented by legislative measures such as the Proposal for a Directive on attacks against information systems, currently under review by the European Parliament. This measure will probably get inspiration from the Convention on Cyber crime of the Council of Europe, ratified by the United States itself.

However, all these measures, as well as the last ministerial meeting, all share the same unresolved problem related to the different data protection standards existing in the two sides of the Atlantic, namely in relation to public security. On the one hand, in the United States the protection of privacy and personal data is not considered a fundamental right (at most a penumbral right, subordinated to the safeguard of the right of expression foreseen by the first amendment and to the right of residence foreseen by the fourth amendment). On the other hand, in the EU, these rights are recognised as fundamental by art. 8 of the European Convention on Human Rights as well articles 7 and 8 of the Charter of Fundamental Rights.

Indeed, the European Parliament has requested, especially after 9/11 a transatlantic binding agreement in this field. This could eventually take place on the basis of negotiation mandate which the Council conferred to the Commission on the 3rd December and that Vice-President Reding has already presented to the Parliament.

Theoretically, the US authorities should not oppose it given that the mandate recalls the recommendations made by a common working group which has elaborated a series of common principles. However, the American authorities fear that the new agreement will make more difficult the transfer of data that is already taking place under the EU-USA agreement in the field of judicial cooperation in criminal matters, the agreements with Europol and Eurojust and more importantly the various bilateral agreements negotiated in the last decades between the USA and the EU Member States, in the field of security and fight against crime.[2]

The next months look quite challenging and it will be interesting to follow not only the negotiations but also the tone of the dialogue that will be established between the Congress and the European Parliament, i.e. whether  they will be able to share to a greater extent the perception of a threat and therefore the need to a common answer.

If this will take place, it could be possible to open the way to a Transatlantic Schengen-like space which ahs already been announced in the  EU-US Joint Statement on “Enhancing transatlantic cooperation in the area of Justice, Freedom and Security”


[1] The same issue is true for those measures which are considered too invasive for the individual privacy, such as the installation of body scanners (1300 are foreseen to be installed in the USA and a few tens in the European Union). It remains to be seen what the European Union will do to implement the new international strategy in the field of aviation security adopted by the 37th ICAO Assembly which took place on 8th October 2010 (Comprehensive Aviation Security Strategy) (ICASS).

[2] See Prüm-like agreements on the basis of which the EU Member States committed themselves to transfer information, , to the United States. These transfer include sensitive information, such as DNA codes, in exchange of looser conditions to obtain visa for their citizens.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: