Evaluation of the General Data Protection Regulation

by EIAD – European Academy for Freedom of Information and Data Protection. Europaische Akademie fur Informationsfreiheit und Datenschutz Academie europeenne pour la liberie d’information et la protection des donnees

Berlin, 27 January 2020

A. General remarks

Article 8 of the EU Charter of Fundamental Rights (EUCFR) guarantees the protection of personal data and requires independent data protection oversight. With the General Data Protection Regulation (GDPR), there has been one EU data protection law directly applicable in all Member States since 25 May 2018. The extent to which the goals of the GDPR have been achieved cannot yet be seriously assessed after only 18 months. According to Art. 97 GDPR, the European Commission is required to continuously review the application and effectiveness of the Regulation and to report on this for the first time on 25 May 2020 and, if necessary, to submit proposals for amending and further developing the Regulation.

There is no denying that the GDPR has advanced the harmonisation of European data protection law and its application compared to the largely fragmented previous legal situation. The regulation has also strengthened the data protection rights of individuals subject to the processing of their data. The GDPR also provided data protection supervisory authorities with effective means of enforcement. However, it has become apparent that there are still shortcomings in the areas described above which need to be remedied.

The GDPR has had a significant impact on the global debate on data protection issues.

Several non-European countries and federal states have now passed laws based on the model of the GDPR. Examples include the Californian Consumer Privacy Act (CCPA), which came into force on January 1, 2020, and the new Thai Data Protection Act. The US Congress has received several drafts for a federal data protection act. It is currently discussing them on a bipartisan basis.

In addition, the data protection agreement concluded between the European Union and Japan in early 2019 has created the world’s largest zone with a uniformly high level of data protection. This has improved the opportunities for the European economy to remain competitive in the face of ongoing digitization.

The present opinion is based on the experience gained so far and is therefore provisional in nature. It is focused on key areas of action in which further development of the legal framework already appears appropriate.

B. Proposals

1.     Harmonisation

The large number of opening and concretisation clauses in the GDPR urgently needs to be reviewed with a view to reducing them. As a result of the fact that the Member States have made use of national options in very different ways, a regulatory patchwork of the most diverse provisions continues to exist in many areas. This severely compromises the goal of harmonising data protection law in the EU as far as possible and the associated free movement of data. Moreover, fragmentation causes considerable practical and legal problems for legal practitioners.

1.1.     The opening clauses of the GDPR for processing by public authorities allow not only for more precise regulations in the law of the Member States, but also for clarification by Union law.

The legal requirements for such regulations, such as those in Article 6 (3) GDPR and Article 9 (2) GDPR, should be specified with regard to the particular relevance of data processing by public authorities to fundamental rights in such a way that the guarantees specified in the GDPR may only be deviated from in favour of the persons concerned. In addition, so far there are Europe-wide references, the EU legislator should make greater use of its power to specify in order to further develop the principles of the GDPR in a harmonised manner for the public sector.

1.2. The diversity of regulations is particularly serious in the research field. The application of the provisions on scientific research has shown the need for more integrated rules on processing for scientific purposes, in particular for European cross-border research. Art. 89 GDPR should be revised accordingly in order to ensure a uniformly high level of data protection throughout the EU.

1.3. A higher degree of harmonisation is also needed for the processing of personal data in the employment context. The requirements for employee data protection of Art. 88 GDPR should be designed as binding guidelines for the processing of employee data and not merely as an option for national legislators. Nevertheless, it should still be possible to specify the requirements in national law and collective agreements.

1.4. In view of the increasing importance of interactive, cross-border media, more binding and concrete criteria are needed for weighing up the relationship between data protection, free speech and freedom of information. Art. 85 GDPR should be further developed accordingly.

1.5. The cooperation of DPAs is crucial for the uniform application of data protection law. The principles set out in Chapter VII (Art. 60-78) GDPR must be made more effective. There is a need for legal remedies if a supervisory authority fails to take a decision pursuant to Art. 58 in cases of cross-border importance, delays it, or intends to refrain from taking a formal measure pursuant to Art. 58 (2) GDPR with a view to amicably resolving a dispute with the company. It must be ensured by corresponding changes in Art. 64-66 GDPR that the provisions on the coherence procedure also apply to such cases.

2. Profiling / Automated decisions

Greater attention must be paid to automated systems which make or prepare decisions important for the individual or for society. Of particular relevance in terms of data protection law is the compilation and evaluation of data for the purpose of assessing individuals (profiling) and the use of algorithmic decision making systems, for example in connection with the use of “artificial intelligence” (AI).

2.1.    Art. 22 GDPR should be adapted to cover all cases where the rights and freedoms of natural persons are significantly affected. Profiling must be regulated as such (and not just decisions based on it). It should be clarified that the rules for automated decision-making also apply to decisions that are essentially based on algorithmic systems (algorithmic decisions). In this respect, absolute limits must be defined, admissibility requirements must be standardised and the principle of proportionality must be specified. In doing so, the specific requirements for the use of sensitive data and for the use of data relating to children shall be taken into account. The transparency requirements of Art. 12 et seqq. for profiling and automated decisions should be formulated more specific. Persons affected must always be informed when profiling is carried out and what the consequences are. In the case of algorithmic and algorithm-based decision-making systems, the underlying data and their weighting for the specific case must be disclosed in a comprehensible form.

2.2.    With regard to the functioning and effects of algorithmic and algorithm-based decision systems, in particular to avoid discrimination effects, mechanisms of algorithm control should be implemented. The requirements for data protection impact assessment formulated in Art. 35 (7) GDPR should be specified accordingly.

3.     Data protection technology

In addition to written law, ensuring effective data protection is largely determined by the design of technical systems. The statement “Code is Law” (Lessig) applies more than ever in view of increasingly powerful IT systems and global processing. It is therefore all the more important to ensure that technical systems are designed in a way compatible with data protection, especially with regard to limiting the scope of personal data processed (data avoidance, data minimisation).

Anonymisation and the use of pseudonyms are effective techniques for limiting risks to the fundamental rights and freedoms of natural persons, without unduly restricting the knowledge that can be gained from the data processing. In view of the high speed of innovation, it is necessary to examine to what extent the legal requirements guarantee adequate protection.

3.1. The provisions on technological data protection (Art. 25 GDPR) should take into account the particular risks arising from the use of new technologies and business models (in particular artificial intelligence, data mining, platforms). Corresponding specifications for the design of such systems should be specified by the European Data Protection Board.

3.2. In view of the rapid technological development, the requirements for anonymisation and pseudonymisation in Art. 25 GDPR and for the use of anonymised data should be made more specific. This should be supplemented by prohibitions of de-anonymisation and the unauthorised dissolution of pseudonyms, with the possibility of criminal prosecution.

3.3.     The responsibility of the manufacturers of hardware and software should be increased, for example by extending the definition of the responsible person to include the natural or legal person, public authority, agency or other body marketing file systems or personal data processing services.

At the very least, they should be included as addressees of the rules on data protection by means of technology design and by means of privacy by default, Article 25, and security of processing, Article 32 GDPR, in addition to the controller and processor, with the consequence that providers of personal data processing systems and services are responsible and liable for the implementation of the requirements at the time of placing on the market. In particular, they are to be legally obliged to provide all information required for a data protection impact assessment prior to the conclusion of a contract and all information and means necessary for the implementation of the rights of the persons concerned, irrespective of company and business secrets. This could also make the provisions on certification under Art. 42 effective. Consideration should also be given to extending the regulations on liability and compensation (Art. 82 GDPR) and on sanctions (Art. 83 f) to manufacturers.

4.     Rights of data subjects / self-determination

Self-determination and the rights of the persons concerned by the processing are at the centre of the fundamental right to data protection and the fundamental right to informational self-determination established by the Federal Constitutional Court. Although the GDPR standardises the central possibilities of influence of the individual on the processing of his or her data and his or her rights vis-à-vis the responsible parties, the actual possibilities of influence of the data subjects are often very limited. This applies in particular to the practice of various powerful companies offering services in which data subjects are trapped by lock-in effects. The rights of those affected should therefore be further strengthened.

4.1. The rules on consent (Art. 7 GDPR) and the right of objection (Art. 21 GDPR) must be supplemented in such a way that the persons concerned can make use of technical systems to determine their data protection preferences when exercising their decision-making powers. Those responsible must be obliged to respect these specifications and the decisions based on them.

4.2. In Art. 12 ff GDPR it must be ensured that the information provided for the data subject relates to data processing actually intended. It should also be clarified that the controller must inform the data subject of all known recipients to whom personal data of the data subject are or have been disclosed. In addition, the person responsible must be obliged to record the transmission of the data and the recipients, so that he cannot evade his obligation to provide information on the grounds of “lack of knowledge”.

4.3. The transparency obligations pursuant to Art. 12 et seq. are to be specified with regard to the use of profiling techniques and algorithmic decision-making procedures (cf. point 1, 2nd indent above).

4.4. The right to restriction of processing (blocking) in Art. 18 GDPR should be extended to those cases in which the necessary deletion is not carried out because the data must be kept only for the purpose of complying with retention periods.

4.5. The right to data portability (Art. 20 GDPR) should be specified in such a way that the data must be made available to the data subject in an interoperable format. It should also be ensured that the right covers all data processed by automated means that the data subject has generated (including metadata) and not only those that he has deliberately entered into a system. Furthermore, companies and platforms with a high market penetration should be obliged to make their offerings interoperable by providing interfaces with open standards.

C. Evaluation of the legal framework

Article 97(1) of the DS-GVO provides for an evaluation of the GDPR after 25 May 2020 at four-year intervals. In view of the rapid technical development in the field of data processing, it appears necessary to shorten this evaluation interval to two years. Even if the legal framework is designed to be technologically neutral, it must react to technical developments as quickly as possible otherwise it will fast become obsolete.

EUROPEAN LAW BLOG : E-Evidence in the EU Parliament: Basic Features of Birgit Sippel’s Draft Report

ORIGINAL PUBLISHED HERE :https://europeanlawblog.eu/2020/01/21/e-evidence-in-the-eu-parliament-basic-features-of-birgit-sippels-draft-report/


Discussions on E-Evidence are heating up at the EU Parliament

Taking into consideration the significant legal challenges from the globalization of criminal evidence and considering that traditional instruments for cross-border cooperation such as Mutual Legal Assistance Treaties (MLAT) are too slow and cumbersome, the European Commission proposed, on 17 April 2018, the “E-Evidence” legislative package (E-Evidence), which aims, to streamline cooperation with service providers and supply law enforcement and judicial authorities with expeditious tools to obtain e-evidence.

Despite difficult negotiations among EU Member States, the EU Council of Ministers succeeded in adopting on December 7, 2018 its “general approach” on E-Evidence. This led to a storm of reactions by NGOs, the industry, members of the European Parliament (MEPs) and at least seven EU States, including Germany, who opposed the Council’s draft. The Netherlands, for instance, denounced the Council’s text for being adopted “too fast” and stated that it “opened the way for abuse by EU countries that lack sufficient guarantees over the rule of law and fundamental rights”. In an article published a year ago and entitled E-Evidence in a Nutshell:  Developments in 2018, Relations with the Cloud Act and the Bumpy Road Ahead I presented an overview of the major features of the Council’s draft and the principal points of contention.

The months that followed showed the significant challenges that need to be addressed before a compromise is found at the EU on E-Evidence. The Civil Liberties, Justice and Home Affairs (LIBE) Committee of the European Parliament spent most of the year 2019 in drafting seven working documents on the topic. On 8 November 2019, however, an important development took place: the LIBE Committee’s Rapporteur MEP Birgit Sippel released her draft Report on the E-Evidence draft Regulation.

Sippel’s Report constitutes a huge departure from both the Council’s general approach and from the initial Commission’s proposal. It presents… 267 amendments to the Commission’s proposal aiming to modify not only every single article in the Commission’s and the Council’s drafts, but also some important mechanisms and pillars of these drafts.

While this time the NGOs’ and the industry’s first reactions have been generally positive, Sippel’s Report has provoked a strong reaction by the Commission which led to an unusual institutional confrontation at the EU. More precisely, the Commission was accused of circulating to a selective list of stakeholders and MEPs (but not to the E-Evidence Rapporteur herself) a Non-Paper highly critical of Sippel’s Report and claiming that the amendments suggested by the Rapporteur will have a major impact on the efficiency of E-Evidence. This, in turn, led to a strong reaction by the chairman of the Parliament’s LIBE Committee, Juan Fernando López Aguilar, and Birgit Sippel herself, who wrote to Justice Commissioner Věra Jourová to complain about the Commission’s Non-Paper: “From an EU institutional point of view, such a practice by the Commission … raises serious questions as to the principle of sincere cooperation between the institutions,” their letter read. They also protested about the lack of transparency on the Commission’s side and the inclusion in the Non-Paper of factual errors about the content of Sippel’s Report. Following this, the Rapporteur also addressed a letter to her MEP colleagues intending to “clarify” the “misunderstandings” appearing in the Non-Paper and to defend the efficiency of her approach.

It is against this “electric” background that the different political groups introduced a total of 841 amendments to the E-Evidence proposal and that the first meetings between the shadows and the Rapporteur took place during the month of January. The LIBE Committee is due to vote in February or March on this legislative proposal, but it has not yet been determined whether the vote will take place on a new compromise proposal from the committee or whether there will be a vote amendment-by-amendment. A full plenary vote of the European Parliament should take place afterwards.

The objective of this paper is to present briefly some among the major features and mechanisms of Sippel’s Report. This paper is based in a much longer study that I have just published with the Cross Border Data Forum (CBDF) analyzing in detail the extent to which the legal regime proposed by the Rapporteur could strike the right balance between necessary protections and efficiency (see: “Lost in Notification ? Protective Logic as Compared to Efficiency in the European Parliament’s E-Evidence Draft Report”). The conclusion of this study is that, while there are reasons for a number of modifications and adjustments, Sippel’s Report is the product of much work and thinking and includes important ideas and mechanisms that appear useful for the future negotiations on E-Evidence. Here are some among the basic features of Sippel’s Report.

1) Two in One? Merging the Regulation and the Directive

An important structural amendment is that the Report proposes to merge the two instruments proposed by the Commission (a Regulation and a Directive) into a single one. The Rapporteur advances several arguments to justify this, including the concern that by introducing a separate Directive (which will oblige service providers to designate a legal representative in the Union) the Commission might have the hidden intention to “also use it for other future instruments. “In that regard”, argues the Rapporteur, “the proposed Directive overreaches its goal and raises serious issues with its legal basis, namely the Articles 53 and 62 TFEU” (see Sippel’s Report, at 146).

According to my information, the Commission strongly opposed the suggested suppression of the proposed Directive, considering that this would deprive the whole E-Evidence package of its added value, especially as far as third country service providers are concerned. The Commission emphasized that the legal basis for the Regulation (Art. 82(1)) TFEU cannot be used to compel service providers from third States to designate a legal representative in the Union. As a result, a different legal instrument, with a different legal basis, is necessary.

2) A Double Notification Mechanism

By far the most important change proposed by Sippel’s Report is that it introduces a meaningful notification mechanism permitting EU Member States to exercise their traditional protective functions and ensure the respect of fundamental rights on their territory.

The Report provides for notification to both the “executing State” (i.e. the State of the service provider) and the State of residence (“affected State”), when the latter is known to be different from the “issuing” and the “executing” State.

The Notification mechanism is not toothless anymore (as in the Council’s version). The executing State can object with several grounds of refusal available, including protection of human rights, privileges and immunities.

The Report is not founded in ‘absolute’ mutual trust (as the Commission’s version) but on the idea that efficiency arguments should not override the need to protect fundamental rights. It claims, nonetheless, that efficiency will not be significantly affected because the timeframe proposed by the Commission can be respected with much stronger safeguards if each actor plays its own role.

In my CBDF study I analyze in detail the two proposed notification mechanisms and I assess the extent to which each one of them could strike the right balance between necessary protections and efficiency. My basic conclusions are the following.

A) Notification to the “Affected State”: High Protections with Low Burden

First, the introduction of a notification to the “affected State” (the Member State of permanent residence of the affected person) is undoubtedly the major single improvement introduced by Sippel’s Report. Notification to the “affected State” is highly protective. It has the great merit of bringing the targeted individual back into the equation. The Member State of residence would thus be able to exercise its traditional protective functions concerning the human rights of the targeted individual. It will have much more powerful incentives to proceed to such a control than the enforcing State (where the service provider is based) which, most often, has a weak link to a criminal case. Moreover, such a notification will permit to protect the sovereign prerogatives and fundamental interests of the Member State where the data subjects reside, such as the national security of the Member State of residence (if, for instance, the targeted person is an agent of the receiving Member State), trade secrets (if the target is a business executive) or other essential interests.

It is thus clear that the notification to the affected State will greatly enhance the human rights and other protections of E-Evidence. But what about efficiency? The Commission claimed that the system would be too burdensome. In my CBDF paper I explain in detail why the Commission is wrong, subject to the condition that notification to the affected State should only concern the most intrusive for human rights forms of data, namely content and transactional data. It would, however, be an error to introduce into the notification regime subscriber or access data, as the Rapporteur seems to suggest.

Indeed, notification of the affected State, where applicable, would remain entirely inside the timeframe (10 days) proposed by the Commission and the Council. Efficiency is affected much less than commonly assumed, because in most cases (93%) the investigating/issuing authority seeks data on its own residents. In contrast to a Mutual Legal Assistance Treaty request, which requires notice to a different country in 100 % of cases, the “affected state” provision would thus apply in less than 7% of cases. On the basis of the existing data, it seems reasonable to believe that the 20 smallest EU Member States would be notified as “affected State” no more than a few dozen times per year. The burden should thus be low and manageable for them. If one considers than during the year 2018 Facebook received and examined a total of 53,841 data requests, followed by 47,011 for Google, 43,480 for Apple and 22,919 for Microsoft (see here, at 12), it would be an insult to countries like Sweden or Austria to argue that they would be unable to examine a few dozen notifications per year in order to protect as “affected” States the human rights of their populations and their sovereign interests.

In my CBDF paper I also advance a series of arguments in order to rebut the Commission’s argument that “notification to the affected State will go far beyond what exists under current mutual recognition and legal assistance instruments”. In my view, the introduction in the E-Evidence package of the concept of the “affected State”, as Sippel suggests, will permit to “adapt” in an appropriate way in the digital world protections that already existed traditionally “in the physical world” under MLA systems. As a conclusion, while the burden for affected States should be low and the “protecting human rights/sovereign interests benefit” for them and their populations should be high, law enforcement people involved in the e-evidence negotiations do not always seem to realize the importance of this mechanism and do not necessarily declare themselves willing to ensure this “responsibility to protect” function envisioned for them by Sippel.

B) Notification to the “Executing State”: More Challenging but Could Become Feasible

Things are more challenging concerning the mechanism of notification to the executing State also put forward in Sippel’s Report.

While notification to the “affected State” (if the State of residence of the person whose data is sought is other than the issuing State) makes real sense for the reasons explained above, notification to the executing State seems less compelling. Imagine a crime committed in France. The victim is French, the suspect is a French person and resident. What is the point of obliging France to notify Ireland only because the service provider of the suspect is established in Ireland or has his legal representative there?

Despite the lesser relevance of notification to the executing State, whose link to a criminal case is often very weak, it seems that this idea is strongly imprinted in the mind of different stakeholders.

In Sippel’s Report there is no doubt that notification to the executing State, combined with notification to the “affected State”, offers important additional protections and guarantees. Among other things, such a notification permits to deal with a number of issues such as conflicts of laws concerns or rule of law problems in the issuing State – especially taking into consideration that 93% of all criminal investigations have an entirely “domestic” character and there will thus be no notification to an “affected State” for them. In Sippel’s mind, the involvement of the executing State is absolutely necessary not only in order to resolve such rule of law problems but also in order to give a solid legal basis to E-Evidence (Art. 82 TFEU, based on the notion of cooperation between two judicial authorities). She introduces the concept of the “executing” State (instead of “enforcing” State in the Commission’s draft) which will be automatically involved in all European Production Orders (EPOs) thanks to this system of notification and which will be considered as having recognized automatically the EPO Certificate unless if it raises a ground for refusal.

As I explain in my CBDF paper, there is a strong protective logic behind Sippel’s proposal, but the system, as it was introduced, would undoubtedly create a huge burden for the executing State and might make the future instrument unattractive to law enforcement authorities (LEAs). It seems to me that the only way to make this notification less burdensome would be not only to introduce some necessary amendments exposed in my CBDF paper but also to implement this system on the basis of the understanding that the executing authorities will not need to systematically examine each EPO but will only need to take action in some exceptional circumstances. The whole idea would thus be that there will be a “guardian of the Temple” in case of trouble, but this guardian will not need to check and clear all persons entering the Temple.

3) Enhanced Human Rights Protections

Numbers are not always relevant, but it is interesting to note that Sippel’s Report mentions Human Rights 31 times – up from 17 in the Council’s draft.

The meaningful notification system, explained above, is presented as the major step forward to allow that the rights of affected persons are guaranteed by the executing State and, where applicable, the affected State. Others pro-human rights amendments include:

  • Notice-by-default for persons targeted by orders issued under the Regulation (unless there is a non-disclosure order validated by a court to avoid jeopardizing the specified investigation – see amendment 164). This is in contrast with the downgrade operated by the Council and the lacuna in the Commission’s draft discussed here. It is interesting to note that the non-disclosure Court order is directly influenced by the US system of gag orders.
  • rejection of the new data categories introduced by the Commission (“access” and “transactional” data) and return to what is presented (see Report at 147) as “clear data categories (based on existing EU and national legislation and in line with CJEU case law)”, namely: “subscriber”, “traffic” and “content” data. The Commission, however, insisted that its proposed new category of “access data” (as opposed to traffic or transactional data) is extremely important in order to enable LEAs to identify the subscriber of a service at the early stages of the investigation – and should thus not be deleted as suggested by the Rapporteur.
  • Due regard for issues such as respect of ne bis in idem principledual criminality considerationsprivileges and immunities, including protections for medical and legal professions, freedom of press and freedom of expression.
  • Limitations to the use of data obtained, including rules on (in)admissibility of evidence & erasure of data obtained in breach of Regulation.
  • Much greater concern for effective legal remedies not only in the issuing but also in the executing State in accordance with national law, including the possibility to challenge the legality of the order.

4) A More Appropriate Role for Service Providers

The Report proposes a more appropriate role for service providers. The logic is that the responsibility of protecting human rights should not be shifted from States to service providers, but recognizes that the latter may be able to provide critical information relevant to the assessment of the necessity and proportionality of orders as long as they are not solely responsible for this process.

While logically providing for sanctions if service providers do not cooperate, the Report abandons the hugely punitive sanctions of the Council (“2% yearly turnover”) which could have a chilling effect on providers’ incentive to challenge abusive orders.

The Report also introduces an immunity from liability provision for service providers for any consequences resulting from compliance with an EPO, subject to other data protection obligations.

The Report seems to partially resolve a concern raised by service providers, academics and others, regarding when an EPO should be used instead of domestic procedures. Both the Commission and Council’s approaches created uncertainty and raised the possibility that Member States could resort to the use of domestic measures, potentially in cross-border scenarios, but Sippel’s Report seems to clarify that Union measures should always be used in cross-border scenarios. Service providers have expressed concern that, without clarifying language, the Commission and Council’s approach would have created a backdoor, allowing Member States the opportunity to simply ignore the E-evidence legislation altogether and use domestic measures which could lead to fragmentation and conflicts of law. Sippel’s amendment 83 would delete language preserving use of a domestic backdoor (“without prejudice to the powers of national authorities to compel service providers established or represented on their territory to comply with similar national measures”). However, there is no affirmative requirement that would require Member States to use the E-Evidence mechanisms over national measures in cross-border cases.

5) Other Features

At least four other important features of Sippel’s Report need to be mentioned:

  • Conflict of laws -– On conflict of laws, interestingly, the Report does not go back to the elaborated mechanism proposed by Commission and abandoned by the Council (explained here) but provides for a reasonable mechanism based on the appreciation of both the issuing and the executing State’s authorities.
  • A higher threshold for issuing production orders – Sippel’s report provides that European Production Orders requiring production of content or “traffic” data (which includes the “access” data category introduced by the Commission) “may only be issued for criminal offences punishable in the issuing State by a custodial sentence of a maximum of at least 5 years”. This is 2 years more than the threshold in the Commission’s and Council’s drafts (“3 years”) and means that, for these categories of data, EPOs can only be issued for the most serious crimes. It would be surprising if LEAs around Europe accepted such a high threshold.
  • Extension of timeline for application of the Regulation – Sippel’s Report extends the timeline for application of the draft Regulation from six months after its entry into force (provided in the Commission’s proposal) to three years. This means that, in the best case, E-Evidence will not be applicable until the end of 2023. While it makes a lot of sense to provide for the necessary time in order to implement a new and complex system as E-Evidence (the Council itself proposed a deadline of 24 months in its general approach), three years might appear too long for law enforcement people. This, in turn, raises the risks that some Member States might enact in the meantime national laws to enable access of their LEAs to e-evidence (through extraterritorial or data-localisation measures) leading to fragmentation and unwelcome complications.
  • “Independent” Prosecutors – The Report proposes to systematically replace the term “prosecutor” in the draft Regulation by the term “independent prosecutor”, defined as not be “exposed to the risk of being subject, directly or indirectly, to directions or instructions in a specific case from the executive, such as a Minister for Justice, in connection with the adoption of a decision”. This was done in order to reflect recent CJEU case law (see eg Minister for Justice and Equality v OG and PI, discussed in this Blog here). This means, in practice, that prosecutors that have been found by the CJEU not to respond to these “independent” requirements (such as German prosecutors) would not be able under the draft E-Evidence Regulation to request the production of subscriber data and the preservation of data. This would be a limitation to what these prosecutors can already do under domestic law. It would thus be surprising if LEAs all over Europe accepted such limitation. More generally, it should be important to think if CJEU (or European Court of Human Rights) judgments adopted under different circumstances are automatically transposable to other situations. The above-mentioned CJEU cases concerned the sensitive issue of which bodies are “issuing judicial authorities” capable of issuing European Arrest Warrants with a view to the arrest and surrender, by another Member State, of a requested person. One could argue that the particularly high threshold of independence of prosecutors required by the CJEU when the very right to liberty is at stake, should not necessarily be transposed automatically to the E-Evidence context, in relation with the bodies authorized to issue requests for the production of subscriber data and the preservation of data which are less intrusive measures for human rights than the ones envisioned by the original judgment.


Sippel’s version of E-Evidence is far more protective for human rights than the Commission’s or the Council’s drafts. Thanks to this protective approach Sippel succeeded in making the “paradigm shift” introduced by E-Evidence acceptable to fundamental rights experts (and likely very hard to challenge tomorrow in European courts).  NGOs and other stakeholders who were firmly opposed to E-Evidence, pleading instead for an improvement of MLA mechanisms (such as the European Investigation Order), suddenly seem to consider that E-Evidence could be compatible with strong human rights protections. “Has Sippel MEP been successful at repairing the unrepairable?”, asks for instance EDRi.

There is also little doubt about the fact that Sippel’s version of E-Evidence is much better for service providers than the Council’s or the Commission’s drafts. Sippel’s report provides a workable regime for service providers and legal certainty while relieving them from liability issues. Without transforming them to legal assessors of fundamental rights (as the Commission did), Sippel’s system gives the possibility to service providers to protect their customers and users and to flag eventual problems to States who remain, nonetheless, the traditional guardians of human rights. When the Council of the EU adopted its draft, the Business Software Alliance denounced a “disappointing text” that “risks undermining the protection of citizens and enterprise data across Europe”. In contrast, the BSA “welcomed” the European Parliament’s E-Evidence draft report, considering that it “introduces much clearer liability rules for companies complying with the Regulation, strengthens the fundamental rights protections of EU citizens, and ensures that cooperation between law enforcement agencies and technology providers is fostered and balanced”. Similarly, a recent joint industry/NGOs statement offered strong support to Sippel’s Report.

If Sippel’s Report is “good for human rights” and “good for service providers”, the big question is whether it might also become acceptable for law enforcement authorities. The double notification mechanism introduced by Sippel does not affect the timeframes proposed initially by the Commission and the Council for the production of data (10 days in normal situations, 6 hours – extended to 24h by Sippel – in cases of emergency). These notification mechanisms create nonetheless a bureaucratic burden and additional responsibilities for the issuing State, the executing State and the affected State. Some modifications and adjustments will be necessary in order to make this system less burdensome for the States concerned, and especially for the executing State. Still, it remains to be seen if these States will accept to play the “responsibility to protect” role envisioned for them by Sippel.

The author will like to thank all the persons who contributed comments to a previous draft of this article, and especially Karine Bannelier, Vanessa Franssen, Ken Propp and Peter Swire. The views expressed in this article are entirely the author’s.

VERFASSUNGSBLOG : 1460 Days Later: Rule of Law in Poland R.I.P. (Part I and II) Laurent Pech, Patryk Wachowiec Mi Jan 2020

SEE : Pech, Laurent; Wachowiec, Patryk: 1460 Days Later: Rule of Law in Poland R.I.P. (Part II), VerfBlog, 2020/1/15, https://verfassungsblog.de/1460-days-later-rule-of-law-in-poland-r-i-p-part-ii/.

On 13 January 2016, exactly four years ago today, the Commission activated its rule of law framework for the very first time with respect to Poland (for our previous 2-part post assessing the situation as of 13 January 2019 see here).

During this time, Poland has become the first EU Member State:

  • to be threatened with the payment of a penalty payment of at least €100,000 per day should it continue to ignore an interim order adopted by the ECJ in July 2017;
  • to be subject to the exceptional procedure laid down in Article 7(1) TEU in December 2017;
  • to have seen its newly “redesigned” National Council of the Judiciary suspended from the European Networks of Councils for the Judiciary for its lack of independence in August 2018;
  • to have seen its self-described “judicial reforms” provisionally suspended by the Court of Justice via two interim orders in October and December 2018;
  • to have been found by the Court of Justice to have failed to fulfil its Treaty obligations under the second subparagraph of Article 19(1) TEU not once but twice in June and November 2019;
  • to have been referred to the Court of Justice by the Commission for making it possible to subject ordinary court judges to disciplinary investigations, procedures and sanctions on the basis of the content of their judicial decisions, including the exercise of their right under Article 267 TFEU to request preliminary rulings from the Court of Justice.

As if to outdo itself when it comes to annihilating judicial independence, Poland’s ruling party has rushed an unprecedented piece of legislation last month. This bill “raises the question of whether Poland wants to remain in the EU” by forcing non-compliance with EU rule of law requirements and strengthening an arbitrary disciplinary regime which has already enabled a multitude of kangaroo disciplinary proceedings against any judge at any point in time for as long as needed from the point of view of the ruling party.

As recently and accurately observed, “no member state in the history of the EU has ever gone as far in subjugating its courts to executive control as the current Polish government. The Polish case has become a test whether it is possible to create a Soviet-style justice system in an EU member state; a system where the control of courts, prosecutors and judges lies with the executive and a single party”.

This (two-part) post will highlight the main developments, primarily from the point of view of EU law, which took place in 2019. The most noteworthy one is the Court of Justice’s two infringements rulings which have found Poland to have violated the principles of the irremovability of judges and judicial independence and the Court of Justice’s first preliminary ruling regarding the so-called “Disciplinary Chamber” of Poland’s Supreme Court. The latter ruling has proved particularly impactful as it has directly led a not-yet-captured chamber of Poland’s Supreme Court to find the Disciplinary Chamber not to constitute a court within the meaning of EU and Polish Law. These two rulings have led in turn Polish authorities to put forward what may be described as a “de facto Polexit bill”.

This means that the warning addressed to the new President of the European Commission last month by multiple NGOs and scholars remains more valid than ever: “The attacks on judicial independence we are witnessing in Poland are unprecedented in the history of the EU and legal chaos is bound to ensue and spread because Polish authorities are openly and purposefully ignoring their duties and obligations as a matter of Polish as well as EU law. If not promptly addressed through interim measures, we have no doubt this will mark the beginning of the end of the EU’s common and interconnected legal order.”

It is time for European and national actors to WAKE UP and realise we may soon reach a tipping point, with the EU’s interconnected legal ecosystem facing a medium-term risk of collapse due to the premeditated and ongoing “destruction of the independence of the judiciary” we are witnessing in Poland, a process which seems to be inspiring an increasing number of national governments with exhibit A being Orbán’s Hungary.

1. Going M.I.A. in 2019: The Council

Before outlining the Court of Justice’s decisive contribution in 2019, one may note the Council’s failure to organise any Article 7(1) TEU hearing in respect of Poland since it held one in December 2018. One should not understand the lack of any Article 7(1) hearing as meaning that the Commission’s Article 7(1) recommendations have been met. Indeed, not a single one of them has been fully implemented by Polish authorities. In fact, the situation is worse than ever, which is why the Commission had no choice but to conclude in February 2019 that due to “the cumulative effect of the recent changes affecting the judiciary”, which “are limiting its independence” and “infringing upon the separation of powers”, the executive and legislative powers can now “interfere throughout the entire structure and output of the justice system”.

You have read this correctly: Poland’s executive and legislative powers, de facto controlled by Poland’s de facto Great Leader, can now interfere at will with the functioning and outputs of Polish courts (one may note in passing that the Commission’s diagnosis confirms the ill-advised nature of the so-called Celmer test devised by the ECJ as we noted last year). This interference is now happening openly, through disciplinary charges or administrative measures, such as early dismissals from secondment or temporary suspension by captured presidents of courts, but also more indirectly by putting pressure on judges not to adjudicate in a certain way whenever the interests of the ruling party demand it.

What has the Council done to address the situation? Not much or rather, as little as possible. Two explanations may be advanced: the Romanian government, in charge of the rotating presidency of the Council, was too busy undermining the rule of law in Romania to organise a hearing while the otherwise very active Finnish Presidency did not want to be seen as interfering with Poland’s parliamentary elections of October 2019, which is why it prioritised the organisation of the first Article 7(1) TEU hearing held in respect of Hungary in September 2019 followed by another one in December 2019.

In concrete terms, this means we only saw the Commission give a few updates on the rule of law situation in Poland during the past 12 months: 

18 February 2019: The Commission provided the Council with an update on the latest developments regarding judicial reform in Poland. Member states considered that recent legislative changes concerning the Supreme Court law were a positive development and encouraged the Polish authorities to address the remaining issues raised by the Commission.

9 April 2019: The Commission provided an update on the state of play in relation to Poland.

18 July 2019: The Council took stock of the state of play as regards the rule of law in Poland in the light of recent developments, in particular the judgment of the European Court of Justice on Poland’s Supreme Court law.

16 September: The Commission updated ministers on the developments regarding the rule of law in Poland following the meeting of the General Affairs Council in July.

10 December 2019: The Commission updated ministers on the latest developments, including the recent judgments of the European Court of Justice concerning Polish rules on the retirement age of judges and public prosecutors and the new Disciplinary Chamber of the Polish Supreme Court.

Beyond the issue of the two rotating presidencies of the Council’s own priorities, it would appear that an additional pretext was used by some EU governments to justify their not untypical torpor: the alleged need to wait to see how Polish authorities would comply (or not) with the Court of Justice’s forthcoming infringement and preliminary rulings considering the increasing number of pending cases before the Court, and which directly or indirectly raise most of the issues highlighted in the Commission’s Article 7(1) reasoned proposal.

As we shall now see, Polish authorities have only publicly accepted to comply with the Court’s two infringement rulings to date primarily because these rulings did not prevent them from progressively capturing the Supreme Court from within. As soon as the Court of Justice provided an interpretation of EU law which led a not-yet-captured chamber of Poland’s Supreme Court to find unlawful two of the sham bodies established or captured by the ruling party (i.e. the “Disciplinary Chamber” of the Supreme Court and the ENCJ-suspended National Council of the Judiciary), a new bill was put forward to organise and legalise non-compliance with the judicial independence requirements established in EU law, in obvious breach of both the Polish Constitution and the EU Treaties.

2. The Court of Justice’s entrée en piste

As of today, two infringement rulings – Case C-192/18 and Case C-619/18 – and one preliminary ruling – joined Cases C-585/18, C-624/18 and C-625/18 – have been issued by the Court of Justice. In addition, one infringement case regarding Poland’s new disciplinary regime for judges (C-791/19) and, to the best of our knowledge, eighteen requests for a preliminary ruling raising judicial independence issues, are now pending before the Court.

The two infringement rulings previously mentioned went against Poland, which was not in the slightest surprising considering the obvious arbitrary nature of the changes pushed by Polish authorities regarding the retirement regime of Polish Supreme Court judges, Polish ordinary court judges and public prosecutors. These infringement rulings having been analysed elsewhere (see e.g. here and here), let us just emphasise how they show the lack of good faith of Polish authorities when it comes to the real reasons underlying their so-called “reforms”. Indeed, while members of Poland’s ruling party have been keen to constantly emphasise the need to “decommunise” the judiciary (even claiming that younger judges educated post 1989 would allegedly follow the behavioural patterns of their older, allegedly “communist”, colleagues), the justifications put forward before the Court to justify the retirement “reforms” were of a different nature. For instance, the lowering of the retirement age of Supreme Court judges to 65 was allegedly needed to standardise their regime “with the general retirement age applicable to all workers in Poland” while in the case of female ordinary court judges, Polish authorities explained the lowering of their retirement age to 60 (from 67) “on account of their particular social role connected with motherhood and child raising”.

With respect to the Supreme Court, the Court observed, in a highly unusual fashion but commensurate to the Polish government’s bad faith, that the “explanatory memorandum to the draft New Law on the Supreme Court contains information that is such as to raise serious doubts [our emphasis] as to whether the reform of the retirement age of serving judges of the Sąd Najwyższy (Supreme Court) was made in pursuance of such objectives, and not with the aim of side-lining a certain group of judges of that court [our emphasis]”. The Court therefore had no choice but to conclude that Polish authorities did not pursue a legitimate objective when they sought to lower the retirement age of the Supreme Court judges in post prior to the adoption of the law in dispute. Similarly, the Court of Justice found the new Polish rules relating to the retirement age of judges of ordinary courts and public prosecutors, adopted in July 2017, to be in violation inter alia of the principle of irremovability of judges, which is inherent in judicial independence.

In another seminal (preliminary) ruling (analysed e.g. here and here), the Court of Justice meticulously explained how the referring chamber of Poland’s Supreme Court can ascertain whether the so-called Disciplinary Chamber (hereinafter: DC) – which is also one of the problems highlighted by the Commission in its Article 7(1) reasoned proposal –  is sufficiently independent to constitute a court within the meaning of EU law. In the same preliminary ruling, the Court also explains how to ascertain the independence (or lack thereof) of the new National Council of the Judiciary (hereinafter: NCJ) – another body which has been highlighted as problematic by the Commission and many other organisations. Overall, the ECJ’s interpretation makes it implicitly obvious that neither the DC nor the NCJ satisfy the basic requirements of independence established by EU law, as previously made explicitly clear by Advocate General Tanchev.

Unsurprisingly, therefore, the referring court (the Labour and Social Security Chamber of the Supreme Court) subsequently found on 5 December 2019, on the basis of a meticulous and compellingly argued judgment, that the neo-NCJ does not offer a sufficient guarantee of independence from the legislative and executive authorities before ruling that the “Disciplinary Chamber” does not constitute a “court” within the meaning of EU law and therefore not a court within the meaning of Polish law as well.

With respect to the neo-NCJ, one may recall that it has been suspended from the ENCJ since August 2018 and that it was not merely established in breach of the Polish Constitution but also most likely unlawfully constituted on the basis of the 2017 (unconstitutional) law which changed the appointment procedure for the judicial members of the NCJ while also providing “for the early termination of the mandate of all judicial members on the Council”. To put it simply, it is likely that the judicial members of the NCJ were not supported by the required number of judges provided by the new (unconstitutional) law and/or only supported by each other or judges seconded to the Ministry of Justice. This is likely the reason why national authorities have openly ignored (you read that correctly) a final ruling from the Supreme Administrative Court ordering the Sejm to disclose the names of the judges supporting the NCJ candidates.

This blatant but far from unique violation of the most basic understanding of the rule of law by Polish authorities was rightly deplored by the Supreme Court in its judgment of 5 December 2019 which applied the ECJ preliminary ruling of 19 November 2019.

3. Problems left unaddressed by the Court of Justice’s rulings to date

Notwithstanding the seminal and welcome rulings issued this year by the Court of Justice, a number of important and urgent issues have been left unaddressed. This is not to say, however, that the Court of Justice is necessarily at fault as e.g. the Court cannot approve interim measures if it does not receive an application from the Commission as it did in the case relating to the independence of Poland’s Supreme Court and most recently in the case relating to the Disciplinary Chamber.

To begin with, the situation has not improved one iota as far as the (captured) Constitutional Tribunal (hereinafter: CT) is concerned. Despite a sharp decline in the number of cases submitted to it due to the widespread concerns about its lack of independence, the CT is fully operating and continuing to pretend to be a court. Last October, it even acted like a truly “European” court by declaring, for the first time, that a statute is not consistent with the TFEU (case P 1/18). This may be viewed positively at first sight but it should not be. Indeed, what we have here is a body masquerading as a court enforcing EU law (but only when it suits the ruling party) whereas according to the Commission itself, there is no longer any effective constitutional review in Poland following the failure of Polish authorities to take any steps with the view of restoring the independence of the CT. In addition to this damning diagnosis, one may refer to a series of letters to the (unlawfully appointed) “President” of the CT by a fellow judge. These letters offer multiple examples of obvious abuse of power such as an arbitrary allocation of cases to please the ruling party, an arbitrary make-up of judicial panels as well as an arbitrary (and unconstitutional) prohibition of dissenting opinions. To put it concisely, the time for an infringement action directly targeting the captured CT has come considering the damage it has done and its role when it comes to giving a veneer of legality to fellow sham bodies such as the Disciplinary Chamber (DC) and the National Council of the Judiciary (NCJ).

Speaking of the NCJ, people may be surprised (or not) to learn that it is continuing to function in a “business as usual” fashion notwithstanding the ruling of the Supreme Court of 5 December 2019 finding it to lack sufficient independence from legislative and executive authorities. In addition, some of its members have been busy spreading falsehoods about the content and binding nature of the ECJ preliminary ruling of 19 November 2019. Since its (unconstitutional) establishment on the back of the premature termination of the four-year term of office of its previous members, the neo-NCJ has recommended more than 650 individuals to be appointed as judges or for promotion. Its enthusiastic participation in the (unconstitutional) attempted purge and simultaneous court-packing of the Supreme Court has been well documented, not least by the European Commission. Furthermore, it was revealed last August that some NCJ members secretly took part in a smear campaign targeting judges, including the First President of the Supreme Court (alleged members of what has been described as a “troll form” have of course denied the allegations). As of today, we are still waiting for meaningful investigations and sanctions but how can one hope for any given that “it is clear that the alleged smear campaign was organised from within the Ministry, with the involvement of high ranking officials in the Ministry and National Council of Justice”, with the investigations undertaken by the NCJ and the prosecution service which is controlled by the Minister of Justice, the alleged main guilty party.

Similarly, the two captured chambers of Poland’s Supreme Court – the DC and the Extraordinary Control and Public Affairs Chamber – continue to function and continue to pretend to be independent judicial bodies. To give a veneer of legality to their existence, they have involved the captured CT by requesting it confirm the constitutionality of their status and deliberately referring cases to extended panels within them (7 “judges” or the whole chamber) in order to make their “judgments” more difficult to overrule as other benches, composed of 3 judges, normally need to refer cases to even bigger formation should they wish to override it. The “judges” belonging to the Disciplinary Chamber also did not shy away from self-certifying themselves. In April 2019, they adopted a resolution proclaiming that their appointment is lawful and that the ENCJ-suspended NCJ was similarly established in a lawful manner as confirmed by the ruling of the (unlawfully composed) panel of the CT. They must not be aware of the nemo judex in causa sua principle among other basic legal principles.

To complete our brief outline of the yet to be addressed issues by the ECJ (but a third infringement action is now pending before it), the overall operation of the new disciplinary system needs to be mentioned. While an alleged involvement in a smear campaign organised by the Ministry of Justice will not cause you any major inconvenience (disciplinary or otherwise), multiple judges have faced disciplinary charges for such “major crimes” as seeking to implement the Court of Justice ruling of 19 November 2019, being publicly critical about the so-called “judicial reforms” and “their effect on judicial independence”, or, even more alarmingly, for the content of the “decisions they have taken when adjudicating cases”. Yes, we are talking about a Member State of the EU in 2019 and not the Soviet Union. This is why, one may note in passing, that the analysis of Advocate General Tanchev in Miasto Łowicz and Others (C-558/18 and C-563/18) may appear excessively formalistic and disconnected from the reality on the ground. As noted in a recent and worth reading report by two members of the Council of Europe’s Parliamentary Assembly:

A key issue of concern is the fact that after prosecutors and judges have been informed by the Disciplinary Inspectors that a disciplinary investigation has been started against them, these investigations often continue indefinitely without formal disciplinary charges being brought [our emphasis] before the relevant disciplinary chambers … The Chairperson of the National Council of the Judiciary informed us that, in the last year and a half, 1174 disciplinary investigations were started. Only in 71 instances had disciplinary cases been opened … Irrespective of the small number of actual disciplinary cases opened, the large number of investigations started by disciplinary officers directly accountable to the Minster of Justice, and the time it takes to close these investigations, if at all, clearly has a chilling effect on the judiciary and affects their independence.

This is now the reality of the state of the rule of law in Poland. It is to be hoped that the ECJ will not exclusively focus on whether formal disciplinary charges have been brought but instead take full account of the overall context and the impact of the multiple (kangaroo) disciplinary investigations leaving judges and prosecutors the ruling party has targeted in a “precarious limbo” as they are being investigated without “being able to defend themselves”.

4. Going for broke: The “de facto Polexit” bill

Having initially reacted positively to the Court of Justice’s ruling of 19 November 2019 – according to the Minister of Justice/Prosecutor General, the Court’s ruling was a “great defeat for the extraordinary caste” – representatives of the ruling party and members of the bodies concerned by the Court’s judgment (the DC and NCJ) quickly changed tack when they finally understood that the Court’s reasoning had to lead the referring court to find both the DC and NCJ as lacking basic guarantees of independence.

Another important aspect of the Court of Justice’s ruling, not widely noted, is that “the EU test for the ‘appearances’ of independence can now be applied by ‘old’ Supreme Court judges also to assess the independence of the Chamber for Extraordinary Control and Public Affairs, the second chamber set up in the same way, from scratch, by the ruling parliamentary majority”.

This led the ruling party, following their usual modus operandi, to rush a new piece of legislation via some acquiescent MPs although the wording of the bill and the explanatory memorandum attached to it make it obvious that the bill was drafted in the Ministry of Justice. The purpose of this modus operandi is evident: to circumvent public consultation and prevent a meaningful parliamentary and public debate.

According to the initial version of the bill, it would be a disciplinary offence inter alia to disregard a provision of Polish law in a situation where its non-compliance with the Constitution (which has been violated on multiple occasions by members of the ruling party, not least the Polish President) has not been not confirmed by the (captured) CT. To put it bluntly, the ruling party “wants to force judges not to assess the conformity of the laws passed by the current authority on their own or through legal questions to the Supreme Court or the CJEU, with the Constitution or European law, under the threat of a penalty”.

Other provisions of the bill are similarly alarming. For instance, the proposal aims to prohibit judges from discussing “political matters” or engaging in activities or omissions which would allegedly undermine the functioning of the judiciary or more generally the functioning of Polish authorities and Poland’s constitutional bodies. This was defended inter alia on the ground that French law would similarly restrict the freedoms of expression and of association of French judges. As demonstrated here, this is pure, and deliberately misleading nonsense.

Another worth noting provision, which is so typical of the institutional capture strategy pursued by Poland’s ruling party, aims to secure the speedy replacement of the current First President of Poland’s Supreme Court when her term of office expires next April. According to the contemplated new three-step procedure, the General Assembly of Supreme Court judges, whose task is to present candidates for this post to the President of the Republic, must consist of at least 84 out of 110 judges. If this quorum is not met, the second meeting must be held with a presence of 75 judges while the third must include not less than 32 of them. The bill also gives each judge of the Supreme Court a right to propose one candidate for the said position.

Bearing in mind that at least 43 nominees of the (unlawfully operating) neo-NCJ are members of the Supreme Court, the new procedure virtually guarantees that the post will fall to one of (the ruling party’s) chosen ones. And should the said procedure fail, which is unlikely but better safe than sorry as the saying goes, the President of the Republic will be given an exclusive right to appoint an interim First President. In other words, it is only a matter of time before the ruling party captures the Supreme Court as a whole as it has already captured the CT and the NCJ, but also the Supreme Administrative Court. Indeed, and for the first time since the beginning of the rule of law crisis, the bill also targets the Supreme Administrative Court with the Polish President being given once again the exorbitant power to decide the new rules of procedure of that court.

The bill contains so many outrageous provisions and laughable claims – for instance the bill claims to be mindful of the need to protect the principle of irremovability of judges by which one should of course understand the irremovability of individuals whose appointments are legally tainted due to the unlawful character of the NCJ – it is difficult to be concise. Space constraints precluding further details here, we will refer readers to Professor Marcisz’s analysis:

The provisions in the bill are all designed as an assault on judicial independence. They aim at crushing the opposition against previous illegal reforms among the judiciary. No need to discuss their details: res ipsa loquitur. The bill is blatantly unconstitutional but without a functioning Constitutional Court it does not matter much. It is also contrary to EU law. Not only does it infringe the judicial independence … but also the principle of primacy of EU law.

It was good therefore to see Vice-President Jourová making clear her multiple concerns in a letter to the Polish authorities on 19 December 2019. However, if there is anything the last four years should have taught the Commission is that Polish authorities are never acting in good faith and will not shy away from deliberately and repeatedly violating the principle of loyal cooperation in order to create faits accomplis. The Commission should face up to this unfortunate reality and stop wasting time by repeatedly trying to “engage in a constructive dialogue” with a repeated offender.

What is needed from the Commission is strong leadership via concrete deeds. In this respect, European Commission Vice President Věra Jourová and the European Commissioner for Justice Didier Reynders must be commended for their leadership. The Commission’s decision “to ask the Court of Justice to impose interim measures on Poland, ordering it to suspend the functioning of the Disciplinary Chamber of the Supreme Court” on the back of the pending infringement case 791/19 was an absolutely essential step to take at this point in time. As accurately noted by the Commission, Polish authorities’ refusal to comply with the ECJ ruling of 19 November 2019 and the subsequent ruling of the Supreme Court of 5 December 2019 has created “a risk of irreparable damage for Polish judges and increasing the chilling effect on the Polish judiciary”.

In addition, the Commission should stand ready to launch a fourth infringement action modelled on the infringement action initiated against the attempted purge of the Supreme Court as soon as the pending bill is adopted (and to shorten pre-litigation stage as much as possible so as not to let Polish authorities capture the Supreme Court in the meantime). As for national governments who care about the rule of law, they should systematically join pending proceedings and should the Commission fail to act promptly, they should stand ready to put their money where their mouth is and initiate rule of law infringement actions on the basis of Article 259 TFEU.

5. A fictional country or an EU Member State in 2020?

Imagine a country where national authorities (non-exhaustive list below):

This country is not a fictional one. This country is now Poland under the Soviet-style moniker of the mislabelled “Law and Justice” party.

As accurately observed on 16 October 2019 by the First President of Poland’s Supreme Court: “The end result is that the rule of law in Poland is not simply at risk: it is being erased.” 

Writing a year ago, we warned that the situation in Poland “has deteriorated further to the point of threatening the functioning of the whole EU legal order and therefore, the future of the EU’s internal market itself.” This is no longer a mere threat but a clear and present danger. Poland should now be considered, to borrow an expression from the financial world, as a country in default from a rule of law point of view. EU institutions and EU Member States will soon have to decide on the nature of their losses: Sacrifice their good relations with Polish national authorities or sacrifice the EU legal order.

Stalling for time would be irresponsible. On current trajectory, it is only a matter of time before Poland’s rule of law default eventually triggers a knock-on process of legal disintegration.

Transforming the EU in a freedom security and justice area: first Council ideas for a Strategic Agenda (2019-2024)

This is a joint discussion paper for both justice and home affairs submitted by the Croatian Presidency to the other delegations and to be debated at the Informal JHA Council in Zagreb on January 23rd-24th

Working  Session  I.

Looking ahead to the area of freedom, security and justice

In June 2019, the European Council adopted the Strategic Agenda 2019-2024 to guide the European Union’s work in the next five years. Its first priority, ‘protecting citizens and freedoms’, is particularly relevant for Justice and Home Affairs, as is its second priority on the ‘economic base’ and the ‘European model for the future’.

As indicated in the concluding section of the Strategic Agenda, the Council is to integrate these priorities into its work.

The first step in the implementation of the Strategic Agenda in the field of JHA was a reflection process initiated by the Romanian Presidency and further developed by the Finnish Presidency.

Several important debates have taken place at preparatory and ministerial level on the basis of reflection papers covering a wide range of JHA topics.

The Finnish Presidency wrapped up this important work in December 2019.

The outcome of this extensive process and the numerous projects that emerged from it are reflected in various documents addressed to all Member States and the Commission by our Finnish colleagues.

The Croatian Presidency has inherited the results of this reflection process and considers it essential to continue looking ahead and start preparing the ground for strategic guidelines under Article 68 TFEU2 which will take forward the Strategic Agenda and facilitate its implementation.

The first topic mentioned in the Strategic Agenda refers to fundamental rights, the protection of our democratic and societal models and the rule of law. Hence, a priority for our future work should be values and the rule of law.

The Strategic Agenda also mentions our common values as ‘the foundation of European freedom, security and prosperity’. Debates within the Council have demonstrated a growing   concern that respect for these values is being challenged.

This hampers the proper application of EU law and instruments that are based on mutual recognition.

The second priority could therefore be to find ways of restoring mutual trust.

The third topic developed in the Strategic Agenda relates to the integrity of our territory, understood to mean control of our borders, the development of a functioning migration policy, and the fight against terrorism and cross-border crime.

A third area for consideration could thus be protecting the integrity of our common European space.

Finally, the first part of the Strategic Agenda mentions the need to protect our societies from malicious cyber activities and acknowledges the critical importance of more cooperation, more coordination, more resources and more technological capacities.

In addition, the second part, related to economic development, refers to the digital transformation and the need to shape our policy in a way that embodies our societal values, promotes inclusiveness and remains compatible with our way of life. We would therefore suggest that the fourth priority should be to find ways of mastering artificial intelligence and new technologies.

To inform our discussion, you will find attached a thematic annex which covers, for ease of reference, most of the policy areas explored in the reflection process conducted by previous presidencies.

As we try to identify possible ways forward in our policy field, the Croatian Presidency suggests organising our discussions around these four cross-cutting issues and focusing our attention on how to organise our work, tools and structures to achieve our common objectives.

Ministers are invited to discuss how these four cross-cutting issues (values and rule of law, mutual trust, protecting our common European space, and new technologies) can be best addressed in order to deliver on the Strategic Agenda and the priorities developed in the thematic annex.


Developments in the area of freedom, security and justice for the period 2019-2024


Following the Treaty on the European Union (the Maastricht Treaty, signed in 1992), justice and home affairs became one of the three pillars of the European Union.

The Schengen Agreement (1995) and the Treaty of Amsterdam (1997) emphasised the importance of cooperation and exchange of information among Member States’ justice and law enforcement authorities with the aim of creating an area of freedom, security and justice.

Moreover, the Tampere Programme (European Council conclusions of 1999) and the Hague Programme laid the foundations of the common European Justice and Home Affairs policy, including the cornerstones of cooperation with third countries and the future European judicial area.

Following the institutional changes introduced by the Treaty of Lisbon in 2009, the Member States adopted the Stockholm Programme (2009-2014), which highlighted the significance of European policies for European citizens, particularly in the following areas: rights of citizens, rule of law and justice, internal security (combating terrorism, law enforcement and disaster management, management of the external border and visa policy, migration and asylum (including integration) and the external dimension of the area of freedom, security and justice).

In its conclusions of June 2014, the European Council established, on the basis of the values defined in the Stockholm Programme, the strategic guidelines for legislative and operational planning in the area of freedom, security and justice (for the period 2014-2019).

On 20 June 2019, the European Council adopted the new Strategic Agenda 2019-2024, which, among other goals, emphasises the importance of protecting citizens and freedoms and promoting European interests and values on the global stage.

Accordingly, the Croatian Presidency recognises the importance of the prompt adoption of the strategic guidelines through which the Member States will pave the way to the implementation of further policies in the field of justice and home affairs, with the aim of creating an environment of the European Union as an area of freedom, security and justice.

Looking ahead to the area of freedom, security and justice

Criminal justice

The Strategic Plan for the Union (2019-2024) clearly confirms the aim of strengthening the fight against terrorism and cross-border crime, as well as improving cooperation.

The emphasis in this area will be on improving the implementation of existing instruments and filling gaps in the legislative framework where they exist.

Also, in the coming period it will be necessary to work on strengthening mutual trust between the Member States, which is key to successful judicial cooperation, as well as on developing networks and fostering coordination and synergies between them.

In the coming period, it is important to work on improving the existing acquis in the area of substantive criminal law, and to develop it cautiously, where necessary.

The EU’s ability to develop new acquis in this area must enable common solutions to common challenges, based on the real needs of the EU.

This is relevant to the extension of the competence of the EPPO as well.

Further development of victims’ rights should be approached in a systematic and holistic manner, taking into account the need to secure and/or strengthen all aspects of their protection.

Civil justice

In the coming period, it is necessary to continue with development of judicial cooperation in civil matters, with a focus on citizens, enabling faster and cheaper justice for citizens and businesses in the EU. The implementation of European Union instruments needs to be strengthened to this end.

Legal certainty and prosperity of citizens and businesses must be a guiding principle for future legislative initiatives in civil and commercial law at EU level.

In this sense, effective access to justice is a precondition for economic growth and development, and thus the development of society in general.

Accordingly, all new legislative developments must be based on the practical needs of citizens and businesses, and on evidence of clear added value.

Work needs to be done to strengthen the single market, whose backbone is formed by    SMEs, and it is necessary to secure fair competition and promote fairness and legal certainty in business relations.

It is also necessary for the EU to continue to protect citizens and families in cross-border situations.

One of the aspects of modernisation of the judiciary, which must respond to the needs and trends of modern times, is the further development and application of alternative dispute resolution, including online, bearing in mind its effectiveness, speed and acceptability to the parties.

Judicial training

Judicial training was recognised as an important prerequisite for establishing a unified European judicial culture and for the proper application of EU law.

Therefore, in the forthcoming period, it will be necessary to continue to invest effort both in expanding the content of training and in improving the quality of learning about EU law through sustainable funding, consistent programmes, an enlarged scope to include all judicial professions as well as, for example, familiarisation with the practice of European courts through internships, and further use of modern learning techniques and further linguistic training.

A modern judiciary

The progress and modernisation of the judiciary must, in the coming period, be a particular focus of our activities and be in line with the progress of the European Union as a whole.

The modernisation of the judiciary will make it more effective and also facilitate access to justice for both natural and legal persons. Therefore, the modernisation of the judiciary should continue to be developed through the additional improvement of IT tools/systems, and the introduction of the use of digital technologies into the acquis as a shared standard in its application and thus a key component of efficient digitalised justice systems in the EU.

It will also be necessary to work on interconnection and interoperability between Member States’ systems. Particular emphasis in this respect should be placed on the development of artificial intelligence.

Protection and promotion of common values, including fundamental rights, the rule of law and democratic values

Ensuring continuity in protecting the fundamental values of the European Union – respect for human dignity and human rights, freedom, democracy, equality and the rule of law – will continue to be crucial to the democratic functioning of the European Union and the protection of all its citizens, as well as the reputation and acknowledgement of the European Union in the world.

In this context, the European Union, with the ongoing task of upholding and promoting these values, must be capable and respond to threats to them within the European Union, always in an effort to maintain the unity of the European Union and its Member States.

In addition, the phenomenon of hate speech and large-scale disinformation will have to be addressed, and further efforts should be made to protect vulnerable groups.

The external dimension of the judiciary

Co-operation with third countries and international organisations is important for a number of reasons. Namely, the European Union can, through the external dimension of the judiciary, contribute to a more uniform legal framework in the international setting, which contributes to the overall economic progress of the European Union, the successful fight against crime and terrorism, and also the protection of human rights.

Furthermore, the European Union can be an ‘exporter’ of its own values, many of which are reflected in the judiciary – for example, the independence of the judiciary. The latter is particularly important in relations with candidate countries for EU membership.

Efficient control of external borders and a return to the proper functioning of the Schengen area

Strong and reliable external border protection, efficient return of irregular migrants and strict implementation of other relevant tools contributing to successful and comprehensive migration management are the key prerequisites for a return to a properly functioning Schengen area and for the overall security of the European Union.

With the aim of meeting these goals, the Member States need to invest further efforts to establish a fully operational European Border and Coast Guard, which should reach its target capacity of 10 000 border guards as soon as possible, and at the latest by 2024.

In parallel, more determination is required in order to implement the status agreements in the countries of south-east Europe, which will enable the exercise of the Agencies’ external competences in this region.

Together with the full operationalisation of the European Border and Coast Guard and  efficient returns, Member States need to continue work on efficient and timely implementation of the interoperability legislative framework, ensuring that the synergy of all these measures will lead to well-protected external borders and subsequent restoration of a genuine Schengen area. In doing so, the Member States should strive to improve their cooperation with third countries and invest greater effort in restoring mutual trust.

A comprehensive and functional migration policy

Proactive migration management calls for comprehensive action-taking on all levels and a truly European approach based on responsibility and solidarity. The focus must be on all   migratory routes, particularly land routes, which directly influence the security of the EU external border.

Establishment of a functional, humane and resilient asylum system, as an inevitable part of a comprehensive migration policy, should be based on joint obligations and fair burden-sharing among the Member States. Such an approach is the only way for the Member States to fulfil their obligations towards those who are truly in need of international protection.

It is also crucial in this context to establish a system for the quick return of those who have no right to stay in the European Union. Thus, the list of safe third countries and the list of safe countries of origin should be urgently adopted.

Along with these measures, establishing pathways for legal migration to the European Union is becoming increasingly important. Legal manners of arrival, including resettlement, reduce the incentive to use smuggling routes to Europe, protect human life and dignity and have multiple benefits for our societies and economies.

Therefore, our cooperation with partner countries should be the main tool for tackling the root causes of illegal migration, providing assistance to refugees, managing mixed migration flows, combating smuggling and document fraud, ensuring efficient readmissions and providing tailor-made legal pathways.

A Europe that protects a safe Union

The security environment of the European Union has changed drastically in the past few years. Therefore, we need to aim to build an efficient and genuine Security Union, capable of responding to the threats of the new age and protecting our children, citizens and societies.

The main challenges we need to deal with are those of a cross-border nature, such as terrorism, organised crime and cybercrime, but also other forms of unacceptable behaviour that could undermine our common security and the values of our societies – child sexual abuse, hate speech, radicalisation leading to violent extremism and intolerance.

In the years to come, no efforts should be spared in tackling the dissemination of terrorist content and child sexual abuse material online, protecting public spaces and addressing the proliferating challenge of hybrid threats that attack the heart of our democracies and endanger our critical infrastructure.

Thus, along with the swift implementation of legislative acts in the field of border protection, exchange of data among law enforcement bodies, firearms, explosives, financing of terrorism and interoperability, we have to strive for adequate legal and technological solutions for the use of artificial intelligence and other new technologies that take into account the protection of personal data and privacy, meet the highest standards of security of information systems, and are defined by ethical boundaries.

Finding the right answers to such a wide spectrum of security challenges should also be complemented by efforts to increase the EU’s resillience against both natural and man-made disasters. Unfortunately, the European Union is facing a great number of frequent and complex disasters which cause loss of human lives and other adverse consequences for our citizens, economies, communities and environment.

It is therefore crucial to keep on building capacities at both national and EU level in order to prevent or to decrease the possibility of disasters. However, being aware that not all disasters can be prevented, we need to continue to work on strengthening our national and common EU reactive capacities in order to be able to save as many lives as possible and to recover from the consequences of various disasters in the shortest possible period.

Investing in our capacities to face the security challenges of the digital age

Responding properly and in a timely manner to such diverse and complex security challenges requires that our police, border, asylum and customs services are well-equipped, and that the legal framework in place provides for their successful mutual cooperation, as well as for cooperation with the relevant EU agencies.

Therefore, in the next five years, Member States will work hand in hand in order to successfully implement the adopted legal acts in a timely manner and to fill legal gaps where they exist. To this end, the swift adoption and implementation of the proposed Regulation on preventing the dissemination of terrorist content online is a key priority.

Furthermore, Member States will insist that sufficient EU funds within the next multiannual financial framework will be allocated to upgrading the technical capabilities, human resources and expertise of all relevant actors whom we expect to play a vital role in ensuring our security in the digital age. It is necessary to ensure practical uptake of the outcomes of research and innovation, and thus coordination between Horizon Europe and other European financial programmes. Due to the economies of scale and the need to provide all EU Member States with the same level playing field, it is advisable to opt for concentrated investments related to the innovation and development of artificial intelligence in the domain of security and migration to make the outcome accessible and available to all Member States.

Therefore, the JHA Agencies, in particular the European Innovation Lab within Europol, should play a central role, taking into account the concentrated knowledge, expertise and secure environment at their disposal. Furthermore, private business should be involved throughout the process, and public-private partnerships should be promoted.