FREE-Group Remarks on the implementation of the General Data Protection Regulation (GDPR)

We are writing in response to the European Commission call for “feedback” on the implementation of the General Data Protection Regulation (GDPR) (see https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12322-Report-on-the-application-of-the-General-Data-Protection-Regulation)

Fundamental Rights European Experts (FREE) is a group of experts on European human rights and data protection law.[1] Although focussed on issues relating to the EU Area of  Freedom Security and Justice, we also take an interest in broader issues of fundamental rights protection in the EU, in particular in relation to data protection law under the EU General Data Protection Regulation (GDPR), the Law Enforcement Data Protection Directive (LEDPD), the rules relating to EU FSJ-related databases, and the links between these areas.

Presumably, the above call relates to the mandatory European Commission’s review of the operation of the GDPR under Article 97 of that regulation which stipulates that:

  1. By 25 May 2020 and every four years thereafter, the Commission shall submit a report on the evaluation and review of this Regulation to the European Parliament and to the Council. The reports shall be made public.
  2. In the context of the evaluations and reviews referred to in paragraph 1, the Commission shall examine, in particular, the application and functioning of:
  3. Chapter V on the transfer of personal data to third countries or international organisations with particular regard to decisions adopted pursuant to Article 45(3) of this Regulation and decisions adopted on the basis of Article 25(6) of Directive 95/46/EC;
  4. Chapter VII on cooperation and consistency.

However, the review required under Article 97(1) is manifestly broader than the report mentioned in the call – which oddly does not mention Article 97 but which, it says on the website, will cover (only) international transfers of personal data to non-EU countries and the cooperation mechanism between national data protection authorities, i.e., the two topics mentioned in Article 97(2)(a) and (b). There are in fact a range of other, and wider, issues relating to the practical implementation and effect of the GDPR.

The Commission’s reference to “feedback” is also strange, given that there is as yet nothing to provide feedback on – such as a draft or provisional Commission report under Article 97(1) (see below).

We also note in this context that, in carrying out the above-mentioned evaluations and reviews, the Commission “may request information from Member States and supervisory authorities” (Article 97(3)); is required to “take into account the positions and findings of the European Parliament, of the Council, and of other relevant bodies or sources” (Article 97(4)); may, if it deems this necessary, “submit appropriate proposals to amend this Regulation, in particular taking into account of developments in information technology and in the light of the state of progress in the information society” (Article 97(5)). The Commission may also more generally, if it deems this appropriate, “submit legislative proposals with a view to amending other Union legal acts on the protection of personal data, in order to ensure uniform and consistent protection of natural persons with regard to processing” including in particular – but not limited to – “the rules relating to the protection of natural persons with regard to processing by Union institutions, bodies, offices and agencies and on the free movement of such data” (Article 98).

Under Article 97(1), the Commission is supposed to submit its report on the evaluation and review of all of the GDPR to the European Parliament and to the Council, and make it public, by 25 May this year, i.e., in a few weeks’ time and less than a month after the deadline for “feedback”. This should not be limited to the two topics selected.

We are deeply concerned that the Commission’s call for “feedback” seriously fails to meet the requirements of Article 97(1), (3), (4) and (5), and Article 98 – and even in relation to the two selected issues (Article 97(2)) is inadequate:

  1. the call for “feedback” on two issues is not broad enough to meet the requirements of Article 97(1);
  2. the deadline is much too short; there is as yet nothing to provide feedback on; and there are unacceptable limits on wordcount – in no way can this short, limited call be said to allow the Commission to “take into account the positions and findings of the European Parliament, of the Council, and of other relevant bodies or sources” even on the two selected topics, let alone on the whole of the GDPR and its practical implementation (Article 97(4));
  3. while we do not believe the text of the GDPR should be reopened, there is no indication of the Commission’s thinking on this matter, or on the approach it will take to that under Article 97(5)); and
  4. there is also no indication of the Commission’s thinking on the need for amendments – or new rules – of other Union legal acts in this area (Article 98) – which we believe should include its considerations in relation to the (stalled) E-Privacy Regulation. Although the review of various legal acts under Article 98 need not coincide with the review of the GDPR under Article 97(1), it would in our view make sense to link the two, at least in relation to (a) the proposed e-Privacy Regulation and (b) the complex relationships between the different EU data protection regimes (GDPR, Law Enforcement Data Protection Directive, Regulation 2018/1725 – and various other instruments, e.g., in relation to the CSFP – in particular as concerns transfers of personal data from one regime to another (e.g., making available of PNR data by private sector entities to law enforcement- or border agencies; compulsory retention of or access to e-communications data held by private sector entities by law enforcement agencies – and the elephant in the room: access to private sector and law enforcement data by the Member States national security agencies).

In the circumstances, we strongly suggest that the Commission’s report, based on the unduly limited “call for feedback”, planned for submission to Parliament and the Council in the near future, should take the form of a draft (or interim or provisional) report with special attention to the two selected issues, but with the Commission making explicitly clear that this is only the start of the work, i.e., confirming that it will still seriously examine still-to-be-provided input from Parliament, the Council, and others such as ourselves and other civil society organisations, both on the two issues mentioned in Article 97(2) and on all other issues that arise in relation to the GDPR, with a view to a wider, comprehensive report in the not-too-distant future (although perhaps after the summer) that will properly take those views into account and address all issues under the GDPR.[2]

In the meantime, thanks to the contribution of Professor Douwe KORFF, we have limited ourselves to merely listing, in the attachment, a wide range of important issues that we strongly believe the Commission’s full review under Article 97(1) should cover, with very brief comments. We would be happy to expand on each of those issues, or indeed on why we selected them, if asked to do so (and given enough time).

We wish the Commission and its members good health in these difficult times.

Yours sincerely –

Emilio De Capitani

(FREE-Group Executive Director)

Attachment:   List of main issues to be addressed in the full Article 97(1) review

Attachment  List of main issues to be addressed in the full Article 97(1) review (Author Professor DOUWE Korff)

  1. Preliminary issues:The need for full involvement of the bodies mentioned in Article 97(4), in particular of European Parliament and civil society:

This should allow for full and substantial input from European Parliament and from genuine civil society organisations (as distinct from lobbyists for corporate interests and soi-disant “independent” think-tanks that are a mere front for such interests) , with sufficient time for preparation and proper consultations and discussions.

  1. The question of whether, in general and in respect of the two main issues for review (Chapters V and VII), there is a need to amend the text of the GDPR itself (Article 97(5))

The GDPR (for all its defects) is a great achievement. We strongly oppose re-opening (amending) the text of the GDPR for the time being, as this will merely allow for a repeat of the extensive negative lobbying aimed at reducing protection we saw in the extended adoption process, create prolonged uncertainty and undermine the “golden standard” status of the GDPR.

  1. The question of whether there is a need to submit legislative proposals for amendments to other data protection legal acts (Article 98)

It is crucial that a strong ePR is adopted as a matter of urgency which does not anywhere or in any way undercut or undermine the principles, rules and high level of protection of the GDPR.

  1. Mapping the operation of the GDPR in its wider contexts

On the basis also of requests for information from the MSs and the SAs (Article 97(3)), the Commission should map out in detail the operation of the GDPR in its own terms and in relation to the other EU data protection regimes – and in relation to national security, covering at least the following:

  1. Lack of harmonisation, partly due to the “further specification” clauses.[3]

The Commission should map and assess:

  1. the extent to which the divergencies caused by the “further specification” clauses pose obstacles to the free flow of personal data within the Union, especially also in relation to the digital environment (and thus potentially to the Digital Single Market), but also:
  2. whether the divergent legal rules adopted by the MSs under the “further specification” clauses (including but not limited to Articles 8, 9, 10, 23, 85, 86, 87, 88 and 89) really offer the “appropriate”/“suitable” safeguards and comply with the fundamental rule-of-law requirements (“law”, legitimate aim, necessity and proportionality) required of them by the GDPR.The relationship between the GDPR and other data protection regimes in the EU and in the EU Member States.[4]

The Commission should map and assess:

  1. Links and transfers of personal data processed subject to the GDPR (in particular, by private-sector entities) to entities in the MSs that process the data after transfer outside of any EU data protection rules, i.e., the MSs’ national security agencies (the elephant in the room)The application of the GDPR to non-EU/EEA controllers and processors under Article 3(2)(a) and (b) GDPR (as also expressly called for by the LIBE Committee of the EP)

The Commission should map and assess the extent to which:

  1. non-EU/EEA companies that offer goods or services to individuals in the EU (in a targeted way), or that monitor the behaviour of such individuals (in particular, through online tracking tools):

(aa)      are aware of the fact that they must comply with the GDPR; and

(ab)      have actually taken any steps to ensure that they do comply (especially beyond merely creating a separate Privacy and Consent page for EU citizens);

and

  1. the extent to which the MSs’ SAs and/or the EDPB  have taken any information and enforcement actions in this respect and the outcomes of such actions.
    • The specific issues mentioned in Article 97(2)
      • International transfers of personal data to non-EU countries, including the question of adequacy (Chapter V)

The current arrangements are not fit for purpose:

  1. Re adequacy decisions:

(aa)      Adequacy decisions should not be political, executive decisions but legal ones. Ideally, the provisions in the GDPR relating to such decisions should be amended to ensure the decisions are subject to proper expert and democratic scrutiny by the EDPB and the European Parliament (rather than just taken with the EDPB being consulted). However, since we feel the text should not be re-opened (section 1.ii, above), we cannot recommend that. But it is still entirely possible to develop a practice under which the opinion of the EDPB is given full weight and in practice always followed, and under which draft adequacy decisions are presented to and discussed in Parliament before being formally adopted. If there is going to be a review of the text (now or in four years’ time), this is an issue that deserves more formal attention.

(ab)      adequacy decisions are largely reached in secrecy, with very limited, essentially ex post facto and non-binding input from the EDPB, and none from civil society including civil society groups in the third countries concerned;

(ac)       there is pressure to grant adequacy decisions to trading partners to facilitate trade, even if there is no really “essentially equivalent” protection and insufficient enforcement in the third country;

(ad)      access to personal data by third countries’ national security agencies remains an almost totally obscure(d) issue;

(ae)      there is no open, ongoing, regularly published monitoring of the situation in third countries that have been declared adequate; such monitoring should be continuous and include input from civil society groups in the third countries concerned, with regular, public reviews;

(af)       contrary to the CJEU’s requirement, there is no serious continuous supervision and assessing of the situation in third countries by the MSs’ SAs.

  1. Re other grounds for transfer:

On the basis also of requests for information from the MSs and the SAs (Article 97(3)), the Commission should map out in detail and assess:

(ba)      the “legally binding and enforceable instrument between public authorities or bodies” in the EU and corresponding public authorities and bodies in third countries mentioned in Article 46(2)(a). At the moment, no-one has any idea of the nature, scope and detail of such arrangements – let alone whether they really contain the required “appropriate safeguards”; and

(bb)      all the BCRs that have been approved by the MSs’ SAs and the groups of companies to which they relate (Article 46(2)(b) jo Article 47) and the extent to which they (i) actually provide on paper the required “appropriate safeguards” including “enforceable rights [granted to] data subjects with regard to the processing of their personal data” (Article 47(1)(b) and (ii) have actually ever been invoked by data subjects and (iii) the outcome of such actions and whether that has led to any reviews of the BCRs.

Moreover:

(bc)       the standard data protection clauses for transfers between controllers in the EU and controllers and processors in third countries were drawn up under the 1995 Data Protection Directive and are not fit for purpose under the GDPR; among many other issues, they do not properly address transfers made to controllers who are subject to the GDPR under Article 3(2).[5]

(bd)      there are no standard clauses for processor to processor transfers;

(be)      no codes of conduct have as yet been approved under the GDPR; the process is unacceptably slow;

(bf)       no certification mechanisms have as yet been approved either at MS level or at EU level;

(bg)      to the best of our knowledge, no ad hoc transfer clauses have ever been approved by any MS SA – and they are not to be encouraged either.

  1. Weaknesses in the GDPR enforcement mechanisms including in the cooperation mechanism between national data protection authorities (Chapter VII)

The MSs’ SAs remain weak and fatally under-funded and under-resourced, especially when it comes to supervision over the digital environment and the “Internet Giants”. We note in this respect the findings by the search engine Brave which showed that:[6]

  1. only five of the EU’s 28 SAs have more than 10 tech specialists.
  2. The EU’s SAs do not have the capacity to investigate Big Tech.
  3. Half of the EU SAs have small budgets (under €5 million).
  4. EU governments have not given their SAs the capacity to defend their decisions against ‘big tech’ companies in court on appeal.
  5. The UK Government’s privacy watchdog is Europe’s largest and most expensive to run. But only 3% of its 680 staff is focussed on tech privacy problems.
  6. The Irish Data Protection Commission is Google and Facebook’s ‘lead authority’ GDPR regulator in Europe. But while the number of complaints it deals with is accelerating, increases to its budget and headcount are decelerating.
  7. European governments have failed to equip their national SAs with sufficient powers and resources to enforce the GDPR.
  8. Almost a third of the EU’s tech specialists work for one of Germany’s Länder (regional) or federal DPAs. All other EU countries are far behind Germany.

We support Brave’s call on the European Commission to launch an infringement procedure against EU Member State Governments for failing to implement Article 52(4) of the GDPR.

In addition, we note that the cooperation and consistency mechanisms in the GDPR do not function appropriately or adequately. The SAs and the EDPB do not at present effectively supervise compliance with the GDPR by entities with establishments in the EU, let alone by entities not established in the EU but who are subject to the GDPR by virtue of Article 3(2) GDPR, and they do not effectively enforce the GDPR.

In our view, it would have been much more sensible  to follow the EU Competition legal framework model where cases having cross border impact can be resolved by a truly central EU authority with decisional and sanctioning powers.

However, we would not want to open up the text of the GDPR on this issue – that would inevitably lead to other parts of the regulation also being opened for change – which would likely lead to a lessening of protection (see issue 1.ii, above). If there is going to be a review of the text (now or in four years’ time), this is another – perhaps even the most important – issue that deserves more formal attention.

We are asking the Commission and the EDPB to find ways of making the consultation, cooperation- and consistency mechanisms in the GDPR efficient and truly effective, so as to create credible means to face giant global corporations such as Google or Facebook. We urge the EU and the MSs to provide extensive further resources in terms of money, staff (especially technical experts) and other support to the EDPB and to any joint operations of supervisory authorities under Article 62 GDPR, so that they can seriously, speedily and effectively supervise and investigate major, especially international, corporations; and the SAs to make much greater use of the new powers they have been granted under the GDPR, and to impose real, serious dissuasive and punitive sanctions on wrongdoers. Until now, weak and utterly ineffective supervision and enforcement has been the sad hallmark of the system.

We also urge the Commission to encourage MSs to provide for actions by not-for–profit bodies representing data subjects under Article 80(2) GDPR. We believe such class (or quasi-class) actions can contribute significantly to compliance with the GDPR by major corporations whose actions affect millions of individuals. If NGOs representing those many individuals can effectively secure proper (and where appropriate, exemplary) payments to compensate for violations of the Regulation to each of the individuals affected, that would act as a proper deterrent. We note that in some MSs courts have awarded individuals several thousand Euros each for data breaches, without the need to show further specific damages. If tens or hundreds of thousands of data subjects could secure such payments through such actions, this could, we believe, affect a sea-change in the GDPR compliance environment.

(We note the recent US$5billion fine imposed by the US FTC on Facebook – which dwarfs the fines imposed under the GDPR to anyone to date.)[7]

  1. Other important issues:Codes of Conduct & Certification mechanisms

Codes of conduct and certification mechanisms can in principle be useful means to assist controllers and processors in demonstrating their compliance with the GDPR. However, they have to be strong and properly managed.

The Commission and the EU MSs have signally failed to make progress towards the creation of proper frameworks for codes of conduct and for the accreditation of strong certification schemes – in spite of having had four years to work on these. We call on the Commission to urgently make progress on these issues.

  1. Artificial Intelligence

Automated decision-making, profiling, machine learning, self-learning algorithms – and now “Artificial Intelligence” (AI) pose grave threats to data protection and other fundamental rights (including the right to an effective remedy and to a fair trial, equality, freedom from discrimination, etc.).[8] The GDPR contains the kernels of part of the solutions – they should be explored and nurtured. The Commission and the EDPB should urgently clarify how the GDPR can and should be used to protect our rights.

  1. Brexit

The United Kingdom’s trade and security arrangements, and the data flows that accompany those, were closely integrated with the other EU Member States and the relevant EU institutions before “Brexit”. There will be significant pressure on the Commission to declare the UK an “adequate” country for the purposes of the GDPR (and in relation to security). However, the UK has also made clear that it wants to be free to diverge from the EU rules including the EU data protection rules (GDPR and LEDPD). It is reported that “The British government is making impossible demands over access to Europol databases in the negotiations over the future relationship with the EU”. Similar issues arise in relation to personal data that are processed by EU controllers and processors under the GDPR – not least in relation to possible access to such data once transferred to the UK (after the post-Brexit transition period) by the UK national security agencies – an issue that has wrongly excluded from discussion while the UK was still an EU MS (see above, at 2.ii(b), above) – and in relation to onward transfers to US national security agencies.

We are urging the Commission to address all these elephants in the room: access to data by MSs’ national security agencies, access to data by UK national security agencies after the post-Brexit transition period, and transfers of personal data by the MSs and by the UK to US (and other “5EYES”) national security agencies.

– o – O – o –


[1]             See: FREE – Group “About” and FREE- Group “Members” on the internet homepage

[2]             While preparing our submission we heard from usually well-informed sources that the Commission has in fact already written the report on the above-mentioned two issues in near-final form. If that is true, it would make a mockery of the call for “feedback”. We assume that the Commission will actually still be looking for real and serious submissions, and take those properly into account.

[3]             See The DPO Handbook, produced in the EU-funded “T4DATA” project in 2019 by FREE experts Douwe Korff and Marie Georges, Part II, The General Data Protection Regulation, section 2.2, Status and approach of the GDPRE: direct applicability with “specification clauses”, pp. 102 – 109, available at:

[4]             For a list of those different regimes and the issues arising, see Douwe Korff and Marie Georges, The DPO Handbook, (previous footnote), Part I, section 1.4.6, Transmissions of personal data between different EU data protection regimes, pp. 89 – 91.

[5]             See the letter sent by FREE Group member Professor Douwe Korff to the EDPB on this latter issue on 19 February 2020.

[6]             See: https://brave.com/dpa-report-2020/ (Summary, quoted above with edits)

https://brave.com/wp-content/uploads/2020/04/Brave-2020-DPA-Report.pdf (full report)

[7]             https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions

[8]             Yves Poulet, L’intelligence artificielle et le RGPD, 2020, For an earlier discussion, see Douwe Korff and Marie Georges, Passenger Name Records, data mining & data protection: the need for strong safeguards, report prepared for the Consultative Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (T-PD) of the Council of Europe, 2015, section I.iii The dangers inherent in data mining and profiling, available at:

https://rm.coe.int/16806a601b

(VERFASSUNGSBLOG) Protecting Polish Judges from the Ruling Party’s “Star Chamber” The Court of Justice’s interim relief order in Commission v Poland (Case C-791/19 R)

Laurent Pech Do 9 Apr 2020

1. The third order granting interim measures against Poland on rule of law grounds

The European Court of Justice’s order in Case C-791/19 R is the third time the Court has granted the interim measures applied for by the Commission so as to preserve the rule of law from being seriously and irreparably harmed by Polish authorities. 

The first time the Court had to noticeably step in was when Polish authorities openly disobeyed a previous order of the Court to stop their (unlawful) logging in the Białowieża forest. In an unprecedented step, the Court granted the Commission’s request to impose a penalty payment of at least €100,000 per day of non-compliance within the framework of an application for interim relief. 

The second time the Court was forced to make history happened at the time of the Polish authorities’ attempt to purge Poland’s Supreme Court, in obvious breach of both the Polish Constitution and EU law. The Court then ordered the immediate suspension of the application of the legislation which retroactively lowered the retirement age for Supreme Court judges. This meant that Polish authorities had to restore the Supreme Court to its situation prior to the entry into force of the law being challenged by the Commission. 

In the present and third instance, which is the subject of this post, the Court of Justice has just ordered the immediate suspension of the activities of the so-called “disciplinary chamber” as regards disciplinary cases concerning judges. The Court’s order is particularly significant to the extent that this “disciplinary chamber”, a modern “star chamber”, is for all intents and purposes the stepping stone on which the arbitrary new disciplinary regime put in place by Poland’s ruling party is built. 

2. The third infringement action against Poland on rule of law grounds

The Court’s order is connected to Case C-791/19, which is itself the third infringement action launched by the Commission on the basis of Article 19(1) TEU in order to protect Polish judges from the ruling party’s political control. This is also the third infringement action which brings to the Court’s attention issues the Commission had repeatedly raised with Polish authorities as part of the Rule of Law Framework and subsequently as part of the Article 7(1) procedure. 

In this case, the main subject-matter of the action is the so-called “disciplinary chamber” established in 2017 and whose own “judges”, it may be worth recalling, adopted a resolution in April 2019 whereby they held themselves to have been appointed properly (nemo judex in causa sua, anyone?).

Be that as it may, the lack of independence and impartiality of the “disciplinary chamber” has been an issue repeatedly raised by multiple bodies and experts specialising in rule of law matters. In this context, it is also worth noting that for the very first time, the European Commission simultaneously raised a violation of Article 267 TFEU to the extent that the new disciplinary regime would create “a chilling effect for making use of this mechanism”.

3. A belated application for interim measures 

Considering the threat of political control over Polish judges alleged by the Commission, one could find it difficult to comprehend why the Commission did not apply for interim measures when it decided to refer Poland to the Court of Justice on 10 October 2019 (with case effectively lodged on 25 October) although the Commission did request the Court to expedite the proceedings. By contrast, in the case relating to the independence of Poland’s Supreme Court, the Commission requested both interim measures and expedited proceedings. In light of the pattern of systemic violation of judicial independence and multiple instances where rulings of the Court of Justice or national courts were preceded by threats of non-compliance or just openly ignored, not to mention the more recent examples of targeted harassment of national judges seeking to apply Article 19(1) TEU, the Commission’s failure to apply for interim measures could leave one seriously perplexed. 

When this stance faced renewed public criticism following Polish authorities’ defiant refusal to comply with the ruling of the Labour and Social Security Chamber of Poland’s Supreme Court which found the “disciplinary chamber” not to constitute a court within the meaning of EU and Polish law by application of the AK preliminary ruling of the Court of Justice, the European Commission belatedly decided to apply for interim measures on 14 January 2020 (with the application effectively lodged with the Court on 23 January 2020). As correctly noted by the Commission itself, “despite the judgments, the Disciplinary Chamber continues to operate, creating a risk of irreparable damage for Polish judges and increasing the chilling effect on the Polish judiciary”.

The Court’s order deals with this aspect, which was predictably raised by the Polish government at the stage of the examination of the urgency of the Commission’s request for interim measures. Instructively, the Court makes clear the Commission’s rationale (paras 97-98). In a nutshell, the Commission decided not to apply for interim measures because it expected the A.K. and others preliminary ruling (joined cases C-585/18, C-6224/18 and C-625/18) to deal with the issue of the disciplinary chamber. While the Court found the Commission’s rationale to be “reasonable”, one may not find it neither coherent nor judicious. As the Court of Justice itself explained in a not so subliminal message to the Commission in the cases of Miasto Łowicz and Prokurator Generalny (Joined Cases C558/18 and C563/18), “the task of the Court must be distinguished according to whether it is requested to give a preliminary ruling or to rule on an action for failure to fulfil obligations” (para. 47, analysis here). Speaking plainly, the Commission’s deferment has meant more months of additional harassment for Polish judges than would have been the case had the Commission apply for interim measures from the start of its infringement action. 

In this context, it is also difficult to understand why the Commission did not follow the same path as in the case relating to the independence of Poland’s Supreme Court and requested the Court that it provisionally grants the requested interim measures before the submission by Poland of its observations and until such time as an order is made closing the interim proceedings. Considering the repeated threats of non-compliance with ECJ rulings and current Polish authorities’ track record of non-compliance with rulings of Polish courts, the Commission’s failure to ask the Court to impose a penalty payment in case of non-compliance is also surprising, to say the least. The least the Commission could do was to reserve the right to submit an additional request seeking that payment of a fine be ordered in case of non-compliance in full with the interim measures ordered following its request for interim relief, which the Commission did.

4. Key aspects of the Court’s order

Leaving the issue of likely future non-compliance aside, and to keep this analysis as brief as possible, the Court’s order most significant aspects will be highlighted. 

To begin with, following the line of case law developed since its seminal “Portuguese judges” ruling, the Court makes clear that the obligation for every Member State to respect and maintain the independence of their national courts or tribunals (which may apply or interpret EU law) includes an obligation to comply with the principle of independence of judges as far as disciplinary proceedings against judges are concerned. This means inter alia that EU law precludes the setting up of disciplinary bodies which fail themselves to satisfy the guarantees inherent in effective judicial protection, including that of independence. In answer to the tired argument of the Polish government that the Court would lack jurisdiction to review its “reforms”, the Court refers the Polish government to its recent ruling in the cases of Miasto Łowicz and Prokurator Generalny. In this ruling, loudly praised by Poland’s Ministry of Justice as the preliminary ruling requests were found inadmissible, the Court yet again reiterated that “although the organisation of justice in the Member States falls within the competence of those Member States, the fact remains that, when exercising that competence, the Member States are required to comply with their obligations deriving from EU law and, in particular, from the second subparagraph of Article 19(1) TEU” (para. 36). 

Secondly, by including unusual developments outlining how its own A.K. ruling and connected rulings issued by the Polish Supreme were disregarded by Polish authorities and in particular the “disciplinary chamber” at the beginning of its order (paras 18-24), the Court implicitly but unmistakeably indicates its disapproval at the disciplinary chamber’s defiant and persistent refusal to obey both EU and Polish law. This was bound to legally matter when the Court had to decide whether the Commission had correctly established that the granting of the requested interim measures satisfied the condition in relation to the existence of fumus boni juris (para. 52 et seq.). Unsurprisingly, having first meticulously recalled what it had previously decided in A.K. as regards the scope of the requirements of independence and impartiality, the Court concludes that the Commission’s claim regarding the lack of a guarantee as to the independence and impartiality of the “disciplinary chamber” appears, prima facie, not unfounded. 

Thirdly, as regards urgency, the Court, in line with its previous case law, strongly emphasises how the so-called “judicial reforms” pushed by Poland’s ruling party threaten to damage the independence of Polish courts and as such, simultaneously threaten to damage the decentralised and interconnected legal order organised by the EU Treaties. In an unprecedented step (to the best of our knowledge), the Court finds that a body such as the “disciplinary chamber” pauses a threat of serious and irreparable harm to the EU legal order due to the scope of its disciplinary jurisdiction as regards Polish judges and the fact that its lack of independence and impartiality cannot be, prima facie, ruled out. The Court’s holistic approach, which looks at the broader and systemic impact the seemingly lack of independence of the disciplinary chamber could have on ordinary courts and the Supreme Court as a whole, may be viewed as both warranted and compelling. Particularly significant is the Court’s observation (para. 90) that the “mere prospect” for Polish judges to “face the risk of a disciplinary procedure”, which could bring them before a body whose independence would not be guaranteed, is likely to affect their independence regardless of how many proceedings may have been initiated or the outcomes of these proceedings to date. 

Fourthly, the Court has suspended, again for the first time to the best of our knowledge, the activity of a body masquerading as a court. With its usual chutzpah, the Polish government claimed that the Commission was asking the Court to take measures which would violate the “fundamental structural principles of the Polish state” (para. 106) having previously claimed a violation of the principle of irremovability of judges (para. 43), which they already been found to have violated twice by the Court in two previous unprecedented rulings (analysed e.g. here and here). Without having to examine the Polish government’s well established track record when it comes to violating the Polish Constitution and annihilating judicial independence, the Court of Justice patiently explained that its order does not in fact require the dissolution of the disciplinary chamber nor the suspension of its administrative and financial services or the dismissal of the individuals appointed – unlawfully one may add – to this body which, let us not forget, was already found not to constitute a court by Poland’s Supreme Court prior to the Court of Justice’s order. The eventual budgetary as well as the limited practical consequences of the suspension of (arbitrary) cases pending before the non-court entity known as the disciplinary chamber (see e.g. the pending kangaroo proceedings against Judge Tuleya), cannot in any event prevail over the general interest of the EU in the proper functioning of its legal order. 

Accordingly, and unsurprisingly, the Court granted the Commission’s application for interim measures. A number of weak spots can be identified from this otherwise compellingly reasoned and, on all points, fully convincing Grand Chamber order. These weak spots are all connected to the limited scope of the Commission’s application for interim relief in a situation where the Commission is furthermore yet to act against the “muzzle law”. Very briefly: (i) Not asking for a penalty payment from the start of the action beggars belief considering the track record of Polish authorities, which the Court itself noted as regards its AK ruling, which means Polish authorities will have all the time in the world to ignore the Court’s order until their capture process is completed; (ii) What about prosecutors who have been similarly harassed and subject to Kafkaesque proceedings and arbitrary sanctions; (iii) How long before we see Polish authorities switching to criminal proceedings against judges to achieve their (autocratic) goals?; (iv) What about the procedural defects characterising the arguably unlawful appointment process of the basis of which additional “judges” were appointed to the Supreme Court by the Polish President?

5. Still Too little, still too late? 

Polish authorities have not only been “actively and purposely organising non-compliance with the ruling of the Court of Justice of 19 November 2019 and the judgment of the Supreme Court of 5 December”, they have since also refused to acknowledge, let alone comply with the resolution adopted by three chambers of Poland’s Supreme Court on 23 January 2020 and which reiterated that the “disciplinary chamber” is not a court due to its lack of independence and therefore its “decisions” shall be considered null and void irrespective of when they were issued as they “deserve no protection”.

Viewed in light of this dictatorial pattern and the Soviet-style disciplinary developments witnessed over the past five years, culminating with a suspension and a pay cut of 40% imposed on Juge Juszczyszyn for seeking to apply the Court’s preliminary ruling of 19 November 2019, and the intervention of the “cardboard cut-out Constitutional Tribunal” to (illegally) neutralise the application of the Supreme Court resolution of 23 January 2020 notwithstanding the Constitutional Tribunal’s obvious lack of competence to do so, the Court of Justice was left with no choice but disable a body whose lack of independence and impartiality has been for a long time obvious to all but Poland’s autocratic party and associates.  

What else to do when according to the First President of Poland’s Supreme Court – herself one of the targets of the law which sought to retroactively lower the retirement regime of Supreme Court judges later found in breach of Article 19(1) TEU – the EU is faced with a situation where a Member State “no longer have independent courts or a third branch of government, independent of the executive.”

Let that sink in: Poland has no longer independent courts according the President of Poland’s (not-yet-but-soon-to-be-captured) Supreme Court. 

To contain this clear and present danger to the rule of law, the von der Leyen Commission must wake up from its current torpor and initiate infringement actions against the “muzzle law”; the ENCJ-suspended “National Council for the Judiciary”; the sham “Extraordinary Control and Public Affairs Chamber”; and last but not least, the captured “Constitutional Tribunal” whose intervention the Polish PM announced a few hours after the ECJ’s order. 

The Polish PM’s latest ploy is just the latest edition of a trick they previously used to disregard a binding resolution of the not-yet-captured chambers of the Poland’s Supreme Court to save the new “National Council for the Judiciary” which was established on the back of yet another obvious breach of the Polish Constitution. The Commission should remove their rose-tinted glasses and face up the harsh reality: They are dealing with rogue officials who have recurrently violated the EU principle of loyal cooperation while repeatedly showing their readiness to break all national rules, constitutional or otherwise, whenever convenient for the party. National governments should similarly stop wasting time with heart-warming rhetoric/no action statements when they have in fact the power to do something about Poland’s descent into authoritarianism by bringing infringements actions directly on the basis of Article 259 TFEU (on this note, we should however be grateful to the governments of Belgium, Denmark, the Netherlands, Finland and Sweden for supporting the Commission’s application. This is the least other governments should do). 

Dialogue wasn’t, isn’t and will NEVER be an effective way forward when dealing with bad faith actors engaged in an obvious constitutional coup d’etat. Failing to face up reality will only result in the Commission winning several legal battles, which, no matter how significant, will not prevent it from losing the broader one, similarly to what happened a few years ago in relation to Hungary. To put it concisely, and looking beyond the Commission’s interim relief victory, the von der Leyen Commission must now decide between swiftly pursuing difficult and no doubt controversial infringement actions or accepting the consolidation of a second autocracy within the EU

European Bonds for the European renaissance: with or without Germany?

an interview of Ezio PERILLO (Former judge at the General Court of the European Union)

Why are all these legal skirmishes still going on in the European Union Headquarters?
It’s true. Given the present situation, everyone would expect a Union with a human face and less technical attitudes. Instead, even at times like these, the Union seems to get entangled in legal harness and, above all, to suffer the diktats put forward by certain States which claim to be entitled to keep control, at least indirectly through the ESM’s condionality, on the expenses of the others Member States.
This was not the spirit with which in 1952, in the aftermath of the end of a horrible war,  the first European community was born. In the preamble to the ECSC Treaty (1952), the six founding States sought the establishment the “ of a broader and deeper community between peoples for a long time divided by bloody conflicts, and to lay the foundations for institutions – and I like to emphasise this passage – which will give direction to a destiny henceforward shared».


What is needed today?
We must regain these common aims. The ECB, the EIB and the Commission are certainly making massive efforts to tackle the current health emergency and a recession that is already upon us.They do so, however, with the resources and means they normally have, without daring, instead, to take the vital step that is required to face exceptional circumstances, in particular when they are caused by natural terrible factors.Public opinion cares very little about the technicalities of the ESM or the news that the provisions on the euro-stability have been suspended for some time, a suspension, by the way, which makes superfluous the possible ESM bailouts.
On other continents, also affected by the corona virus, nobody cares about the stability of the US dollar, the Chinese yuan or the Japanese yen. What really matters is to introduce as soon as possible the appropriate instruments to tackle the present situation, instruments that everyone can see and understand, citizens as businesses. 


Are you referring to European bonds?
Yes, but not to « eurobonds”, that where those designed only to ensure the stability of the euro. Today, European securities are needed exclusively to ensure the stability of the economy of the whole Union, in order to avoid the economic recession also in the area of non-euro Member States , such as Denmark, Sweden or Poland .Instruments that, like most of the bonds of this kind, will create fresh liquidity to be put in to the different circuits of the production and the trade. In short, securities in order to revive the economy of an entire continent and which we could therefore call, with true community sense, European Renaissance Bonds.


But, to issue them don’t we need the agreement of all the Member States?
Not at all. If Germany, like any other Member State, cannot help without the Union, the Union, on the other hand, does not always and necessarily need Germany or Holland to go ahead, certainly not in order to establish European debt securities.
The EIB, which has the legal and technical competences to issue securities of this type, takes its decisions by qualified majority.
Moreover, the Lisbon Treaty (2009) provides for the possibility, for nine Member States, the possibility to create, between them, an enhanced cooperation,  which  « shall aim to further the objectives of the Union, protect its interests and reinforce its integration » and which can be established quite rapidly. It is sufficient that the nine Heads of State or Government, the same as those who signed the letter of 25 March last, agree to submit a request accordingly. The authorisation is then granted by the Council, subject to the approval of the European Parliament, a condition which therefore legitimises the democratic basis for the issuance of these securities. Germany and Holland would obviously be welcome but, at this point, it would be up to them alone to decide whether or not to get on the train of European anti-recession solidarity.


But, funds will still be needed to secure these European bonds. Who puts them on?Certainly, the States affected by the pandemic cannot be asked to make other financial contributions to the Union for this purpose. For this same reason, the European budget does not appear to be the right financial support either. It is in fact an expenditure budget, largely made up of financial contributions provided by the States.

Could the funds from the ESM then be used?

First of all, let me recall that the ESM is not an EU body but an intergovernmental organization created by the euro area States.The ESM, however, is not the only instrument aimed to protect the stability of the euro. In fact, Article 136 TFEU provides that euro area States « can »  establish a stability mechanism, which means that they do not have the exclusive prerogative.
In any case, in order to change the operating conditions of the ESM (in particular that of a “strict conditionality” to which the granting of any financial assistance by the ESM must in any case be subject in any case) it is necessary to modify the said article of the Treaty, a procedure which requires the unanimity of the Governments involved and then the subsequent ratification by all the States concerned. In short, biblical times, compared to the emergency of a recession now at the doors.
Of course, every State, as it joined the ESM, can also unilaterally withdraw from it, taking back the money it paid to this fund. However, I am convinced that facing the European public opinion, Germany will not want to reach this latest ratio, so to oblige the nine States to leave the Mechanism. A Mechanism, in hindsight, which is by now not so useful and functional to the stability of the euro and to the recovery of deficits. Under the terrible blows of the coronavirus storm, which forced us all to stay on the same boat with equal rights and equal duties, the time has perhaps come to “scrap” this obsolete intergovernmental financial vehicle, in order to change it, as the European Parliament already wished in 2011,  into « a mechanism of the Union », structured upon community criteria  and operating through community procedures and on whose board the ECB and the Commission are not just, as now, simple « observers » .

When Adenauer went to the Bundestag immediately after the signing of the Treaties of Rome (1957) he said to the elected members of that assembly: « in Rome we signed a treaty not to make a German Europe but to move towards a European Germany » .

The problem of bonds aimed at revitalise the European single market and its economic  is undoubtedly also a political problem. In this perspective, I am also convinced that, as already widely voiced by many political figures, Germany is and will remain European. As Commissioner Gentiloni has rightly said, we still have to «bet »  on Germany. France, like Italy, Spain and the other signatory States of the letter of March 25, will do their part in this regard.
The path of enhanced cooperation, legally practicable also in this delicate matter, as it has already been for the creation, currently underway, of the European Public Prosecutor, seems to be the only one that is the most adequate and the quickest to effectively combat the looming recession. With the creation of the ECSC, the six founding States de facto abandoned the Marshall Plan’s method, to walk faster on the path of their economic recovery, and with their own legs.
All Member States, meeting in the European Council, could then instruct the Commission to submit to the Parliament and the Council a legislative proposal based on Article 5 TFEU, concerning the complementary competences of the Union in the field of close coordination of the economic policies of the Member States (articles 119, 121 and 136.1, TFEU), in order to create, on the pattern of the old one, a new European Union Stability Mechanism, completed by specific and distinct actions in the field of coordination of employment policies (Articles 145 and 149 TFEU) and social policies (article 155 and following TFEU) of the Member States in response to the pandemic crisis 2020.
Virtus unita, fortior.