Author: edecapitani

After PRISM : 181 ONGs ask for less surveillance and improved data protection standards..new global standards…

International Principles on the Application of Human Rights to Communications Surveillance

THE ORIGINAL CALL IS  PUBLISHED HERE : https://en.necessaryandproportionate.org/text

Final version 10 July 2013

As technologies that facilitate State surveillance of communications advance, States are failing to ensure that laws and regulations related to communications surveillance adhere to international human rights and adequately protect the rights to privacy and freedom of expression. This document attempts to explain how international human rights law applies in the current digital environment, particularly in light of the increase in and changes to communications surveillance technologies and techniques. These principles can provide civil society groups, industry, States and others with a framework to evaluate whether current or proposed surveillance laws and practices are consistent with human rights.

These principles are the outcome of a global consultation with civil society groups, industry and international experts in communications surveillance law, policy and technology.

Preamble

Privacy is a fundamental human right, and is central to the maintenance of democratic societies. It is essential to human dignity and it reinforces other rights, such as freedom of expression and information, and freedom of association, and is recognised under international human rights law.[1] Activities that restrict the right to privacy, including communications surveillance, can only be justified when they are prescribed by law, they are necessary to achieve a legitimate aim, and are proportionate to the aim pursued.[2]

Before public adoption of the Internet, well-established legal principles and logistical burdens inherent in monitoring communications created limits to State communications surveillance. In recent decades, those logistical barriers to surveillance have decreased and the application of legal principles in new technological contexts has become unclear. The explosion of digital communications content and information about communications, or “communications metadata” — information about an individual’s communications or use of electronic devices — the falling cost of storing and mining large sets of data, and the provision of personal content through third party service providers make State surveillance possible at an unprecedented scale.[3]

Meanwhile, conceptualisations of existing human rights law have not kept up with the modern and changing communications surveillance capabilities of the State, the ability of the State to combine and organize information gained from different surveillance techniques, or the increased sensitivity of the information available to be accessed.

The frequency with which States are seeking access to both communications content and communications metadata is rising dramatically, without adequate scrutiny.[4]

When accessed and analysed, communications metadata may create a profile of an individual’s life, including medical conditions, political and religious viewpoints, associations, interactions and interests, disclosing as much detail as, or even greater detail than would be discernible from the content of communications.[5] Despite the vast potential for intrusion into an individual’s life and the chilling effect on political and other associations, legislative and policy instruments often afford communications metadata a lower level of protection and do not place sufficient restrictions on how they can be subsequently used by agencies, including how they are data-mined, shared, and retained.

In order for States to actually meet their international human rights obligations in relation to communications surveillance, they must comply with the principles set out below. These principles apply to surveillance conducted within a State or extraterritorially.

The principles also apply regardless of the purpose for the surveillance — law enforcement, national security or any other regulatory purpose. They also apply both to the State’s obligation to respect and fulfil individuals’ rights, and also to the obligation to protect individuals’ rights from abuse by non-State actors, including corporate entities.[6] The private sector bears equal responsibility for respecting human rights, particularly given the key role it plays in designing, developing and disseminating technologies; enabling and providing communications; and – where required – cooperating with State surveillance activities. Nevertheless, the scope of the present Principles is limited to the obligations of the State.

Changing technology and definitions

“Communications surveillance” in the modern environment encompasses the monitoring, interception, collection, analysis, use, preservation and retention of, interference with, or access to information that includes, reflects, arises from or is about a person’s communications in the past, present or future. “Communications” include activities, interactions and transactions transmitted through electronic mediums, such as content of communications, the identity of the parties to the communications, location-tracking information including IP addresses, the time and duration of communications, and identifiers of communication equipment used in communications.

Traditionally, the invasiveness of communications surveillance has been evaluated on the basis of artificial and formalistic categories. Existing legal frameworks distinguish between “content” or “non-content,” “subscriber information” or “metadata,” stored data or in transit data, data held in the home or in the possession of a third party service provider.[7]

However, these distinctions are no longer appropriate for measuring the degree of the intrusion that communications surveillance makes into individuals’ private lives and associations. While it has long been agreed that communications content deserves significant protection in law because of its capability to reveal sensitive information, it is now clear that other information arising from communications – metadata and other forms of non-content data – may reveal even more about an individual than the content itself, and thus deserves equivalent protection. Today, each of these types of information might, taken alone or analysed collectively, reveal a person’s identity, behaviour, associations, physical or medical conditions, race, color, sexual orientation, national origins, or viewpoints; or enable the mapping of the person’s location, movements or interactions over time,[8] or of all people in a given location, including around a public demonstration or other political event. As a result, all information that includes, reflects, arises from or is about a person’s communications and that is not readily available and easily accessible to the general public, should be considered to be “protected information”, and should accordingly be given the highest protection in law.

In evaluating the invasiveness of State communications surveillance, it is necessary to consider both the potential of the surveillance to reveal protected information, as well as the purpose for which the information is sought by the State. Communications surveillance that will likely lead to the revelation of protected information that may place a person at risk of investigation, discrimination or violation of human rights will constitute a serious infringement on an individual’s right to privacy, and will also undermine the enjoyment of other fundamental rights, including the right to free expression, association, and political participation. This is because these rights require people to be able to communicate free from the chilling effect of government surveillance. A determination of both the character and potential uses of the information sought will thus be necessary in each specific case.

When adopting a new communications surveillance technique or expanding the scope of an existing technique, the State should ascertain whether the information likely to be procured falls within the ambit of “protected information” before seeking it, and should submit to the scrutiny of the judiciary or other democratic oversight mechanism. In considering whether information obtained through communications surveillance rises to the level of “protected information”, the form as well as the scope and duration of the surveillance are relevant factors. Because pervasive or systematic monitoring has the capacity to reveal private information far in excess of its constituent parts, it can elevate surveillance of non-protected information to a level of invasiveness that demands strong protection.[9]

The determination of whether the State may conduct communications surveillance that interferes with protected information must be consistent with the following principles.

The Principles

Legality: Any limitation to the right to privacy must be prescribed by law. The State must not adopt or implement a measure that interferes with the right to privacy in the absence of an existing publicly available legislative act, which meets a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of and can foresee its application. Given the rate of technological changes, laws that limit the right to privacy should be subject to periodic review by means of a participatory legislative or regulatory process.

Legitimate Aim: Laws should only permit communications surveillance by specified State authorities to achieve a legitimate aim that corresponds to a predominantly important legal interest that is necessary in a democratic society. Any measure must not be applied in a manner which discriminates on the basis of race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.

Necessity: Laws permitting communications surveillance by the State must limit surveillance to that which is strictly and demonstrably necessary to achieve a legitimate aim. Communications surveillance must only be conducted when it is the only means of achieving a legitimate aim, or, when there are multiple means, it is the means least likely to infringe upon human rights. The onus of establishing this justification, in judicial as well as in legislative processes, is on the State.

Adequacy: Any instance of communications surveillance authorised by law must be appropriate to fulfil the specific legitimate aim identified.

Proportionality: Communications surveillance should be regarded as a highly intrusive act that interferes with the rights to privacy and freedom of opinion and expression, threatening the foundations of a democratic society. Decisions about communications surveillance must be made by weighing the benefit sought to be achieved against the harm that would be caused to the individual’s rights and to other competing interests, and should involve a consideration of the sensitivity of the information and the severity of the infringement on the right to privacy.

Specifically, this requires that, if a State seeks access to or use of protected information obtained through communications surveillance in the context of a criminal investigation, it must establish to the competent, independent, and impartial judicial authority that:

  1. there is a high degree of probability that a serious crime has been or will be committed;
  2. evidence of such a crime would be obtained by accessing the protected information sought;
  3. other available less invasive investigative techniques have been exhausted;
  4. information accessed will be confined to that reasonably relevant to the crime alleged and any excess information collected will be promptly destroyed or returned; and
  5. information is accessed only by the specified authority and used for the purpose for which authorisation was given.

If the State seeks access to protected information through communication surveillance for a purpose that will not place a person at risk of criminal prosecution, investigation, discrimination or infringement of human rights, the State must establish to an independent, impartial, and competent authority:

  1. other available less invasive investigative techniques have been considered;
  2. information accessed will be confined to what is reasonably relevant and any excess information collected will be promptly destroyed or returned to the impacted individual; and
  3. information is accessed only by the specified authority and used for the purpose for which was authorisation was given.

Competent Judicial Authority: Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent. The authority must be:

  1. separate from the authorities conducting communications surveillance;
  2. conversant in issues related to and competent to make judicial decisions about the legality of communications surveillance, the technologies used and human rights; and
  3. have adequate resources in exercising the functions assigned to them.

Due process: Due process requires that States respect and guarantee individuals’ human rights by ensuring that lawful procedures that govern any interference with human rights are properly enumerated in law, consistently practiced, and available to the general public. Specifically, in the determination on his or her human rights, everyone is entitled to a fair and public hearing within a reasonable time by an independent, competent and impartial tribunal established by law,[10] except in cases of emergency when there is imminent risk of danger to human life. In such instances, retroactive authorisation must be sought within a reasonably practicable time period. Mere risk of flight or destruction of evidence shall never be considered as sufficient to justify retroactive authorisation.

User notification: Individuals should be notified of a decision authorising communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorisation. Delay in notification is only justified in the following circumstances:

  1. Notification would seriously jeopardize the purpose for which the surveillance is authorised, or there is an imminent risk of danger to human life; or
  2. Authorisation to delay notification is granted by the competent judicial authority at the time that authorisation for surveillance is granted; and
  3. The individual affected is notified as soon as the risk is lifted or within a reasonably practicable time period, whichever is sooner, and in any event by the time the communications surveillance has been completed. The obligation to give notice rests with the State, but in the event the State fails to give notice, communications service providers shall be free to notify individuals of the communications surveillance, voluntarily or upon request.

Transparency: States should be transparent about the use and scope of communications surveillance techniques and powers. They should publish, at a minimum, aggregate information on the number of requests approved and rejected, a disaggregation of the requests by service provider and by investigation type and purpose. States should provide individuals with sufficient information to enable them to fully comprehend the scope, nature and application of the laws permitting communications surveillance. States should enable service providers to publish the procedures they apply when dealing with State communications surveillance, adhere to those procedures, and publish records of State communications surveillance.

Public oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance.[11] Oversight mechanisms should have the authority to access all potentially relevant information about State actions, including, where appropriate, access to secret or classified information; to assess whether the State is making legitimate use of its lawful capabilities; to evaluate whether the State has been transparently and accurately publishing information about the use and scope of communications surveillance techniques and powers; and to publish periodic reports and other information relevant to communications surveillance. Independent oversight mechanisms should be established in addition to any oversight already provided through another branch of government.

Integrity of communications and systems: In order to ensure the integrity, security and privacy of communications systems, and in recognition of the fact that compromising security for State purposes almost always compromises security more generally, States should not compel service providers or hardware or software vendors to build surveillance or monitoring capability into their systems, or to collect or retain particular information purely for State surveillance purposes. A priori data retention or collection should never be required of service providers. Individuals have the right to express themselves anonymously; States should therefore refrain from compelling the identification of users as a precondition for service provision.[12]

Safeguards for international cooperation: In response to changes in the flows of information, and in communications technologies and services, States may need to seek assistance from a foreign service provider. Accordingly, the mutual legal assistance treaties (MLATs) and other agreements entered into by States should ensure that, where the laws of more than one state could apply to communications surveillance, the available standard with the higher level of protection for individuals is applied. Where States seek assistance for law enforcement purposes, the principle of dual criminality should be applied. States may not use mutual legal assistance processes and foreign requests for protected information to circumvent domestic legal restrictions on communications surveillance. Mutual legal assistance processes and other agreements should be clearly documented, publicly available, and subject to guarantees of procedural fairness.

Safeguards against illegitimate access: States should enact legislation criminalising illegal communications surveillance by public or private actors. The law should provide sufficient and significant civil and criminal penalties, protections for whistle blowers, and avenues for redress by affected individuals. Laws should stipulate that any information obtained in a manner that is inconsistent with these principles is inadmissible as evidence in any proceeding, as is any evidence derivative of such information. States should also enact laws providing that, after material obtained through communications surveillance has been used for the purpose for which information was given, the material must be destroyed or returned to the individual.

Signatories

  1. 7iber (Amman, Jordan)
  2. Access(International)
  3. Acción EsLaRed(Venezuela)
  4. ActiveWatch – – Media Monitoring Agency (Romania)
  5. Africa Platform for Social Protection – APSP (Africa)
  6. AGEIA Densi (Argentina)
  7. Agentura.ru (Russia)
  8. Aktion Freiheit statt Angst(Germany)
  9. Alfa-Redi  (LAC)
  10. All India Peoples Science Network (India)
  11. Alternatif Bilişim Derneği (Alternatif Bilişim) – Turkey(Turkey)
  12. Alternative Law Forum (India)
  13. Arab Digital Expression Foundation(Egypt)
  14. Article 19 (International)
  15. ASL19 (Canada/Iran)
  16. Asociación Civil por la Igualdad y la Justicia – ACIJ (Argentina)
  17. Asociación Colombiana de Usuarios de Internet  (Colombia)
  18. Asociación de Internautas Spain (Spain)
  19. Asociación Paraguaya De Derecho Informático Y Tecnológico – APADIT (Paraguay)
  20. Asociación por los Derechos Civiles – ADC (Argentina)
  21. Aspiration (United States)
  22. Associação Brasileira de Centros de inclusão Digital – ABCID(Brasil)
  23. Associació Pangea Coordinadora Comunicació per a la Cooperació (Spain)
  24. Association for Freedom of Thought and Expression – AFTE (Egypt)
  25. Association for Progressive Communications – APC (International)
  26. Association for Proper Internet Governance (Switzerland)
  27. Association for Technology and Internet – APTI(Romania)
  28. Association of Community Internet Center – APWKomitel(Indonesia)
  29. Australia Privacy Foundation – APF (Australia)
  30. Bahrain Center for Human Rights (Bahrain)
  31. Bangladesh NGOs Network for Radio and Communication – BNNRC (Bangladesh)
  32. BC Freedom of Information & Privacy Association (BC FIPA) (Canada)
  33. Benetech (USA/Global)
  34. Berlin Forum on Global Politics (BFoGP)(Germany)
  35. Big Brother Watch (United Kingdom)
  36. Bits of Freedom (Netherlands)
  37. Bolo Bhi (Pakistan)
  38. Brasilian Institute for Consumer Defense – IDEC(Brasil)
  39. British Columbia Civil Liberties Association – BCCLA (Canada)
  40. Bytes for All (Pakistan)
  41. Cairo Institute for Human Rights Studies(Egypt)
  42. Casa de Derechos de Quilmes (Argentina)
  43. Center for Digital Democracy (United States)
  44. Center for Internet & Society India (India)
  45. Center of Media Justice (United States)
  46. Centre for Community Informatics Research, Development and Training(Canada)
  47. Centro de Estudios en Libertad de Expresión y Acceso a la Información – CELE(Argentina)
  48. Centro de Tecnologia e Sociedade (CTS) da FGV  (Brasil)
  49. Centrum Cyfrowe Projekt: Polska (Poland)
  50. Citizen Lab (Canada)
  51. Citizens Network Watchdog Poland (Poland)
  52. ClubComputer.at (Austria)
  53. Collaboration on International ICT Policy in total East and South Africa (CIPESA) (Uganda / Africa )
  54. Colnodo(Colombia)
  55. Comisión Colombiana de Juristas(Colombia)
  56. Comité Cerezo México (México)
  57. Consumer Korea (South Korea)
  58. Consumers International(International)
  59. ContingenteMx  (México)
  60. datapanik.org (Belgium)
  61. DAWN Network  (International)
  62. DEJUSTICIA (Colombia/International)
  63. Delhi Science Forum (India)
  64. Digital Courage (Germany)
  65. Digital Rights Foundation  (Pakistan)
  66. Digitterra (International)
  67. DiploFoundation(International)
  68. Electronic Frontier Finland – EFFI (Finland)
  69. Electronic Frontier Foundation – EFF (International)
  70. Electronic Frontiers Australia – EFA  (Australia)
  71. Electronic Frontiers Italy – ALCEI  (Italy – Europe)
  72. Electronic Privacy Information Center – EPIC  (United States)
  73. European Digital Rights – EDRI  (Europe)
  74. European Information Society Institute – EISi(Slovakia)
  75. Fight for the Future  (United States)
  76. Foro Ciudadano de Participación por la Justicia y los Derechos Humanos – FOCO (Argentina)
  77. Foundation for Community Educational Media – FCEM (Thailand)
  78. Foundation for Information Policy Research – FIPR (United Kingdom)
  79. Free Network Foundation  (United States)
  80. Free Press (United States)
  81. Free Press Unlimited(Netherlands)
  82. Free Software Foundation Europe(Europe)
  83. Free Software Movement of India  (India)
  84. Freedom Against Censorship Thailand (FACT) (Thailand )
  85. Freedom of the Press Foundation (United States)
  86. Fundación Ambio (Costa Rica)
  87. Fundación Andina para la Observación y el Estudio de Medios  (Ecuador)
  88. Fundación Karisma (Colombia)
  89. Fundación Redes y Desarrollo – FUNREDES (República Dominicana – El Caribe)
  90. Fundación Vía Libre (Argentina)
  91. Global Voices Advocacy(International)
  92. Grupo de Software Libre de Cúcuta(Cúcuta, Norte de Santander, Colombia)
  93. Gulf Center for Human Rights  (Arab Gulf region)
  94. Hackerspace Rancho Electrónico (Mexico)
  95. Helsinki Foundation for Human Rights, Warsaw – HFHR (Poland)
  96. Hiperderecho (Peru)
  97. Human Rights Data Analysis Group(International)
  98. Human Rights Watch – HRW  (International)
  99. ICT Consumers Association of Kenya – ICAK(Kenya)
  100. Independent Journalism Center from Moldova(Republic of Moldova)
  101. Index on Censorship  (United Kingdom)
  102. Initiative for Freedom of Expression(Turkey)
  103. Initiative für Netzfreiheit  (Austria)
  104. Institute des Technologies de l’Information et de la Communication Pour le Developpement – INTIC4DEV (Africa)
  105. Instituto Baiano de Direito Processual Penal – IBADPP (Brasil/Bahia)
  106. Instituto Bem Estar Brasil (Brasil)
  107. Instituto NUPEF (Brasil)
  108. International Civil Liberties Monitoring Group(Canada)
  109. International Media Support – IMS  (International)
  110. International Modern Media Institute  (Iceland / International)
  111. Internet Governance Project, Syracuse University School of Information Studies (United States)
  112. Internet Society Palestine (Palestine)
  113. InternetNZ (New Zealand)
  114. Internews  (United States)
  115. IP Justice  (United States)
  116. Iraqi Network for Social Media (Iraq)
  117. Iriarte & Asociados  (Peru)
  118. ISOC Board of Trustees(International)
  119. IT for Change  (India)
  120. Iuridicum Remedium, o.s.(Czech Republic)
  121. Jonction (Mauritania, Senegal, Tanzania)
  122. Jordan Open Source Association(Jordan)
  123. Journaliste en danger (JED)  (Démocratique du Congo / Africa)
  124. Kenya ICT Action Network – KICTANet (Kenya)
  125. Kenyan Ethical and Legal Issues Network  (Kenya)
  126. La Quadrature du Net  (France/Europe)
  127. Latin American Network of Surveillance, Technology and Society Studies – LAVITS  (Latin America)
  128. Liberty  (United Kingdom)
  129. Liga Uruguaya de Defensa del Consumidor(Uruguay)
  130. Liga voor Mensenrechten vzw  (Belgium)
  131. May First / People Link  (United States/international)
  132. Media Action Grassroots Network – MAG-Net  (United States)
  133. Media Rights Agenda – MRA  (Ikeja, Lagos)
  134. MOGiS e.V. – A Voice for Victims (Germany)
  135. Movimento Mega (Brasil)
  136. Nawaat  (Tunisia)
  137. New York Chapter of the Internet Society(United States)
  138. Oneworld: Platform for Southeast Europe – OWPSEE  (Western Balkans)
  139. Open Internet Tools Project – Open ITP  (United States)
  140. Open Knowledge Foundation  (United Kingdom)
  141. Open Media and Information Companies Initiative – Open MIC  (United States)
  142. Open Net Korea (South Korea)
  143. Open Rights Group  (United Kingdom)
  144. Openmedia.ca  (Canada)
  145. Pacific Freedom Forum (Pacific Region)
  146. Pakistan Press Foundation – PPF (Pakistan)
  147. Palestinian Center for Development & Media Freedoms – MADA (Palestine)
  148. Panoptykon Foundation (Poland)
  149. Partners for Democratic Change Serbia(Serbia)
  150. People Who  (International)
  151. Privacy & Access Council of Canada(Canada)
  152. Privacy Activism  (United States)
  153. Privacy International (International)
  154. PROTEGE QV (Cameroon/ Africa)
  155. Public Association “Journalists” (Kyrgyzstan)
  156. RedPaTodos  (Colombia)
  157. Reporters Without Borders – RSF  (International)
  158. Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic – CIPPIC (Canada)
  159. SHARE Conference | SHARE Defense  (Balkan Region)
  160. Social Media Exchange  (Lebanon)
  161. Society for Knowledge Commons(India)
  162. Software Freedom Law Centre  (India)
  163. Southeast Asian Press Alliance (South East Asia)
  164. Statewatch  (United Kingdom)
  165. Sulá Batsú  (Costa Rica)
  166. Surveillance Studies Centre(Ontario, Canada)
  167. Surveillance Studies Network  (International)
  168. TagMeNot  Taiwan Association for Human Rights(Taiwan)
  169. TechLiberty (New Zealand)
  170. TEDIC  (Paraguay)
  171. Thai Netizen Network(Thailand)
  172. The New Renaissance Network(Sweden)
  173. TransMediar-Pimentalab [at] Universidade Federal de São Paulo  (Brazil)
  174. University of Campinas – Research Group CTeMe (Knowledge, Technology and Market) (Brasil)
  175. University of São Paulo’s Research Group on Access to Information Policies (GPoPAI-USP) (Brasil)
  176. Ushahidi  (International)
  177. VIBE!AT  (Austria)
  178. Voices for Interactive Choice and Empowerment(Bangladesh)
  179. West African Journalists Association (West Africa)
  180. WITNESS  (International)
  181. Zwiebelfreunde e.V.  (Germany)

[1]Universal Declaration of Human Rights Article 12, United Nations Convention on Migrant Workers Article 14, UN Convention of the Protection of the Child Article 16, International Covenant on Civil and Political Rights, International Covenant on Civil and Political Rights Article 17; regional conventions including Article 10 of the African Charter on the Rights and Welfare of the Child, Article 11 of the American Convention on Human Rights, Article 4 of the African Union Principles on Freedom of Expression, Article 5 of the American Declaration of the Rights and Duties of Man, Article 21 of the Arab Charter on Human Rights, and Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms; Johannesburg Principles on National Security, Free Expression and Access to Information, Camden Principles on Freedom of Expression and Equality.

[2]Universal Declaration of Human Rights Article 29; General Comment No. 27, Adopted by The Human Rights Committee Under Article 40, Paragraph 4, Of The International Covenant On Civil And Political Rights, CCPR/C/21/Rev.1/Add.9, November 2, 1999; see also Martin Scheinin, “Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism,” 2009, A/HRC/17/34.

[3]Communications metadata may include information about our identities (subscriber information, device information), interactions (origins and destinations of communications, especially those showing websites visited, books and other materials read, people interacted with, friends, family, acquaintances, searches conducted, resources used), and location (places and times, proximities to others); in sum, metadata provides a window into nearly every action in modern life, our mental states, interests, intentions, and our innermost thoughts.

[4]For example, in the United Kingdom alone, there are now approximately 500,000 requests for communications metadata every year, currently under a self-authorising regime for law enforcement agencies who are able to authorise their own requests for access to information held by service providers. Meanwhile, data provided by Google’s Transparency reports shows that requests for user data from the U.S. alone rose from 8888 in 2010 to 12,271 in 2011. In Korea, there were about 6 million subscriber/poster information requests every year and about 30 million requests for other forms of communications metadata every year in 2011-2012, almost of all of which were granted and executed. 2012 data available at http://www.kcc.go.kr/user.do?mode=view&page=A02060400&dc=K02060400&boardId=1030&cp=1&boardSeq=35586

[5]See as examples, a review of Sandy Petland’s work, ‘Reality Mining’, in MIT’s Technology Review, 2008, available at http://www2.technologyreview.com/article/409598/tr10-reality-mining/ and also see Alberto Escudero-Pascual and Gus Hosein, ‘Questioning lawful access to traffic data’, Communications of the ACM, Volume 47 Issue 3, March 2004, pages 77 – 82.

[6]Report of the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, May 16 2011, available at http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/a.hrc.17.27_en.pdf

[7]“People disclose the phone numbers that they dial or text to their cellular providers, the URLS that they visit and the e-mail addresses with which they correspond to their Internet service providers, and the books, groceries and medications they purchase to online retailers . . . I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.” United States v. Jones, 565 U.S. ___, 132 S. Ct. 945, 957 (2012) (Sotomayor, J., concurring).

[8]“Short-term monitoring of a person’s movements on public streets accords with expectations of privacy” but “the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.” United States v. Jones, 565 U.S., 132 S. Ct. 945, 964 (2012) (Alito, J. concurring).

[9]“Prolonged surveillance reveals types of information not revealed by short-term surveillance, such as what a person does repeatedly, what he does not do, and what he does ensemble. These types of information can each reveal more about a person than does any individual trip viewed in isolation. Repeated visits to a church, a gym, a bar, or a bookie tell a story not told by any single visit, as does one’s not visiting any of these places over the course of a month. The sequence of a person’s movements can reveal still more; a single trip to a gynecologist’s office tells little about a woman, but that trip followed a few weeks later by a visit to a baby supply store tells a different story.* A person who knows all of another’s travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups – and not just one such fact about a person, but all such facts.” U.S. v. Maynard, 615 F.3d 544 (U.S., D.C. Circ., C.A.)p. 562; U.S. v. Jones, 565 U.S. __, (2012), Alito, J., concurring. “Moreover, public information can fall within the scope of private life where it is systematically collected and stored in files held by the authorities. That is all the truer where such information concerns a person’s distant past…In the Court’s opinion, such information, when systematically collected and stored in a file held by agents of the State, falls within the scope of ‘private life’ for the purposes of Article 8(1) of the Convention.” (Rotaru v. Romania, [2000] ECHR 28341/95, paras. 43-44.

[10]The term “due process” can be used interchangeably with “procedural fairness” and “natural justice”, and is well articulated in the European Convention for Human Rights Article 6(1) and Article 8 of the American Convention on Human Rights.

[11]The UK Interception of Communications Commissioner is an example of such an independent oversight mechanism. The ICO publishes a report that includes some aggregate data but it does not provide sufficient data to scrutinise the types of requests, the extent of each access request, the purpose of the requests, and the scrutiny applied to them. See http://www.iocco-uk.info/sections.asp?sectionID=2&type=top.

[12]Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, 16 May 2011, A/HRC/17/27, para 84.

NEW!! : subscribe to the first summer school on the EAFSJ…

 

LogoSummerSchool2013Rome

Roma, 8-11 July
Sala conferenze Fondazione Basso – via della Dogana Vecchia, 5 – Roma

The European Area of Freedom Security and Justice (EAFSJ): scope, objectives, actors and dynamics.

Night view of Europe

Aim: to take stock of the current state of EAFSJ and of its foreseeable evolution within the next multiannual program 2015-2019 (to be adopted under Italian Presidency at the beginning of the next legislature).
Lenght: 4 one day modules
Subscriptions: on line on the Fondazione Basso internet site : http://www.fondazionebasso.it
Participation fees:
Euro 480,00 (ORDINARY FEE).
Euro 200,00 (FOR STUDENTS / RESEARCHERS) .
(Bank Account of Fondazione Lelio e Lisli Basso – Banca Nazionale del Lavoro Ag. Senato Palazzo Madama: IBAN IT18I0100503373000000002777 ).
Subscriptions should be submitted before June 15th.The Summer School will take place only if a minimum number of subscribers is reached !For further information : tel. 0039.06.6879953 – basso@fondazionebasso.it
 Languages: lessons will be mainly in Italian (some lessons will be in English and French), teaching material will be in Italian and/or English, French.
English/Italian translation will be available.
The programme is on the web-site of Fondazione Basso (www.fondazionebasso.it -Tel. 06.6879953 – email: basso@fondazionebasso.it)

July 8th
A Constitutional and Institutional perspective
09h00 am – 06h30 pm

Opening speeches:
Valerio Onida: Freedom, Security and Justice related policies from a constitutional perspective and in relation with international and supranational dimensions
Stefano Manservisi: After the Stockholm Programme : how to preserve the specificity of the European Area of freedom security and Justice related policies by integrating them in the general EU governance and legal framework?

Debate

Freedom Security and Justice as the core of the common constitutional european heritage
Protecting fundamental rights: the impact of the accession of the EU to the ECHR. A common European Constitutional Heritage arising from the Council of Europe and European Union European Courts. What can be expected from the Strasbourg Human Rights Court in areas related to the FSJ?.
Speaker: Giuseppe Cataldi

Freedom Security and Justice as the core of the common constitutional european heritage
Promoting fundamental rights: the European Charter and its impact on EU policies. Even if the Charter does not extend the EU competencies it is now a constitutional parameter to be taken in account not only by the European judges but also by the EU legislature, even for policies designed with a more limited scope.
Speaker:Ezio Perillo

Debate

Evolution and transformation of the principle of Primacy of EU law. Dialogue and mutual influence of European and national Constitutional Courts.
Fifty years after the landmark case of Van Gend en Loos and four years after the Lissabon-Urteil (Bundesverfassungsgericht judgment of 30.6.2009), the tensions between EU “limits” and national “counter-limits” could arise again notably in the EAFSJ area.
Speaker: Oreste Pollicino

The EAFSJ a cross road of European and national founding values (art. 2), as well as for fundamental and European citizenship rights. How manage the indivisibility of rights and a Member States differentiated integration ?
(Opt-in Opt-out Countries). How far can the EU impact on Member States internal legislation (Towards a “reverse Solange” mechanism)? How the EU and Council of Europe can influence national fundamental rights related policies
Speaker: Nicoletta Parisi

The EAFSJ as supranational constitutional area of democracy. From National State to the European Union: what kind of relation between national and european legal orders ?
Sixty years of EU integration have changed the concept of democracy and sovereignty. There is a metamorphosis in National State’ s traditional role and its constitutional elements such as territory, citizenship and sovereign power. The Kantian vision of a peaceful cosmopolitan project mirrors the category of EU citizenship arising in the EAFSJ. Today Habermas developed the concept of “Constitutional patriottism”, underlying a “constitutionalisation” of the European supranational area. What are the pro and cons of this EU perspective ? The post-Lisbon Treaty stressed that the EAFSJ is becoming the embryo of a European public sphere as well as of a first example of supranational democracy.
Speaker: Francesca Ferraro

Debate

July 9th
Institutional dynamics and EU practices
09h30 am – 06h30 pm

The EAFSJ before Lisbon. The intergovernmental cooperation. From “TREVI” via “Schengen” to Amsterdam. The first phase.
How formerly excluded EAFSJ related policies have been integrated into the EU framework. TREVI cooperation, the Schengen agreement (1985) and its 1990 Implementing Convention as well as the Dublin Convention on Asylum.
The emerging notion of supranational space in the Single European Act (1986). The mutual recognition principle in the Internal Market and in EAFSJ-related policies. The Schengen Acquis in the EU legal framework from Amsterdam to Lisbon. Opt-in and Opt-out Countries: the impact of differentiated integration. Schengen relevance and ECJ jurisprudence on the preservation of the Schengen system consistency. From cooperation to integration.
Speaker: Dino Rinoldi

Debate

The EAFSJ after Lisbon (1). How the EAFSJ specificity has been preserved by progressively integrating it in the ordinary EU (communitarized) legal institutional framework. The impact on the EU institutions and on the MS.
Dynamics and the role of the Institutions in promoting, negotiating and implementing the EAFSJ-related policies. European Council, European Parliament, Council of the European Union, Commission and Court of Justice interplaying in the EAFSJ. The preparatory work conducted behind the scene by the Commission Directorates General, the Council working bodies – COREPER, CATS, COSI – and the EP parliamentary committees
Speaker: Antonio Caiola

The EAFSJ after Lisbon (2) How democratic principles are fulfilled in the EAFSJ. The impact of the EP on legislative procedures.
The interparliamentary dialogue and the way how the EP and national parliaments play their role when verifying the subsidiarity and proportionality principles in the EAFSJ policies. The emerging role at EU level of “political families” represented at national European and international level (European political parties, EP political groups, national parties).
Speaker: Emilio De Capitani

Debate

The EAFSJ after Lisbon (3). How EU policies are framed and implemented at national level. How cooperation, mutual recognition and harmonisation are implemented
How EAFSJ policies are implemented at national level. Problems and opportunities arising notably when implementing the mutual recognition of other EU countries’ measures. How intertwined are the EU and national administration in the EAFSJ related policies. Is there complementarity between EU and National strategies? The EU financial levy as a facilitator of mutual EU-national coordination. The emerging role of EU Authorities and Agencies as a support and meeting space also for national administrations (Ombudsman, FRA, EDPS, FRONTEX, EASO, EMCDDA, EUROPOL, OLAF, CEPOL, EUROJUST, …).
Speaker: Lorenzo Salazar

Debate

July 10th
An European space of freedom and rights
09h30 am- 06h30 pm

The EAFSJ after Lisbon (4) Placing the individuale at the heart of EU activities
How EU legislation implements the principles of equality and non-discrimination. The ECJ jurisprudence and the phenomenon of reverse discrimination. EU citizenship-related jurisprudence. Judicial action at national and European level founded on the EU Charter. Infringement of EU founding values and fundamental rights as possible exceptions to the mutual recognition obligations? Fundamental Rights Agency.
Speaker: Valentina Bazzocchi

The EU evolving framework of Transparency, access to documents, principle of good administration, and of classified information
After Lisbon a more transparent independent and efficient EU administration can be founded on Arts 15 and 298 of the TFEU as well as Arts 41 and 42 of the European Charter. However the close intertwining of the EU and the Member States has created a hybrid system of European Classified Information (EUCI), which is particularly relevant in the EAFSJ policies. How do European and national institutions implement the EU principles? How is the principle of good administration secured? What role should the EU Ombudsman play?
Speaker: Deirdre Curtin

Protection of Personal Data. The EU reform.
After the Lisbon Treaty and the merger of the so-called first and third pillars, protection of personal data can be framed in a globally consistent manner. Informational self determination, protection against possible abuses by the private sector as well as by public sector (law enforcement authorities) can now be framed at European level by taking stock of the lessons learned at national and international level (Council of Europe, OECD). How to preserve the role of national authorities and of the new coordinating body.
Speaker: Vanna Palumbo

Freedom of movement border integrated management
Freedom of movement of European citizens as well as of third country nationals in the EU remains a central and controversial issue. The integrated external border management is progressively framed at legislative level (borders, visas..) and implemented at operational level also thanks to the emerging role of Frontex and of the new European networks (SIS II – VIS). New opportunities as well as risks emerge in the definition of the EU-Member State management of internal and external borders
Speaker: Luisa Marin

Debate

European Migratory policies
Objectives, legal framework and operational setting of the EU-Member State policies. Five years after the European Pact on Asylum and Migration (2008), what lessons can be drawn for the next (2015-2019) multiannual programme? What improvements can be foreseen for the EU migration governance at central and national level? How are the Member States implementing the EU legislation? What are the main external aspects of the EU migration policy?
Speaker: Henry Labayle

The European common asylum system (and of EASO and EURODAC)
After the first generation of EU “minimum” rules the EU has now established the Common European Asylum System foreseen by Art. 18 of the Charter and Art 78 of the TFEU by taking account of the jurisprudence of the Luxembourg and Strasbourg Courts. At national level high standards should be granted to avoid the problems found for instance with Greece when implementing the Dublin system. The principle of solidarity still seems to be underexploited. Attention should be paid to the new role of EASO (Reg. (EU) No 439/2010) as well as to the implementation of the EURODAC system.
Speaker: Patricia Van de Peer

Debate

July 11
An European space of security and justice
09h30 am -06h30 pm

Judicial cooperation in civil matters; complement of the freedom of movement?
Judicial cooperation in civil matters has been one of the most dynamic domains after the entry into force of the Lisbon Treaty. Enhanced cooperation took place in matrimonial matters and intellectual property. Special attention will be reserved for the recently revised Brussels I Regulation (which abolished the “exequatur” procedure) as well as for the new Regulations on succession and wills and on mutual recognition of protection measures in civil matters.
Speaker: Filomena Albano

Internal security strategy: crisis prevention and management.
Special attention will be paid to the implementation of the 2010 European Internal Security Strategy and its impact on the cooperation between the EU institutions and agencies as framed by the “Policy Cycle” for the 2013-2017 period. There will also be a presentation of the implementation of PRUM cooperation and of the “availability principle” as well as the way how security- and intelligence-related information is exchanged notably within the framework of the so-called “Swedish Initiative”. The role played by COSI, Europol and of the internal security fund will be presented and debated together with the impact of the up-coming “Lisbonisation” of EU measures adopted before the entry into force of the Lisbon Treaty
Speaker: Sandro Menichelli

Debate

Judicial Cooperation in criminal matters
How judicial cooperation in criminal matters has been developed between countries of different legal traditions (civil and common law). Problems and opportunities arising at each level of cross-border cooperation (open coordination, mutual recognition, legislative harmonisation). The European jurisprudence (Strasbourg and Luxembourg Courts) as well as the impact of the EU Charter. The implementation of the first post-Lisbon measures and impact of the Lisbonisation of former third pillar measures in this domain. Preserving the independence of the judiciary: towards European-wide judiciary quality evaluation systems.
Speaker: Luca De Matteis

The European Public Prosecutor: a pattern also for Member States?
The OLAF Reform and the Eurojust “Lisbonisation” are intermediate phases towards the creation of the European Public Prosecutor’s office (EPPO) (Art. 86 TFEU). The latter will be empowered to bring action also before national courts. The European legislation will determine the general rules applicable to the European Public Prosecutor’s Office, the conditions governing the performance of its functions, the rules of procedure applicable to its activities, as well as those governing the admissibility of evidence, and the rules applicable to the judicial review of procedural measures taken by it in the performance of its functions. What will be the impact, the risks and opportunities arising from the creation of this new European Institution?
Speaker: Claudia Gualtieri

How to empower the EU citizens when EAFSJ are shaped and implemented ?
Round Table with the Intervention of Paul Nemitz, Antonie Cahen, Robert Bray Tony Bunyan

Final Debate

PRESENTATION OF THE COURSE

The Treaty of Lisbon and the Charter of Fundamental Rights of the European Union, which entered into force on 1 December 2009, constituted an important step both at the legal level and at the political level in the evolution of the European Union. The aim of the EU now is not only “… to promote peace, its values and the well-being of its peoples”, having presided over, since the end of the Second World War, the longest ever period of peace between European States, but also to achieve “… an area of freedom, security and justice with respect for fundamental rights and the different legal systems and traditions of the Member States.”

After the Treaty of Lisbon, the policies already provided for in the Maastricht Treaty within the framework of the so-called “third pillar” and originally focused mainly on intergovernmental cooperation and cooperation between administrations, are now to evolve into European “common policies” directly towards the interests of the individual, who is placed “at the heart of European integration.”

It is a Copernican revolution in so far as the Union is called not only to offer “… its citizens an area of freedom, security and justice without internal frontiers, in which the free movement of persons is ensured in conjunction with appropriate measures with respect to external border controls, asylum, immigration and the prevention and combating of crime” (Art. 3 TEU and Title V TFEU) but also to promote (and not only protect) fundamental rights and prevent all forms of discrimination (Art. 10 TFEU) and strengthen EU citizenship (Arts 18-25 TFEU) and with it the democratic principles on which it is based (Title II TEU).

The fact that the competences related to the ASFJ are now “shared” with the Member States (Art. 4 TEU) and are to be focused on the rights of the person brings about a daily interaction between the national and the European level, bringing into play national and European values, rights and objectives.

The process of reciprocal hybridization between the nascent European model and traditional national models is anything but politically painless, as the experience of almost thirty years of Schengen cooperation shows.

The aim of this Summer School is to assess the progress and difficulties encountered by the European institutions and the Member States in implementing the Charter of Fundamental Rights and the objectives set by the European Council in the “Stockholm Programme” of 10 December 2009.

Based on this evaluation, we intend to shed light on the possible priority bearing in mind that:
– it will be necessary to adjust the secondary legislation of the European Union in the light of the values and principles which are now enshrined in the Lisbon Treaty and the Charter of Fundamental Rights (“Lisbonisation”);
– we shall be in the final phase of the accession of the EU to the European Convention on Human Rights;
– at the beginning of the next legislature, we will be entering into a new phase in the European judicial area with the negotiations on the establishment of the European Public Prosecutor and the transition to the ordinary legislative procedure with regard to measures of police and judicial cooperation in criminal matters adopted before the entry into force of the Treaty (the transitional arrangements end on 1 December 2014);
– Member States which have hitherto enjoyed special treatment (Ireland, Denmark and the United Kingdom in particular) should have clarified their position with respect to the new phase of the ASFJ and the Schengen cooperation.

In the course of the next legislature it will also be necessary to promote greater consistency between European and national strategies related to the European area of freedom, security and justice. Just as in the economic sphere, the divergence of national public policies has put at risk the credibility of the common currency, the diversity of standards for the protection of the rights in Member States is straining mutual trust, the application of the principle of mutual recognition and the very credibility of the nascent “European model”. The strengthening of the operational solidarity between Member States’ administrations – which is being developed for example within the framework of Schengen cooperation – must be accompanied by legislative, operational and financial measures that implement solidarity between European citizens and third-country nationals on the territory of the Union.

In this perspective, Italy may play an important role as the new multi-annual programme for 2015-2019 is to be adopted by the second half of 2014 under the Italian Presidency.

Speakers:

Academics:
Valerio Onida, Former President of the Italian Constitutional Court
Giuseppe Cataldi, Pro-rettore Università L’Orientale (Napoli)
Oreste Pollicino, Public comparative law Professor  (Università Bocconi – Milano)
Nicoletta Parisi, EU Law Professor  (Università Catania)
Francesca Ferraro, Visiting Professor (Università L’Orientale – Napoli)
Dino Rinoldi, International Law Professor  (Università Cattolica – Piacenza)
Valentina Bazzocchi, PHD EU Law (Alma Mater Università Bologna)
Deirdre Curtin, Professor of European Law (University of Amsterdam – NL),
Luisa Marin, Assistant Professor of European Law (University of Twente – NL)
Henri Labayle, Professeur de Droit international et européen (Université de Pau et des
pays de l’Adour – France)

Representatives and officials of European and national administrations:
Ezio Perillo (European Civil Service Tribunal)
Stefano Manservisi DG of the Commission DG Home
Paul Nemitz Director at the Commission DG Justice
Antoine Cahen, Patricia Van Den Peer, Claudia Gualtieri (European Parliament)
Filomena Albano, Luca De Matteis, Lorenzo Salazar (Italian Justice Ministery)
Sandro Menichelli (UE Italian Permanent Representation )
Vanna Palumbo (Garante Privacy IT)

Representatives of Civil Society:
Tony Bunyan, Director of Statewatch,Emilio De Capitani, FREE Group Secretary and Visiting Professor (Università L’Orientale – Napoli)

BuonGoverno

Towards Europol 2.0 : first obstacles during the parliamentary debate…

by Marine Marx

The long awaited Commission legislative proposal updating Europol to the new legal framework as described by art 88 of the TFEU has been recently submitted to the European Parliament and to the Council of the European Union. Quite surprisingly the first issue which has arisen during the parliamentary debate has been the proposed fusion of Europol with CEPOL (the European Agency in charge of training Law enforcement authorities).

The fusion of Europol and Cepol as a first test of a new general policy on EU agencies

It is worth recalling that this proposal comply with the general EU objective to make some order in the recent mushrooming of EU agencies (already 32, 23 of them created only in the last ten years). These decentralized agencies are playing an essential role not only in the implementation phase at technical, scientific and operational level but also when shaping new strategies and proposing new legislation in all EU domains of competence. However, as explained in a Joint Statement of the European Parliament, the Council of the EU and the European Commission on decentralized agencies[1], their creation has been done on a case by case basis without an overall vision of their role and place in the European institutional and legal framework. This led to an increase of decentralized agencies in a way that lack of consistency. To face these distortions, the Commission explained in the Roadmap on the follow-up to the Common Approach on EU decentralised agencies[2] its objectives to reach a more balanced governance, improved efficiency and accountability and greater coherence.

Thus, one of the major objectives is to enhance agencies’ efficiency and accountability. One of the initiatives to be pursued in this respect is to seek synergies between agencies, such as the possibility of sharing services based on proximity of locations or policy area or that of merging agencies whose tasks are overlapping and which would more efficient if inserted in a bigger structure.

This point stressed in the Common Approach establishes the foundations for the Commission’s proposal on a revision of Europol and its potential merger with CEPOL.

However merging Europol and Cepol risks to be a bumpy road..

On Tuesday, the 7th of May, a debate was held within the European Parliament’s civil liberties committee (LIBE) about the merger of the European Police College (Cepol) with the European Police Cooperation Agency (Europol). Thus, the LIBE committee organized during its meeting an exchange of views with Dr Ferenc Banfi, Director of CEPOL and Rob Wainwright, Director of Europol and the Chairs of the Management Boards on the proposal of a merger between Europol and CEPOL.

Continue reading “Towards Europol 2.0 : first obstacles during the parliamentary debate…”

European “Smart Borders” project : negative opinion of the Meijers Committee

The  Meijers Committee (*) has recently advised the members of the European Parliament to vote against the “Smart Borders” proposals (COM(2013) 95, 96 and 97).  

In its letter it has expressed its deep concerns with respect to the:
proportionality and practical feasibility of the proposals;
coherence of the proposals with existing databases;
– applicable standards of data protection for the data subjects;
– conditions for transmission of personal data to third countries;
broad discretion as regards the issuing of the registered traveller status;
– proposed amendments in the Schengen Borders Code;
– possible access to the Entry/Exit system for law enforcement purposes.

 Note on the Smart Borders proposals (COM(2013) 95 final, COM(2013) 96 final and COM(2013) 97 final)

 1. Introduction

 The proposed Entry/Exit System (EES) processes alphanumeric data and fingerprints upon entry and exit of the third-country national, aiming to improve the management of the external border and the fight against irregular migration and more specifically to contribute to the identification of any person who may not, or may no longer fulfil the conditions of duration of stay within the territory of the Member States (so-called “overstayers”). This would effectively mean that the EES would collect the personal data of all third-country nationals entering the Schengen area. The Registered Traveller Programme (RTP) enables pre-vetted individuals to cross borders faster than other third-country nationals and aims to offset the additional constraints by the EES on cross-border travel. According to the European Commission, yearly 109 million third-country nationals without a visa and 73 million third- country nationals with a visa cross the EU borders.

The costs of the Smart Borders proposals envisaged by the European Commission are 1.1. billion euro.1

The sheer amount of data collected, in combination with the high costs of establishing Smart Borders, require compelling justifications. The EU legislator is obliged to observe proportionality as a general principle of EU law. This means that the measure must be suitable and necessary to achieve the aim it pursues, and should not impose “a burden on the individual (…) excessive in relation to the object sought to be achieved”.2

The Meijers Committee is of the opinion that the Smart Borders proposals are neither proportionate, nor suitable to its stated aims and raise severe data protection concerns. Therefore, the Committee advises the European Parliament to vote against the proposals. 

 2. Proportionality and practical feasibility

 The proposals intend to facilitate the entry of “bona fide” travellers at the external borders and shorten waiting times.3 The EES is however likely to result in longer queues for third- country nationals, since all third-country nationals – also those that are not under a visa obligation – will be required to provide their fingerprints at the border. The RTP will only off-set waiting time to a limited extent, as only a limited number of third-country nationals will enrol in that programme.4 There is also a lack of clarity on the size of the problem of overstay which the EES intends to tackle. There are few reliable data on the numbers and profile of overstayers and there is very little research on the financial and social costs of the presence of third country nationals staying on an irregular basis in the EU.

Most importantly however, there is no direct link between the identification of overstayers and the stated objective of tackling irregular migration. The extent to which the information from the EES can help to implement and execute return proceedings is limited. The identification of overstayers does not provide authorities with any information as regards their location within the whole Schengen territory, nor does it facilitate return procedures. When a third county national is apprehended on suspicion of irregular stay, already now national authorities are able to establish the (ir)regularity of stay by examining the entry and exit-stamps on a person’s passport as well as by consulting the visa-stickers and VIS. Moreover, the mere identification of overstayers does not provide a solution in the situation where a third state does not cooperate in return proceedings. The side-effect of being able to collect statistics on overstay does not by itself justify the collection of large amounts of personal data.

Lessons need to be learnt from the experience with the setting up and practical operation of already existing databases. The European Commission itself has stated that a fully operational and developed Visa Information System (VIS) is “a prerequisite for the implementation of a Smart Borders System”.5 The Meijers Committee notes that the new generation Schengen Information System (SIS II) has only become operational as of 9 April 2013, the VIS is still in the process of being rolled out and access to EURODAC for law enforcement purposes has only been decided upon recently.6 There is therefore insufficient information to assess the functioning of existing databases and the added value of the current proposals. As required by the Hague Programme new centralised databases should only be created on the basis of studies that have shown their added value.7

Finally, the Meijers Committee wishes to point out the difficulties with the implementation of other information systems, most notably the SIS II, which was plagued with delays and cost over-runs due to technological problems. The United States has been unable to successfully implement a fully-functioning entry/exit system despite costly efforts to do so over the past decade.8 These experiences raise serious doubts as to the practical feasibility and cost-effectiveness of the current proposals. 

3. Coherence with existing EU legislation

The Smart Borders Package will not function in isolation. Close attention has to be paid to the interaction with other databases in the Area of Freedom, Security and Justice. The proposals do not stipulate the consequences of an entry as overstayer in the EES for the inclusion in other data bases or the possible issuing of a return decision and/or entry ban under the Return Directive 2008/115. The registration of entry bans into the SIS should always be subject to the principle of proportionality and requires an individual assessment, in accordance with Articles 21 and 24 of the SIS II Regulation. However, national practices with regard to the SIS and the application of entry bans show a diverging approach in the EU Member States.

In an earlier opinion, the Meijers Committee has already pointed out the legal uncertainty in relation to the issuing of an entry ban and its inclusion in the SIS.9 The Meijers Committee expects a similar problem with respect to the reporting of overstayers in the EES. When overstay in the past is an element to be taken into account when issuing a (new) Schengen visa to a third-country national, the risk exists that the fact that he or she is reported in the EES, will lead to an automatic refusal of a visa, not taking into account his or her personal circumstances or reasons to visit the EU.

 The Meijers Committee further points to the relationship of the EES and the reintroduction of internal border controls, regulated in Article 28 of the Schengen Borders Code. According to this provision, the obligation to enter the entry and exit data of the third country- national in the EES would apply mutatis mutandis

 Close attention also needs to be paid to the possible consequences of EES for EU citizens and especially third country family members of EU citizens. The proposals should guarantee that the application of the EES does not interfere with the rights laid down in Directive 2004/38 EC. Moreover, the Meijers Committee questions whether the EES can be applied to Turkish nationals falling under the Association Agreement and their family members in light of the standstill clause in Decision 1/80 and the nondiscrimination clause in Article 9 of the Association Agreement.

 Finally, the Smart Borders proposals refer to Directive 95/46 as the applicable legal framework for data protection. These rules are however under review and set to be replaced by a new general legislative framework on data protection (COM(2012 9,10 and 11). The Meijers Committee recommends that the adoption of proposals involving the storage of large amounts of data is postponed until the final adoption of clear and uniform rules on data protection. Following the adoption of a new legal framework, the Smart Borders proposals should be re-assessed in the light of the new data protection framework.

 4.Data protection rights

 It is established case law of the ECtHR that the mere collection, storage and processing of personal data amounts to an interference with the right to privacy (art. 8 ECHR and art. 8 EU Charter). Such interference can only be justified when it serves a legitimate aim and is proportionate to this aim. The data must be relevant and not excessive in relation to the purposes for which they are stored and preserved in a form no  longer than is required for the purpose for which those data are stored.10 As mentioned above, under point 2, the necessity and the proportionality of the Smart Borders proposals has not been established.

The Meijers Committee is of the opinion that the proposal for an Entry/Exit system does not offer sufficient guarantees to the data subject and leaves too much discretion to the Member States. In the following, the Committee makes a few comments on specific provisions relating to data protection in the proposal for an Entry/Exit system.

 § 4.1. Article 20- the storage of data

 Article 20 of the proposal for an EES regulates that data will be stored in the EES for six months when the third-country national exits the territory of the Member States within the authorised period of stay. Data shall be stored for a maximum period of five years when there is no exit-record following the date of expiry of the authorised period of stay. The unconditional application of a five years data retention period may result in a disproportional limitation of the individual freedom of movement. It could mean that an individual may not be able to re-enter the EU during five years, also when a person has overstayed his or her authorised stay for a negligible amount of time or for causes not attributable to him or her.

 § 4.2. Article 21- the possibility to amend data in EES

 The proposal is flawed as regards the rights granted to the data-subjects in case of justifiable overstay or of an erroneous entry in the EES. It is crucial that a third-country national has the possibility to request the,competent authorities to delete or amend such data and is given an effective judicial remedy, including interim measures, if the authorities refuse to amend the data, especially if in the future data stored in EES can be accessed for law enforcement purposes. Article 21 of the proposal includes these rights, but its text provides the Member State a wide discretionary power; notions such as “without delay”, “unforeseeable and serious event” and “in case of errors” can be interpreted in many different ways.

Also, the decision on which evidence shall be admitted to support the claim for amendment of the data should not be left to the discretion of the Member States. Considering that exceeding authorised stay might lead to the expulsion of the third country national, a clearly defined provision, including the possibility to grant suspensive effects to the appeal lodged on EU level is necessary. Finally, the Meijers Committee points at the important problem of the practical accessibility and implementation of the rights in Article 21, especially when the individual concerned has left the EU territory.

 § 4.3. Article 27- transfer of data to third countries

 The Meijers Committee is concerned about the wide discretionary power left to the national authorities of the Member States with regard to the transfer of personal data from the EES to third countries, as provided in Article 27 of the proposal. This discretionary power undermines the general principle that data shall not be transferred to third countries, third parties or organisations. The transfer of data to third countries is allowed for the purpose of proving the identity of third-country nationals, including for the purpose of return. The conditions to allow for such communication do not offer sufficient guarantees. It has not been substantiated why the transfer of EES data to third countries is necessary for the return of third- country nationals.

 Furthermore, Article 27(3) regulates that the transfer of third countries shall not prejudice the rights of, refugees and persons requesting international protection, in particular as regards non-refoulement. The Meijers Committee notes that it should be clarified how and by whom the decision on the transmission of data to third countries and the risk of non-refoulement will be examined and if the Member State involved will be held responsible when something happens to the person upon return to his or her country of origin.

 § 4.4. Articles 29 and Article 32- Liability and penalties

 Article 29 on the liability for suffered damage as a result of an unlawful processing operation or any act incompatible with the EES does not offer a strong position to the third- country national; Member States will be exempted from liability if it proves that it is not responsible for the event giving rise to the damage. This again leaves too much room for interpretation, especially because no clarity is given on the burden of proof, and the possibility to claim compensation is left to national law.

Article 32 provides for the possibility for the Member States to lay down rules on (administrative or criminal) penalties applicable on infringements of data protection provisions in this Regulation. These penalties should be “effective, proportionate and dissuasive”. While this formulation is consistent with EU law, the Meijers Committee finds that future evaluation mechanisms of the EES should assess carefully whether national provisions implementing this provision do guarantee in an effective manner European data protection rules.

 § 4.5. Role of the supervisory authorities

 Considering the current use and development of large-scale databases in the EU and other instruments involving data processing, such as the API Directive, the VIS and Eurodac, the Meijers Committee underlines the excessive increase of workload of the national supervisory authorities and the EDPS. This development carries the risk that supervisory authorities will not be able to exercise their tasks effectively. Therefore, the financial and personal means which are necessary for data protection authorities in order to be able to perform their tasks effectively with respect to the whole data protection framework, should be taken into account and guaranteed.

 5. Access to Entry/Exit System for law enforcement purposes and the possibilities offered by Privacy by Design

 The current proposal for an EES clearly indicates that in the near future access to the Entry/ Exit System for law enforcement purposes will be considered. This can be derived from the Impact Assessment, where access for law enforcement is already explored and recital (11) where it is set out that the technical development of the system should be as such that in the future access for law enforcement purposes will be possible. The Meijers Committee regrets the premature reference to this possibility because it obscures the discussion on the desired form and the necessity and proportionality of the system as it stands.

As already expressed in earlier comments, the Meijers Committee underlines its strong objections to provide access for law enforcement purposes.11 Access for law enforcement purposes to the EES containing data of a large group of innocent persons is to be considered as a disproportional limitation of their privacy and data protection rights, including the principle of purpose limitation. In this context, the Meijers Committee recalls that preliminary questions have been submitted by national courts in Germany and the Netherlands to the Court of Justice of the European Union on the implementation of the Regulation (EC) No 444/2009 on standards for security features and biometrics in passports and travel documents issued by the Member States.12 In these questions, the national courts voice their concerns about the proportionality of the central storage of biometric data in passports and travel documents and their use for other purposes and about the relationship of the Regulation with the rights to privacy and protection of personal data safeguarded under Article 7 and 8 of the Charter of Fundamental Rights and Article 8 ECHR.

 Although access for law enforcement purposes is not regulated in the current proposal, it is required that a technical system be set up in order to allow such access (Recital 11). In view of this, the Commission should device solutions which accommodate privacy by design,13 by recurring to Privacy Enhancing Technologies (PET).14 For example, in this case, it should be considered to use fingerprint identification technologies coupled with the storage of templates (e.g. using hash functions) of fingerprints, instead of the storage of full fingerprints in the database. Besides enhancing security, by reducing the chance to compromise biometric data, this will offer some level of data minimisation and, consequently, will benefit proportionality for a database storing data of persons which are not suspected of any crime.

 6. The Registered Traveller Programme (COM (2013) 97 final)

 The Meijers Committee has also taken note of the proposal for a Regulation establishing a Registered Traveller Programme. Recognizing the usefulness of facilitating the swift entrance of frequent third- country travellers to the EU, the Meijers Committee questions whether Article 12 of the proposal does not give too much discretion to the competent authorities in deciding on an application for such a programme. Article 12 (d) for example provides that the applicant has to prove “his/her integrity and reliability, in particular a genuine intention to leave the territory in due time”, which can be interpreted in many different ways. The Meijers Committee is of the opinion that the provisions must be more concrete, in order to avoid discretionary decisions on the admission to the Registered Travellers Programme.

 7. Proposed amendments to the Schengen Borders Code (COM (2013) 96 final)

 The amendments to the Schengen Borders Code aims to bring the Code in line with the proposals for an EES and an RTP. The Meijers Committee notes that not only technical amendments are proposed, but also amendments on the substance, considerably extending the possibilities for border guards to check whether the third country national is an overstayer. For instance, border guards now always need to verify that the third country national did not exceed the maximum duration of authorised stay in the territory of the Member States upon exit of the territory (addition para. IV to Article 7(3)(b)), whereas in the current provision this is not compulsory (Article 7(3)(c)(ii). This extended obligation is not in line with the aim to shorten waiting lines at the borders.

 The Meijers Committee is concerned about the amendments to Article 11 of the Schengen Borders Code. In the current Article 11 a presumption of irregular stay is provided for in the situation where a thirdcountry national does not bear an entry stamp, whereas in the proposed amendment not only the lack of an entry record in the EES presumes irregular stay, but also where there is an entry record but there is no exit date following the date of expiry of the authorised length of stay. The Meijers Committee notes that this considerably extends the possibilities for authorities to accept a presumption of irregular stay. This underlines the importance of entering data in the EES correctly and accurate, but also implies that clearly defined safeguards should be provided for to be able to rebut the presumption and to have an effective judicial remedy if the rebuttal of the presumption is not accepted.

 The Meijers Committee questions whether the criterion of providing “credible evidence, by any means, such as transport tickets or proof of his or her presence outside the territory of the Member State” does not leave too much discretion to authorities to decide on this issue, especially because of the serious consequences: the third- country national may be expelled by the competent authorities from the territory of the Member State concerned. The Meijers Committee considers that it should be investigated first how the Member States have applied this provision so far and whether it has lead to diverging practices.

 o-0-o

 1 Impact Assessment Proposal for a Regulation establishing an entry/exit system to register entry and exit data of third- country nationals crossing the external border of the Member States of the European Union (SWD (2013) 47 final), p. 11 and p.45.

2 P. Craig, G. de Búrca, EU LAW, Oxford, OUP, 2008, p. 545.

3 ‘Smart Borders’ enhancing mobility and security’, press release European Commission, 28 February 2013.

4 Dr. B. Hayes, M. Vermeulen, “Borderline EU Border Surveillance Initiatives », Heinrich Böll Stiftung, May 2012.

5 COM (2011) 680 final, p.7.

6 Regulation (EC) No 1987/2006 on the establishment, operation and use of the second- generation Schengen Information System (SIS II), Regulation (EC) No 767/2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas and amended proposal for a Eurodac Regulation for the effective application of the Dublin Regulation and  to request comparisons with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes (COM(2012) 254).

7 The Hague Programme, Strengthening Freedom, Security and Justice in the European Union (2005/C 53/01).

8 GAO report number GAO-09-1002T: ‘Homeland Security: Despite Progress, DHS Continues to Be Challenged in Managing Its Multi-Billion Dollar Annual Investment in Large-Scale Information Technology Systems’(15 September 2009).

9 CM1202 Note on the coordination of the relationship between the Entry Ban and the SIS- Alert- An Urgent need for Legislative Measures, 8 February 2012.

10 ECtHR S and Marper v. the UK, 4 December 2008, application nos. 30562/04 and 30566/04. See also ECJ Huber v. Germany, C-524/06, 16 December 2008.

11 See also a.o. CM1216, CM0910 and CM0714.

12 Dutch Council of State, case 201205423/1/A3, 28 September 2012, C-447/12 and Verwaltungsgericht Gelsenkirchen, C-291/12 Schwarz v. Stadt Bochum, 15 May 2012.

13 See the Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy, at: http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-03-19_Trust_Information_Society_EN.pdf.

14 See MEMO of the Commission Privacy Enhancing Technologies (PETs), Reference: MEMO/07/159, at; http://europa.eu/rapid/press-release_MEMO-07-159_en.htm#fn3; see also the Study on the economic benefits of privacy-enhancing technologies (PETs), Final Report to the European Commission, DG Justice, Freedom and Security, Prepared by London Economics,2010 at: http://ec.europa.eu/justice/policies/privacy/docs/studies/final_report_pets_16_07_10_en.pdf; see also Commission’s Communication COM(2007) 228 final, on Promoting Data Protection by Privacy Enhancing Technologies (PETs), at: http://eur-lex.europa.eu/LexUriServ/site/en/com/2007/com2007_0228en01.pdf.

 

 

(*) The Standing Committee of Experts on International Immigration, Refugee and Criminal law, was established in 1990 by five NGO’s: the Dutch Bar Association, the Refugee Council, the Dutch section of the International Commission of Jurists, the Netherlands Centre for Immigrants/FORUM and the National Bureau against Racism (LBR).The Committee is independent. Most of its members are lawyers, working at Law Faculties in the Netherlands or in Belgium. The Standing Committee monitors developments in the area of Justice and Home Affairs and presents its opinion to the Dutch Parliament, the European Parliament, or parliaments in other Member States (e.g. the House of Lords), to the Dutch government, the European Commission and to other public authorities and NGO’s.

 

Terrorism and “Intelligence-led policing”: the German Constitutional Court draws its “red lines”..

On April 23rd, shortly after the European Union started working on the new Europol legal framework which is deemed to align the main intelligence led policy Agency with the Lisbon Treaty and with the European Charter the German Constitutional Court (BVG) decided to impose a strict separation between the work of the police and intelligence services. As in several other cases where the BVG jurisprudence has influenced also the European legislature this ruling will be probably thouroughly analysed also in Brussels even if the BVG maintain that the issue falls under the national exclusive competence. Therefore it will be more than likely that the principles outlined in this ruling would be taken in account in the EU draft legislation on data protection when these data are collected for security purposes.

According to the BVG press release  (emphasis added) “…For the Karlsruhe based court, the exchange of data between the Federal Office for the Protection of the Constitution, intelligence services, military counter-intelligence and the police amounts to — a severe infringement of the rights of those concerned, which is why it can only be allowed in exceptional cases. The judges did, however, authorise an “anti-terrorist” listing, while declaring another “secret service contact” listing unconstitutional. Initiated in 2006, the second database contains information on 18,000 potential terrorists, supplied by 38 intelligence services.
The counter-terrorism database is in its fundamental structures compatible with the Basic Law. However, it does not meet the constitutional requirements regarding specific aspects of its design.
This is what the First Senate of the Federal Constitutional Court decided in a judgment that was issued on April 23. Under certain conditions, the unconstitutional provisions can continue to be applied until new regulation has been enacted, but no later than until 31 December 2014.

The Decision is Essentially Based on the Following Considerations: Continue reading “Terrorism and “Intelligence-led policing”: the German Constitutional Court draws its “red lines”..”

The EP Committee rejects the proposal for an european passenger name record system (PNR)

written by Marine MARX

Wednesday the 24th of April, the EP Civil Liberties committee rejected the Commission Proposal for on the use of Passenger Name Record data (EU PNR). This proposal aimed at allowing the transfer of air passengers’ data for security purposes inside the EU territory.

Indeed, air carriers should collect PNR data from passengers during reservation and check-in procedures for flights entering or leaving the EU. PNR includes notably the passenger’s name, address, phone number, credit card details as well as “free text” linked with the management of the travel contract. Following an already settled US and Canada and Australia practices[1], the Commission proposed in February 2011 to oblige air carriers to provide EU countries with the data of passengers entering or leaving the EU, for use in preventing, detecting, investigating and prosecuting serious crime and terrorist offences.

The result of the vote led the Civil Liberties committee to a heated debate between the ones in favor of an EU PNR Scheme and the ones who voted against it (30 against, 25 in favour).  This division has come without surprise on this issue as the PNR saga dates back to an EP resolution in March 2003[2] and has always been a divisive topic.

Continue reading “The EP Committee rejects the proposal for an european passenger name record system (PNR)”

Analysis :The second phase of the Common European Asylum System: A brave new world – or lipstick on a pig? By Professor Steve Peers, (*) University of Essex

ORIGINAL PUBLISHED ON STATEWATCH

(* FREE Group Member)

8 April 2013

Several years ago, the EU set itself the deadline of 2010 – later postponed to 2012 – for completing the second phase of the Common European Asylum System (CEAS). Near the end of March 2013, the European Parliament (EP) and the Council (the Member States’ interior ministers) finally agreed upon the texts of the two remaining legislative measures to this end.
No further EU measures on asylum (other than a revision of the current European Refugee Fund) are currently under discussion or planned for the time being. So the recently agreed rules will likely govern the issue of asylum in the EU for a number of years to come.

The objectives of the second phase of the Common European Asylum System were set out in the policy plan on asylum published by the Commission in 2008 (see the links below). This policy plan began by pointing out some key general trends.

In particular, a ‘critical flaw’ of the first phase of the Common European Asylum System was the wide difference in Member States’ recognition rates, ie the percentage of persons from the same country of origin whose claim for refugee status was accepted or not.

This divergence created ‘secondary movements’ (ie movements of asylum-seekers between Member States) and ‘goes against the principle of providing equal access to protection across the EU’.
Also, an increasing number of applicants were given ‘subsidiary protection’, ie a form of protection other than refugee status, and it was necessary to take account of this when developing the second phase legislation.

As for the content of the Common European Asylum System, the objective of creating the system was first agreed back in 1999, at the European Council (ie summit meeting) in Tampere, Finland. It was then agreed that there should be a ‘uniform status of asylum’ which would be ‘valid throughout the Union’.

Since the entry into force of the Treaty of Lisbon in 2009, these objectives are now a legally binding part of the EU Treaties (Article 78 of the Treaty on the Functioning of the European Union).

The most recent multi-year Justice and Home Affairs programme, agreed in 2009 (the ‘Stockholm programme’) states that:

The European Council remains committed to the objective of establishing a common area of protection and solidarity based on a common asylum procedure and a uniform status for those granted international protection. While [the] CEAS should be based on high protection standards, due regard should also be given to fair and effective procedures capable of preventing abuse. It is crucial that individuals, regardless of the Member State in which their application for asylum is lodged, are offered an equivalent level of treatment as regards reception conditions, and the same level as regards procedural arrangements and status determination. The objective should be that similar cases should be treated alike and result in the same outcome.

Furthermore:

There are still significant differences between national provisions and their application.
In order to achieve a higher degree of harmonisation, the establishment of CEAS, should remain a key policy objective for the Union. Common rules, as well as a better and more coherent application of them, should prevent or reduce secondary movements within the Union, and increase mutual trust between Member States.
With the recent agreement in principle on all of the remaining legislative proposals, it is time to assess whether the second phase of the Common European Asylum System will achieve the objective of ensuring common standards based on a high degree of protection.

Overview

There are five main measures making up the first phase of the Common European Asylum System, and all of them are being updated as part of the second phase of the system.

The state of play of these five measures is as follows: Continue reading “Analysis :The second phase of the Common European Asylum System: A brave new world – or lipstick on a pig? By Professor Steve Peers, (*) University of Essex”

An european area of freedom, security and justice ? Paving the way from Stockholm …to Rome in 2014

On November 7th the FREE Group submitted to the Chairman and other members of the Civil liberties Committee of the European Parliament its “Call for a true European Area of Freedom Security and Justice”. The main aim of the “Call” was to evaluate what has been done (or not done) since the entry into force of the Lisbon Treaty and the adoption of the Stockholm Programme.
Learning from failures and successes is a pre-condition for the new phase which will start from December 1st, 2014 (at the end of the five-years transitional period for the measures adopted before the Lisbon Treaty in judicial and police cooperation domain) (1).

According to the FREE Group “CALL” from December 2014 onward, EU and its Member States have to close the current gap between the EU legislation and the principles and objectives now outlined in the Treaties and in the European Charter of fundamental rights. Needless to say, the “lisbonisation” of police and judicial cooperation in penal matters, (1) will be the first test of the real will of the member States and of the EU institutions. Unfortunately the current situation is not promising at all and the announced UK opt-out will not make things easier either.
However, a fundamental shift of responsabilty between the EU institutions is also needed to make the EAFSJ more legitimate and credible.

The European Council which has acted until now practically alone when it has adopted the multiannual programmes of Tampere (1999), Den Haag (2004) and even Stockholm (2009). It should now accept the fact that after Lisbon, even if it will maintain its strategic role in this area (art.68 TFEU) it has to play it by taking in account the new EU institutional balance arising from the Treaties and the Charter. The new role of the European Parliament, of the Commission and of the Court of Justice in the EAFSJ policies requires a different relation with the European Council which is no more the “Deus ex machina” but an institution which like all the others should respect the principle of loyal cooperation, abide to the obligations of transparency (art. 15 TFEU), respect of democratic principles, dialog with civil society (art.11 TEU) and, last but not least, be accountable to the EU citizens.
In this perspective a strong interaction with the other Institutions directly elected by the european citizens such the European Parliament and of the national parliaments become unavoidable.
Moreover a stronger integration of the European Council within the “ordinary” EU institutional dialogue will not only re-establish the checks and balances within the EU (required since 1958 by the ECJ “Meroni” ruling) but could also trigger as a substantial effect, a real political debate also betweeen the european political “families” which still prefers hiding themselves behind the EU institutional machinery.
If such an open political debate arises it will be extremely beneficial for the all EU construction and could prove that the EAFSJ policies are no more an area restricted to skilled diplomats and burocrats “elites” shaping the Council and Commission’s Strategies, Conclusions, Guidelines, Roadmaps… .

The future Italian Presidency of the EU Council which will take place in the second semester of 2014, could play a decisive role for a more transparent and democratic phase of the EAFSJ.

However to make this change possible hard preparatory work is needed and should start already now because the EU is a sort of “super carrier” which requires time and skillfulness to change its direction. Moreover as soon as this change of strategy will become apparent it will inevitably create the opposition inside the Council, the Commission and even in the European Parliament as it happened for the “access to documents” file. It is well known that soon after the “Turco” ruling of the Court of Justice which has required more transparency in the Council and Commission these institutions have developped a clear opposite strategy to “protect” their old decision making procedures.

This kind of turf wars between the EU institutions could be extremely dangerous from an european citizen’s perspective because the EAFSJ policies should now be negotiated and implemented in full compliance with the EU Charter. They have become the core of a new European Public order which can be considered democratic only if the EU citizens and their representatives could influence both the national and European level. This objective was crystal clear when the Charter has been negotiated, and it has been reiterated also by seminal ruling of national Constitutional Courts, but since then it looks fading away from the EU legislative works and debates.

However this sort of resilience of the “Maastricht style” even after the Lisbon Treaty and EU Charter risks to be a slippery slope for the EAFSJ policies.

For thirty years the EU has underestimated the close relation between the EURO and a true EU Economic policy; let’s hope that the same mistake will not be repeated for the relation which has now to established between the EU Charter and the relevant EAFSJ policies. They should no more evolve, as it is still now the case, in a parallel world separated from the other EU policies notably in the economic and social sphere. In politics (as in nature) everything is linked. Again, the role that the future Italian Presidency could play will be extremely important because it will be at the beginning of a new EU legislature as well as of the new 18th months Trio Presidency cycle which will cover from 1st of July 2014 to December 31st 2015.

By framing the new global EU roadmap bringing together the EAFSJ policies with the new EU 2020 agenda the Italian Presidency can make the difference by setting a new bridge on (still) troubled waters.

EDC

1. See artt 9 and 10 of Protocol 36 on “TRANSITIONAL PROVISIONS CONCERNING ACTS ADOPTED ON THE BASIS OF TITLES V AND VI OF THE TREATY ON EUROPEAN UNION PRIOR TO THE ENTRY INTO FORCE OF THE TREATY OF LISBON

Article 9
The legal effects of the acts of the institutions, bodies, offices and agencies of the Union adopted on the basis of the Treaty on European Union prior to the entry into force of the Treaty of Lisbon shall be preserved until those acts are repealed, annulled or amended in implementation of the Treaties.
The same shall apply to agreements concluded between Member States on the basis of the Treaty on European Union.

Article 10
1. As a transitional measure, and with respect to acts of the Union in the field of police cooperation and judicial cooperation in criminal matters which have been adopted before the entry into force of the Treaty of Lisbon, the powers of the institutions shall be the following at the date of entry into force of that Treaty: the powers of the Commission under Article 258 of the Treaty on the Functioning of the European Union shall not be applicable and the powers of the Court of Justice of the European Union under Title VI of the Treaty on European Union, in the version in force before the entry into force of the Treaty of Lisbon, shall remain the same, including where they have been accepted under Article 35(2) of the said Treaty on European Union.
2. The amendment of an act referred to in paragraph 1 shall entail the applicability of the powers of the institutions referred to in that paragraph as set out in the Treaties with respect to the amended act for those Member States to which that amended act shall apply.
3. In any case, the transitional measure mentioned in paragraph 1 shall cease to have effect five years after the date of entry into force of the Treaty of Lisbon.
4. At the latest six months before the expiry of the transitional period referred to in paragraph 3, the United Kingdom may notify to the Council that it does not accept, with respect to the acts referred to in paragraph 1, the powers of the institutions referred to in paragraph 1 as set out in the Treaties. In case the United Kingdom has made that notification, all acts referred to in paragraph 1 shall cease to apply to it as from the date of expiry of the transitional period referred to in paragraph 3. This subparagraph shall not apply with respect to the amended acts which are applicable to the United Kingdom as referred to in paragraph 2.
The Council, acting by a qualified majority on a proposal from the Commission, shall determine the necessary consequential and transitional arrangements. The United Kingdom shall not participate in the adoption of this decision. A qualified majority of the Council shall be defined in accordance with Article 238(3)(a) of the Treaty on the Functioning of the European Union.
The Council, acting by a qualified majority on a proposal from the Commission, may also adopt a decision determining that the United Kingdom shall bear the direct financial consequences, if any, necessarily and unavoidably incurred as a result of the cessation of its participation in those acts.
5. The United Kingdom may, at any time afterwards, notify the Council of its wish to participate in acts which have ceased to apply to it pursuant to paragraph 4, first subparagraph. In that case, the relevant provisions of the Protocol on the Schengen Acquis integrated into the framework of the European Union or of the Protocol on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, as the case may be, shall apply. The powers of the institutions with regard to those acts shall be those set out in the Treaties. When acting under the relevant Protocols, the Union institutions and the United Kingdom shall seek to re-establish the widest possible measure of participation of the United Kingdom in the acquis of the Union in the area
of freedom, security and justice without seriously affecting the practical operability of the various parts thereof, while respecting their coherence.”

European Data Protection : legislative negotiations soon to be started …

Three years after the entry into force of the Lisbon treaty the long awaited legislative negotiations on the future European Union legal framework on data protection will now start between the European Parliament and the Council of the European Union. The competent parliamentary Committee LIBE will now debate two reports dealing respectively with
– a first report on the draft EU regulation covering the cases where possible the private sector is involved
– a second report on the draft EU Directive covering the cases where public authorities are involved.

The procedure

On the procedural side the two reports will in the coming months be debated and amendments will soon be submitted by all the political groups so that everyone will have the chance to take position on the main aspects of the proposed EU legislation. A first “orientation” vote will then take place and a majority will arise inside the parliamentary commitee and this majoritarian position will be the basis for the dialogue with the Council. The latter will also try to build its own majority between the national delegations. If successful a “general approach” will be endorsed by the Committee of Permanent Representatives (COREPER) and by the Council and this will be the Council alternative text to the parliamentary Committee “orientation”. The dialogue between the two institutions will then take place with the aim to reach a possible compromise.
If a compromise is reached it will be voted by the parliamentary committee and then by the plenary. The same will happen on the Council side and the procedure could then be considered closed (according to the practice of the so called “first reading agreement” an interinstitutional practice which has become the rule in the legislative negotiations at European Union level).

Will this procedure be successful for the data protection “package” ?

It is still possible but not granted as the issue of data protection is extremely sensitive and impact on fundamental interests in the public and private sphere. The end of the legislature is not so far (mid-2014) and there is not much time to close the negotiations in time if no “first reading” agreement is out of view in the coming months.
The pressure exist on both sides as Ireland, which is now chairing the Council Presidency, is the country where giants like GOOGLE and Facebook have their european seat, and is interested more than others in clarifying the new legal framework to avoid all the possible problems which could arise from a still unclear legal situation.
On the other side also the European Parliament is strongly committed in reaching an agreement because data protection has been at the centre of a more then a decade long “saga” with the other institutions (suffice to remember the controversial Plenary votes on the international agreements with the USA on Safe Harbor, PNR, SWIFT, and enquiry on the ECHELON system..).

However because of this pressure on both side the risk of stalemate could not also be excluded.

The evolution of the EU constitutional framework

On the Content side there are several new elements to be taken in account.
First of all since the entry into force of the Treaty of Lisbon the constitutional framework for data protection is radically changed.

Before this Treaty Protection of personal data was not an autonomous EU objective but a condition to be fulfilled as a corollary of other public objectives such as sharing data in the framework of the single market or collecting data to prevent transnational crime and terrorism. The legal basis for legislating in this domain where the articles of the treaties empowering the EU institutions for building the internal market (art.95 of the European Community Treaty) or to grant an hig level of security (art.29 of the Treaty of the European Union).

It is worth recalling that notwhitstanding its original focus on internal market the Community draft legislation (Com (90)0314 – C3-0323/Syn 287; OJ No. C277, 5.1.1990, p3) became the most advanced standard setting legal text on Data protection principles taking stock of the previous works in international fora such as the Council of Europe (Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, adopted on 28 January 1981) and in the OECD (OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal data, adopted on 23 September 1980). The legal framework for data protection by law enforcement authorities were before Lisbon much more sparse, confuse and vague because at that time protection of public security at EU level was dealt at intergovernamental level and there was no real will to harmonize the existing national (diverging) standards.
Only because of the pressure of the European Parliament and after the signature of the Lisbon Treaty (!) an intergovenramental Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters has been published on 30 December 2008. However the Framework Decision which is still into force cover only transnational transfert of data so that it does not establish a common level of privacy protection nor cover the EU institutions and agencies (Schengen information system included) which continue even today to consider as reference the Council of Europe Convention of …1981 and a Recommendation of 1987 .

The lack of a legal general framework for data protection together with a lack of Member States political will have probably been the main cause of the interinstitutional conflicts of the last fifteen years as well as of the growing tensions with the USA. As it happens often in case of interinstitutional stalemate the only progresses made came from the jurisprudence of national and european judges.()

After the entry into force of the Treaty of Lisbon everything is changed because data protection has been recognised as a fundamental right as well as a self standing objective of the European Union.

On the first aspect the art. 8 of the EU Charter is crystal clear:
“(1) Everyone has the right to the protection of personal data concerning him or her.
(2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
(3) Compliance with these rules shall be subject to control by an independent authority.

In short, protecting personal data is like protecting not only the image of an individual but also his ability to act in a given society without external public and private interference (the so-called right to “self-determination” which has been shaped already in 1983 by the jurisprudence of the German Constitutional Court. According to the “Census” judgment:“A social and legal order in which the citizen can no longer know who knows what when about him and in which situation, is incompatible with the right to informational self-determination. A person who wonders whether unusual behaviour is noted each time and thereafter always kept on record, used or disseminated, will try not to come to attention in this way. A person who assumes, for instance, that participation in a meeting or citizen initiative is officially recorded, and may create risks for him, may well decide not to use the relevant fundamental rights ([as guaranteed in] Articles 8 and 9 of the Constitution). This would not only limit the possibilities for personal development of the individual, but also the common good, because self-determination is an essential prerequisite for a free and democratic society that is based on the capacity and solidarity of its citizens”.
To protect personal data amounts not only to protect the liberty of the individual and, his dignity but even a more general good of the democratic society itself.

However such beautiful principles would be meaningless if not reflected in a binding legislation and in the daily life. To reach this objective art. 16 of the Treaty on Functioning of the European Union (TFEU) makes clear that personal data should be protected by “Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data.”

This will not be an easy task because EU law cover now all the main aspects of a person’s daily life in a global world where personal data have become the blood of the information society.
Massive data collection, on-line tracking and profiling not only by private companies but also by public authorities have become so widespread that many people consider that the protection of personal data itself do not exist any more. It seems that it has been killed
– by widespread invasive relatively low-cost technology
– by individual’s naïve behaviour in the social network
– by big private societies which are making an incredible amount of money from on-line advertising built on the exploitation of personal data (obtained for free)
– and last but not least by public authorities which, in a borderless world, having the facto lost the control of their territories try to prevent crime and terrorism by profiling potential dangerous people and collect everywhere massive amounts of personal data.

The post-Lisbon legislative data protection package

Confronted with the challenge of defining the new post-Lisbon data protection framework the Commission after thorough comparative studies has decided to maintain a twin track approach by submitting a Draft Regulation for protecting personal data in the civil domain and a Draft Directive adressed to public authorities when collecting personal data for security purposes. This choice has not been appreciated by the data protection authorities and by the European Parliament not only for the risk of inconsistencies but also for the risk of grey areas for activities which can fall in between.

European Area of Freedom Security and Justice : Council draft Agendas for the First Semester 2013

In compliance with the principle of transparency and in order to improve the decision making process the Council of the European Union organize its internal works in the framework of two main instruments:

a) A 18 months program prepared by a the pre-established group of three Member States holding the Presidency of the Council. The draft Program shall be prepared in close cooperation with the Commission and the President of the European Council, and after appropriate consultations it should be endorsed by the General Affairs Council. (art.2 p6 of the Council Rules of Procedure).
The current “Trio Presidency” program cover the last 18 months of the legislature : Ireland (January-June 2013) Lithuania (July -December 2013) and Greece (January –June 2014).

b) A 6 months Programme which is prepared and diffused by the incoming Council Presidency. This program “shall establish, for each Council configuration, and after appropriate consultations, draft agendas for Council meetings scheduled for the next six-month period, showing the legislative work and operational decisions envisaged” (art.2 p7 of the Council Rules of Procedures). It is worth recalling that according to a Council Declaration “‘The President will endeavour to ensure that, in principle, the provisional agenda for each meeting of the Council dealing with implementation of the Title of the TFEU relating to the area of freedom, security and justice and any documents relating to the items involved reach members of the Council at least 21 days before the beginning of the meeting.”
The current Irish Presidency 6 months Program foresee two formal meetings of the Justice and Home Affairs Council on March 7-8th and on June 6-7th.

An informal Justice and Home affairs Council meeting is already foreseen on 17th/18th of January . It is worth recalling that this kind of Meeting is devoted to strategic debates and no formal votes can take place. For the incoming meeting the main issues to be debated are :
*”Migration for Growth”,
*“Greek National Action Plan on Asylum & Migration” an
*“Update on Situation in Syria (Presented by key EU agencies such as Frontex and EASO).
The second day will be devoted to :
*”Internal Security and Growth”,
*“European cross-border Insolvency law” and certain aspects of the European Data Protection reform.

The main issues to be debated respectively for the “Home affairs” and “Justice” at the formal Council meetings are the following:
Continue reading “European Area of Freedom Security and Justice : Council draft Agendas for the First Semester 2013”