WikiLeaks: an increased call for transparency

WikiLeaks’ latest release of classified documents raised deep concern among the United States (US) Government and put into question whether the freedom of expression, as established in the First Amendment of the US Constitution, should be object of revision by amending the Espionage Act of 1917.

Attorney General Eric H. Holder Jr. said that a criminal investigation of WikiLeaks is continuing even after Mr. Assange, a 39-year-old Australian, was released on bail after surrendering to British authorities on 7th December in connection with a case in Sweden in which two women have accused him of rape and other sexual crimes.

In the meantime the Air Force and the Library of Congress have blocked the WikiLeaks website.

The repeated calls for criminal prosecutions to the funder of WikiLeakes raise a whole series of questions related to the most fundamental questions about freedom of expression and about what the public can know about the actions of its own government and therefore its level of accountability.

The recent US hearing on WikiLeaks, “Hearing on the Espionage Act and the Legal and Constitutional Issues Raised by WikiLeaks“, which took place on the 16th December 2010 took into considerations, among others, these issues and will be therefore be the main source used for the following analysis.

The background

As of 3 January 2011, 1,997 individual cables had been released by WikiLeaks, which has planned to publish 251,287 cables, originating from 274 embassies, dating from 28th December 1966 to 28th February 2010.

According to WikiLeaks’ website the cables are divided in:

15, 652 secret

101,748 confidential

133,887 unclassified.

According to Judge Louie Gohmert the release of documents “threatens our national security, our relations with foreign governments, and continued openness from embassy officials and foreign sources”.

However, Mr. Gates while defining the leaks embarrassing, considers that they have had modest consequences for US policy, so far. Also Thomas Blanton pointed out that although most international affairs scholars consider the cables useful, so far nothing in the diplomatic cables compares to the impact on public policy in 2004 from the leak of the Abu Ghraib photographs, of the secret prisons, or the torture memos, or the Pentagon Papers’ contribution to the end of the Vietnam war.

So, although embarrassing, the cables do not represent a clear danger to the US security and, since unpopularity does not represent a crime as House Judiciary Committee Chairman John Conyers jr pointed out, it is not clear what law has been violated by WikiLeaks.

The existing difficulties in finding a shared opinion of what information is indeed sensitive and what is not, have led to the over-classification of material, as several panellists pointed out during the hearing. In particular, Thomas Blanton, Director of the National Security Archive George Washington University, stated that current and former officials estimate that between 50% to 90% of what is classified is either over-classified or should not be classified at all.

This opinion was further re-affirmed by former Governor of New Jersey Tom Kean, who commenting on the Committee on House Judiciary review on the US Government’s most sensitive records about Osama bin Laden and Al-Qaeda after 9/11, observed that 75% of what he read that was classified should not have been so. Finally, President Reagan`s National Security Council secretary Rodney McDaniel estimated in 1991 that only 10% of classification was for “legitimate protection of secrets”.

The over-classification of the U.S. government’s national security information means that thousands of soldiers, analysts and officers need access to huge quantities of classified information and this necessary access makes it impossible to effectively protect truly vital secrets, said Mr John Conyers. Harvard law professor Jack Goldsmith, who served President George W. Bush as head of the Office of Legal Counsel at the Justice Department, stated that: “a root cause of the perception of illegitimacy inside the government that led to leaking is, ironically, excessive government secrecy.” As Potter Stewart asserted “When everything is classified, then nothing is classified, and the system becomes one to be disregarded by the cynical or the careless, and to be manipulated by those intent on self-protection or self-promotion.”(…) The hallmark of a truly effective internal security system would be the maximum possible disclosure (…) secrecy can best be preserved only when credibility is truly maintained.”

Of course, nobody is in favour of leaks that put people at risk. But as Mr Bill Delahunt (who serve on the Foreign Affairs Committee and had the opportunity to chair the committee on oversight) pointed out, currently there is an overwhelming over-classification of material which calls for a review of the classification procedures.

Thus, if a great amount of information which is currently classified should not have been classified in the first place, what is the liability of WikiLeaks and more in general what are the obligations that an individual not employed by the Government has towards the latter to keep its own secrets?

To answer to these questions it might be useful to compare this situation to the client-attorney relation, explained Professor Geoffrey Stone, former dean of the University Chicago Law School: “The client is free to keep matters secret by disclosing them to no one. He is also free to disclose certain matters to his attorney who is under a legal obligation to respect the confidentiality of a client’s disclosures. In this sense, the attorney is sort of like the government employee. If the attorney violates the privilege by revealing the client’s confidences say to a reporter, then the attorney can be punished for doing so. But the newspaper cannot be constitutionally punished for disseminating the information.”

However, the proposed Shield Act would amend the Espionage Act of 1917 to make it a crime for any person knowingly and wilfully to disseminate, in any manner prejudicial to the safety or interest of the United States any classified information (…) concerning the human intelligence activities of the United States or (…) concerning the identity of a classified source or informant” working with the intelligence community of the United States.” The proposed Shield Act might be constitutional as applied to a government employee who “leaks” such classified material, but it is unconstitutional as applied to other individuals who might publish or otherwise disseminate such information.

On the basis of the principle of freedom of expression, which stems from the first amendment of the US constitution states:

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

Furthermore, the Supreme Court in the case Bartnicki v. Vopper, held that when an individual receives information from a source who has obtained it unlawfully, that individual may not be punished for publicly disseminating the information, absent the need of the highest order.

Therefore, the suppression of public speech must be the Government’s last rather than first resort in addressing a potential problem. The Government should demonstrate the existence of a clear and present danger before limiting such a right. If there are other means by which government can prevent or reduce the danger, it must exhaust those before it can even entertain the prospect of suppressing the freedom of speech.

On the contrary, Judge Ghomert was of the opinion that nowadays we are confronted with different tools of mass communication compared to the one that were foreseen when the First amendment was written and therefore the boundaries of free speech should be re-thought, so as to balance this freedom with the Government’s need to protect some information.

However, there are very good reasons for the Government to demonstrate a clear and present danger before reducing the freedom of speech and these reasons do not vary depending on different communication tools:

1) The simple fact that the dissemination of such information might in the words of the proposed Act “in any manner prejudice the interests of the United States,” does not mean that the harm outweighs the benefit of publication, as Chairman Conyers noted. 2) A case by case balancing of harm against benefit would be unwieldy, unpredictable, and impracticable. Clear rules are essential in the realm of free speech. That is why the Government has so much authority to restrict the speech of its own employees, rather than insisting that in every case the government demonstrate that the harm outweighs the benefit.

3) There are great pressures that lead both government officials, and even the public, to overstate the potential harm of publication in times of national anxiety. A strict clear and present danger standard serves as a barrier to protect us against that danger, Mr Conyers concluded.

It is evident that, in order to protect effectively real vital information, the classification system should be put under review. Indeed the leaks underline the weaknesses derived from a system not sufficiently transparent.

By focusing on prosecuting WikiLeaks, not only there is a risk of violating one of the fundamental constitutional freedom, but also there is a clear risk of limiting the right of citizens to hold accountable their own Governments democratically elected.

As Mr Delhaunt put it: “Secrecy is the trademark of totalitarism. To the contrary, transparency and openness is what democracy is about”.


EU Internal Security strategy: towards a EU-USA common path?

The traditional meeting between the justice and home affairs ministerial representatives of the United States of America (USA) and of the European Union (EU) took place the 8th and 9th December 2010. Ms Janet Napolitano, from the Department of Homeland Security and Mr Eric Holder, General Attorney of the Department of Justice have discussed with the European Union presidency and the Commissioners Ms Cecilia Malmström and Ms Viviane Reding the transatlantic initiatives, both planned and underway- aimed at preventing and combating terrorism and organised crime.

The meeting confirmed the hegemonic and inspiring role that the American administration has towards the European Union when it comes to defining and implementing the European Internal Security Strategy (ISS).

This is true when it come to the synchronisation of the EU’ activities, since the Justice and Home Affairs Council which took place in Toledo in February 2010 adopted the strategy while the US administration approved the Fourth revision of its own internal security strategy.

It is also true in relation to the increasing concurrence of the objectives underpinning it. After all this is not so surprising for two allies which cooperate on a daily basis in all different domains, going from intelligence, money laundering, to the fight against drugs.

Therefore, the European ISS includes the fight against cyber crime, measures aimed at the protection of commercial flights and cargo safety, use of financial personal data and airplanes passengers. These objectives have been recalled by the Commission in its recent Communication entitled “The EU Internal Security Strategy in Action: Five steps towards a more secure Europe”.

The crucial element here is that while these objectives correspond to what the Congress requested, this is not the case for the European Union, where the position of the European Parliament – which should ensure the legislative transposition of some of these objectives- is much more cautious than the one of the Congress. This is even more striking  if one take into consideration the fact that the Congress is considered even more demanding than both the Bush and Obama Administration, for instance, concerning borders control with the creation of an entry-exit system and limits to visa liberalisation.

The opposition of the Strasbourg Assembly to the indiscriminate collection and systematic storage of personal data of millions of air passengers (PNR) for several years is renowned. Especially, because these data includes also those of individuals which are not wanted nor suspects and that, even after the controls, are not considered a danger for the flights safety.

That is why the Council of the European Union adopted the 3rd December 2010 a negotiation mandate to the Commission which should allow revising in a more restrictive manner the data protection provisions which are provisionally applied on the basis of the EU-USA agreement, since 2007.

It goes without saying that it would be rather naïve to expect the American Administration to welcome such a measure, especially because the new Republican majority in the Congress would interpret it as a lowering down of the guard. Nevertheless, it is also self-evident that the current agreement risks to be rejected by the European Parliament at any moment and this possibility would open a dangerous vacuum, also for the aviation companies.[1]

Rather, it is reasonable to expect a greater willingness from the European Parliament’s side to adopt measures concerning the fight against cyber-crime, one of the USA priority for a long time and recently recalled by the Obama Administration during the last EU-USA summit of 20th November 2010 in the Joint EU-US Statement. The summit promoted a EU-USA working group in the field of cyber security and cyber criminality, which within a year will present a report on a series of initiatives, such as those discussed in the recent EU-US-NATO summit of the 24th November. These measures includes among others,

–       the creation of Computer Emergency Response Team (CERTs) in each European country, along the lines of the corresponding American centres, with the support of the European Agency responsible for network security (ENISA)

–       – the implementation of an emergency network

–       The creation of a sort of control room at the European level, as indicated by the Commission in its proposal for an internal security strategy.

These measures should be complemented by legislative measures such as the Proposal for a Directive on attacks against information systems, currently under review by the European Parliament. This measure will probably get inspiration from the Convention on Cyber crime of the Council of Europe, ratified by the United States itself.

However, all these measures, as well as the last ministerial meeting, all share the same unresolved problem related to the different data protection standards existing in the two sides of the Atlantic, namely in relation to public security. On the one hand, in the United States the protection of privacy and personal data is not considered a fundamental right (at most a penumbral right, subordinated to the safeguard of the right of expression foreseen by the first amendment and to the right of residence foreseen by the fourth amendment). On the other hand, in the EU, these rights are recognised as fundamental by art. 8 of the European Convention on Human Rights as well articles 7 and 8 of the Charter of Fundamental Rights.

Indeed, the European Parliament has requested, especially after 9/11 a transatlantic binding agreement in this field. This could eventually take place on the basis of negotiation mandate which the Council conferred to the Commission on the 3rd December and that Vice-President Reding has already presented to the Parliament.

Theoretically, the US authorities should not oppose it given that the mandate recalls the recommendations made by a common working group which has elaborated a series of common principles. However, the American authorities fear that the new agreement will make more difficult the transfer of data that is already taking place under the EU-USA agreement in the field of judicial cooperation in criminal matters, the agreements with Europol and Eurojust and more importantly the various bilateral agreements negotiated in the last decades between the USA and the EU Member States, in the field of security and fight against crime.[2]

The next months look quite challenging and it will be interesting to follow not only the negotiations but also the tone of the dialogue that will be established between the Congress and the European Parliament, i.e. whether  they will be able to share to a greater extent the perception of a threat and therefore the need to a common answer.

If this will take place, it could be possible to open the way to a Transatlantic Schengen-like space which ahs already been announced in the  EU-US Joint Statement on “Enhancing transatlantic cooperation in the area of Justice, Freedom and Security”


[1] The same issue is true for those measures which are considered too invasive for the individual privacy, such as the installation of body scanners (1300 are foreseen to be installed in the USA and a few tens in the European Union). It remains to be seen what the European Union will do to implement the new international strategy in the field of aviation security adopted by the 37th ICAO Assembly which took place on 8th October 2010 (Comprehensive Aviation Security Strategy) (ICASS).

[2] See Prüm-like agreements on the basis of which the EU Member States committed themselves to transfer information, , to the United States. These transfer include sensitive information, such as DNA codes, in exchange of looser conditions to obtain visa for their citizens.


FRONTEX: first ever RABIT operation deployed on 2 November

The Rapid Border Intervention Teams (RABIT) is a mechanism established so as to allow, in case of exceptional migratory pressure, rapid deployment of border guards on a European level.

Established in 2007 as part of the Agency’s founding mandate, RABIT operations have never been used up to now.

Home Affairs Commissioner Cecilia Malmström went to Greece to see the deployment of the 175 EU border guards posted to the Greece-Turkey border and according to Malmström’s spokesman the operation will consist in providing support activities of various nature.

According to Frontex the objective of the RABIT operation deployed in the Greek-Turkish border is to:

“assist Greek border control authorities in securing the land border with Turkey from a heavy influx of irregular migration. This will entail the deployment of 175 specialist border control personnel from 24 European countries for 24 hour joint surveillance of the land border in the area between Orestiada and Alexandroupolis, as well as additional officers at the Border Crossing Point (BCP) at Kipi.

In addition, guest officers will also be stationed at Athens airport and the operation will be supported by Frontex’s Return Coordination Office in Athens with a view to enhancing Greece’s capacity to return irregular migrants found to be staying illegally on EU territory.

Additionally to surveillance and border control, Frontex will provide interviewers to assist in the screening of apprehended migrants to ascertain their nationality and identity, as well as debriefers to gather evidence on the involvement of people smuggling networks and trafficking rings as well as other relevant intelligence on cross border criminal activities.

Therefore Frontex not only will be involved in surveillance but also in intelligence activities, by having access to personal data of individuals, in ways that are not precisely identified.

Human rights concerns

Although during these activities officers deployed are supposed to respect human rights during these operations as required by, inter alia, Articles 18 and 19 of the Charter of Fundamental Rights of the European Union, several doubts have been raised in this regard, especially taking into consideration the fact that officers may carry service weapons.

Amnesty International has addressed important questions to the State Secretary in charge of Migration and Asylum Policy for the Presidency of the Council of the European Union which took place the 8 and 9 November 2010.

These questions refer to:

The kind of training that officers have attended

According to Frontex the officers involved in RABIT operations have a curriculum that includes among others knowledge related to

“the history of EU and Schengen  EU legislation (special focus on Frontex Regulation, RABITs Regulation, Schengen Border Code)  human rights (Charter of Fundamental Rights of the EU, Geneva Convention and New York Protocol, Common European Asylum System) practical policing (intercultural management, practical work on the border).”

It remains to be demonstrated whether the fact that officers have basic notions on the above, represent sufficient guarantee for a full respect of human rights, including the principle of non-refoulement,  while operations are carried out.

The support that Frontex has received from experts in the field of international protection

No information has been provided in relation the support, if any, that Frontex has received from experts in the field of international protection when planning the RABIT operation.

In fact the decision to deploy a RABIT force follows the following procedure, as explained by Frontex:

“The decision on deployment of the Rapid Border Intervention Teams belongs to the Executive Director of Frontex. The final decision is preceded by a number of procedural steps:

a) Request of a Member State.

b) Information about the request from the Executive Director to the Management Board.

c) Assessment of the situation based on Frontex risk analyses and information provided by a Member State. The Executive Director may also send experts to the operational theatre in order to assess the situation.

d) Decision of the Executive Director (no later than five days from the date of the receipt of the request).

e) Communication on the decision to the requesting Member State and the Management Board.

f) If the decision is positive:

1. Preparation of the Operational Plan

2. Selection and composition of the teams to be sent

3. Deployment”

The kind of support that Greece has received in order to set up adequate reception facilities for all individuals whose status must be verified

So far no information has been found with the kind of support that Greece has received in order to set up adequate reception facilities for all individuals whose status must be verified.

The kind of involvement foreseen for humanitarian agencies and

Humanitarian agencies have requested to be involved in several occasions, so as to be able to monitor how Frontex has been carrying out its activities. However, none of these requests have been taken into consideration so far.

The existence of independent monitoring foreseen for these operation

Frontex explains that officers are subject to civil and criminal liability:

“While performing the tasks and exercising the powers, the members of the teams shall comply with Community law and the national law of the host Member State. While performing the tasks and exercising the powers, the members of the teams shall remain subject to the disciplinary measures of their home Member State. Where members of the teams are operating in a host Member State that Member State shall be liable in accordance with its national law for any damage caused by them during their operations.

Where such damage is caused by gross negligence or willful misconduct, the host Member State may approach the home Member State in order to have any sums it has paid to the victims or persons entitled on their behalf reimbursed by the home Member State.

Without prejudice to the exercise of its rights vis‐à‐vis third parties, each Member State shall waive all its claims against the host Member State or any other Member State for any damage it has sustained, except in cases of gross negligence or willful misconduct. (…) ”

However, Frontex has provided no information related to whether it has foreseen any measure to carry out an effective, constant and independent monitoring of the RABIT operation.

These questions are of utmost importance given the difficulties that third country nationals have to face in accessing refugee protection in Greece and the JHA Council that takes place on Monday 8 and Tuesday 9 November represents the appropriate forum to discuss such issues, especially because one of the point of the agenda concern s the development of the Common European Asylum System (CEAS), whose principles seems to be put increasingly under question by also but not only the Greek case.

Conference: Which Integration Policies for Migrants? Interactions between the EU and its Member States”

Please find in the link below information regarding the Conference entitled “Which Integration Policies for Migrants? Interactions between the EU and its Member States” to be held in Brussels the 28 and 29 October 2010

ACTA negotiations concluded…or maybe not?

The Anti-Counterfeiting Trade Agreement (ACTA) negotiations were concluded in Japan on October 2, after 11 round of the negotiations.

The Anti-Counterfeiting Trade Agreement (ACTA) began in Geneva two years ago. It is a plurilateral trade agreement aimed at establishing international standards on intellectual property rights so as to  assist those that are part of the agreement to fight against counterfighting and piracy.

It will include:

– state-of-the-art provisions on the enforcement of intellectual property rights (including provisions on civil, criminal, and border enforcement measures)

– cooperation mechanisms among ACTA Parties and

– establishment of best practices for effective Intellectual Property Rights enforcement.

The reason why ACTA has not been negotiated under the framework of the World Intellectual Property Organisation (WIPO) is related to the impossibility to find an agreement between all the members of WIPO. The last round of negotiations included: Mexico, Australia, Canada, the European Union (represented by the European Commission), Spain, an unnamed EU member state, Japan, Korea, Morocco, New Zealand, Singapore, Switzerland and the United States.

Acta has raised several criticisms (see previous post in this blog) concerning both its content and the secretative approach with which negotiations were held as the  consolidated text of 2nd October shows:

The scope

An unresolved issue refers to the  scope of the agreement, for instance, in relation to border measures (see italics underlined part).


In providing, as appropriate, and consistent with a Party’s domestic system of IPR protection and without prejudice to the requirements of the TRIPS Agreement, for effective border enforcement of intellectual property rights, a Party should do so in a manner that does not discriminate unreasonably between intellectual property rights and that avoids the creation of barriers to legitimate trade.




Each Party shall provide procedures for import and export shipments:

(a)            by which customs authorities may act upon their own initiative, to suspend the release of suspect goods; and

(b)            where appropriate by which right holders may request the competent authorities to suspend the release of suspect goods.

where appropriate,

2. situations where the goods are under Customs control:

Each Party may provide procedures for suspect goods in transit or in other

(a)            by which customs authorities may act upon their own initiative, to suspend the release of, or to detain, suspect goods; and

(b)            where appropriate, by which right holders may request the competent authorities to suspend the release of, or to detain, suspect goods.”

The inclusion of patents in enforcement measures at the border is one of the main concerns of civil society. This is particularly worrisome when it comes to public health border-enforcement measures related to patents within the European Union, which resulted in several stopped shipments of legitimate generic medicines in 2008. Although there are,provisions in the ACTA text addressing goods in transit within the border measures section, parties are still engaged in consultations on this issue.

Another controversial aspect is in the first paragraph under border measures,which refers to the product names associated with a particular place or characteristics. The compromise texts sets out a “certain principle” that signatories to ACTA must respect when putting into place enforcement mechanisms, but leaves open flexibilities for each member’s individual implementation. While some parties wants to include GIs, others think that ACTA should focus on issues of trademarks, counterfeiting and piracy.

On criminal enforcement, private acts of infringement will be excluded. Third-party liability has been removed from “Section 5: Enforcement of Intellectual Property Rights in the Digital Environment”. In this respect, third-party liability was a concern for internet freedom advocates . Several discussions surrounded the issue of the “three- strikes” legislation, which however is not included in the text.

Despite these aspects, technological protection measures remain in the digital section:

“Section 5: Enforcement of Intellectual Property Rights in the Digital Environment


1.            Each Party shall ensure that enforcement procedures, to the extent set forth in the civil and criminal enforcement sections of this Agreement, are available under its law so as to permit effective action against an act of intellectual property rights infringement which takes place in the digital environment, including expeditious remedies to prevent infringement and remedies which constitute a deterrent to further infringement.

2.            Each Party’s enforcement procedures shall apply to infringement of at least trademark and copyright or related rights over digital networks, including the unlawful use of means of widespread distribution for infringing purposes . These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity,

including electronic commerce, and, consistent with each Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.13

3.            Each Party shall endeavor to promote cooperative efforts within the business community to effectively address at least trademark and copyright or related rights infringement while preserving legitimate competition and consistent with each Party’s law, preserving fundamental principles such as freedom of expression, fair process, and privacy.

4.            Each Party may provide, in accordance with its laws and regulations, its competent authorities with the authority to order an online service provider to disclose expeditiously to a right holder information sufficient to identify a subscriber whose account was allegedly used for infringement, where that right holder has filed a legally sufficient claim of infringement of at least trademark and copyrights or related rights and where such information is being sought for the purpose of protecting or enforcing at least the right holder’s trademark and copyright or related rights. These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity, including electronic commerce, and, consistent with each Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.”

It is unclear what the procedure will be for resolving final outstanding issues (the one in italics, underlined and bold)..

The European Parliament has repeatedly reported the danger of having an anti-counterfeiting laws that endanger citizens’ fundamental freedoms (see Resolution of the European Parliament). Once MEPs learned that negotiations on the controversial agreement ended without their consent in Tokyo on Saturday (2 October), they called on the Commission to explain the matter at the earliest.

Besides the content of the agreement, the European Parliament has also criticised the Commission for not keeping it informed during the negotiations and for having denied access to ACTA documents.

For all these reasons Members of the European Parliament have asked the Commission to halt ACTA and have warned they will not give the agreement their approval, replicating the SWIFT case which took place at the beginning of the year.

While waiting for the next developments,  another post will therefore focus on the relation between governance and transparency.


(to be continued)

The European Union and State Secrets: a fully evolving institutional framework

Many contemporary debates surround the issue of the treatment of confidential information and state secrets both in the United States (1) and the European Union (2) and questions have also been raised over the WikiLeaks phenomenon. It therefore seems timely to try to shed some light on the way confidential information is handled by the European Union institutions, especially since we now have the entry into force of the Treaties of the European Union, on the Functioning of the European Union and the now binding Charter of Fundamental Rights.

Clearly, it is not technically appropriate to talk about state secrets in the case of the European Union, since the latter remains an international organisation entrusted by its Member States to intervene only in those areas established by the founding treaties and to pursue those objectives established by the funding treaties (3). Nevertheless, the European order now spans such a wide range of competences and has developed such a direct relation between citizens and the institutions that the need for transparency and political accountability is as essential for the European Union as it is for its Member States.

As long as the institutions’ work was covered by professional secrecy, there was minimal risk of leaks and any undesirable impact at the national level during the negotiating phases of European measures. Problems related to a different perception of transparency/secrecy were paradoxically raised with the process of democratisation of the European institutions which, due to Maastricht, has been accompanied with the widening of competences. Additionally, and more importantly, the Amsterdam Treaty ensured that the right of access to documents of the Parliament, Council and Commission (art. 255 TEC) was recognised as a fundamental right of European citizens (and of those legally residing in the EU).

In theory, a fundamental right can only be limited by law (4), but the institutional framework resulting from the implementing measures of article 255 ( EC Regulation 1049/01) is a long way from defining a coherent regime of this sensitive topic. To obtain such a result it would have been necessary to mediate between two different juridical traditions which divided (and still divide) some countries; indeed, Northern Europe is traditionally more favourable to transparency needs whereas some southern countries prioritise the efficiency of the decision making process ahead of transparency (5).

This unresolved conflict is reflected in Regulation 1049/01, which regulates for two different regimes, respectively one of a general nature and one of a specific nature. The general one establishes transparency and the right of access to information as the general rule to which it is possible to derogate only under the provisions established by art. 4. Furthermore, it stems from the will of the author who submitted the document to the institution (whether that be another institution, a Member State or a third party). The ratio behind the suppression of the “author rule” as confirmed by the Court (6), is evidently that of avoiding that additional exceptions are added to those already foreseen by law (7), which would have the effect of nullifying the answer to the citizen requesting the access to a document or information (and therefore being incompatible with the principle of certainty of law).

Nonetheless, the general rule of Regulation 1049/01 also presents a significant exception to article 9 (8), which establishes a specific regime for the so-called “sensitive documents” defined as “… documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organisations, classified as ‘TRÈS SECRET/TOP SECRET’, ‘SECRET’ or ‘CONFIDENTIEL’ (9) in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defence and military matters.

The regime established in Article 9 is evidently a “lex specialis”, which is only applicable to the external affairs and defence matters (the former “second pillar “). However, it is also an incomplete regime because Regulation 1049/01 does not specify (as foreseen in art. 255 TEC which now is replaced by art. 15 TFEU) the general principles regarding the classification of “sensitive” documents. Although the legislator has abdicated its role and referred the decision to the institutions internal regulations, defining such a rule is not a mere organisational matter.

The official justification for this attempt at a ‘quick-fix’ in 2001 was related to the approaching deadline for the approval of the regulation, as foreseen by the Treaty. The real reason, however, was the impossibility to reach an agreement between the European Parliament and the Council over the adoption of NATO standards at the European level.

Due to article 9 and the fact that that it refers to the internal regulation of the institutions, some measures were introduced through the back door, since the internal regulations of the Council and the Commission (11) were accompanied by the need to have the author’s consent when classifying the document as “sensitive”(12).

In this way, not only have NATO standards become de facto the standards of reference for EU classified information (13), although (for the moment) limited to external and defence matters, but it also re-establishes the pre-Maastricht regime for EU citizens and institutions such as the European Parliament and the Court of Justice. Indeed, these actors cannot refer to the “right” of access to information, because the holding institution can always oppose it in the name of non compatibility with NATO standards of internal security regulations (14) or more simply, because the member state or third party (author or co-author) of the classified document does not give its consent to the transmission of the document.

The result is the existence of a conspicuous number of agreements between on one side the Council and the Commission, and the other side third countries, concluded on the basis of an unstable institutional framework (15). Recently, the same agreements have also been concluded by EU agencies such as Europol, Eurojust or Frontex (and therefore outside of the so-called second pillar), on the basis of which the institution and/or the agency (although negotiating on behalf of the European Union) (16) accept that the third country may oppose access to information to EU citizens and even the Parliament and Court.

It is therefore legitimate to wonder about the extent to which this situation is compatible with a European order, allegedly based on the principle of representative democracy (17), fundamental rights and citizenship (18), especially following the entry into force of the Treaty of Lisbon. The issue becomes even more urgent in view of the passage to the ordinary legislative regime and to the (almost) total control of the Court of sensitive matters such as police, internal security and intelligence cooperation (which are increasingly labelled as classified information).

Without effective transparency, risks of abuse or “policy laundering” become too high. This risk is also linked to the reproduction of unwanted situations where information in the field of defence and external affairs (Chapter 2 of the EU Treaty) are kept hidden, not only from the European Parliament for the reasons illustrated above, but also form the national parliaments as the information is regarded as a “European” secret. In this context, the national parliaments arguably receive the same level of access as a third country.

Therefore, the result would be the complete absence of a counterbalance mechanism which should characterise every democratic system and which would be strengthened by these security and defence policies under the formal coverage of European “executive privilege”, which not even the President of the United States of America has ever dreamt.

Luckily, the situation is less worrisome in other parts of the treaties, for example where it is established that the European Parliament must ratify international agreements. In this case, the same Treaty foresees that the Parliament “shall be immediately and fully informed at all stages of the procedure” (art. 218 par. 10 TFEU). This should effectively prohibit the Commission (negotiating the agreements) and the Council (concluding the agreements) from being able to make excuses in order to not reveal all the information.

Indeed, the European Parliament has made reference to these provisions throughout the negotiations on SWIFT, ACTA and the access of the EU to the European Convention on Human Rights. This initiative raised disconcert from the Council and Commission, who obviously realise how difficult it is to maintain two different regimes in the field of classified information depending on whether the negations of the agreements are conducted on the basis of Article 218 TFEU or on the basis of the competences in the field of security and defense (which are based on Article. 9 of Regulation 1049/01 and/or the internal organisation competence of the Council, Commission and security agencies). If in theory it is possible, although difficult, to differentiate between these two agreements at the European level, it turns into a “probation diabolica” to explain  to a third country why matters such as  the fight against terrorism may sometimes refer to an ordinary regime (article 218 TFEU) or to an extraordinary regime (art. 9 1049/01)

The process of re-negotiating the inter-institutional agreements concerning the European Parliament’s access to classified information is ongoing. A first draft agreement will be reviewed by the Committee on Constitutional Affairs of the European Parliament and a second one will take place between the European Parliament and the Council to modify the 2002 agreement applying Regulation 1049/01 (20).

The problem is that some expression of this agreement (not ratified yet) seem to extend the preventive consent to de-classify the document given by the author from the exceptions of defence and security issues to all the matters of competences of the European Union. Such an iron grip would put the European Parliament in a position leading to its abdication  (21) of the right/duty to exercise the democratic control foreseen by the treaty.

However, the issue remains undefined and contradicting signals are coming from the High Representative. This is important as the High Representative is about to adopt a declaration accompanying the decision which establishes the organisation and functioning of the European external service which “ (…) will be applied mutatis mutandis by the High Representative for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.”

It remains to be seen whether the European institutions will be able to finally overcome the long-lasting inconsistencies of the Regulation 1049/01 by establishing a European matter also in the field of the state secrets or whether, by carrying on the current, judicially confusing paths, once again the task of clarification will be left to the Court.



(1) See the fundamental investigation of the Washington Post on the possible abuses of the documents’ classification from the USA administration since 9/11.

(2) See the current debate at the COPASIR concerning the revision of the Italian law on the “services” and the treatment of the state secret (L. 124/2007)

(3) Concept reaffirmed by the German Constitutional Court in several occasions (including 2009 with the famous Lisbon Urteil) the Union cannot gives itself different or wider competences than those granted by the Member State.

(4) As foreseen by the Member States’ constitutions and by the ECHR.

(5) This is an expression also used by article 207 of the “old” EC Treaty but that the Council has always interpreted as the conditions that allow the representatives of the Member States to change their negotiating positions in complete discretion according to circumstantial needs)

(6) This principle has been reaffirmed also recently by the Court of Justice

Case C‑64/05 P Kingdom of Sweden vs Commission of the European Communities (see: )

(7) In the case of a member State it could be requested to see applied its own national regime and in the case of a third country needs


(9) Strangely enough the Italian version of the Regulation 1049/01 only refers to the category of the “confidential” documents.

(10) It is “…public interest safeguards, namely:— public order, — safeguard of military matters — International relations, — financial, monetary or economy policy  of the Community or Member states

(11)See Council decision 2001/264/CE  19  march 2001 adopting internal security regulation OJ n°101,  11.04.2001 modified following the entry into force of the Lisbon treaty.

(12) The “considering” 15 of the regulation invited the Member states to respect in the name of the principle of loyal cooperation the classifications established by the European institutions so as to avoid leaks related to National security matters “ Even though it is neither the object nor the effect of this Regulation to amend national legislation on access to documents, it is nevertheless clear that, by virtue of the principle of loyal cooperation which governs relations between the institutions and the Member States, Member States should take care not to hamper the proper application of this Regulation and should respect the security rules of the institutions.

(13) European Classified Information  (EUCI)

(14) For obvious reasons and given the peculiar nature and constitutional mission of the European Parliament or the court of Justice.

(15) See as a last example the agreement between the EU and Liechtenstein concerning the security procedures for the Exchange of classified information

(16) Art. 3 of the above mentioned agreement establishes that  “the European Council, the Council of the European Union (hereinafter referred to as ‘the Council’), the General Secretariat of the Council, the High Representative of the Union for Foreign Affairs and Security Policy, the European External Action Service (hereinafter: ‘the EEAS’) and the European Commission. For the purposes of this Agreement, these institutions and entities shall be referred to as ‘the EU»

(17) Artt. 9-12 of the TEU in specific art. 10

(18) Artt.18-24 TFEU

(19). See for example the regime for the treatment of classified information foreseen by the Decision of the Council establishing Europol and the implementing measures concerning the exchange of information with third countries: These provisions, which entered into force in January 2010 should be interested on the basis of the regime before the entry into force of the Lisbon Treaty in virtue of the transitory provisions foreseen by protocol  n° 36.

(20) The text of the inter-institutional agreement EP-Council is available at:

(21) Obviously it would be only a de fact abdication given that the inter-institutional agreement cannot modify a juridical situation defined by a treaty. However, the signal is worrying as much as the stall of the revision of Regulation 1049/01 and the juridical vacuum under which the EU institutions (and agencies) are now operating, since they should have defined their own norms in the field of transparency/confidentiality on the basis of principles that still need to be defined after Lisbon.

(22) See in specific the declaration f the high represntative: ) “.. The results of the ongoing negotiations on the Framework Agreement between the European Parliament and the Commission on negotiations of international agreements will be applied mutatis mutandis by the HR for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.. (…) 4. The present system of providing confidential information on CSDP missions and operations (through the IIA 2002 ESDP EP Special Committee) will be continued. The HR can also provide access to other documents in the CFSP area on a need to know basis to other MEPs, who, for classified documents, are duly security cleared in accordance with applicable rules, where such access is required for the exercise of their institutional function on the request of the AFET Chair, and, if needed, the EP President. The HR will, in this context, review and where necessary propose to adjust the existing provisions on access for Members of European Parliament to classified documents and information in the field of security and defence policy (2002 IIA ESDP). Pending this adjustment, the HR will decide on transitional measures that she deems necessary to grant duly designated and notified MEPs exercising an institutional function easier access to the above information..”

Trafficking of human beings: towards a more protective regime?

The European Parliament submitted a draft report  by the co-rapporteurs  for discussion on 28 June 2010 (2010/0065(COD)) on the Proposal for a Directive of the European Parliament and of the Council on preventing and combating trafficking in human beings, and protecting victims, repealing Framework Decision 2002/629/JHA, 28 May 2010, 10330/10.

Trafficking in human beings has been primarily dealt in the international context when in 2000, the United Nations introduced the Convention on Transnational Organized Crime (UNTOC) and the supplementary Protocol to Prevent, Suppress and Punish Trafficking in Persons, Especially Women and Children, (the Trafficking Protocol).

According to the Protocol to Prevent, Suppress and Punish Trafficking in Persons, especially Women and Children 2000 – Article 3(a):

“Trafficking in persons” shall mean the recruitment, transportation, transfer, harbouring or receipt of persons, by means of the threat or use of force or other forms of coercion, of abduction, of fraud, of deception, of the abuse of power or of a position of vulnerability or of the giving or receiving of payments or benefits to achieve the consent of a person having control over another person, for the purpose of exploitation. Exploitation shall include, at a minimum, the exploitation of the prostitution of others or other forms of sexual exploitation, forced labour or services, slavery or practices similar to slavery, servitude or the removal of organs.

This definition clearly distinguish three elements of the trafficking of human beings:

  • the act
  • the method
  • the purpose

Despite important step forwards, trafficking in human beings remains an issue that is still largely misunderstood and, consequently, inadequately addressed. The limited recognition of multiple forms of trafficking, the existence of re-trafficking activities and the role the State should have towards victims of tarfficking are some of the main problems that must be addressed.

The European Commission’s Group of Experts on Trafficking in Human Beings was established in 2008 pursuant to a decision taken in 2007 to establish a body to advise the Commission on policy and legal issues relating to trafficking in human beings. The Group has 21 members, who come from around the EU. The members come from governments of members States, as well as NGOs, international organisations and academia. The Group meets four times per year in Brussels. Its mandate is to provide the Commission with independent advice and recommendations relating to the development of law and policy with regard to trafficking in human beings, both with regard to issues raised by the Commission and also with regard to issues upon which the Group feels it should comment.

The latest opinion of this group refers to the European court of Human Rights case Rantsev v. Cyprus and Russia. The decision of the Court emphasizes the human rights aspects of trafficking of human beings, in particular with respect to the responsibility of the State to protect individuals form such practice. The opinion of the group of experts should be carefully taken into account in the current negotiations on the Proposal for a Directive of the European Parliament and of the Council on preventing and combating trafficking in human beings, and protecting victims, repealing Framework Decision 2002/629/JHA, 28 May 2010, 10330/10 and tehrefore we fully report it below.

Opinion Nº 6/2010 of the Group of Experts on Trafficking in Human Beings of the European Commission

On the Decision of the European Court of Human Rights in the Case of Rantsev v. Cyprus and Russia

The Group of Experts on Trafficking in Human Beings of the European Commission, having taken into consideration the following:

The Decision of the European Court of Human Rights in Rantsev v. Cyprus and Russia,[1]

The Stockholm Programme, which states that after the entry into force of the Lisbon Treaty, the rapid accession of the EU to the European Convention on Human Rights is of key importance,

Also taking into consideration the Action Plan implementing the Stockholm Programme and its Annex, in which the first action under the title “Promoting citizens’ rights: a Europe of rights. A Europe built on fundamental rights” is the recommendation to authorise negotiation of EU accession to the Convention for the Protection of Human Rights and Fundamental Freedoms,

adopts the following Opinion.

[1] The Group of Experts on Trafficking in Human Beings of the European Commission has examined the decision of the European Court of Human Rights in the case of Rantsev v. Cyprus and Russia.

[2] The Group notes that the European Union, and all of its Member States, are bound by the principles of human rights contained in the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and interpreted by the European Court of Human Rights.

[3] The Group considers that the decision offers important guidance on the human rights aspects of THB. This is important also in view of the 2005 Council of Europe Convention on Action against Trafficking in Human Beings and its monitoring mechanism “GRETA”.

[4] While THB is generally a crime perpetrated by private individuals, the State nevertheless has human rights obligations towards people who have been trafficked or who are at risk of being trafficked in the future, because of the State’s obligation, under Article 1 of the ECHR, to “secure to everyone within their jurisdiction the rights and freedoms” defined in the convention. The Group welcomes the clarification of the meaning of this obligation with regard to THB.

[5] Article 4 of the ECHR prohibits the holding of anyone in slavery or servitude. It also prohibits, with limited exceptions, forced or compulsory labour. No derogations are permitted from that prohibition. The obligations established in Article 4 extend to the prevention of any of these practices by private individuals. As the Court noted in Siliadin v. France:

limiting compliance with Article 4 of the Convention only to direct action by the State authorities would be inconsistent with the international instruments specifically concerned with this issue and would amount to rendering it ineffective. Accordingly, it necessarily follows from this provision that States have positive obligations … to adopt criminal-law provisions which penalise the practices referred to in Article 4 and to apply them in practice…[2]

[6] The Group notes with approval the acceptance by Cyprus that it had obligations to ascertain whether individuals, who come to the attention of State authorities as potential victims of THB, have in fact been trafficked or subjected to sexual or any other kind of exploitation.[3]

[7] The decision emphasizes that THB is prohibited by Article 4 of the ECHR without the need to define it either as slavery, servitude or forced labour. However, the Group welcomes the statement by the Court that THB may be very similar to slavery because traffickers exercise powers tantamount to ownership,[4] and that “trafficking threatens the human dignity and fundamental freedoms of its victims and cannot be considered compatible with a democratic society and the values expounded in the Convention.”[5]

[8] The Group notes that the obligation under Article 4 of the ECHR extends beyond the duty to prosecute and penalize effectively anyone who has engaged in acts aimed at holding another in slavery, servitude or forced labour. That duty clearly includes having in place national legislation

… adequate to ensure the practical and effective protection of the rights of victims or potential victims of trafficking. Accordingly, in addition to criminal law measures to punish traffickers, Article 4 requires member States to put in place adequate measures regulating businesses often used as a cover for human trafficking. Furthermore, a State’s immigration rules must address relevant concerns relating to encouragement, facilitation or tolerance of trafficking.[6]

The Group welcomes this recognition that the State’s obligation extends beyond the criminal law to include significant victim-protection measures, not only for those who have already been trafficked but also for those at risk of being trafficked in the future. Furthermore, these obligations apply to all persons within the State’s jurisdiction, irrespective of whether the victim’s State of origin is in the European Union.

In addition the Group also notes positively that the Court has addressed the issue of immigration regulations that can contribute to trafficking; in this regard the Group underlines the importance of systematically assessing the impact of immigration legislation and policy on the prevention of trafficking and the protection of victims’ rights.

[9] The Group notes further the Court’s statement that State authorities may be required to take immediate practical measures of protection of victims or potential victims of THB where

the State authorities were aware, or ought to have been aware, of circumstances giving rise to a credible suspicion that an identified victim had been, or was at real and immediate risk of being, trafficked or exploited within the meaning of Article 3(a) of the Palermo Protocol and Article 4(a) of the Anti-Trafficking Convention. In the case of an answer in the affirmative, there will be a violation of Article 4 of the Convention where the authorities fail to take appropriate measures within the scope of their powers to remove the individual from that situation or risk.[7]

Accordingly, it is not open to the State to plead ignorance of an individual’s situation where it should have made itself aware of the risk faced.

In the opinion of the Group of Experts, such practical measures include:

  • the securing of the immediate physical safety of the trafficked person, or person at risk of being trafficked;
  • their physical, psychological and social recovery, with the immediate provision of information about their rioptions in a language that they understand;
  • referral to assistance and support with the aim of long-term social inclusion.

[10] The Group considers that these immediate measures should be taken regardless of whether the person is able or willing to cooperate with the authorities. In addition, such measures might include, but are not restricted to:

  • ensuring that the person has legal assistance and access to justice;
  • evaluating the need for short or longer-term international protection, whether through refugee status or subsidiary/complementary protection.[8]
  • safe and dignified repatriation involving cooperation with the source State and relevant NGOs and following an individual risk assessment;

[11] The Group furthermore welcomes the statement by the Court that the State’s obligation under Article 4 includes a procedural duty to investigate situations of potential trafficking, independently of any actual complaint having been made by the victim, once the State is aware of such a situation. This duty will require urgent action by the State where there is a possibility to remove an individual from a harmful or potentially harmful situation.[9]

[12] The Group notes the recognition by the Court that not only destination States but also source and transit States have obligations under Article 4 to establish their jurisdiction over any trafficking offence committed on their territory, as well as to cooperate with the relevant authorities in other States.[10] The Group considers that such cooperation is essential in cases of transnational THB.

[13] The decision of the Court makes clear that THB is not only a serious criminal act; States must take significant action in order to meet their obligation to secure to all those within their jurisdiction the right to be free from the threat of enslavement, servitude and forced labour and to live in dignity. Such action is required by the procedural obligation to investigate possible cases of THB and the substantive obligation to prosecute effectively those accused of THB and to put in place effective systems to protect those at risk and to provide access to justice for victims. Such systems should involve both immediate (urgent) and longer-term measures.

[14] The Group notes with approval that the decision of the Court makes clear that a comprehensive approach, encompassing all aspects of prevention, protection and prosecution, is essential in securing effective (State) action against THB.[11]22 June 2010

[1] Application No. 25965/04, 7 January 2010.

[2] Siliadin v. France, Chamber Judgment, Application No. 73316/01, 26 October 2005, para 89.

[3] Para 187.

[4] Para 281.

[5] Para 282

[6] Para 284.

[7] Para 286.

[8] UNHCR, Guidelines on International Protection No.7: The application of Article 1A(2) of the 1951 Convention and/or 1967 Protocol relating to the status of refugees to victims of trafficking and persons at risk of being trafficked (2006); Group of Experts on Trafficking in Human Beings set up by the European Commission, Opinion No. 4/2009 of 16 June 2009, On a possible revision of Council Directive 2004/81/EC of 29 April 2004 on the residence permit issues to third-country nationals who are victims of trafficking in human beings or who have been the subject of an action to facilitate illegal immigration, who cooperate with the competent authorities, para 20.

[9] Para 288.

[10] Para 289.

[11] Para 285.

Readmission agreement with Pakistan: international human rights norms respected?

One of the main debates concerning the European Union (EU) refers to whether policy making in an EU institutional setting can be defined as supranational or intergovernmental. Migration policies have traditionally supported the latter argumentation; however, since the implementation of the Treaty of Amsterdam (1999) a slow movement from an intergovernmental to a more communitarian form of cooperation in migration policies is undeniable. This shift of sovereignty is noticeable in relation to readmission agreements with third countries. The last of these agreements is with Pakistan. The LIBE Committee will be voting a draft report  the 13 July 2010.

Agreements in force with visa facilitation


Negotiation lasted from 2003 to 2005 and the agreement entered into force in 2004


Negotiations lasted from 2006 to 2007 and the agreement was signed 1 January 2008


Negotiations lasted from 2006 to 18 September 2007 and the agreement was signed 1 January 2008


Negotiations lasted from 2007 to 2007 and the agreement was signed 1 January 2008


Negotiations lasted from December 2006 to 2007 and the agreement was signed 1 January 2008


Negotiations lasted from 2002 to 2007 and the agreement was signed 1 January 2008


Negotiations lasted from  2006 to 2007 and the agreement was signed 1 January 2008


Agreements with no Visa facilitation

Hong Kong

Negotiations lasted from 2001 to 2003 and the agreement entered into force in 2004


Negotiations lasted from 2001 to 2003 and entered into force in 2004

Sri Lanka

Negotiations lasted from 2001 to 2004 and entered into force in 2005


After 10 years of negotiations (2000-2010) the LIBE Committee is about to vote on a draft report on 13 July.

Negotiations with visa facilitation


Negotiations with Georgia have completed in just one year (from 2009 to 2010). The agreement foresees visa facilitations and is now waiting for the signature of the Council

See also:

Leda Bargiotti

SWIFT II: bridging the gap or limiting the damage?

A few months after the rejection by the European Parliament of the Interim Agreement on TFTP between the European Union and the United States of America, a new agreement is under way, after it was signed on 28 June 2010 and will most probably be voted during the plenary in July (5-8).

The new text addresses some of the concerns of the European Parliament. In particular:

  • It provides higher data protection standards: right to access to data; exclusion of SEPA data; rectification; erasure; administrative and judicial redress, link to the negotiations with the US on general transatlantic data protection framework
  • It clarify the definition of terrorism: Article 2 of the proposal builds on the definition of terrorism on the approach of Article 1 of Council Framework Decision 2002/475/JHA
  • It progresses on limitation in the transfer of bulk data: criteria for requesting and providing data.
  • It narrows down the procedures for onward transfers of personal data to third countries: prior consent of the Member State (of the nationality of the data subject) will be required, except for emergency situations
  • It foresees the possibility to look again the retention period for transferred but non extracted data: 5 years but after 3 years the issue will be looked at again to look for a shorter period
  • It introduces a statement on the right to redress: statement to ensure that any redress does not discriminate between EU and US citizens.
  • It foresees the possibility to develop an EU TFTP
  • It establishes a review mechanism: 6 months after entry into force, then every year there will be ad hoc reviews, reports to Council and European Parliament. The agreement will already contain list of subjects including data protection for the review; review team will include experts on security and data protection.
  • It foresees the possibility to suspend the agreement: it kept a clause for suspension of the agreement if breach happens. No reason is required if a 6 months notice is made in advance.
  • It introduces the examination of US subpoena: examination of the proportionality of the US Subpoena will be done by Europol
  • It also clarifies the territorial application.

Despite these improvements, the agreement keeps a series of contested aspects (see Working Party 29EDPS opinion, EDRI article), mainly derived from the social and cultural differences between Europe and the USA in their approach to privacy.

From a European perspective, the Treaty of Lisbon and the European secondary legislation establish stringent safeguards in regard to the rights of data subjects. Although according to the European legislation it is possible to use data initially collected for commercial aims for law enforcement purposes, a series of principles such as purpose limitation should be respected. Purpose limitation is interlinked with the principle of adequacy, which is put into charge by independent authorities responsible to ensure the respect of such principles.

At the European level, data protection against public authorities aims at guaranteeing the freedom of the individual in absolute terms, with justified exceptions. On the contrary, in the United States, this level of freedom does not apply in relation to the public authorities since what the US law establishes is that privacy should be reasonably protected but not in absolute terms.

Specifically, when it comes to the exchange of data for law enforcement purposes, such freedom is limited due to the very nature of TFTP, dominated by its national security component. Indeed, the TFTP builds upon three legislations: the Executive Order 13224, the International Emergency Economic Powers Act and the Patriot Act. It mainly serves the interest of intelligence agencies (CIA) and remains based on the principle of exceptionality where the fight against terrorism prevails over the rights of individuals.

The European Parliament clearly saw this risk and in its resolution it introduced a series of data protection safeguards clearly re-stating the necessity to respect the principles of purpose limitation, effective supervision and redress mechanisms.

Taking into account these criteria, the new TFTP agreement introduces the monitoring and oversight by independent overseers (Article 12).

It has to be reminded that the USA do not have any supervisory authority for enforcing data protection in US territory. However, the American administration had to come to a compromise with the Europeans in this respect, also in relation to the future general EU-US agreement, which will set forth general principles valid for all specific transfer agreements.

This represents the most important novelty of the second TFTP. It is a first brick necessary to build a bridge between the EU and the US models. Indeed, the introduction of independent authorities will contribute to the establishment of a legally binding and enforceable personal data protection standards that will ensure the protection of individuals’ fundamental rights and freedoms in a EU-US framework.

Under the Commission’ proposal the transfer or processing of personal data by EU or US authorities would only be permitted for specified, explicit, legitimate purposes in the framework of the fight against terrorism and will include the right to redress, to correct or erase inaccurate data.

Keeping these elements in mind,  which model prevails?

At first sight, the American one. Indeed, the US privacy act does not apply to the TFTP agreement. Furthermore, the US Privacy Act court clauses only apply to US citizens and residents. Therefore  no right of judicial review for foreign citizens and residents apply under the US law.

However, the agreement contains some interesting elements which represent a step forward compared to the previous system. For example it puts into place an independent data protection authority to guarantee the enforcement of the necessary safeguards to ensure an effective data protection.

Furthermore, the discussions over the general EU-USA data protection agreement provide the opportunity to:

– include in all future agreements a reference to authorities competent for the data protection enforcement;

– introduce mechanisms for an effective right to redress;

– introduce a mechanism to ensure compliance with the principles established.

It remains to be seen whether such progresses will then lead to a change in the US approach to individuals’ rights, now limited by the fact that all individuals are considered alleged suspects. Although ambitious, this is a necessary step to bridge the two different EU-US data protection and privacy systems. Otherwise, it may well represents only an attempt to limit the damage.

Leda Bargiotti

SWIFT and PNR resolutions adopted by the European Parliament

The European Parliament adopted on the 5th May 2010 the two resolutions on SWIFT and PNR:

European Parliament resolution of 5 May 2010 on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the European Union and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing

European Parliament resolutionof 5 May 2010 on the launch of negotiations for Passenger Name Record (PNR) agreements with the United States, Australia and Canada