SWIFT and PNR resolutions adopted by the European Parliament

The European Parliament adopted on the 5th May 2010 the two resolutions on SWIFT and PNR:

European Parliament resolution of 5 May 2010 on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the European Union and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing

European Parliament resolutionof 5 May 2010 on the launch of negotiations for Passenger Name Record (PNR) agreements with the United States, Australia and Canada

The European Parliament to vote on PNR

The European Parliament will vote the resolution on the PNR agreement during the mini-plenary that will take place in Brussels on Thursday 6 May 2010.

This after the LIBE Committee announced in April the intention to postpone the vote on the EU-USA PNR agreement, calling the Commission to put forward a more comprehensive measure defining common data protection terms.

The European Commission is therefore going to put forward a more coherent “package” which will include:

a) a Communication listing general standards that should apply to any PNR agreement (regulate external aspects)

b) a PNR directive which will be a “lisbonisation” of the current agreement and

c) a recommendation for a negotiating mandate with the USA, CANADA and Australia on PNR.

There are several loopholes that have been identified by experts, academics as well as Members of the Parliament which refer to other on-going negotiations as well, namely the so-called SWIFT Agreement and the Framework Agreement on data protection and data sharing.

Different understanding of privacy and data protection

Privacy and data protection are two different albeit interlinked principles and this distinction needs to be applied in the internal and external dimension of the EU.

The right to privacy is not absolute. In fact most of the emphasis is on the conditions under which restriction could be imposed. The right to data protection always applies when personal data are processed. Indeed, the European Court of Human Rights has emphasised that in applying data protection principles also article 8 of the European Convention on Human Rights must be respected.

This interlink becomes increasingly important in relation with data sharing measures and even more when they entails international agreements with third countries, such as in the case of Passenger Name Record (PNR).

In the transatlantic arena, for example, the different understanding of data protection and privacy further complicate the issue, since the U.S. approach to privacy protection relies on industry-specific legislation, regulation and self-regulation whereas the European Union relies on a comprehensive privacy legislation.

Negotiators need to bridge these two approaches ensuring general adequate principles, which can then be applied to all specific agreements.

However, the transfer of personal data is already taking place without the existence of such an overarching agreement via the agreement provisionally implemented on PNR.

This approach is highly objectionable.  It is necessary to make sure that the broad agreement is compatible with the EU-US general agreement on data protection and not the other way around, as highlighted by the European Data Protection Supervisor. Otherwise the risk of inconsistency between the general principles and their application to specific agreements becomes more than likely.

This risk is already a reality with the PNR Agreement, which currently entails a series of measures at risk of violation of human rights as enshrined in the European legislation and case law:

Computerised Reservation Systems (CRS) as the “brokers” between the airlines the customers and the security authorities

As Mr Edward Hasbrouck explained, PNR data are entered by travel agencies, travel websites and tour operators in a third-party “Computerised Reservation System” (CSR.

The CSR then send the PNR data to the Department of Homeland Security (DHS) and since three out of four servers are based in the USA (including an office of the major EU sever), DHS and others in the USA can have access to EU data, even when they refer to intra-Europe flights.

The current PNR agreement covers transfers of PNR data from the EU to the DHS, it does not cover DHS relations with CSR. Hence, as Mr Hasbrouck correctly pointed out, standard airlines business completely overpass EU-US PNR agreement.

As far as the CRS are concerned the legal situation in the EU has been recently updated (February 4th, 2009) by Regulation (EC) No 80/2009 of the European Parliament and of the Council of 14 January 2009 on a Code of Conduct for computerised reservation systems and repealing Council Regulation (EEC) No 2299/89.

Art. 11 to which recital 21 refers states:

1. Personal data collected in the course of the activities of a CRS for the purpose of making reservations or issuing tickets for transport products shall only be processed in a way compatible with these purposes. With regard to the processing of such data, a system vendor shall be considered as a data controller in accordance with Article 2(d) of Directive 95/46/EC.

2. Personal data shall only be processed in so far as processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

3. Where special categories of data referred to under Article 8 of Directive 95/46/EC are involved, such data shall only be processed where the data subject has given his or her explicit consent to the processing of those data on an informed basis.

4. Information under the control of the system vendor concerning identifiable individual bookings shall be stored offline within seventy-two hours of the completion of the last element in the individual booking and destroyed within three years. Access to such data shall be allowed only for billing-dispute reasons.

5. Marketing, booking and sales data made available by a system vendor shall include no identification, either directly or indirectly, of natural persons or, where applicable, of the organisations or companies on whose behalf they are acting.

6. Upon request, a subscriber shall inform the consumer of the name and address of the system vendor, the purposes of the processing, the duration of the retention of personal data and the means available to the data subject of exercising his or her access rights.

7. A data subject shall be entitled to have access free of charge to data relating to him or her regardless of whether the data are stored by the system vendor or by the subscriber.

8. The rights recognised in this Article are complementary to and shall exist in addition to the data subject rights laid down by Directive 95/46/EC, by the national provisions adopted pursuant thereto and by the provisions of international agreements to which the Community is party.

9. The provisions of this Regulation particularise and complement Directive 95/46/EC for the purposes mentioned in Article 1.Save as otherwise provided, the definitions in that Directive shall apply. Where the specific provisions with regard to the processing of personal data in the context of the activities of a CRS laid down in this Article do not apply, this Regulation shall be without prejudice to the provisions of that Directive, the national provisions adopted pursuant thereto and the provisions of international agreements to which the Community is party.

10. Where a system vendor operates databases in different capacities such as, as a CRS, or as a host for airlines, technical and organisational measures shall be taken to prevent the circumvention of data protection rules through the interconnection between the databases, and to ensure that personal data are only accessible for the specific purpose for which they were collected.”

It is worth noting that according to art. 14 of the Regulation the activity of the CRS on the EU territory falls under the European Commission oversight and the Commission has the appropriate powers of control and will accept appeals against any infringement of the code of conduct:

“In order to carry out the duties assigned to it by this Regulation, the

Commission may, by simple request or decision, require undertakings or associations of undertakings to provide all necessary information, including the provision of specific audits notably on issues covered by Articles 4, 7, 10 and 11.”

But the extent to which this oversight power can actually be enforced is questionable. This is because the Directorate General (DG) of the European Commission in charge of the CRS is DG Transport (DG TRAN) whereas the DG responsible for PNR is Justice, Liberty and Security (DG JLS). Hence, if the two DG do not coordinate effectively, it is very difficult for the Commission to carry on the investigative tasks mentioned in article 14 and ensure that no infringement of the code of conduct takes place.

The proportionality principle governing the processing of personal data

According to Directive 95/46, Member States must respect the following principles in the processing of personal data: the purpose limitation, the data quality and proportionality principle, and the transparency principle.

Hence, proportionality is also one the criteria that allows for limitation of privacy. In order to deliver proportionality in practice it is necessary to provide answers to the following questions:

–       What does “narrowly tailored request” mean?

–       What does “case by case request” means?

–       Does case refer to a specific individual or more, or rather any data of all individual falling under a specific criteria?

The proportionality principle may only function against evidence. However, the evidence of the necessity of such measure has not been demonstrated yet. On the contrary, using the words of the Director General of DG JLS, Jonathan Faull, during the LIBE Committee on 24 March 2010, any evidence must remain secret as a matter of national security.

The balance between the limitation of privacy and data protection rights and the implementation of security measures can be reached only if such measures are assessed against the actual and not the perceived or presumed impact that they have on security. Otherwise, the very principle of proportionality fails and with it the respect of individuals’ fundamental rights.

The purpose limitation and the question of re-use

The question of proportionality is directly linked to the purpose of data sharing. The recital of the 2004 Agreement states that its purpose is “to prevent and combat terrorism and transnational crime”. Hence, it is necessary to guarantee that when investigations demonstrate that someone is not a terrorist but has committed other unlawful acts, (such as overstay or copyrights infringement) the data collected will not be used to trigger another procedure.

However, as Dr Patrick Breyer pointed out, the High Level Contact Group (HLGC) report of May 2008 “does not provide for restrictive and specific purpose limitation in that sense and thus fails to satisfy human rights requirements to the disclosure of personal information to foreign agents and states”.

Exchange of data between private and public sectors

Furthermore, by allowing the exchange of data between the private and public sectors the risk of breaching the purpose limitation is a given and extra specific legitimacy -in addition to that already required- should be provided in order to guarantee the full respect of data protection and privacy.

In addition to this, another issues related to the private/public transfer of data entails the question of profiling.


Currently, no common definition of profiling exists mainly because there are many profiling activities (In this regard, the Council of Europe is preparing a report which, according to Ms Vassiliadou, will provide the guiding principle for the Commission’s future work).

Data profiling consists in using key words to generate new data so as to progress in data analysis. Hence, by using normal data there is the risk of generating sensitive data.

This “practice” has become increasingly popular among private companies in order to create a more tailored service to their clients. Indeed, this commercial purpose may meet the interest of an individual, especially if the result is a better service provided. However, if these profiles are used for law enforcement purposes by public authorities, the same individual may be against it.

That is why, according to Prof. Paul de Hert the principles of data minimisation and purpose limitations should be included when dealing with data protection and privacy legislation.

However, this might not be enough especially when faced with the risks represented by the automated machine data selection, although the European Commission reassured the audience stating that there should always be a person to take the final decision rather then a machine and this should avoid that profiling will lead to a direct effect to a person

Purpose limitation and profiling are even more delicate aspects once analysed together with the right to redress foreseen in the PNR agreement as well as in the work of the HLCG.

Right to redress and effective remedy

Everyone whose right to data protection and privacy have been violated must have the right to an effective remedy before and independent tribunal as guaranteed in Article 13 ECHR and Art. 47 of the Charter of Fundamental Rights of the European Union.

However, the judicial system of the United States does not provide effective remedy and the Annex to the HLCG report of October 2009 only provides for administrative redress which cannot be defined an effective remedy.

Despite these unresolved issued, the Commission and the Council of the EU are determined to carry on negotiations concerning the SWIFT agreement as well as the PNR agreement.

Undisclosed sources referred that during the EU-US JHA meeting which took place at Ministerial level on 8-9 April 2010 in Madrid, the European Commission is looking for solutions on the aspects where divergences between the EU and the USA exist such as the bulk data transfer, redress principle, purpose limitation and push/pull techniques.

It is regrettable that despite all the aforementioned loopholes, to use an euphemism, the Commission did not supported the approach by which first a general framework agreement on data protection and data sharing with the USA should be concluded and only afterwards – if considered necessary on the basis of evidence- specific agreements such as PNR and SWIFT should be negotiated. Even though the current proposal for a general agreement falls way short of being acceptable.

The European Commission argued that it considers that the SWIFT agreement will be reinforced by the conclusion of the EU US data protection agreement.

During the meeting, the USA not only denied the existence of differences on the understanding of principles related to data protection and privacy on the basis of the OECD guidelines (which the EU thinks is not the right basis), but also considered that the issues raised by the European side in relation to the SWIFT agreement are based on pure misconceptions on how the system works.

If the European Parliament will back up such an agreement it will cover only a minimal part of the exchange of information, since it has no power o regulate the flows of data, for example between the US and third countries. The only aspect that the European Parliament can try to regulate, a fundamental aspect, is the flows of information between the federal and the national authorities in the United States.  On the 6 May will see if at least this aspect will be covered.


Negotiations on a common asylum system progress with the involvement of the European Parliament

The establishment of a common area of protection and solidarity, based on a common asylum procedure and a uniform status for those granted protection remains one of the prime objectives of the EU. Following the implementation of the first phase, the European Commission submitted (in late 2008 and early 2009) a set of proposals for the recasting of existing legal instruments as well as the setting up of a European Asylum Support Office (requested by the Council in the European Pact on Immigration and Asylum). These proposals aim to commence the second phase of EU asylum policy with the overall objective of bringing in a Common European Asylum System.

The European Parliament, in its new capacity as co-legislator in a co-decision procedure with the Council, gave its position on these proposals at first reading on 7 May 2009, expressing an overall favourable opinion.

In October 2009 the Commission submitted its two most recent proposals for the recasting of the Directive on minimum standards on procedures for granting and withdrawing refugee status and the Directive on minimum standards for qualification for refugee status and the status of beneficiaries of international protection and the content of the protection granted. The LIBE Committee appointed two rapporteurs, Sylvie Guillaume and Jean Lambert, to study these proposals. An initial debate was held in committee on 16 March 2010.

Following the entry into force of the Lisbon Treaty which endowed the Parliament with new responsibilities in the setting up of new legal instruments in this field, the LIBE Committee requested in 2008, a study to the Odysseus network (the Academic Network for legal studies on immigration and asylum in Europe) “Setting up of a Common European Asylum System – on the application of existing instruments and proposals for the new system”.

Some of the most important findings of this study  (which will be available in May 2010) were presented during the roundtable organised by the LIBE Committee on 26 April 2010.  The debate, far from exhaustively analysing the questions at stake, focused on a number of cross-cutting issues with relevance for many of the legal instruments currently under debate, namely:

  1. General principles of European law as guidelines for the definition of procedural guarantees for asylum seekers
  2. Trust among Member States on each others’ asylum systems
  3. Detention of asylum seekers: Distinction between detention and restriction to freedom of movement
  4. Identification of asylum seekers with special needs
  5. Responsibility towards asylum seekers when the EU and its Member States act outside their territory
  6. Alignment of subsidiary protection and exceptions with international law and Member States’ practices and alignment of equal rights with refugees
  7. Development of a coherent common European asylum system: accession to the Geneva Convention, reinforcement of the powers of the support office or creation of a European asylum court.

1. General principles of European law as guidelines for the definition of procedural guarantees for asylum seekers

The prohibition on refoulement is the cornerstone of international refugee and asylum law.  According to this principle States are obliged not to return a person to his country of origin, or any other country, where he/she is at risk of being subject to serious harm or human rights violations.

Current instruments, such as the Geneva Convention and protocol, recommendations of the UNHCR, the Convention on Human Rights  Council of Europe’s recommendations, rulings of the European Court of Justice (ECJ), rulings of  the European Court of Human Rights (ECtHR), do not establish common procedural guarantees for asylum seekers at the European level.

In order to establish such a common set of guarantees, it is suggested to look at the general rulings of the ECJ as well as the general principles established and transpose them in procedural safeguards. These will then could form a catalogue which allows to address the shortcomings of the directive and look at the proposals of the Commission.

The two concrete interlinked examples of the right to legal aid and the right to appeal help explaining such an approach

Right to legal aid

Legal aid to asylum seekers should  be mandatory and should be appropriate to the needs of those who need it. In order to define what appropriate means it is useful to refer to what the jurisprudence has established in this regard, namely that when somebody is vulnerable it is desirable that mandatory and free legal assistance is provided.

More specifically, the right to have access to legal aid should be determined on the basis of two criteria:

–       the weaker the user and

–       the higher the nature of the right at stake

the higher the legal assistance .

Right to appeal

The right to appeal by asylum seekers should foresee the possibility to suspend the removal of the individual who appealed.

In this regard the new proposals currently under negotiations saw  the Parliament proposing a number of amendments designed to strengthen asylum seekers’ rights, in particular by ensuring that they receive free legal assistance and by improving the arrangements for the transfer of asylum seekers between Member States.

2. Trust among Member States on each others’ asylum systems

The concept of mutual trust entails the idea that asylum seekers transferred on the basis of the EU Council Regulation establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national (Dublin Regulation) are not subject to inhuman, unfair treatment and that such a provision is in conformity with the principle of non refoulement.

This principle, entails the idea that the Member State responsible for the asylum seeker transfer is also responsible for the individual’s non refoulement.

That is why it is appropriate to talk about qualified, rather than absolute trust between Member States. In this respect, since all Member States signed the 1951 Geneva Convention and the Convention on Human Rights it is assumed that signatories respect the obligations enshrined in these legal instruments.

However, Member States should be in the position to challenge the Dublin Regulation and refrain from transferring an asylum seeker to a State when they doubt that the principle of non refoulement is respected.

This represents a fundamental guarantee for individuals especially given that human rights standards varies greatly between Member States. Indeed the report of the UNHCR concluded that not all Member States’ standards are in line with international human rights standards.

The sovereignty clause however is not sufficient per se to guarantee adequate and effective safeguards to asylum seekers. Additional safeguards are necessary and that is why the Commission’s proposals are welcomed.

3. Detention of asylum seekers

The detention of asylum seekers is in principle an admissible instrument of preventing unauthorised entry or residence into the EU territory.

Member States possess a broad discretion to decide whether to detain potential immigrants.

According to the ECtHR decision in the Saadi case (Art. 5 para. 1(f)) ECHR does not prohibit that asylum seekers may be detained to prevent unlawful entry, even if detention is not “necessary” in an individual case.  Detention, however, is subject to the principle of proportionality, forbidding arbitrariness and excessively long detention.

According to EU law, asylum seekers must not be detained for the mere fact of filing an asylum application and detention should not impede individual to claim international protection. In fact their request should be processed in a priority manner.  The same principle can be found in the Reception Conditions Directive (Art. 14 paragraph 8).

The detention of asylum seekers is increasingly used not only as a consequence of a rejection of an application but also upon arrival of an individual. This measure contributes to the overall tendency to blur the lines between genuine refugees and ‘irregular’ migrants in public perception as well as in the management of public policies. Therefore, its legitimacy should be assessed especially against the risk of violation of fundamental rights.

Detention has become a measure of  prevention of ‘irregular’ flows where the control strategy is taking over from the exigencies of bona fide asylum seekers and refugees. This phenomenon raises humanitarian as well as legal concerns and that is why detention as a deterrence strategy for prevention of abuse of the asylum system cannot be justified.

In conclusion, detention should be only used as an exceptional measure. However European states’ practice indicates a wide range of approaches to detention which not always ensure the full respect of fundamental rights of asylum seekers. The proposals under revisions should therefore take into considerations the proportionality of such measure vis à vis the risk of violation of fundamental rights.

4. Identification of asylum seekers with special needs

The only legal instrument containing obligations on Member States is to be found in Article 17 of the Reception Directive. A study conducted by Odysseus in 2007 concluded that the majority of the Member States have not transposed the directive correctly and in some cases have not transposed it at all .

This is mainly due to the fact that Article 17 does not explicitly require, from a legal point of view, a specific procedure to be put in place in order to identify those asylum seekers with special needs.

The system rests on an identification of these persons, therefore progress towards a system of identification could be achieved either by:

  • obliging Member States to draw up a specific procedure for the identification of special needs (ex via  medical screening, assessment on whether or not individuals have the mental and physical capability to be transferred), or
  • by obliging authorities via clear regulations to contact asylum seekers, refer those with special needs and then provide adequate reception conditions.

The proposal of the Commission touches upon this aspect, trying to provide more legal certainty in this respect. Paragraph 20  of the proposal for a directive introduces an obligation for the Member States to carry out identifications.

However, the problem is the overall concept. The Commission has not specified that vulnerability should be considered as a criteria on its own right in order to carry on an accurate identification of individuals with special needs.

Therefore, although the second phase in the development of a common asylum system is an attempt to have a more cross -cutting approach, it still falls short on implementation provisions

5. Responsibility towards asylum seekers when the EU and its Member States act outside their territory

European primary and secondary law oblige the EU and its Member States to uphold the non refoulement principle and related procedural rights towards asylum seekers also when operating outside the EU territory.

Concerning primary law, Article 78 of the TFEU makes a clear reference to international law and inter alia to the Geneva Convention and the principle of non refoulement.

Also case law both at the national and international level confirm that the EU and the Member States are responsible towards individuals under their jurisdiction.

As soon as a contact between an individual and an EU or national authority is established,  all the activities related to it involve an exercise of jurisdiction requiring international human and refugee rights to be observed by the EU and /or the Member States , even if the contact does not take place in the EU territory.

Although there is no case law of the ECJ  in this regard as yet,  such aspect is indeed touched upon by other case law, namely in the field of competition and freedom of movement.

The European Charter of Fundamental Rights  in Art. 18 also contains references to obligations under international law. Furthermore, Art. 51 CFR, which regulates the CFR’s scope, does not take territory into account, only the authority responsible.

Also EU secondary law establishes such obligations:

  • The Qualification Directive (Art. 21 para. 1 of Directive 2004/83/EC): covers both refugee protection, in accordance with the Charter of Fundamental Rights and subsidiary protection
  • Asylum Procedures Directive (Art. 3 para. 1): member states are obliged to accept and examine requests for international protection submitted on their territory – this includes requests made at the border or in transit zones.
  • The Schengen Borders Code (Art.3): entry controls must be implemented “without prejudice to […] the rights of refugees and persons requesting international protection, in particular as regards non-refoulement”. Even though non-refoulement does not include a general right to admission, in practice it means that member states are obliged to allow temporary admission for the purpose of verifying the need for protection and the status of the person.

The current revision of the Frontex Mandate represents a very good opportunity to spell out such responsibilities. It has been demonstrated that Frontex is indeed responsible towards asylum seekers when carrying on operations outside EU territory. It is not true that Frontex is only responsible for the logistic of its operations. Frontex is responsible to conduct its activity in full respect of human right law, including the respect of the principle of non refoulement.

To reach this goals it is fundamental that the new revised mandate grants the United Nations High Commissioner for Refugees the participation to the operational activities of Frontex in order to have an effective and transparent monitoring of the agency and ensure that no violation of human rights takes place.

6. Alignment of subsidiary protection and exceptions with international law and Member States’ practices and alignment of equal rights with refugees

The EU Directive on refugee definition and complementary protection (EU Qualification Directive) established for the first time an obligation of the Member States to grant subsidiary protection status to persons who do not qualify as refugees, but are nevertheless in need of international protection.

Therefore, subsidiary protection is granted in some countries when expulsion would be in conflict among others with Article 3 of the European Convention of Human Rights, because such acts would be considered inhuman or cruel treatment.

The current scope of the qualification directive with its use of the subsidiary forms of protection is limited  and it does not provide for a  widely recognised definition of subsidiary protection .

The application of various solutions to these problems resulted in emergence of practice whereby different statuses were granted, such as “status B”, “subsidiary protection”, de facto status” and “humanitarian status”.

There is no international document, listing all persons that may be eligible for subsidiary protection, but EU Qualification Directive provides three categories of individuals to whom this protection may apply:

– persons who because of reason of death penalty or execution;

– torture or inhuman or degrading treatment or punishment in the country of origin;

– serious and individual threat to life or person by reason of indiscriminate violence in situations of international or internal armed conflict are unable, or owing to such risk, unwilling to avail themselves of the protection of the country of origin.

Despite this no provision regulates cases in which a person who is excluded from subsidiary protection by reason of having committed a serious crime, is  unable to return to the country of origin due to threat of torture.

The revision of the directive should address this aspect, as well as the problem related to family reunification, which is not provided by any EU directive.

7. Development of a coherent common European asylum system: accession to the Geneva Convention, reinforcement of the powers of the support office or creation of a European asylum court.

The development of a coherent common European Asylum System can take place either by reforming the current structure or establishing a completely new structure.

Since experience shows that revolutionary interventions are difficult to be put into place, it is probably more realistic to look at possible ways to modify the existing system of EU asylum policies.

The EU already has a series of legal instruments which provide guarantees and rights to asylum seekers. The problem is that they do not have the necessary legal effect.

For example the principle of equality is at best relative in asylum law.

Therefore it is necessary to look at different options to develop a coherent system.

Accession to the Geneva Convention

The accession to the Geneva Convention might be feasible. However it goes much further than EU law in  terms of rights recognised to asylum seekers. Therefore, the EU and the Member States in this case should align their system to meet the same standards.

European Asylum Support Office

It is currently too early to foresee the direction that the European Asylum Support Office will take. Its activities and development have already been criticised. However, it is necessary to support the further development of this office because in order to be able to reach its goals it must have a comprehensive picture of all migration factors.

Therefore, the Parliament has sought, by means of its amendments, to clarify the tasks of the European Asylum Support Office in the area of the collection, management and analysis of information, in particular as regards countries of origin, with a view to the establishment of common assessment criteria, to clarify the arrangements for cooperation with the UNHCR and the NGOs concerned, and to lay down more precise rules governing the deployment and role of the asylum support teams.

European Asylum Court

These elements however are not sufficient to develop a coherent common European Asylum System. In order to reach a real protection of fundamental rights rather than a simple management of EU asylum policies, it is necessary to eliminate the divergences that exist between the EU and national asylum legislation.

Therefore on the one hand the European Asylum support office should impose further obligation on member States to ensure that principles of EU law is correctly transposed. On the other hand it would be necessary to have a specialised asylum court.

However, this last suggestion might be less realistic due to obstacles in the Treaty of Lisbon as well as the renowned jealousy of the ECJ to keep its own competencies.

In conclusion, in a context of a single space where freedom of movement is one of the funding principles of the European Union, it is paradoxical and counterproductive to still have a mosaic of asylum systems that differ from state to state. The proposals for amendments of the Dublin Regulation, Eurodac, Reception Directive, Qualification Directive and Procedures Directive represent an improvement compared to the previous situation. However, this does not mean that the modified proposals represent the best possible solutions. Indeed, several shortcomings and loopholes have been highlighted in relation to the right of asylum seekers also in relation to the new proposals.

It is true that the EU is building a stronger asylum system, in line with the international standards. However, the asylum system start to apply only once an individual has reached a State territory. Hence, protection is subordinated to admission according to general immigration laws, which generally include a series of clauses that make the access to EU territory increasingly difficult also for those entitled to international protection.

The European Union and its Member States will probably have to put into place a third phase of asylum harmonisation takling the above mentioned shortcomes, including the problems resulting from an increasingly restrictive immigration policy.


Action Plan on the Stockholm Programme released by Statewatch

European Commission: Stockholm Programme: Statewatch Analysis: Action Plan on the Stockholm Programme: A bit more freedom and justice and a lot more security (pdf) by Tony Bunyan: “The “harnessing of the digital tsunami” as advocated by the EU Future Group and the surveillance society, spelt out in Statewatch’s “The Shape of Things to Come” is embedded in the Commission’s Action Plan as it is in the Stockholm Programme….There is no mention of the European Security Research Programme (ESRP). Much of the technological development is being funded under the 1.4 billion euro security research programme. See: Statewatch/TNI report: Neoconopticon: EU security-industrial complex.

Statewatch Briefing: European Commission: Action Plan on the Stockholm Programme (pdf) Comments by Professor Steve Peers, University of Essex – Full-text: Communication from the Commission: Delivering an area of freedom, security and justice for Europe’s citizens Action Plan Implementing the Stockholm Programme (COM 171/2010, pdf)


Body Scanners: an effective tool to address perceived rather than real increased security?

Several countries around the world have already installed body scanners in airports, including the Schiphol International Airport in Amsterdam.

Several politicians coming from both sides of the Atlantic visited the airport, in order to assess the extent to which such a measure is proportionate and effectively increases security in the airports.

The technology employed in Schiphol has been welcomed by several legislators. For example, the three United States Senators Collins, Kyl and Chambliss praised the advantages of the Schiphol technology in addressing health and privacy concerns (see previous post) in a letter to Secretary Napolitano of the Department of Homeland Security, urging to reconsider such technology also for U.S. airports.

Health concerns

The body scanners technology employed in Amsterdam Airport is based on millimeter waves using extremely high frequency radio waves to produce images with no-ionizing radiation. This frequency range is just below the (related) sub-millimeter “Terahertz radiation” (or “T-ray”) range.

While the digital journal reports that  Health Canada says the scanners are safe, the UK Health and Safety Executive states that relatively little appears to be known about the possible health & safety implications of exposure to Terahertz radiation, as a EU project in this area  confirms.

Thus, the question related to the effect that body scanners have on human bodies remains opened and needs to be investigated further.


Concerning the privacy aspect, the body scanners can “see” through passengers’ clothes, revealing sensitive information (implants, piercings…).

Nonetheless, the letter of the three senators explains that such a loopholes can be reduced by computer-based auto-detection:

“Computer-based auto-detection technology identifies potentially threatening objects on a person and highlights with boxes on a featureless human body outline those areas of the individual that may require further inspection.  If the computer scan finds no problems, then the passenger and screener at the imaging machine are notified almost immediately that the passenger may proceed (…). The automated review of images by a computer, rather than by a screener examining the image in a separate room, address privacy concerns.”

Although this option does represent an improvement compared to the systems currently used in several airports, it does not solve the privacy issues.

Especially if added to the fact that no certainty exists over the fact that images are immediately deleted, despite the fact that manufacturers insist that images cannot be stored or transferred. In fact, the machines have the ability to store images on hard disk storage, and that they possess the ability to send the images.

On top of this, the capacity of these machines for detecting devices/weapons concealed inside a body is still very limited, questioning the effectiveness of such a measure to prevent terrorist attacks. One can even argue that if an individual willing to attack an airport reach the airport, it is already too late.

Hence, once again the balance between effectiveness and invasion of fundamental rights, remains to be verified and therefore the use of body scanners in airports seems more a measure to address perceived rather than real greater security.


LIBE Committee resume the works on the future SWIFT long term agreement

The LIBE Committee discussed on 7 April 2010 the re-launch of negotiations on a SWIFT long term agreement.

It has to be recalled that following the European Parliament refusal to provide its consent on the US-EU SWIFT Interim Agreement last February a new draft-negotiating mandate has been indeed submitted by the College of Commissioners on 24 March 2010 to the Council, which in turn is expected to approve it on 22/23 April. According to the Commission the new agreement might be concluded at the beginning of June of this year.

Will the new agreement be founded on Judicial cooperation in penal matters or ….?

According to the Commission statement and the legal basis chosen for the new mandate (art. 82 of the TFUE) the future agreement will comply with the EP request  expressed already in September 2009 to build the EU US cooperation in this domain in a framework which could be consistent with the new EU Treaty the art. 8 of the European Charter of Fundamental rights and the request of some Constitutional Courts such as the German Court. To do so the draft mandate has foreseen the creation of  an European “Authority of  judicial nature” which could check the necessity and proportionality of the US request of SWIFT data .

Therefore during the debate Rapporteur Ms Jeanine Hennis Plasschaert (ALDE) enquired the European Commission on whether it would be possible to explore alternative legal frameworks from judicial cooperation in penal matters .

Mr Faull underlined that the Commission could not see any feasible short term alternative system to the mutual legal assistance framework, however this will not prevent the Commission to explore also other possibilities, following the requests from the Spanish Presidency and by taking in account the question posed by the Rapporteur. On the same logic to find alternative solution to judicial cooperation Ms Carmen Romero López (S&D) suggested to work within the framework of an anti-money laundering directive revised to include banking messaging companies.

Therefore according to Jan Philipp Albrecht (Greens/EFA) these “alternative” approaches would go against the European Charter on Fundamental Rights, the European Convention on Human Rights as well as the German Court (see recent judgment on data retention) with the risk, as pointed out “that Germany will feel impelled to reject this mandate on constitutional grounds”. To avoid possible “clashes” with European or national constitutional courts Mr Albrecht has then suggested then to request for the opinion of the EU Court of Justice on the compatibility of the draft agreement with the EU legislation, as foreseen by Article 218 §11 of the Treaty on the Functioning of the European Union.

The new draft negotiating mandate

The new draft negotiating mandate as agreed upon by the College of Commissioners on 24 March 2010 and upon approval of the Council foresees  -among others- the following elements:

  • Safeguards to ensure the respect of the fundamental right to the protection of personal data;
  • Transfer to third countries of only information derived from terrorism investigations (“lead information”);
  • A judicial public authority in the EU with the responsibility to receive requests from the United States Department of the Treasury, verify if  the substantiated  request meets the requirements of the Agreement and if appropriate require the provider to transfer the data on the basis of a “push” system;
  • Retention of personal data extracted from the TFTP database for no longer than necessary for the specific investigation or prosecution and non-extracted data retained for five years;
  • Onward transfer of information obtained through the TFTP under the Agreement shall be limited to law enforcement, public security, or counter terrorism authorities of US government agencies or of EU Member States and third countries or Europol or Eurojust as well as Interpol.
  • The Agreement shall provide for:

1) the right of individuals to information relating to the processing of personal data;

2) the right to access his/her personal data;

3) to the rectification, and

4) as appropriate erasure thereof.

Hence, it appears that the College of Commissioners has tried to address some of the past concerns addressed by the MEPs.

However, while demonstrating the willingness to explore grounds for a new agreement on the SWIFT data-sharing, some of the Members of the LIBE Committee, expressed a variety of concerns, most of which were already raised in the previous report of the European Parliament and that can be summarised as follows:


Members of Parliament still have concerns that the transfer of bulk data will not be addressed properly. According to Ms Sophie In’t Veld (ALDE) filtering should be done in the EU for financial data, PNR and telecommunications. Also Ms  Birgit Sippel (S&D) stressed that SWIFT should be able to individualise data ahead of a transfer.

In this regard it remains to be seen whether SWIFT has the technical ability but not the willingness to bare the costs derived from selecting and transferring  individual data instead of ‘data in bulk’.

According to Mr Faull it will not be possible to reduce the quantity of data transferred however he will work to reduce their size by removing the presumably non-useful data.

Data storage period

MEPs expressed concerned over the five years data storage as foreseen by the new text despite the attempts of Mr Faull to reassure the Committee stating that five years was not “unreasonable” given data’s useful lifespan in counter-terrorism.

Access, rectification, compensation and redress outside the EU

Mr Stavros Lambrinidis (S&D) enquired whether there was no other way for the bulk transfer of data and if it was not possible to impose some prior European check when the US wants to transfer the data to third countries.

Furthermore MEPs expressed the need to ensure the right to appeal to European citizens in front of American authorities in case of personal data abuse/misuse.

In this respect Mr Busutill asked to ensure equal rights between US and EU citizens and Mr Faull replied that the Privacy Act is indeed discriminatory and therefore does not guarantee the same rights to EU and US citizens.  However the Privacy Act does not apply to the TFTP , hence asking to apply the same right of US citizens to the European ones means not having any rights at all.

No evidence on the effectiveness

There still is no evidence that cases of terrorism have been prevented or prosecuted based exclusively on the financial data.

Procedural concerns

The fact that the EU is planning to conclude an executive agreement on exchanges of data before negotiating the general agreements on rules governing the data protection raise additional concerns. Indeed, the acceleration of the envisaged SWIFT II agreement will limit the margin of maneuver for negotiators on the overarching transatlantic agreement on data sharing and data protection. In other words, it will force the latter to simply accept praxis established before the development of the general principles governing data protection.

Also the Commission -using the words of the Director General of DG JLS Mr Jonathan Faull- is of the opinion that “in an ideal world” general norms should be established before specific ones. However, no sufficient reasons have been provided to explain why the European Union is accelerating the negotiations on the SWIFT agreement instead of giving precedence to the establishment of overarching general framework on EU-US data protection and exchange.

In conclusion, the European Union is engaging in a delicate exercise trying to define at the same time internal, external, specific and general data protection norms. This would have been possible -in theory- if the European Union had clear objectives and points of reference. However, following the LIBE Committee debate on 7 April this seems far from being the case.


Freedom on the Internet at risk

The freedom on the Internet is increasingly at risk, as the following three recent examples demonstrate: the on-going secret negotiations on the ACTA agreement, the conviction of three Google executives by an Italian prosecutor and the new approach of Google to China.

Hence, following the digital platform debate hosted by the European Parliament on 24 March 2010 and far from entering into the merit of the specific cases, they will be used as a useful starting point to make some reflections concerning the principle of freedom on the internet as a fundamental aspect to fulfil the more general right to freedom of expression. Firstly, the principle of liability will be investigated, then the ‘commercial purpose’ criterion followed by an overview of some of the sanctions under scrutiny to limit Internet access will be illustrated.

The liability principle

The principle of liability is fundamental to understand what is stake when dealing with measures limiting the freedom on the Internet, hence it is necessary to understand what it means.

Such a principle may have a strict application (strict liability system) or a lighter application (with-fault liability system) and can be applied to individuals and companies having a direct relation with the content of material (being copyrighted, harmful, private or defamatory) as well as to intermediaries, such as Internet Service Providers (ISP). This analysis will mainly focus on the latter, although it will also refer to the former when exploring the ‘commercial purpose’ criterion.

A strict liability system foresees the possibility to held responsible an ISP regardless of its knowledge and control over the material that is disseminated through its facilities. This system may be indirectly established by imposing, an obligation to monitor all the material that is posted on the Internet by private actors.

On the contrary, a with-fault liability system foresees that an ISP is held responsible only if it intentionally violates the rights of others, either by knowing that there is some material on the Internet that violates someone’s rights or if it has certain hints on the existence of certain material infringing someone’s rights.

At the European level, the relevant provision is Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), which in articles 12 -15 does not establish a general liability regime applicable to ISPs. Instead, it provides for a system of specific liability exemptions.

This means that in cases where the ISPs provide a specific service (mere conduit, caching, and hosting) and comply with a series of requirements, they will not be held liable for the services performed. The limitations apply only to liability for damages because the last paragraphs of Articles 12, 13, and 14 of the Directive establish that Member States retain the right to require the ISPs to terminate or prevent known infringements.

Following the conviction of three Google executives by an Italian prosecutor, questions were raised on whether IPSs can be considered liable over the content distributed by users even when they are not aware of the existence of such material.

In this regard, Mark Rotenberg rightly pointed out that a distinction should be made between responsibility over the content and ways to make profit out of displayed material.

Hence, although ISPs are not responsible over the content as such they may be considered responsible if they use it to make profit out of it.

The commercial scale criterion

This point was also discussed during the above-mentioned digital platform, namely in relation to whether and under which circumstances a physical person or legal entity (hence not limiting the analysis to ISPs) can be considered liable of infringing owners’ rights.

According to the European Data Protection Supervisor ‘s opinion on the ACTA negotiations “(…) the ‘commercial scale’ embodied in the IPRE Directive is a very appropriate element to set the limits of the monitoring in order to respect the principle of proportionality”. Hence, according to the EDPS, sanctions can be imposed if the alleged infringements have a commercial scale.

However, this criterion may lead to any kind of interpretation and this vagueness is not justifiable, especially when individuals may face not only civil but also criminal prosecutions and convictions.

Therefore, in case of the unfortunate approval of such an agreement, the criterion of “commercial intent”, seems more appropriate to limit the scope of the sanctions, as pointed out by Mr Zimmermann during the Digital Platform meeting on 24 March 2010.

What is more, it has not been demonstrated yet that file sharing damages the commercial interest of rights owners. As the Draft report on enhancing the enforcement of intellectual property rights in the internal market (Gallo report) points out, these assumptions based on “data concerning the scale of IPR infringements are inconsistent, incomplete, insufficient and dispersed”.


Despite these loopholes, Member states have (France) or are very close to (United Kingdom) put into place measures to suspend or block Internet to users infringing owners rights.

Also the ACTA agreement contains such an option despite the fact the European Commissioner Mr De Gucht stated that ” The ‘three-strike rule’ or graduated response systems are not compulsory in Europe. Different EU countries have different approaches, and we want to keep this flexibility, while fully respecting fundamental rights, freedoms and civil liberties. The EU does not support and will not accept that ACTA creates an obligation to disconnect people from the internet because of illegal downloads.”

Denying access to the Internet represents indeed a violation of fundamental rights, freedoms and liberties. As the Gallo report and the European Data Protection Supervisor correctly remind, these measures already exist and are provided for by Directive 2004/48/EC on the enforcement of intellectual property rights on the internal market and since from the point of view of the protection of rights their inefficacy has not been assessed they should be considered as alternative options.

In conclusion, using the words of decision n. 2009/580 (EN) of the French Constitutional Council:

“The free communication of ideas and opinions is one of the most precious rights of man. Every citizen may thus speak, write and publish freely, except when such freedom is misused in cases determined by Law”. In the current state of the means of communication and given the generalized development of public online communication services and the importance of the latter for the participation in democracy and the expression of ideas and opinions, this right implies freedom to access such services.”

The next round of the ACTA negotiations will take place in New Zealand on 12-16 April 2010 and their discussions on Internet, civil, customs and penal measures will be followed as closely as possible, while waiting for a real open debate with stakeholders.


Schengen Border Code: the European Parliament reject the guidelines but does not reach the necessary absolute majority

Parliament voted to reject the guidelines by 336 votes to 253 with 30 abstentions, but this was not enough as, under the rules, an absolute majority of all Members (369) was needed for rejection.

The LIBE Committee opposes the adoption of the European Commission Draft Council decision on supplementing the Schengen Borders Code in operations coordinated by Frontex

The Committee on Civil liberties, Justice and Home Affairs (LIBE) opposed (12 in favour and 25 against) the Proposal for a Council Decision supplementing the Schengen Border Code and then approved the consequent Motion for a resolution on the draft Council decision supplementing the Schengen Borders Code as regards the surveillance of the sea external borders in the context of the operational cooperation coordinated by the European Agency for the Management of Operational Cooperation at the External Borders.

Continue reading “The LIBE Committee opposes the adoption of the European Commission Draft Council decision on supplementing the Schengen Borders Code in operations coordinated by Frontex”

Rights to interpretation and translation in criminal proceedings: LIBE amendments and new Commission proposal

As anticipated in a previous post in this blog the Committee on Civil Liberties, Justice and Home affairs (LIBE) discussed the draft report on the directive of the European Parliament and of the Council on the rights to interpretation and to translation in criminal proceedings presented by rapporteur Sarah Ludford on 17 March 2010, based on the initiative put forward by 13 Member states.

But this was not the only initiative discussed on this matter, also that of the European Commission presented on 9 March 2010 was discussed.

Therefore, after a brief introduction of the aim of the directive, the amendments of the LIBE on the MSs’ initiative will be analysed and then, few observations on the Commission proposal will be made on the basis of the debate that took place in the LIBE committee.

Continue reading “Rights to interpretation and translation in criminal proceedings: LIBE amendments and new Commission proposal”