Category: 1.1 News from the Area of Freedom, Security and Justice

Daily news from the Area of Freedom, Security and Justice.

Mostly Found via:
Statewatch – http://statewatch.org
Eu Logos Athena – http://eu-logos.org/
Euobserver – http://euobserver.com/
Presseurop – http://presseurop.eu
Euractiv – http://euractiv.com/
European Media Monitor – http://emm.newsbrief.eu/overview.html
Réseau Universitaire Européen Droit de l’Espace de Liberté, Sécurité et Justice – http://gdr-elsj.eu/

Henri LABAYLE : TOWARDS THE NEGOTIATION AND ADOPTION OF THE STOCKHOLM PROGRAMME’S SUCCESSOR FOR THE PERIOD 2015-2019

On 2013 the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) asked for a Study on the implementation of the Stockholm Progamme.
Authors : Mr Henri Labayle, Professor at the University of Pau and Pays de l’Adour, Faculty of Law at the University of Bayonne, member of the Odysseus Academic Network for Legal Studies on Immigration and Asylum in Europe for France. In collaboration with Mr Philippe De Bruycker, Professor at the Institute for European Studies and Faculty of Law at the Université Libre de Bruxelles, Coordinator of the Odysseus Academic Network for Legal Studies on Immigration and Asylum in Europe.

The full study is downloadable here.

SUMMARY

The evaluation of the Stockholm Programme is a good opportunity to evaluate the initial outcomes of the Treaty of Lisbon, since it clearly highlights the imbalances which characterise the area of freedom, security and justice:

• an imbalance between freedom and security, due firstly to the discrepancy between the rules in place to protect individuals and their implementation in practice and secondly to the backlog in adopting personal data protection standards;
• an imbalance between justice and security due to the absence of a genuine European judicial area in spite of the adoption of the Internal Security Strategy;
• an imbalance between harmonisation and operationalisation due to a regulatory gap despite a proliferation of agencies and policy instruments;
• an imbalance between Member States within the AFSJ framework, which has been fragmented due to the failure on the part of the Mediterranean countries to prioritise geopolitical issues and the preferential use of ‘opt-outs’ by certain Member States;
• an imbalance between the management of legal immigration, which is stagnating despite the low targets set in this area, and the fight against illegal immigration, which is progressing well with plans for major investments in databases;
• an imbalance between the internal and external dimensions of European policies due to the failure of the Treaty of Lisbon to clarify an institutional landscape which remains complex and contentious.
The picture is not all bleak, of course, and there have been a number of concrete successes which deserve to be highlighted:
• the adoption of the asylum package in a difficult climate, which was a major step towards more harmonised legislation in the Member States;
• the increasingly operational nature of European policies as a result of agencies being strengthened (Frontex) or established (European Asylum Support Office, Agency for large-scale IT systems in the AFSJ) even though the ‘Lisbonisation’ of Europol and Eurojust is still overdue, and due to the emergence of practical e-justice models and the adaptation of tools to fight drugs and terrorism, although work remains to be done in the fields of data protection and information sharing in the fight against serious crime;
• progress has been made in building the mutual trust between Member States which is essential for mutual recognition, in some cases on the basis of national initiatives such as those concerning the protection of individuals;
• the backlog in the area of civil judicial cooperation has been cleared and progress in this area is likely to continue, with a large number of initiatives close to adoption;
• procedural rights in criminal proceedings are among the main achievements of the Stockholm Programme, despite the piecemeal approach adopted after the failure of the global approach;

Towards the negotiation and adoption of the Stockholm Programme’s successor

• the approximation of substantive criminal law has found its footing with the ‘Lisbonisation’ of previous framework decisions and the opening up of new fields of work, despite the extreme political sensitivity of this issue for the Member States.

Major concerns remain, however.

The first relates to guarantees for the rule of law, given that the controversy surrounding the constitutional reforms in Hungary proved that the EU does not have the necessary tools to force Member States to respect its fundamental values.
The EU’s capacity to handle crises is a second matter of concern: the collapse of the asylum system and external border checks in Greece has revealed the ineffectiveness of the existing evaluation mechanisms, while the European Asylum Support Office has failed to leverage the humanitarian tragedy of the Syrian refugees to assert its position. These two crises also testify to the lack of solidarity between Member States.

The evaluation suggests that the future programme will be faced with challenges in three areas:

• political challenges: although fundamental rights protection does not fall solely under the heading of justice and home affairs, it remains of vital importance in this area, particularly as regards the protection of personal data at a time when the PRISM scandal is testing the EU’s capacity to respond. Although the Treaty of Lisbon made solidarity one of the constitutional principles of the area of freedom, security and justice, this has meant little in practice; even though the operational dimension of solidarity is starting to take shape, its financial dimension will remain glaringly inadequate under the 2014-2020 financial perspective.
• institutional challenges: the Treaty of Lisbon conferred a central role on the European Council, which must agree to involve Parliament in AFSJ programming in line with the principle of cooperation in good faith between the institutions. As a minimum, this involves postponing the adoption of the next programme until after the June 2014 elections to allow the involvement of the newly elected institutions.
• technical challenges: there has been a decline in the ex-post evaluation of AFSJ policies following the failure of the Commission’s 2006 proposal; the scoreboard may only have been a descriptive tool, but it has now vanished entirely. The culture within DG Home Affairs needs to change in response to the problem of Member State monitoring by the Commission; a significant body of legislation has been adopted over the past decade and more, and DG Home Affairs now needs to ensure that it is applied effectively by initiating non-compliance proceedings.

The extreme reluctance of the Member States to engage in evaluation activities means that a genuine programme is needed if they are to be persuaded or indeed forced to provide the necessary accountability in this area, quite apart from the fact that whole swathes of the area of freedom, security and justice remain untouched. Despite general scepticism, the era of programmes is not yet over: even if it proves to be less detailed than the Hague and Stockholm Programmes and to have more in common with Tampere, the strategic guidelines of the next legislative and operational programme will be of decisive importance for future progress in the area of freedom, security and justice.

Steven Peers : Jailing the bankers: the new EU Directive on criminal penalties for market abuse

Source: http://eulawanalysis.blogspot.co.uk/2014/02/jailing-bankers-new-eu-directive-on.html

Tuesday, 4 February 2014

It must come as a relief to EU politicians to find that there is still one group in society which is much less popular than they are: the bankers. Indeed, bankers’ unpopularity has only grown as the austerity caused by the global financial crisis has an ever-greater impact on ordinary people in many Member States. No politician ever lost an election because he or she demonised unpopular groups of persons, and so the EU institutions have duly agreed on legislation which would lead to jail terms for particular types of bad behaviour by bankers.

Context of the Directive

The new Directive (for the text, see the links below) was approved by the European Parliament today, and will likely be formally adopted by the Council in March. It will apply in parallel alongside a Regulation on market abuse, which requires administrative sanctions to be applied for certain behaviour by bankers. Member States will have to apply the Directive by two years after its adoption.

The ‘legal base’ for the Directive is Article 83(2) of the TFEU, which allows the EU to adopt legislation setting out ‘minimum rules’ for the ‘definition of criminal offences and sanctions’ if this ‘proves essential to ensure the effective implementation of a Union policy in an area which has been subject to harmonisation measures’. Clearly this area has been subject to harmonisation measures, and the preamble to the new Directive sets out the reasons why, in the EU legislature’s view, it was ‘essential’ to adopt an EU measure concerning criminal liability on this issue. Basically, the Council and European Parliament were convinced by information that Member States imposed weak and diverse sanctions to enforce the previous EU legislation on this subject (Directive 2003/6, on market abuse).
Article 83(2) requires the criminal law rules to be adopted by the same legislative method as was used to adopt the main legislation that the criminal law Directive is supplementing. In this case, the market abuse Regulation was adopted on the basis of the EU’s internal market powers, ie the ordinary legislative procedure. So the market abuse criminal law Directive was adopted by the same method. This meant that the European Parliament could have a significant influence on the text, as detailed below.

Substance of the Directive

The Directive requires Member States to criminalise three types of activity, as further defined in detail therein: insider dealing; unlawful disclosure of inside information; and market manipulation. The first of these offences also extends to recommending or inducing another person to engage in insider trading. Member States must also criminalise inciting, aiding and abetting and attempting most of these offences. In each case criminalisation is only required where the acts were committed intentionally and ‘in serious cases’. The European Parliament had also wanted to oblige Member States to criminalise reckless acts which entailed market manipulation, but the Council resisted this. Also, the Council insisted on limiting Member States’ obligations to ‘serious cases’. The preamble to the Directive lists certain factors which should indicate whether the case is ‘serious’, such as the impact on market integrity and the profit derived or loss avoided.

On the other hand, the European Parliament successfully insisted that specific rules for criminal penalties for natural persons appear in the Directive. Member States must ensure that bankers guilty of insider dealing or market manipulation could potentially be subject to a maximum penalty of at least four years, and those guilty of unlawful disclosure of inside information could potentially be subject to a maximum penalty of at least two years. The Directive also includes standard rules on liability for legal persons, but this need not be criminal liability, in deference to those Member States which do not impose criminal liability on legal persons.

The European Parliament also insisted that the Directive include rules on criminal jurisdiction. Member States must criminalise the relevant behaviour where an act was committed on a Member State’s territory, or where the act was committed by a Member State’s citizen outside its territory, at least if the act was criminal in the country where it was committed. Furthermore, the European Parliament convinced the Council to add a provision on training judges, prosecutors et al about the relevant crimes. However, the European Parliament did not convince the Council to add provisions on investigative techniques and media coverage of the relevant crimes.

Comments

This is the first time that the EU has used the legal powers conferred by Article 83(2) TFEU, which was added to the Treaties by the Treaty of Lisbon. Previously, it has used only Article 83(1) TFEU as regards substantive criminal law. Article 83(1), also added to the Treaties by the Treaty of Lisbon, lists ten crimes which are deemed to have such sufficient cross-border impact that the EU can legislate upon them. The EU has used this power to adopt legislation on cyber-crime, sexual offences against children and trafficking in persons, and negotiations on legislation concerning counterfeiting currency are underway. The Commission has also suggested criminal law rules on fraud against the EU budget on the basis of Article 325, a legal base dealing with that specific issue, but the Council (and probably the European Parliament, when it defines its position) believe that Article 83(2) will again have to be used in order to adopt that legislation.

Prior to the Treaty of Lisbon, the EU’s Court of Justice, in a controversial line of case law, ruled that European Community law (as it was then) could be used to adopt criminal law measures closely related to the environment (Cases C-176/03 and C-440/05). The EU then adopted Directives to that end (Directive 2008/99 and Directive 2009/123), as well as a Directive imposing criminal liability for employing illegal immigrants (Directive 2009/52). But the CJEU ruled that prior to the Treaty of Lisbon, such European Community measures could not specify criminal penalties. In practice, those measures did not contain jurisdiction rules either. So the market abuse Directive breaks new ground on these issues.

The Directive also breaks new ground by imposing criminal liability in a new area. All of the other post-Lisbon substantive criminal law Directives or proposals (referred to above) simply replace pre-Lisbon measures on the same subjects, but there was no pre-Lisbon measure imposing criminal liability for market abuse. The market abuse Directive is also particularly detailed when compared to the EU’s other substantive criminal law measures, no doubt because it is enmeshed within the broader EU legislative framework imposing highly detailed regulation on the financial sector.
Will the Directive be effective at curbing bad behaviour by bankers? First of all, as with any crime, perpetrators have to be caught and punished, and the behaviour concerned is technically complex.

Secondly, it must be borne in mind that the two-year and four-year sentences referred to in the Directive must merely be on the books; there is no obligation to impose them in any particular situation. So even if bankers commit the activities criminalised by the Directive, and are caught and convicted, their sentences might be lighter (or indeed heavier: Member States can set a higher potential maximum penalty if they wish). And it is hard to imagine that many bankers will spend much jail time inside the unpleasant institutions where (say) burglars and muggers are incarcerated – even if the bankers’ crimes were far more lucrative and had a much bigger impact upon the economy.

More profoundly, the United Kingdom, the home of the largest proportion of the EU’s financial industry, has opted out of this Directive – although the UK is subject to the parallel Regulation (Denmark is in the same situation). And even if a French national (for instance) commits the acts criminalised by the Directive while working in the City of London, it must be recalled that Member States are only obliged to criminalise the acts concerned if committed by their citizens in a State which also criminalises that activity. So it is up to the UK to decide whether to criminalise some or all of the acts referred to in the Directive, and only if it does so are other Member States obliged to criminalise the acts of their citizens when committed in the UK.

Links Continue reading “Steven Peers : Jailing the bankers: the new EU Directive on criminal penalties for market abuse”

Analysis: EU rules on maritime rescue: Member States quibble while migrants drown…

by Steve Peers Professor of Law, University of Essex

PUBLISHED ON STATEWATCH

22 October 2013

Introduction

For many years now, the death toll of migrants who drown while attempting to reach the European Union in search of a better life has tragically been rising. Most recently, public opinion was particularly shocked when hundreds of migrants drowned when a single vessel sank off the coast of Italy. The Italian government has called for the EU to adopt an action plan to deal with the issue, and the Prime Minister of Malta, calling the Mediterranean a ‘graveyard’, has called on the EU to act.

Yet shockingly, these Member States, along with four others, are blocking an EU proposal on the table that contains concrete rules on the search and rescue of migrants – precisely and solely because it contains rules on search and rescue (along with disembarkation) of migrants. In fact, they describe their opposition to such rules as a ‘red line’, ie they refuse to negotiate on their opposition to any detailed EU rules which concern saving migrants’ lives.

The following analysis examines the background to this issue and assesses these Member States’ objections. It concludes that their legal objections to this proposal are clearly groundless. Furthermore, of course, from a political point of view, the hypocrisy and inhumanity of these Member States’ position speaks for itself.

Background

Due to widespread concerns about the accountability and legality of the actions of the EU’s border agency, known as ‘Frontex’, when it coordinates Member States’ maritime surveillance operations, EU rules on this issue were first adopted in 2010.

These rules initially took the form of a Council Decision implementing the EU legislation on the control of external borders, which is known as the ‘Schengen Borders Code’. The 2010 Council Decision included binding rules on interception at sea, and apparently non-binding rules on search and rescue and disembarkation of migrants.

A majority of those members of the European Parliament (EP) who voted on this Council Decision opposed it, and so the EP decided to sue the Council before the Court of Justice to annul the decision. The EP won its case, when the Court ruled in September 2012 that the Council Decision had to be annulled.

According to the Court, this Decision should have been adopted as a legislative act, because it addressed issues that affected the human rights of the persons concerned, and regulated the coercive powers of border guards; the Court also clarified that the rules in the Decision on search and rescue and disembarkation were in fact binding. However, the Court maintained the 2010 Decision in force until its replacement by a legislative act.

In spring 2013, the Commission proposed such a replacement act, which has to be adopted by means of the ‘ordinary legislative procedure’, ie a qualified majority vote in the Council (Member States’ ministers) and joint decision-making powers of the European Parliament. This proposal took over much of the text of the Council decision, but also added some further details as regards search and rescue and disembarkation, confirming also that these rules were binding. Like the 2010 Council decision, the proposal is limited to cases where Frontex coordinates Member States’ maritime surveillance.

While the European Parliament is broadly supportive of this proposal, suggesting only modest amendments, a group of Mediterranean Member States opposes the idea of any EU measure containing any detailed binding rules on search and rescue and disembarkation – even though such provisions are the most important rules in the 2013 proposal as regards saving migrants’ lives and their subsequent welfare.

The proposed search and rescue and disembarkation rules

The relevant parts of the 2013 proposal are Article 9 (search and rescue) and Article 10 (disembarkation).
Article 9 contains first of all a general obligation to ‘render assistance to any ship or person under distress at sea’. It defines further what is meant by a condition of ‘uncertainty’, ‘alert’ or ‘distress’, and provides for general rules on coordination of operations in such cases.

As for disembarkation, Article 10 contains rules to determine where migrants should be disembarked if they are intercepted or rescued. If they are intercepted in the territorial water or nearby maritime zone of a Member State participating in Frontex operations, they must be disembarked in the territory of that State.

If they are intercepted in the high seas (ie waters which no State has a legal claim to, under the international law of the sea), then they should be disembarked in the State which they departed from – subject to the rules in Article 4 of the proposal, on the protection of fundamental rights. In the case of search and rescue operations, there are no specific rules on which State to disembark migrants in, but Article 4 implicitly applies here as well.

The rules in Article 4 prohibit sending a person to a State ‘where there is a serious risk that such person would be subjected to the death penalty, torture or other inhuman or degrading treatment or punishment or from which there is a serious risk of expulsion, removal or extradition to another country in contravention of the principle of nonrefoulement’.

This clause reflects the judgment of the European Court of Human Rights, in a case called Hirsi v. Italy, where Italy was condemned for ‘pushing back’ boats full of migrants to Colonel Khadafy’s Libya.

Member States’ objections

The group of Member States objecting to Articles 9 and 10 state that the EU has no competence over issues relating to search and rescue or disembarkation.

First of all, as regards disembarkation, this objection is clearly ridiculous.
The admission of a migrant onto a Member State’s territory, or removal to a third State’s territory, is obviously an inherent part and parcel of immigration policy, and the Treaties empower the EU to develop a ‘common immigration policy’. Equally, the Treaties give the power for the EU to adopt rules on border controls, and it would be absurd to adopt rules governing the interception of migrants without addressing the obvious corollary question of what to do with the migrants once the border guards catch them.

Secondly, at first sight, the objections to EU competence as regards search and rescue rules have more force. Certainly, there is nothing in the EU Treaties which gives the EU power to regulate searches and rescues generally. But the 2013 proposal would not do that: it would only regulate searches and rescues in the context of the EU’s border controls policy, and only where maritime surveillance was coordinated by Frontex.

Can the EU regulate searches and rescues in such cases?
The case law of the Court of Justice on public health issues should logically apply by analogy.
The Court has ruled that while the EU cannot regulate public health generally, it can take account of public health concerns when it adopts legislation (for instance, on tobacco advertising, cigarette content or the packaging of cigarettes) which is principally concerned with regulating the EU’s internal market. Similarly, the EU’s General Court has ruled that EU legislation can take account of the life and welfare of seals, if it adopts legislation on the sale of seal products that mainly concerns the internal market.

If EU internal market law can concern itself with the long-term effects of cigarette smoking for smokers, or the immediate effect of clubbing on seals, then surely EU law on border controls can concern itself with the effect of imminent drowning upon migrants, where there is a direct connection with maritime surveillance.
And there is bound to be such a connection: EU rules stepping up maritime surveillance, while they have (and legally must have) the principal purpose of controlling entry onto the territory of the Member States, will in some cases fall to be applied when the persons planning such entry are about to drown. It should be recalled, as explained above, that the proposal only sets out a general obligation to assist vessels in distress and to coordinate action in emergency situations.

Thirdly, it should not be forgotten that the proposed rules will apply only to operations coordinated by Frontex – an EU agency, funded entirely by money from the EU budget.

Why should the EU not have the power to set conditions before its agency (spending its money) assists Member States with maritime surveillance, in the same way that it has the power to set conditions on its financial assistance to its Member States, or third countries?

Another objection of the six Member States is the compatibility of the proposed Regulation with international law. The obvious way to address this problem (if it exists) is to amend the Regulation to ensure that it is consistent with international law. Anyway, the preamble to the legislation (recital 4) states that it must be applied consistently with international law: Member States did not object to such vague references to international law in readmission treaties, or in much of the EU’s legislation on irregular migration orborder controls.

The six objecting Member States seem to be concerned also about the proposal’s mere overlap (as distinct from conflict) with international law – but the EU adopts an enormous amount of legislation (on the environment, for instance) which overlaps with international law, and aims to provide for the detailed and effective implementation of the relevant international law obligations.

More fundamentally, eviscerating the proposed rules on disembarkation would empty the protection of Article 4 of the proposal (on ensuring the safety of persons sent to third countries) of much of its practical content – but, as explained above, this part of the proposal reflects important case law of the European Court of Human Rights. Similarly, removing or weakening the provisions on search and rescue would subtract from the proposal any added value as regards protection of the right to life – another key obligation of human rights law. One can only conclude that the six Member States in question come not to praise international law, but to bury it.

Conclusion

Member States rightly rejected specious and cynical legal arguments made throughout the last decade to justify torture, abduction and indefinite detention without trial in the name of the ‘war on terror’.
Of course, control of immigration is a different issue, but the legal arguments raised by these six Member States are equally specious and cynical – and should equally be rejected. The EU bears its share of responsibility (alongside its Member States) for the deaths of hundreds of migrants – but that must also mean that the Union should be able to make some concrete contribution towards reducing this death toll in future.

Sources

2010 Council Decision
Judgment of Court of Justice – Case C-355/10:
2013 Commission proposal –
European Parliament draft report–
Objections of six Member States –
Presidency proposal –
Positions of Member States on entire proposal

Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement.© Statewatch ISSN 1756-851X. Personal usage as private individuals/”fair dealing” is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.

After “Prism” (and US Patriot Act section 215): EDRI and FREE submission to US and EU Institutions.

Submission

the European Digital Rights Initiative (EDRi) &

Fundamental Rights European Experts Group

(FREE Group)

the United States Congress,

the European Parliament and Commission

& the Council of the European Union,

& the Secretary-General & the Parliamentary Assembly

of the Council of Europe

the surveillance activities of the United States and certain European States’ national security and “intelligence” agencies

August 2013

Note on the choice of addressees:

EDRi and FREE are submitting this appeal to the addressees mentioned on the cover page for the following reasons:

– The US Congress is ultimately responsible for providing democratic oversight over the activities of the US Executive. It has established a Privacy and Civil Liberties Oversight Board (PCLOB) consultation on FISA and the PATRIOT Act. However, while we are sending a copy of this submission to that consultation, this document is addressed to the Speaker of the House of Representatives and the President pro tempore of the Senate because we argue that the issues raised can only be addressed properly by the establishment of a special investigation committee of Congress, with appropriate support and powers. We also wish to stress that, whatever the defects in the scope of protection afforded to non-US citizens under the US Constitution, the USA, as parties to the UN International Covenant on Civil and Political Rights and the Council of Europe Cybercrime Convention, are bound under international law to extend privacy protection to non-US citizens and to observe the principles of legality, necessity and proportionality also in their surveillance activities.

– The European Parliament is responsible for providing democratic oversight over the activities of the European Union, and has taken a keen interest in the issues raised, as has the European Commission, which forms the executive branch of the EU. However, the European Council (representing the governments of the EU Member States) has been less demanding. We are calling for all of them to seek to establish the full truth about the relevant laws and practices, in both Europe and the USA. We are aware of the “national security” exemptions in the main EU treaties, but these are not and should not be absolute, or seen as granting Member States total exemption from scrutiny in this regard. The EU Charter on Fundamental Rights, which has fundamental status in the EU (even in relation to UN Security Council decisions) and explicitly demands full protection of personal data, cannot be simply ignored in this context. Ultimately, it is for the European Court of Justice to determine the scope of the exemption, but we already note that the US’ NSA’s activities are manifestly not limited to national security as defined in international law. We are therefore urging the EU bodies to address the issues to the fullest extent possible within their legal competences.

– The Council of Europe (CoE), as the oldest, broadest European institution, has the main responsibility for upholding human rights and the rule of law throughout the territory of its 47 Member States. Its mandate, in particular in relation to human rights and the upholding of the European Convention on Human Rights, does not exclude matters relating to national security. On the contrary, the standards that we cite in our submission have been mainly developed by the European Court of Human Rights in its case-law under the Convention. All European States are legally obliged to “secure” full protection of these rights and freedoms. Within the Council of Europe, responsibility for the upholding of these standards is shared between the Secretary-General and the Committee of Ministers (representing the CoE Member States), the Parliamentary Assembly of the Council of Europe (PACE), and the Court.

Effective action on the issues addressed in this submission will require the involvement of all of the above. For that reason, we address this submission to all of them.

I. General:

1. The activities of national security agencies in Europe and the USA, and the arrangements under which they cooperate, have been outside the scope of effective democratic oversight and outside clear legal frameworks for too long; they must be brought under the Rule of Law.

2. For Europe, that means those activities must be made to comply, in law and in practice, with the relevant minimum European human rights standards developed by the European Court of Human Rights under the European Convention on Human Rights (ECHR) summarised below, at II, and in Attachment 1. At present, it appears that several European States are not complying with these standards.

3. These European constitutional standards are in line with the global (UN) standards enunciated by the Human Rights Committee acting under the UN International Covenant on Civil and Political Rights (ICCPR) and others, briefly noted in Attachment 2. All European States and the USA are parties to the ICCPR in particular.

4. For the USA, this means that it, too, should bring its activities in line with these standards. As a first step, US surveillance law and practice (in relation to surveillance of both US citizens and non-US/European citizens) must be made totally clear, and any divergence from those standards must be made public. Only that will allow for sensible discussions on how to bring those activities into line with international standards. Current US law as far as currently known is summarised below, at IV, and in Attachment 3.

II. European requirements:

(For more detail, see Attachment 1)

5. If an agency of any European State is given powers under the laws of that State to gather information on (the communications- or other data of) anyone, be that within Europe or not, then that activity must be regarded as being done “within the jurisdiction” of the State concerned.^{^[1]} This means that, in relation to any surveillance activity by any European State, on anyone, wherever they are, the State in question must comply with the minimum European standards, set out in Attachment 1, which are directly derived from the ECHR case-law.

6. Moreover, from a European perspective, any spying on Europeans and non-Europeans living in Europe, by any non-European State, anywhere in the world, should meet the same minimum European-constitutional and the similar UN standards, set out in Attachment 2.

7. Non-European national security agencies should not seek or gain direct access to any personal data held in Europe (e.g., by asking US companies to “pull” data from their Europe-based servers, or to allow US agencies to query the data in Europe, and hand over the results): that infringes the sovereignty of the relevant European States (PCIJ, Lotus judgment, pp. 18-19).[2] Instead, they should seek such access through bi- or multilateral assistance treaties, under arrangements similar to Mutual Legal Assistance Treaties (MLATs) for law enforcement agencies; and those treaties should in substance and process conform to the minimum European-constitutional and international standards.

8. Failure of a European State to prevent improper spying by non-European countries constitutes a breach of that country’s “positive obligations” under the ECHR. Active support for, complicity in, or even passive condoning of such spying would breach the State’s primary obligations under the ECHR.

9. In addition, European States and the European Union should ensure that personal data on Europeans and non-Europeans living in Europe, if held on US-based “cloud” servers, will be accessible to the US national security agencies only on the basis of clear and published provisions of treaty arrangements that also meet those European-constitutional and international standards.

III. USA requirements:

(For more detail, see Attachment 3)

10. The First and Fourth Amendments to the US Constitution in principle guarantee the right to free speech and freedom from unreasonable searches to US citizens. However, even domestically, this protection is weakened by the “third party” doctrine on personal data and the relaxed “pen/trap” rules on searches. Secret rulings of the FISA Court reportedly further erode these rights, arguably in unconstitutional ways. Those rulings are being challenged in the US courts. Here, we may note that current US law and practice, even with regard to spying on US citizens, falls short of European and international standards.

11. Moreover, it has become clear that non-US citizens outside the USA do not enjoy even the limited protections of the First and Fourth Amendments: they can be spied upon arbitrarily by US agencies, without any meaningful substantive or procedural limitations, in clear breach of international standards on privacy generally, and on privacy and freedom of expression on the Internet in particular. Under international human rights law, those guarantees should be afforded to “everyone” affected by the measures.

IV. How to address the issues: our demands

12. The ultimate aim should be for both the US and the European legal systems to offer high-level privacy/data protection to “everyone”, in line with the established European minimum standards (set out in Attachment 1), that are also in line with UN standards (set out in Attachment 2); and for those standards to be adhered to in practice by the USA, all European States, and the EU, whether acting independently or jointly.

To this end, we demand urgent action from both the US and the European institutions.

Demands for review and redress from the USA:

i. Clarity about the law, and honesty about practice:

13. We demand complete transparency in relation to the scope and detail of US spying activities, and of the bi- and multilateral arrangements between the USA and other States and international organisations, in particular “5EYES”[3], Atlantic and/or European ones, relating to this activity, under which data on the communications and Internet activities of European citizens are intercepted, held, recorded and/or monitored and analysed.

14. We demand complete clarity about the limitations of the US legal system, and in particular as concerns the apparent fact that it provides insufficient protection to US citizens, and effectively none to non-US citizens. Following such a full clarification, urgent measures should be taken to bring the US surveillance system fully into line with international human rights- and privacy/data protection standards.

ii. The way to achieve this:

15. While we appreciate the establishment of the PCLOB consultation, we do not believe that this is the appropriate forum or process to achieve the required full transparency, or that it will lead to US law and practice being brought fully into line with the requirements of international law.

16. To be more specific: we are joining US civil liberty organisations in calling on the US Congress to establish a properly staffed special investigatory committee, on the lines of the 1970s CHURCH Commission, with the power to subpoena witnesses and documents; and to make arrangements to ensure that European institutions, States and NGOs can fully participate in the investigation carried out by this special committee, and indeed in the drawing up of the mandate for this committee.

iii. The changes to be made

17. Senior European politicians have called for the extension of US legal protections afforded under US constitutional and federal law to (communications) data on US citizens, to (communications) data on European citizens held in the USA or accessed from the USA by US agencies, just as data on US citizens, held in Europe, is already protected under European human rights- and data protection law.

18. Reciprocity is indeed an important element in international relations. However, in the present context, this fails to recognise that while, in respect of their data, Europeans currently enjoy hardly any protection under US laws, the protection accorded to US citizens under those laws is also deficient, and falls below European and wider international minimum requirements. Raising the level of US legal protection for data on Europeans to the level of protection of data on US citizens therefore still leaves European citizens and US citizens subject to a regime that falls short of international standards. That is not enough.

19. We are joining civil liberty organisations in the USA in calling for fundamental changes in US law, to ensure proper protection under the law against non-transparent and undemocratic surveillance. New laws must be introduced at federal level to provide much stricter rules, open judicial warrants and rulings, and full democratic control, in accordance with international human rights and privacy/data protection standards. Specifically, we demand that when such laws are in place, they should afford equal protection to US and non-US citizens.

20. Until this is achieved, the USA cannot be said to offer “adequate” protection to data, in relation to any of the areas for which the European Commission has (wrongly) held it to offer such protection: the “Safe Harbor”, the disclosure of PNR data, and the making available of SWIFT data (see below, para. 29).

Demands for review and redress from Europe:

i. Clarity about the law, and honesty about practice:

21. European States are not blameless when it comes to surveillance: in spite of a much stronger legal regime on paper (under the ECHR), it appears that practice in some (perhaps many) European States also fall seriously short of the European-legal (ECHR) requirements. Several States, in particular the UK, also seem to have worked closely with the USA (in particular, in ECHELON) in establishing a global surveillance network that appears to blatantly violate European and international law. We need complete clarity about the laws in the EU- and Council of Europe Member States, and complete clarity about the treaties entered into by European States, and full, honest disclosure about the practices of the national security agencies and –bodies of the EU- and Council of Europe Member States too.

ii.

The way to obtain this: EU:

22. The European Parliament has a crucial role to play. We welcome the European Parliament’s decision to establish a committee of enquiry within the Civil Liberties Committee, and urge it to be broad, to encompass all the threats posed to the rights of European citizens by foreign and EU Member States’ surveillance activities.

23. We also – but very cautiously and with serious reservations – note the establishment of an EU-US “expert group” to look at these matters. However, we oppose the excessively limited mandate of this group, and demand full transparency about its composition and activities. We demand civil society involvement and complete openness for the work of this group. Without that, its findings and the arrangements it might propose are likely to be incomplete, will lack credibility and, consequently, will be unacceptable.

24.

Although this should be obvious, for the avoidance of any doubt, the EU should make clear, as a matter of urgency, that any disclosure of data on European citizens that is subject to European data protection law (such as financial or airline data, or Europol/Eurojust/etc. data) to, or any access to such data by, national Member States’ national security agencies (NSAs), and a fortiori by third country agencies, is subject to the European data protection rules governing the processing of such data.

Council of Europe

25. We note the fact that the Council of Europe, which Europe’s main human rights guarantor, is not excluded from addressing matters relating to national security that may affect the human rights of European citizens and indeed of “everyone” affected by measures of CoE Member States. On the contrary, the European standards set out in Attachment 1 have been developed by the European Court of Human Rights in what is now established case-law, applicable to all Council of Europe Member States (which includes all EU Member States), and indeed to the EU itself (albeit, for now, still indirectly, through “general principles of Union law” and the EU Charter).

26. Specifically, we call on the Secretary-General of the Council of Europe to exercise his power under Article 52 ECHR to demand of all CoE Member States full disclosure of “the manner in which [their] internal law[s] ensure[s] the effective implementation of” Article 8 of the ECHR in relation to surveillance of electronic communications- and Internet data by their national security agencies; and on the CoE Commissioner of Human Rights, PACE, and NGOs to be fully involved in this enquiry.

iii. The changes to be made

27. Until the full truth has been established, and full, appropriate remedial action has been taken to bring the activities of all relevant US agencies in line with international standards, there can be no close cooperation between US and European agencies, or between US and European State’s agencies on the previous, essentially unregulated basis.

28. Immediate changes: Given that, as noted above, in para. 20, in the light of the recent revelations, the USA cannot be said to offer “adequate” protection to data in relation to the “Safe Harbor”, the disclosure of PNR data, and the passing on of SWIFT data, the current arrangements are in clear and blatant breach of the primary law of the European Union and, consequently, the EU is legally obliged to immediately suspend all US-related European data protection “adequacy” decisions.

29. Changes to the General Data Protection Regulation: Pending adoption of adequate legislation in the USA, European data protection law should ensure that European citizens are clearly warned that, if they provide data to US companies, or to global Internet companies that have links to the USA, use servers in the USA, or are otherwise subject to US FISA and other surveillance orders, their data will not be safe from arbitrary, intrusive surveillance by US agencies. This is already proposed by senior EU officials and legislators in relation to the General Data Protection Regulation currently in the process of being adopted. We endorse that proposal.

30. New treaty arrangements on cooperation between national security agencies: The post-WWII treaties and arrangements on “national security” and “intelligence” cooperation (including the definitions of these matters) are totally outdated. We need a complete overhaul of the national and inter-State arrangements on “national security” and “intelligence” cooperation. The old treaties – UKUSA, 5EYES, NATO and others – should be openly discussed and reviewed, and fundamentally changed to bring them into line with the international standards we have adduced. Without that, we do not live in the free and democratic societies we are made to believe we live in.

– o – O – o –

EDRi and FREE are grateful to Professor Douwe Korff of London Metropolitan University for drafting this paper.

Rue Belliard 20, B-1040 Brussels,

Tel:+32 2 274 25 70

E-Mail: brussels@edri.org, http://www.edri.org

European Digital Rights (EDRi)

European Digital Rights is an association of 35 digital civil rights organisations from 21 European countries. We work together to defend civil rights in the information society.

11 Rue Darwin
1190 Bruxelles

E-Mail: edecapitani@gmail.com
http://www.eafsj.org

The Fundamental Rights European Experts Group (FREE Group)

The Fundamental Rights European Expert Group is an NGO whose focus is on monitoring, teaching and advocating in the European Union freedom security and justice related policies.

Attachment 1:

SUMMARY OF EUROPEAN HUMAN RIGHTS STANDARDS ON NATIONAL SECURITY SURVEILLANCE:

The case-law of the European Court of Human Rights under the European Convention on Human Rights (ECHR) shows the following considerations and requirements of European human rights law relating to surveillance:[4]

– A system of secret surveillance for the protection of national security may undermine or even destroy democracy under the cloak of defending it.

– The mere existence of legislation which allows a system for the secret monitoring of communications entails a threat of surveillance for all those to whom the legislation may be applied.

– In view of these risks, there must be adequate and effective guarantees against abuse.

– The first of these guarantees is that such systems must be set out in statute law, rather than in subsidiary rules, orders or manuals. The rules must moreover be in a form which is open to public scrutiny and knowledge. Secret, unpublished rules in this context are fundamentally contrary to the Rule of Law; surveillance on such a basis would ipso facto violate the Convention.

The following are the “minimum safeguards” that should be enshrined in such (published) statute law, and adhered to in practice:

· the offences and activities in relation to which surveillance may be ordered should be spelled out in a clear and precise manner;

· the law should clearly indicate which categories of people may be subjected to surveillance;

· there must be strict limits on the duration of any ordered surveillance;

· there must be strict procedures to be followed for ordering the examination, use and storage of the data obtained through surveillance;

· there must be strong safeguards against abuse of surveillance powers, including strict purpose/use-limitations (e.g., preventing the too-easy disclosure of intelligence data for criminal law purposes) and strict limitations and rules on when data can be disclosed by NSAs to LEAs, etc.;

· there must be strict rules on the destruction/erasure of surveillance data to prevent surveillance from remaining hidden after the fact;

· persons who have been subjected to surveillance should be informed of this as soon as this is possible without endangering national security or criminal investigations, so that they can exercise their right to an effective remedy at least ex post facto; and

· the bodies charged with supervising the use of surveillance powers should be independent and responsible to, and be appointed by, Parliament rather than the Executive.

Under the ECHR, these principles must be applied to anyone who is affected by surveillance measures taken by any Council of Europe Member State under domestic law.

In addition, European States have a “positive obligation” to protect their citizens from surveillance contrary to the above, perpetrated by any other State. A fortiori, they are under a legal obligation not to actively support, participate or collude in such surveillance by a non-European State.

– o – O – o –

Attachment 2:

BRIEF NOTE ON WIDER UNITED NATIONS/INTERNATIONAL STANDARDS ON NATIONAL SECURITY SURVEILLANCE:

Attachment 1 above summarises the European Court of Human Rights’ standards set for “national security” surveillance. Here, we briefly note that the same standards are also reflected in law and guidance issued at the global level by the United Nations, and by other international organisations, albeit not always in the same detail.

The primary instrument in this respect is the UN International Covenant on Civil and Political Rights (ICCPR or “the Covenant”), the most important binding global human rights treaty, to which all European States and the USA (indeed, almost all UN Member States) are parties. It is applied and interpreted by the Human Rights Committee, which has issued important relevant guidance.

Further important guidance has been provided in the 1996 Johannesburg Principles on National Security, Freedom of Expression and Access to Information (drafted by Article 19 and other NGOs but endorsed by the UN Special Rapporteur on Freedom of Opinion and Expression) and more recently in statements and reports by that Special Rapporteur and special rapporteurs from other international organisations. Also relevant is the guidance issued by the Organisation for Security and Co-operation in Europe (the OSCE), to which again all European countries and the USA (and Canada) are parties.

Here, it may suffice to note that all of these stress the same core principles as are stressed by the European Court of Human Rights:

– – “national security” must be defined narrowly (see the “Tenth Anniversary Joint Declaration” by the UN Special Rapporteur on Freedom of Opinion and Expression, together with the OSCE Representative on Freedom of the Media, the Organization of American States (OAS) Special Rapporteur on Freedom of Expression and the African Commission on Human and Peoples’ Rights (ACHPR) Special Rapporteur on Freedom of Expression and Access to Information; also the Johannesburg Principles, Principle 2(a) as well as Principle 1.2);

– – any interference with the freedom to seek, receive and impart information by any medium (including the Internet), including e-communications- and Internet surveillance, must be based on “law”, i.e., on clear and specific, published legal rules (and published legal interpretations of the rules): an interference with privacy and communications can be “arbitrary” – and thus in breach of international human rights law, including the ICCPR – even if it is in accordance with domestic law;

– – the law must limit any such the interference to what is “necessary” and “reasonable” or “proportionate”; and

– – the law must provide for an “accessible and effective remedy” against the interference.

On all of the above, see General Comment 16 on Article 17 ICCPR, paras. 3 and 4; General Comment 31 on General Legal Obligations Imposed on States Parties to the Covenant, para. 15ff.; and the reports by the Special Rapporteur passim).

– – the requirements of “law”, “necessity” and “proportionality” also apply in relation to measures taken to protect national security (Johannesburg Principles, Principles 1.1.(a) & (b), 2(a) & (b)).

Moreover, in assessing the questions of “necessity” and “proportionality” in particular, the Human Rights Committee and the UN Special Rapporteurs will take into account exactly the same kinds of factors as are listed in the case-law of the European Court of Human Rights.

Two related matters deserve special mention in the present context: the application of international human rights law to the extraterritorial accessing (or “pulling”) of data from servers in another country; and the duty to extend the rights enshrined in the ICCPR to all individuals without distinction as to nationality or other status. Specifically:

– Article 2(1) of the ICCPR requires all States Parties “to respect and to ensure to all individuals within its territory and subject to its jurisdiction the rights recognized in the present Covenant, without distinction of any kind, such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.”

– In the view of the Human Rights Committee:

This means that a State party must respect and ensure the rights laid down in the Covenant to anyone within the power or effective control of that State Party, even if not situated within the territory of the State Party. … [T]he enjoyment of Covenant rights is not limited to citizens of States Parties but must also be available to all individuals, regardless of nationality or statelessness, such as asylum seekers, refugees, migrant workers and other persons, who may find themselves in the territory or subject to the jurisdiction of the State Party. (General Comment 31, emphasis added)

– Although the Committee has not yet issued any further views or general comments on the matter, it must be assumed that if a State gives itself legal powers to access (or “pull”) data on individuals, when those data are situated outside its physical territory, that State is “exercising jurisdiction” (to be specific: “enforcement jurisdiction”) extra-territorially, in the State where those data are located. As noted in the body of this paper with reference to the Lotus case, if this happens without the consent of the other State, it violates the sovereignty of that other State. Here, it should be noticed that that aside, such extra-territorial action by the first State would also mean that that State is asserting “jurisdiction” over those data. In respect of their data, the individuals concerned are made to be “subject to [the State’s] jurisdiction”.

– In any such extra-territorial cross-border accessing (or “pulling”) of data, the State in question must therefore comply with all the general requirements of the Covenant (clear, foreseeable “law”; “legitimate aim”, “necessity” and “proportionality”), and with the requirement of Article 2(1), that it affords the protection of Article 17 to the persons affected irrespective of their nationality or other status.

In sum: The UN standards are fully concordant with the European ones set out in Attachment 1.

– o – O – o –

Attachment 3:

SUMMARY OF UNITED STATES STANDARDS ON NATIONAL SECURITY SURVEILLANCE:

In the USA, communications data and personal information on US citizens (and on some minor categories of non-US citizens living in the USA) are in principle granted protection under the First and Fourth Amendments to the US Constitution, providing protection of free speech and freedom from unreasonable searches.

However:

1. There is no general, cohesive, broadly-applicable federal privacy law. Rather, there is only a largely incoherent and sectorally-based patchwork for federal and state laws, which provide serious privacy protection only in certain areas and respects. See: Chris Hoofnagle, Country Study on the USA, prepared for a wider EU study on New Challenges to Data Protection, at:

http://ec.europa.eu/justice/policies/privacy/docs/studies/new_privacy_challenges/final_report_country_report_B1_usa.pdf

2. The Electronic Communications Privacy Act (ECPA) allows for the monitoring of communications “meta” data (data on the devices involved in the communications, time, duration, location, etc., but not the contents of communications) on the basis of a “pen register or trap and trace device” warrant, that will be issued on the basis of simple certification by a government attorney that such information is “relevant” to an “ongoing criminal investigation”; there is no need to show “probable cause”, and there is no meaningful judicial oversight. This is because in Smith v. Maryland, the Supreme Court ruled that use of a pen register does not constitute a search, and is thus not protected under the Fourth Amendment. The surveillance carried out under ECPA, even on US citizens, is extensive and includes massive amounts of e-communications data. For further details, see: Douwe Korff, Presentation on behalf of EDRi at the EU – USA Privacy Conference, Washington DC, 19 March 2012, available at:

http://edri.org/files/korff120319.pdf

3. The PATRIOT Act and FISA Acts allow even more extensive surveillance over US citizens. Even on their face, the rules in these Acts fall far short of international-legal requirements. However, the rules have been even further weakened, to the extent that they now reportedly provide hardly any constraint at all, even in respect of US citizens, in relation to national security and “foreign intelligence” matters, by means of secret rulings by the secretive FISA Court. See: New York Times, 6 July 2013, In secret, court vastly broadens powers of NSA, at:

http://www.nytimes.com/2013/07/07/us/in-secret-court-vastly-broadens-powers-of-nsa.html?nl=todaysheadlines&emc=edit_th_20130707&_r=1&

4. The constitutionality of these secret FISA Court rulings is doubtful, and they are being challenged in the US courts. See: http://www.aclu.org/national-security/fix-fisa-end-warrantless-wiretapping and http://epic.org/privacy/terrorism/fisa. 5.

In any case, and most worrying to Europeans, the First Amendment does not protect the relevant rights of non-US citizens not in the USA (so-called “excludable aliens”): “[T]he interests in free speech and freedom of association of foreign nationals acting outside the borders, jurisdiction, and control of the United States do not fall within the interests protected by the First Amendment.”

(DKT Memorial Fund Ltd. v. Agency for Int’l Dev., 1989, quoted in Chevron Corporation v. Steven Donziger et al., U.S. District Judge Kaplan order of June 25, 2013).

6. Non-US citizens not resident in the USA similarly do not benefit from the protection of the Fourth Amendment, which does no apply if the person affected by a “search” does not have a “significant voluntary connection with the United States (US v. Verdugo-Urquidez, 1979). Like the First Amendment, the Fourth Amendment only protect “the people”, i.e., US citizens and some eligible (US-resident) aliens.

7. Finally, the FISAA §1881a allows US agencies, including in particular the NSA, to capture and trawl through any data, including e-communications and Internet data, of or on any non-US citizen with essentially no constraints. All that is required is that the capturing and trawling does not inadvertently relate for more than 50% to US citizens, and that the data that are being looked for are “of interest” to “foreign affairs matters” of the USA: the exercise of these essentially arbitrary powers is not limited to serious offences or terrorism, or to threats to US (or US allies’) national security. See the report by Caspar Bowden et al. to the European Parliament, Fighting Cybercrime and Protection Privacy in the Cloud, 2012, and the subsequent article by him and Judith Rauhofer, Protecting their own: Fundamental rights implications for EU data sovereignty in the cloud, 2013, available at, respectively:

http://www.europarl.europa.eu/committees/en/studiesdownload.html?languageDocument=EN&file=79050

http://ssrn.com/abstract=2283175

In sum: The US Constitutional Amendments’ protections (as applied) and US Federal and State laws fall short of international standards. Under ECPA and the PATRIOT and FISA Acts, as further weakened by the secret rulings of the FISA Court, even US citizens enjoy little protection against widespread and intrusive surveillance by US national security agencies in relation to over-broadly-defined “intelligence” matters, in particular in relation to “meta” communications data and Internet data. In relation to US citizens, this may be unconstitutional. But non-US citizens outside the USA enjoy not even the (already too low) protection accorded to US citizens: they can effectively be spied upon arbitrarily, without any meaningful substantive or procedural limitations. Moreover, the US surveillance activities under FISAA in particular do not appear to be limited to matters of “national security”, properly (restrictively) defined, for neither US citizens or non-US citizens.

– o – O – o –

[1] Note that this is the case, even if the exercise of that jurisdiction would violate the sovereignty of another State, e.g., because it concerned data in another country (cf. the Lotus case, referred to in para. 7): the fact that the act was contrary to international law of course does not mean that the State perpetrating the act is not bound by its human rights obligations; that would be perverse. The point we make here is that in the circumstances described, the State is bound to comply with the European Convention on Human Rights, because the acts concerned are “within its jurisdiction”. While generally territorial in nature, this concept also covers acts carried out by State bodies within their home country (or territories of the State overseas) under domestic legislation that affects individuals in other countries.

[2] This is also the view of the vice-president of the European Commission, Viviane Reding, who issued a statement on 25 July 2013, saying: “The [EU’s new General Data Protection Regulation] will also provide legal clarity on data transfers outside the EU: when third country authorities want to access the data of EU citizens outside their territory, they have to use a legal framework that involves judicial control. Asking the companies directly is illegal. This is public international law.” See: http://techcrunch.com/2013/07/25/ireland-prism/ (emphasis added)

[3] The alliance of intelligence operations between the USA, UK, Australia, Canada and New Zealand.

[4] See the cases of Klass v. Germany (Judgment of 6 September 1978), Weber and Saravia v. Germany (Admissibility Decision of 29 June 2006), Liberty and Others v. the UK (Judgment of 1 July 2008), and Kennedy v. the UK (Judgment of 18 May 2010). See in particular the summaries in Weber and Saravia, paras. 93 – 95, and in Kennedy, paras. 151 – 154 (which quote Weber and Saravia, paras 93 – 95, thus reemphasising that the approach there summarised is now regarded as settled case-law).

After PRISM : 181 ONGs ask for less surveillance and improved data protection standards..new global standards…

International Principles on the Application of Human Rights to Communications Surveillance

THE ORIGINAL CALL IS PUBLISHED HERE : https://en.necessaryandproportionate.org/text

Final version 10 July 2013

As technologies that facilitate State surveillance of communications advance, States are failing to ensure that laws and regulations related to communications surveillance adhere to international human rights and adequately protect the rights to privacy and freedom of expression. This document attempts to explain how international human rights law applies in the current digital environment, particularly in light of the increase in and changes to communications surveillance technologies and techniques. These principles can provide civil society groups, industry, States and others with a framework to evaluate whether current or proposed surveillance laws and practices are consistent with human rights.

These principles are the outcome of a global consultation with civil society groups, industry and international experts in communications surveillance law, policy and technology.

Preamble

Privacy is a fundamental human right, and is central to the maintenance of democratic societies. It is essential to human dignity and it reinforces other rights, such as freedom of expression and information, and freedom of association, and is recognised under international human rights law.[1] Activities that restrict the right to privacy, including communications surveillance, can only be justified when they are prescribed by law, they are necessary to achieve a legitimate aim, and are proportionate to the aim pursued.[2]

Before public adoption of the Internet, well-established legal principles and logistical burdens inherent in monitoring communications created limits to State communications surveillance. In recent decades, those logistical barriers to surveillance have decreased and the application of legal principles in new technological contexts has become unclear. The explosion of digital communications content and information about communications, or “communications metadata” — information about an individual’s communications or use of electronic devices — the falling cost of storing and mining large sets of data, and the provision of personal content through third party service providers make State surveillance possible at an unprecedented scale.[3]

Meanwhile, conceptualisations of existing human rights law have not kept up with the modern and changing communications surveillance capabilities of the State, the ability of the State to combine and organize information gained from different surveillance techniques, or the increased sensitivity of the information available to be accessed.

The frequency with which States are seeking access to both communications content and communications metadata is rising dramatically, without adequate scrutiny.[4]

When accessed and analysed, communications metadata may create a profile of an individual’s life, including medical conditions, political and religious viewpoints, associations, interactions and interests, disclosing as much detail as, or even greater detail than would be discernible from the content of communications.[5] Despite the vast potential for intrusion into an individual’s life and the chilling effect on political and other associations, legislative and policy instruments often afford communications metadata a lower level of protection and do not place sufficient restrictions on how they can be subsequently used by agencies, including how they are data-mined, shared, and retained.

In order for States to actually meet their international human rights obligations in relation to communications surveillance, they must comply with the principles set out below. These principles apply to surveillance conducted within a State or extraterritorially.

The principles also apply regardless of the purpose for the surveillance — law enforcement, national security or any other regulatory purpose. They also apply both to the State’s obligation to respect and fulfil individuals’ rights, and also to the obligation to protect individuals’ rights from abuse by non-State actors, including corporate entities.[6] The private sector bears equal responsibility for respecting human rights, particularly given the key role it plays in designing, developing and disseminating technologies; enabling and providing communications; and – where required – cooperating with State surveillance activities. Nevertheless, the scope of the present Principles is limited to the obligations of the State.

Changing technology and definitions

“Communications surveillance” in the modern environment encompasses the monitoring, interception, collection, analysis, use, preservation and retention of, interference with, or access to information that includes, reflects, arises from or is about a person’s communications in the past, present or future. “Communications” include activities, interactions and transactions transmitted through electronic mediums, such as content of communications, the identity of the parties to the communications, location-tracking information including IP addresses, the time and duration of communications, and identifiers of communication equipment used in communications.

Traditionally, the invasiveness of communications surveillance has been evaluated on the basis of artificial and formalistic categories. Existing legal frameworks distinguish between “content” or “non-content,” “subscriber information” or “metadata,” stored data or in transit data, data held in the home or in the possession of a third party service provider.[7]

However, these distinctions are no longer appropriate for measuring the degree of the intrusion that communications surveillance makes into individuals’ private lives and associations. While it has long been agreed that communications content deserves significant protection in law because of its capability to reveal sensitive information, it is now clear that other information arising from communications – metadata and other forms of non-content data – may reveal even more about an individual than the content itself, and thus deserves equivalent protection. Today, each of these types of information might, taken alone or analysed collectively, reveal a person’s identity, behaviour, associations, physical or medical conditions, race, color, sexual orientation, national origins, or viewpoints; or enable the mapping of the person’s location, movements or interactions over time,[8] or of all people in a given location, including around a public demonstration or other political event. As a result, all information that includes, reflects, arises from or is about a person’s communications and that is not readily available and easily accessible to the general public, should be considered to be “protected information”, and should accordingly be given the highest protection in law.

In evaluating the invasiveness of State communications surveillance, it is necessary to consider both the potential of the surveillance to reveal protected information, as well as the purpose for which the information is sought by the State. Communications surveillance that will likely lead to the revelation of protected information that may place a person at risk of investigation, discrimination or violation of human rights will constitute a serious infringement on an individual’s right to privacy, and will also undermine the enjoyment of other fundamental rights, including the right to free expression, association, and political participation. This is because these rights require people to be able to communicate free from the chilling effect of government surveillance. A determination of both the character and potential uses of the information sought will thus be necessary in each specific case.

When adopting a new communications surveillance technique or expanding the scope of an existing technique, the State should ascertain whether the information likely to be procured falls within the ambit of “protected information” before seeking it, and should submit to the scrutiny of the judiciary or other democratic oversight mechanism. In considering whether information obtained through communications surveillance rises to the level of “protected information”, the form as well as the scope and duration of the surveillance are relevant factors. Because pervasive or systematic monitoring has the capacity to reveal private information far in excess of its constituent parts, it can elevate surveillance of non-protected information to a level of invasiveness that demands strong protection.[9]

The determination of whether the State may conduct communications surveillance that interferes with protected information must be consistent with the following principles.

The Principles

Legality: Any limitation to the right to privacy must be prescribed by law. The State must not adopt or implement a measure that interferes with the right to privacy in the absence of an existing publicly available legislative act, which meets a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of and can foresee its application. Given the rate of technological changes, laws that limit the right to privacy should be subject to periodic review by means of a participatory legislative or regulatory process.

Legitimate Aim: Laws should only permit communications surveillance by specified State authorities to achieve a legitimate aim that corresponds to a predominantly important legal interest that is necessary in a democratic society. Any measure must not be applied in a manner which discriminates on the basis of race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.

Necessity: Laws permitting communications surveillance by the State must limit surveillance to that which is strictly and demonstrably necessary to achieve a legitimate aim. Communications surveillance must only be conducted when it is the only means of achieving a legitimate aim, or, when there are multiple means, it is the means least likely to infringe upon human rights. The onus of establishing this justification, in judicial as well as in legislative processes, is on the State.

Adequacy: Any instance of communications surveillance authorised by law must be appropriate to fulfil the specific legitimate aim identified.

Proportionality: Communications surveillance should be regarded as a highly intrusive act that interferes with the rights to privacy and freedom of opinion and expression, threatening the foundations of a democratic society. Decisions about communications surveillance must be made by weighing the benefit sought to be achieved against the harm that would be caused to the individual’s rights and to other competing interests, and should involve a consideration of the sensitivity of the information and the severity of the infringement on the right to privacy.

Specifically, this requires that, if a State seeks access to or use of protected information obtained through communications surveillance in the context of a criminal investigation, it must establish to the competent, independent, and impartial judicial authority that:

there is a high degree of probability that a serious crime has been or will be committed;
evidence of such a crime would be obtained by accessing the protected information sought;
other available less invasive investigative techniques have been exhausted;
information accessed will be confined to that reasonably relevant to the crime alleged and any excess information collected will be promptly destroyed or returned; and
information is accessed only by the specified authority and used for the purpose for which authorisation was given.

If the State seeks access to protected information through communication surveillance for a purpose that will not place a person at risk of criminal prosecution, investigation, discrimination or infringement of human rights, the State must establish to an independent, impartial, and competent authority:

other available less invasive investigative techniques have been considered;
information accessed will be confined to what is reasonably relevant and any excess information collected will be promptly destroyed or returned to the impacted individual; and
information is accessed only by the specified authority and used for the purpose for which was authorisation was given.

Competent Judicial Authority: Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent. The authority must be:

separate from the authorities conducting communications surveillance;
conversant in issues related to and competent to make judicial decisions about the legality of communications surveillance, the technologies used and human rights; and
have adequate resources in exercising the functions assigned to them.

Due process: Due process requires that States respect and guarantee individuals’ human rights by ensuring that lawful procedures that govern any interference with human rights are properly enumerated in law, consistently practiced, and available to the general public. Specifically, in the determination on his or her human rights, everyone is entitled to a fair and public hearing within a reasonable time by an independent, competent and impartial tribunal established by law,[10] except in cases of emergency when there is imminent risk of danger to human life. In such instances, retroactive authorisation must be sought within a reasonably practicable time period. Mere risk of flight or destruction of evidence shall never be considered as sufficient to justify retroactive authorisation.

User notification: Individuals should be notified of a decision authorising communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorisation. Delay in notification is only justified in the following circumstances:

Notification would seriously jeopardize the purpose for which the surveillance is authorised, or there is an imminent risk of danger to human life; or
Authorisation to delay notification is granted by the competent judicial authority at the time that authorisation for surveillance is granted; and
The individual affected is notified as soon as the risk is lifted or within a reasonably practicable time period, whichever is sooner, and in any event by the time the communications surveillance has been completed. The obligation to give notice rests with the State, but in the event the State fails to give notice, communications service providers shall be free to notify individuals of the communications surveillance, voluntarily or upon request.

Transparency: States should be transparent about the use and scope of communications surveillance techniques and powers. They should publish, at a minimum, aggregate information on the number of requests approved and rejected, a disaggregation of the requests by service provider and by investigation type and purpose. States should provide individuals with sufficient information to enable them to fully comprehend the scope, nature and application of the laws permitting communications surveillance. States should enable service providers to publish the procedures they apply when dealing with State communications surveillance, adhere to those procedures, and publish records of State communications surveillance.

Public oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance.[11] Oversight mechanisms should have the authority to access all potentially relevant information about State actions, including, where appropriate, access to secret or classified information; to assess whether the State is making legitimate use of its lawful capabilities; to evaluate whether the State has been transparently and accurately publishing information about the use and scope of communications surveillance techniques and powers; and to publish periodic reports and other information relevant to communications surveillance. Independent oversight mechanisms should be established in addition to any oversight already provided through another branch of government.

Integrity of communications and systems: In order to ensure the integrity, security and privacy of communications systems, and in recognition of the fact that compromising security for State purposes almost always compromises security more generally, States should not compel service providers or hardware or software vendors to build surveillance or monitoring capability into their systems, or to collect or retain particular information purely for State surveillance purposes. A priori data retention or collection should never be required of service providers. Individuals have the right to express themselves anonymously; States should therefore refrain from compelling the identification of users as a precondition for service provision.[12]

Safeguards for international cooperation: In response to changes in the flows of information, and in communications technologies and services, States may need to seek assistance from a foreign service provider. Accordingly, the mutual legal assistance treaties (MLATs) and other agreements entered into by States should ensure that, where the laws of more than one state could apply to communications surveillance, the available standard with the higher level of protection for individuals is applied. Where States seek assistance for law enforcement purposes, the principle of dual criminality should be applied. States may not use mutual legal assistance processes and foreign requests for protected information to circumvent domestic legal restrictions on communications surveillance. Mutual legal assistance processes and other agreements should be clearly documented, publicly available, and subject to guarantees of procedural fairness.

Safeguards against illegitimate access: States should enact legislation criminalising illegal communications surveillance by public or private actors. The law should provide sufficient and significant civil and criminal penalties, protections for whistle blowers, and avenues for redress by affected individuals. Laws should stipulate that any information obtained in a manner that is inconsistent with these principles is inadmissible as evidence in any proceeding, as is any evidence derivative of such information. States should also enact laws providing that, after material obtained through communications surveillance has been used for the purpose for which information was given, the material must be destroyed or returned to the individual.

Signatories

7iber (Amman, Jordan)
Access(International)
Acción EsLaRed(Venezuela)
ActiveWatch – – Media Monitoring Agency (Romania)
Africa Platform for Social Protection – APSP (Africa)
AGEIA Densi (Argentina)
Agentura.ru (Russia)
Aktion Freiheit statt Angst(Germany)
Alfa-Redi (LAC)
All India Peoples Science Network (India)
Alternatif Bilişim Derneği (Alternatif Bilişim) – Turkey(Turkey)
Alternative Law Forum (India)
Arab Digital Expression Foundation(Egypt)
Article 19 (International)
ASL19 (Canada/Iran)
Asociación Civil por la Igualdad y la Justicia – ACIJ (Argentina)
Asociación Colombiana de Usuarios de Internet (Colombia)
Asociación de Internautas Spain (Spain)
Asociación Paraguaya De Derecho Informático Y Tecnológico – APADIT (Paraguay)
Asociación por los Derechos Civiles – ADC (Argentina)
Aspiration (United States)
Associação Brasileira de Centros de inclusão Digital – ABCID(Brasil)
Associació Pangea Coordinadora Comunicació per a la Cooperació (Spain)
Association for Freedom of Thought and Expression – AFTE (Egypt)
Association for Progressive Communications – APC (International)
Association for Proper Internet Governance (Switzerland)
Association for Technology and Internet – APTI(Romania)
Association of Community Internet Center – APWKomitel(Indonesia)
Australia Privacy Foundation – APF (Australia)
Bahrain Center for Human Rights (Bahrain)
Bangladesh NGOs Network for Radio and Communication – BNNRC (Bangladesh)
BC Freedom of Information & Privacy Association (BC FIPA) (Canada)
Benetech (USA/Global)
Berlin Forum on Global Politics (BFoGP)(Germany)
Big Brother Watch (United Kingdom)
Bits of Freedom (Netherlands)
Bolo Bhi (Pakistan)
Brasilian Institute for Consumer Defense – IDEC(Brasil)
British Columbia Civil Liberties Association – BCCLA (Canada)
Bytes for All (Pakistan)
Cairo Institute for Human Rights Studies(Egypt)
Casa de Derechos de Quilmes (Argentina)
Center for Digital Democracy (United States)
Center for Internet & Society India (India)
Center of Media Justice (United States)
Centre for Community Informatics Research, Development and Training(Canada)
Centro de Estudios en Libertad de Expresión y Acceso a la Información – CELE(Argentina)
Centro de Tecnologia e Sociedade (CTS) da FGV (Brasil)
Centrum Cyfrowe Projekt: Polska (Poland)
Citizen Lab (Canada)
Citizens Network Watchdog Poland (Poland)
ClubComputer.at (Austria)
Collaboration on International ICT Policy in total East and South Africa (CIPESA) (Uganda / Africa )
Colnodo(Colombia)
Comisión Colombiana de Juristas(Colombia)
Comité Cerezo México (México)
Consumer Korea (South Korea)
Consumers International(International)
ContingenteMx (México)
datapanik.org (Belgium)
DAWN Network (International)
DEJUSTICIA (Colombia/International)
Delhi Science Forum (India)
Digital Courage (Germany)
Digital Rights Foundation (Pakistan)
Digitterra (International)
DiploFoundation(International)
Electronic Frontier Finland – EFFI (Finland)
Electronic Frontier Foundation – EFF (International)
Electronic Frontiers Australia – EFA (Australia)
Electronic Frontiers Italy – ALCEI (Italy – Europe)
Electronic Privacy Information Center – EPIC (United States)
European Digital Rights – EDRI (Europe)
European Information Society Institute – EISi(Slovakia)
Fight for the Future (United States)
Foro Ciudadano de Participación por la Justicia y los Derechos Humanos – FOCO (Argentina)
Foundation for Community Educational Media – FCEM (Thailand)
Foundation for Information Policy Research – FIPR (United Kingdom)
Free Network Foundation (United States)
Free Press (United States)
Free Press Unlimited(Netherlands)
Free Software Foundation Europe(Europe)
Free Software Movement of India (India)
Freedom Against Censorship Thailand (FACT) (Thailand )
Freedom of the Press Foundation (United States)
Fundación Ambio (Costa Rica)
Fundación Andina para la Observación y el Estudio de Medios (Ecuador)
Fundación Karisma (Colombia)
Fundación Redes y Desarrollo – FUNREDES (República Dominicana – El Caribe)
Fundación Vía Libre (Argentina)
Global Voices Advocacy(International)
Grupo de Software Libre de Cúcuta(Cúcuta, Norte de Santander, Colombia)
Gulf Center for Human Rights (Arab Gulf region)
Hackerspace Rancho Electrónico (Mexico)
Helsinki Foundation for Human Rights, Warsaw – HFHR (Poland)
Hiperderecho (Peru)
Human Rights Data Analysis Group(International)
Human Rights Watch – HRW (International)
ICT Consumers Association of Kenya – ICAK(Kenya)
Independent Journalism Center from Moldova(Republic of Moldova)
Index on Censorship (United Kingdom)
Initiative for Freedom of Expression(Turkey)
Initiative für Netzfreiheit (Austria)
Institute des Technologies de l’Information et de la Communication Pour le Developpement – INTIC4DEV (Africa)
Instituto Baiano de Direito Processual Penal – IBADPP (Brasil/Bahia)
Instituto Bem Estar Brasil (Brasil)
Instituto NUPEF (Brasil)
International Civil Liberties Monitoring Group(Canada)
International Media Support – IMS (International)
International Modern Media Institute (Iceland / International)
Internet Governance Project, Syracuse University School of Information Studies (United States)
Internet Society Palestine (Palestine)
InternetNZ (New Zealand)
Internews (United States)
IP Justice (United States)
Iraqi Network for Social Media (Iraq)
Iriarte & Asociados (Peru)
ISOC Board of Trustees(International)
IT for Change (India)
Iuridicum Remedium, o.s.(Czech Republic)
Jonction (Mauritania, Senegal, Tanzania)
Jordan Open Source Association(Jordan)
Journaliste en danger (JED) (Démocratique du Congo / Africa)
Kenya ICT Action Network – KICTANet (Kenya)
Kenyan Ethical and Legal Issues Network (Kenya)
La Quadrature du Net (France/Europe)
Latin American Network of Surveillance, Technology and Society Studies – LAVITS (Latin America)
Liberty (United Kingdom)
Liga Uruguaya de Defensa del Consumidor(Uruguay)
Liga voor Mensenrechten vzw (Belgium)
May First / People Link (United States/international)
Media Action Grassroots Network – MAG-Net (United States)
Media Rights Agenda – MRA (Ikeja, Lagos)
MOGiS e.V. – A Voice for Victims (Germany)
Movimento Mega (Brasil)
Nawaat (Tunisia)
New York Chapter of the Internet Society(United States)
Oneworld: Platform for Southeast Europe – OWPSEE (Western Balkans)
Open Internet Tools Project – Open ITP (United States)
Open Knowledge Foundation (United Kingdom)
Open Media and Information Companies Initiative – Open MIC (United States)
Open Net Korea (South Korea)
Open Rights Group (United Kingdom)
Openmedia.ca (Canada)
Pacific Freedom Forum (Pacific Region)
Pakistan Press Foundation – PPF (Pakistan)
Palestinian Center for Development & Media Freedoms – MADA (Palestine)
Panoptykon Foundation (Poland)
Partners for Democratic Change Serbia(Serbia)
People Who (International)
Privacy & Access Council of Canada(Canada)
Privacy Activism (United States)
Privacy International (International)
PROTEGE QV (Cameroon/ Africa)
Public Association “Journalists” (Kyrgyzstan)
RedPaTodos (Colombia)
Reporters Without Borders – RSF (International)
Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic – CIPPIC (Canada)
SHARE Conference | SHARE Defense (Balkan Region)
Social Media Exchange (Lebanon)
Society for Knowledge Commons(India)
Software Freedom Law Centre (India)
Southeast Asian Press Alliance (South East Asia)
Statewatch (United Kingdom)
Sulá Batsú (Costa Rica)
Surveillance Studies Centre(Ontario, Canada)
Surveillance Studies Network (International)
TagMeNot Taiwan Association for Human Rights(Taiwan)
TechLiberty (New Zealand)
TEDIC (Paraguay)
Thai Netizen Network(Thailand)
The New Renaissance Network(Sweden)
TransMediar-Pimentalab [at] Universidade Federal de São Paulo (Brazil)
University of Campinas – Research Group CTeMe (Knowledge, Technology and Market) (Brasil)
University of São Paulo’s Research Group on Access to Information Policies (GPoPAI-USP) (Brasil)
Ushahidi (International)
VIBE!AT (Austria)
Voices for Interactive Choice and Empowerment(Bangladesh)
West African Journalists Association (West Africa)
WITNESS (International)
Zwiebelfreunde e.V. (Germany)

[1]Universal Declaration of Human Rights Article 12, United Nations Convention on Migrant Workers Article 14, UN Convention of the Protection of the Child Article 16, International Covenant on Civil and Political Rights, International Covenant on Civil and Political Rights Article 17; regional conventions including Article 10 of the African Charter on the Rights and Welfare of the Child, Article 11 of the American Convention on Human Rights, Article 4 of the African Union Principles on Freedom of Expression, Article 5 of the American Declaration of the Rights and Duties of Man, Article 21 of the Arab Charter on Human Rights, and Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms; Johannesburg Principles on National Security, Free Expression and Access to Information, Camden Principles on Freedom of Expression and Equality.

[2]Universal Declaration of Human Rights Article 29; General Comment No. 27, Adopted by The Human Rights Committee Under Article 40, Paragraph 4, Of The International Covenant On Civil And Political Rights, CCPR/C/21/Rev.1/Add.9, November 2, 1999; see also Martin Scheinin, “Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism,” 2009, A/HRC/17/34.

[3]Communications metadata may include information about our identities (subscriber information, device information), interactions (origins and destinations of communications, especially those showing websites visited, books and other materials read, people interacted with, friends, family, acquaintances, searches conducted, resources used), and location (places and times, proximities to others); in sum, metadata provides a window into nearly every action in modern life, our mental states, interests, intentions, and our innermost thoughts.

[4]For example, in the United Kingdom alone, there are now approximately 500,000 requests for communications metadata every year, currently under a self-authorising regime for law enforcement agencies who are able to authorise their own requests for access to information held by service providers. Meanwhile, data provided by Google’s Transparency reports shows that requests for user data from the U.S. alone rose from 8888 in 2010 to 12,271 in 2011. In Korea, there were about 6 million subscriber/poster information requests every year and about 30 million requests for other forms of communications metadata every year in 2011-2012, almost of all of which were granted and executed. 2012 data available at http://www.kcc.go.kr/user.do?mode=view&page=A02060400&dc=K02060400&boardId=1030&cp=1&boardSeq=35586

[5]See as examples, a review of Sandy Petland’s work, ‘Reality Mining’, in MIT’s Technology Review, 2008, available at http://www2.technologyreview.com/article/409598/tr10-reality-mining/ and also see Alberto Escudero-Pascual and Gus Hosein, ‘Questioning lawful access to traffic data’, Communications of the ACM, Volume 47 Issue 3, March 2004, pages 77 – 82.

[6]Report of the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, May 16 2011, available at http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/a.hrc.17.27_en.pdf

[7]“People disclose the phone numbers that they dial or text to their cellular providers, the URLS that they visit and the e-mail addresses with which they correspond to their Internet service providers, and the books, groceries and medications they purchase to online retailers . . . I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.” United States v. Jones, 565 U.S. ___, 132 S. Ct. 945, 957 (2012) (Sotomayor, J., concurring).

[8]“Short-term monitoring of a person’s movements on public streets accords with expectations of privacy” but “the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.” United States v. Jones, 565 U.S., 132 S. Ct. 945, 964 (2012) (Alito, J. concurring).

[9]“Prolonged surveillance reveals types of information not revealed by short-term surveillance, such as what a person does repeatedly, what he does not do, and what he does ensemble. These types of information can each reveal more about a person than does any individual trip viewed in isolation. Repeated visits to a church, a gym, a bar, or a bookie tell a story not told by any single visit, as does one’s not visiting any of these places over the course of a month. The sequence of a person’s movements can reveal still more; a single trip to a gynecologist’s office tells little about a woman, but that trip followed a few weeks later by a visit to a baby supply store tells a different story.* A person who knows all of another’s travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups – and not just one such fact about a person, but all such facts.” U.S. v. Maynard, 615 F.3d 544 (U.S., D.C. Circ., C.A.)p. 562; U.S. v. Jones, 565 U.S. __, (2012), Alito, J., concurring. “Moreover, public information can fall within the scope of private life where it is systematically collected and stored in files held by the authorities. That is all the truer where such information concerns a person’s distant past…In the Court’s opinion, such information, when systematically collected and stored in a file held by agents of the State, falls within the scope of ‘private life’ for the purposes of Article 8(1) of the Convention.” (Rotaru v. Romania, [2000] ECHR 28341/95, paras. 43-44.

[10]The term “due process” can be used interchangeably with “procedural fairness” and “natural justice”, and is well articulated in the European Convention for Human Rights Article 6(1) and Article 8 of the American Convention on Human Rights.

[11]The UK Interception of Communications Commissioner is an example of such an independent oversight mechanism. The ICO publishes a report that includes some aggregate data but it does not provide sufficient data to scrutinise the types of requests, the extent of each access request, the purpose of the requests, and the scrutiny applied to them. See http://www.iocco-uk.info/sections.asp?sectionID=2&type=top.

[12]Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, 16 May 2011, A/HRC/17/27, para 84.

NEW!! : subscribe to the first summer school on the EAFSJ…

Roma, 8-11 July
Sala conferenze Fondazione Basso – via della Dogana Vecchia, 5 – Roma

The European Area of Freedom Security and Justice (EAFSJ): scope, objectives, actors and dynamics.

Aim: to take stock of the current state of EAFSJ and of its foreseeable evolution within the next multiannual program 2015-2019 (to be adopted under Italian Presidency at the beginning of the next legislature).
Lenght: 4 one day modules
Subscriptions: on line on the Fondazione Basso internet site : http://www.fondazionebasso.it
Participation fees:
Euro 480,00 (ORDINARY FEE).
Euro 200,00 (FOR STUDENTS / RESEARCHERS) .
(Bank Account of Fondazione Lelio e Lisli Basso – Banca Nazionale del Lavoro Ag. Senato Palazzo Madama: IBAN IT18I0100503373000000002777 ).
Subscriptions should be submitted before June 15th.The Summer School will take place only if a minimum number of subscribers is reached !For further information : tel. 0039.06.6879953 – basso@fondazionebasso.it
Languages: lessons will be mainly in Italian (some lessons will be in English and French), teaching material will be in Italian and/or English, French.
English/Italian translation will be available.
The programme is on the web-site of Fondazione Basso (www.fondazionebasso.it -Tel. 06.6879953 – email: basso@fondazionebasso.it)

July 8th
A Constitutional and Institutional perspective
09h00 am – 06h30 pm

Opening speeches:
Valerio Onida: Freedom, Security and Justice related policies from a constitutional perspective and in relation with international and supranational dimensions
Stefano Manservisi: After the Stockholm Programme : how to preserve the specificity of the European Area of freedom security and Justice related policies by integrating them in the general EU governance and legal framework?

Debate

Freedom Security and Justice as the core of the common constitutional european heritage
Protecting fundamental rights: the impact of the accession of the EU to the ECHR. A common European Constitutional Heritage arising from the Council of Europe and European Union European Courts. What can be expected from the Strasbourg Human Rights Court in areas related to the FSJ?.
Speaker: Giuseppe Cataldi

Freedom Security and Justice as the core of the common constitutional european heritage
Promoting fundamental rights: the European Charter and its impact on EU policies. Even if the Charter does not extend the EU competencies it is now a constitutional parameter to be taken in account not only by the European judges but also by the EU legislature, even for policies designed with a more limited scope.
Speaker:Ezio Perillo

Debate

Evolution and transformation of the principle of Primacy of EU law. Dialogue and mutual influence of European and national Constitutional Courts.
Fifty years after the landmark case of Van Gend en Loos and four years after the Lissabon-Urteil (Bundesverfassungsgericht judgment of 30.6.2009), the tensions between EU “limits” and national “counter-limits” could arise again notably in the EAFSJ area.
Speaker: Oreste Pollicino

The EAFSJ a cross road of European and national founding values (art. 2), as well as for fundamental and European citizenship rights. How manage the indivisibility of rights and a Member States differentiated integration ?
(Opt-in Opt-out Countries). How far can the EU impact on Member States internal legislation (Towards a “reverse Solange” mechanism)? How the EU and Council of Europe can influence national fundamental rights related policies
Speaker: Nicoletta Parisi

The EAFSJ as supranational constitutional area of democracy. From National State to the European Union: what kind of relation between national and european legal orders ?
Sixty years of EU integration have changed the concept of democracy and sovereignty. There is a metamorphosis in National State’ s traditional role and its constitutional elements such as territory, citizenship and sovereign power. The Kantian vision of a peaceful cosmopolitan project mirrors the category of EU citizenship arising in the EAFSJ. Today Habermas developed the concept of “Constitutional patriottism”, underlying a “constitutionalisation” of the European supranational area. What are the pro and cons of this EU perspective ? The post-Lisbon Treaty stressed that the EAFSJ is becoming the embryo of a European public sphere as well as of a first example of supranational democracy.
Speaker: Francesca Ferraro

Debate

July 9th
Institutional dynamics and EU practices
09h30 am – 06h30 pm

The EAFSJ before Lisbon. The intergovernmental cooperation. From “TREVI” via “Schengen” to Amsterdam. The first phase.
How formerly excluded EAFSJ related policies have been integrated into the EU framework. TREVI cooperation, the Schengen agreement (1985) and its 1990 Implementing Convention as well as the Dublin Convention on Asylum.
The emerging notion of supranational space in the Single European Act (1986). The mutual recognition principle in the Internal Market and in EAFSJ-related policies. The Schengen Acquis in the EU legal framework from Amsterdam to Lisbon. Opt-in and Opt-out Countries: the impact of differentiated integration. Schengen relevance and ECJ jurisprudence on the preservation of the Schengen system consistency. From cooperation to integration.
Speaker: Dino Rinoldi

Debate

The EAFSJ after Lisbon (1). How the EAFSJ specificity has been preserved by progressively integrating it in the ordinary EU (communitarized) legal institutional framework. The impact on the EU institutions and on the MS.
Dynamics and the role of the Institutions in promoting, negotiating and implementing the EAFSJ-related policies. European Council, European Parliament, Council of the European Union, Commission and Court of Justice interplaying in the EAFSJ. The preparatory work conducted behind the scene by the Commission Directorates General, the Council working bodies – COREPER, CATS, COSI – and the EP parliamentary committees
Speaker: Antonio Caiola

The EAFSJ after Lisbon (2) How democratic principles are fulfilled in the EAFSJ. The impact of the EP on legislative procedures.
The interparliamentary dialogue and the way how the EP and national parliaments play their role when verifying the subsidiarity and proportionality principles in the EAFSJ policies. The emerging role at EU level of “political families” represented at national European and international level (European political parties, EP political groups, national parties).
Speaker: Emilio De Capitani

Debate

The EAFSJ after Lisbon (3). How EU policies are framed and implemented at national level. How cooperation, mutual recognition and harmonisation are implemented
How EAFSJ policies are implemented at national level. Problems and opportunities arising notably when implementing the mutual recognition of other EU countries’ measures. How intertwined are the EU and national administration in the EAFSJ related policies. Is there complementarity between EU and National strategies? The EU financial levy as a facilitator of mutual EU-national coordination. The emerging role of EU Authorities and Agencies as a support and meeting space also for national administrations (Ombudsman, FRA, EDPS, FRONTEX, EASO, EMCDDA, EUROPOL, OLAF, CEPOL, EUROJUST, …).
Speaker: Lorenzo Salazar

Debate

July 10th
An European space of freedom and rights
09h30 am- 06h30 pm

The EAFSJ after Lisbon (4) Placing the individuale at the heart of EU activities
How EU legislation implements the principles of equality and non-discrimination. The ECJ jurisprudence and the phenomenon of reverse discrimination. EU citizenship-related jurisprudence. Judicial action at national and European level founded on the EU Charter. Infringement of EU founding values and fundamental rights as possible exceptions to the mutual recognition obligations? Fundamental Rights Agency.
Speaker: Valentina Bazzocchi

The EU evolving framework of Transparency, access to documents, principle of good administration, and of classified information
After Lisbon a more transparent independent and efficient EU administration can be founded on Arts 15 and 298 of the TFEU as well as Arts 41 and 42 of the European Charter. However the close intertwining of the EU and the Member States has created a hybrid system of European Classified Information (EUCI), which is particularly relevant in the EAFSJ policies. How do European and national institutions implement the EU principles? How is the principle of good administration secured? What role should the EU Ombudsman play?
Speaker: Deirdre Curtin

Protection of Personal Data. The EU reform.
After the Lisbon Treaty and the merger of the so-called first and third pillars, protection of personal data can be framed in a globally consistent manner. Informational self determination, protection against possible abuses by the private sector as well as by public sector (law enforcement authorities) can now be framed at European level by taking stock of the lessons learned at national and international level (Council of Europe, OECD). How to preserve the role of national authorities and of the new coordinating body.
Speaker: Vanna Palumbo

Freedom of movement border integrated management
Freedom of movement of European citizens as well as of third country nationals in the EU remains a central and controversial issue. The integrated external border management is progressively framed at legislative level (borders, visas..) and implemented at operational level also thanks to the emerging role of Frontex and of the new European networks (SIS II – VIS). New opportunities as well as risks emerge in the definition of the EU-Member State management of internal and external borders
Speaker: Luisa Marin

Debate

European Migratory policies
Objectives, legal framework and operational setting of the EU-Member State policies. Five years after the European Pact on Asylum and Migration (2008), what lessons can be drawn for the next (2015-2019) multiannual programme? What improvements can be foreseen for the EU migration governance at central and national level? How are the Member States implementing the EU legislation? What are the main external aspects of the EU migration policy?
Speaker: Henry Labayle

The European common asylum system (and of EASO and EURODAC)
After the first generation of EU “minimum” rules the EU has now established the Common European Asylum System foreseen by Art. 18 of the Charter and Art 78 of the TFEU by taking account of the jurisprudence of the Luxembourg and Strasbourg Courts. At national level high standards should be granted to avoid the problems found for instance with Greece when implementing the Dublin system. The principle of solidarity still seems to be underexploited. Attention should be paid to the new role of EASO (Reg. (EU) No 439/2010) as well as to the implementation of the EURODAC system.
Speaker: Patricia Van de Peer

Debate

July 11
An European space of security and justice
09h30 am -06h30 pm

Judicial cooperation in civil matters; complement of the freedom of movement?
Judicial cooperation in civil matters has been one of the most dynamic domains after the entry into force of the Lisbon Treaty. Enhanced cooperation took place in matrimonial matters and intellectual property. Special attention will be reserved for the recently revised Brussels I Regulation (which abolished the “exequatur” procedure) as well as for the new Regulations on succession and wills and on mutual recognition of protection measures in civil matters.
Speaker: Filomena Albano

Internal security strategy: crisis prevention and management.
Special attention will be paid to the implementation of the 2010 European Internal Security Strategy and its impact on the cooperation between the EU institutions and agencies as framed by the “Policy Cycle” for the 2013-2017 period. There will also be a presentation of the implementation of PRUM cooperation and of the “availability principle” as well as the way how security- and intelligence-related information is exchanged notably within the framework of the so-called “Swedish Initiative”. The role played by COSI, Europol and of the internal security fund will be presented and debated together with the impact of the up-coming “Lisbonisation” of EU measures adopted before the entry into force of the Lisbon Treaty
Speaker: Sandro Menichelli

Debate

Judicial Cooperation in criminal matters
How judicial cooperation in criminal matters has been developed between countries of different legal traditions (civil and common law). Problems and opportunities arising at each level of cross-border cooperation (open coordination, mutual recognition, legislative harmonisation). The European jurisprudence (Strasbourg and Luxembourg Courts) as well as the impact of the EU Charter. The implementation of the first post-Lisbon measures and impact of the Lisbonisation of former third pillar measures in this domain. Preserving the independence of the judiciary: towards European-wide judiciary quality evaluation systems.
Speaker: Luca De Matteis

The European Public Prosecutor: a pattern also for Member States?
The OLAF Reform and the Eurojust “Lisbonisation” are intermediate phases towards the creation of the European Public Prosecutor’s office (EPPO) (Art. 86 TFEU). The latter will be empowered to bring action also before national courts. The European legislation will determine the general rules applicable to the European Public Prosecutor’s Office, the conditions governing the performance of its functions, the rules of procedure applicable to its activities, as well as those governing the admissibility of evidence, and the rules applicable to the judicial review of procedural measures taken by it in the performance of its functions. What will be the impact, the risks and opportunities arising from the creation of this new European Institution?
Speaker: Claudia Gualtieri

How to empower the EU citizens when EAFSJ are shaped and implemented ?
Round Table with the Intervention of Paul Nemitz, Antonie Cahen, Robert Bray Tony Bunyan

Final Debate

PRESENTATION OF THE COURSE

The Treaty of Lisbon and the Charter of Fundamental Rights of the European Union, which entered into force on 1 December 2009, constituted an important step both at the legal level and at the political level in the evolution of the European Union. The aim of the EU now is not only “… to promote peace, its values and the well-being of its peoples”, having presided over, since the end of the Second World War, the longest ever period of peace between European States, but also to achieve “… an area of freedom, security and justice with respect for fundamental rights and the different legal systems and traditions of the Member States.”

After the Treaty of Lisbon, the policies already provided for in the Maastricht Treaty within the framework of the so-called “third pillar” and originally focused mainly on intergovernmental cooperation and cooperation between administrations, are now to evolve into European “common policies” directly towards the interests of the individual, who is placed “at the heart of European integration.”

It is a Copernican revolution in so far as the Union is called not only to offer “… its citizens an area of freedom, security and justice without internal frontiers, in which the free movement of persons is ensured in conjunction with appropriate measures with respect to external border controls, asylum, immigration and the prevention and combating of crime” (Art. 3 TEU and Title V TFEU) but also to promote (and not only protect) fundamental rights and prevent all forms of discrimination (Art. 10 TFEU) and strengthen EU citizenship (Arts 18-25 TFEU) and with it the democratic principles on which it is based (Title II TEU).

The fact that the competences related to the ASFJ are now “shared” with the Member States (Art. 4 TEU) and are to be focused on the rights of the person brings about a daily interaction between the national and the European level, bringing into play national and European values, rights and objectives.

The process of reciprocal hybridization between the nascent European model and traditional national models is anything but politically painless, as the experience of almost thirty years of Schengen cooperation shows.

The aim of this Summer School is to assess the progress and difficulties encountered by the European institutions and the Member States in implementing the Charter of Fundamental Rights and the objectives set by the European Council in the “Stockholm Programme” of 10 December 2009.

Based on this evaluation, we intend to shed light on the possible priority bearing in mind that:
– it will be necessary to adjust the secondary legislation of the European Union in the light of the values and principles which are now enshrined in the Lisbon Treaty and the Charter of Fundamental Rights (“Lisbonisation”);
– we shall be in the final phase of the accession of the EU to the European Convention on Human Rights;
– at the beginning of the next legislature, we will be entering into a new phase in the European judicial area with the negotiations on the establishment of the European Public Prosecutor and the transition to the ordinary legislative procedure with regard to measures of police and judicial cooperation in criminal matters adopted before the entry into force of the Treaty (the transitional arrangements end on 1 December 2014);
– Member States which have hitherto enjoyed special treatment (Ireland, Denmark and the United Kingdom in particular) should have clarified their position with respect to the new phase of the ASFJ and the Schengen cooperation.

In the course of the next legislature it will also be necessary to promote greater consistency between European and national strategies related to the European area of freedom, security and justice. Just as in the economic sphere, the divergence of national public policies has put at risk the credibility of the common currency, the diversity of standards for the protection of the rights in Member States is straining mutual trust, the application of the principle of mutual recognition and the very credibility of the nascent “European model”. The strengthening of the operational solidarity between Member States’ administrations – which is being developed for example within the framework of Schengen cooperation – must be accompanied by legislative, operational and financial measures that implement solidarity between European citizens and third-country nationals on the territory of the Union.

In this perspective, Italy may play an important role as the new multi-annual programme for 2015-2019 is to be adopted by the second half of 2014 under the Italian Presidency.

Speakers:

Academics:
Valerio Onida, Former President of the Italian Constitutional Court
Giuseppe Cataldi, Pro-rettore Università L’Orientale (Napoli)
Oreste Pollicino, Public comparative law Professor (Università Bocconi – Milano)
Nicoletta Parisi, EU Law Professor (Università Catania)
Francesca Ferraro, Visiting Professor (Università L’Orientale – Napoli)
Dino Rinoldi, International Law Professor (Università Cattolica – Piacenza)
Valentina Bazzocchi, PHD EU Law (Alma Mater Università Bologna)
Deirdre Curtin, Professor of European Law (University of Amsterdam – NL),
Luisa Marin, Assistant Professor of European Law (University of Twente – NL)
Henri Labayle, Professeur de Droit international et européen (Université de Pau et des
pays de l’Adour – France)

Representatives and officials of European and national administrations:
Ezio Perillo (European Civil Service Tribunal)
Stefano Manservisi DG of the Commission DG Home
Paul Nemitz Director at the Commission DG Justice
Antoine Cahen, Patricia Van Den Peer, Claudia Gualtieri (European Parliament)
Filomena Albano, Luca De Matteis, Lorenzo Salazar (Italian Justice Ministery)
Sandro Menichelli (UE Italian Permanent Representation )
Vanna Palumbo (Garante Privacy IT)

Representatives of Civil Society:
Tony Bunyan, Director of Statewatch,Emilio De Capitani, FREE Group Secretary and Visiting Professor (Università L’Orientale – Napoli)

European “Smart Borders” project : negative opinion of the Meijers Committee

The Meijers Committee (*) has recently advised the members of the European Parliament to vote against the “Smart Borders” proposals (COM(2013) 95, 96 and 97).

In its letter it has expressed its deep concerns with respect to the:
– proportionality and practical feasibility of the proposals;
– coherence of the proposals with existing databases;
– applicable standards of data protection for the data subjects;
– conditions for transmission of personal data to third countries;
– broad discretion as regards the issuing of the registered traveller status;
– proposed amendments in the Schengen Borders Code;
– possible access to the Entry/Exit system for law enforcement purposes.

Note on the Smart Borders proposals (COM(2013) 95 final, COM(2013) 96 final and COM(2013) 97 final)

1. Introduction

The proposed Entry/Exit System (EES) processes alphanumeric data and fingerprints upon entry and exit of the third-country national, aiming to improve the management of the external border and the fight against irregular migration and more specifically to contribute to the identification of any person who may not, or may no longer fulfil the conditions of duration of stay within the territory of the Member States (so-called “overstayers”). This would effectively mean that the EES would collect the personal data of all third-country nationals entering the Schengen area. The Registered Traveller Programme (RTP) enables pre-vetted individuals to cross borders faster than other third-country nationals and aims to offset the additional constraints by the EES on cross-border travel. According to the European Commission, yearly 109 million third-country nationals without a visa and 73 million third- country nationals with a visa cross the EU borders.

The costs of the Smart Borders proposals envisaged by the European Commission are 1.1. billion euro.1

The sheer amount of data collected, in combination with the high costs of establishing Smart Borders, require compelling justifications. The EU legislator is obliged to observe proportionality as a general principle of EU law. This means that the measure must be suitable and necessary to achieve the aim it pursues, and should not impose “a burden on the individual (…) excessive in relation to the object sought to be achieved”.2

The Meijers Committee is of the opinion that the Smart Borders proposals are neither proportionate, nor suitable to its stated aims and raise severe data protection concerns. Therefore, the Committee advises the European Parliament to vote against the proposals.

2. Proportionality and practical feasibility

The proposals intend to facilitate the entry of “bona fide” travellers at the external borders and shorten waiting times.3 The EES is however likely to result in longer queues for third- country nationals, since all third-country nationals – also those that are not under a visa obligation – will be required to provide their fingerprints at the border. The RTP will only off-set waiting time to a limited extent, as only a limited number of third-country nationals will enrol in that programme.4 There is also a lack of clarity on the size of the problem of overstay which the EES intends to tackle. There are few reliable data on the numbers and profile of overstayers and there is very little research on the financial and social costs of the presence of third country nationals staying on an irregular basis in the EU.

Most importantly however, there is no direct link between the identification of overstayers and the stated objective of tackling irregular migration. The extent to which the information from the EES can help to implement and execute return proceedings is limited. The identification of overstayers does not provide authorities with any information as regards their location within the whole Schengen territory, nor does it facilitate return procedures. When a third county national is apprehended on suspicion of irregular stay, already now national authorities are able to establish the (ir)regularity of stay by examining the entry and exit-stamps on a person’s passport as well as by consulting the visa-stickers and VIS. Moreover, the mere identification of overstayers does not provide a solution in the situation where a third state does not cooperate in return proceedings. The side-effect of being able to collect statistics on overstay does not by itself justify the collection of large amounts of personal data.

Lessons need to be learnt from the experience with the setting up and practical operation of already existing databases. The European Commission itself has stated that a fully operational and developed Visa Information System (VIS) is “a prerequisite for the implementation of a Smart Borders System”.5 The Meijers Committee notes that the new generation Schengen Information System (SIS II) has only become operational as of 9 April 2013, the VIS is still in the process of being rolled out and access to EURODAC for law enforcement purposes has only been decided upon recently.6 There is therefore insufficient information to assess the functioning of existing databases and the added value of the current proposals. As required by the Hague Programme new centralised databases should only be created on the basis of studies that have shown their added value.7

Finally, the Meijers Committee wishes to point out the difficulties with the implementation of other information systems, most notably the SIS II, which was plagued with delays and cost over-runs due to technological problems. The United States has been unable to successfully implement a fully-functioning entry/exit system despite costly efforts to do so over the past decade.8 These experiences raise serious doubts as to the practical feasibility and cost-effectiveness of the current proposals.

3. Coherence with existing EU legislation

The Smart Borders Package will not function in isolation. Close attention has to be paid to the interaction with other databases in the Area of Freedom, Security and Justice. The proposals do not stipulate the consequences of an entry as overstayer in the EES for the inclusion in other data bases or the possible issuing of a return decision and/or entry ban under the Return Directive 2008/115. The registration of entry bans into the SIS should always be subject to the principle of proportionality and requires an individual assessment, in accordance with Articles 21 and 24 of the SIS II Regulation. However, national practices with regard to the SIS and the application of entry bans show a diverging approach in the EU Member States.

In an earlier opinion, the Meijers Committee has already pointed out the legal uncertainty in relation to the issuing of an entry ban and its inclusion in the SIS.9 The Meijers Committee expects a similar problem with respect to the reporting of overstayers in the EES. When overstay in the past is an element to be taken into account when issuing a (new) Schengen visa to a third-country national, the risk exists that the fact that he or she is reported in the EES, will lead to an automatic refusal of a visa, not taking into account his or her personal circumstances or reasons to visit the EU.

The Meijers Committee further points to the relationship of the EES and the reintroduction of internal border controls, regulated in Article 28 of the Schengen Borders Code. According to this provision, the obligation to enter the entry and exit data of the third country- national in the EES would apply mutatis mutandis

Close attention also needs to be paid to the possible consequences of EES for EU citizens and especially third country family members of EU citizens. The proposals should guarantee that the application of the EES does not interfere with the rights laid down in Directive 2004/38 EC. Moreover, the Meijers Committee questions whether the EES can be applied to Turkish nationals falling under the Association Agreement and their family members in light of the standstill clause in Decision 1/80 and the nondiscrimination clause in Article 9 of the Association Agreement.

Finally, the Smart Borders proposals refer to Directive 95/46 as the applicable legal framework for data protection. These rules are however under review and set to be replaced by a new general legislative framework on data protection (COM(2012 9,10 and 11). The Meijers Committee recommends that the adoption of proposals involving the storage of large amounts of data is postponed until the final adoption of clear and uniform rules on data protection. Following the adoption of a new legal framework, the Smart Borders proposals should be re-assessed in the light of the new data protection framework.

4.Data protection rights

It is established case law of the ECtHR that the mere collection, storage and processing of personal data amounts to an interference with the right to privacy (art. 8 ECHR and art. 8 EU Charter). Such interference can only be justified when it serves a legitimate aim and is proportionate to this aim. The data must be relevant and not excessive in relation to the purposes for which they are stored and preserved in a form no longer than is required for the purpose for which those data are stored.10 As mentioned above, under point 2, the necessity and the proportionality of the Smart Borders proposals has not been established.

The Meijers Committee is of the opinion that the proposal for an Entry/Exit system does not offer sufficient guarantees to the data subject and leaves too much discretion to the Member States. In the following, the Committee makes a few comments on specific provisions relating to data protection in the proposal for an Entry/Exit system.

§ 4.1. Article 20- the storage of data

Article 20 of the proposal for an EES regulates that data will be stored in the EES for six months when the third-country national exits the territory of the Member States within the authorised period of stay. Data shall be stored for a maximum period of five years when there is no exit-record following the date of expiry of the authorised period of stay. The unconditional application of a five years data retention period may result in a disproportional limitation of the individual freedom of movement. It could mean that an individual may not be able to re-enter the EU during five years, also when a person has overstayed his or her authorised stay for a negligible amount of time or for causes not attributable to him or her.

§ 4.2. Article 21- the possibility to amend data in EES

The proposal is flawed as regards the rights granted to the data-subjects in case of justifiable overstay or of an erroneous entry in the EES. It is crucial that a third-country national has the possibility to request the,competent authorities to delete or amend such data and is given an effective judicial remedy, including interim measures, if the authorities refuse to amend the data, especially if in the future data stored in EES can be accessed for law enforcement purposes. Article 21 of the proposal includes these rights, but its text provides the Member State a wide discretionary power; notions such as “without delay”, “unforeseeable and serious event” and “in case of errors” can be interpreted in many different ways.

Also, the decision on which evidence shall be admitted to support the claim for amendment of the data should not be left to the discretion of the Member States. Considering that exceeding authorised stay might lead to the expulsion of the third country national, a clearly defined provision, including the possibility to grant suspensive effects to the appeal lodged on EU level is necessary. Finally, the Meijers Committee points at the important problem of the practical accessibility and implementation of the rights in Article 21, especially when the individual concerned has left the EU territory.

§ 4.3. Article 27- transfer of data to third countries

The Meijers Committee is concerned about the wide discretionary power left to the national authorities of the Member States with regard to the transfer of personal data from the EES to third countries, as provided in Article 27 of the proposal. This discretionary power undermines the general principle that data shall not be transferred to third countries, third parties or organisations. The transfer of data to third countries is allowed for the purpose of proving the identity of third-country nationals, including for the purpose of return. The conditions to allow for such communication do not offer sufficient guarantees. It has not been substantiated why the transfer of EES data to third countries is necessary for the return of third- country nationals.

Furthermore, Article 27(3) regulates that the transfer of third countries shall not prejudice the rights of, refugees and persons requesting international protection, in particular as regards non-refoulement. The Meijers Committee notes that it should be clarified how and by whom the decision on the transmission of data to third countries and the risk of non-refoulement will be examined and if the Member State involved will be held responsible when something happens to the person upon return to his or her country of origin.

§ 4.4. Articles 29 and Article 32- Liability and penalties

Article 29 on the liability for suffered damage as a result of an unlawful processing operation or any act incompatible with the EES does not offer a strong position to the third- country national; Member States will be exempted from liability if it proves that it is not responsible for the event giving rise to the damage. This again leaves too much room for interpretation, especially because no clarity is given on the burden of proof, and the possibility to claim compensation is left to national law.

Article 32 provides for the possibility for the Member States to lay down rules on (administrative or criminal) penalties applicable on infringements of data protection provisions in this Regulation. These penalties should be “effective, proportionate and dissuasive”. While this formulation is consistent with EU law, the Meijers Committee finds that future evaluation mechanisms of the EES should assess carefully whether national provisions implementing this provision do guarantee in an effective manner European data protection rules.

§ 4.5. Role of the supervisory authorities

Considering the current use and development of large-scale databases in the EU and other instruments involving data processing, such as the API Directive, the VIS and Eurodac, the Meijers Committee underlines the excessive increase of workload of the national supervisory authorities and the EDPS. This development carries the risk that supervisory authorities will not be able to exercise their tasks effectively. Therefore, the financial and personal means which are necessary for data protection authorities in order to be able to perform their tasks effectively with respect to the whole data protection framework, should be taken into account and guaranteed.

5. Access to Entry/Exit System for law enforcement purposes and the possibilities offered by Privacy by Design

The current proposal for an EES clearly indicates that in the near future access to the Entry/ Exit System for law enforcement purposes will be considered. This can be derived from the Impact Assessment, where access for law enforcement is already explored and recital (11) where it is set out that the technical development of the system should be as such that in the future access for law enforcement purposes will be possible. The Meijers Committee regrets the premature reference to this possibility because it obscures the discussion on the desired form and the necessity and proportionality of the system as it stands.

As already expressed in earlier comments, the Meijers Committee underlines its strong objections to provide access for law enforcement purposes.11 Access for law enforcement purposes to the EES containing data of a large group of innocent persons is to be considered as a disproportional limitation of their privacy and data protection rights, including the principle of purpose limitation. In this context, the Meijers Committee recalls that preliminary questions have been submitted by national courts in Germany and the Netherlands to the Court of Justice of the European Union on the implementation of the Regulation (EC) No 444/2009 on standards for security features and biometrics in passports and travel documents issued by the Member States.12 In these questions, the national courts voice their concerns about the proportionality of the central storage of biometric data in passports and travel documents and their use for other purposes and about the relationship of the Regulation with the rights to privacy and protection of personal data safeguarded under Article 7 and 8 of the Charter of Fundamental Rights and Article 8 ECHR.

Although access for law enforcement purposes is not regulated in the current proposal, it is required that a technical system be set up in order to allow such access (Recital 11). In view of this, the Commission should device solutions which accommodate privacy by design,13 by recurring to Privacy Enhancing Technologies (PET).14 For example, in this case, it should be considered to use fingerprint identification technologies coupled with the storage of templates (e.g. using hash functions) of fingerprints, instead of the storage of full fingerprints in the database. Besides enhancing security, by reducing the chance to compromise biometric data, this will offer some level of data minimisation and, consequently, will benefit proportionality for a database storing data of persons which are not suspected of any crime.

6. The Registered Traveller Programme (COM (2013) 97 final)

The Meijers Committee has also taken note of the proposal for a Regulation establishing a Registered Traveller Programme. Recognizing the usefulness of facilitating the swift entrance of frequent third- country travellers to the EU, the Meijers Committee questions whether Article 12 of the proposal does not give too much discretion to the competent authorities in deciding on an application for such a programme. Article 12 (d) for example provides that the applicant has to prove “his/her integrity and reliability, in particular a genuine intention to leave the territory in due time”, which can be interpreted in many different ways. The Meijers Committee is of the opinion that the provisions must be more concrete, in order to avoid discretionary decisions on the admission to the Registered Travellers Programme.

7. Proposed amendments to the Schengen Borders Code (COM (2013) 96 final)

The amendments to the Schengen Borders Code aims to bring the Code in line with the proposals for an EES and an RTP. The Meijers Committee notes that not only technical amendments are proposed, but also amendments on the substance, considerably extending the possibilities for border guards to check whether the third country national is an overstayer. For instance, border guards now always need to verify that the third country national did not exceed the maximum duration of authorised stay in the territory of the Member States upon exit of the territory (addition para. IV to Article 7(3)(b)), whereas in the current provision this is not compulsory (Article 7(3)(c)(ii). This extended obligation is not in line with the aim to shorten waiting lines at the borders.

The Meijers Committee is concerned about the amendments to Article 11 of the Schengen Borders Code. In the current Article 11 a presumption of irregular stay is provided for in the situation where a thirdcountry national does not bear an entry stamp, whereas in the proposed amendment not only the lack of an entry record in the EES presumes irregular stay, but also where there is an entry record but there is no exit date following the date of expiry of the authorised length of stay. The Meijers Committee notes that this considerably extends the possibilities for authorities to accept a presumption of irregular stay. This underlines the importance of entering data in the EES correctly and accurate, but also implies that clearly defined safeguards should be provided for to be able to rebut the presumption and to have an effective judicial remedy if the rebuttal of the presumption is not accepted.

The Meijers Committee questions whether the criterion of providing “credible evidence, by any means, such as transport tickets or proof of his or her presence outside the territory of the Member State” does not leave too much discretion to authorities to decide on this issue, especially because of the serious consequences: the third- country national may be expelled by the competent authorities from the territory of the Member State concerned. The Meijers Committee considers that it should be investigated first how the Member States have applied this provision so far and whether it has lead to diverging practices.

o-0-o

1 Impact Assessment Proposal for a Regulation establishing an entry/exit system to register entry and exit data of third- country nationals crossing the external border of the Member States of the European Union (SWD (2013) 47 final), p. 11 and p.45.

2 P. Craig, G. de Búrca, EU LAW, Oxford, OUP, 2008, p. 545.

3 ‘Smart Borders’ enhancing mobility and security’, press release European Commission, 28 February 2013.

4 Dr. B. Hayes, M. Vermeulen, “Borderline EU Border Surveillance Initiatives », Heinrich Böll Stiftung, May 2012.

5 COM (2011) 680 final, p.7.

6 Regulation (EC) No 1987/2006 on the establishment, operation and use of the second- generation Schengen Information System (SIS II), Regulation (EC) No 767/2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas and amended proposal for a Eurodac Regulation for the effective application of the Dublin Regulation and to request comparisons with Eurodac data by Member States’ law enforcement authorities and Europol for law enforcement purposes (COM(2012) 254).

7 The Hague Programme, Strengthening Freedom, Security and Justice in the European Union (2005/C 53/01).

8 GAO report number GAO-09-1002T: ‘Homeland Security: Despite Progress, DHS Continues to Be Challenged in Managing Its Multi-Billion Dollar Annual Investment in Large-Scale Information Technology Systems’(15 September 2009).

9 CM1202 Note on the coordination of the relationship between the Entry Ban and the SIS- Alert- An Urgent need for Legislative Measures, 8 February 2012.

10 ECtHR S and Marper v. the UK, 4 December 2008, application nos. 30562/04 and 30566/04. See also ECJ Huber v. Germany, C-524/06, 16 December 2008.

11 See also a.o. CM1216, CM0910 and CM0714.

12 Dutch Council of State, case 201205423/1/A3, 28 September 2012, C-447/12 and Verwaltungsgericht Gelsenkirchen, C-291/12 Schwarz v. Stadt Bochum, 15 May 2012.

13 See the Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy, at: http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-03-19_Trust_Information_Society_EN.pdf.

14 See MEMO of the Commission Privacy Enhancing Technologies (PETs), Reference: MEMO/07/159, at; http://europa.eu/rapid/press-release_MEMO-07-159_en.htm#fn3; see also the Study on the economic benefits of privacy-enhancing technologies (PETs), Final Report to the European Commission, DG Justice, Freedom and Security, Prepared by London Economics,2010 at: http://ec.europa.eu/justice/policies/privacy/docs/studies/final_report_pets_16_07_10_en.pdf; see also Commission’s Communication COM(2007) 228 final, on Promoting Data Protection by Privacy Enhancing Technologies (PETs), at: http://eur-lex.europa.eu/LexUriServ/site/en/com/2007/com2007_0228en01.pdf.

(*) The Standing Committee of Experts on International Immigration, Refugee and Criminal law, was established in 1990 by five NGO’s: the Dutch Bar Association, the Refugee Council, the Dutch section of the International Commission of Jurists, the Netherlands Centre for Immigrants/FORUM and the National Bureau against Racism (LBR).The Committee is independent. Most of its members are lawyers, working at Law Faculties in the Netherlands or in Belgium. The Standing Committee monitors developments in the area of Justice and Home Affairs and presents its opinion to the Dutch Parliament, the European Parliament, or parliaments in other Member States (e.g. the House of Lords), to the Dutch government, the European Commission and to other public authorities and NGO’s.

Terrorism and “Intelligence-led policing”: the German Constitutional Court draws its “red lines”..

On April 23rd, shortly after the European Union started working on the new Europol legal framework which is deemed to align the main intelligence led policy Agency with the Lisbon Treaty and with the European Charter the German Constitutional Court (BVG) decided to impose a strict separation between the work of the police and intelligence services. As in several other cases where the BVG jurisprudence has influenced also the European legislature this ruling will be probably thouroughly analysed also in Brussels even if the BVG maintain that the issue falls under the national exclusive competence. Therefore it will be more than likely that the principles outlined in this ruling would be taken in account in the EU draft legislation on data protection when these data are collected for security purposes.

According to the BVG press release (emphasis added) “…For the Karlsruhe based court, the exchange of data between the Federal Office for the Protection of the Constitution, intelligence services, military counter-intelligence and the police amounts to — a severe infringement of the rights of those concerned, which is why it can only be allowed in exceptional cases. The judges did, however, authorise an “anti-terrorist” listing, while declaring another “secret service contact” listing unconstitutional. Initiated in 2006, the second database contains information on 18,000 potential terrorists, supplied by 38 intelligence services.
The counter-terrorism database is in its fundamental structures compatible with the Basic Law. However, it does not meet the constitutional requirements regarding specific aspects of its design.
This is what the First Senate of the Federal Constitutional Court decided in a judgment that was issued on April 23. Under certain conditions, the unconstitutional provisions can continue to be applied until new regulation has been enacted, but no later than until 31 December 2014.

The Decision is Essentially Based on the Following Considerations: Continue reading “Terrorism and “Intelligence-led policing”: the German Constitutional Court draws its “red lines”..”

Analysis :The second phase of the Common European Asylum System: A brave new world – or lipstick on a pig? By Professor Steve Peers, (*) University of Essex

ORIGINAL PUBLISHED ON STATEWATCH

(* FREE Group Member)

8 April 2013

Several years ago, the EU set itself the deadline of 2010 – later postponed to 2012 – for completing the second phase of the Common European Asylum System (CEAS). Near the end of March 2013, the European Parliament (EP) and the Council (the Member States’ interior ministers) finally agreed upon the texts of the two remaining legislative measures to this end.
No further EU measures on asylum (other than a revision of the current European Refugee Fund) are currently under discussion or planned for the time being. So the recently agreed rules will likely govern the issue of asylum in the EU for a number of years to come.

The objectives of the second phase of the Common European Asylum System were set out in the policy plan on asylum published by the Commission in 2008 (see the links below). This policy plan began by pointing out some key general trends.

In particular, a ‘critical flaw’ of the first phase of the Common European Asylum System was the wide difference in Member States’ recognition rates, ie the percentage of persons from the same country of origin whose claim for refugee status was accepted or not.

This divergence created ‘secondary movements’ (ie movements of asylum-seekers between Member States) and ‘goes against the principle of providing equal access to protection across the EU’.
Also, an increasing number of applicants were given ‘subsidiary protection’, ie a form of protection other than refugee status, and it was necessary to take account of this when developing the second phase legislation.

As for the content of the Common European Asylum System, the objective of creating the system was first agreed back in 1999, at the European Council (ie summit meeting) in Tampere, Finland. It was then agreed that there should be a ‘uniform status of asylum’ which would be ‘valid throughout the Union’.

Since the entry into force of the Treaty of Lisbon in 2009, these objectives are now a legally binding part of the EU Treaties (Article 78 of the Treaty on the Functioning of the European Union).

The most recent multi-year Justice and Home Affairs programme, agreed in 2009 (the ‘Stockholm programme’) states that:

The European Council remains committed to the objective of establishing a common area of protection and solidarity based on a common asylum procedure and a uniform status for those granted international protection. While [the] CEAS should be based on high protection standards, due regard should also be given to fair and effective procedures capable of preventing abuse. It is crucial that individuals, regardless of the Member State in which their application for asylum is lodged, are offered an equivalent level of treatment as regards reception conditions, and the same level as regards procedural arrangements and status determination. The objective should be that similar cases should be treated alike and result in the same outcome.

Furthermore:

There are still significant differences between national provisions and their application.
In order to achieve a higher degree of harmonisation, the establishment of CEAS, should remain a key policy objective for the Union. Common rules, as well as a better and more coherent application of them, should prevent or reduce secondary movements within the Union, and increase mutual trust between Member States.
With the recent agreement in principle on all of the remaining legislative proposals, it is time to assess whether the second phase of the Common European Asylum System will achieve the objective of ensuring common standards based on a high degree of protection.

Overview

There are five main measures making up the first phase of the Common European Asylum System, and all of them are being updated as part of the second phase of the system.

The state of play of these five measures is as follows: Continue reading “Analysis :The second phase of the Common European Asylum System: A brave new world – or lipstick on a pig? By Professor Steve Peers, (*) University of Essex”

An european area of freedom, security and justice ? Paving the way from Stockholm …to Rome in 2014

On November 7th the FREE Group submitted to the Chairman and other members of the Civil liberties Committee of the European Parliament its “Call for a true European Area of Freedom Security and Justice”. The main aim of the “Call” was to evaluate what has been done (or not done) since the entry into force of the Lisbon Treaty and the adoption of the Stockholm Programme.
Learning from failures and successes is a pre-condition for the new phase which will start from December 1st, 2014 (at the end of the five-years transitional period for the measures adopted before the Lisbon Treaty in judicial and police cooperation domain) (1).

According to the FREE Group “CALL” from December 2014 onward, EU and its Member States have to close the current gap between the EU legislation and the principles and objectives now outlined in the Treaties and in the European Charter of fundamental rights. Needless to say, the “lisbonisation” of police and judicial cooperation in penal matters, (1) will be the first test of the real will of the member States and of the EU institutions. Unfortunately the current situation is not promising at all and the announced UK opt-out will not make things easier either.
However, a fundamental shift of responsabilty between the EU institutions is also needed to make the EAFSJ more legitimate and credible.

The European Council which has acted until now practically alone when it has adopted the multiannual programmes of Tampere (1999), Den Haag (2004) and even Stockholm (2009). It should now accept the fact that after Lisbon, even if it will maintain its strategic role in this area (art.68 TFEU) it has to play it by taking in account the new EU institutional balance arising from the Treaties and the Charter. The new role of the European Parliament, of the Commission and of the Court of Justice in the EAFSJ policies requires a different relation with the European Council which is no more the “Deus ex machina” but an institution which like all the others should respect the principle of loyal cooperation, abide to the obligations of transparency (art. 15 TFEU), respect of democratic principles, dialog with civil society (art.11 TEU) and, last but not least, be accountable to the EU citizens.
In this perspective a strong interaction with the other Institutions directly elected by the european citizens such the European Parliament and of the national parliaments become unavoidable.
Moreover a stronger integration of the European Council within the “ordinary” EU institutional dialogue will not only re-establish the checks and balances within the EU (required since 1958 by the ECJ “Meroni” ruling) but could also trigger as a substantial effect, a real political debate also betweeen the european political “families” which still prefers hiding themselves behind the EU institutional machinery.
If such an open political debate arises it will be extremely beneficial for the all EU construction and could prove that the EAFSJ policies are no more an area restricted to skilled diplomats and burocrats “elites” shaping the Council and Commission’s Strategies, Conclusions, Guidelines, Roadmaps… .

The future Italian Presidency of the EU Council which will take place in the second semester of 2014, could play a decisive role for a more transparent and democratic phase of the EAFSJ.

However to make this change possible hard preparatory work is needed and should start already now because the EU is a sort of “super carrier” which requires time and skillfulness to change its direction. Moreover as soon as this change of strategy will become apparent it will inevitably create the opposition inside the Council, the Commission and even in the European Parliament as it happened for the “access to documents” file. It is well known that soon after the “Turco” ruling of the Court of Justice which has required more transparency in the Council and Commission these institutions have developped a clear opposite strategy to “protect” their old decision making procedures.

This kind of turf wars between the EU institutions could be extremely dangerous from an european citizen’s perspective because the EAFSJ policies should now be negotiated and implemented in full compliance with the EU Charter. They have become the core of a new European Public order which can be considered democratic only if the EU citizens and their representatives could influence both the national and European level. This objective was crystal clear when the Charter has been negotiated, and it has been reiterated also by seminal ruling of national Constitutional Courts, but since then it looks fading away from the EU legislative works and debates.

However this sort of resilience of the “Maastricht style” even after the Lisbon Treaty and EU Charter risks to be a slippery slope for the EAFSJ policies.

For thirty years the EU has underestimated the close relation between the EURO and a true EU Economic policy; let’s hope that the same mistake will not be repeated for the relation which has now to established between the EU Charter and the relevant EAFSJ policies. They should no more evolve, as it is still now the case, in a parallel world separated from the other EU policies notably in the economic and social sphere. In politics (as in nature) everything is linked. Again, the role that the future Italian Presidency could play will be extremely important because it will be at the beginning of a new EU legislature as well as of the new 18^th months Trio Presidency cycle which will cover from 1^st of July 2014 to December 31^st 2015.

By framing the new global EU roadmap bringing together the EAFSJ policies with the new EU 2020 agenda the Italian Presidency can make the difference by setting a new bridge on (still) troubled waters.

EDC

1. See artt 9 and 10 of Protocol 36 on “TRANSITIONAL PROVISIONS CONCERNING ACTS ADOPTED ON THE BASIS OF TITLES V AND VI OF THE TREATY ON EUROPEAN UNION PRIOR TO THE ENTRY INTO FORCE OF THE TREATY OF LISBON

Article 9
The legal effects of the acts of the institutions, bodies, offices and agencies of the Union adopted on the basis of the Treaty on European Union prior to the entry into force of the Treaty of Lisbon shall be preserved until those acts are repealed, annulled or amended in implementation of the Treaties.
The same shall apply to agreements concluded between Member States on the basis of the Treaty on European Union.

Article 10
1. As a transitional measure, and with respect to acts of the Union in the field of police cooperation and judicial cooperation in criminal matters which have been adopted before the entry into force of the Treaty of Lisbon, the powers of the institutions shall be the following at the date of entry into force of that Treaty: the powers of the Commission under Article 258 of the Treaty on the Functioning of the European Union shall not be applicable and the powers of the Court of Justice of the European Union under Title VI of the Treaty on European Union, in the version in force before the entry into force of the Treaty of Lisbon, shall remain the same, including where they have been accepted under Article 35(2) of the said Treaty on European Union.
2. The amendment of an act referred to in paragraph 1 shall entail the applicability of the powers of the institutions referred to in that paragraph as set out in the Treaties with respect to the amended act for those Member States to which that amended act shall apply.
3. In any case, the transitional measure mentioned in paragraph 1 shall cease to have effect five years after the date of entry into force of the Treaty of Lisbon.
4. At the latest six months before the expiry of the transitional period referred to in paragraph 3, the United Kingdom may notify to the Council that it does not accept, with respect to the acts referred to in paragraph 1, the powers of the institutions referred to in paragraph 1 as set out in the Treaties. In case the United Kingdom has made that notification, all acts referred to in paragraph 1 shall cease to apply to it as from the date of expiry of the transitional period referred to in paragraph 3. This subparagraph shall not apply with respect to the amended acts which are applicable to the United Kingdom as referred to in paragraph 2.
The Council, acting by a qualified majority on a proposal from the Commission, shall determine the necessary consequential and transitional arrangements. The United Kingdom shall not participate in the adoption of this decision. A qualified majority of the Council shall be defined in accordance with Article 238(3)(a) of the Treaty on the Functioning of the European Union.
The Council, acting by a qualified majority on a proposal from the Commission, may also adopt a decision determining that the United Kingdom shall bear the direct financial consequences, if any, necessarily and unavoidably incurred as a result of the cessation of its participation in those acts.
5. The United Kingdom may, at any time afterwards, notify the Council of its wish to participate in acts which have ceased to apply to it pursuant to paragraph 4, first subparagraph. In that case, the relevant provisions of the Protocol on the Schengen Acquis integrated into the framework of the European Union or of the Protocol on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, as the case may be, shall apply. The powers of the institutions with regard to those acts shall be those set out in the Treaties. When acting under the relevant Protocols, the Union institutions and the United Kingdom shall seek to re-establish the widest possible measure of participation of the United Kingdom in the acquis of the Union in the area
of freedom, security and justice without seriously affecting the practical operability of the various parts thereof, while respecting their coherence.”