Category: 1.1 Decision Making Process – Planning

UNSC RESOLUTION 2240(215) (NB:fighting smugglers and traffickers in the Mediterranean Sea)

NOTA BENE : After UNSC Resolution 2178(2014) on Foreign Fighters aiming to address a problem raised notably by the EU, UNSC Resolution 2240(2015) paves now the way for a strenghtened  EU intervention against smugglers and traffickers in the South Mediterranean currently conducted in the framework of the Operation EUNAVFOR -Sophia. Emphasis have been added to the original text and comment will follow in the coming days 

UNITED NATIONS 

Resolution 2240(2015) Adopted by the Security Council at its 7531st meeting, on 9 October 2015

The Security Council,

Recalling  its press statement of 21 April on the maritime tragedy in the Mediterranean Sea,

Reaffirming its strong commitment to the sovereignty, independence, territorial integrity and national unity of Libya,

Recalling that international law, as reflected in the United Nations Convention on the Law of the Sea of 10 December 1982, sets out the legal framework applicable to activities in the ocean,

Reaffirming also the United Nations Convention against Transnational Organized Crime (UNTOC Convention) and its Protocol against the Smuggling of Migrants by Land, Air and Sea, as the primary international legal instruments to combat the smuggling of migrants and related conduct, and the Protocol to Prevent, Suppress and Punish Trafficking in Persons,

Especially Women and Children, supplementing the UNTOC Convention, as the primary international legal instruments to combat trafficking in persons,

Underlining that, although the crime of smuggling of migrants may share, in some cases, some common features with the crime of trafficking in persons, Member States need to recognise that they are distinct crimes, as defined by the UNTOC Convention and its Protocols, requiring differing legal, operational, and policy responses,

Deploring the continuing maritime tragedies in the Mediterranean Sea that have resulted in hundreds of casualties, and noting with concern that such casualties were, in some cases, the result of exploitation and misinformation by transnational criminal organisations which facilitated the illegal smuggling of migrants via dangerous methods for personal gain and with callous disregard for human life,

Expressing grave concern at the recent proliferation of, and endangerment of lives by, the smuggling of migrants in the Mediterranean Sea, in particular off the coast of Libya and recognizing that among these migrants may be persons who meet the definition of a refugee under the 1951 Convention relating to the Status of Refugees and the 1967 Protocol thereto,

Emphasizing in this respect that migrants, including asylum-seekers and regardless of their migration status, should be treated with humanity and dignity and that their rights should be fully respected, and urging all States in this regard to comply with their obligations under international law, including international human rights law and international refugee law, as applicable, stressing also the obligation of States, where applicable, to protect the human rights of migrants regardless of their migration status, including when implementing their specific migration and border security policies,

Reaffirming in this respect the need to promote and protect effectively the human rights and fundamental freedoms of all migrants, regardless of their migration status, especially those of women and children, and to address international migration through international, regional or bilateral cooperation and dialogue and through a comprehensive and balanced approach, recognizing the roles and responsibilities of countries of origin, transit and destination in promoting and protecting the human rights of all migrants, and avoiding approaches that might aggravate their vulnerability,

Further recalling the International Convention for the Safety of Life at Sea and the International Convention on Maritime Search  and Rescue,

Expressing further concern that the situation in Libya is exacerbated by the smuggling of migrants and human trafficking into, through and from the Libyan territory, which could provide support to other organised crime and terrorist networks in Libya,

Mindful of its primary responsibility for the maintenance of international peace and security under the Charter of the United Nations,

Underlining the primary responsibility of the Libyan Government to take appropriate action to prevent the recent proliferation of, and endangerment of lives by, the smuggling of migrants and human trafficking through the territory of Libya and its territorial sea,

Mindful of the need to support further efforts to strengthen Libyan border management, considering the difficulties of the Libyan Government to manage effectively the migratory flows in transit through Libyan territory, and noting its concern for the repercussions of this phenomenon on the stability of Libya and of the Mediterranean region,

Welcoming support already provided by the most concerned Member States, including Member States of the European Union (EU), taking into account inter alia the role of FRONTEX and the specific mandate of EUBAM Libya in support of the Libyan Government, and by neighbouring States,

Acknowledging the European Council statement of 23 April 2015 and the press statement of the African Union Peace and Security Council of 27 April, which underlined the need for effective international action to address both the immediate and long-term aspects of human trafficking towards Europe,

Taking note of the Decision of the Council of the European Union of 18 May 2015 setting up ‘EUNAVFOR Med’ which underlined the need for effective international action to address both the immediate and long-term aspects of migrant smuggling and human trafficking towards Europe,

Taking further note of the ongoing discussions between the EU and the Libyan Government on migration related issues,

Expressing also strong support to the States in the region affected by the smuggling of migrants and human trafficking, and emphasizing the need to step up coordination of efforts in order to strengthen an effective multidimensional response to these common challenges in the spirit of international solidarity and shared responsibility, to tackle their root causes and to prevent people from being exploited by migrant smugglers and human traffickers,

Acknowledging the need to assist States in the region, upon request, in the development of comprehensive and integrated regional and national strategies, legal frameworks, and institutions to counter terrorism, transnational organised crime, migrant smuggling, and human trafficking, including mechanisms to implement them within the framework of States’ obligations under applicable international law,

Stressing that addressing both migrant smuggling and human trafficking, including dismantling smuggling and trafficking networks in the region and prosecuting migrant smugglers, and human traffickers requires a coordinated, multidimensional approach with States of origin, of transit, and of destination, and further acknowledging the need to develop effective strategies to deter migrant smuggling and human trafficking in States of origin and transit,

Emphasizing that migrants should be treated with humanity and dignity and that their rights should be fully respected, and urging all States in this regard to comply with their obligations under international law, including international human rights law and international refugee law, as applicable,

Bearing in mind the obligations of States under applicable international law to exercise due diligence to prevent and combat migrant smuggling and human trafficking, to investigate and punish perpetrators, to identify and provide effective assistance to victims of trafficking and migrants and to cooperate to the fullest extent possible to prevent and suppress migrant smuggling and human trafficking,

Affirming the necessity to put an end to the recent proliferation of, and endangerment of lives by, the smuggling of migrants and trafficking of persons in the Mediterranean Sea off the coast of Libya, and, for these specific purposes, acting under Chapter VII of the Charter of the United Nations,

  1. Condemns all acts of migrant smuggling and human trafficking into, through and from the Libyan territory and off the coast of Libya, which undermine further the process of stabilisation of Libya and endanger the lives of thousands of people;
  1. Calls on Member States acting nationally or through regional organisations, including the EU, to assist Libya, upon request, in building needed capacity including to secure its borders and to prevent, investigate and prosecute acts of smuggling of migrants and human trafficking through its territory and in its territorial sea; in order to prevent the further proliferation of, and endangerment of lives by, the smuggling of migrants and human trafficking into, through and from the territory of Libya and off its coast;
  1. Urges Member States and regional organisations, in the spirit of international solidarity and shared responsibility, to cooperate with the Libyan Government, and with each other, including by   sharing   information about acts of migrant smuggling and human trafficking in Libya’s territorial sea and on the high seas off the coast of Libya, and rendering assistance to migrants and victims of human trafficking recovered at sea, in accordance with international law;
  1. Urges States and regional organisations whose naval vessels and aircraft operate on the high seas and airspace off the coast of Libya, to be vigilant for acts of migrant smuggling and human trafficking, and in this context, encourages States and regional organisations to increase and coordinate their efforts to deter acts of migrant smuggling and human trafficking, in cooperation with Libya;
  2. Calls upon Member States acting nationally or through regional organisations that are engaged in the fight against migrant smuggling and human trafficking to inspect, as permitted under international law, on the high seas off the coast of Libya, any unflagged vessels that they have reasonable grounds to believe have been, are being, or imminently will be used by organised criminal enterprises for migrant smuggling or human trafficking from Libya, including inflatable boats, rafts and dinghies;
  1. Further calls upon such Member States to inspect, with the consent of the flag State, on the high seas off the coast of Libya, vessels that they have reasonable grounds to believe have been, are being, or imminently will be used by organised criminal enterprises for migrant smuggling or human trafficking from Libya;
  1. Decides, with a view to saving the threatened lives of migrants or of victims of human trafficking on board such vessels as mentioned above, to authorise, in these exceptional and specific circumstances, for a period of one year from the date of the adoption of this resolution, Member States, acting nationally or through regional organisations that are engaged in the fight against migrant smuggling and human trafficking, to inspect on the high seas off the coast of Libya vessels that they have reasonable grounds to suspect are being used for migrant smuggling or human trafficking from Libya, provided that such Member States and regional organisations make good faith efforts to obtain the consent of the vessel’s flag State prior to using the authority outlined in this paragraph;
  1. Decides to authorise for a period of one year from the date of the adoption of this resolution, Member States acting nationally or through regional organisations to seize vessels inspected under the authority of paragraph 7 that are confirmed as being used for migrant smuggling or human trafficking from Libya, and underscores that further action with regard to such vessels inspected under the authority of paragraph 7, including disposal, will be taken in accordance with applicable international law with due consideration of the interests of any third parties who have acted in good faith;
  1. Calls upon all flag States involved to cooperate with respect to efforts under paragraphs 7 and 8, and decides that Member States acting nationally or through regional organisations under the authority of those paragraphs shall keep flag States informed of actions taken with respect to their vessels, and calls upon flag States that receive such requests to review and respond to them in a rapid and timely manner;
  1. Decides to authorise Member States acting nationally or through regional organisations to use all measures commensurate to the specific circumstances in confronting migrant smugglers or human traffickers in carrying out activities under paragraphs 7 and 8 and in full compliance with international   human   rights   law,   as applicable, underscores that the authorizations in paragraph 7 and 8 do not apply with respect to vessels entitled to sovereign immunity under international law, and calls upon Member States and regional organisations carrying out activities under paragraphs 7, 8 and this paragraph, to provide for the safety of persons on board as an utmost priority and to avoid causing harm to the marine environment or to the safety of navigation;
  1. Affirms that the authorisations provided in paragraphs 7 and 8 apply only with respect to the situation of migrant smuggling and human trafficking on the high seas off the coast of Libya and shall not affect the rights or obligations or responsibilities of Member States under international law, including any rights or obligations under UNCLOS, including the general principle of exclusive jurisdiction of a flag State over its vessels on the high seas, with respect to any other situation, and further affirms that the authorisation provided in paragraph 10 applies only in confronting migrant smugglers and human traffickers on the high seas off the coast of Libya;
  1. Underscores that this resolution is intended to disrupt the organised criminal enterprises engaged in migrant smuggling and human trafficking and prevent loss of life and is not intended to undermine the human rights of individuals or prevent them from seeking protection under international human rights law and international refugee law;
  1. Emphasises that all migrants, including asylum-seekers, should be treated with humanity and dignity and that their rights should be fully respected, and urges all States in this regard to comply with their obligations under international law, including international human rights law and international refugee law, as applicable;
  1. Urges Member States and regional organisations acting under the authority of this resolution to have due regard for the livelihoods of those engaged in fishing or other legitimate activities;
  1. Calls upon all States, with relevant jurisdiction under international law and national legislation, to investigate and prosecute persons responsible for acts of migrant smuggling and human trafficking at sea, consistent with States’ obligations under international law, including international human rights law and international refugee law, as applicable;
  1. Calls for Member States to consider ratifying or acceding to, and for States Parties to effectively implement the Protocol against the Smuggling of Migrants by Land, Sea and Air, supplementing the United Nations Convention against Transnational Organized Crime, and as well as the Protocol to Prevent, Suppress and Punish Trafficking in Persons, Especially Women and Children;
  1. Requests States utilising the authority of this resolution to inform the Security Council within three months of the date of adoption of this resolution and every three months thereafter on the progress of actions undertaken in exercise of the authority provided in paragraphs 7 to 10 above;
  1. Requests the Secretary-General to report to the Security Council eleven months after the adoption of this resolution on its implementation, in particular with regards to the implementation of paragraphs 7 to 10 above;
  1. Expresses its intention to review the situation and consider, as appropriate, renewing the authority provided in this resolution for additional periods;
  1. Decides to remain seized of the matter.

SCHREMS CASE : The Essence of Privacy, and Varying Degrees of Intrusion

ORIGINAL PUBLISHED IN VERFASSUNGBLOG ON Wed 7 Oct 2015

by Martin Scheinin

This brief comment will address the 6 October 2015 CJEU Grand Chamber ruling inMax Schrems, asking what it tells us about the status of two fundamental rights in the EU legal order, namely the right to the respect for private life (privacy) and the right to the protection of personal data (EU Charter of Fundamental Rights, Articles 7 and 8, respectively). The ruling must be read together with the 8 April 2014 ruling inDigital Rights Ireland where Articles 7 and 8 were discussed side by side.

Although the Max Schrems ruling contains many references to personal data, it does not really discuss the right to the protection of personal data as a distinct fundamental right. Article 8 of the Charter is mentioned in the dispositive part of the ruling but not for instance in what I would call the main finding by the Court which refers only to Article 7:

In particular, legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life, as guaranteed by Article 7 of the Charter…

The outcome of the case – declaring Commission’s Safe Harbor Decision 2000/52 invalid – flows from this finding of a breach of the essence of the right to privacy when we are dealing with indiscriminate blanket access to data. In Digital Rights Ireland the CJEU had already indicated (paras. 39-40) that blanket access to ‘content’ would trigger the application of the essence clause in Article 52 (1.1) of the Charter, while surveillance, even indiscriminate mass surveillance, based on even complex use of various categories of metadata amounted to a “particularly serious interference” (Digital Rights Ireland, para. 65) with fundamental rights but did not trigger the application of the essence clause. The Court’s distinction between ‘content’ and ‘metadata’ can be criticized, and it was indeed relativised by the Court itself in Digital Rights Ireland (para. 27).

What is now remarkable in Max Schrems is that

a) the Court actually identified the intrusion in question as falling under the notion of the essence of privacy – something the European Court of Human Rights has never done under the privacy provision of ECHR Article 8, and

b) the identification of an intrusion as compromising the essence of privacy meant that there was no need for a proportionality assessment under Article 52 (1.2) of the Charter.

This can be contrasted with theDigital Rights Ireland judgment (para. 69) where the final outcome was based on the application of a proportionality test. For these reasons, the Max Schrems judgment is a pathbreaking development, a major contribution to the understanding of the structure and legal effect of fundamental rights under the Charter. Digital Rights Ireland indicated where the path would go, and now the Court actually went that way.

An equally important contribution is documented in the same paragraph, namely that mere “access” to communications by public authorities) constitutes an interference. Notably, Article 8 (2) of the Charter uses the notion of “processing” when defining the fundamental right to the protection of personal data. Surveillance advocates might have until the Max Schrems ruling enjoyed some credibility with their claims that mere access does not amount to processing, and therefore mere access to the flow of communications does not amount to an intrusion until the automated selectors and algorithms have made their job and the human eye starts to “process” a much more narrow set of data. Now we know, that mere access is an intrusion into privacy, and even into the essence of privacy when it provides for indiscriminate access to ‘content’.

This gives rise to the next question, whether the Max Schrems rationale will only apply to the “transfer” of data from Europe to “servers” in the United States. This was the factual basis of the case, as reflected in paragraphs 2 and 31. The CJEU was asked a question about data transfers from Europe to Facebook servers in the US under the Safe Harbor arrangement, and it responded to that question. It did not address the scenario of “upstream” access to data flows through the splitting of fiber-optic cables to obtain generic access to all data that passes through transatlantic cables just because the Internet is built in the way that a lot of traffic ends up going through those cables. It would indeed be difficult to bring a case to the CJEU that would address this scenario.

Nevertheless, paragraph 94 quoted above is formulated in a way that gives a generic answer concerning the contours of the right to privacy under Article 7 of the EU Charter: yes, also access through the upstream method of capturing the data flow in a fibre-optic cable is to be regarded as compromising the essence of privacy and therefore as prohibited under the Charter, without a need even to engage in a proportionality analysis. It may be hard to get a case to the CJEU but the content of the substantive norm under Article 7 of the Charter is now clear. One can on good grounds expect that the European Court of Human Rights will now be prepared to follow the lead of the CJEU and draw the same conclusion under ECHR Article 8.

In closing, I dare to present the view that the Digital Rights Ireland and Max Schremsrulings taken together provide verification and demonstration of the utility of the methodology we developed in the SURVEILLE project where we produced a general framework for the holistic assessment of surveillance technologies for their security benefit, cost efficiency, moral hazards and fundamental rights intrusion. In short, in our model an intrusion into the essence of privacy would by definition produce the highest possible fundamental rights intrusion score which is, again by definition, higher than the maximum usability score and would therefore make redundant any proportionality assessment. Other types of intrusion – even particularly serious ones – would be assessed through giving separate scores to the importance of a fundamental right in a given situation and the depth of the intrusion into the same right as created by surveillance, and by then comparing the resulting fundamental right intrusion score against the usability score based on technology assessment. Here, a proportionality assessment is needed, even if the highest possible intrusion scores will be so high that the benefits obtained through surveillance cannot in practice outweigh them. Similarly to the CJEU in the Digital Rights Ireland case, the outcome will be that crude methods of mass surveillance, even when not triggering the essence clause, will be assessed as unlawful.

Dieser Text steht unter der Lizenz CC BY NC ND

(http://creativecommons.org/licenses/by-nc-nd/4.0/legalcode)

Angela Merkel au Parlement européen, des paroles aux actes ?

ORIGINAL PUBLISHED ON CDRE (12 OCTOBER 2015)

 par Henri Labayle,

Le discours prononcé par Angela Merkel devant le Parlement européen, 7 octobre 2015 aux cotés de François Hollande, est remarquable en tous points. Au delà du symbole d’une intervention du couple franco-allemand, qui n’était d’ailleurs peut être pas le meilleur signal à envoyer à ceux que l’on tentait de convaincre, cette prise de parole publique devant les représentants des peuples européens ne manque pas de sens.

Il était donc naturel  d’en souligner l’impact, partageant le sentiment d’un Jürgen Habermas « aussi surpris que réjoui » par le positionnement allemand face à la crise des réfugiés dans l’Union.

L’intervention de la chancelière allemande traduit en effet une constance politique qui mérite le respect et elle annonce des évolutions techniques qui suscitent l’interrogation.

1. La constance

Angela Merkel persiste et signe, est-on obligé de souligner. Malgré une vague grandissante de critiques, confrontée à une fronde plus ou moins larvée au sein de sa propre majorité et à une crispation évidente de l’opinion publique allemande que traduisent des sondages récents, la chancelière n’a pas dévié d’un pouce quant au terrain sur lequel elle entendait se placer et entraîner à sa suite l’Union européenne.

Ce dernier est le seul concevable, il est celui des valeurs de l’Union européenne qui, aux termes des traités, la « fondent » et « sont communes aux Etats membres » et dont l’Union doit assurer la« promotion ». C’est à ces valeurs et à la dignité de l’être humain que s’est référée explicitement la chancelière allemande le 31 aout lorsque la crise matérielle de l’asile s’est transportée sur le terrain institutionnel.

Aussi, tenir le cap politique en faisant valoir qu’à l’inverse de ce que l’on entend ici et là, le débat ne se pose pas en termes d’opportunité mais d’obligation morale autant que juridique est un discours responsable. Tout autant que l’est le propos répétant qu’isolément les Etats sont impuissants et que la réponse collective est la seule envisageable. Effectivement, « céder à la tentation de rétrograder, d’agir à une échelle nationale » serait une erreur historique et il convient politiquement « d’assumer l’attrait de l’Europe ».

Tel est le bon angle d’attaque du débat public. Faut-il en effet rappeler que, depuis le traité de Maastricht qui la considérait comme une « question d’intérêt commun » jusqu’à l’affirmation d’une « politique commune d’asile » à Amsterdam, l’accueil des demandeurs de protection internationale s’est européanisé au point de nécessiter une seconde génération des textes composant le régime d’asile commun ? Les articles 18 et 19 de la Charte se bornent à en tirer les conséquences.

Du reste, et à supposer que le niveau européen de cette protection du droit d’asile soit discutable, comment oublier les contraintes pesant sur la totalité des Etats membres de l’Union en raison de leur adhésion à la Convention de Genève comme à celle des droits de l’Homme ? Enfin et au delà de la France et de la République fédérale et pour n’en rester qu’aux Etats membres récalcitrants, comment nier l’autorité de la proclamation de ce même droit d’asile par les textes constitutionnels en Hongrie (article 14), en Pologne (article 56) ou en Slovaquie (article 53) ?

Aussi, prétendre mener la contestation des mesures arrêtées dans l’Union en matière de relocalisation des réfugiés au nom du respect de la légalité, comme semble vouloir le faire la Slovaquie, témoigne d’une curieuse vision de la Communauté de droit à laquelle on appartient, par delà les arguments techniques ou procéduraux fondés ou non.

Cette constance avait également animé auparavant le propos remarquable du Président de la Commission, le 9 septembre dans son discours sur l’état de l’Union prononcé lui aussi devant le Parlement européen.

Rappelant le poids de l’Histoire du continent européen, avant, pendant comme après le second conflit mondial, le chef de l’exécutif communautaire a choisi de mettre l’accent sur « le respect de nos valeurs communes et de notre histoire » après avoir resitué l’ampleur de l’effort à accomplir. Soulignant l’impact du contexte international autant que les enjeux d’une sous-estimation des besoins de protection, Jean Claude Juncker a ainsi redonné sa signification politique à la fonction qu’il exerce, enfin.

Ce faisant, l’alliance des deux acteurs principaux de l’Union n’aurait pu produire d’effet sans le relais efficace d’une présidence luxembourgeoise renouant avec la tradition qui veut qu’une présidence assurée par un petit Etat membre soit souvent des plus productives. Là encore, la brusque accélération du dossier législatif « relocalisation » en a tiré le bénéfice, les deux décisions de relocalisation ayant été publiées et commençant à prendre effet.

Pour autant, la constance du discours est-elle annonciatrice de véritables changements dans la politique d’asile de l’Union européenne ou bien faut-il en douter, à l’image de certains commentaires médiatiques au lendemain de ce discours regrettant l’absence de mesures concrètes ?

2. Le changement

D’ores et déjà, il est en marche. La conduite du dossier législatif de la relocalisation en est précisément une manifestation douloureuse pour les partisans de la méthode intergouvernementale.

On sait en effet la grande relativité de la communautarisation des procédures législatives. Malgré l’appellation des traités, la « procédure législative ordinaire » qui voudrait que la majorité qualifiée et l’accord du Parlement soient la règle en matière d’asile et d’immigration est passablement différente dans la pratique décisionnelle. La culture du consensus qui anime les diplomates qui se prétendent législateurs les amène ainsi à préférer les pratiques anciennes, celles qui consistent à ne pas forcer les Etats membres, conduits au pire à se réfugier dans l’abstention.

Ainsi, le 20 juillet 2015, une « décision des représentants des gouvernements des Etats membres réunis au sein du Conseil» c’est-à-dire un acte non pas de l’Union mais un acte engageant simplement les Etats collectivement (CJUE, 30 juin 1993, Parlement c. Conseil et Commission, C-181/91 et C-248/91, point 25) a permis de surmonter, par consensus, les désaccords entre Etats et d’adopter la décision2015/1523 procédant à la relocalisation de 40 000 personnes à partir de la Grèce et de l’Italie.

En revanche, le retour à l’orthodoxie communautaire s’est avéré bien plus pratique lorsqu’il a fallu surmonter l’opposition résolue de quatre Etats membres : la décision 2015/1601 du 22 septembre 2015 a donc été adoptée selon les voies classiques du traité et même en utilisant la procédure de vote à la majorité qualifiée … Signe de l’ampleur des désaccords, les conclusions de cette réunion ont été présentées par le ministre luxembourgeois comme « celles de la Présidence » et non du Conseil …

La seconde marque de changement a frappé l’espace Schengen. Improprement présenté comme relevant des « accords de Schengen », présentation ambiguë qui pourrait laisser penser que ces accords peuvent être dénoncés, le droit de l’espace Schengen repose d’une part sur les articles 67 et 77 TFUE qui garantissent l’absence de contrôles aux frontières intérieures et, d’autre part, sur le règlement 562/2006 dit « Code Frontières Schengen » tel que modifié en 2013.

Ce dispositif de près de trente ans n’avait pas été conçu pour résister à une pression de l’ampleur de celle traversée par l’Union en cet été 2015. Il a donc volé en éclats tant à propos de la capacité des Etats membres à assumer leurs responsabilités de contrôles des frontières extérieures qu’en ce qui concerne l’interdiction d’exercer des contrôles nationaux aux frontières intérieures. Le rétablissement temporaire des contrôles aux frontières intérieures décidé par plusieurs Etats membres, de la Slovénie et l’Autriche avec l’aval de la Commission, conformément à l’article 25 du Code, a fait clairement ressortir la réalité.

Elle est double : d’une part, l’absence de modification substantielle d’un mécanisme conçu à 5 pour s’appliquer à 30 Etats est devenue clairement problématique, d’autre part, le maintien d’un espace de libre circulation intérieure dépend évidemment d’un renforcement effectif des contrôles aux frontières extérieures. Ce second constat ne connaît qu’une issue, à espace européen constant en tous cas : une gestion plus intégrée de ces frontières. Là encore, dès le début septembre comme au Parlement européen, la chancelière allemande n’a pas masqué la gravité de cet enjeu.

Troisième signe de changement, le plus lourd de signification sans doute, la remise en question du système dit de Dublin. Mal dénommé car né en réalité dans le chapitre VII de la convention d’application des accords de Schengen de 1990, ce système pose le principe du traitement unique de la demande d’asile. Critiqué à juste titre, d’une efficacité pour le moins douteuse comme en témoigne le dernier rapport d’AIDA, mis en cause jusqu’au Conseil de l’Europe, le système Dublin a connu diverses réformes mais n’a jamais été remis en question par principe.

La raison en est simple : il fait peser l’essentiel de la charge sur les Etats que le hasard de la géographie a mis au contact de la pression migratoire extérieure. Ceci sans aucune mesure avec leurs capacités de réponse, la Grèce étant un exemple caricatural de cette situation. Les Etats de seconde ligne, malgré ces dysfonctionnements, y trouvaient bon gré mal gré un certain confort et même si, dans les faits, le système n’a pas fonctionné comme on l’a vu en Italie ou en Grèce.

D’où une difficulté à accepter l’idée d’un changement, malgré le coup de tonnerre provoqué par l’ouverture des frontières allemandes, clairement en contradiction avec cet état du droit.

Cet attachement au dispositif Dublin s’est manifesté jusqu’au dernier moment. Ainsi, la réunion informelle des chefs d’Etat et de gouvernement du 23 septembre rappelait-elle que « nous devons tous respecter, appliquer et mettre en œuvre nos règles existantes, y compris le règlement de Dublin et l’acquis de Schengen ». De même, le dispositif de relocalisation adopté comme en préparation est-il présenté comme une « dérogation » au mécanisme de Dublin. Enfin, et sans que l’on voie exactement où elle entend se diriger, la Commission promet d’ouvrir le chantier de la réforme de Dublin en « mars 2016 ».

Sans tir de sommation, la salve de la chancelière allemande fait mouche et semble ouvrir un nouveau chapitre de la politique d’asile : « soyons francs, le processus de Dublin, dans sa forme actuelle, est obsolète » a-t-elle asséné aux parlementaires européens.

Dès lors, faut-il croire que la conclusion de la chancelière fera office de feuille de route ? Consciente de l’impasse dans laquelle sa politique l’a engagée, l’Union sera-t-elle capable d’une part d’ouvrir des voies légales d’accès à la protection et, d’autre part, de s’accorder sur une répartition équitable des charges telle que ses traités l’y invitent ?

THE PARTY’S OVER: EU DATA PROTECTION LAW AFTER THE SCHREMS SAFE HARBOUR JUDGMEN

ORIGINAL PUBLISHED ON EU LAW ANALYSIS (on Wednesday, 7 October 2015)

by Steve Peers

The relationship between intelligence and law enforcement agencies (and companies like Google and Facebook) and personal data is much like the relationship between children and sweets at a birthday party. Imagine you’re a parent bringing out a huge bowl full of sweets (the personal data) during the birthday party – and then telling the children (the agencies and companies) thatthey can’t have any. But how can you enforce this rule? If you leave the room, even for a moment, the sweets will be gone within seconds, no matter how fervently you insist that the children leave them alone while you’re out. If you stay in the room, you will face incessant and increasingly shrill demands for access to the sweets, based on every conceivable self-interested and guilt-trippy argument. If you try to hide the sweets, the children will overturn everything to find them again.

When children find their demands thwarted by a strict parent, they have a time-honoured circumvention strategy: “When Mummy says No, ask Daddy”. But in the Safe Harbour case, things have happened the other way around. Mummy (the Commission) barely even resisted the children’s demands. In fact, she said Yes hours ago, and retired to the bath with an enormous glass of wine, occasionally shouting out feeble admonitions for the children to tone down their sugar-fuelled rampage. Now Daddy (the CJEU) is home, shocked at the chaos that results from lax parenting. He has immediately stopped the supply of further sweets. But the house is full of other sugary treats, and all the children are now crying. What now?

In this post, I’ll examine the reasons why the Court put its foot down, and invalidated the Commission’s ‘Safe Harbour’ decision which allows transfers of personal data to the USA, in the recent judgment in Schrems. Then I will examine the consequences of the Court’s ruling. But I should probably admit for the record that my parenting is more like Mummy’s than Daddy’s in the above example.

Background

For more on the background to the Schrems case, see here; on the hearing, see Simon McGarr’s summary here; and on the Advocate-General’s opinion, seehere. But I’ll summarise the basics of the case again briefly.

Max Schrems is an Austrian Facebook user who was disturbed by Edward Snowden’s revelations about mass surveillance by US intelligence agencies. Since he believed that transfers of his data to Facebook were subject to such mass surveillance, he complained to the Irish data protection authority, which regulates Facebook’s transfers of personal data from the EU to the USA.

The substantive law governing these transfers of personal data was the ‘Safe Harbour’ agreement between the EU and the USA, agreed back in 2000. This agreement was put into effect in the EU by a decision of the Commission, which was adopted pursuant to powers conferred upon the Commission by the EU’s current data protection Directive. The latter law gives the Commission the power to decide that transfers of personal data outside the EU receive an ‘adequate level of protection’ in particular countries.

The ‘Safe Harbour’ agreement was enforced by self-certification of the companies that have signed up for it (note that not all transfers to the USA fell within the scope of the Safe Harbour decision, since not all American companies signed up). Those promises were in turn meant to be enforced by the US authorities. But it was also possible (not mandatory) for the national data protection authorities which enforce EU data protection law to suspend transfers of personal data under the agreement, if the US authorities or enforcement system found a breach of the rules, or on a list of limited grounds set out in the decision.

The Irish data protection authority refused to consider Schrems’ complaint, so he challenged that decision before the Irish High Court, which doubted that this system was compatible with EU law (or indeed the Irish constitution). So that court asked the CJEU to rule on whether national data protection authorities (DPAs) should have the power to prevent data transfers in cases like these.

The judgment

The CJEU first of all answers the question which the Irish court asks about DPA jurisdiction over data transfers (the procedural point), and then goes on to rule that the Safe Harbour decision is invalid (the substantive point).

Following the Advocate-General’s view, the Court ruled that national data protection authorities have to be able to consider claims that flows of personal data to third countries are not compatible with EU data protection laws if there is an inadequate level of data protection in those countries, even if the Commission has adopted a decision (such as the Safe Harbour decision) declaring that the level of protection is adequate. Like the Advocate-General, the Court based this conclusion on the powers and independence of those authorities, read in light of the EU Charter of Fundamental Rights, which expressly refers to DPAs’ role and independence. (On the recent CJEU case law on DPA independence, see discussion here). In fact, the new EU data protection law currently under negotiation (the data protection Regulation) will likely confirm and even enhance the powers and independence of DPAs. (More on that aspect of the proposed Regulation here).

The Court then elaborates upon the ‘architecture’ of the EU’s data protection system as regards external transfers. It points out that either the Commission or Member States can decide that a third country has an ‘adequate’ level of data protection, although it focusses its analysis upon what happens if (as in this case) there is a Commission decision to this effect. In that case, national authorities (including DPAs) are bound by the Commission decision, and cannot issue a contrary ruling.

However, individuals like Max Schrems can still complain to the DPAs about alleged breaches of their data protection rights, despite the adoption of the Commission decision. If they do so, the Court implies that the validity of the Commission’s decision is therefore being called into question. While all EU acts must be subject to judicial review, the Court reiterates the usual rule that national courts can’t declare EU acts invalid, since that would fragment EU law: only the CJEU can do that. This restriction applies equally to national DPAs.

So how can a Commission decision on the adequacy of third countries’ data protection law be effectively challenged? The Court explains that DPAs must consider such claims seriously. If the DPA thinks that the claim is unfounded, the disgruntled complainant can challenge the DPA’s decision before the national courts, who must in turn refer the issue of the validity of the decision to the CJEU if they think it may be well founded. If, on the other hand, the DPA thinks the complaint is well-founded, there must be rules in national law allowing the DPA to go before the national courts in order to get the issue referred to the CJEU.

The Court then moves on to the substantive validity of the Safe Harbour decision. Although the national court didn’t ask it to examine this issue, the Court justifies its decision to do this by reference to its overall analysis of the architecture of EU data protection law, as well as the national court’s doubts about the Safe Harbour decision. Indeed, the Court is effectively putting its new architecture into use for the first time, and it’s quite an understatement to say that the national court had doubts about Safe Harbour (it had compared surveillance in the USA to that of Communist-era East Germany).

So what is an ‘adequate level of protection’ for personal data in third countries? The Court admits that the Directive is not clear on this point, so it has to interpret the rules. In the Court’s view, there must be a ‘high’ level of protection in the third country; this does not have to be ‘identical’ to the EU standard, but must be ‘substantially equivalent’ to it.  Otherwise, the objective of ensuring a high level of protection would not be met, and the EU’s internal standards for domestic data protection could easily be circumvented. Also, the means used in the third State to ensure data protection rights must be ‘effective…in practice’, although they ‘may differ’ from that in the EU. Furthermore, the assessment of adequacy must be dynamic, with regular automatic reviews and an obligation for a further review if evidence suggests that there are ‘doubts’ on this score; and the general changes in circumstances since the decision was adopted must be taken into account.

The Court then establishes that in light of the importance of privacy and data protection, and the large number of persons whose rights will be affected if data is transferred to a third country with an inadequate level of data protection, the Commission has reduced discretion, and is subject to ‘strict’ standards of judicial review. Applying this test, two provisions of the ‘Safe Harbour’ decision were invalid.

First of all, the basic decision declaring adequate data protection in the USA (in the context of Safe Harbour) was invalid. While such a decision could, in principle, be based on self-certification, this had to be accompanied by ‘effective detection and supervision mechanisms’ ensuring that infringements of fundamental rights had to be ‘identified and punished in practice’. Self-certification under the Safe Harbour rules did not apply to US public authorities; there was not a sufficient finding that the US law or commitments met EU standards; and the rules could be overridden by national security requirements set out in US law.

Data protection rules apply regardless of whether the information is sensitive, or whether there were adverse consequences for the persons concerned. The Decision had no finding concerning human rights protections as regards the national security exceptions under US law (although the CJEU acknowledged that such rules pursued a legitimate objective), or effective legal protection in that context. This was confirmed by the Commission’s review of the Safe Harbour decision, which found (a) that US authorities could access personal data transferred from the EU, and then process it for purposes incompatible with the original transfer ‘beyond what was strictly necessary and proportionate for the purposes of national security’, and (b) that there was no administrative or judicial means to ensure access to the data and its rectification or erasure.

Within the EU, interference with privacy and data protection rights requires ‘clear and precise rules’ which set out minimum safeguards, as well as strict application of derogations and limitations.  Those principles were breached where, ‘on a generalised basis’, legislation authorises ‘storage of all the personal data of all the persons whose data has been transferred’ to the US ‘without any differentiation, limitation or exception being made in light of the objective pursued’ and without any objective test limiting access of the public authorities for specific purposes. General access to the content of communications compromises the ‘essence’ of the right to privacy. On these points, the Court expressly reiterated the limits on mass surveillance set out in last year’s Digital Rights judgment (discussed here) on the validity of the EU’s data retention Directive. Furthermore, the absence of legal remedies in this regard compromises the essence of the right to judicial protection set out in the EU Charter. But the Commission made no findings to this effect.

Secondly, the restriction upon DPAs taking action to prevent data transfers in the event of an inadequate level of data protection in the USA (in the context of Safe Harbour) was also invalid. The Commission did not have the power under the data protection Directive (read in light of the Charter) to restrict DPA competence in that way. Since these two provisions were inseparable from the rest of the Safe Harbour decision, the entire Decision is invalid. The Court did not limit the effect of its ruling.

Comments

The Court’s judgment comes to the same conclusion as the Advocate-General’s opinion, but with subtle differences that I’ll examine as we go along. On the first issue, the Court’s finding that DPAs must be able to stop data flows if there is a breach of EU data protection laws in a third country, despite an adequacy Decision by the Commission, is clearly the correct result. Otherwise it would be too easy for the standards in the Directive to be undercut by means of transfers to third countries, which the Commission or national authorities might be willing to accept as a trade-off for a trade agreement or some other quid pro quowith the country concerned.

As for the Court’s discussion of the architecture of the data protection rules, the idea of the data protection authorities having to go to a national court if they agree with the complainant that the Commission’s adequacy decision is legally suspect is rather convoluted, since it’s not clear who the parties would be: it’s awkward that the Commission itself would probably not be a party.  It’s unfortunate that the Court did not consider the alternative route of the national DPA calling on the Commission to amend its decision, and bringing a ‘failure to act’ proceeding directly in the EU courts if it did not do so. In the medium term, it would be better for the future so-called ‘one-stop shop’ system under the new data protection Regulation (see discussion here) to address this issue, and provide for a centralised process of challenging the Commission directly.

It’s interesting that the CJEU finds that there can be a national decision on adequacy of data flows to third States, since there’s no express reference to this possibility in the Directive. If such a decision is adopted, or if Member States apply the various mandatory and optional exceptions from the general external data protection rules set out in Article 26 of the data protection Directive, much of the Court’s Schrems ruling would apply in the same way by analogy. In particular, national DPAs must surely have the jurisdiction to examine complaints about the validity of such decisions too. But EU law does not prohibit the DPAs from finding the national decisions invalid; the interesting question is whether it obliges national law to confer such power upon the DPAs. Arguably it does, to ensure the effectiveness of the EU rules. Any decisions on these issues could still be appealed to the national courts, which would have the option (though not the obligation, except for final courts) to ask the CJEU to interpret the EU rules.

As for the validity of the Safe Harbour Decision, the Court’s interpretation of the meaning of ‘adequate’ protection in third States should probably be sung out loud, to the tune of ‘We are the World’. The global reach of the EU’s general data protection rules was already strengthened by last year’s Google Spain judgment (discussed here); now the Court declares that even the separate regime for external transfers is very similar to the domestic regime anyway. There must be almost identical degrees of protection, although the Court does hint that modest differences are permissible: accepting the idea of self-certification, and avoiding the issue of whether third States need an independent DPA (the Advocate-General had argued that they did).

It’s a long way from the judgment in Lindqvist over a decade ago, when the Court anxiously insisted that the external regime should not be turned into a copy of the internal rules; now it’s insistent that there should be as little a gap as possible between them. With respect, the Court’s interpretation is not convincing, since the word ‘adequate’ suggests something less than ‘essentially equivalent’, and the EU Charter does not bind third States.

But having said that, the American rules on mass surveillance would violate even a far more generous interpretation of the meaning of the word ‘adequate’. It’s striking that (unlike the Advocate-General), the Court does not engage in a detailed interpretation of the grounds for limiting Charter rights, but rather states that general mass surveillance of the content of communications affects the ‘essence’ of the right to privacy. That is enough to find an unjustifiable violation of the Charter.

So where does the judgment leave us in practice? Since the Court refers frequently to the primary law rules in the Charter, there’s no real chance to escape what it says by signing new treaties (even the planned TTIP or TiSA), by adopting new decisions, or by amending the data protection Directive. In particular, the Safe Harbour decision is invalid, and the Commission could only replace it with a decision that meets the standards set out in this judgment. While the Court refers at some points to the inadequacy or non-existence of the Commission’s findings in the Decision, it’s hard to believe that a new Decision which purports to claim that the American system now meets the Court’s standards would be valid if the Commission were not telling the truth (or if circumstances subsequently changed).

What standards does the US have to meet? The Court reiterates even more clearly that mass surveillance is inherently a problem, regardless of the safeguards in place to limit its abuse. Indeed, as noted already, the Court ruled that mass surveillance of the content of communications breaches the essence of the right to privacy and so cannot be justified at all. (Surveillance of content which is targeted on suspected criminal activities or security threats is clearly justifiable, however). In addition to a ban on mass surveillance, there must also be detailed safeguards in place. The US might soon be reluctantly willing to address the latter, but it will be even more unwilling to address the former.

Are there other routes which could guarantee that external transfers to the USA take place, at least until the US law is changed? In principle, yes, since (as noted above) there are derogations from the general rule that transfers can only take place to countries with an ‘adequate’ level of data protection. A first set of derogations is mandatory (though Member States can have exceptions in ‘domestic law governing particular cases’): where the data subject gives ‘consent unambiguously’; where the transfer is necessary to perform a contract with (or in the interest of) the data subject, or for pre-contractual relations; where it’s ‘necessary or legally required on important public interest grounds’, or related to legal claims; where it’s ‘necessary to protect the vital interests of the data subject’; or where it’s made from a public register. A second derogation is optional: a Member State may authorise transfers where the controller offers sufficient safeguards, possibly in the form of contractual clauses. The use of the latter derogation can be controlled by the Commission.

It’s hard to see how the second derogation can be relevant, in light of the Court’s concerns about the sufficiency of safeguards under the current law. US access to the data is not necessary in relation to a contract, to protect the data subject, or related to legal claims.  An imaginative lawyer might argue that a search engine (though not a social network) is a modern form of public register; but the record of an individual’s use of a search engine is not.

This leaves us with consent and public interest grounds. Undoubtedly (as the CJEU accepted) national security interests are legitimate, but in the context of defining adequacy, they do not justify mass surveillance or insufficient safeguards. Would the Court’s ruling in Schrems still apply fully to the derogation regarding inadequate protection? Or would it apply in a modified way, or not at all?

As for consent, the CJEU ruled last year in a very different context (credibility assessment in LGBT asylum claims) that the rights to privacy and dignity could not be waived in certain situations (see discussion here). Is that also true to some extent in the context of data protection? And what does unambiguous consent mean exactly? Most people believe they are consenting only to (selected) people seeing what they post on Facebook, and are dimly aware that Facebook might do something with their data to earn money. They may be more aware of mass surveillance since the Snowden revelations; some don’t care, but some (like Max Schrems) would like to use Facebook without such surveillance. Would people have to consent separately to mass surveillance? In that case, would Facebook have to be accessible for those who did not want to sign that separate form? Or could a ‘spy on me’ clause be added at the end of a long (and unread) consent form?  Consent is a crucial issue also in the context of the purely domestic EU data protection rules.

The Court’s ruling has addressed some important points, but leaves an enormous number of issues open. It’s clear that it will take a long time to clear up the mess left from this particular poorly supervised party.

Barnard and Peers: chapter 9

RELOCATION OF ASYLUM-SEEKERS IN THE EU: LAW AND POLICY

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

by Steve Peers

I last looked at the legal issues surrounding the refugee crisis two weeks ago, focussing on the international law dimension of the issue. But I left out the issue of relocation of asylum-seekers, pending further developments. Subsequently the EU has adopted a second, more controversial Decision on relocation of asylum-seekers within the EU this week (against the opposition of several Member States), following soon after the first Decision on this issue earlier in September. These measures are both provisional, in force for a total of two years, but there’s also a proposal for a permanent system of provisional measures. I will be looking at the relocation issue (including the pending proposal) in more detail in a report for a think-tank soon, but for now I’ll look briefly at three aspects of these measures: (a) the main content; (b) their legality, particularly since some Member States have threatened to sue to annul the second Decision; and (c) the merits of the relocation policy.

Content of the Decisions

First of all, two points about terminology. Some press reports refer to these Decisions ‘resettling’ refugees within the EU, but that’s not accurate. In both EU and international law, ‘resettlement’ refers to admitting people in need of protection from their country of origin or neighbouring countries. The EU uses the word ‘relocation’ instead, when addressing the issue of moving persons between Member States.

But that’s the process; how should we refer to the persons concerned? Technically, the most accurate term is ‘asylum-seekers’, since the relocation Decisions only apply to those who have applied for asylum but whose claim has not yet been determined. So I will use that term in this post. But since the Decisions only apply to those whose application is quite likely to succeed (more on that below), it should not be forgotten that the subsequent refugee determination procedure will likely conclude that the large majority of these asylum-seekers (but not quite all of them) are in fact refugees, or otherwise need protection. It would certainly be misleading to use the term ‘migrants’, since this word is sometimes interpreted as meaning that the people concerned have no protection need.

The first Decision

The first Decision provides for relocating asylum-seekers from Italy and Greece. It only applies to asylum-seekers who have applied for asylum in one of those States, and if that State would normally be responsible for considering the application under the Dublin rules. This will normally be the case, since the asylum-seeker will have crossed the border of Italy or Greece without authorisation. But in some cases, the Dublin rules would give priority to another Member State (if the asylum-seeker has close family there, for instance), and so in those case the Dublin rules would still apply, instead of the relocation procedure.

The relocated asylum-seekers will be split 60/40 between Italy and Greece: 24,000 from Italy and 16,000 from Greece. They will be allocated to other Member States on the basis of optional commitments made by those other States. (The UK, Ireland and Denmark have opt-outs; see discussion of the UK opt-out here). While the intention was to relocate 40,000 people, Member States could ultimately not agree to offer that many relocation spaces, falling several thousand short (see the accompanying Resolution of Member States).

Relocation will be selective, applying only to those nationalities whose applications have over a 75% success rate in applications for international protection (refugee status, and subsidiary protection), on the basis of quarterly Eurostat statistics. On the basis of the most recent statistics, this means that only Syrians, Iraqis and Eritreans will qualify. This might change over time, however, on the basis of each new batch of statistics.

In principle, the selection of asylum-seekers to be relocated will be made by Italy and Greece, who must give ‘priority’ to those who are considered ‘vulnerable’ as defined by the EU reception conditions Directive. However, the preamble to the Decision makes clear that the ‘contact points’ of the relocating Member States (national officials) will indicate a preference for specific asylum-seekers they are willing to accept. To this end, the preamble states that ‘specific account should be given to the specific qualifications and characteristics of the applicants concerned, such as their language skills and other individual indications based on demonstrated family, cultural or social ties which could facilitate their integration into the Member State of relocation’. But this preference is not binding: the main text of the Decision states that the relocation States must accept the asylum-seekers nominated by Italy and Greece, except that they can refuse relocation ‘only where there are reasonable grounds for regarding’ an asylum-seeker as a danger to their national security or public order or where there are serious reasons for applying the exclusion provisions in thequalification Directive (concerning acts such as war crimes, terrorism and genocide).

Relocation can only apply to asylum-seekers who have already been fingerprinted pursuant to the Eurodac Regulation. This simply restates an existing EU law obligation to fingerprint everyone over 14 who applies for asylum or is found crossing the external border without permission, although that obligation is sometimes not applied in practice. Also, ‘applicants who elude the relocation procedure shall be excluded from relocation’, although this rather states the obvious.

The relocation process should usually take no more than two months after the relocating Member State has indicated how many asylum-seekers it will take. Member States of relocation will be responsible for considering the application. After relocation, asylum-seekers will not legally be able to move between Member States, in accordance with the normal Dublin rules; if they do so, the Member State of relocation must take them back. The preamble to the Decision also notes that, to deter ‘secondary movements’ Member States can limit the suspensive effect of appeals against transfers, impose reporting obligations, provide benefits in kind, and issue national entry bans. They should refrain from issuing travel documents allowing the asylum-seekers to visit other countries. There might be carrots, as well as sticks: as an incentive to stay in the Member State of relocation, the Commission has proposed that relocated asylum-seekers should be allowed to work straight away, rather than after a 9-month wait (the longest period Member States can require under the reception conditions Directive).

As for the asylum-seekers themselves, there is no requirement that they consent to their relocation or have the power to request it. The Decision only requires Italy and Greece to inform and notify the asylum-seekers about the relocation, and the preamble states that they could only appeal against the decision if there are major human rights problems in the country to which they would be relocated. So neither the relocation itself, nor the choice of Member State that a person will be relocated to, is voluntary. It is possible, however, that the asylum-seekers left behind in Italy or Greece will be disappointed that they are not picked. There is no specific remedy for them to challenge their non-selection, although arguably to the extent that Italy and Greece select people who are not vulnerable for relocation, vulnerable persons could challenge their non-inclusion, in light of the legal obligation to select vulnerable persons as a priority.  Asylum-seekers do have the right to insist that their core family members (spouse or partner, unmarried minor children, or parents of minors) who are already on EU territory come with them to the relocated Member State.

Finally, other Member States have an obligation to assist Italy and Greece, while those Member States must in return establish and implement an asylum action plan. If they do not, then the Commission can suspend the Decision as regards either country. Member States relocating asylum-seekers receive a lump sum of €6000 per person from the EU budget to help with costs. The Decision applies until 17 September 2017, and covers asylum-seekers who arrived after 15 August 2015.

The second Decision

The second Decision follows the same basic template as the first Decision, but there are some key differences. First of all, it applies to 120,000 asylum-seekers, on top of the 40,000 provided for – but not fully committed – in the first Decision (the first Decision remains legally valid; it wasn’t amended or repealed by the second one).

Secondly, the numbers of relocated asylum-seekers in the second Decision is not based upon voluntary commitments by Member States, but upon specific numbers set out in an Annex to the Decision. While most Member States agreed to these numbers (the Decision needed a qualified majority vote of ministers in the Council to pass), clearly not all did: Slovakia, Romania, Hungary and the Czech Republic voted against the Decision. This means that there is a legal obligation to take these specific numbers of people.

Thirdly, the distribution of relocation is much different. Reflecting events on the ground over the summer, which has seen a much bigger influx of potential asylum-seekers into Greece, the second Decision provides for relocating 50,400 from Greece, but only 15,600 from Italy. The remaining 54,000 were meant to be relocated from Hungary, but Hungary did not want to be seen as a ‘frontline State’. So those 54,000 are ‘on ice’ for now. They will be relocated in a year’s time either from Italy and Greece on the same basis as under this Decision, or relocated on a different basis in light of changes in circumstances (subject to approval from the Council in either case).

Fourthly, Member States can request a temporary delay of 30% of their intake of asylum-seekers in ‘exceptional circumstances’, if it gives ‘duly justified reasons compatible with the fundamental values’ of the EU, such as human rights and non-discrimination. This delay can then be authorised by the Council on a proposal from the Commission. The preamble to the Decision indicates that such circumstances ‘could include, in particular’ a sudden inflow that places ‘extreme pressure’ upon even a well-prepared asylum system, or a ‘high probability’ of such an inflow.

Fifthly, the preamble contains stronger language as regards the ‘secondary movement’ of asylum-seekers. Member States can take measures as regards social benefits and remedies, and can ‘should’ detain asylum-seekers in accordance with the Returns Directive if no alternative means of preventing secondary movements are available.

Sixthly, in addition to the lump sum of €6000 per person from the EU budget for Member States of relocation, Italy and Greece will receive €500 per person to help with costs. Finally, the Decision will also apply for two years, but it will apply to all those who have arrived in Italy or Greece since the end of March this year, not just from mid-August.

Legality of the Decisions

Both decisions are based on Article 78(3) of the TFEU, which is a revised version of the ‘emergency power’ relating to immigration issues that has been in the Treaties since 1993 – but was never used until this month.

Article 78(3) reads as follows:

In the event of one or more Member States being confronted by an emergency situation characterised by a sudden inflow of nationals of third countries, the Council, on a proposal from the Commission, may adopt provisional measures for the benefit of the Member State(s) concerned. It shall act after consulting the European Parliament.

This should be seen in the context of the purpose of Article 78(1), which states that the EU shall have:

a common policy on asylum, subsidiary protection and temporary protection with a view to offering appropriate status to any third-country national requiring international protection and ensuring compliance with the principle of nonrefoulement. This policy must be in accordance with the Geneva Convention of 28 July 1951 and the Protocol of 31 January 1967 relating to the status of refugees, and other relevant treaties.

Article 78(2) specifies that the EU shall have power to adopt measures to create ‘a common European asylum system’, listing seven areas where it can act by means of the ordinary legislative procedure. (Note that the proposed permanent system for relocation would be based on Article 78(2), not Article 78(3), so the legality of that proposal raises different issues; I’m not considering that proposal here).

Several elements of Article 78(3) are obvious: there must be a Commission proposal (which there was for both decisions); the Council votes by qualified majority (this isn’t expressly mentioned in the clause, but it’s the default rule); and the European Parliament (EP) is only consulted, whereas it has its usual joint decision-making power as regards other asylum legislation. It’s implicit that Article 78(3) measures can only relate to asylum, due to the placement of this clause in Article 78. Moreover, prior to the Treaty of Lisbon, the previous version of this clause had been free-standing, and therefore applicable to all immigration and asylum issues; its placement in the asylum Article was surely no accident and must therefore be legally relevant.

The strongest legal argument against the validity of the second Decision is a procedural one. CJEU case law has always stated that where the EP has to be consulted on a measure, it must be reconsulted if the essential elements of the measure are then changed after it was initially consulted. That certainly applies here, because the removal of Hungary from the list of frontline States changed an essential element of the law. Against this, it might be argued that there is no obligation to reconsult, or a less stringent obligation to reconsult, in ‘emergency’ cases. But if the claim is successful on this point, it won’t accomplish much: the Council will only have to consult the EP again, and the CJEU might (as it often does) keep the Decision in force in the meantime, since the legal flaw is purely procedural.

As to the substance of the emergency measures power, first of all it must implicitly be consistent with Article 78(1), forming part of a ‘common’ policy, ensuring compliance with ‘non-refoulement’ and being in accordance with the Geneva Convention. The two Decisions meet those criteria; some alternative suggestions like closing the external border or returning people to unsafe countries would not.

Next, several terms in Article 78(3) have to be defined: an ‘emergency situation’, a ‘sudden inflow’, a ‘provisional measure’ and the ‘benefit’ of Member States. The idea of an ‘emergency’ suggests a situation which Member States find particularly difficult to handle, and the current crisis certainly qualifies for that. Some have questioned whether the inflow is ‘sudden’, given that it has been building up for years, with the Syrian civil war starting back in 2011. But the overall numbers have clearly increased sharply in 2015; the scale of that increase surely qualifies as a ‘sudden’ inflow, even if the inflow did not start overnight.

Surely it is up to the Member States in question to determine if they will ‘benefit’ from the measures concerned; that’s why it was legally necessary to remove Hungary from the list of beneficiaries. Just because another policy might, in the view of other Member States, be preferable, doesn’t mean that the Member States concerned will not benefit. Anyway, it’s manifestly clear that Italy and Greece will benefit from having fewer asylum-seekers on their territory, as things now stand.

There’s a strong literal argument that the measures in question can only benefitMember States, as distinct from (say) Serbia – although the EU could still assist Serbia by other means. But that issue doesn’t arise, since the two Decisions are only relocating asylum-seekers from Member States. A purely consequential impact on third States (fewer people will transit Serbia) isn’t sufficient to infringe this rule.

This leaves us with the definition of ‘provisional measures’. The notion of ‘provisional’ means that it must be limited in time. Since the Treaty of Lisbon removed the previous limitation to six months, this means that measures can last for longer than that. Although there may be a legal argument that two years is too long, a period of one year (during which time a permanent system may well be agreed) is surely legal. So the most a successful claim could do here is curtail the length of the validity of the second Decision, not annul it completely. If a provisional measure is renewed, or replaced with a similar provisional measure, the ‘provisional’ nature of the powers would be infringed, but we have not got to that stage yet.

What ‘measures’ can be adopted? Can they amend existing legislation? This is relevant because the two Decisions derogate from the Dublin rules, as any relocation system would have to do. The EP’s role has been circumvented because it was only consulted. While I previously held the view that for this reason, emergency asylum measures could not derogate from EU asylum legislation, I no longer think that’s correct. Because the Treaty refers to a ‘common’ asylum policy, it must follow that the power to adopt emergency measures would be nugatory if it couldn’t amend existing legislation.

Does the EU have power to adopt quotas of asylum-seekers? A power to adopt quota rules is ruled out under Article 79(5) TFEU in the case of those looking for work. But those limitations only apply to ‘that Article’, and the Treaty drafters chose to regulate asylum issues, including reception conditions for asylum-seekers and the status of refugees (which concern access to employment) on the basis of Article 78 instead. Indeed, as noted already, there’s no right to work for asylum-seekers on the basis of EU law unless they have been waiting nine months for a decision (although Member States can choose to be more generous if they wish), and some asylum-seekers will be too young to seek work or otherwise not seek work due to family responsibilities or illness, for example. So asylum-seekers aren’t within the scope of Article 79. Moreover, the issue of relocation quotas had been discussed several times before, to the Treaty drafters must have been aware of it. If they had wanted to rule out quotas for asylum-seekers in Article 78(3), they would therefore surely have done so expressly. Article 79(5) has an a contrario effect.

Should Article 78(3) be narrowly interpreted? The Treaty drafters chose to use broad wording, and indeed Article 80 TFEU refers broadly to the principle of solidarity and burden-sharing (‘including’, ie not limited to, financial support). Unlike Treaty provisions which stress the narrowness of the EU’s powers, such as the powers over health or education, Article 78 repeatedly refers to a ‘common’ or ‘uniform’ policy (there are more such references in Articles 67 and 78(2)). The Treaty drafters placed limits on the scope of the EU’s immigration policy (as we have seen already); and in the same Title of the Treaty, there are various special rules relating to competence or voting over various aspects of border controls, civil law, police cooperation, and criminal law. It’s quite striking that no comparable limits exist as regards the EU’s asylum powers. One may reasonably argue that there should be such limits, but I am not convinced that there are such limits at the moment.

Just because those powers exist, however, does not mean that they should necessarily be used. So finally I will turn to the question of whether relocation is a good idea in general, and whether it is wise to force it upon recalcitrant States – even if it is legal.

Appraising the relocation policy

In principle, the objectives of the relocation policy are entirely valid. Article 80 TFEU refers to the need for solidarity and burden-sharing among Member States as regards asylum, and this reflects also the burden-sharing principle of international law, set out in the preamble to the Geneva Convention on refugees. The numbers who have arrived in Greece and Italy in recent months are clearly unmanageable for those countries to handle alone, although it should not be forgotten that some of the (potential) asylum-seekers concerned have moved on to other Member States under their own steam in the meantime. While solidarity also can (and does) take the form of financial support and additional personnel, reception centres cannot be built overnight and officials from other Member States cannot simply become part of the Greek or Italian civil service for a while.

If anything, the relocation Decisions are insufficient. It’s clearly an overstatement to say that the EU has ‘done nothing’ to help those countries: the Decisions won’t relieve all the pressure upon Italy and Greece, but equally it should in principle relieve some of it. According to the preamble to the second Decision, it will relieve Greece and Italy of 43% of the asylum-seekers who clearly needed international protection (ie the nationalities with high success rates in asylum claims) who arrived there over July and August. But this is less impressive than it first appears, since it assumes that the further 54,000 asylum-seekers now ‘on ice’ will be relocated from those countries, whereas this is not yet certain. And while the asylum-seekers in question will be relocated over two years, the numbers referred to in the preamble arrived over two months. Although the first Decision will also relieve some pressure, the percentage of the asylum-seekers from priority countries who will arrive in Italy and Greece over the next two years who will be relocated will therefore be much less than 43%. It is even possible that the more systematic application of the obligation to fingerprint applicants will mean that Italy and Greece would end up responsible for more applicants from the priority countries than before.

Overall, then, taking into account the numbers of asylum-seekers not subject to the Decisions because they are not from a priority country, the two Decisions are likely to prove insufficient. This can be addressed in practice by further such Decisions (or the proposed new permanent system for addressing these issues) in the near future.

The question of whether it is possible to reduce the numbers of asylum-seekers who arrive at the EU’s external borders in the first place is outside the scope of my analysis here – although this will ultimately determine whether a mass influx continues to occur in the years to come.

As for the details of the Decisions, there are two particularly controversial issues: the role of asylum-seekers, and the wisdom of enforcing quotas upon unwilling Member States. On the first point, it is problematic to compel asylum-seekers to move to a country that they do not wish to be in, since this has already proved unworkable in the original Dublin context. It would have been preferable at least to give asylum-seekers the opportunity to express a (non-binding) preference (with reasons) for particular Member State, or perhaps a list of several preferred Member States. That would increase the likelihood that asylum-seekers will stay put, since they are would be in a Member States where they prefer to be. It will also increase the likelihood that they will integrate into the host State once obtaining protection status (as most people subject to the Decisions will), given that they may prefer particular destinations because they have extended family members, friends or acquaintances there. But it will probably not be possible to respect every asylum-seeker’s preferred destination – or every asylum-seeker who wants to relocate.

In the absence of any attempt to consider the asylum-seekers’ preferences, Member States instead fell back upon the idea of punishing them if they make secondary movements. Although the Dublin system has notably not worked well at ensuring that asylum-seekers always remain in the State which is responsible for their application, it has worked better when asylum-seekers have been fingerprinted, so that it is easy to ascertain the responsible Member State; and relocation under the Decisions will only be possible for those who have been fingerprinted. While the Decisions correctly state that asylum-seekers who make secondary movements have to be taken back (pursuant to the Dublin Regulation), the preamble to the second Decision wrongly claims that they could be detained pursuant to the Returns Directive. In fact, since that Directive doesn’t apply to asylum-seekers (see the CJEU rulings in Kadzoev and Arslan), the narrower grounds for detention in the Dublin Regulation would apply instead, if the person concerned applies for asylum.

It’s also not clear exactly what benefits sanctions and remedies restrictions could be legally applied to asylum-seekers who don’t stay in the Member State of relocation, beyond the possibility of limiting the suspensive effect of a legal challenge. As regards benefits, the CJEU ruled in Cimade and GISTI that benefits must still be paid to asylum-seekers even if they have moved to another Member State (by that Member State), until the point when they are transferred back to the responsible Member State under the Dublin rules. This is now reflected in the preamble to the Dublin III Regulation. It might prove more fruitful to take up the Commission’s suggestion of allowing relocated asylum-seekers to work at an earlier date.

On the second point, historically calls for asylum burden-sharing have relied upon moral suasion, not legal imposition. The relocation process will in any event be difficult to carry out if the outvoted Member States refuse to cooperate with it. (It’s not clear if they will suspend their commitments under the first Decision too – although note that Hungary made no such commitments in the first place). The Commission can begin infringement proceedings for non-cooperation, but this will take time, and the Member States in question might prefer to pay a fine (the sanction for non-compliance with a CJEU infringement ruling) than cooperate with relocation.

While the recalcitrant Member States’ objections to burden-sharing are not very convincing, more efforts should have been made to offer them an alternative. The original suggestion of a financial contribution to alleviate the costs of the Member States with the biggest burden was dropped, since it was (wrongly) perceived as a sanction, rather than as an alternate type of burden-sharing. Perhaps a better idea would have been to offer the option of assisting the neighbouring countries hosting Syrians, Iraqis and Eritreans, either by resettling more people directly from those countries or by making bigger financial contributions to those countries (and thereby reducing ‘push’ factors). Either option could have indirectly relieved the burden on Greece or Italy.

Finally, to what extent can the outvoted Member States (or others) reduce their obligations under the Decisions? As we have seen, the second Decision allows them to reduce their intake temporarily, if the Council approves. They must have good reasons, in particular relating to reception capacity. Given the exceptional nature of the rule, it is hard to see how other reasons can easily be accepted; certainly paranoia cannot. And the grounds for the request must be compatible with EU values, so Islamophobia is equally an impermissible ground too.

(MEIJERS COMMITTEE) Military action against human smugglers: legal questions concerning the EUNAVFOR Med operation

ORIGINAL PUBLISHED HERE ON 23 September 2015

  1. The EUNAVFOR Med operation

On 22 June 2015, the Council of Ministers of the European Union adopted a Common Foreign Security Policy (CFSP) Decision establishing a military crisis management operation with the aim of combatting fighting people smuggling: EUNAVFOR Med.1 This mission is currently in its first phase, focusing on intelligence gathering, i.e. surveillance and the   assessment of existing smuggling networks.

A second phase would involve searching and possibly diverting vessels on the high seas and territorial waters, either under a mandate of the UN Security Council or with the consent of the appropriate coastal state. The Foreign Affairs Council has recently established that the conditions for the second phase have been met insofar as operations in international waters are concerned.2 During the third phase, vessels and related assets of human smugglers would be destroyed and smugglers apprehended.

The mission will operate in a complex legal environment of overlapping rules of refugee law, international human rights law, the law of the sea, and international rules on the use of force. This note discusses some of the most pressing legal questions raised by this operation.

  1. General remarks

At the outset, the Meijers Committee would like to raise a general point regarding the focus on people smuggling as a response to the loss of life at sea. In the absence of safe and legal access to the right to seek asylum in Europe, together with routes for legal migration, people will turn to human smugglers as a last resort. Increased border controls have resulted in higher casualties as people are forced to take more dangerous routes.

The Meijers Committee questions the appropriateness of the approach taken under EUNAVFOR Med to stop the loss of life at sea. The Committee would like to point to the shift from saving lives at sea under  the  Italian-led  Mare  Nostrum  Operation,  to  border management  (Triton),  to  military  action (EUNAVFOR Med). The Meijers Committee emphasizes that the legal obligation to save lives at sea should have primacy in all Union action at sea and that a long-term solution must also involve improving legal access to asylum and legal employment.

  1. Human smuggling as a threat to international peace and
    security

The Meijers Committee notes that the decision establishing the EUNAVFOR Med operation refers explicitly to the need for a UN Security Council Resolution or consent of the coastal states concerned before the second phase of the operation can enter into force.

In this respect the Meijers Committee notes a fundamental difference from the EUNAVFOR operation Atalanta against piracy off the Somalian coast, which was taken as a model for EUNAVFOR Med. The Atalanta operation was explicitly supported by a UN Security Council Resolution, and had the consent of the coastal state involved.3

Articles 39 and 42 UN Charter stipulate that the Security Council shall only authorize the use of force if ‘necessary to maintain or restore international peace and security’. The Meijers Committee is not convinced that the EUNAVFOR MED mission meets this standard. Although the humanitarian crisis may meet this standard, the activities of human smugglers – unlike piracy do not qualify. Although the Security Council has previously adopted resolutions in response to refugee crises in Iraq and Haiti, these were intended to stabilize the countries of origin and not to prevent persons from seeking refuge elsewhere.

  1. Phase 2: search and diversion of ships

The Second Phase of the operation would involve the search and diversion of ships in third-country territorial waters, which requires the consent of the flag state or a UN Security Council Resolution.

The Meijers Committee recalls that on the high seas, Article 87 UN Convention on the Law of the Sea (UNCLOS) ensures the right to freedom of navigation. Article 110 permits a warship to board and inspect a vessel if, inter alia, it has no nationality. As regards the vessel, a finding of statelessness should allow states to exercise jurisdiction in order to ensure compliance with the ‘minimum public order on the high seas’, namely, the duties that normally fall on the flag state (Art. 94 UNCLOS).4 This could include a state’s power to escort the vessel into harbor for inspection. As regards the people on board, UNCLOS does not seem to provide a basis for the exercise of jurisdiction.

Although Article 110(1) UNCLOS expressly allows that grounds of interference may be established by Treaty, the UN Smuggling Protocol seems to impose a duty of cooperation only on the contracting parties, while maintaining the requirement of flag state authorization. Article 8(7) of the Smuggling Protocol provides a firmer legal basis for interference with stateless vessels than Article 110 UNCLOS. The wording ‘suppressing the use of the vessel’ or ‘take appropriate measures’ implies the possible use of force. Nevertheless, such force should be used as a means of last resort and will be subject to the requirement of necessity and proportionality. It is noted, however, that the Migrant Smuggling Protocol lacks the precision of, for instance, the UN drug trafficking regime, which explicitly sets out the measures that an intercepting power may take against a drug transport.5 Accordingly, no clear legal basis for action is provided in international law.

Diversions on the high seas may not result in the refoulement of people on board. It is important to stress that States cannot relieve themselves of this obligation by labelling an operation as ‘search and rescue’. The IMO Guidelines on the treatment of persons rescued at sea state that ‘[disembarkation of asylum-seekers and refugees recovered at sea, in territories where their lives and freedom would be threatened should be avoided.’ This approach has been confirmed by the European Court of Human Rights in the Hirsi case.6 Member States remain bound by their obligations under international human rights law, independently of the nature and location of their intervention. In this regard it is particularly problematic that Libya one of the most important coastal states whose cooperation is sought is currently a notoriously dangerous and unstable country.

It is unclear how the EU intends to give practical effect to these obligations in the course of the EUNAVFOR Med mission. The Meijers Committee would recommend that clear guidelines be put in place, comparable to the rules applicable in the framework of Frontex coordinated operations at sea.7

  1. Phase 3: destruction of vessels and apprehension of smugglers

The Third Phase of the Operation would entail the destruction of vessels and related assets, and the apprehension of smugglers. The Meijers Committee argues that clear, binding, publicly available rules should be adopted prior to the commencement of Phase 3.

As regards the smugglers it must be noted that unlike piracy and international crimes, international law does not establish universal criminal jurisdiction over human smuggling. As with diversions, the interference with vessels believed to be engaged in human smuggling requires the consent of the flag state (or a UN SC Resolution). In case the ship is sailing without a flag, Article 8 of the Protocol allows a party to take ‘appropriate measures in accordance with relevant domestic and international law’. The extent to which this includes the exercise of criminal jurisdiction over human smugglers is not clear, however.

The Council decision establishing EUNAVFOR Med is silent about the possible detention and prosecution of smugglers. The Meijers Committee points out that even though EUNAVFOR Med is executed by military forces, the EU is not acting as party to an armed conflict and thus normal peace­time law applies. This means that after arrest, those suspected of migrant smuggling should be brought promptly before a judge8. In the case of subsequent criminal prosecution, jurisdiction should be established in one of the Member States. In this respect it is noted that not all Member States have established universal jurisdiction over human smuggling. If smugglers are to be extradited or released to third countries, their fundamental rights should be guaranteed.

The Meijers Committee notes that EUNAVFOR Med is aimed at the destruction of vessels used or suspected of being used for migrant smuggling, possibly even inside third-country territory, yet it remains unclear what legal standard is applied to identify such vessels. The Meijers Committee cautions that the destruction of vessels cannot be arbitrary. Unlike UNCLOS, which provides for clear rules on the seizure and liability for seizure of pirate ships, there is no explicit legal basis in international law for the seizure of migrant smuggling boats. The right to property as enshrined in Article 1 of Protocol 1 ECHR, which will apply to the Member States acting extra-territorially, prescribes that any destruction of property must be provided for by law and must be necessary and proportionate.

  1. Unclear division of responsibility between the EU and its
    Member States

The Meijers Committee recalls that Article 21 TEU requires CFSP actions to be based on human rights. This includes respect for human dignity, including the prohibition of torture and inhuman treatment; personal security and liberty; and protection from arbitrary detention and arrest.9 It also notes, however, that the Court of Justice of the EU has no authority to ensure this respect for fundamental rights as it lack jurisdiction over the CFSP.10 This means that legal remedies would have to be provided under the national law of the participating Member States.

The experience with joint operations under the coordination of Frontex shows that in case of violations of fundamental rights, it is unclear to whom wrongful conduct must be attributed. Although the operation is coordinated by the EU, it is the Member States that provide the assets and personnel, over which they maintain operational command.

Case law issuing from the European Court of Human Rights on the obligations of the Member States as contracting parties to the European Convention on Human Rights clearly indicates with regard to the Member States that they cannot escape their responsibilities under the Convention by acting outside the Convention’s territorial scope. The situation is more complicated, however, when Member States act as agents for the European Union (Bosphorus) or within the context of UN Peace Keeping Operations (Al Jeddah, Behrami, and Saramati). The Meijers Committee therefore stresses that it is fundamentally important that questions of international responsibility and responsibility under the European Convention for Human Rights are addressed prior to commencement of Phases 2 and 3.

Conclusions and recommendations

I. There are no indications that combating migrant smuggling contributes to the restoration of international peace and security or to ending the ongoing humanitarian crises;

II.      Without express consent from third states or authorization from the UN Security Council, the EU lacks jurisdiction over   vessels or assets in third-country territorial waters;
III.      Without express consent from third-country coastal states or   authorization from the UN Security Council, there is no clear legal basis for coercive measures against vessels or assets on the high seas;
IV Despite the unclear legal framework covering interdiction on the high seas, international human rights law does apply;
V.      Should a legal basis for action on the high seas and in territorial waters be provided, clear rules of engagement and proper safeguards should be in place to prevent indiscriminate destruction of civilian property; any undue loss should be compensated;
VI.      An unambiguous legal basis for the arrest and detention of suspected smugglers is needed, and also for the seizure and destruction of any personal property. Suspects should either be prosecuted, extradited or released, the last action having due regard to the right to asylum and the prohibition of refoulement;
VII.      Clear attribution rules and accountability mechanisms for human rights violations committed by EUNAVFOR assets should be in place;
VIII.      The right to apply for asylum, access to asylum procedures on land with proper language and legal assistance, and the prohibition of refoulement should be respected and subject to judicial oversight;
IX.       Outsourcing migration control to third countries, even though outside Member State jurisdiction, should take place with assurances and safeguards against human rights violations.

Notes

1 Council Decision (CFSP) 2015/972 of 22 June 2015 launching the European Union military operation in the southern Central Mediterranean (EUNAVFOR MED), OJ 2015, L157/51.

2 Council of the European Union, “EUNAVFOR Med: Council adopts a positive assessment on the conditions to move to the first step of phase 2 on the high seas”, Press Release, 14 September 2015, no. 643/15.
3 http://www.un.org/Depts/los/piracy/piracy_documents.htm
4 E. Papastavridis, ‘Enforcement Jurisdictions in the Mediterranean Sea: Illicit Activities and the Rule of Law on the High Seas’, International Journal of Marine and Coastal Law, Vol. 25, 2010, p. 585.
5 See Council of Europe Agreement on Illicit Traffic by Sea, implementing article 17 of the United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances.
6 ECHR, Hirsi Jamaa and others v. Italy, Grand Chamber, Judgment, 23 February 2012, Application no. 27765/09.
7 Regulation (EU) No 656/2014 of the European Parliament and of the Council of 15 May 2014 establishing rules for the surveillance of the external sea borders in the context of operational cooperation coordinated by the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union, L 189, 27 June 2014.
8 ECHR, Medvedyev v France, 9 March 2010, appl. no. 3394/03.
9 The promotion and protection of human rights during common security and defence policy operations. In-between a spreading state of mind and an unsolved concern. M L Sánchez Barrueco, in The EU as a ”Global Player” in human rights?, J E Wetzel (edit.), 2011, pp. 158-160.
10 See also Case T-271/10, under appeal C-455/14 P.

About : The Meijers Committee is an independent group of legal scholars, judges and lawyers that advises on European and International Migration, Refugee, Criminal, Privacy, Anti-discrimination and Institutional Law. The Committee aims to promote the protection of fundamental rights, access to judicial remedies and democratic decision-making in EU legislation.

The Meijers Committee is funded by the Dutch Bar Association (NOvA), Foundation for Democracy and Media (Stichting Democratie en Media) the Dutch Refugee Council (VWN), Foundation for Migration Law Netherlands (Stichting Migratierecht Nederland), the Dutch Section of the International Commission of Jurists (NJCM), Art. 1 Anti-Discrimination Office, and the Dutch Foundation for Refugee Students UAF.

Contact info: Louis Middelkoop Executive secretary post@commissie-meijers.nl +31(0)20 362 0505

Please visit www.commissie-meijers.nl

AMERICAN MASS SURVEILLANCE OF EU CITIZENS: IS THE END NIGH?

ORIGINAL PUBLISHED ON EU LAW ANALYSIS  (Wednesday, 23 September 2015)

by Steve PEERS

*This blog post is dedicated to the memory of the great privacy campaigner Caspar Bowden, who passed away recently. What a tragedy he did not leave to see the developments in this case. To continue his work, you can donate to the Caspar Bowden Legacy Fund here.

 

A brilliant university student takes on the hidebound establishment – and ultimately wins spectacularly. That was Mark Zuckerberg, founding Facebook, in 2002. But it could be Max Schrems, taking on Zuckerberg and Facebook, in the near future – if the Court of Justice decides to follow the Advocate-General’s opinion in the Schrems case, released today.

In fact, Facebook is only a conduit in this case: Schrems’ real targets are the US government (for requiring Facebook and other Internet companies to hand over personal data to intelligence agencies), as well as the EU Commission and the Irish data protection authority for going along with this. In the Advocate-General’s opinion, the Commission’s decision to allow EU citizens’ data to be subject to mass surveillance in the US is invalid, and the national data protection authorities in the EU must investigate these flows of data and prohibit them if necessary. The case has the potential to change much of the way that American Internet giants operate, and to complicate relations between the US and the EU in this field.

Background

There’s more about the background to this litigation here, and Simon McGarr has summarised the CJEU hearing in this case here. But I’ll summarise the basics of the case again here briefly.

Max Schrems is an Austrian Facebook user who was disturbed by Edward Snowden’s revelations about mass surveillance by US intelligence agencies. Since such mass surveillance is put into effect by imposing obligations to cooperate upon Internet companies, he wanted to complain about Facebook’s transfers of his personal data to the USA. Since Facebook’s European operations are registered in Ireland, he had to bring his complaints to the Irish data protection authority.

The legal regime applicable to such transfers of personal data is the ‘Safe Harbour’ agreement between the EU and the USA, agreed in 2000 – before the creation of Facebook and some other modern Internet giants, and indeed before the 9/11 terrorist attacks which prompted the mass surveillance. This agreement was put into effect in the EU by a decision of the Commission, which used the power conferred by the EU’s current data protection Directive to declare that transfers of personal data to the USA received an ‘adequate level of protection’ there.

The primary means of enforcing the arrangement was self-certification of the companies concerned (not all transfers to the USA fall within the scope of the Safe Harbour decision), enforced by the US authorities.  But it was also possible (not mandatory) for the national data protection authorities which enforce EU data protection law to suspend transfers of personal data, if the US authorities or enforcement system have found a breach of the rules, or on the following further list of limited grounds set out in the decision:

there is a substantial likelihood that the Principles are being violated; there is a reasonable basis for believing that the enforcement mechanism concerned is not taking or will not take adequate and timely steps to settle the case at issue; the continuing transfer would create an imminent risk of grave harm to data subjects; and the competent authorities in the Member State have made reasonable efforts under the circumstances to provide the organisation with notice and an opportunity to respond.

In fact, Irish law prevents the national authorities from taking up this option. So the national data protection authority effectively refused to consider Schrems’ complaint. He challenged that decision before the Irish High Court, which doubted that this system was compatible with EU law (or indeed the Irish constitution). So that court asked the CJEU to rule on whether national data protection authorities (DPAs) should have the power to prevent data transfers in cases like these.

The Opinion

The Advocate-General first of all answers the question which the Irish court asks, and then goes on to examine whether the Safe Harbour decision is in fact valid. I’ll address those two issues in turn.

In the Advocate-General’s view, national data protection authorities have to be able to consider claims that flows of personal data to third countries are not compatible with EU data protection laws, even if the Commission has adopted a decision declaring that they are. This stems from the powers and independence of those authorities, read in light of the EU Charter of Fundamental Rights, which expressly refers to DPAs’ role and independence. (On the recent CJEU case law on DPA independence, see discussion here). It’s worth noting that the new EU data protection law under negotiation, the data protection Regulation, will likely confirm and even enhance the powers and independence of DPAs. (More on that aspect of the proposed Regulation here).

On the second point, the opinion assesses whether the Safe Harbour Decision correctly decided that there was an ‘adequate level of protection’ for personal data in the USA. Crucially, it argues that this assessment is dynamic: it must take account of the protection of personal data now, not just when the Decision was adopted back in 2000.

As for the meaning of an ‘adequate level of protection’, the opinion argues that this means that third countries must ensure standards ‘essentially equivalent to that afforded by the Directive, even though the manner in which that protection is implemented may differ from that’ within the EU, due to the importance of protecting human rights within the EU. The assessment of third-country standards must examine both the content of those standards and their enforcement, which entailed ‘adequate guarantees and a sufficient control mechanism’, so there was no ‘lower level of protection than processing within the European Union’. Within the EU, the essential method of guaranteeing data protection rights was independent DPAs.

Applying these principles, the opinion accepts that personal data transferred to the USA by Facebook is subject to ‘mass and indiscriminate surveillance and interception’ by intelligence agencies, and that EU citizens have ‘no effective right to be heard’ in such cases. These findings necessarily mean that the Safe Harbour decision was invalid for breach of the Charter and the data protection Directive.

More particularly, the derogation for the national security rules of US law set out in the Safe Harbour principles was too general, and so the implementation of this derogation was ‘not limited to what is strictly necessary’. EU citizens had no remedy against breaches of the ‘purpose limitation’ principle in the US either, and there should be an ‘independent control mechanism suitable for preventing the breaches of the right to privacy’.

The opinion then assesses the dispute from the perspective of the EU Charter of Rights. It first concludes that the transfer of the personal data in question constitutes interference with the right to private life. As in last year’s Digital Rights Ireland judgment (discussed here), on the validity of the EU’s data retention directive, the interference with rights was ‘particularly serious, given the large numbers of users concerned and the quantities of data transferred’. In fact, due to the secret nature of access to the data, the interference was ‘extremely serious’. The Advocate-General was also concerned about the lack of information about the surveillance for EU citizens, and the lack of an effective remedy, which breaches Article 47 of the Charter.

However, interference with these fundamental rights can be justified according to Article 52(1) of the Charter, as long as the interference is ‘provided for by law’, ‘respect[s] the essence’ of the right, satisfies the ‘principle of proportionality’ and is ‘necessary’ to ‘genuinely meet objectives of general interest recognized by’ the EU ‘or the need to protect the rights and freedoms of others’.

In the Advocate-General’s view, the US law does not respect the ‘essence’ of the Charter rights, since it extends to the content of the communications. (In contrast, the data collected pursuant to the data retention Directive which the CJEU struck down last year concerned only information on the use of phones and the Internet, not the content of phone calls and Facebook posts et al). On the same basis, he objected to the ‘broad wording’ of the relevant derogations on national security grounds, which did not clearly define the ‘legitimate interests’ at stake. Therefore, the derogation did not comply with the Charter, ‘since it does not pursue an objective of general interest defined with sufficient precision’. Moreover, it was too easy under the rules to escape the limitation that the derogation should only apply when ‘strictly necessary’.

Only the ‘national security’ exception was sufficiently precise to be regarded as an objective of general interest under the Charter, but it is still necessary to examine the ‘proportionality’ of the interference. This was a case (like Digital Rights Ireland) where the EU legislature’s discretion was limited, due to the importance of the rights concerned and the extent of interference with them. The opinion then focusses on whether the transfer of data is ‘strictly necessary’, and concludes that it is not: the US agencies have access to the personal data of ‘all persons using electronic communications services, without any requirement that the persons concerned represent a threat to national security’.

Crucially, the opinion concludes that ‘[s]uch mass, indiscriminate surveillance is inherently disproportionate and constitutes an unwarranted interference’ with Charter rights. The Advocate-General agreed that since the EU and the Member States cannot adopt legislation allowing for mass surveillance, non-EU countries ‘cannot in any circumstances’ be considered to ensure an ‘adequate level of protection’ of personal data if they permit it either.

Furthermore, there were not sufficient guarantees for protection of the data. Following the Digital Rights Ireland judgment, which stressed the crucial importance of such guarantees, the US system was not sufficient. The Federal Trade Commission could not examine breach of data protection laws for non-commercial purposes by government security agencies, and nor could specialist dispute resolution bodies. In general, the US lacks an independent supervisory authority, which is essential from the EU’s perspective, and the Safe Harbour decision was deficient for not requiring one to be set up. A third country cannot be considered to have ‘an adequate level of protection’ without it. Furthermore, only US citizens and residents had access to the judicial system for challenging US surveillance, and EU citizens cannot obtain remedies for access to or correction of data (among other things).

So the Commission should have suspended the Safe Harbour decision. Its own reports suggested that the national security derogation was being breached, without sufficient safeguards for EU citizens. While the Commission is negotiating revisions to that agreement with the USA, that is not sufficient: it must be possible for the national supervisory authority to stop data transfers in the meantime.

Comments

The Advocate-General’s analysis of the first point (the requirement that DPAs must be able to stop data flows if there is a breach of EU data protection laws) is self-evidently correct. In the absence of a mechanism to hear complaints on this issue and to provide for an effective remedy, the standards set out in the Directive could too easily be breached. Having insisted that the DPAs must be fiercely independent of national governments, the CJEU should not now accept that they can be turned into the tame poodles of the Commission.

On the other hand, his analysis of the second point (the validity of the Safe Harbour Decision) is more problematic – although he clearly arrives at the correct conclusion. With respect, there are several flaws in his reasoning. Although EU law requires strong and independent DPAs within the EU to ensure data protection rights, there is more than one way to skin this particular cat. The data protection Directive notably does not expressly require that third countries have independent DPAs. While effective remedies are of course essential to ensure that data protection law (likely any other law) is actually enforced in practice, those remedies do not necessarily have to entail an independent DPA. They could also be ensured by an independent judiciary. After all, Americans are a litigious bunch; Europeans could join them in the courts. But having said that, it is clear that in national security cases like this one, EU citizens have neither an administrative nor a judicial remedy worth the name in the USA. So the right to an effective remedy in the Charter has been breached; and it is self-evident that processing information from Facebook interferes with privacy rights.

Is that limitation of rights justified, however? Here the Advocate-General has muddled up several different aspects of the limitation rules. For one thing, the precision of the law limiting rights and the public interest which it seeks to protect are too separate things. In other words, the public interest does not have to be defined precisely; but the law which limits rights in order to protect the public interest has to be. So the opinion is right to say that national security is a public interest which can justify limitation of rights in principle, but it fails to undertake an examination of the precision of the rules limiting those rights. As such, it omits to examine some key questions: should the precision of the law limiting rights be assessed as regards the EU law, the US law, or both?  Should the US law be held to the same standards of clarity, foreseeability and accessibility as European states’ laws must be, according to the ECHR jurisprudence?

Next, it’s quite unconvincing to say that processing the content of communications interferes with the ‘essence’ of the privacy and data protection rights. The ECHR case law and the EU’s e-privacy directive expressly allow for interception of the content of communications in specific cases, subject to strict safeguards. So it’s those two aspects of the US law which are problematic: its nature as mass surveillance, plus the inadequate safeguards.

On these vital points, the analysis in the opinion is correct. The CJEU’s ruling inDigital Rights Ireland suggests, in my view, that mass surveillance is inherently a problem, regardless of the safeguards in place to limit its abuse. This is manifestly the Advocate-General’s approach in this case; and the USA obviously has in place mass surveillance well in excess of the EU’s data retention law. The opinion is also right to argue that EU rules banning mass surveillance apply to the Member States too, as I discuss here. But even if this interpretation is incorrect, and mass surveillance is only a problem if there are weak safeguards, then the Safe Harbour decision still violates the Charter, due to the lack of accessible safeguards for EU citizens as discussed above. Hopefully, the Court of Justice will confirm whether mass surveillance is intrinsically problematic or not: it is a key issue for Member States retaining data by way of derogation from the e-privacy Directive, for the validity of EU treaties (and EU legislation) on specific issues such as retaining passenger data (see discussion here of a pending case), and for the renegotiation of the Safe Harbour agreement itself.

This brings us neatly to the consequences of the CJEU’s forthcoming judgment (if it follows the opinion) for EU/US relations. Since the opinion is based in large part upon the EU Charter of Rights, which is primary EU law, it can’t be circumvented simply by amending the data protection Directive (on the proposed new rules on external transfers under the planned Regulation, see discussion here). Instead, the USA must, at the very least, ensure that adequate remedies for EU citizens and residents are in place in national security cases, and that either a judicial or administrative system is in place to enforce in practice all rights which are supposed to be guaranteed by the Safe Harbour certification. Facebook and others might consider moving the data processing of EU residents to the EU, but it’s hard to see how this could work for any EU resident with (for instance) Facebook friends living in the USA. Surely in such cases processing of the EU data in the USA is unavoidable.

Moreover, arguably it would not be sufficient for the forthcoming EU/US trade and investment agreement (known as ‘TTIP’) to provide for a qualified exemption for EU data protection law, along the lines of the WTO’s GATS. Only a complete immunity of EU data protection law from the TTIP – and any other EU trade and investment agreements – would be compatible with the Charter. Otherwise, companies like Facebook and Google might try to invoke the controversial investor dispute settlement system (ISDS) every time a judgment like Google Spain or (possibly) Schrems cost them money.

The EU-US Umbrella agreement on Data Protection just presented to the European Parliament. All people apparently happy, but….

ORIGINAL PUBLISHED BY EU-LOGOS

by Paola Tavola (EU LOGOS Trainee)

“For the first time ever, the EU citizens will be able to know, by looking at one single set of rules, which minimum rights and protection they are entitled to, with regards to data share with the US in the law enforcement sector”. These are the words of P. Michou, chief negotiator in charge of the negotiation process of the so called EU-US “Umbrella Agreement”, who gave a public overview on the lately finalized transatlantic data protection framework in the field of law enforcement cooperation. The speech, delivered during the last meeting of the LIBE committee of the European Parliament, has met a warm welcome by the MEPs. Great congratulations have been expressed by all the political groups, for the work done by the negotiating team of the Commission that, from its side, has thanked the LIBE committee for its strong support and pressures. As Mrs. Michou said, they “helped us to be stronger in our negotiations”. Negotiations that were dealt with a partner that is far from being an easy one. The words of Michou, however, have not completely reassured all the MEPs, who have called for a legal opinion on the text of the agreement to be delivered by the legal department of the European Parliament. Legal certainties about the potential benefits or detrimental effects that this agreement could have on the existing EU data protection rules, as well as on past and future agreements, have been asked by the majority of the deputies, as a necessary precondition for the vote.

Historical context

An EU-US agreement in the field of protection of personal data was already called by the European Parliament in the year 2009. At that time, in a resolution on the state of transatlantic relation, the Parliament underlined the necessity of a “proper legal framework, ensuring adequate protection of civil liberties, including the right to privacy”, to be agreed on the base of a binding international agreement. The Commission then, on the invitation of the European Council, proposed a draft mandate for starting the negotiations with the United States, on a high standard system of data protection. The final mandate, being adopted by the Council in December 2010, opened the negotiation procedure among the two partners, that formally started on March 2011.

The negotiations have been though, mainly because of a great cultural difference existing among the two partners in terms of data protection, but after four years of work, the agreement has been initialed in Luxembourg, last September 8th. The final text, that can be signed only with the authorization of the Council and the consent of the Parliament, represents a huge step forward: “if we look back to some years ago, it was clear that some of the issues that have been now achieved in the text, couldn’t even have been theoretically possible”, Jan Philippe Albrecht (Greens/EFA) said, by opening the debate after Mrs. Michou speech.

The european Commissioner for Justice, Consumers and Gender Equality, Věra Juorová, by declaring full satisfaction for the conclusion of the discussions, affirmed: “robust cooperation between the EU and the US to fight crime and terrorism is crucial to keep Europeans safe. But all exchanges of personal data, such as criminal records, names or address, need to be governed by strong data protection rules. This is what the Umbrella Agreement will ensure.”

Terrorism or organized crime are phenomena that definitely constitute serious threats to security. However, leaving aside the narrow concept of security, as many theories and authors consider nowadays, a threat to security can be identified as any threat to the “cherished values” of our society: thus also to those values such as the right of privacy and the data protection.

The issue concerns how security and law enforcement are able to positively and constructively interact with new technology, but also to clash with it.

On one side, the information and data sharing is now a fundamental and crucial aspect of policy and judicial inter-state cooperation, since major threats and criminal phenomena have assumed a transnational connotation. On the other side however, it is necessary to ensure the protection and the fair and limited treatment of information, that is transferred as part of the transatlantic cooperation in criminal matters, in order to avoid abuses and the setting up of mass surveillance systems.

The two transatlantic partner, have already settled a substantial framework of data transfer rules. In 2010 they signed an agreement on the processing and transfer of financial messaging data from the EU to the US, for the purposes of the Terrorist Finance Tracking Program (TFTP); while in 2012 they concluded a bilateral agreement for the exchange of PNR (Passenger Name Records) data.

“Data protection is a fundamental right of particular importance in the digital age. In addition to swiftly finalizing the legislative work on common data protection rules within the European Union, we also need to uphold this right in our external relations.” This principle was included by Jean-Claude Juncker in the political priorities of the European Commission agenda, presented in July 2014.

A look inside the “Umbrella Agreement” Continue reading “The EU-US Umbrella agreement on Data Protection just presented to the European Parliament. All people apparently happy, but….”

The Italian Job: the CJEU strengthens criminal law protection of the EU’s finances (Comment to ‘Taricco’ Case)

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

by  Steve Peers

The stereotype of fraud against the EU budget is a sleazy EU official in Brussels receiving manila envelopes stuffed full of bribe money, spending his ill-gotten gains to ensure that his lavish lifestyle becomes ever more decadent. But according to the EU’s annual reports on such fraud, the typical offender is actually rather different: it’s an individual or company who finds ways to get hands on EU money being spent by the Member States, since they are largely in charge of the day-to-day management of EU spending. Furthermore, not all the breaches concern EU spending: some concern the reduction of EU income, for instance by avoiding the customs duties which apply to many goods coming from third countries.

Agreeing and enforcing EU-wide rules for such behaviour has long been a challenge. But in its recent judgment in Taricco, the Court of Justice has made a major effort to strengthen the law in this field.

Background

The CJEU ruled back in the 1980s (in the Greek maize judgment) that Member States could not simply ignore fraud against the EU budget, but had to take effective measures to stop it. This rule was later added to the Treaties, and now forms Article 325 TFEU, which reads in part as follows:

  1. The Union and the Member States shall counter fraud and any other illegal activities affecting the financial interests of the Union through measures to be taken in accordance with this Article, which shall act as a deterrent and be such as to afford effective protection in the Member States, and in all the Union’s institutions, bodies, offices and agencies.
  2. Member States shall take the same measures to counter fraud affecting the financial interests of the Union as they take to counter fraud affecting their own financial interests.

As regards criminal law, the current legal rules on the topic date back to 1995, and were adopted in the form of an international Convention (the ‘PFI Convention’) between the Member States, which came into force in 2002. This treaty applies to all Member States except for Croatia (although the Commission has just proposed its application to that State), and the UK – which was initially a party but no longer has legal obligations to apply the Convention since it opted out of many pre-Lisbon criminal law measures as from 1 December 2014 (on that process, see further here). Among other things, the PFI Convention obliges all Member States to impose criminal sanctions for serious cases of fraud against the EU budget.

The Commission proposed a Directive to replace the Convention in 2012, and this is currently in the late stages of negotiation between the Council and the European Parliament (for an update, see here; on the legal basis, see here). It’s evident that one of the main issues remaining in the negotiations is whether the proposed Directive should apply to VAT fraud, given that a small amount of VAT revenue goes to the EU budget. The Commission and the European Parliament argue that it should, while the Council argues against, presumably because the far larger part of the losses from VAT fraud affects national budgets, not the EU budget. There are other issues in the proposed legislation, such as a more precise possible penalty for fraud, and a rule on ‘prescription’ periods (ie the time limit after which a prosecution can no longer be brought or continued).

The proposed Directive is closely connected to another piece of proposed EU legislation: the Regulation establishing the European Public Prosecutor’s Office (EPPO). That’s because the EPPO will have jurisdiction only over EU fraud, and so it’s necessary to have a definition of that concept. (On the defence rights aspects of the EPPO proposal, see discussion here); for an update on negotiations, see here). And the EPPO Regulation is in turn linked to a third legislative proposal: the Regulation refounding Eurojust, the EU’s agency for coordinating national prosecutions. That’s because there will be close links between Eurojust and the EPPO, and so the Eurojust Regulation can’t be finalized before the EPPO Regulation is agreed. (The Council has agreed all of the Eurojust Regulation except for the bits relating to EPPO links: see the agreed text here. This will still have to be negotiated with the European Parliament, however).

Judgment

The recent CJEU judgment in Taricco concerns alleged VAT fraud against a national budget, and in particular the question of prescription periods. Italian rules on the breaks in prescription periods mean few cases involving VAT fraud are ever seen through to completion, since time simply runs out during the proceedings.  A frustrated Italian court therefore asked the CJEU whether these national rules infringed the economic law of the EU: namely the rules on competition, state aids, economic and monetary union and the main VAT Directive.

According to the CJEU, the national law does not infringe EU competition law, because inadequate enforcement of criminal law does not as such promote cartels. It does not infringe state aid law, because the Italian government was not waiving tax obligations as such. Furthermore, it does not infringe monetary union rules, since it was not closely enough linked to the obligation to maintain sound public finances.

That left the VAT Directive. In fact, that Directive sets out the scope of VAT (ie which goods and services have to be taxed), but does not include any rules on criminal law issues. The Court therefore assumed that the national court was asking it questions about EU law more generally, and proceeded to interpret Article 325 TFEU and the PFI Convention. According to the Court, building on the previous case law such as Fransson, there was not only an obligation pursuant to the VAT Directive and Article 325 TFEU to take effective measures in general against VAT fraud to defend the EU budget, there was also a specific obligation to criminalise such activity, where it was ‘essential to combat certain serious cases of VAT evasion in an effective and dissuasive manner’. This was consistent with obligations under the PFI Convention; the Court confirmed that the Convention applied to VAT fraud, despite the absence of express provisions to this effect under the Convention. Given the size of the alleged fraud in this case (several million euros), it had to be considered serious.

Furthermore, the Court ruled that the operation of the limitation periods in Italian law infringed Article 325 TFEU. A limitation period was not objectionable as such, but national law made it effectively possible to prosecute offences because the way in which it calculated breaks in the prosecution. Also, the national law infringed the principle of equality set out in Article 325, since other national laws on similar types of economic crime did not contain the same problematic rules on calculation of breaks.

The Court then ruled on the consequences of this breach of EU law. In the Court’s view, the national court has to disapply the relevant national law. This obligation was based on Article 325 TFEU, which sets out precise and unconditional rules on effective and equal protection of the EU’s financial interests. So the ‘precedence’ (ie, primacy or supremacy) of EU law required national law to be disapplied.

Finally, the CJEU dismissed a human rights objection to its ruling. While Article 49 of the EU Charter of Fundamental Rights does ban the retroactive application of more stringent criminal penalties than those in force when a crime was committed, the CJEU ruled (following the case law of the European Court of Human Rights on the equivalent Article 7 ECHR) that a limitation period was distinct from a substantive criminal offence. The acts which the defendants were accused of committing were undoubtedly criminal offences in national law at the time of their alleged commission, so there was no retroactivity of criminal law in the sense prohibited by the Charter.

Comments

“You were only supposed to blow the bloody doors off!” This classic quote from The Italian Job aptly summarises the CJEU’s approach to the relationship between national law and EU law in this judgment. Asked only to rule on the interpretation of EU economic law, the Court decided instead to strengthen the constitutional foundations of EU law in the criminal field.

Substantively, the Court’s judgment is significant because it extends EU criminal law obligations to VAT fraud. This is, in the Court’s view, a pre-existing obligation not only in the PFI Convention, but also in the TFEU itself. To overturn it, Member States would therefore have to amend the Treaty, not just the Convention (in the form of the proposed Directive). Also, Member States’ obligations extend not only to criminalisation of serious cases of VAT fraud, but to prescription (and so potentially other procedural issues) as well.  So if Member States (in the Council) do insist on excluding VAT from the scope of the EU fraud Directive, that would have limited impact. Indeed, the Council Presidency has already asked Member States if there is any point maintaining their opposition on this point after the Taricco judgment.

Presumably the Court’s rulings on prescription and criminalisation apply to other forms of EU fraud too. This means that including prescription rules in the Directive (as all of the EU institutions are willing to do) simply confirms the status quo – although the final Directive will likely be more precise on this issue than the CJEU’s ruling. Furthermore, since the Taricco judgment could help to unblock talks on the PFI Directive, this could have a knock-on effect on the negotiations on the EPPO and Eurojust.

Moreover, the Court’s ruling limits the effect of various opt-outs. Ireland and Denmark have opted out of the proposed Directive, but will remain bound by the PFI Convention; the UK has opted out of both. But they remain bound by the Court’s interpretation of the Convention (for Ireland and Denmark) and the Treaty (for all three Member States). This has limited practical impact, as long as national law remains compliant (assuming that it is already compliant) with these measures as interpreted by the Court. While the UK is no longer free to decriminalise fraud against the EU budget, it was never likely to use that ‘freedom’ anyway, particularly as regards VAT fraud, where the main loss would be to the British government’s revenue, not the EU’s.

More fundamentally, the Taricco judgment strengthens the constitutional foundations of criminal law obligations in the EU legal order. While this may only be relevant for EU fraud cases, the Court has already broadened that concept to include VAT fraud. In such cases, there is an obligation for national courts to disapply incompatible national law as regards the procedural aspects of criminal proceedings. Conversely, there is no obligation to disapply incompatible substantive national criminal law, since this would lead to a breach of Article 49 of the Charter.

The ruling is based on the legal effect of the Treaties – the Court does not rule on the legal effect of the ‘third pillar’ Convention. It sets out a test for primacy similar to the test for direct effect (the Court refers to the precise and unconditional nature of the rules in Article 325 TFEU). It is not clear how this rule fits into the EU’s overall constitutional architecture – as a clarification of the general rules or as a special rule relating to protection of the EU’s financial interests. But in any event, the Taricco judgment is a significant contribution toward strengthening the EU’s role in this particular field.

 

EU Anti-Money Laundering legal framework: the race has started again…

by Dalila DELORENZI (FREE Group Trainee)

After two years, the revision of the new EU Anti-Money Laundering (AML) framework has finally come to an end. The 20th May the European Parliament at its second reading has adopted the Fourth Directive AML  (Directive (EU) 2015/849) along with the new Regulation on information on the payer accompanying transfers of funds (Regulation (EU) 2015/847).

The revision was triggered by the necessity to adapt the legal framework to counter new threats of money laundering and terrorist financing and to reflect recent changes due to revised Financial Actiont Task Force (FATF)  Recommendations. In the following lines the new legal framework is presented by including some crucial measures which could represent a real step-up in the fight against money laundering, financing terrorism and tax evasion.

  1. Introduction of an European register of beneficial ownership

The creation of an European register of beneficial ownership has been one of the sticking point and the reason why the text has attracted much more political attention than the latest directives and the negotiations have taken much longer than it was expected.

1.1 Definition of beneficial ownership and the problems caused by “phantom firms”

A beneficial owner  is a natural person – a real, live human being and not another company or trust – who stands behind a company (or trust) as the ultimate owner and controller, directly or indirectly exercising substantial control over the company or receiving substantial economic benefits (such as receipt of income) from the company. If the true owner’s name is disguised, we deal with “anonymous companies”. In a majority of countries, keeping unknown the true owner’s name is perfectly legal and there is typically no requirement to disclose that the names listed are merely front-people.

Such anonymous companies can be created by using “nominees”, people who front the company in place of the true owner, or by incorporating one or more of the companies in a country which does not make details of the beneficial owners publicly available. Also called “phantom firms”, they exist only on paper, with no real employees or office.

Now, it’s certainly true that such entities can also have legitimate uses, but the untraceable company can also be a vehicle of choice for crimes such as money laundering, tax evaders and financier of terrorism.

1.2 The role of anonymous companies in money laundering

Although there are countless ways to launder money, money laundering can be broken down into three stages:

  • Placement: the initial entry of illicit money into the financial system. This might be done by breaking up large amounts of cash into less conspicuous smaller sums that are then deposited directly into a bank account.
  • Layering: the second step consists in the process of separating the funds from their source. This purpose is often followed by using anonymous shell companies: for instance, wiring money to account owned by anonymous shell company.
  • Integration: money re-enter the legitimate economy. For instance, by investing the funds into real estate and luxury assets.
  • That being said, it is clear that these secretive “shell” companies and trusts play a central role in laundering and channelling funds, concealing behind a veil of secrecy the identity of corrupt individuals and irresponsible businesses involved in activities, including tax evasion, terrorist financing, and the trafficking of drugs and people. More precisely, it is impossible for law enforcement officials go back to the real individuals ultimately responsible for the company’s actions and to track the origin of illicit funds.
  • 1.3 The importance of central registers

Continue reading “EU Anti-Money Laundering legal framework: the race has started again…”