J.P. Jacqué : L’AVIS 2/13 CJUE. Non à l’adhésion à la Convention européenne des droits de l’homme ?

par Jean Paul Jacqué

Original published HERE

L’avis 2/13 de la Cour de justice ne peut manquer de susciter la surprise, voir pour certains la réprobation. Saisie par la Commission de l’accord d’adhésion de l’Union à la Convention européenne des droits de l’homme, la Cour constate que cet accord est incompatible avec les traités. Pour la seconde fois, la Cour de justice bloque la voie de l’adhésion. Dans son avis 2/94, la Cour avait estimé que la Communauté ne disposait pas au titre de l’article 235 CE (aujourd’hui 352 TFUE) de la compétence nécessaire pour adhérer à la Convention. Les implications institutionnelles d’une telle opération exigeaient une révision des traités. Celle-ci fut opérée par le traité de Lisbonne dont l’article 6, paragraphe 2, TUE, impose à l’Union d’adhérer à la Convention. L’adhésion a fait l’objet de longues négociations dans le cadre du Conseil de l’Europe avec les Hautes Parties contractantes à la Convention et l’accord qui résultait de celles-ci a été soumis par la Commission à la Cour de justice en application de l’article 218, paragraphe 11, TFUE, afin que celle-ci se prononce sur la compatibilité de l’accord envisagé avec les traités, un avis négatif imposant, soit la révision des traités, soit la renégociation de l’accord. Or tel est le cas puisque dans son avis 2/13 du 18 décembre 2014 rendu en Assemblée plénière, la Cour constate l’incompatibilité de l’accord avec l’article 6, paragraphe 2, TUE et le protocole n°8 relatif à l’article 6, paragraphe 2.

La surprise vient du fait que la Cour s’était exprimée à deux reprises sur la question avant l’ouverture des négociations, notamment en pré-négociant avec la Cour européennes des droits de l’homme, posant des conditions que les négociateurs avaient pris soin de respecteret qu’elle avait suivi avec attention le déroulement de la négociation. Elle vient aussi du fait que la Cour s’oppose aux vingt-huit Etats membres qui soutenaient unanimement le projet d’accord.

Il faut se garder de toute appréciation rapide qui conduirait à penser que la Cour exprime au fond dans cet avis un refus définitif de l’adhésion parce que celle-ci porterait atteinte à son pouvoir exclusif de statuer sur les droits fondamentaux dans l’Union européenne. Une décision judiciaire ne peut être analysée sur la base d’intentions politiques supposées du juge. Il convient avant tout d’examiner avec soin le raisonnement suivi et d’en apprécier les conséquences. En effet, on ne saurait reprocher à la Cour de vouloir préserver les spécificités de l’ordre juridique de l’Union, d’autant plus que le protocole n°8 relatif à l’article 6 l’invitait à suivre cette voie.

Le challenge présenté par l’adhésion n’est pas facile à remporter. La Convention européenne des droits de l’homme est à l’origine un traité interétatique auquel on se propose de faire adhérer une entité de nature fédérale qui n’est certes pas un Etat.

Aussi une système qui s’applique sans difficultés aux parties contractantes étatiques risque s’il est plaqué sans précautions sur l’Union européenne de dénaturer profondément celle-ci. Tout l’enjeu de la négociation consistait à traiter autant que possible l’Union comme un Etat en ce qui concernait les aspects institutionnels (nomination des juges, participation au Comité des Ministres … ) tout en identifiant les points sur lesquels des adaptations étaient indispensables. Il faut saluer l’effort des négociateurs qui ont identifié les problèmes et tenté de les résoudre, même si la Cour de justice estime que leur effort s’est arrêté en chemin et que le résultat est insuffisant. Mais l’ensemble des points évoqués par la Cour a été identifié et traité au cours des discussions. Continue reading “J.P. Jacqué : L’AVIS 2/13 CJUE. Non à l’adhésion à la Convention européenne des droits de l’homme ?”

La guerre des juges n’aura pas lieu. Tant mieux ? Libres propos sur l’avis 2/13 de la Cour de justice relatif à l’adhésion de l’Union à la CEDH

Original published HERE (emphasis added)

par Henri Labayle, CDRE

Il était attendu par beaucoup, craint par certains, espéré par d’autres. L’avis 2/13 de la Cour de justice rendu le 18 décembre 2014 à propos de l’adhésion de l’Union européenne à la Convention européenne des droits de l’Homme est, en définitive, un avis négatif. Le projet d’accord d’adhésion y est, en effet, jugé comme n’étant ni « compatible avec l’article 6 §2 TUE ni avec le protocole n° 8 relatif à l’article 6 §2 du TUE » relatif à l’adhésion de l’UE à la CEDH. En l’état donc, la cohabitation des deux Cours suprêmes européennes au sein d’un même système juridictionnel de garantie des droits fondamentaux est exclue, à l’inverse de ce que la lettre du traité sur l’Union européenne laissait envisager et que les amateurs de rapports de système escomptaient. Avant de s’interroger sur les conséquences de cet avis faisant obstacle à l’adhésion de l’UE à la CEDH, il est bon d’en rappeler le contexte.

1. Contexte

Les relations entre le droit de l’Union et le droit de la CEDH ne sont devenues problématiques que récemment. Longtemps en effet, le silence des traités constitutifs sur la question de la protection des droits fondamentaux a été comblé par des expédients connus de tous. Volontarisme de la Cour de justice et réserve de la Cour européenne des droits de l’Homme ont ainsi permis au juge de Strasbourg et de Luxembourg d’assurer tant bien que mal une cohérence minimale dans la garantie des droits fondamentaux en Europe.

La question n’était pas que de principe. Si, dans un premier temps, la primauté du droit communautaire en fut implicitement l’enjeu, puisque les Cours suprêmes allemandes et italiennes faisait de cette protection des droits fondamentaux dans l’univers communautaire une condition de leur ralliement, ce dernier fut rapidement dépassé, posant de ce fait et qu’on le veuille ou non des problèmes de préséance.

Car, et cela est rarement mis en relief, la position des Etats membres de l’Union, par ailleurs Etats parties à la Convention européenne des droits de l’Homme, est inconfortable par nature puisque la Communauté, hier, comme l’Union aujourd’hui ne sont pas parties à la CEDH. Elle est même devenue progressivement intenable.

La première explication de cette tension nouvelle tient tout simplement à l’élargissement inéluctable des compétences de l’Union. Non pas que les droits fondamentaux soient devenus en eux-mêmes une compétence de l’Union, comme Jean Paul Jacqué a eu maintes fois l’occasion d’en faire la démonstration, mais parce que les nouvelles compétences de l’Union l’ont conduite directement sur le terrain d’exercice de ces droits fondamentaux. A cet égard, la constitution d’un Espace de liberté, sécurité et justice a marqué une irruption directe de l’Union dans le champ des droits fondamentaux, posant ainsi aux Etats membres en charge de l’exécution des politiques migratoires ou sécuritaires des questions redoutables. Des formes et des limites de la lutte contre le terrorisme à l’obligation de secourir les migrants, les occasions de ne plus esquiver le débat se sont multipliées. Les raisons d’un raidissement aussi.

D’autant que la montée en puissance de la protection juridictionnelle des droits fondamentaux au plan européen a mis les Etats membres en situation de devoir, parfois et en cas de contradiction, choisir entre leurs obligations communautaires et leurs devoirs conventionnels.

La tolérance longtemps manifestée par la Cour européenne des droits de l’Homme, des arrêts Cantoni à l’affaire Matthews c. Royaume Uni a donc pris fin avec la jurisprudence fameuse Bosphorus et l’apparition de la doctrine dite de la « protection équivalente ».

En un mot, pour prix de son indifférence, la Cour de Strasbourg y a marqué les limites de sa compréhension dans un paragraphe 156 qui mérite la citation intégrale : pour « que l’organisation offre semblable protection équivalente, il y a lieu de présumer qu’un Etat respecte les exigences de la Convention lorsqu’il ne fait qu’exécuter des obligations juridiques résultant de son adhésion à l’organisation. Pareille présomption peut toutefois être renversée dans le cadre d’une affaire donnée si l’on estime que la protection des droits garantis par la Convention était entachée d’une insuffisance manifeste. Dans un tel cas, le rôle de la Convention en tant qu’« instrument constitutionnel de l’ordre public européen » dans le domaine des droits de l’homme l’emporterait sur l’intérêt de la coopération internationale (Loizidou c. Turquie (exceptions préliminaires), arrêt du 23 mars 1995, série A no 310, pp. 27-28, § 75) ».

Le reste n’est plus que conséquences.

Continue reading “La guerre des juges n’aura pas lieu. Tant mieux ? Libres propos sur l’avis 2/13 de la Cour de justice relatif à l’adhésion de l’Union à la CEDH”

Steve PEERS :The CJEU and the EU’s accession to the ECHR: a clear and present danger to human rights protection

Original published HERE
18 December 2014

At long last, the CJEU has today delivered its ruling regarding the EU’s accession to the European Convention on Human Rights (ECHR). It’s a complex judgment that raises many legal questions. For now, this post seeks to provide: a summary of the ruling; an assessment of the consequences of the ruling; and an initial critique of the Court’s reasoning. On the latter point, the Court’s ruling is fundamentally flawed. In short, the Court is seeking to protect the basic elements of EU law by disregarding the fundamental values upon which the Union was founded.

Background

Back in 1996, in Opinion 2/94, the CJEU ruled that as European Community law (as it then was) stood at that time, the EC could not accede to the ECHR. Only a Treaty amendment could overturn this judgment, and in 2009, the Treaty of Lisbon did just that, inserting a new provision in the Treaties that required the EU to accede to the ECHR (Article 6(2) TEU). That treaty also added a Protocol 8 to the Treaties, regulating aspects of the accession, as well as a Declaration requiring that accession to the ECHR must comply with the ‘specific characteristics’ of EU law.
However, these new Treaty provisions could not by themselves make the EU a contracting party to the ECHR. To obtain that outcome, it was necessary for the EU to negotiate a specific accession treaty with the Council of Europe. After a long negotiation process, this accession treaty was agreed in principle in 2013. Today’s ruling by the CJEU concerns the compatibility of that treaty with EU law.

Summary

At the outset, the CJEU ruled that the case was admissible (paras 144-52), even though the internal rules which will regulate the EU’s involvement in the ECHR have not yet been drafted. In fact, the CJEU said that these internal rules couldn’t be the subject-matter of the opinion, even if they had been drafted. The UK government had reportedly been very angry about the prospect of the CJEU considering these internal rules, so it should be satisfied on this issue.
Next, the Court made some preliminary points (paras 153-77), asserting for the first time expressly that the EU is not a state (para 156); and (in effect) that the EU system is sui generis (para 158), ie in a class by itself, without using that exact Latin phrase. Those critics of the EU who consider it to be a State, and those academics who dislike the sui generis concept, now have some words to eat. The Court also asserted that it was important to ensure the primacy and direct effect of EU law, referring also to the EU’s goals of ‘ever closer union’.

The Court then ruled that the draft agreement was incompatible with EU law, for five main reasons.

Firstly, it did not take account of the specific characteristics of EU law (paras 179-200), in three respects.
It did not curtail the possibility of Member States having higher human rights standards than EU law, even though the CJEU had ruled (in the Melloni judgment of 2013) that Member States could not have higher standards than the EU Charter of Rights, where the EU has fully harmonised the law. The same rule applies to the ECHR, in the Court’s view, and the draft agreement did not take account of this. Similarly, the draft agreement did not provide for the application of the rule of ‘mutual trust’ in Justice and Home Affairs (JHA) matters, which means that Member States must presume that all other Member States are ‘complying with EU law and particularly with the fundamental rights recognised by EU law’, other than in ‘exceptional circumstances’. Also, the agreement failed to rule out the possibility that when applying Protocol 16 to the Convention, which provides for national courts to send questions to the European Court of Human Rights (ECtHR) on the interpretation of the ECHR, those national courts would ask the ECtHR to rule on EU law issues, before they asked the CJEU. This would circumvent the EU’s preliminary ruling procedure.

Secondly, the draft accession agreement violated Article 344 TFEU, which gives the CJEU monopoly on inter-state dispute settlement regarding EU law between Member States (paras 201-14), since it failed to rule out the possible use of the ECtHR to settle such disputes instead.

Thirdly, the co-respondent system set up in the draft agreement, which creates a new type of procedure where both the EU and a Member State could be parties to an ECtHR case, was incompatible with EU law for three reasons (paras 215-35). The problem with this process was that: it would give the ECtHR the power to interpret EU law when assessing the admissibility of requests to apply this process; a ruling by the ECtHR on the joint responsibility of the EU and its Member States could impinge on Member State reservations to the Convention; and the ECtHR should not have the power to allocate responsibility for breach of the ECHR between the EU and Member States, since only the CJEU can rule on EU law.

Fourth, the rules in the draft treaty on the prior involvement of CJEU before the ECtHR ruled on EU law issues were also incompatible with EU law, for two reasons (paras 236-48). They did not reserve to the EU the power to rule on whether the CJEU has already dealt with an issue, and they did not permit the CJEU to rule on the interpretation, not just the validity, of EU law.

Finally, the rules on the Common Foreign and Security Policy (CFSP) were incompatible with EU law (paras 249-57), because a non-EU court cannot be given the power of judicial review over EU acts, even though the CJEU has no such jurisdiction itself as regards most CFSP issues.

Consequences Continue reading “Steve PEERS :The CJEU and the EU’s accession to the ECHR: a clear and present danger to human rights protection”

National security and secret evidence in legislation and before the courts: exploring the challenges

FULL STUDY DOWNLOADABLE HERE
Visit the European Parliament’s Studies website:

EXECUTIVE SUMMARY
This Study examines the way in which justice systems across a selection of EU Member States use and rely on intelligence information that is kept secret and not disclosed to the defendants and judicial authorities in the name of national security.
It analyses the laws and practices in place from the perspective of their multifaceted impact on the EU Charter of Fundamental Rights (in particular its provisions related to the rights of the defence and freedom of information and expression), as well as on wider ‘rule of law’ principles. The analysis is based on a comparative study of the legal regimes, interpretations by domestic and European tribunals as well as key developments and contemporary practices concerning the use of intelligence information as ‘evidence’ and the classification of information as ‘state secrets’ during trials in the name of ‘national security’ in the following seven EU Member States (EUMS): the United Kingdom, France, Germany, Spain, Italy, the Netherlands and Sweden.

The examination has highlighted a number of key research findings.

It first shows a wide variety of national legal systems and judicial practices embedded in domestic historical, political and constitutional trajectories characterising each Member State jurisdiction (see Section 1 of the Study and Annex 5 with detailed Country Fiches).
The United Kingdom and the Netherlands are the only two Member States examined with official legislation allowing for the formal use of classified intelligence information in judicial proceedings. The United Kingdom constitutes an ‘exception’ in the broader EU landscape due to the existence of the much-contested ‘Closed Material Procedures’ (CMPs) – secret court hearings where only the judge and security-cleared special advocates are given access to sensitive intelligence material. The Netherlands operates a system of ‘shielded witnesses’ in courts, allowing intelligence officials to be heard before a special examining magistrate (Sections 1.1. and 1.2 of this Study). Other EUMS analysed (Germany, Spain and Sweden) present indirect judicial practices in which certain evidence may be hidden from a party during trials under a number of conditions (Section 1.3).

Nevertheless, the Study demonstrates that secret evidence is not always legal evidence. In countries such as Germany, Italy or Spain the rights of the defence and the right to a fair trial cannot be ‘balanced’ against national security or state interests as this would directly contravene their respective constitutional frameworks (Section 1.4).

Yet, all EUMS under examination face a number of challenges as regards the difficult and often controversial declassification or disclosure of intelligence materials, which too often lacks proper independent judicial oversight and allows for a disproportionate margin of appreciation by state authorities (Section 1.5 of this Study).

Another issue resulting from the comparative investigation relates to the fuzziness and legal uncertainties inherent to the very term ‘national security’ (as evidenced in Section 1.6 and Annex 3).
While this notion is quite regularly part of political and legal debates in EU and national arenas, the Study reveals that a proper definition of what national security actually means is lacking across a majority of EUMS under investigation.
The few definitional features that appear in EUMS’ legal regimes and doctrinal practices fail to meet legal certainty and ‘rule of law’ standards, such as the “in accordance with the law” test (see below). This too often leads to a disproportionate degree of appreciation for the executive and over-protection from independent judicial oversight, which is further exacerbated in a context where some EUMS have bilateral systems of mutual respect of state secrets with third countries such as the US.
Moreover, the disparities and heterogeneous legal protection regimes among EUMS also mean that EU citizens who are suspects in judicial procedures are protected differently or to divergent degrees across the EU. There are variable ‘areas of justice’ in the EU when it comes to the rights of defence of suspects in cases dealing with national security and state secrets. This diversity is at odds with the ambition of developing a common AFSJ and achieving non discrimination between EU nationals when it comes to the delivery of fundamental rights.

A second key finding of the Study relates to a growing transnational exchange of intelligence and use of these intelligence materials before courts (as developed in Section 2 and Annex 1 of this Study).

The 2013 Snowden revelations provide the general context within which EUMS’ regimes and practices need to be analysed. There has been a growing expansion of intelligence cooperation across the world, which is mainly transatlantic and asymmetrical in nature due to the more prominent role played by the US.
This has strengthened the view that transnational threats require a more extensive sharing of raw data on individuals collected by internet or mobile devices. This trend poses a number of dilemmas from the perspective of judicial accountably and the rule of law (Section 2.1 of this Study). One relates to the difficulties in assessing the quality, lawfulness and accuracy of the information, and the extent to which this very information can be considered ‘evidence’ in trials (Section 2.2). The current reliance on intelligence information is, moreover, problematic in light of insufficient or deferential judicial oversight of executive decisions taken ‘in the name of national security’.
This is particularly also the case in respect of the ways in which the use of state secrets can disrupt government officials’ accountability in cases of alleged ‘wrongdoing’ (Section 2.3).

A third finding concerns an emerging set of European judicial standards from the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU) on issues related to intelligence information, national security and state secrets, in particular when these affect the rights of the defence (refer to Section 3, Annex 1 and Annex 2 of this Study).

One of the most important legal standards when assessing national security and intelligence information is the “in accordance with the law” principle. Continue reading “National security and secret evidence in legislation and before the courts: exploring the challenges”

The End of the Transitional Period for Police and Criminal Justice Measures Adopted before the Lisbon Treaty. Who Monitors Trust in the European Justice Area?

Abstract of a study submitted to the European Parliament Civil Liberties Committee. (LIBE) THE FULL TEXT IS AVAILABLE HERE

Authors: Prof. Valsamis Mitsilegas, Head of Department of Law and Professor of European Criminal Law, Queen Mary, University of London Dr Sergio Carrera, Senior Research Fellow and Head of Justice and Home Affairs Section, Centre for European Policy Studies, CEPS Dr Katharina Eisele, Researcher, CEPS

This Study examines the legal and political implications of the forthcoming end of the transitional period, enshrined in Protocol 36 to the EU Treaties, applicable to legislative measures dealing with police and judicial cooperation in criminal matters and adopted before the entry into force of the Lisbon Treaty. The analysis focuses on the meaning of the transitional period for the wider nature and fundamentals of the European Criminal Justice area and its interplay in the Area of Freedom, Security and Justice (AFSJ). Particular attention is paid to its multifaceted consequences of ‘Lisbonisation’ as regards supranational legislative oversight and judicial scrutiny, not least by the European Parliament in this context, as well as its relevance at times of rethinking the relationship between the principle of mutual recognition of judicial decisions and the fundamental rights of the defence in criminal matters in the AFSJ.

Legal Framework of the Transition

The transitional provisions envisaged in Protocol 36 have limited some of the most far-reaching innovations introduced by the Treaty of Lisbon over EU cooperation in justice and home affairs (JHA) for a period of five years (1 December 2009 to 1 December 2014). Such limits include restrictions on the enforcement powers of the European Commission and of the judicial scrutiny of the Court of Justice of the European Union over legislative measures adopted in these fields before the entry into force of the Lisbon Treaty under the old EU Third Pillar (Title VI of the former version of the Treaty on the European Union). Moreover, Protocol 36 provides for special ‘opt-out/opt-in’ possibilities for the UK. The scope and rules set out in Protocol 36 are of a highly complex and technical nature. The end of the transitional period enshrined in Protocol 36 reveals a complex conglomerate of legal provisions and procedures primarily designed for meeting the interest of some Member States’ governments to limit EU scrutiny, supervision and enforcement powers over national implementation and compliance with European law on police and criminal justice cooperation. This is a critical juncture because the transitional provisions of Protocol 36 come to a formal end on 1 December 2014.

Findings and Challenges

The main legal and political challenges related to the transitional provisions of Protocol 36 are multifaceted. The forthcoming end of the transitional period will only partially address the diverse legal landscape of fundamental rights protection in Europe’s area of criminal justice. The Study argues that the non-participation of the UK in EU legal instruments dealing with suspects’ rights in criminal proceedings undermines severely the effective operability of pre-Lisbon Treaty instruments driven by the mutual recognition principle, such as the European Arrest Warrant, even if from a ‘black letter’ law perspective the UK is entitled to ‘pick and choose’. In addition, the complex legal setting has contributed to creating legal uncertainty and lack of transparency characterising EU criminal justice instruments and their common applicability and implementation across the EU. The ambivalent position of the UK opens up the emergence of different and even competing areas of justice as well as dispersed levels of Europeanisation where enforcement of the principle of mutual recognition and protection of suspect rights are variable and anachronistic across the Union.

That notwithstanding, the Study argues that one of the most far-reaching consequences of the end of the transitional period will be the shifting of supervision on compliance and faithful implementation of EU law on police and criminal justice from domestic authorities in the Member States to EU institutional instances. The end of the transition will most significantly mean the liberalisation of ‘who monitors trust in the AFSJ’. This shift will for the first time ensure transnational legal, judicial and democratic accountability of Member States’ laws and practices implementing EU law in these contested areas, in particular the extent to which EU legislation is timely and duly observed by national authorities.

Protocol 36 does not foresee a formal role for the European Parliament in the decisions involved in the transition. Yet, the Parliament does have responsibility for the partly highly sensitive content of the Third Pillar measures directly affecting the citizens’ rights and freedoms and as co-legislator in post-Lisbon Treaty laws in these same domains. The lack of an effective and independent evaluation mechanism of EU criminal justice instruments based on the principle of mutual recognition poses a major challenge to legal and democratic accountability.

Protocol 36 has primarily aimed at limiting the degree of supranational (EU) legal, judicial and democratic scrutiny concerning EU Member States’ obligations in the EU Area of Justice. The legal patchwork of UK participation in pre- and post-Treaty of Lisbon criminal justice acquis indeed sends a critical signal of incoherency in the current delineation of the European Criminal Justice Area. The Study argues that the varied landscape resulting from the selective participation of the UK in EU criminal law measures poses significant challenges for legal certainty, the protection of fundamental rights in Europe’s area of criminal justice and the overall coherence of EU law.

Article 82(2) TFEU grants express EU competence to legislate on rights of the defence in criminal procedures where necessary to facilitate the operation of the principle of mutual recognition in criminal matters. The legality of post-Lisbon legislation on defence rights is thus inextricably linked with the effective operation of mutual recognition in criminal matters, including of the Framework Decision on the European Arrest Warrant. This is supported by pertinent case law of the Court of Justice of the European Union (CJEU), which ruled against previous UK requests to participate in the Visa Information System, or the Frontex and biometrics regulations on the basis of a teleological and contextual approach focusing on the coherence of EU law.

The Study argues that defence rights should not be negotiable at the expense of citizens’ and residents’ rights and freedoms. There is a direct causal link under EU primary law between the adoption of EU defence rights measures and the effective operation of mutual recognition enforcement instruments. Differing levels of EU Member State commitment to and participation in the fundamental rights of individuals in criminal proceedings run counter to a teleological approach which respects fully the objectives and the integrated nature of the AFSJ.

Recommendations

Increasing Coherency and Practical Operability: Suspects Rights as Sine qua non

The transition envisaged in Protocol 36 may well lead to incoherency and practical inoperability of the European Criminal Justice Area. The European Parliament as co-legislator in EU criminal justice law has an active role to play at times of ensuring that a common understanding of ‘ensuring coherency’ and ‘practical operability’ of the EU AFSJ is firmly anchored on strong defence rights and fair trial protection (rights of suspected or accused persons) and a sound rule of law-compliant (on-theground) implementation across the domestic justice arenas of EU Member States.

Promoting Consolidation and Codification — Better Linking of Mutual Recognition and Rights of Suspects in Criminal Proceedings

The European Parliament should give priority at times of implementing previous inter-institutional calls for consolidation and even codification of existing EU rules and instruments dealing with judicial cooperation in criminal matters. The new LIBE Committee should follow up the calls outlined in the European Parliament Report with recommendations to the Commission on the review of the European Arrest Warrant (2013/2109(INL). This should go along with the full accomplishment of the EU Roadmap of suspects’ rights in criminal proceedings as well as the procedural rights package.

Implementation and Evaluation — A Stronger Democratic Accountability

The European Parliament should give particular priority to better ensuring Member States’ timely and effective implementation of pre- and post-Lisbon Treaty European criminal law. An effective and independent evaluation mechanism should be developed following the template provided by the new 2013 Schengen Evaluation Mechanism, in which the European Parliament has played a role in the decision-making and implementation. This template should be followed at times of implementing any future system for criminal justice cooperation.

The Study starts by situating the discussion and briefly explaining the material scope and particulars featuring the transitional period in Protocol 36 in Section 2. Section 3 then moves into locating the debate in the specific context of the UK, and outlining its casuistic or privileged position in respect of the expansion of `supranationalism’ over EU police and criminal justice cooperation. Section 4 identifies a number of cross-cutting dilemmas and challenges affecting the transitional period, in particular those related to the impact of activating the Commission and Luxembourg Court’s legal and judicial scrutiny powers, questions of incoherencies due to UK’s variable participation and the obstacles to practical operability. Section 5 lays down three potential scenarios for the way forward in what concerns issues of fragmentation and coherence, reforming old EU Third Pillar law and the EAW while ensuring their added value, and questions related to implementation, consolidation and codification of EU criminal law. Section 6 offers some conclusions and puts forward a set of policy suggestions to the European Parliament and its LIBE Committee.

Towards a Declaration of Internet Rights

by Professor Stefano RODOTA’ (FREE Group member) (*)

For many years there has been a wide discussion about the possibility of adopting an Internet Bill of Rights, and debates have produced a considerable number of proposals. The Berkman Centre at Harvard University counted 87 of such proposals, to which we can add the Internet Magna Charta that Tim Berners-Lee is working on, and lastly the Declaration of the Rights of Internet Rights that has been drafted by a Committee established by the President of the Italian Chamber of Deputies. The novelty of the latter is that for the first time the proposal of an Internet Bill of Rights has not been produced by scholars, associations, dynamic coalitions, enterprises, or groups of stakeholders, but by an institutional entity.

It is necessary to recall that the debate on this topic dates back to the World Summit on the Information Society organised in 2005 by the UN in Tunis, where the need for an International Convention on Internet rights was explicitly underlined. This subject was deepened in the following UN Internet Governance Forums. But the international debate was progressively turned into precise rules within the European Union, even before the issue of the Internet Bill of Rights appeared in the international arena. These are not, however, parallel situationsdestined not to meet at any point. The European Union progressively brought to light the constitutional basis of the protection of personal data, finding its full recognition in Article 8 (**) of its Charter of Fundamental Rights. Here a strong similarity with the Internet Bill of Rights is identified, and it concerns precisely the constitutional scope of rules.

We are going through a phase of deep change in the way in which we are facing the problems highlighted by the Internet dynamics, in the passage from Web 1.0 to Web 2.0 and now to Web 3.0. It is not just a matter of following technological changes by adjusting legal provisions to suit them. A new definition is being developed of the rationale driving actions in this area, through a radical U-turn as regards the dynamics of the latest phase. A possible historical turning point is ahead of us, whose/that’s opportunities must be seized.

It seemed that an approach had become consolidated, which left little room to rights. From Scott McNealy’s abrupt statement of 1999 – “You have zero privacy. Get over it” – up to the recent hasty conclusion by Mark Zuckerberg about the end of privacy as a “social rule”, a line characterised by the intertwining of two elements emerged: technological irresistibility and the primacy of the economic logic. On the one side, in fact, it was highlighted how technological innovations and the new social practices made it increasingly difficult, not to say impossible, the safeguard of one’s private life and of the public liberties; on the other side, the statement on the “death of privacy” had become the argument to state that personal information had to be considered as property of those who collected it.

These certainties were radically challenged by Edward Snowden’s disclosure on the magnitude of the National Security Agency’s Prism programme and by the judgements of the European Court of Justice on data retention and Google. The idea according to which the protection of fundamental rights shall give way to the interests of security agencies and enterprises was rejected.

A new hierarchy has been established, with the fundamental rights as the first and starting point. The US President had to admit the inadmissibility of the procedures provided for by the Prism program and the Court of Justice, with its decision of 8th April, that declared that the Directive on data retention was illegal. And in the Google case the same Court explicitly stated that “the fundamental rights under Articles 7 and 8 of the Charter (…) override, as a norm (…) the economic interest of the operator of the search engine”, in a perspective broadening the European Union’s jurisdiction beyond its borders.

We are faced with a true “resurrection of privacy” and, more generally, with the primacy of the need and legitimacy of rules effectively protecting the rights of Internet users. Making reference to article 8 of the Charter, the Court of Justice was acting as a true constitutional court, opening a new and wide perspective.

The Italian initiative

This is the framework within which the Italian initiative on the Declaration of Internet Rights was adopted. Its goal is not limited to having a text to be used for national debate only.

The establishment of the Committee that drafted the document, in fact, was preceded by an international conference gathering some of the authors of the Brazilian Marco Civil, the representatives of European Institutions, and several experts from different Countries.

The text drafted by the Committee was presented on 13th October during a meeting at the Chamber of Deputies with the Presidents of the Parliamentary Committees of Member Countries in charge of fundamental rights.

The present draft is now submitted to a four-month public consultation on the Internet, at the end of which the Committee will draft the final text. Such consultation, however, is also being carried out at a European and international level, as shown by the contacts with other European Parliaments and by the video conference that will be held at the beginning of December between the Italian and the French Committees. Consultations are also taking place with experts and associations from non-European Countries.

An ambitious target was set: drafting a text allowing a common international debate, accompanied by a constant monitoring by the Chamber of Deputies. The goal is not limited to working in the complex and remote perspective of an international convention. Short-term and feasible results can be achieved, concerning the strengthening of the European system, its developments and the relationships with other countries, and most of all the consolidation of a culture highlighting common dynamics in the different legal systems. In this way, the debate around a future Internet Bill of Rights may lead to the awareness that in the different legal systems several elements already exist that, once connected to one another, establish an informal Internet Bill of Rights. An evidence of such trend is found in the decisions of the Courts of the different Countries and in the choice of legislative models, as shown by the clear influence of the European model on the Brazilian Marco Civil.

The Italian Declaration is characterised by a fundamental choice. Differently from almost all the other ones, it does not contain a specific and detailed wording of the different principles and rights already stated by international documents and national Constitutions. Of course, these are generally recalled as an unavoidable reference. But the attempt of the Declaration, as a matter of fact, was to identify the specific principles and rights of the digital world, by underlining not only their peculiarities but also the way in which they generally contribute to redefining the entire sphere of rights.

The key words – besides the most well-known ones concerning the protection of personal data and the right to the informational self-determination – include access, neutrality, integrity and inviolability of IT systems and domains, mass surveillance, development of digital identity, rights and guarantees of people in Internet platforms, anonymity and right to be forgotten, interoperability, right to knowledge and education, and control over Internet governance. The importance of the needs linked to security and to the market is obviously taken into consideration, but the balancing of these interests with fundamental rights and freedoms cannot take place on equal terms, in the sense of ensuring first and foremost the full respect for rights and freedom according to the clear provisions of the Charter of Fundamental Rights and to European case law.

In particular, security needs shall not determine the establishment of a society of surveillance, control and social sorting. Economic needs are taken into consideration in the framework of the neutrality principle that, by guaranteeing the generative nature of the Internet, keeps the possibilities for innovation unchanged, and prevents strong subjects from creating conditions of exclusion of possible competitors. Furthermore, whenever Internet platforms provide public services that are essential for the life and the activities of people, it is necessary to guarantee the conditions for a suitable interoperability in compliance with the principle of competition and equal treatment of people.

Provided that not all the issues can be analysed in this document, it is suitable recalling the need to consider the access to the Internet as a fundamental right of individuals (Tim Berners-Lee compared it to the access to water), as an essential guarantee not only against any form of censorship, but also against indirect limitations, such as taxation as it is presently happening in Hungary. The set of rights recognised do not guarantee a general freedom on the Internet, but specifically aims at preventing the dependency of people from the outside, the expropriation of the right to freely develop one’s personality and identity as it may happen with the wide and increasing use of algorithms and probabilistic techniques. The autonomy in the management of personal data, therefore, shall also consider new rights as those not to be tracked and to keep silent the chip. This perspective requires a particular in-depth analysis, since a deeply interconnected society is being developed, with a passage to Internet of Things in forms that have suggested some people to speak of an Internet of Everything, which determines a digitalisation of day-to-day lives that is able to transform any person and their bodies.

People cannot be reduced to objects of external powers, they must recover the sovereignty on their digital person. Identity is a key issue. The free development of one’s personality must be safeguarded.

Starting from this set of references, it is necessary to thoroughly examine the issue of the transformation of copyright, whose analysis was postponed to the end of the consultation, since knowledge on the Internet appears as a shared asset that can be considered as a common global resource.

A broader perspective is therefore opened by the Italian draft Declaration, in consideration of the large amount of topics to be tackled and the debate between different points of view; and such Declaration is significantly in line with the European Union policy that particularly emphasises the Charter of Fundamental Rights. The unquestionable aspect is the need to fine-tune a constitutional policy for the Internet, whose users – presently amounting to three billion people – cannot rely on a freedom guaranteed by the absence of rules, as it is still presently stated.

The reality is very different, showing an interconnected network heavily regulated by private subjects that cannot be controlled and that have no democratic legitimation, as it happens – beyond any disputes – with the “Over the Top” operating on the Internet. Internet rights are denied by totalitarian regimes and, unfortunately, by democratic regimes as well. The perspective of a Declaration of Internet rights aims at developing – through procedures different from the ones of the past – the constitutional rules that are fundamental in order to allow the Internet to keep its main feature as a place of freedom and democracy, as the widest space of the history of mankind.

NOTE

(*) Intervention at the Friedrich-Ebert-Stiftung –FREE Group experts meeting on :
Internet: only a “single digital market” or also a space to promote fundamental rights – Towards a European “Marco Civil”? (November 12, 2014). The main idea of this experts’ conference has been to have a first look to the impact of the EU Digital Agenda on fundamental rights as framed by the Treaties, the EU Charter and the recent CJEU jurisprudence (Data retention, Google Case..). As stated by the Charter the individual should be at the center of all EU policies and this objective underpins the recent proposal for an Internet Bill Of Rights of the Italian Chamber of Deputies as well as other national examples (Brasilian “Marco Civil” and recent US initiatives at government, congress and civil society level).
Bearing in mind that EU is competent on most of the aspects dealing with Internet the question arises how to preserve and promote individual rights notably in the pending negotiations on legislative proposals notably on Data Protection, Net Neutrality and Network Security (NIS). Moreover what should be the future initiatives to be developed by the a new Commission’s legislative programme impacting on Internet ? How the future EU single digital market could preserve the principles of non-discrimination, and of informational self determination by strengthening the access to internet as a public common good ?
Together with Stefano Rodotà took also part to the Seminar
Claude Moraes Chairman of the European Parliament Civil liberties Committee (which adopted in 2009 a first Internet Bill of Rights resolution)
Jan Philipp Albrecht EP Rapporteur for the Data Protection Regulaiton and for the transatlantic “umbrella” Agreement
Paul Nemitz Director at the European Commission
Giovanni Buttarelli, Assistant European Data Protection Supervisor
Marc ROTENBERG Professor at the Georgetown University and Director of EPIC and Marie GEORGES expert at the Council of Europe
as well as Joe Mc Namee, Executive Director, European Digital Rights (EDRi).

(**) Article 8 Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority

Tarakhel v Switzerland: Another nail in the coffin of the Dublin system?

ORIGINAL PUBLISHED HERE

by Professor Steve Peers (FREE Group Member)

Introduction

Despite the EU’s purported adherence to high standards of human rights protection, the EU’s Dublin system, which allocates responsibility for each asylum-seeker’s application to a single Member State, has repeatedly run foul of human rights standards. Yesterday’s judgment of the European Court of Human Rights (‘ECtHR’, or ‘Strasbourg Court’) in Tarakhel v Switzerland, and the recent judgment of the same court in Sharifi v Italy and Greece, have further confirmed the problems in making this system compatible with ECHR obligations.

In fact, the Tarakhel judgment goes further than the prior judgments, which had merely exposed the lack of sufficient human rights protection in the EU legislation, as applied by Member States. Rather, it is now clear that the approach of the Court of Justice of the European Union (CJEU) in interpreting the Dublin rules is also incompatible with the ECHR.

Background

The Dublin rules initially appeared as part of the Schengen Convention, which bound only certain Member States. They were then set out in the form of the Dublin Convention,signed in 1990. This Convention was replaced by an EC Regulation (known as the ‘Dublin II Regulation’) from 2003. That Regulation was in turn replaced by the Dublin III Regulation, adopted in 2013, which applies to all applications made after 1 January 2014. Furthermore, the Dublin rules have been extended to the non-EU countries associated with the Schengen system, by means of treaties with Norway and Iceland on the one hand, and Switzerland and Liechtenstein on the other.

The previous leading cases on the compatibility of the Dublin regime with human rights were (for the Strasbourg court) the 2011 judgment in MSS v Belgium and Greece, and (for the CJEU) the judgment in NS, delivered later that same year. In MSS, the ECtHR ruled that Greece had violated Article 3 ECHR (the ban on torture or other inhuman or degrading treatment) in three ways: its treatment of the Afghan asylum-seeker in question in detention; its failure to secure adequate living conditions for him after release from detention; and its highly deficient asylum procedure. The evidence of these violations was found in numerous reports by NGOs and international bodies. The Court also ruled that Belgium had violated Article 3 ECHR because it had returned the same asylum-seeker to Greece (in accordance with the Dublin rules), even though it must have known of the situation there. For good measure, the Court also ruled that Belgium had violated Article 13 ECHR (the right to an effective remedy), since Belgium did not provide for sufficient reviews of the merits in cases such as this one.

Subsequently, the CJEU ruled in NS that asylum-seekers could not be returned to Greece, pursuant to the Dublin rules, because of systematic deficiencies in the asylum system in that country. Removals in such cases would constitute a breach of Article 4 of the EU Charter of Fundamental Rights (the equivalent of Article 3 ECHR). However, the Court distinguished such major breaches of fundamental rights from minor violations of EU or international rules relating to refugees, which would not require Member States to refrain from applying the Dublin rules.

Before the ECtHR could rule in Tarakhel, the CJEU clarified its position in its judgment in Abdullahi, delivered late in 2013. The Court started out by emphasising the presumption that all EU Member States protected human rights, noting that there was now second-phase legislation establishing the Common European Asylum System. It then characterised the Dublin rules as essentially regulating the relationship between Member States, referring in particular to the optional ‘sovereignty’ and ‘humanitarian’ clauses in the Dublin II Regulation, as well as the possibility of conciliation or separate arrangements between Member States. It followed that when two Member States agreed which of them was the Member State of first authorised entry (triggering responsibility under the Dublin rules), an asylum-seeker could ‘only’ challenge that decision by ‘pleading systemic deficiencies in the asylum procedure and in the conditions for the reception of applicants for asylum’ in the Member State which was deemed responsible for the asylum application.

Finally, the recent Sharifi judgment pf the Strasbourg Court established that Italy’s interception of asylum-seekers from Greece in the Adriatic, and their forced return to Greece, violated Article 3 ECHR as well as the ban on collective expulsions in the Fourth Protocol to the ECHR. In doing so, it confirmed a key corollary of the MSS ruling: Member States breach the ECHR if they stop asylum-seekers fleeing an unsafe country directly from crossing their borders. Although the rules on freedom to travel for third-country nationals in the Schengen Convention do not give asylum-seekers the right to move between Schengen States (unless, improbably, they have a visa or residence permit, or the visa requirement is waived for their country of origin), the ECHR nevertheless gives asylum-seekers the freedom to travel between Schengen countries (or any States) in such circumstances. Also, the right to move to another country extends beyond the three-month time limit on intra-Schengen travel, since asylum-seekers can in principle stay until their claim is finally rejected.

The Tarakhel judgment

Yesterday’s judgment concerned a family of eight Afghans, who entered the EU by crossing the Italian border first. This made Italy responsible for their applications under the Dublin rules. However, the family soon left the asylum-seekers’ reception centre which they were assigned to in Italy, on the grounds that conditions there were inadequate for families. They moved to Austria, which triggered the Dublin rules, asking Italy to take charge of them. Italy agreed, but before their transfer to Italy could be carried out, they moved on to Switzerland. That country in turn asked Italy to take charge of the family; Italy tacitly accepted.

However, they challenged their removal to Italy on the grounds that their treatment in that country, if they were removed there, would violate Article 3 ECHR. They lost their case in the Swiss courts, so asked the ECtHR to rule that their removal to Italy would constitute a breach of Article 3, as well as Article 8 ECHR (the right to family life). They also alleged a breach of Article 13.

The ECtHR rejected the Article 13 claim on the merits, since the Swiss courts had examined the merits of their legal arguments and they were allowed to stay on Swiss territory in the meantime. It held that it was not necessary to examine the Article 8 argument. Most importantly, by a majority of 14-3, it found that there was a breach of Article 3 ECHR.

Yet there are important differences between the MSS judgment and the Tarakheljudgment. Yesterday’s judgment does not state that Italy’s asylum system has effectively collapsed, as was the case in Greece. In particular, there were no allegations in Tarakhelrelating to flaws in Italy’s asylum procedures, or as regards detention. The argument instead was solely about living conditions in Italian detention centres.

The ECtHR began by reiterating its case law from MSS about reception conditions for asylum-seekers. While Article 3 ECHR did not guarantee a home or financial assistance, in cases involving EU Member States the Court took account of their specific obligations in that respect under the EU’s reception conditions Directive. Also asylum-seekers were an ‘underprivileged and vulnerable group’, and it was possible that extreme poverty could raise issues under Article 3. The Court also referred to other prior case law on the need to ensure that child asylum-seekers, who were in a position of ‘extreme vulnerability’, enjoyed ‘protection and humanitarian assistance’.

Next, the Court reiterated the usual rule that Article 3 prevents removal if ‘substantial grounds have been shown for believing’ that there is a ‘real risk’ of treatment contrary to Article 3 in the state of destination. The same rule could be used to rebut the assumption that countries applying the Dublin system were all safe. In this context, the ECtHR referred to the CJEU’s ‘systemic deficiencies’ test set out in the judgment in NS, but made no reference to the ruling in Abdullahi that this was the ‘only’ ground for challenging the application of the Dublin rules. However, the ECtHR also ‘notes’ the recent EM judgmentof the UK Supreme Court, which expressly stated that ‘systemic deficiencies’ were not the only ground for such challenges. Overall, the Court stated that these tests had to be applied by examining ‘the applicant’s individual situation in light of the overall situation prevailing’ in the state of destination.

Applying these rules to this case, the applicants had made three complaints about the situation of the Italian reception system. The first complaint, about the slowness of identification procedures, was dismissed out of hand, since the applicants had in fact been identified quickly. As for the second complaint, the Court accepted the evidence that there were not enough places for all asylum applicants. Thirdly, as for the reception conditions within the available facilities, a number of problems had been identified by the UNHCR and the Council of Europe’s Human Rights Commissioner.

Taken as a whole, then, the Court ruled that the ‘current situation in Italy can in no way be compared to the situation in Greece at the time of the MSS judgment’, where only a small fraction of asylum-seekers could be accommodated and ‘the conditions of the most extreme poverty…existed on a large scale’. So there could not be ‘a bar to all removals of asylum seekers to that country’. Having said that, the Court accepted that there was some risk that asylum-seekers might not get accommodation, or that the accommodation would be inadequate.

As for the individual position of the applicants, that was not comparable to the facts of theMSS case either. The family in this case were taken care of immediately by the Italian government, rather than detained and then left to fend for themselves. But again, having said that, the Court was concerned that, in light of the vulnerability of asylum-seekers, and children in particular, there was no guarantee of (adequate) accommodation for families seeking asylum in Italy. So Switzerland could not send the family to Italy unless they obtained sufficient assurances on this point. This alone constituted a breach of Article 3 ECHR.

Interestingly, the majority judgment makes no reference to the alternative possibility of asylum-seekers obtaining private family housing at the expense of the State, which the CJEU developed in its recent Saciri judgment on the reception conditions Directive.

Comments

With great respect, there are many flaws with the CJEU’s judgment in Abdullahi. That judgment confuses Regulations (directly applicable in national legal systems) with Conventions (essentially governing relations between States). It places undue reliance on provisions of the Dublin II Regulation which were never applied in practice (conciliation) or were irrelevant to the case at hand (separate arrangements between Member States). It ignores the CJEU’s own case law on the ability to challenge Member States’ application of the Dublin II rules as regards unaccompanied minors (MA), humanitarian situations (K) or withdrawn applications (Kastrati). Its scope is unclear: does it only apply when Member States agree that the criterion regarding irregular entry is applicable, or in other cases as well? In any event, the judgment needs to be rethought in light of the Dublin III Regulation, which considerably expanded the procedural rights of asylum-seekers in the Dublin context. Why do that, if they can only challenge their transfer if there is a complete breakdown in the asylum system of the State responsible for their application?

But the most fundamental flaw in the Abdullahi judgment is exactly that: the CJEU’s statement that at least in some cases, the determination of the responsible Member State can ‘only’ be challenged if there are ‘systemic deficiencies’ in the asylum system of that State. Is that statement still correct after Tarakhel?

Certainly the statement is wrong if the CJEU meant (as it appeared to say) that both the asylum procedure and the reception conditions systems have to have failed in the responsible Member State, before a transfer to that State can be challenged. In Tarakhel, there is no issue raised regarding the asylum procedure in Italy. More generally, the Italian reception system is not in complete breakdown: the Tarakhel family faces neither extreme poverty nor vile detention conditions, but merely some risk that accommodation will either not be available or that it will be somewhat unpleasant. Accordingly, the Swiss obligations are nuanced: there is no ban on transfers, merely a procedural obligation to make arrangements with the Italian authorities.

It isn’t clear whether Tarakhel abandons the CJEU’s assumption that only ‘systemic deficiencies’ in the asylum system of a responsible State can justify a challenge to a Dublin transfer, or whether the judgment merely modifies the notion of ‘systemic deficiencies’ considerably, lowering the threshold for its application. On the first hypothesis, ‘systemic deficiencies’ are just one example of a situation that could lead to rebuttal of the assumption that another Dublin State is safe. Uncertainty about adequate reception conditions for families is another. But surely this cannot be an exhaustive list.

On the second hypothesis, a ‘systemic deficiency’ would not exist only where an asylum system had entirely collapsed, but where some particular aspect of the system was malfunctioning regularly to some extent. By analogy, a car needs to be fixed not only when the brakes entirely fail to work, but also when the windshield wipers occasionally malfunction. The risk is far greater in the first case, but the second case shouldn’t be ignored either. Again, the problems in Tarakhel cannot be the only example of a flaw in the asylum system of a responsible Member State that needs to be fixed before asylum-seekers can be transferred there.

There isn’t much difference between these two possible interpretations of Tarakhel. Although the first interpretation is in principle more open-ended than the second one, it shouldn’t take too much imagination to argue that any particular problem an asylum-seeker might face in the responsible Member State is ‘systematic’ in this very broad sense. The second interpretation does give the CJEU more leeway to back down from its head-banging judgment in Abdullahi, and explain that this was also what it had meant by ‘systemic deficiencies’ all along.

Of course, given the strong insistence on the efficiency of the Dublin system in theAbdullahi judgment, this is obviously not what the Court had meant at the time. Yet the clear message from the Tarakhel case is that there is not a simple binary distinction between cases when all Dublin transfers should stop, on the one hand, and cases when all Dublin transfers should go ahead at full speed, on the other. Instead, like a traffic light, yesterday’s judgment creates an intermediate category of cases in which national administrations must proceed with caution. This will undoubtedly make the Dublin system more costly and complex to administer, but that is often the only way to ensure that human rights are protected effectively.

Barnard & Peers: chapter 9, chapter 26

THE PROPOSED GENERAL DATA PROTECTION REGULATION: SUGGESTED AMENDMENTS TO THE DEFINITION OF PERSONAL DATA

by Douwe Korff, Professor of International Law

(and FREE Group Member)

Background

In a recent judgment (discussed previously on this blog) the third chamber of the CJEU has ruled that the concept of “personal data” in the 1995 data protection (DP) directive is limited to data directly relating to a person, and does not include legal analyses in the file on the person, on which the state (NL) relied in taking its decisions in relation to that person (Joined Cases C-141/12 and C-372/12). I believe the Court’s restriction of the concept is wrong and contrary to the intended purpose of data protection; and should be corrected in the new General Data Protection Regulation.

First of all, the Court based itself on the, in my opinion erroneous, view that the 1995 EC DP Directive was solely aimed at protecting privacy. In particular, it felt that the right of data subjects to access to their personal data should not extend to a legal analysis of their case, contained in a file on them, because (in the Court’s view) such an analyses “is not in itself liable to be the subject of a check of its accuracy by [a data subject]”, and data subjects should not be able to use data protection to seek a rectification of such an analysis (cf. para. 44 of the judgment).

Secondly, the Court also relied on the fact that data of the kind at issue in the joined cases was administrative data held by a public authority and, drawing a parallel with EU regulations on privacy and access to documents, held that access to the legal analysis should be addressed under the latter rules rather than the former. This failed to take into account the fact that the EU rules referred to apply only to public (i.e., EU) bodies, whereas the 1995 DP Directive applies also, and in indeed especially, to private-sector bodies (in particular companies) that are not subject to public-sector rules on access to administrative data.

The Court’s judgment, in sum, seriously limits the concept of personal data and the right of access to one’s personal data, and thus seriously limits the application of the entire EU data protection regime. It leaves individuals with seriously less rights in respect of data on them (or relating to them, or used to take decisions on them, or that affect them) than was previously thought.

Specifically,the judgment runs directly counter to the authoritative 2007 Article 29 Working Party (WP) Opinion on the concept of personal data (Opinion 4/2007, WP136, of 20 June 2007). This first of all noted that the purpose of data protection is not limited to a narrow concept of privacy – as is indeed also clear from the fact that data protection is guaranteed in the Charter of Fundamental Rights (CFR) as a separate right, sui generis, from the right to private life/privacy (data protection is guaranteed in Article 8 CFR; Privacy in Article 7 CFR). Astonishingly, given that the WP29 is expressly charged with providing guidance on the interpretation and application of the 1995 DP Directive, the Court did not even mention either the Working Party or this specific opinion.

In the opinion, the Working Party discussed four elements of the definition, from which it deduces the appropriate criteria for determining whether data should be regarded as personal data within the meaning of the directive. They can be paraphrased as follows:

The first element: “any information”:

The WP concludes that these words indicate that the concept of personal data should be interpreted broadly, and not limited to matters relating to a person’s private and family life stricto senso (as has wrongly been done in the UK under the Durant decision, and as appears to also underpin the Court’s judgment). It also covers information in any form, including documents, photographs, videos, audio and biometric data, body tissues and DNA.

The second element: “relating to”:

In general terms, information can be considered to “relate” to an individual when it is about that individual. However, data about “things” can also be personal data, if the object in question is closely associated with a specific individual (e.g., mobile phone location data). This is of increasing importance in the era of the Internet of Things. Important in relation to the CJEU judgment, the WP29 adds the following consideration, with reference to an earlier opinion, on radio frequency identification (RFID) tags, WP105 of 19 January 2005 (original italics and bold; underlining added):

In the context of discussions on the data protection issues raised by RFID tags, the Working Party noted that “data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated.“…

[I]n order to consider that the data “relate” to an individual, a “content” element OR a “purpose” element OR a “result” element should be present.

The “content” element is present in those cases where – corresponding to the most obvious and common understanding in a society of the word “relate” – information is given about a particular person, regardless of any purpose on the side of the data controller or of a third party, or the impact of that information on the data subject. (…)

Also a “purpose” element can be responsible for the fact that information “relates” to a certain person. That “purpose” element can be considered to exist when the data are used or are likely to be used, taking into account all the circumstances surrounding the precise case, with the purpose to evaluate, treat in a certain way or influence the status or behaviour of an individual. (…)

A third kind of ‘relating’ to specific persons arises when a “result” element is present. Despite the absence of a “content” or “purpose” element, data can be considered to “relate” to an individual because their use is likely to have an impact on a certain person’s rights and interests, taking into account all the circumstances surrounding the precise case. It should be noted that it is not necessary that the potential result be a major impact. It is sufficient if the individual may be treated differently from other persons as a result of the processing of such data.

These three elements (content, purpose, result) must be considered as alternative conditions, and not as cumulative ones. In particular, where the content element is present, there is no need for the other elements to be present to consider that the information relates to the individual. A corollary of this is that the same piece of information may relate to different individuals at the same time, depending on what element is present with regard to each one. The same information may relate to individual Titius because of the “content” element (the data is clearly about Titius), AND to Gaius because of the “purpose” element (it will be used in order to treat Gaius in a certain way) AND to Sempronius because of the “result” element (it is likely to have an impact on the rights and interests of Sempronius). This means also that it is not necessary that the data “focuses” on someone in order to consider that it relates to him. …

The “legal analyses” that the CJEU ruled were not personal data are clearly covered by the above: they are the very basis on which the data subjects in questions (asylum seekers) were “treated” and “evaluated”. To apply the reasoning of the Working Party: they determine whether Titius should be treated the same way as Gaius or not; and they may also have an impact on the rights and interests of Sempronius.

This is also crucially important in relation to “profiles”. Under the judgment, states and companies could argue that individuals should also not have a right to challenge the accuracy of a profile, any more than the accuracy of a legal analysis; and that, indeed, they are not entitled to be provided on demand with the elements used in the creation of a profile. After all, a profile, by definition, is also based on an abstract analysis of facts and assumptions not specifically related to the data subject – although both are of course used in relation to the data subject, and determine the way he or she is treated.

In my opinion, the above is the most dangerous limitation flowing from the Court’s judgment.

The third element: “identified or identifiable”:

Although this issue did not arise in the CJEU cases, it is still crucial, in particular in relation to the ever-increasing and ever-more-widely-available massive sets of “Big Data”. In the opinion of the WP, the core issue is whether a person is, or can be, singled out from the data, whether by name or not. A name sometimes suffices for this, but often not, while a photograph or an identity number often does allow such singling out even if no other details of the person are known. In relation to pseudonymised or supposedly anonymised data, the WP concluded (with reference to the recitals in the 1995 directive) that the central issue is whether the person can be identified (singled out), whether by the data controller or by any other person, “taking account of all the means likely reasonably to be used either by the controller or by any other person to identify that individual.”

The fourth element: “natural person”:

In principle, personal data are data relating to identified or identifiable living individuals. There are some issues relating to data on deceased persons and unborn children: these can often still (also) relate to living individuals, in the way discussed above, and would then still be personal data in relation to those latter individuals. Data on legal entities can sometimes also, similarly, relate to living individuals associated with those entities. Also, in some contexts some data protection rights are expressly extended to legal persons (companies etc.) per se, in particular under the so-called “e-Privacy Directive”. But that is a special case. This too, however, was not an issue relevant to the CJEU judgment.

Until the CJEU judgment, it could be assumed that as long as the General Data Protection Regulation used the same definition of personal data as the 1995 DP Directive, the above elements and criteria could simply be read into the new instrument.

However, the judgment could result in the definition in the GDPR being read in accordance with the Court’s restricted views, rather than in line with the WP29 guidance.

In my opinion, if the EU wishes to retain a strong European data protection framework, as is often asserted, it is essential that the GDPR expressly (if of course briefly) endorses the WP29 view of the issue, rather than the CJEU’s one.

Below, I suggest amendments to the definition of the concept of personal data in the GDPR that would achieve that (some further amendments should be made to the recitals).

Proposed amendments to the GDPR

As can be seen from the Annexes, with the different definitions of personal data and data subject in the Commission text of the GDPR and in the amended version of the Regulation adopted by the EP (and with the corresponding definitions in the current 1995 DP Directive), the definitions all say in essence that:

‘personal data’ means any information relating to a data subject (with ‘data subject’ then defined as “an identified or identifiable natural person”), or:

‘personal data’ means any information relating to an identified or identifiable natural person which comes to the same thing (and is in accordance with the current directive).

The EP text adds clarification on when a person can be regarded as “identifiable”, on the lines of the views of the Article 29 Working Party (drawing on a recital in the current directive); and more specific provisions on “pseudonymous data” and “encrypted data”.

However, neither text adds clarification on the question of when data can be said to “relate” to a (natural, living) persons – which is the issue so badly dealt with in the CJEU judgment.

I propose that the definition of “personal data” in the GDPR be expanded to expressly clarify the question of when data can be said to “relate” to a person, by drawing on the guidance of the Article 29 Working Party set out above; and by also expressly clarifying that “profiles” always “relate” to any person to whom they may be applied. Specifically, I propose that an additional paragraph be added to Article 2(2), spelling out that:

“data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in [Article 20 in the Commission text/Article 4(3a) of the EP text] by their nature relate to any person to whom they may be applied.”

The Annexes indicate more specifically how such an amendment could be incorporated into the current (Commission and EP) texts of the Regulation.

Annex I

PROPOSED AMENDMENTS TO ARTICLE 4 OF THE GENERAL DATA PROTECTION REGULATION:

(Added or amended text in bold)

The proposed amendments if applied to the Commission text:

(1) ‘data subject’ means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;

(2) ‘personal data’ means any information relating to a data subject;

(2a) data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in Article 20 by their nature relate to any person to whom they may be applied.

The proposed amendments if applied to the EP text:

(2) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’);

(2a) an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person;

(2b) data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in paragraph (3a) by their nature relate to any person to whom they may be applied.

(2c) ‘pseudonymous data’ means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution;

(2d) ‘encrypted data’ means personal data, which through technological protection measures is rendered unintelligible to any person who is not authorised to access it;

NB: The actual Commission and EP texts are set out in Annex II

Annex II

The definition of “personal data” in the original Commission text of the GDPR and in the amended version of the Regulation adopted by the European Parliament:

Text proposed by the Commission	Amendment
Definitions	Definitions
For the purposes of this Regulation:	For the purposes of this Regulation:
(1) ‘data subject’ means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;
(2) ‘personal data’ means any information relating to a data subject;	(2) ‘personal data’ means any information relating to *an identified or identifiable natural person* (‘data subject‘); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person;
	(2a) ‘pseudonymous data’ means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution;
	*(2b) ‘encrypted data’ means personal data, which through technological protection measures is rendered unintelligible to any person who is not authorised to access it;*

Cf. the following definition in the current 1995 DP Directive:

(a) ‘personal data ‘shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

Denmark and EU Justice and Home Affairs Law: Really Opting Back In?

Original published EU LAW ANALYSIS

by Steve Peers

On October 7th the Danish Prime Minister made an announcement that Denmark would hold another referendum on EU matters in 2015. This was widely reported as a vote on whether Denmark would opt back in to EU Justice and Home Affairs (JHA) law. In fact, the government’s intention is to hold a vote on whether to replace a complete opt out with a selective opt-out. This blog post explains the detail of the issue, including a complete list of the measures which Denmark might opt back into if the Danish public approves the referendum proposal.

The Danish opt-out effectively dates back to the Danish referendum on the Maastricht Treaty in 1992. Following the initial Danish ‘no’ vote to that treaty, the EU’s Heads of State of Government adopted a Decision, which states that Denmark fully participates in EU JHA law. This was accompanied by a declaration stating that any transfer of powers to the European Community (as it then was) would be subject to a referendum in Denmark. This is generally regarded as the basis for Denmark’s opt-out on JHA matters.

This Decision is also often described as an opt-out on EU citizenship, although it is no such thing: it simply clarifies the relationship between Danish and EU citizenship. In fact, despite a widespread belief to the contrary, Denmark has no opt-out on EU citizenship at all. The JHA opt-out was formalised as a Protocol to the Treaties at the time of the Treaty of Amsterdam (in force 1999), and was then revised at the time of the Treaty of Lisbon (in force 2009). It currently appears as Protocol 22 to the Treaties.

In a nutshell, the legal position is as follows. Continue reading “Denmark and EU Justice and Home Affairs Law: Really Opting Back In?”

Some questions to the would-be Commissioner for Better Regulation, Fundamental Rights and Rule of Law (Timmermans)

by Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be Commissioners for Better Regulation, Fundamental Rights and Rule of Law (Timmermans) will be questioned tomorrow by Members of the European Parliament (MEPs), to determine whether the EP should vote to confirm them in office. MEPs have already asked some written questions and the would-be Commissioner have replied. However, during the oral hearing will be an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments.
Rather strangely the hearing will not follow to the EP very detailed internal rules (of art.118 and Annex XVI (*) which require that hearing should take place before the Parliamentary committees Candidate Vice President Timmermans will instead be heard by the Conference of President of political Groups.

1.Rule of law / implementation of EU law
The confidence of all EU citizens and national authorities in the functioning of the rule of law in the Member States is vital to increase the mutual trust and to further develop the EU into “an area of freedom, security and justice without internal frontiers”.
In your written reply you strongly support the recent Commission proposal for a “common rule of law framework (COM(2014)158 as repeatedly advocated by the European Parliament (but criticized by the Council legal Service). However such an exercise risk which should cover all the EU member states, risk to be meaningless if the Commission does not strengthen the mechanisms which implement the principle of sincere cooperation with and between the MS. For instance there is no ground in the Treaty which justify confidential meetings between the Commission and the MS (even in the framework of the so called “EU Pilot mechanism”) when legal certainty on the exact scope of EU citizens rights and obligations are at stake.
As first steps to strengthen the rule of law would not then be appropriate :
– to update the way how the Commission on a daily basis debates with the Member states the implementation of EU legislation?
– make public the MS implementation plans as well as the table of correspondence between EU and national rules ?
– to implement, (five years after the Lisbon Treaty !), the art.70 mechanism on “objective and impartial evaluation of the implementation of the Union policies” in the FSJA by keeping informed the European and national parliaments ?
– to take stock every year of the ruling of the European Courts and of the measures taken at national level ?

2. Charter of Fundamental rights as “roadmap for the EU legislator ?
In a recent ruling the Court of Justice stroke down for the first time an EU Directive (the Data Retention Directive 2006/24) because “.., the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter. ” According to the CJEU the Directive “..does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter” and moreover “does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured…” In other terms from now on the Court of Justice will require a strict assessment of the proportionality and necessity of measures that constitute serious restrictions to fundamental rights, however legitimate the objectives pursued by the EU legislature.
On the basis of this landmark ruling do you not consider your priority to revise under the proportionality perspective the legislation falling in judicial and police cooperation in criminal matters adopted before the entry into force of the Charter and of the Treaty of Lisbon ?
Will you commit to develop a stronger and more transparent strategy to deal with infringements of EU law where the rights in the Charter are threatened by a Member State’s non-existent or incorrect implemenation of its EU law obligations?
Will not be sensible, taking in account your attachment to the REFIT exercise to review the legislation by establishing “sunset clauses” for measures limiting EU citizens rights? Moreover, by sticking on data protection aspects do you not consider that this ruling raise even bigger doubts on the compatibility with the proportionality principle of the EU-US agreements on PNR and TFTP and of the legislative proposals submitted by the Commission on the EU-PNR and the “Entry-Exit” (not to speak of the lack of compliance of the proposal on trusted traveller with the principle of non discrimination) ? Continue reading “Some questions to the would-be Commissioner for Better Regulation, Fundamental Rights and Rule of Law (Timmermans)”