1. EU and MS legal Order and Institutional framework – Page 41 – European Area of Freedom Security & Justice

Terrorism and “Intelligence-led policing”: the German Constitutional Court draws its “red lines”..

On April 23rd, shortly after the European Union started working on the new Europol legal framework which is deemed to align the main intelligence led policy Agency with the Lisbon Treaty and with the European Charter the German Constitutional Court (BVG) decided to impose a strict separation between the work of the police and intelligence services. As in several other cases where the BVG jurisprudence has influenced also the European legislature this ruling will be probably thouroughly analysed also in Brussels even if the BVG maintain that the issue falls under the national exclusive competence. Therefore it will be more than likely that the principles outlined in this ruling would be taken in account in the EU draft legislation on data protection when these data are collected for security purposes.

According to the BVG press release (emphasis added) “…For the Karlsruhe based court, the exchange of data between the Federal Office for the Protection of the Constitution, intelligence services, military counter-intelligence and the police amounts to — a severe infringement of the rights of those concerned, which is why it can only be allowed in exceptional cases. The judges did, however, authorise an “anti-terrorist” listing, while declaring another “secret service contact” listing unconstitutional. Initiated in 2006, the second database contains information on 18,000 potential terrorists, supplied by 38 intelligence services.
The counter-terrorism database is in its fundamental structures compatible with the Basic Law. However, it does not meet the constitutional requirements regarding specific aspects of its design.
This is what the First Senate of the Federal Constitutional Court decided in a judgment that was issued on April 23. Under certain conditions, the unconstitutional provisions can continue to be applied until new regulation has been enacted, but no later than until 31 December 2014.

The Decision is Essentially Based on the Following Considerations: Continue reading “Terrorism and “Intelligence-led policing”: the German Constitutional Court draws its “red lines”..”

An european area of freedom, security and justice ? Paving the way from Stockholm …to Rome in 2014

On November 7th the FREE Group submitted to the Chairman and other members of the Civil liberties Committee of the European Parliament its “Call for a true European Area of Freedom Security and Justice”. The main aim of the “Call” was to evaluate what has been done (or not done) since the entry into force of the Lisbon Treaty and the adoption of the Stockholm Programme.
Learning from failures and successes is a pre-condition for the new phase which will start from December 1st, 2014 (at the end of the five-years transitional period for the measures adopted before the Lisbon Treaty in judicial and police cooperation domain) (1).

According to the FREE Group “CALL” from December 2014 onward, EU and its Member States have to close the current gap between the EU legislation and the principles and objectives now outlined in the Treaties and in the European Charter of fundamental rights. Needless to say, the “lisbonisation” of police and judicial cooperation in penal matters, (1) will be the first test of the real will of the member States and of the EU institutions. Unfortunately the current situation is not promising at all and the announced UK opt-out will not make things easier either.
However, a fundamental shift of responsabilty between the EU institutions is also needed to make the EAFSJ more legitimate and credible.

The European Council which has acted until now practically alone when it has adopted the multiannual programmes of Tampere (1999), Den Haag (2004) and even Stockholm (2009). It should now accept the fact that after Lisbon, even if it will maintain its strategic role in this area (art.68 TFEU) it has to play it by taking in account the new EU institutional balance arising from the Treaties and the Charter. The new role of the European Parliament, of the Commission and of the Court of Justice in the EAFSJ policies requires a different relation with the European Council which is no more the “Deus ex machina” but an institution which like all the others should respect the principle of loyal cooperation, abide to the obligations of transparency (art. 15 TFEU), respect of democratic principles, dialog with civil society (art.11 TEU) and, last but not least, be accountable to the EU citizens.
In this perspective a strong interaction with the other Institutions directly elected by the european citizens such the European Parliament and of the national parliaments become unavoidable.
Moreover a stronger integration of the European Council within the “ordinary” EU institutional dialogue will not only re-establish the checks and balances within the EU (required since 1958 by the ECJ “Meroni” ruling) but could also trigger as a substantial effect, a real political debate also betweeen the european political “families” which still prefers hiding themselves behind the EU institutional machinery.
If such an open political debate arises it will be extremely beneficial for the all EU construction and could prove that the EAFSJ policies are no more an area restricted to skilled diplomats and burocrats “elites” shaping the Council and Commission’s Strategies, Conclusions, Guidelines, Roadmaps… .

The future Italian Presidency of the EU Council which will take place in the second semester of 2014, could play a decisive role for a more transparent and democratic phase of the EAFSJ.

However to make this change possible hard preparatory work is needed and should start already now because the EU is a sort of “super carrier” which requires time and skillfulness to change its direction. Moreover as soon as this change of strategy will become apparent it will inevitably create the opposition inside the Council, the Commission and even in the European Parliament as it happened for the “access to documents” file. It is well known that soon after the “Turco” ruling of the Court of Justice which has required more transparency in the Council and Commission these institutions have developped a clear opposite strategy to “protect” their old decision making procedures.

This kind of turf wars between the EU institutions could be extremely dangerous from an european citizen’s perspective because the EAFSJ policies should now be negotiated and implemented in full compliance with the EU Charter. They have become the core of a new European Public order which can be considered democratic only if the EU citizens and their representatives could influence both the national and European level. This objective was crystal clear when the Charter has been negotiated, and it has been reiterated also by seminal ruling of national Constitutional Courts, but since then it looks fading away from the EU legislative works and debates.

However this sort of resilience of the “Maastricht style” even after the Lisbon Treaty and EU Charter risks to be a slippery slope for the EAFSJ policies.

For thirty years the EU has underestimated the close relation between the EURO and a true EU Economic policy; let’s hope that the same mistake will not be repeated for the relation which has now to established between the EU Charter and the relevant EAFSJ policies. They should no more evolve, as it is still now the case, in a parallel world separated from the other EU policies notably in the economic and social sphere. In politics (as in nature) everything is linked. Again, the role that the future Italian Presidency could play will be extremely important because it will be at the beginning of a new EU legislature as well as of the new 18^th months Trio Presidency cycle which will cover from 1^st of July 2014 to December 31^st 2015.

By framing the new global EU roadmap bringing together the EAFSJ policies with the new EU 2020 agenda the Italian Presidency can make the difference by setting a new bridge on (still) troubled waters.

EDC

1. See artt 9 and 10 of Protocol 36 on “TRANSITIONAL PROVISIONS CONCERNING ACTS ADOPTED ON THE BASIS OF TITLES V AND VI OF THE TREATY ON EUROPEAN UNION PRIOR TO THE ENTRY INTO FORCE OF THE TREATY OF LISBON

Article 9
The legal effects of the acts of the institutions, bodies, offices and agencies of the Union adopted on the basis of the Treaty on European Union prior to the entry into force of the Treaty of Lisbon shall be preserved until those acts are repealed, annulled or amended in implementation of the Treaties.
The same shall apply to agreements concluded between Member States on the basis of the Treaty on European Union.

Article 10
1. As a transitional measure, and with respect to acts of the Union in the field of police cooperation and judicial cooperation in criminal matters which have been adopted before the entry into force of the Treaty of Lisbon, the powers of the institutions shall be the following at the date of entry into force of that Treaty: the powers of the Commission under Article 258 of the Treaty on the Functioning of the European Union shall not be applicable and the powers of the Court of Justice of the European Union under Title VI of the Treaty on European Union, in the version in force before the entry into force of the Treaty of Lisbon, shall remain the same, including where they have been accepted under Article 35(2) of the said Treaty on European Union.
2. The amendment of an act referred to in paragraph 1 shall entail the applicability of the powers of the institutions referred to in that paragraph as set out in the Treaties with respect to the amended act for those Member States to which that amended act shall apply.
3. In any case, the transitional measure mentioned in paragraph 1 shall cease to have effect five years after the date of entry into force of the Treaty of Lisbon.
4. At the latest six months before the expiry of the transitional period referred to in paragraph 3, the United Kingdom may notify to the Council that it does not accept, with respect to the acts referred to in paragraph 1, the powers of the institutions referred to in paragraph 1 as set out in the Treaties. In case the United Kingdom has made that notification, all acts referred to in paragraph 1 shall cease to apply to it as from the date of expiry of the transitional period referred to in paragraph 3. This subparagraph shall not apply with respect to the amended acts which are applicable to the United Kingdom as referred to in paragraph 2.
The Council, acting by a qualified majority on a proposal from the Commission, shall determine the necessary consequential and transitional arrangements. The United Kingdom shall not participate in the adoption of this decision. A qualified majority of the Council shall be defined in accordance with Article 238(3)(a) of the Treaty on the Functioning of the European Union.
The Council, acting by a qualified majority on a proposal from the Commission, may also adopt a decision determining that the United Kingdom shall bear the direct financial consequences, if any, necessarily and unavoidably incurred as a result of the cessation of its participation in those acts.
5. The United Kingdom may, at any time afterwards, notify the Council of its wish to participate in acts which have ceased to apply to it pursuant to paragraph 4, first subparagraph. In that case, the relevant provisions of the Protocol on the Schengen Acquis integrated into the framework of the European Union or of the Protocol on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, as the case may be, shall apply. The powers of the institutions with regard to those acts shall be those set out in the Treaties. When acting under the relevant Protocols, the Union institutions and the United Kingdom shall seek to re-establish the widest possible measure of participation of the United Kingdom in the acquis of the Union in the area
of freedom, security and justice without seriously affecting the practical operability of the various parts thereof, while respecting their coherence.”

European Data Protection : legislative negotiations soon to be started …

Three years after the entry into force of the Lisbon treaty the long awaited legislative negotiations on the future European Union legal framework on data protection will now start between the European Parliament and the Council of the European Union. The competent parliamentary Committee LIBE will now debate two reports dealing respectively with
– a first report on the draft EU regulation covering the cases where possible the private sector is involved
– a second report on the draft EU Directive covering the cases where public authorities are involved.

The procedure

On the procedural side the two reports will in the coming months be debated and amendments will soon be submitted by all the political groups so that everyone will have the chance to take position on the main aspects of the proposed EU legislation. A first “orientation” vote will then take place and a majority will arise inside the parliamentary commitee and this majoritarian position will be the basis for the dialogue with the Council. The latter will also try to build its own majority between the national delegations. If successful a “general approach” will be endorsed by the Committee of Permanent Representatives (COREPER) and by the Council and this will be the Council alternative text to the parliamentary Committee “orientation”. The dialogue between the two institutions will then take place with the aim to reach a possible compromise.
If a compromise is reached it will be voted by the parliamentary committee and then by the plenary. The same will happen on the Council side and the procedure could then be considered closed (according to the practice of the so called “first reading agreement” an interinstitutional practice which has become the rule in the legislative negotiations at European Union level).

Will this procedure be successful for the data protection “package” ?

It is still possible but not granted as the issue of data protection is extremely sensitive and impact on fundamental interests in the public and private sphere. The end of the legislature is not so far (mid-2014) and there is not much time to close the negotiations in time if no “first reading” agreement is out of view in the coming months.
The pressure exist on both sides as Ireland, which is now chairing the Council Presidency, is the country where giants like GOOGLE and Facebook have their european seat, and is interested more than others in clarifying the new legal framework to avoid all the possible problems which could arise from a still unclear legal situation.
On the other side also the European Parliament is strongly committed in reaching an agreement because data protection has been at the centre of a more then a decade long “saga” with the other institutions (suffice to remember the controversial Plenary votes on the international agreements with the USA on Safe Harbor, PNR, SWIFT, and enquiry on the ECHELON system..).

However because of this pressure on both side the risk of stalemate could not also be excluded.

The evolution of the EU constitutional framework

On the Content side there are several new elements to be taken in account.
First of all since the entry into force of the Treaty of Lisbon the constitutional framework for data protection is radically changed.

Before this Treaty Protection of personal data was not an autonomous EU objective but a condition to be fulfilled as a corollary of other public objectives such as sharing data in the framework of the single market or collecting data to prevent transnational crime and terrorism. The legal basis for legislating in this domain where the articles of the treaties empowering the EU institutions for building the internal market (art.95 of the European Community Treaty) or to grant an hig level of security (art.29 of the Treaty of the European Union).

It is worth recalling that notwhitstanding its original focus on internal market the Community draft legislation (Com (90)0314 – C3-0323/Syn 287; OJ No. C277, 5.1.1990, p3) became the most advanced standard setting legal text on Data protection principles taking stock of the previous works in international fora such as the Council of Europe (Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, adopted on 28 January 1981) and in the OECD (OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal data, adopted on 23 September 1980). The legal framework for data protection by law enforcement authorities were before Lisbon much more sparse, confuse and vague because at that time protection of public security at EU level was dealt at intergovernamental level and there was no real will to harmonize the existing national (diverging) standards.
Only because of the pressure of the European Parliament and after the signature of the Lisbon Treaty (!) an intergovenramental Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters has been published on 30 December 2008. However the Framework Decision which is still into force cover only transnational transfert of data so that it does not establish a common level of privacy protection nor cover the EU institutions and agencies (Schengen information system included) which continue even today to consider as reference the Council of Europe Convention of …1981 and a Recommendation of 1987 .

The lack of a legal general framework for data protection together with a lack of Member States political will have probably been the main cause of the interinstitutional conflicts of the last fifteen years as well as of the growing tensions with the USA. As it happens often in case of interinstitutional stalemate the only progresses made came from the jurisprudence of national and european judges.()

After the entry into force of the Treaty of Lisbon everything is changed because data protection has been recognised as a fundamental right as well as a self standing objective of the European Union.

On the first aspect the art. 8 of the EU Charter is crystal clear:
“(1) Everyone has the right to the protection of personal data concerning him or her.
(2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
(3) Compliance with these rules shall be subject to control by an independent authority. “

In short, protecting personal data is like protecting not only the image of an individual but also his ability to act in a given society without external public and private interference (the so-called right to “self-determination” which has been shaped already in 1983 by the jurisprudence of the German Constitutional Court. According to the “Census” judgment:“A social and legal order in which the citizen can no longer know who knows what when about him and in which situation, is incompatible with the right to informational self-determination. A person who wonders whether unusual behaviour is noted each time and thereafter always kept on record, used or disseminated, will try not to come to attention in this way. A person who assumes, for instance, that participation in a meeting or citizen initiative is officially recorded, and may create risks for him, may well decide not to use the relevant fundamental rights ([as guaranteed in] Articles 8 and 9 of the Constitution). This would not only limit the possibilities for personal development of the individual, but also the common good, because self-determination is an essential prerequisite for a free and democratic society that is based on the capacity and solidarity of its citizens”.
To protect personal data amounts not only to protect the liberty of the individual and, his dignity but even a more general good of the democratic society itself.

However such beautiful principles would be meaningless if not reflected in a binding legislation and in the daily life. To reach this objective art. 16 of the Treaty on Functioning of the European Union (TFEU) makes clear that personal data should be protected by “Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data.”

This will not be an easy task because EU law cover now all the main aspects of a person’s daily life in a global world where personal data have become the blood of the information society.
Massive data collection, on-line tracking and profiling not only by private companies but also by public authorities have become so widespread that many people consider that the protection of personal data itself do not exist any more. It seems that it has been killed
– by widespread invasive relatively low-cost technology
– by individual’s naïve behaviour in the social network
– by big private societies which are making an incredible amount of money from on-line advertising built on the exploitation of personal data (obtained for free)
– and last but not least by public authorities which, in a borderless world, having the facto lost the control of their territories try to prevent crime and terrorism by profiling potential dangerous people and collect everywhere massive amounts of personal data.

The post-Lisbon legislative data protection package

Confronted with the challenge of defining the new post-Lisbon data protection framework the Commission after thorough comparative studies has decided to maintain a twin track approach by submitting a Draft Regulation for protecting personal data in the civil domain and a Draft Directive adressed to public authorities when collecting personal data for security purposes. This choice has not been appreciated by the data protection authorities and by the European Parliament not only for the risk of inconsistencies but also for the risk of grey areas for activities which can fall in between.

European Area of Freedom Security and Justice : Council draft Agendas for the First Semester 2013

In compliance with the principle of transparency and in order to improve the decision making process the Council of the European Union organize its internal works in the framework of two main instruments:

a) A 18 months program prepared by a the pre-established group of three Member States holding the Presidency of the Council. The draft Program shall be prepared in close cooperation with the Commission and the President of the European Council, and after appropriate consultations it should be endorsed by the General Affairs Council. (art.2 p6 of the Council Rules of Procedure).
The current “Trio Presidency” program cover the last 18 months of the legislature : Ireland (January-June 2013) Lithuania (July -December 2013) and Greece (January –June 2014).

b) A 6 months Programme which is prepared and diffused by the incoming Council Presidency. This program “shall establish, for each Council configuration, and after appropriate consultations, draft agendas for Council meetings scheduled for the next six-month period, showing the legislative work and operational decisions envisaged” (art.2 p7 of the Council Rules of Procedures). It is worth recalling that according to a Council Declaration “‘The President will endeavour to ensure that, in principle, the provisional agenda for each meeting of the Council dealing with implementation of the Title of the TFEU relating to the area of freedom, security and justice and any documents relating to the items involved reach members of the Council at least 21 days before the beginning of the meeting.”
The current Irish Presidency 6 months Program foresee two formal meetings of the Justice and Home Affairs Council on March 7-8th and on June 6-7th.

An informal Justice and Home affairs Council meeting is already foreseen on 17th/18th of January . It is worth recalling that this kind of Meeting is devoted to strategic debates and no formal votes can take place. For the incoming meeting the main issues to be debated are :
*”Migration for Growth”,
*“Greek National Action Plan on Asylum & Migration” an
*“Update on Situation in Syria (Presented by key EU agencies such as Frontex and EASO).
The second day will be devoted to :
*”Internal Security and Growth”,
*“European cross-border Insolvency law” and certain aspects of the European Data Protection reform.

The main issues to be debated respectively for the “Home affairs” and “Justice” at the formal Council meetings are the following:
Continue reading “European Area of Freedom Security and Justice : Council draft Agendas for the First Semester 2013”

CALL FOR A TRUE EUROPEAN AREA OF FREEDOM SECURITY AND JUSTICE

By the “Fundamental Rights European Experts Group” (FREE Group) (see below)
“Let’s be driven by our values and not by our fears”

1. Three years after Lisbon the objective of an EAFSJ is still far away…

Three years after the entry into force of the Lisbon Treaty and of the European Charter of fundamental rights one can wonder if the European Union and its Member States are really committed to the objective of building the European Freedom Security and Justice Area. It is worth recalling that this objective dates back to 1997 when the Amsterdam Treaty was signed, but it has since then been substantially upgraded by the Lisbon Treaty.

After years of hard negotiations between the MS the EAFSJ has been tightly linked to a newly binding Charter of fundamental rights and some of the previous political, legal and democratic flaws have been solved. For three years the qualified majority voting has been the normal Council decision-making rule, the EP is a full co-legislator and the Commission and the European Court of Justice can fully play their role.

2. A deceiving outcome on quantitative and qualitative terms..

However notwithstanding these undeniable constitutional advances, the EU recent activity is quite deceptive both in quantitative as in qualitative terms. The EU and its MS seem still in a transitional and survival phase than in the long awaited building phase of true EAFSJ.

On quantitative aspects suffice it to note that since the beginning of the legislative term less than fifty legislative proposals have been submitted and only twenty have until now been adopted (1). If this trend continues one can wonder if the European Parliament and the Council will be able to adopt in the last 18 months of this legislature all the texts currently on the table not to speak of the proposals that the Commission has announced notably from the second half of 2013.

But much more concerning are the qualitative aspects of the institutional activity in a domain which is deemed to be now the core of the European public space.

To start with some positive aspects it is more than likely that the new Common European Asylum System foreseen by the art. 78 TFEU (and by the art.18 of the Charter) will be adopted before the end of this year (2). Progress has also been achieved with the adoption of the first measures dealing with the suspect’s rights in criminal proceedings (3) as well as in the judicial cooperation in civil matters (4) and on the establishment of new Agencies (5).

These decisions have often been taken after lengthy and painful negotiations and have been accompanied by the conclusion of international agreements as happened with the EU-US TFTP and PNR agreements. However a positive assessment on the latter is not obvious and the risks has been denounced that the final outcome could still not comply with the European Charter as well as of the European Convention of Human rights standards (6). The EP rejection of the ACTA agreement (7) has confirmed that the EU institutions often do not share the same vision of the balance to be struck between freedom and security.
Continue reading “CALL FOR A TRUE EUROPEAN AREA OF FREEDOM SECURITY AND JUSTICE”

European Union and Hungary: towards a new “Haider” case ?

(Original IT – translation still to be revised)

Hungary puts at risk the Union’s values?

”Such a change among the democratic frameworks that we did today was only done by revolutions before. […] Hungarians today have proved that there is a reason for democracy. […] Hungarians today overthrew a system of oligarchs who used to abuse their power.” The new government will be modest and humble. “ (1)

Two years later, these April 2010 Viktor Orban statements celebrating the Fidesz Party two thirds majority in Parliament following the Hungarian elections, sound now very different as it is the case for the economic forecasts following the 2010 Hungarian elections according to which such an electoral result would had made possible for the Hungarian Forint to recover from the crisis from which it had been barely saved in 2008 by the International Monetary Fund and the European Union.

Now, not only the relations between the EU and the IMF seem to have reached their lowest point (at least judging from the recent interruption of the negotiations with the Hungarian monetary authorities) but even bolder critics are emerging at European level as far as the compatibility of various initiatives of the Orban Government with fundamental rights and respect for democratic principles are concerned.

The situation is so worrying to push Guy Verohfstadt, President of the Liberal Group in the European Parliament to declare that Hungary seems not to fully respect anymore the “values” it subscribed when it joined the European Union, (“values” that the Lisbon Treaty has made even more explicit (2). Hence, according to Verohfstadt the European institutions should trigger the “alert” procedure foreseen by art. 7 par. 1 of the EU Treaty (3).

It is worth noting that such an “alert” procedure may be launched by the European Parliament itself and that it is designed to verify if “.. there is a clear risk of a serious breach“ by a Member State of the founding values of the European Union and, if such a risk exists the Council would be entitled to formally recommend the State who has lost its bearings to come back on the rights track.

Needless to say that such an “alert procedure” is very different from the “nuclear option” laid down in the second paragraph of the article 7 where the Council could even suspend a Member State voting rights if “a serious and persistent breach” of European Values has been ascertained.

Yet the mere fact of evoking the “alert” procedure has already led the European Parliament’s political groups, to position themselves as in previous cases by mirroring the political position present at national level (situation which will make difficult to reach the third majority needed in the European Parliament to vote the request the Council to address formal recommendation to Hungary).(4)

The European Parliament debate on this issue will take place during the January Plenary session in Strasbourg then the competent parliamentary committee could start its work as far as the European Commission has shown that there is ground to proceed and the Conference of Presidents of political groups consider that a formal report should be prepared following the proposal of the ALDE President Verohfstadt.

All that having being said on procedural aspects, it is worth recalling which have been the main concerns raised by the recent Hungarian initiatives.
Continue reading “European Union and Hungary: towards a new “Haider” case ?”

EU Internal Security strategy: towards a EU-USA common path?

The traditional meeting between the justice and home affairs ministerial representatives of the United States of America (USA) and of the European Union (EU) took place the 8th and 9th December 2010. Ms Janet Napolitano, from the Department of Homeland Security and Mr Eric Holder, General Attorney of the Department of Justice have discussed with the European Union presidency and the Commissioners Ms Cecilia Malmström and Ms Viviane Reding the transatlantic initiatives, both planned and underway- aimed at preventing and combating terrorism and organised crime.

The meeting confirmed the hegemonic and inspiring role that the American administration has towards the European Union when it comes to defining and implementing the European Internal Security Strategy (ISS).

This is true when it come to the synchronisation of the EU’ activities, since the Justice and Home Affairs Council which took place in Toledo in February 2010 adopted the strategy while the US administration approved the Fourth revision of its own internal security strategy.

It is also true in relation to the increasing concurrence of the objectives underpinning it. After all this is not so surprising for two allies which cooperate on a daily basis in all different domains, going from intelligence, money laundering, to the fight against drugs.

Therefore, the European ISS includes the fight against cyber crime, measures aimed at the protection of commercial flights and cargo safety, use of financial personal data and airplanes passengers. These objectives have been recalled by the Commission in its recent Communication entitled “The EU Internal Security Strategy in Action: Five steps towards a more secure Europe”.

The crucial element here is that while these objectives correspond to what the Congress requested, this is not the case for the European Union, where the position of the European Parliament – which should ensure the legislative transposition of some of these objectives- is much more cautious than the one of the Congress. This is even more striking if one take into consideration the fact that the Congress is considered even more demanding than both the Bush and Obama Administration, for instance, concerning borders control with the creation of an entry-exit system and limits to visa liberalisation.

The opposition of the Strasbourg Assembly to the indiscriminate collection and systematic storage of personal data of millions of air passengers (PNR) for several years is renowned. Especially, because these data includes also those of individuals which are not wanted nor suspects and that, even after the controls, are not considered a danger for the flights safety.

That is why the Council of the European Union adopted the 3^rd December 2010 a negotiation mandate to the Commission which should allow revising in a more restrictive manner the data protection provisions which are provisionally applied on the basis of the EU-USA agreement, since 2007.

It goes without saying that it would be rather naïve to expect the American Administration to welcome such a measure, especially because the new Republican majority in the Congress would interpret it as a lowering down of the guard. Nevertheless, it is also self-evident that the current agreement risks to be rejected by the European Parliament at any moment and this possibility would open a dangerous vacuum, also for the aviation companies.[1]

Rather, it is reasonable to expect a greater willingness from the European Parliament’s side to adopt measures concerning the fight against cyber-crime, one of the USA priority for a long time and recently recalled by the Obama Administration during the last EU-USA summit of 20^th November 2010 in the Joint EU-US Statement. The summit promoted a EU-USA working group in the field of cyber security and cyber criminality, which within a year will present a report on a series of initiatives, such as those discussed in the recent EU-US-NATO summit of the 24^th November. These measures includes among others,

– the creation of Computer Emergency Response Team (CERTs) in each European country, along the lines of the corresponding American centres, with the support of the European Agency responsible for network security (ENISA)

– – the implementation of an emergency network

– The creation of a sort of control room at the European level, as indicated by the Commission in its proposal for an internal security strategy.

These measures should be complemented by legislative measures such as the Proposal for a Directive on attacks against information systems, currently under review by the European Parliament. This measure will probably get inspiration from the Convention on Cyber crime of the Council of Europe, ratified by the United States itself.

However, all these measures, as well as the last ministerial meeting, all share the same unresolved problem related to the different data protection standards existing in the two sides of the Atlantic, namely in relation to public security. On the one hand, in the United States the protection of privacy and personal data is not considered a fundamental right (at most a penumbral right, subordinated to the safeguard of the right of expression foreseen by the first amendment and to the right of residence foreseen by the fourth amendment). On the other hand, in the EU, these rights are recognised as fundamental by art. 8 of the European Convention on Human Rights as well articles 7 and 8 of the Charter of Fundamental Rights.

Indeed, the European Parliament has requested, especially after 9/11 a transatlantic binding agreement in this field. This could eventually take place on the basis of negotiation mandate which the Council conferred to the Commission on the 3^rd December and that Vice-President Reding has already presented to the Parliament.

Theoretically, the US authorities should not oppose it given that the mandate recalls the recommendations made by a common working group which has elaborated a series of common principles. However, the American authorities fear that the new agreement will make more difficult the transfer of data that is already taking place under the EU-USA agreement in the field of judicial cooperation in criminal matters, the agreements with Europol and Eurojust and more importantly the various bilateral agreements negotiated in the last decades between the USA and the EU Member States, in the field of security and fight against crime.[2]

The next months look quite challenging and it will be interesting to follow not only the negotiations but also the tone of the dialogue that will be established between the Congress and the European Parliament, i.e. whether they will be able to share to a greater extent the perception of a threat and therefore the need to a common answer.

If this will take place, it could be possible to open the way to a Transatlantic Schengen-like space which ahs already been announced in the EU-US Joint Statement on “Enhancing transatlantic cooperation in the area of Justice, Freedom and Security”

EDC

[1] The same issue is true for those measures which are considered too invasive for the individual privacy, such as the installation of body scanners (1300 are foreseen to be installed in the USA and a few tens in the European Union). It remains to be seen what the European Union will do to implement the new international strategy in the field of aviation security adopted by the 37^th ICAO Assembly which took place on 8^th October 2010 (Comprehensive Aviation Security Strategy) (ICASS).

[2] See Prüm-like agreements on the basis of which the EU Member States committed themselves to transfer information, , to the United States. These transfer include sensitive information, such as DNA codes, in exchange of looser conditions to obtain visa for their citizens.

The European Union and State Secrets: a fully evolving institutional framework

Many contemporary debates surround the issue of the treatment of confidential information and state secrets both in the United States (1) and the European Union (2) and questions have also been raised over the WikiLeaks phenomenon. It therefore seems timely to try to shed some light on the way confidential information is handled by the European Union institutions, especially since we now have the entry into force of the Treaties of the European Union, on the Functioning of the European Union and the now binding Charter of Fundamental Rights.

Clearly, it is not technically appropriate to talk about state secrets in the case of the European Union, since the latter remains an international organisation entrusted by its Member States to intervene only in those areas established by the founding treaties and to pursue those objectives established by the funding treaties (3). Nevertheless, the European order now spans such a wide range of competences and has developed such a direct relation between citizens and the institutions that the need for transparency and political accountability is as essential for the European Union as it is for its Member States.

As long as the institutions’ work was covered by professional secrecy, there was minimal risk of leaks and any undesirable impact at the national level during the negotiating phases of European measures. Problems related to a different perception of transparency/secrecy were paradoxically raised with the process of democratisation of the European institutions which, due to Maastricht, has been accompanied with the widening of competences. Additionally, and more importantly, the Amsterdam Treaty ensured that the right of access to documents of the Parliament, Council and Commission (art. 255 TEC) was recognised as a fundamental right of European citizens (and of those legally residing in the EU).

In theory, a fundamental right can only be limited by law (4), but the institutional framework resulting from the implementing measures of article 255 ( EC Regulation 1049/01) is a long way from defining a coherent regime of this sensitive topic. To obtain such a result it would have been necessary to mediate between two different juridical traditions which divided (and still divide) some countries; indeed, Northern Europe is traditionally more favourable to transparency needs whereas some southern countries prioritise the efficiency of the decision making process ahead of transparency (5).

This unresolved conflict is reflected in Regulation 1049/01, which regulates for two different regimes, respectively one of a general nature and one of a specific nature. The general one establishes transparency and the right of access to information as the general rule to which it is possible to derogate only under the provisions established by art. 4. Furthermore, it stems from the will of the author who submitted the document to the institution (whether that be another institution, a Member State or a third party). The ratio behind the suppression of the “author rule” as confirmed by the Court (6), is evidently that of avoiding that additional exceptions are added to those already foreseen by law (7), which would have the effect of nullifying the answer to the citizen requesting the access to a document or information (and therefore being incompatible with the principle of certainty of law).

Nonetheless, the general rule of Regulation 1049/01 also presents a significant exception to article 9 (8), which establishes a specific regime for the so-called “sensitive documents” defined as “… documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organisations, classified as ‘TRÈS SECRET/TOP SECRET’, ‘SECRET’ or ‘CONFIDENTIEL’ (9) in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defence and military matters.

The regime established in Article 9 is evidently a “lex specialis”, which is only applicable to the external affairs and defence matters (the former “second pillar “). However, it is also an incomplete regime because Regulation 1049/01 does not specify (as foreseen in art. 255 TEC which now is replaced by art. 15 TFEU) the general principles regarding the classification of “sensitive” documents. Although the legislator has abdicated its role and referred the decision to the institutions internal regulations, defining such a rule is not a mere organisational matter.

The official justification for this attempt at a ‘quick-fix’ in 2001 was related to the approaching deadline for the approval of the regulation, as foreseen by the Treaty. The real reason, however, was the impossibility to reach an agreement between the European Parliament and the Council over the adoption of NATO standards at the European level.

Due to article 9 and the fact that that it refers to the internal regulation of the institutions, some measures were introduced through the back door, since the internal regulations of the Council and the Commission (11) were accompanied by the need to have the author’s consent when classifying the document as “sensitive”(12).

In this way, not only have NATO standards become de facto the standards of reference for EU classified information (13), although (for the moment) limited to external and defence matters, but it also re-establishes the pre-Maastricht regime for EU citizens and institutions such as the European Parliament and the Court of Justice. Indeed, these actors cannot refer to the “right” of access to information, because the holding institution can always oppose it in the name of non compatibility with NATO standards of internal security regulations (14) or more simply, because the member state or third party (author or co-author) of the classified document does not give its consent to the transmission of the document.

The result is the existence of a conspicuous number of agreements between on one side the Council and the Commission, and the other side third countries, concluded on the basis of an unstable institutional framework (15). Recently, the same agreements have also been concluded by EU agencies such as Europol, Eurojust or Frontex (and therefore outside of the so-called second pillar), on the basis of which the institution and/or the agency (although negotiating on behalf of the European Union) (16) accept that the third country may oppose access to information to EU citizens and even the Parliament and Court.

It is therefore legitimate to wonder about the extent to which this situation is compatible with a European order, allegedly based on the principle of representative democracy (17), fundamental rights and citizenship (18), especially following the entry into force of the Treaty of Lisbon. The issue becomes even more urgent in view of the passage to the ordinary legislative regime and to the (almost) total control of the Court of sensitive matters such as police, internal security and intelligence cooperation (which are increasingly labelled as classified information).

Without effective transparency, risks of abuse or “policy laundering” become too high. This risk is also linked to the reproduction of unwanted situations where information in the field of defence and external affairs (Chapter 2 of the EU Treaty) are kept hidden, not only from the European Parliament for the reasons illustrated above, but also form the national parliaments as the information is regarded as a “European” secret. In this context, the national parliaments arguably receive the same level of access as a third country.

Therefore, the result would be the complete absence of a counterbalance mechanism which should characterise every democratic system and which would be strengthened by these security and defence policies under the formal coverage of European “executive privilege”, which not even the President of the United States of America has ever dreamt.

Luckily, the situation is less worrisome in other parts of the treaties, for example where it is established that the European Parliament must ratify international agreements. In this case, the same Treaty foresees that the Parliament “shall be immediately and fully informed at all stages of the procedure” (art. 218 par. 10 TFEU). This should effectively prohibit the Commission (negotiating the agreements) and the Council (concluding the agreements) from being able to make excuses in order to not reveal all the information.

Indeed, the European Parliament has made reference to these provisions throughout the negotiations on SWIFT, ACTA and the access of the EU to the European Convention on Human Rights. This initiative raised disconcert from the Council and Commission, who obviously realise how difficult it is to maintain two different regimes in the field of classified information depending on whether the negations of the agreements are conducted on the basis of Article 218 TFEU or on the basis of the competences in the field of security and defense (which are based on Article. 9 of Regulation 1049/01 and/or the internal organisation competence of the Council, Commission and security agencies). If in theory it is possible, although difficult, to differentiate between these two agreements at the European level, it turns into a “probation diabolica” to explain to a third country why matters such as the fight against terrorism may sometimes refer to an ordinary regime (article 218 TFEU) or to an extraordinary regime (art. 9 1049/01)

The process of re-negotiating the inter-institutional agreements concerning the European Parliament’s access to classified information is ongoing. A first draft agreement will be reviewed by the Committee on Constitutional Affairs of the European Parliament and a second one will take place between the European Parliament and the Council to modify the 2002 agreement applying Regulation 1049/01 (20).

The problem is that some expression of this agreement (not ratified yet) seem to extend the preventive consent to de-classify the document given by the author from the exceptions of defence and security issues to all the matters of competences of the European Union. Such an iron grip would put the European Parliament in a position leading to its abdication (21) of the right/duty to exercise the democratic control foreseen by the treaty.

However, the issue remains undefined and contradicting signals are coming from the High Representative. This is important as the High Representative is about to adopt a declaration accompanying the decision which establishes the organisation and functioning of the European external service which “ (…) will be applied mutatis mutandis by the High Representative for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.”

It remains to be seen whether the European institutions will be able to finally overcome the long-lasting inconsistencies of the Regulation 1049/01 by establishing a European matter also in the field of the state secrets or whether, by carrying on the current, judicially confusing paths, once again the task of clarification will be left to the Court.

EDC

NOTE

(1) See the fundamental investigation of the Washington Post on the possible abuses of the documents’ classification from the USA administration since 9/11.

(2) See the current debate at the COPASIR concerning the revision of the Italian law on the “services” and the treatment of the state secret (L. 124/2007)

(3) Concept reaffirmed by the German Constitutional Court in several occasions (including 2009 with the famous Lisbon Urteil) the Union cannot gives itself different or wider competences than those granted by the Member State.

(4) As foreseen by the Member States’ constitutions and by the ECHR.

(5) This is an expression also used by article 207 of the “old” EC Treaty but that the Council has always interpreted as the conditions that allow the representatives of the Member States to change their negotiating positions in complete discretion according to circumstantial needs)

(6) This principle has been reaffirmed also recently by the Court of Justice

Case C‑64/05 P Kingdom of Sweden vs Commission of the European Communities (see: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:62005J0064:EN:HTML )

(7) In the case of a member State it could be requested to see applied its own national regime and in the case of a third country needs

(8See: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:145:0043:0048:IT:PDF

(9) Strangely enough the Italian version of the Regulation 1049/01 only refers to the category of the “confidential” documents.

(10) It is “…public interest safeguards, namely:— public order, — safeguard of military matters — International relations, — financial, monetary or economy policy of the Community or Member states

(11)See Council decision 2001/264/CE 19 march 2001 adopting internal security regulation OJ n°101, 11.04.2001 modified following the entry into force of the Lisbon treaty.

(12) The “considering” 15 of the regulation invited the Member states to respect in the name of the principle of loyal cooperation the classifications established by the European institutions so as to avoid leaks related to National security matters “ Even though it is neither the object nor the effect of this Regulation to amend national legislation on access to documents, it is nevertheless clear that, by virtue of the principle of loyal cooperation which governs relations between the institutions and the Member States, Member States should take care not to hamper the proper application of this Regulation and should respect the security rules of the institutions.

(13) European Classified Information (EUCI)

(14) For obvious reasons and given the peculiar nature and constitutional mission of the European Parliament or the court of Justice.

(15) See as a last example the agreement between the EU and Liechtenstein concerning the security procedures for the Exchange of classified information http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:187:0002:0004:EN:PDF

(16) Art. 3 of the above mentioned agreement establishes that “the European Council, the Council of the European Union (hereinafter referred to as ‘the Council’), the General Secretariat of the Council, the High Representative of the Union for Foreign Affairs and Security Policy, the European External Action Service (hereinafter: ‘the EEAS’) and the European Commission. For the purposes of this Agreement, these institutions and entities shall be referred to as ‘the EU»

(17) Artt. 9-12 of the TEU in specific art. 10

(18) Artt.18-24 TFEU

(19). See for example the regime for the treatment of classified information foreseen by the Decision of the Council establishing Europol http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2009:121:SOM:EN:HTML and the implementing measures concerning the exchange of information with third countries: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:325:0006:0011:EN:PDF. These provisions, which entered into force in January 2010 should be interested on the basis of the regime before the entry into force of the Lisbon Treaty in virtue of the transitory provisions foreseen by protocol n° 36.

(20) The text of the inter-institutional agreement EP-Council is available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2002:298:0001:0003:EN:PDF

(21) Obviously it would be only a de fact abdication given that the inter-institutional agreement cannot modify a juridical situation defined by a treaty. However, the signal is worrying as much as the stall of the revision of Regulation 1049/01 and the juridical vacuum under which the EU institutions (and agencies) are now operating, since they should have defined their own norms in the field of transparency/confidentiality on the basis of principles that still need to be defined after Lisbon.

(22) See in specific the declaration f the high represntative:http://register.consilium.europa.eu/pdf/it/10/st12/st12401-ad01.it10.pdf ) “.. The results of the ongoing negotiations on the Framework Agreement between the European Parliament and the Commission on negotiations of international agreements will be applied mutatis mutandis by the HR for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.. (…) 4. The present system of providing confidential information on CSDP missions and operations (through the IIA 2002 ESDP EP Special Committee) will be continued. The HR can also provide access to other documents in the CFSP area on a need to know basis to other MEPs, who, for classified documents, are duly security cleared in accordance with applicable rules, where such access is required for the exercise of their institutional function on the request of the AFET Chair, and, if needed, the EP President. The HR will, in this context, review and where necessary propose to adjust the existing provisions on access for Members of European Parliament to classified documents and information in the field of security and defence policy (2002 IIA ESDP). Pending this adjustment, the HR will decide on transitional measures that she deems necessary to grant duly designated and notified MEPs exercising an institutional function easier access to the above information..”

Action Plan on the Stockholm Programme released by Statewatch

European Commission: Stockholm Programme: Statewatch Analysis: Action Plan on the Stockholm Programme: A bit more freedom and justice and a lot more security (pdf) by Tony Bunyan: “The “harnessing of the digital tsunami” as advocated by the EU Future Group and the surveillance society, spelt out in Statewatch’s “The Shape of Things to Come” is embedded in the Commission’s Action Plan as it is in the Stockholm Programme….There is no mention of the European Security Research Programme (ESRP). Much of the technological development is being funded under the 1.4 billion euro security research programme. See: Statewatch/TNI report: Neoconopticon: EU security-industrial complex.”

– Statewatch Briefing: European Commission: Action Plan on the Stockholm Programme (pdf) Comments by Professor Steve Peers, University of Essex – Full-text: Communication from the Commission: Delivering an area of freedom, security and justice for Europe’s citizens Action Plan Implementing the Stockholm Programme (COM 171/2010, pdf)

http://www.statewatch.org/

LIBE Committee resume the works on the future SWIFT long term agreement

The LIBE Committee discussed on 7 April 2010 the re-launch of negotiations on a SWIFT long term agreement.

It has to be recalled that following the European Parliament refusal to provide its consent on the US-EU SWIFT Interim Agreement last February a new draft-negotiating mandate has been indeed submitted by the College of Commissioners on 24 March 2010 to the Council, which in turn is expected to approve it on 22/23 April. According to the Commission the new agreement might be concluded at the beginning of June of this year.

Will the new agreement be founded on Judicial cooperation in penal matters or ….?

According to the Commission statement and the legal basis chosen for the new mandate (art. 82 of the TFUE) the future agreement will comply with the EP request expressed already in September 2009 to build the EU US cooperation in this domain in a framework which could be consistent with the new EU Treaty the art. 8 of the European Charter of Fundamental rights and the request of some Constitutional Courts such as the German Court. To do so the draft mandate has foreseen the creation of an European “Authority of judicial nature” which could check the necessity and proportionality of the US request of SWIFT data .

Therefore during the debate Rapporteur Ms Jeanine Hennis Plasschaert (ALDE) enquired the European Commission on whether it would be possible to explore alternative legal frameworks from judicial cooperation in penal matters .

Mr Faull underlined that the Commission could not see any feasible short term alternative system to the mutual legal assistance framework, however this will not prevent the Commission to explore also other possibilities, following the requests from the Spanish Presidency and by taking in account the question posed by the Rapporteur. On the same logic to find alternative solution to judicial cooperation Ms Carmen Romero López (S&D) suggested to work within the framework of an anti-money laundering directive revised to include banking messaging companies.

Therefore according to Jan Philipp Albrecht (Greens/EFA) these “alternative” approaches would go against the European Charter on Fundamental Rights, the European Convention on Human Rights as well as the German Court (see recent judgment on data retention) with the risk, as pointed out “that Germany will feel impelled to reject this mandate on constitutional grounds”. To avoid possible “clashes” with European or national constitutional courts Mr Albrecht has then suggested then to request for the opinion of the EU Court of Justice on the compatibility of the draft agreement with the EU legislation, as foreseen by Article 218 §11 of the Treaty on the Functioning of the European Union.

The new draft negotiating mandate

The new draft negotiating mandate as agreed upon by the College of Commissioners on 24 March 2010 and upon approval of the Council foresees -among others- the following elements:

Safeguards to ensure the respect of the fundamental right to the protection of personal data;
Transfer to third countries of only information derived from terrorism investigations (“lead information”);
A judicial public authority in the EU with the responsibility to receive requests from the United States Department of the Treasury, verify if the substantiated request meets the requirements of the Agreement and if appropriate require the provider to transfer the data on the basis of a “push” system;
Retention of personal data extracted from the TFTP database for no longer than necessary for the specific investigation or prosecution and non-extracted data retained for five years;
Onward transfer of information obtained through the TFTP under the Agreement shall be limited to law enforcement, public security, or counter terrorism authorities of US government agencies or of EU Member States and third countries or Europol or Eurojust as well as Interpol.
The Agreement shall provide for:

1) the right of individuals to information relating to the processing of personal data;

2) the right to access his/her personal data;

3) to the rectification, and

4) as appropriate erasure thereof.

Hence, it appears that the College of Commissioners has tried to address some of the past concerns addressed by the MEPs.

However, while demonstrating the willingness to explore grounds for a new agreement on the SWIFT data-sharing, some of the Members of the LIBE Committee, expressed a variety of concerns, most of which were already raised in the previous report of the European Parliament and that can be summarised as follows:

Proportionality

Members of Parliament still have concerns that the transfer of bulk data will not be addressed properly. According to Ms Sophie In’t Veld (ALDE) filtering should be done in the EU for financial data, PNR and telecommunications. Also Ms Birgit Sippel (S&D) stressed that SWIFT should be able to individualise data ahead of a transfer.

In this regard it remains to be seen whether SWIFT has the technical ability but not the willingness to bare the costs derived from selecting and transferring individual data instead of ‘data in bulk’.

According to Mr Faull it will not be possible to reduce the quantity of data transferred however he will work to reduce their size by removing the presumably non-useful data.

Data storage period

MEPs expressed concerned over the five years data storage as foreseen by the new text despite the attempts of Mr Faull to reassure the Committee stating that five years was not “unreasonable” given data’s useful lifespan in counter-terrorism.

Access, rectification, compensation and redress outside the EU

Mr Stavros Lambrinidis (S&D) enquired whether there was no other way for the bulk transfer of data and if it was not possible to impose some prior European check when the US wants to transfer the data to third countries.

Furthermore MEPs expressed the need to ensure the right to appeal to European citizens in front of American authorities in case of personal data abuse/misuse.

In this respect Mr Busutill asked to ensure equal rights between US and EU citizens and Mr Faull replied that the Privacy Act is indeed discriminatory and therefore does not guarantee the same rights to EU and US citizens. However the Privacy Act does not apply to the TFTP , hence asking to apply the same right of US citizens to the European ones means not having any rights at all.

No evidence on the effectiveness

There still is no evidence that cases of terrorism have been prevented or prosecuted based exclusively on the financial data.

Procedural concerns

The fact that the EU is planning to conclude an executive agreement on exchanges of data before negotiating the general agreements on rules governing the data protection raise additional concerns. Indeed, the acceleration of the envisaged SWIFT II agreement will limit the margin of maneuver for negotiators on the overarching transatlantic agreement on data sharing and data protection. In other words, it will force the latter to simply accept praxis established before the development of the general principles governing data protection.

Also the Commission -using the words of the Director General of DG JLS Mr Jonathan Faull- is of the opinion that “in an ideal world” general norms should be established before specific ones. However, no sufficient reasons have been provided to explain why the European Union is accelerating the negotiations on the SWIFT agreement instead of giving precedence to the establishment of overarching general framework on EU-US data protection and exchange.

In conclusion, the European Union is engaging in a delicate exercise trying to define at the same time internal, external, specific and general data protection norms. This would have been possible -in theory- if the European Union had clear objectives and points of reference. However, following the LIBE Committee debate on 7 April this seems far from being the case.

L.B.