Category: 2. Values & principles of the European Union

Terrorism and “Intelligence-led policing”: the German Constitutional Court draws its “red lines”..

On April 23rd, shortly after the European Union started working on the new Europol legal framework which is deemed to align the main intelligence led policy Agency with the Lisbon Treaty and with the European Charter the German Constitutional Court (BVG) decided to impose a strict separation between the work of the police and intelligence services. As in several other cases where the BVG jurisprudence has influenced also the European legislature this ruling will be probably thouroughly analysed also in Brussels even if the BVG maintain that the issue falls under the national exclusive competence. Therefore it will be more than likely that the principles outlined in this ruling would be taken in account in the EU draft legislation on data protection when these data are collected for security purposes.

According to the BVG press release  (emphasis added) “…For the Karlsruhe based court, the exchange of data between the Federal Office for the Protection of the Constitution, intelligence services, military counter-intelligence and the police amounts to — a severe infringement of the rights of those concerned, which is why it can only be allowed in exceptional cases. The judges did, however, authorise an “anti-terrorist” listing, while declaring another “secret service contact” listing unconstitutional. Initiated in 2006, the second database contains information on 18,000 potential terrorists, supplied by 38 intelligence services.
The counter-terrorism database is in its fundamental structures compatible with the Basic Law. However, it does not meet the constitutional requirements regarding specific aspects of its design.
This is what the First Senate of the Federal Constitutional Court decided in a judgment that was issued on April 23. Under certain conditions, the unconstitutional provisions can continue to be applied until new regulation has been enacted, but no later than until 31 December 2014.

The Decision is Essentially Based on the Following Considerations: Continue reading “Terrorism and “Intelligence-led policing”: the German Constitutional Court draws its “red lines”..”

An european area of freedom, security and justice ? Paving the way from Stockholm …to Rome in 2014

On November 7th the FREE Group submitted to the Chairman and other members of the Civil liberties Committee of the European Parliament its “Call for a true European Area of Freedom Security and Justice”. The main aim of the “Call” was to evaluate what has been done (or not done) since the entry into force of the Lisbon Treaty and the adoption of the Stockholm Programme.
Learning from failures and successes is a pre-condition for the new phase which will start from December 1st, 2014 (at the end of the five-years transitional period for the measures adopted before the Lisbon Treaty in judicial and police cooperation domain) (1).

According to the FREE Group “CALL” from December 2014 onward, EU and its Member States have to close the current gap between the EU legislation and the principles and objectives now outlined in the Treaties and in the European Charter of fundamental rights. Needless to say, the “lisbonisation” of police and judicial cooperation in penal matters, (1) will be the first test of the real will of the member States and of the EU institutions. Unfortunately the current situation is not promising at all and the announced UK opt-out will not make things easier either.
However, a fundamental shift of responsabilty between the EU institutions is also needed to make the EAFSJ more legitimate and credible.

The European Council which has acted until now practically alone when it has adopted the multiannual programmes of Tampere (1999), Den Haag (2004) and even Stockholm (2009). It should now accept the fact that after Lisbon, even if it will maintain its strategic role in this area (art.68 TFEU) it has to play it by taking in account the new EU institutional balance arising from the Treaties and the Charter. The new role of the European Parliament, of the Commission and of the Court of Justice in the EAFSJ policies requires a different relation with the European Council which is no more the “Deus ex machina” but an institution which like all the others should respect the principle of loyal cooperation, abide to the obligations of transparency (art. 15 TFEU), respect of democratic principles, dialog with civil society (art.11 TEU) and, last but not least, be accountable to the EU citizens.
In this perspective a strong interaction with the other Institutions directly elected by the european citizens such the European Parliament and of the national parliaments become unavoidable.
Moreover a stronger integration of the European Council within the “ordinary” EU institutional dialogue will not only re-establish the checks and balances within the EU (required since 1958 by the ECJ “Meroni” ruling) but could also trigger as a substantial effect, a real political debate also betweeen the european political “families” which still prefers hiding themselves behind the EU institutional machinery.
If such an open political debate arises it will be extremely beneficial for the all EU construction and could prove that the EAFSJ policies are no more an area restricted to skilled diplomats and burocrats “elites” shaping the Council and Commission’s Strategies, Conclusions, Guidelines, Roadmaps… .

The future Italian Presidency of the EU Council which will take place in the second semester of 2014, could play a decisive role for a more transparent and democratic phase of the EAFSJ.

However to make this change possible hard preparatory work is needed and should start already now because the EU is a sort of “super carrier” which requires time and skillfulness to change its direction. Moreover as soon as this change of strategy will become apparent it will inevitably create the opposition inside the Council, the Commission and even in the European Parliament as it happened for the “access to documents” file. It is well known that soon after the “Turco” ruling of the Court of Justice which has required more transparency in the Council and Commission these institutions have developped a clear opposite strategy to “protect” their old decision making procedures.

This kind of turf wars between the EU institutions could be extremely dangerous from an european citizen’s perspective because the EAFSJ policies should now be negotiated and implemented in full compliance with the EU Charter. They have become the core of a new European Public order which can be considered democratic only if the EU citizens and their representatives could influence both the national and European level. This objective was crystal clear when the Charter has been negotiated, and it has been reiterated also by seminal ruling of national Constitutional Courts, but since then it looks fading away from the EU legislative works and debates.

However this sort of resilience of the “Maastricht style” even after the Lisbon Treaty and EU Charter risks to be a slippery slope for the EAFSJ policies.

For thirty years the EU has underestimated the close relation between the EURO and a true EU Economic policy; let’s hope that the same mistake will not be repeated for the relation which has now to established between the EU Charter and the relevant EAFSJ policies. They should no more evolve, as it is still now the case, in a parallel world separated from the other EU policies notably in the economic and social sphere. In politics (as in nature) everything is linked. Again, the role that the future Italian Presidency could play will be extremely important because it will be at the beginning of a new EU legislature as well as of the new 18th months Trio Presidency cycle which will cover from 1st of July 2014 to December 31st 2015.

By framing the new global EU roadmap bringing together the EAFSJ policies with the new EU 2020 agenda the Italian Presidency can make the difference by setting a new bridge on (still) troubled waters.

EDC

1. See artt 9 and 10 of Protocol 36 on “TRANSITIONAL PROVISIONS CONCERNING ACTS ADOPTED ON THE BASIS OF TITLES V AND VI OF THE TREATY ON EUROPEAN UNION PRIOR TO THE ENTRY INTO FORCE OF THE TREATY OF LISBON

Article 9
The legal effects of the acts of the institutions, bodies, offices and agencies of the Union adopted on the basis of the Treaty on European Union prior to the entry into force of the Treaty of Lisbon shall be preserved until those acts are repealed, annulled or amended in implementation of the Treaties.
The same shall apply to agreements concluded between Member States on the basis of the Treaty on European Union.

Article 10
1. As a transitional measure, and with respect to acts of the Union in the field of police cooperation and judicial cooperation in criminal matters which have been adopted before the entry into force of the Treaty of Lisbon, the powers of the institutions shall be the following at the date of entry into force of that Treaty: the powers of the Commission under Article 258 of the Treaty on the Functioning of the European Union shall not be applicable and the powers of the Court of Justice of the European Union under Title VI of the Treaty on European Union, in the version in force before the entry into force of the Treaty of Lisbon, shall remain the same, including where they have been accepted under Article 35(2) of the said Treaty on European Union.
2. The amendment of an act referred to in paragraph 1 shall entail the applicability of the powers of the institutions referred to in that paragraph as set out in the Treaties with respect to the amended act for those Member States to which that amended act shall apply.
3. In any case, the transitional measure mentioned in paragraph 1 shall cease to have effect five years after the date of entry into force of the Treaty of Lisbon.
4. At the latest six months before the expiry of the transitional period referred to in paragraph 3, the United Kingdom may notify to the Council that it does not accept, with respect to the acts referred to in paragraph 1, the powers of the institutions referred to in paragraph 1 as set out in the Treaties. In case the United Kingdom has made that notification, all acts referred to in paragraph 1 shall cease to apply to it as from the date of expiry of the transitional period referred to in paragraph 3. This subparagraph shall not apply with respect to the amended acts which are applicable to the United Kingdom as referred to in paragraph 2.
The Council, acting by a qualified majority on a proposal from the Commission, shall determine the necessary consequential and transitional arrangements. The United Kingdom shall not participate in the adoption of this decision. A qualified majority of the Council shall be defined in accordance with Article 238(3)(a) of the Treaty on the Functioning of the European Union.
The Council, acting by a qualified majority on a proposal from the Commission, may also adopt a decision determining that the United Kingdom shall bear the direct financial consequences, if any, necessarily and unavoidably incurred as a result of the cessation of its participation in those acts.
5. The United Kingdom may, at any time afterwards, notify the Council of its wish to participate in acts which have ceased to apply to it pursuant to paragraph 4, first subparagraph. In that case, the relevant provisions of the Protocol on the Schengen Acquis integrated into the framework of the European Union or of the Protocol on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, as the case may be, shall apply. The powers of the institutions with regard to those acts shall be those set out in the Treaties. When acting under the relevant Protocols, the Union institutions and the United Kingdom shall seek to re-establish the widest possible measure of participation of the United Kingdom in the acquis of the Union in the area
of freedom, security and justice without seriously affecting the practical operability of the various parts thereof, while respecting their coherence.”

European Data Protection : legislative negotiations soon to be started …

Three years after the entry into force of the Lisbon treaty the long awaited legislative negotiations on the future European Union legal framework on data protection will now start between the European Parliament and the Council of the European Union. The competent parliamentary Committee LIBE will now debate two reports dealing respectively with
– a first report on the draft EU regulation covering the cases where possible the private sector is involved
– a second report on the draft EU Directive covering the cases where public authorities are involved.

The procedure

On the procedural side the two reports will in the coming months be debated and amendments will soon be submitted by all the political groups so that everyone will have the chance to take position on the main aspects of the proposed EU legislation. A first “orientation” vote will then take place and a majority will arise inside the parliamentary commitee and this majoritarian position will be the basis for the dialogue with the Council. The latter will also try to build its own majority between the national delegations. If successful a “general approach” will be endorsed by the Committee of Permanent Representatives (COREPER) and by the Council and this will be the Council alternative text to the parliamentary Committee “orientation”. The dialogue between the two institutions will then take place with the aim to reach a possible compromise.
If a compromise is reached it will be voted by the parliamentary committee and then by the plenary. The same will happen on the Council side and the procedure could then be considered closed (according to the practice of the so called “first reading agreement” an interinstitutional practice which has become the rule in the legislative negotiations at European Union level).

Will this procedure be successful for the data protection “package” ?

It is still possible but not granted as the issue of data protection is extremely sensitive and impact on fundamental interests in the public and private sphere. The end of the legislature is not so far (mid-2014) and there is not much time to close the negotiations in time if no “first reading” agreement is out of view in the coming months.
The pressure exist on both sides as Ireland, which is now chairing the Council Presidency, is the country where giants like GOOGLE and Facebook have their european seat, and is interested more than others in clarifying the new legal framework to avoid all the possible problems which could arise from a still unclear legal situation.
On the other side also the European Parliament is strongly committed in reaching an agreement because data protection has been at the centre of a more then a decade long “saga” with the other institutions (suffice to remember the controversial Plenary votes on the international agreements with the USA on Safe Harbor, PNR, SWIFT, and enquiry on the ECHELON system..).

However because of this pressure on both side the risk of stalemate could not also be excluded.

The evolution of the EU constitutional framework

On the Content side there are several new elements to be taken in account.
First of all since the entry into force of the Treaty of Lisbon the constitutional framework for data protection is radically changed.

Before this Treaty Protection of personal data was not an autonomous EU objective but a condition to be fulfilled as a corollary of other public objectives such as sharing data in the framework of the single market or collecting data to prevent transnational crime and terrorism. The legal basis for legislating in this domain where the articles of the treaties empowering the EU institutions for building the internal market (art.95 of the European Community Treaty) or to grant an hig level of security (art.29 of the Treaty of the European Union).

It is worth recalling that notwhitstanding its original focus on internal market the Community draft legislation (Com (90)0314 – C3-0323/Syn 287; OJ No. C277, 5.1.1990, p3) became the most advanced standard setting legal text on Data protection principles taking stock of the previous works in international fora such as the Council of Europe (Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, adopted on 28 January 1981) and in the OECD (OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal data, adopted on 23 September 1980). The legal framework for data protection by law enforcement authorities were before Lisbon much more sparse, confuse and vague because at that time protection of public security at EU level was dealt at intergovernamental level and there was no real will to harmonize the existing national (diverging) standards.
Only because of the pressure of the European Parliament and after the signature of the Lisbon Treaty (!) an intergovenramental Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters has been published on 30 December 2008. However the Framework Decision which is still into force cover only transnational transfert of data so that it does not establish a common level of privacy protection nor cover the EU institutions and agencies (Schengen information system included) which continue even today to consider as reference the Council of Europe Convention of …1981 and a Recommendation of 1987 .

The lack of a legal general framework for data protection together with a lack of Member States political will have probably been the main cause of the interinstitutional conflicts of the last fifteen years as well as of the growing tensions with the USA. As it happens often in case of interinstitutional stalemate the only progresses made came from the jurisprudence of national and european judges.()

After the entry into force of the Treaty of Lisbon everything is changed because data protection has been recognised as a fundamental right as well as a self standing objective of the European Union.

On the first aspect the art. 8 of the EU Charter is crystal clear:
“(1) Everyone has the right to the protection of personal data concerning him or her.
(2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
(3) Compliance with these rules shall be subject to control by an independent authority.

In short, protecting personal data is like protecting not only the image of an individual but also his ability to act in a given society without external public and private interference (the so-called right to “self-determination” which has been shaped already in 1983 by the jurisprudence of the German Constitutional Court. According to the “Census” judgment:“A social and legal order in which the citizen can no longer know who knows what when about him and in which situation, is incompatible with the right to informational self-determination. A person who wonders whether unusual behaviour is noted each time and thereafter always kept on record, used or disseminated, will try not to come to attention in this way. A person who assumes, for instance, that participation in a meeting or citizen initiative is officially recorded, and may create risks for him, may well decide not to use the relevant fundamental rights ([as guaranteed in] Articles 8 and 9 of the Constitution). This would not only limit the possibilities for personal development of the individual, but also the common good, because self-determination is an essential prerequisite for a free and democratic society that is based on the capacity and solidarity of its citizens”.
To protect personal data amounts not only to protect the liberty of the individual and, his dignity but even a more general good of the democratic society itself.

However such beautiful principles would be meaningless if not reflected in a binding legislation and in the daily life. To reach this objective art. 16 of the Treaty on Functioning of the European Union (TFEU) makes clear that personal data should be protected by “Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data.”

This will not be an easy task because EU law cover now all the main aspects of a person’s daily life in a global world where personal data have become the blood of the information society.
Massive data collection, on-line tracking and profiling not only by private companies but also by public authorities have become so widespread that many people consider that the protection of personal data itself do not exist any more. It seems that it has been killed
– by widespread invasive relatively low-cost technology
– by individual’s naïve behaviour in the social network
– by big private societies which are making an incredible amount of money from on-line advertising built on the exploitation of personal data (obtained for free)
– and last but not least by public authorities which, in a borderless world, having the facto lost the control of their territories try to prevent crime and terrorism by profiling potential dangerous people and collect everywhere massive amounts of personal data.

The post-Lisbon legislative data protection package

Confronted with the challenge of defining the new post-Lisbon data protection framework the Commission after thorough comparative studies has decided to maintain a twin track approach by submitting a Draft Regulation for protecting personal data in the civil domain and a Draft Directive adressed to public authorities when collecting personal data for security purposes. This choice has not been appreciated by the data protection authorities and by the European Parliament not only for the risk of inconsistencies but also for the risk of grey areas for activities which can fall in between.

CALL FOR A TRUE EUROPEAN AREA OF FREEDOM SECURITY AND JUSTICE

By the “Fundamental Rights European Experts Group” (FREE Group) (see below)
“Let’s be driven by our values and not by our fears”

1. Three years after Lisbon the objective of an EAFSJ is still far away…

Three years after the entry into force of the Lisbon Treaty and of the European Charter of fundamental rights one can wonder if the European Union and its Member States are really committed to the objective of building the European Freedom Security and Justice Area. It is worth recalling that this objective dates back to 1997 when the Amsterdam Treaty was signed, but it has since then been substantially upgraded by the Lisbon Treaty.

After years of hard negotiations between the MS the EAFSJ has been tightly linked to a newly binding Charter of fundamental rights and some of the previous political, legal and democratic flaws have been solved. For three years the qualified majority voting has been the normal Council decision-making rule, the EP is a full co-legislator and the Commission and the European Court of Justice can fully play their role.

2. A deceiving outcome on quantitative and qualitative terms..

However notwithstanding these undeniable constitutional advances, the EU recent activity is quite deceptive both in quantitative as in qualitative terms. The EU and its MS seem still in a transitional and survival phase than in the long awaited building phase of true EAFSJ.

On quantitative aspects suffice it to note that since the beginning of the legislative term less than fifty legislative proposals have been submitted and only twenty have until now been adopted (1). If this trend continues one can wonder if the European Parliament and the Council will be able to adopt in the last 18 months of this legislature all the texts currently on the table not to speak of the proposals that the Commission has announced notably from the second half of 2013.

But much more concerning are the qualitative aspects of the institutional activity in a domain which is deemed to be now the core of the European public space.

To start with some positive aspects it is more than likely that the new Common European Asylum System foreseen by the art. 78 TFEU (and by the art.18 of the Charter) will be adopted before the end of this year (2). Progress has also been achieved with the adoption of the first measures dealing with the suspect’s rights in criminal proceedings (3) as well as in the judicial cooperation in civil matters (4) and on the establishment of new Agencies (5).

These decisions have often been taken after lengthy and painful negotiations and have been accompanied by the conclusion of international agreements as happened with the EU-US TFTP and PNR agreements. However a positive assessment on the latter is not obvious and the risks has been denounced that the final outcome could still not comply with the European Charter as well as of the European Convention of Human rights standards (6). The EP rejection of the ACTA agreement (7) has confirmed that the EU institutions often do not share the same vision of the balance to be struck between freedom and security.
Continue reading “CALL FOR A TRUE EUROPEAN AREA OF FREEDOM SECURITY AND JUSTICE”

European Union and Hungary: towards a new “Haider” case ?

(Original IT – translation still to be revised)

Hungary puts at risk the Union’s values?

”Such a change among the democratic frameworks that we did today was only done by revolutions before. […] Hungarians today have proved that there is a reason for democracy. […] Hungarians today overthrew a system of oligarchs who used to abuse their power.” The new government will be modest and humble. “ (1)

Two years later, these April 2010 Viktor Orban statements celebrating the Fidesz Party two thirds majority in Parliament following the Hungarian elections, sound now very different as it is the case for the economic forecasts following the 2010 Hungarian elections according to which such an electoral result would had made possible for the Hungarian Forint to recover from the crisis from which it had been barely saved in 2008 by the International Monetary Fund and the European Union.

Now, not only the relations between the EU and the IMF seem to have reached their lowest point (at least judging from the recent interruption of the negotiations with the Hungarian monetary authorities) but even bolder critics are emerging at European level as far as the compatibility of various initiatives of the Orban Government with fundamental rights and respect for democratic principles are concerned.

The situation is so worrying to push Guy Verohfstadt, President of the Liberal Group in the European Parliament to declare that Hungary seems not to fully respect anymore the “values” it subscribed when it joined the European Union, (“values” that the Lisbon Treaty has made even more explicit (2). Hence, according to Verohfstadt the European institutions should trigger the “alert” procedure foreseen by art. 7 par. 1 of the EU Treaty (3).

It is worth noting that such an “alert” procedure may be launched by the European Parliament itself and that it is designed to verify if “.. there is a clear risk of a serious breach by a Member State of the founding values of the European Union and, if such a risk exists the Council would be entitled to formally recommend the State who has lost its bearings to come back on the rights track.

Needless to say that such an “alert procedure” is very different from the “nuclear option” laid down in the second paragraph of the article 7 where the Council could even suspend a Member State voting rights if “a serious and persistent breach” of European Values has been ascertained.

Yet the mere fact of evoking the “alert” procedure has already led the European Parliament’s political groups, to position themselves as in previous cases by mirroring the political position present at national level (situation which will make difficult to reach the third majority needed in the European Parliament to vote the request the Council to address formal recommendation to Hungary).(4)

The European Parliament debate on this issue will take place during the January Plenary session in Strasbourg then the competent parliamentary committee could start its work as far as the European Commission has shown that there is ground to proceed and the Conference of Presidents of political groups consider that a formal report should be prepared following the proposal of the ALDE President Verohfstadt.

All that having being said on procedural aspects, it is worth recalling which have been the main concerns raised by the recent Hungarian initiatives.
Continue reading “European Union and Hungary: towards a new “Haider” case ?”

ACTA negotiations concluded…or maybe not?

The Anti-Counterfeiting Trade Agreement (ACTA) negotiations were concluded in Japan on October 2, after 11 round of the negotiations.

The Anti-Counterfeiting Trade Agreement (ACTA) began in Geneva two years ago. It is a plurilateral trade agreement aimed at establishing international standards on intellectual property rights so as to  assist those that are part of the agreement to fight against counterfighting and piracy.

It will include:

– state-of-the-art provisions on the enforcement of intellectual property rights (including provisions on civil, criminal, and border enforcement measures)

– cooperation mechanisms among ACTA Parties and

– establishment of best practices for effective Intellectual Property Rights enforcement.

The reason why ACTA has not been negotiated under the framework of the World Intellectual Property Organisation (WIPO) is related to the impossibility to find an agreement between all the members of WIPO. The last round of negotiations included: Mexico, Australia, Canada, the European Union (represented by the European Commission), Spain, an unnamed EU member state, Japan, Korea, Morocco, New Zealand, Singapore, Switzerland and the United States.

Acta has raised several criticisms (see previous post in this blog) concerning both its content and the secretative approach with which negotiations were held as the  consolidated text of 2nd October shows:

The scope

An unresolved issue refers to the  scope of the agreement, for instance, in relation to border measures (see italics underlined part).

“ARTICLE 2.X: SCOPE OF THE BORDER MEASURES

In providing, as appropriate, and consistent with a Party’s domestic system of IPR protection and without prejudice to the requirements of the TRIPS Agreement, for effective border enforcement of intellectual property rights, a Party should do so in a manner that does not discriminate unreasonably between intellectual property rights and that avoids the creation of barriers to legitimate trade.

(…)

ARTICLE 2.X: BORDER MEASURES

1.

Each Party shall provide procedures for import and export shipments:

(a)            by which customs authorities may act upon their own initiative, to suspend the release of suspect goods; and

(b)            where appropriate by which right holders may request the competent authorities to suspend the release of suspect goods.

where appropriate,

2. situations where the goods are under Customs control:

Each Party may provide procedures for suspect goods in transit or in other

(a)            by which customs authorities may act upon their own initiative, to suspend the release of, or to detain, suspect goods; and

(b)            where appropriate, by which right holders may request the competent authorities to suspend the release of, or to detain, suspect goods.”

The inclusion of patents in enforcement measures at the border is one of the main concerns of civil society. This is particularly worrisome when it comes to public health border-enforcement measures related to patents within the European Union, which resulted in several stopped shipments of legitimate generic medicines in 2008. Although there are,provisions in the ACTA text addressing goods in transit within the border measures section, parties are still engaged in consultations on this issue.

Another controversial aspect is in the first paragraph under border measures,which refers to the product names associated with a particular place or characteristics. The compromise texts sets out a “certain principle” that signatories to ACTA must respect when putting into place enforcement mechanisms, but leaves open flexibilities for each member’s individual implementation. While some parties wants to include GIs, others think that ACTA should focus on issues of trademarks, counterfeiting and piracy.

On criminal enforcement, private acts of infringement will be excluded. Third-party liability has been removed from “Section 5: Enforcement of Intellectual Property Rights in the Digital Environment”. In this respect, third-party liability was a concern for internet freedom advocates . Several discussions surrounded the issue of the “three- strikes” legislation, which however is not included in the text.

Despite these aspects, technological protection measures remain in the digital section:

“Section 5: Enforcement of Intellectual Property Rights in the Digital Environment

ARTICLE 2.18: ENFORCEMENT IN THE DIGITAL ENVIRONMENT

1.            Each Party shall ensure that enforcement procedures, to the extent set forth in the civil and criminal enforcement sections of this Agreement, are available under its law so as to permit effective action against an act of intellectual property rights infringement which takes place in the digital environment, including expeditious remedies to prevent infringement and remedies which constitute a deterrent to further infringement.

2.            Each Party’s enforcement procedures shall apply to infringement of at least trademark and copyright or related rights over digital networks, including the unlawful use of means of widespread distribution for infringing purposes . These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity,

including electronic commerce, and, consistent with each Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.13

3.            Each Party shall endeavor to promote cooperative efforts within the business community to effectively address at least trademark and copyright or related rights infringement while preserving legitimate competition and consistent with each Party’s law, preserving fundamental principles such as freedom of expression, fair process, and privacy.

4.            Each Party may provide, in accordance with its laws and regulations, its competent authorities with the authority to order an online service provider to disclose expeditiously to a right holder information sufficient to identify a subscriber whose account was allegedly used for infringement, where that right holder has filed a legally sufficient claim of infringement of at least trademark and copyrights or related rights and where such information is being sought for the purpose of protecting or enforcing at least the right holder’s trademark and copyright or related rights. These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity, including electronic commerce, and, consistent with each Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.”

It is unclear what the procedure will be for resolving final outstanding issues (the one in italics, underlined and bold)..

The European Parliament has repeatedly reported the danger of having an anti-counterfeiting laws that endanger citizens’ fundamental freedoms (see Resolution of the European Parliament). Once MEPs learned that negotiations on the controversial agreement ended without their consent in Tokyo on Saturday (2 October), they called on the Commission to explain the matter at the earliest.

Besides the content of the agreement, the European Parliament has also criticised the Commission for not keeping it informed during the negotiations and for having denied access to ACTA documents.

For all these reasons Members of the European Parliament have asked the Commission to halt ACTA and have warned they will not give the agreement their approval, replicating the SWIFT case which took place at the beginning of the year.

While waiting for the next developments,  another post will therefore focus on the relation between governance and transparency.

LB

(to be continued)

The European Union and State Secrets: a fully evolving institutional framework

Many contemporary debates surround the issue of the treatment of confidential information and state secrets both in the United States (1) and the European Union (2) and questions have also been raised over the WikiLeaks phenomenon. It therefore seems timely to try to shed some light on the way confidential information is handled by the European Union institutions, especially since we now have the entry into force of the Treaties of the European Union, on the Functioning of the European Union and the now binding Charter of Fundamental Rights.

Clearly, it is not technically appropriate to talk about state secrets in the case of the European Union, since the latter remains an international organisation entrusted by its Member States to intervene only in those areas established by the founding treaties and to pursue those objectives established by the funding treaties (3). Nevertheless, the European order now spans such a wide range of competences and has developed such a direct relation between citizens and the institutions that the need for transparency and political accountability is as essential for the European Union as it is for its Member States.

As long as the institutions’ work was covered by professional secrecy, there was minimal risk of leaks and any undesirable impact at the national level during the negotiating phases of European measures. Problems related to a different perception of transparency/secrecy were paradoxically raised with the process of democratisation of the European institutions which, due to Maastricht, has been accompanied with the widening of competences. Additionally, and more importantly, the Amsterdam Treaty ensured that the right of access to documents of the Parliament, Council and Commission (art. 255 TEC) was recognised as a fundamental right of European citizens (and of those legally residing in the EU).

In theory, a fundamental right can only be limited by law (4), but the institutional framework resulting from the implementing measures of article 255 ( EC Regulation 1049/01) is a long way from defining a coherent regime of this sensitive topic. To obtain such a result it would have been necessary to mediate between two different juridical traditions which divided (and still divide) some countries; indeed, Northern Europe is traditionally more favourable to transparency needs whereas some southern countries prioritise the efficiency of the decision making process ahead of transparency (5).

This unresolved conflict is reflected in Regulation 1049/01, which regulates for two different regimes, respectively one of a general nature and one of a specific nature. The general one establishes transparency and the right of access to information as the general rule to which it is possible to derogate only under the provisions established by art. 4. Furthermore, it stems from the will of the author who submitted the document to the institution (whether that be another institution, a Member State or a third party). The ratio behind the suppression of the “author rule” as confirmed by the Court (6), is evidently that of avoiding that additional exceptions are added to those already foreseen by law (7), which would have the effect of nullifying the answer to the citizen requesting the access to a document or information (and therefore being incompatible with the principle of certainty of law).

Nonetheless, the general rule of Regulation 1049/01 also presents a significant exception to article 9 (8), which establishes a specific regime for the so-called “sensitive documents” defined as “… documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organisations, classified as ‘TRÈS SECRET/TOP SECRET’, ‘SECRET’ or ‘CONFIDENTIEL’ (9) in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defence and military matters.

The regime established in Article 9 is evidently a “lex specialis”, which is only applicable to the external affairs and defence matters (the former “second pillar “). However, it is also an incomplete regime because Regulation 1049/01 does not specify (as foreseen in art. 255 TEC which now is replaced by art. 15 TFEU) the general principles regarding the classification of “sensitive” documents. Although the legislator has abdicated its role and referred the decision to the institutions internal regulations, defining such a rule is not a mere organisational matter.

The official justification for this attempt at a ‘quick-fix’ in 2001 was related to the approaching deadline for the approval of the regulation, as foreseen by the Treaty. The real reason, however, was the impossibility to reach an agreement between the European Parliament and the Council over the adoption of NATO standards at the European level.

Due to article 9 and the fact that that it refers to the internal regulation of the institutions, some measures were introduced through the back door, since the internal regulations of the Council and the Commission (11) were accompanied by the need to have the author’s consent when classifying the document as “sensitive”(12).

In this way, not only have NATO standards become de facto the standards of reference for EU classified information (13), although (for the moment) limited to external and defence matters, but it also re-establishes the pre-Maastricht regime for EU citizens and institutions such as the European Parliament and the Court of Justice. Indeed, these actors cannot refer to the “right” of access to information, because the holding institution can always oppose it in the name of non compatibility with NATO standards of internal security regulations (14) or more simply, because the member state or third party (author or co-author) of the classified document does not give its consent to the transmission of the document.

The result is the existence of a conspicuous number of agreements between on one side the Council and the Commission, and the other side third countries, concluded on the basis of an unstable institutional framework (15). Recently, the same agreements have also been concluded by EU agencies such as Europol, Eurojust or Frontex (and therefore outside of the so-called second pillar), on the basis of which the institution and/or the agency (although negotiating on behalf of the European Union) (16) accept that the third country may oppose access to information to EU citizens and even the Parliament and Court.

It is therefore legitimate to wonder about the extent to which this situation is compatible with a European order, allegedly based on the principle of representative democracy (17), fundamental rights and citizenship (18), especially following the entry into force of the Treaty of Lisbon. The issue becomes even more urgent in view of the passage to the ordinary legislative regime and to the (almost) total control of the Court of sensitive matters such as police, internal security and intelligence cooperation (which are increasingly labelled as classified information).

Without effective transparency, risks of abuse or “policy laundering” become too high. This risk is also linked to the reproduction of unwanted situations where information in the field of defence and external affairs (Chapter 2 of the EU Treaty) are kept hidden, not only from the European Parliament for the reasons illustrated above, but also form the national parliaments as the information is regarded as a “European” secret. In this context, the national parliaments arguably receive the same level of access as a third country.

Therefore, the result would be the complete absence of a counterbalance mechanism which should characterise every democratic system and which would be strengthened by these security and defence policies under the formal coverage of European “executive privilege”, which not even the President of the United States of America has ever dreamt.

Luckily, the situation is less worrisome in other parts of the treaties, for example where it is established that the European Parliament must ratify international agreements. In this case, the same Treaty foresees that the Parliament “shall be immediately and fully informed at all stages of the procedure” (art. 218 par. 10 TFEU). This should effectively prohibit the Commission (negotiating the agreements) and the Council (concluding the agreements) from being able to make excuses in order to not reveal all the information.

Indeed, the European Parliament has made reference to these provisions throughout the negotiations on SWIFT, ACTA and the access of the EU to the European Convention on Human Rights. This initiative raised disconcert from the Council and Commission, who obviously realise how difficult it is to maintain two different regimes in the field of classified information depending on whether the negations of the agreements are conducted on the basis of Article 218 TFEU or on the basis of the competences in the field of security and defense (which are based on Article. 9 of Regulation 1049/01 and/or the internal organisation competence of the Council, Commission and security agencies). If in theory it is possible, although difficult, to differentiate between these two agreements at the European level, it turns into a “probation diabolica” to explain  to a third country why matters such as  the fight against terrorism may sometimes refer to an ordinary regime (article 218 TFEU) or to an extraordinary regime (art. 9 1049/01)

The process of re-negotiating the inter-institutional agreements concerning the European Parliament’s access to classified information is ongoing. A first draft agreement will be reviewed by the Committee on Constitutional Affairs of the European Parliament and a second one will take place between the European Parliament and the Council to modify the 2002 agreement applying Regulation 1049/01 (20).

The problem is that some expression of this agreement (not ratified yet) seem to extend the preventive consent to de-classify the document given by the author from the exceptions of defence and security issues to all the matters of competences of the European Union. Such an iron grip would put the European Parliament in a position leading to its abdication  (21) of the right/duty to exercise the democratic control foreseen by the treaty.

However, the issue remains undefined and contradicting signals are coming from the High Representative. This is important as the High Representative is about to adopt a declaration accompanying the decision which establishes the organisation and functioning of the European external service which “ (…) will be applied mutatis mutandis by the High Representative for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.”

It remains to be seen whether the European institutions will be able to finally overcome the long-lasting inconsistencies of the Regulation 1049/01 by establishing a European matter also in the field of the state secrets or whether, by carrying on the current, judicially confusing paths, once again the task of clarification will be left to the Court.

EDC

NOTE

(1) See the fundamental investigation of the Washington Post on the possible abuses of the documents’ classification from the USA administration since 9/11.

(2) See the current debate at the COPASIR concerning the revision of the Italian law on the “services” and the treatment of the state secret (L. 124/2007)

(3) Concept reaffirmed by the German Constitutional Court in several occasions (including 2009 with the famous Lisbon Urteil) the Union cannot gives itself different or wider competences than those granted by the Member State.

(4) As foreseen by the Member States’ constitutions and by the ECHR.

(5) This is an expression also used by article 207 of the “old” EC Treaty but that the Council has always interpreted as the conditions that allow the representatives of the Member States to change their negotiating positions in complete discretion according to circumstantial needs)

(6) This principle has been reaffirmed also recently by the Court of Justice

Case C‑64/05 P Kingdom of Sweden vs Commission of the European Communities (see: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:62005J0064:EN:HTML )

(7) In the case of a member State it could be requested to see applied its own national regime and in the case of a third country needs

(8See:  http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:145:0043:0048:IT:PDF

(9) Strangely enough the Italian version of the Regulation 1049/01 only refers to the category of the “confidential” documents.

(10) It is “…public interest safeguards, namely:— public order, — safeguard of military matters — International relations, — financial, monetary or economy policy  of the Community or Member states

(11)See Council decision 2001/264/CE  19  march 2001 adopting internal security regulation OJ n°101,  11.04.2001 modified following the entry into force of the Lisbon treaty.

(12) The “considering” 15 of the regulation invited the Member states to respect in the name of the principle of loyal cooperation the classifications established by the European institutions so as to avoid leaks related to National security matters “ Even though it is neither the object nor the effect of this Regulation to amend national legislation on access to documents, it is nevertheless clear that, by virtue of the principle of loyal cooperation which governs relations between the institutions and the Member States, Member States should take care not to hamper the proper application of this Regulation and should respect the security rules of the institutions.

(13) European Classified Information  (EUCI)

(14) For obvious reasons and given the peculiar nature and constitutional mission of the European Parliament or the court of Justice.

(15) See as a last example the agreement between the EU and Liechtenstein concerning the security procedures for the Exchange of classified information http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:187:0002:0004:EN:PDF

(16) Art. 3 of the above mentioned agreement establishes that  “the European Council, the Council of the European Union (hereinafter referred to as ‘the Council’), the General Secretariat of the Council, the High Representative of the Union for Foreign Affairs and Security Policy, the European External Action Service (hereinafter: ‘the EEAS’) and the European Commission. For the purposes of this Agreement, these institutions and entities shall be referred to as ‘the EU»

(17) Artt. 9-12 of the TEU in specific art. 10

(18) Artt.18-24 TFEU

(19). See for example the regime for the treatment of classified information foreseen by the Decision of the Council establishing Europol http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2009:121:SOM:EN:HTML and the implementing measures concerning the exchange of information with third countries: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:325:0006:0011:EN:PDF. These provisions, which entered into force in January 2010 should be interested on the basis of the regime before the entry into force of the Lisbon Treaty in virtue of the transitory provisions foreseen by protocol  n° 36.

(20) The text of the inter-institutional agreement EP-Council is available at:  http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2002:298:0001:0003:EN:PDF

(21) Obviously it would be only a de fact abdication given that the inter-institutional agreement cannot modify a juridical situation defined by a treaty. However, the signal is worrying as much as the stall of the revision of Regulation 1049/01 and the juridical vacuum under which the EU institutions (and agencies) are now operating, since they should have defined their own norms in the field of transparency/confidentiality on the basis of principles that still need to be defined after Lisbon.

(22) See in specific the declaration f the high represntative:http://register.consilium.europa.eu/pdf/it/10/st12/st12401-ad01.it10.pdf ) “.. The results of the ongoing negotiations on the Framework Agreement between the European Parliament and the Commission on negotiations of international agreements will be applied mutatis mutandis by the HR for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.. (…) 4. The present system of providing confidential information on CSDP missions and operations (through the IIA 2002 ESDP EP Special Committee) will be continued. The HR can also provide access to other documents in the CFSP area on a need to know basis to other MEPs, who, for classified documents, are duly security cleared in accordance with applicable rules, where such access is required for the exercise of their institutional function on the request of the AFET Chair, and, if needed, the EP President. The HR will, in this context, review and where necessary propose to adjust the existing provisions on access for Members of European Parliament to classified documents and information in the field of security and defence policy (2002 IIA ESDP). Pending this adjustment, the HR will decide on transitional measures that she deems necessary to grant duly designated and notified MEPs exercising an institutional function easier access to the above information..”

SWIFT II: bridging the gap or limiting the damage?

A few months after the rejection by the European Parliament of the Interim Agreement on TFTP between the European Union and the United States of America, a new agreement is under way, after it was signed on 28 June 2010 and will most probably be voted during the plenary in July (5-8).

The new text addresses some of the concerns of the European Parliament. In particular:

  • It provides higher data protection standards: right to access to data; exclusion of SEPA data; rectification; erasure; administrative and judicial redress, link to the negotiations with the US on general transatlantic data protection framework
  • It clarify the definition of terrorism: Article 2 of the proposal builds on the definition of terrorism on the approach of Article 1 of Council Framework Decision 2002/475/JHA
  • It progresses on limitation in the transfer of bulk data: criteria for requesting and providing data.
  • It narrows down the procedures for onward transfers of personal data to third countries: prior consent of the Member State (of the nationality of the data subject) will be required, except for emergency situations
  • It foresees the possibility to look again the retention period for transferred but non extracted data: 5 years but after 3 years the issue will be looked at again to look for a shorter period
  • It introduces a statement on the right to redress: statement to ensure that any redress does not discriminate between EU and US citizens.
  • It foresees the possibility to develop an EU TFTP
  • It establishes a review mechanism: 6 months after entry into force, then every year there will be ad hoc reviews, reports to Council and European Parliament. The agreement will already contain list of subjects including data protection for the review; review team will include experts on security and data protection.
  • It foresees the possibility to suspend the agreement: it kept a clause for suspension of the agreement if breach happens. No reason is required if a 6 months notice is made in advance.
  • It introduces the examination of US subpoena: examination of the proportionality of the US Subpoena will be done by Europol
  • It also clarifies the territorial application.

Despite these improvements, the agreement keeps a series of contested aspects (see Working Party 29EDPS opinion, EDRI article), mainly derived from the social and cultural differences between Europe and the USA in their approach to privacy.

From a European perspective, the Treaty of Lisbon and the European secondary legislation establish stringent safeguards in regard to the rights of data subjects. Although according to the European legislation it is possible to use data initially collected for commercial aims for law enforcement purposes, a series of principles such as purpose limitation should be respected. Purpose limitation is interlinked with the principle of adequacy, which is put into charge by independent authorities responsible to ensure the respect of such principles.

At the European level, data protection against public authorities aims at guaranteeing the freedom of the individual in absolute terms, with justified exceptions. On the contrary, in the United States, this level of freedom does not apply in relation to the public authorities since what the US law establishes is that privacy should be reasonably protected but not in absolute terms.

Specifically, when it comes to the exchange of data for law enforcement purposes, such freedom is limited due to the very nature of TFTP, dominated by its national security component. Indeed, the TFTP builds upon three legislations: the Executive Order 13224, the International Emergency Economic Powers Act and the Patriot Act. It mainly serves the interest of intelligence agencies (CIA) and remains based on the principle of exceptionality where the fight against terrorism prevails over the rights of individuals.

The European Parliament clearly saw this risk and in its resolution it introduced a series of data protection safeguards clearly re-stating the necessity to respect the principles of purpose limitation, effective supervision and redress mechanisms.

Taking into account these criteria, the new TFTP agreement introduces the monitoring and oversight by independent overseers (Article 12).

It has to be reminded that the USA do not have any supervisory authority for enforcing data protection in US territory. However, the American administration had to come to a compromise with the Europeans in this respect, also in relation to the future general EU-US agreement, which will set forth general principles valid for all specific transfer agreements.

This represents the most important novelty of the second TFTP. It is a first brick necessary to build a bridge between the EU and the US models. Indeed, the introduction of independent authorities will contribute to the establishment of a legally binding and enforceable personal data protection standards that will ensure the protection of individuals’ fundamental rights and freedoms in a EU-US framework.

Under the Commission’ proposal the transfer or processing of personal data by EU or US authorities would only be permitted for specified, explicit, legitimate purposes in the framework of the fight against terrorism and will include the right to redress, to correct or erase inaccurate data.

Keeping these elements in mind,  which model prevails?

At first sight, the American one. Indeed, the US privacy act does not apply to the TFTP agreement. Furthermore, the US Privacy Act court clauses only apply to US citizens and residents. Therefore  no right of judicial review for foreign citizens and residents apply under the US law.

However, the agreement contains some interesting elements which represent a step forward compared to the previous system. For example it puts into place an independent data protection authority to guarantee the enforcement of the necessary safeguards to ensure an effective data protection.

Furthermore, the discussions over the general EU-USA data protection agreement provide the opportunity to:

– include in all future agreements a reference to authorities competent for the data protection enforcement;

– introduce mechanisms for an effective right to redress;

– introduce a mechanism to ensure compliance with the principles established.

It remains to be seen whether such progresses will then lead to a change in the US approach to individuals’ rights, now limited by the fact that all individuals are considered alleged suspects. Although ambitious, this is a necessary step to bridge the two different EU-US data protection and privacy systems. Otherwise, it may well represents only an attempt to limit the damage.

Leda Bargiotti

SWIFT and PNR resolutions adopted by the European Parliament

The European Parliament adopted on the 5th May 2010 the two resolutions on SWIFT and PNR:

European Parliament resolution of 5 May 2010 on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the European Union and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing

European Parliament resolutionof 5 May 2010 on the launch of negotiations for Passenger Name Record (PNR) agreements with the United States, Australia and Canada

Action Plan on the Stockholm Programme released by Statewatch

European Commission: Stockholm Programme: Statewatch Analysis: Action Plan on the Stockholm Programme: A bit more freedom and justice and a lot more security (pdf) by Tony Bunyan: “The “harnessing of the digital tsunami” as advocated by the EU Future Group and the surveillance society, spelt out in Statewatch’s “The Shape of Things to Come” is embedded in the Commission’s Action Plan as it is in the Stockholm Programme….There is no mention of the European Security Research Programme (ESRP). Much of the technological development is being funded under the 1.4 billion euro security research programme. See: Statewatch/TNI report: Neoconopticon: EU security-industrial complex.

Statewatch Briefing: European Commission: Action Plan on the Stockholm Programme (pdf) Comments by Professor Steve Peers, University of Essex – Full-text: Communication from the Commission: Delivering an area of freedom, security and justice for Europe’s citizens Action Plan Implementing the Stockholm Programme (COM 171/2010, pdf)

http://www.statewatch.org/