European Union and Hungary: towards a new “Haider” case ?

(Original IT – translation still to be revised)

Hungary puts at risk the Union’s values?

”Such a change among the democratic frameworks that we did today was only done by revolutions before. […] Hungarians today have proved that there is a reason for democracy. […] Hungarians today overthrew a system of oligarchs who used to abuse their power.” The new government will be modest and humble. “ (1)

Two years later, these April 2010 Viktor Orban statements celebrating the Fidesz Party two thirds majority in Parliament following the Hungarian elections, sound now very different as it is the case for the economic forecasts following the 2010 Hungarian elections according to which such an electoral result would had made possible for the Hungarian Forint to recover from the crisis from which it had been barely saved in 2008 by the International Monetary Fund and the European Union.

Now, not only the relations between the EU and the IMF seem to have reached their lowest point (at least judging from the recent interruption of the negotiations with the Hungarian monetary authorities) but even bolder critics are emerging at European level as far as the compatibility of various initiatives of the Orban Government with fundamental rights and respect for democratic principles are concerned.

The situation is so worrying to push Guy Verohfstadt, President of the Liberal Group in the European Parliament to declare that Hungary seems not to fully respect anymore the “values” it subscribed when it joined the European Union, (“values” that the Lisbon Treaty has made even more explicit (2). Hence, according to Verohfstadt the European institutions should trigger the “alert” procedure foreseen by art. 7 par. 1 of the EU Treaty (3).

It is worth noting that such an “alert” procedure may be launched by the European Parliament itself and that it is designed to verify if “.. there is a clear risk of a serious breach by a Member State of the founding values of the European Union and, if such a risk exists the Council would be entitled to formally recommend the State who has lost its bearings to come back on the rights track.

Needless to say that such an “alert procedure” is very different from the “nuclear option” laid down in the second paragraph of the article 7 where the Council could even suspend a Member State voting rights if “a serious and persistent breach” of European Values has been ascertained.

Yet the mere fact of evoking the “alert” procedure has already led the European Parliament’s political groups, to position themselves as in previous cases by mirroring the political position present at national level (situation which will make difficult to reach the third majority needed in the European Parliament to vote the request the Council to address formal recommendation to Hungary).(4)

The European Parliament debate on this issue will take place during the January Plenary session in Strasbourg then the competent parliamentary committee could start its work as far as the European Commission has shown that there is ground to proceed and the Conference of Presidents of political groups consider that a formal report should be prepared following the proposal of the ALDE President Verohfstadt.

All that having being said on procedural aspects, it is worth recalling which have been the main concerns raised by the recent Hungarian initiatives.
Continue reading “European Union and Hungary: towards a new “Haider” case ?”

ACTA negotiations concluded…or maybe not?

The Anti-Counterfeiting Trade Agreement (ACTA) negotiations were concluded in Japan on October 2, after 11 round of the negotiations.

The Anti-Counterfeiting Trade Agreement (ACTA) began in Geneva two years ago. It is a plurilateral trade agreement aimed at establishing international standards on intellectual property rights so as to  assist those that are part of the agreement to fight against counterfighting and piracy.

It will include:

– state-of-the-art provisions on the enforcement of intellectual property rights (including provisions on civil, criminal, and border enforcement measures)

– cooperation mechanisms among ACTA Parties and

– establishment of best practices for effective Intellectual Property Rights enforcement.

The reason why ACTA has not been negotiated under the framework of the World Intellectual Property Organisation (WIPO) is related to the impossibility to find an agreement between all the members of WIPO. The last round of negotiations included: Mexico, Australia, Canada, the European Union (represented by the European Commission), Spain, an unnamed EU member state, Japan, Korea, Morocco, New Zealand, Singapore, Switzerland and the United States.

Acta has raised several criticisms (see previous post in this blog) concerning both its content and the secretative approach with which negotiations were held as the  consolidated text of 2nd October shows:

The scope

An unresolved issue refers to the  scope of the agreement, for instance, in relation to border measures (see italics underlined part).

“ARTICLE 2.X: SCOPE OF THE BORDER MEASURES

In providing, as appropriate, and consistent with a Party’s domestic system of IPR protection and without prejudice to the requirements of the TRIPS Agreement, for effective border enforcement of intellectual property rights, a Party should do so in a manner that does not discriminate unreasonably between intellectual property rights and that avoids the creation of barriers to legitimate trade.

(…)

ARTICLE 2.X: BORDER MEASURES

1.

Each Party shall provide procedures for import and export shipments:

(a)            by which customs authorities may act upon their own initiative, to suspend the release of suspect goods; and

(b)            where appropriate by which right holders may request the competent authorities to suspend the release of suspect goods.

where appropriate,

2. situations where the goods are under Customs control:

Each Party may provide procedures for suspect goods in transit or in other

(a)            by which customs authorities may act upon their own initiative, to suspend the release of, or to detain, suspect goods; and

(b)            where appropriate, by which right holders may request the competent authorities to suspend the release of, or to detain, suspect goods.”

The inclusion of patents in enforcement measures at the border is one of the main concerns of civil society. This is particularly worrisome when it comes to public health border-enforcement measures related to patents within the European Union, which resulted in several stopped shipments of legitimate generic medicines in 2008. Although there are,provisions in the ACTA text addressing goods in transit within the border measures section, parties are still engaged in consultations on this issue.

Another controversial aspect is in the first paragraph under border measures,which refers to the product names associated with a particular place or characteristics. The compromise texts sets out a “certain principle” that signatories to ACTA must respect when putting into place enforcement mechanisms, but leaves open flexibilities for each member’s individual implementation. While some parties wants to include GIs, others think that ACTA should focus on issues of trademarks, counterfeiting and piracy.

On criminal enforcement, private acts of infringement will be excluded. Third-party liability has been removed from “Section 5: Enforcement of Intellectual Property Rights in the Digital Environment”. In this respect, third-party liability was a concern for internet freedom advocates . Several discussions surrounded the issue of the “three- strikes” legislation, which however is not included in the text.

Despite these aspects, technological protection measures remain in the digital section:

“Section 5: Enforcement of Intellectual Property Rights in the Digital Environment

ARTICLE 2.18: ENFORCEMENT IN THE DIGITAL ENVIRONMENT

1.            Each Party shall ensure that enforcement procedures, to the extent set forth in the civil and criminal enforcement sections of this Agreement, are available under its law so as to permit effective action against an act of intellectual property rights infringement which takes place in the digital environment, including expeditious remedies to prevent infringement and remedies which constitute a deterrent to further infringement.

2.            Each Party’s enforcement procedures shall apply to infringement of at least trademark and copyright or related rights over digital networks, including the unlawful use of means of widespread distribution for infringing purposes . These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity,

including electronic commerce, and, consistent with each Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.13

3.            Each Party shall endeavor to promote cooperative efforts within the business community to effectively address at least trademark and copyright or related rights infringement while preserving legitimate competition and consistent with each Party’s law, preserving fundamental principles such as freedom of expression, fair process, and privacy.

4.            Each Party may provide, in accordance with its laws and regulations, its competent authorities with the authority to order an online service provider to disclose expeditiously to a right holder information sufficient to identify a subscriber whose account was allegedly used for infringement, where that right holder has filed a legally sufficient claim of infringement of at least trademark and copyrights or related rights and where such information is being sought for the purpose of protecting or enforcing at least the right holder’s trademark and copyright or related rights. These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity, including electronic commerce, and, consistent with each Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.”

It is unclear what the procedure will be for resolving final outstanding issues (the one in italics, underlined and bold)..

The European Parliament has repeatedly reported the danger of having an anti-counterfeiting laws that endanger citizens’ fundamental freedoms (see Resolution of the European Parliament). Once MEPs learned that negotiations on the controversial agreement ended without their consent in Tokyo on Saturday (2 October), they called on the Commission to explain the matter at the earliest.

Besides the content of the agreement, the European Parliament has also criticised the Commission for not keeping it informed during the negotiations and for having denied access to ACTA documents.

For all these reasons Members of the European Parliament have asked the Commission to halt ACTA and have warned they will not give the agreement their approval, replicating the SWIFT case which took place at the beginning of the year.

While waiting for the next developments,  another post will therefore focus on the relation between governance and transparency.

LB

(to be continued)

The European Union and State Secrets: a fully evolving institutional framework

Many contemporary debates surround the issue of the treatment of confidential information and state secrets both in the United States (1) and the European Union (2) and questions have also been raised over the WikiLeaks phenomenon. It therefore seems timely to try to shed some light on the way confidential information is handled by the European Union institutions, especially since we now have the entry into force of the Treaties of the European Union, on the Functioning of the European Union and the now binding Charter of Fundamental Rights.

Clearly, it is not technically appropriate to talk about state secrets in the case of the European Union, since the latter remains an international organisation entrusted by its Member States to intervene only in those areas established by the founding treaties and to pursue those objectives established by the funding treaties (3). Nevertheless, the European order now spans such a wide range of competences and has developed such a direct relation between citizens and the institutions that the need for transparency and political accountability is as essential for the European Union as it is for its Member States.

As long as the institutions’ work was covered by professional secrecy, there was minimal risk of leaks and any undesirable impact at the national level during the negotiating phases of European measures. Problems related to a different perception of transparency/secrecy were paradoxically raised with the process of democratisation of the European institutions which, due to Maastricht, has been accompanied with the widening of competences. Additionally, and more importantly, the Amsterdam Treaty ensured that the right of access to documents of the Parliament, Council and Commission (art. 255 TEC) was recognised as a fundamental right of European citizens (and of those legally residing in the EU).

In theory, a fundamental right can only be limited by law (4), but the institutional framework resulting from the implementing measures of article 255 ( EC Regulation 1049/01) is a long way from defining a coherent regime of this sensitive topic. To obtain such a result it would have been necessary to mediate between two different juridical traditions which divided (and still divide) some countries; indeed, Northern Europe is traditionally more favourable to transparency needs whereas some southern countries prioritise the efficiency of the decision making process ahead of transparency (5).

This unresolved conflict is reflected in Regulation 1049/01, which regulates for two different regimes, respectively one of a general nature and one of a specific nature. The general one establishes transparency and the right of access to information as the general rule to which it is possible to derogate only under the provisions established by art. 4. Furthermore, it stems from the will of the author who submitted the document to the institution (whether that be another institution, a Member State or a third party). The ratio behind the suppression of the “author rule” as confirmed by the Court (6), is evidently that of avoiding that additional exceptions are added to those already foreseen by law (7), which would have the effect of nullifying the answer to the citizen requesting the access to a document or information (and therefore being incompatible with the principle of certainty of law).

Nonetheless, the general rule of Regulation 1049/01 also presents a significant exception to article 9 (8), which establishes a specific regime for the so-called “sensitive documents” defined as “… documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organisations, classified as ‘TRÈS SECRET/TOP SECRET’, ‘SECRET’ or ‘CONFIDENTIEL’ (9) in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defence and military matters.

The regime established in Article 9 is evidently a “lex specialis”, which is only applicable to the external affairs and defence matters (the former “second pillar “). However, it is also an incomplete regime because Regulation 1049/01 does not specify (as foreseen in art. 255 TEC which now is replaced by art. 15 TFEU) the general principles regarding the classification of “sensitive” documents. Although the legislator has abdicated its role and referred the decision to the institutions internal regulations, defining such a rule is not a mere organisational matter.

The official justification for this attempt at a ‘quick-fix’ in 2001 was related to the approaching deadline for the approval of the regulation, as foreseen by the Treaty. The real reason, however, was the impossibility to reach an agreement between the European Parliament and the Council over the adoption of NATO standards at the European level.

Due to article 9 and the fact that that it refers to the internal regulation of the institutions, some measures were introduced through the back door, since the internal regulations of the Council and the Commission (11) were accompanied by the need to have the author’s consent when classifying the document as “sensitive”(12).

In this way, not only have NATO standards become de facto the standards of reference for EU classified information (13), although (for the moment) limited to external and defence matters, but it also re-establishes the pre-Maastricht regime for EU citizens and institutions such as the European Parliament and the Court of Justice. Indeed, these actors cannot refer to the “right” of access to information, because the holding institution can always oppose it in the name of non compatibility with NATO standards of internal security regulations (14) or more simply, because the member state or third party (author or co-author) of the classified document does not give its consent to the transmission of the document.

The result is the existence of a conspicuous number of agreements between on one side the Council and the Commission, and the other side third countries, concluded on the basis of an unstable institutional framework (15). Recently, the same agreements have also been concluded by EU agencies such as Europol, Eurojust or Frontex (and therefore outside of the so-called second pillar), on the basis of which the institution and/or the agency (although negotiating on behalf of the European Union) (16) accept that the third country may oppose access to information to EU citizens and even the Parliament and Court.

It is therefore legitimate to wonder about the extent to which this situation is compatible with a European order, allegedly based on the principle of representative democracy (17), fundamental rights and citizenship (18), especially following the entry into force of the Treaty of Lisbon. The issue becomes even more urgent in view of the passage to the ordinary legislative regime and to the (almost) total control of the Court of sensitive matters such as police, internal security and intelligence cooperation (which are increasingly labelled as classified information).

Without effective transparency, risks of abuse or “policy laundering” become too high. This risk is also linked to the reproduction of unwanted situations where information in the field of defence and external affairs (Chapter 2 of the EU Treaty) are kept hidden, not only from the European Parliament for the reasons illustrated above, but also form the national parliaments as the information is regarded as a “European” secret. In this context, the national parliaments arguably receive the same level of access as a third country.

Therefore, the result would be the complete absence of a counterbalance mechanism which should characterise every democratic system and which would be strengthened by these security and defence policies under the formal coverage of European “executive privilege”, which not even the President of the United States of America has ever dreamt.

Luckily, the situation is less worrisome in other parts of the treaties, for example where it is established that the European Parliament must ratify international agreements. In this case, the same Treaty foresees that the Parliament “shall be immediately and fully informed at all stages of the procedure” (art. 218 par. 10 TFEU). This should effectively prohibit the Commission (negotiating the agreements) and the Council (concluding the agreements) from being able to make excuses in order to not reveal all the information.

Indeed, the European Parliament has made reference to these provisions throughout the negotiations on SWIFT, ACTA and the access of the EU to the European Convention on Human Rights. This initiative raised disconcert from the Council and Commission, who obviously realise how difficult it is to maintain two different regimes in the field of classified information depending on whether the negations of the agreements are conducted on the basis of Article 218 TFEU or on the basis of the competences in the field of security and defense (which are based on Article. 9 of Regulation 1049/01 and/or the internal organisation competence of the Council, Commission and security agencies). If in theory it is possible, although difficult, to differentiate between these two agreements at the European level, it turns into a “probation diabolica” to explain  to a third country why matters such as  the fight against terrorism may sometimes refer to an ordinary regime (article 218 TFEU) or to an extraordinary regime (art. 9 1049/01)

The process of re-negotiating the inter-institutional agreements concerning the European Parliament’s access to classified information is ongoing. A first draft agreement will be reviewed by the Committee on Constitutional Affairs of the European Parliament and a second one will take place between the European Parliament and the Council to modify the 2002 agreement applying Regulation 1049/01 (20).

The problem is that some expression of this agreement (not ratified yet) seem to extend the preventive consent to de-classify the document given by the author from the exceptions of defence and security issues to all the matters of competences of the European Union. Such an iron grip would put the European Parliament in a position leading to its abdication  (21) of the right/duty to exercise the democratic control foreseen by the treaty.

However, the issue remains undefined and contradicting signals are coming from the High Representative. This is important as the High Representative is about to adopt a declaration accompanying the decision which establishes the organisation and functioning of the European external service which “ (…) will be applied mutatis mutandis by the High Representative for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.”

It remains to be seen whether the European institutions will be able to finally overcome the long-lasting inconsistencies of the Regulation 1049/01 by establishing a European matter also in the field of the state secrets or whether, by carrying on the current, judicially confusing paths, once again the task of clarification will be left to the Court.

EDC

NOTE

(1) See the fundamental investigation of the Washington Post on the possible abuses of the documents’ classification from the USA administration since 9/11.

(2) See the current debate at the COPASIR concerning the revision of the Italian law on the “services” and the treatment of the state secret (L. 124/2007)

(3) Concept reaffirmed by the German Constitutional Court in several occasions (including 2009 with the famous Lisbon Urteil) the Union cannot gives itself different or wider competences than those granted by the Member State.

(4) As foreseen by the Member States’ constitutions and by the ECHR.

(5) This is an expression also used by article 207 of the “old” EC Treaty but that the Council has always interpreted as the conditions that allow the representatives of the Member States to change their negotiating positions in complete discretion according to circumstantial needs)

(6) This principle has been reaffirmed also recently by the Court of Justice

Case C‑64/05 P Kingdom of Sweden vs Commission of the European Communities (see: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:62005J0064:EN:HTML )

(7) In the case of a member State it could be requested to see applied its own national regime and in the case of a third country needs

(8See:  http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:145:0043:0048:IT:PDF

(9) Strangely enough the Italian version of the Regulation 1049/01 only refers to the category of the “confidential” documents.

(10) It is “…public interest safeguards, namely:— public order, — safeguard of military matters — International relations, — financial, monetary or economy policy  of the Community or Member states

(11)See Council decision 2001/264/CE  19  march 2001 adopting internal security regulation OJ n°101,  11.04.2001 modified following the entry into force of the Lisbon treaty.

(12) The “considering” 15 of the regulation invited the Member states to respect in the name of the principle of loyal cooperation the classifications established by the European institutions so as to avoid leaks related to National security matters “ Even though it is neither the object nor the effect of this Regulation to amend national legislation on access to documents, it is nevertheless clear that, by virtue of the principle of loyal cooperation which governs relations between the institutions and the Member States, Member States should take care not to hamper the proper application of this Regulation and should respect the security rules of the institutions.

(13) European Classified Information  (EUCI)

(14) For obvious reasons and given the peculiar nature and constitutional mission of the European Parliament or the court of Justice.

(15) See as a last example the agreement between the EU and Liechtenstein concerning the security procedures for the Exchange of classified information http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:187:0002:0004:EN:PDF

(16) Art. 3 of the above mentioned agreement establishes that  “the European Council, the Council of the European Union (hereinafter referred to as ‘the Council’), the General Secretariat of the Council, the High Representative of the Union for Foreign Affairs and Security Policy, the European External Action Service (hereinafter: ‘the EEAS’) and the European Commission. For the purposes of this Agreement, these institutions and entities shall be referred to as ‘the EU»

(17) Artt. 9-12 of the TEU in specific art. 10

(18) Artt.18-24 TFEU

(19). See for example the regime for the treatment of classified information foreseen by the Decision of the Council establishing Europol http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2009:121:SOM:EN:HTML and the implementing measures concerning the exchange of information with third countries: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:325:0006:0011:EN:PDF. These provisions, which entered into force in January 2010 should be interested on the basis of the regime before the entry into force of the Lisbon Treaty in virtue of the transitory provisions foreseen by protocol  n° 36.

(20) The text of the inter-institutional agreement EP-Council is available at:  http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2002:298:0001:0003:EN:PDF

(21) Obviously it would be only a de fact abdication given that the inter-institutional agreement cannot modify a juridical situation defined by a treaty. However, the signal is worrying as much as the stall of the revision of Regulation 1049/01 and the juridical vacuum under which the EU institutions (and agencies) are now operating, since they should have defined their own norms in the field of transparency/confidentiality on the basis of principles that still need to be defined after Lisbon.

(22) See in specific the declaration f the high represntative:http://register.consilium.europa.eu/pdf/it/10/st12/st12401-ad01.it10.pdf ) “.. The results of the ongoing negotiations on the Framework Agreement between the European Parliament and the Commission on negotiations of international agreements will be applied mutatis mutandis by the HR for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.. (…) 4. The present system of providing confidential information on CSDP missions and operations (through the IIA 2002 ESDP EP Special Committee) will be continued. The HR can also provide access to other documents in the CFSP area on a need to know basis to other MEPs, who, for classified documents, are duly security cleared in accordance with applicable rules, where such access is required for the exercise of their institutional function on the request of the AFET Chair, and, if needed, the EP President. The HR will, in this context, review and where necessary propose to adjust the existing provisions on access for Members of European Parliament to classified documents and information in the field of security and defence policy (2002 IIA ESDP). Pending this adjustment, the HR will decide on transitional measures that she deems necessary to grant duly designated and notified MEPs exercising an institutional function easier access to the above information..”

SWIFT II: bridging the gap or limiting the damage?

A few months after the rejection by the European Parliament of the Interim Agreement on TFTP between the European Union and the United States of America, a new agreement is under way, after it was signed on 28 June 2010 and will most probably be voted during the plenary in July (5-8).

The new text addresses some of the concerns of the European Parliament. In particular:

  • It provides higher data protection standards: right to access to data; exclusion of SEPA data; rectification; erasure; administrative and judicial redress, link to the negotiations with the US on general transatlantic data protection framework
  • It clarify the definition of terrorism: Article 2 of the proposal builds on the definition of terrorism on the approach of Article 1 of Council Framework Decision 2002/475/JHA
  • It progresses on limitation in the transfer of bulk data: criteria for requesting and providing data.
  • It narrows down the procedures for onward transfers of personal data to third countries: prior consent of the Member State (of the nationality of the data subject) will be required, except for emergency situations
  • It foresees the possibility to look again the retention period for transferred but non extracted data: 5 years but after 3 years the issue will be looked at again to look for a shorter period
  • It introduces a statement on the right to redress: statement to ensure that any redress does not discriminate between EU and US citizens.
  • It foresees the possibility to develop an EU TFTP
  • It establishes a review mechanism: 6 months after entry into force, then every year there will be ad hoc reviews, reports to Council and European Parliament. The agreement will already contain list of subjects including data protection for the review; review team will include experts on security and data protection.
  • It foresees the possibility to suspend the agreement: it kept a clause for suspension of the agreement if breach happens. No reason is required if a 6 months notice is made in advance.
  • It introduces the examination of US subpoena: examination of the proportionality of the US Subpoena will be done by Europol
  • It also clarifies the territorial application.

Despite these improvements, the agreement keeps a series of contested aspects (see Working Party 29EDPS opinion, EDRI article), mainly derived from the social and cultural differences between Europe and the USA in their approach to privacy.

From a European perspective, the Treaty of Lisbon and the European secondary legislation establish stringent safeguards in regard to the rights of data subjects. Although according to the European legislation it is possible to use data initially collected for commercial aims for law enforcement purposes, a series of principles such as purpose limitation should be respected. Purpose limitation is interlinked with the principle of adequacy, which is put into charge by independent authorities responsible to ensure the respect of such principles.

At the European level, data protection against public authorities aims at guaranteeing the freedom of the individual in absolute terms, with justified exceptions. On the contrary, in the United States, this level of freedom does not apply in relation to the public authorities since what the US law establishes is that privacy should be reasonably protected but not in absolute terms.

Specifically, when it comes to the exchange of data for law enforcement purposes, such freedom is limited due to the very nature of TFTP, dominated by its national security component. Indeed, the TFTP builds upon three legislations: the Executive Order 13224, the International Emergency Economic Powers Act and the Patriot Act. It mainly serves the interest of intelligence agencies (CIA) and remains based on the principle of exceptionality where the fight against terrorism prevails over the rights of individuals.

The European Parliament clearly saw this risk and in its resolution it introduced a series of data protection safeguards clearly re-stating the necessity to respect the principles of purpose limitation, effective supervision and redress mechanisms.

Taking into account these criteria, the new TFTP agreement introduces the monitoring and oversight by independent overseers (Article 12).

It has to be reminded that the USA do not have any supervisory authority for enforcing data protection in US territory. However, the American administration had to come to a compromise with the Europeans in this respect, also in relation to the future general EU-US agreement, which will set forth general principles valid for all specific transfer agreements.

This represents the most important novelty of the second TFTP. It is a first brick necessary to build a bridge between the EU and the US models. Indeed, the introduction of independent authorities will contribute to the establishment of a legally binding and enforceable personal data protection standards that will ensure the protection of individuals’ fundamental rights and freedoms in a EU-US framework.

Under the Commission’ proposal the transfer or processing of personal data by EU or US authorities would only be permitted for specified, explicit, legitimate purposes in the framework of the fight against terrorism and will include the right to redress, to correct or erase inaccurate data.

Keeping these elements in mind,  which model prevails?

At first sight, the American one. Indeed, the US privacy act does not apply to the TFTP agreement. Furthermore, the US Privacy Act court clauses only apply to US citizens and residents. Therefore  no right of judicial review for foreign citizens and residents apply under the US law.

However, the agreement contains some interesting elements which represent a step forward compared to the previous system. For example it puts into place an independent data protection authority to guarantee the enforcement of the necessary safeguards to ensure an effective data protection.

Furthermore, the discussions over the general EU-USA data protection agreement provide the opportunity to:

– include in all future agreements a reference to authorities competent for the data protection enforcement;

– introduce mechanisms for an effective right to redress;

– introduce a mechanism to ensure compliance with the principles established.

It remains to be seen whether such progresses will then lead to a change in the US approach to individuals’ rights, now limited by the fact that all individuals are considered alleged suspects. Although ambitious, this is a necessary step to bridge the two different EU-US data protection and privacy systems. Otherwise, it may well represents only an attempt to limit the damage.

Leda Bargiotti

SWIFT and PNR resolutions adopted by the European Parliament

The European Parliament adopted on the 5th May 2010 the two resolutions on SWIFT and PNR:

European Parliament resolution of 5 May 2010 on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the European Union and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing

European Parliament resolutionof 5 May 2010 on the launch of negotiations for Passenger Name Record (PNR) agreements with the United States, Australia and Canada

Action Plan on the Stockholm Programme released by Statewatch

European Commission: Stockholm Programme: Statewatch Analysis: Action Plan on the Stockholm Programme: A bit more freedom and justice and a lot more security (pdf) by Tony Bunyan: “The “harnessing of the digital tsunami” as advocated by the EU Future Group and the surveillance society, spelt out in Statewatch’s “The Shape of Things to Come” is embedded in the Commission’s Action Plan as it is in the Stockholm Programme….There is no mention of the European Security Research Programme (ESRP). Much of the technological development is being funded under the 1.4 billion euro security research programme. See: Statewatch/TNI report: Neoconopticon: EU security-industrial complex.

Statewatch Briefing: European Commission: Action Plan on the Stockholm Programme (pdf) Comments by Professor Steve Peers, University of Essex – Full-text: Communication from the Commission: Delivering an area of freedom, security and justice for Europe’s citizens Action Plan Implementing the Stockholm Programme (COM 171/2010, pdf)

http://www.statewatch.org/


Freedom on the Internet at risk

The freedom on the Internet is increasingly at risk, as the following three recent examples demonstrate: the on-going secret negotiations on the ACTA agreement, the conviction of three Google executives by an Italian prosecutor and the new approach of Google to China.

Hence, following the digital platform debate hosted by the European Parliament on 24 March 2010 and far from entering into the merit of the specific cases, they will be used as a useful starting point to make some reflections concerning the principle of freedom on the internet as a fundamental aspect to fulfil the more general right to freedom of expression. Firstly, the principle of liability will be investigated, then the ‘commercial purpose’ criterion followed by an overview of some of the sanctions under scrutiny to limit Internet access will be illustrated.

The liability principle

The principle of liability is fundamental to understand what is stake when dealing with measures limiting the freedom on the Internet, hence it is necessary to understand what it means.

Such a principle may have a strict application (strict liability system) or a lighter application (with-fault liability system) and can be applied to individuals and companies having a direct relation with the content of material (being copyrighted, harmful, private or defamatory) as well as to intermediaries, such as Internet Service Providers (ISP). This analysis will mainly focus on the latter, although it will also refer to the former when exploring the ‘commercial purpose’ criterion.

A strict liability system foresees the possibility to held responsible an ISP regardless of its knowledge and control over the material that is disseminated through its facilities. This system may be indirectly established by imposing, an obligation to monitor all the material that is posted on the Internet by private actors.

On the contrary, a with-fault liability system foresees that an ISP is held responsible only if it intentionally violates the rights of others, either by knowing that there is some material on the Internet that violates someone’s rights or if it has certain hints on the existence of certain material infringing someone’s rights.

At the European level, the relevant provision is Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), which in articles 12 -15 does not establish a general liability regime applicable to ISPs. Instead, it provides for a system of specific liability exemptions.

This means that in cases where the ISPs provide a specific service (mere conduit, caching, and hosting) and comply with a series of requirements, they will not be held liable for the services performed. The limitations apply only to liability for damages because the last paragraphs of Articles 12, 13, and 14 of the Directive establish that Member States retain the right to require the ISPs to terminate or prevent known infringements.

Following the conviction of three Google executives by an Italian prosecutor, questions were raised on whether IPSs can be considered liable over the content distributed by users even when they are not aware of the existence of such material.

In this regard, Mark Rotenberg rightly pointed out that a distinction should be made between responsibility over the content and ways to make profit out of displayed material.

Hence, although ISPs are not responsible over the content as such they may be considered responsible if they use it to make profit out of it.

The commercial scale criterion

This point was also discussed during the above-mentioned digital platform, namely in relation to whether and under which circumstances a physical person or legal entity (hence not limiting the analysis to ISPs) can be considered liable of infringing owners’ rights.

According to the European Data Protection Supervisor ‘s opinion on the ACTA negotiations “(…) the ‘commercial scale’ embodied in the IPRE Directive is a very appropriate element to set the limits of the monitoring in order to respect the principle of proportionality”. Hence, according to the EDPS, sanctions can be imposed if the alleged infringements have a commercial scale.

However, this criterion may lead to any kind of interpretation and this vagueness is not justifiable, especially when individuals may face not only civil but also criminal prosecutions and convictions.

Therefore, in case of the unfortunate approval of such an agreement, the criterion of “commercial intent”, seems more appropriate to limit the scope of the sanctions, as pointed out by Mr Zimmermann during the Digital Platform meeting on 24 March 2010.

What is more, it has not been demonstrated yet that file sharing damages the commercial interest of rights owners. As the Draft report on enhancing the enforcement of intellectual property rights in the internal market (Gallo report) points out, these assumptions based on “data concerning the scale of IPR infringements are inconsistent, incomplete, insufficient and dispersed”.

Sanctions

Despite these loopholes, Member states have (France) or are very close to (United Kingdom) put into place measures to suspend or block Internet to users infringing owners rights.

Also the ACTA agreement contains such an option despite the fact the European Commissioner Mr De Gucht stated that ” The ‘three-strike rule’ or graduated response systems are not compulsory in Europe. Different EU countries have different approaches, and we want to keep this flexibility, while fully respecting fundamental rights, freedoms and civil liberties. The EU does not support and will not accept that ACTA creates an obligation to disconnect people from the internet because of illegal downloads.”

Denying access to the Internet represents indeed a violation of fundamental rights, freedoms and liberties. As the Gallo report and the European Data Protection Supervisor correctly remind, these measures already exist and are provided for by Directive 2004/48/EC on the enforcement of intellectual property rights on the internal market and since from the point of view of the protection of rights their inefficacy has not been assessed they should be considered as alternative options.

In conclusion, using the words of decision n. 2009/580 (EN) of the French Constitutional Council:

“The free communication of ideas and opinions is one of the most precious rights of man. Every citizen may thus speak, write and publish freely, except when such freedom is misused in cases determined by Law”. In the current state of the means of communication and given the generalized development of public online communication services and the importance of the latter for the participation in democracy and the expression of ideas and opinions, this right implies freedom to access such services.”

The next round of the ACTA negotiations will take place in New Zealand on 12-16 April 2010 and their discussions on Internet, civil, customs and penal measures will be followed as closely as possible, while waiting for a real open debate with stakeholders.

L.B.

On the BVG ruling on Data Retention: “So lange” – here it goes again…

As mentioned a couple of weeks ago in the blog (10 January 2010 – Directive on data retention: now the floor goes to the German Constitutional Court) the German Constitutional Court was preparing to make a decision about the German internal application of the controversial Data Retention Directive (2006/24/EC), demanding telecommunication data retention from 6 months till 2 years. Some historical background is provided in the above mentioned blog. On March 2 the decision has arrived (1 BvR 256/08 , 1 BvR 263/08 , 1 BvR 586/08). And what a decision it is. It is of the same work as the famous decision in Marbury v. Madison presided over by John Marshall. The German Federal Constitutional Court (Bundesverfassungsgericht) avoided a direct conflict with the ECJ but showed once again that it will take its prerogatives very seriously regarding the protection of human rights and annulled the German provisions applying the Directive.

Continue reading “On the BVG ruling on Data Retention: “So lange” – here it goes again…”

Anti-Counterfeiting Trade Agreement (ACTA): towards a legalised regime of privacy invasion?

The European Union, represented by the European Commission, is negotiating – since 2007- a Multilateral Agreement on Anti-Counterfeiting Trade (ACTA) with nine other countries, including the United States of America, Australia, Canada, Japan, Korea, Mexico, Morocco, New Zealand, Singapore, and Switzerland.

The purpose of such an agreement is to strengthen the enforcement of Intellectual Property Rights (IPR) and to combat large-scale counterfeiting and piracy by defining a legal framework for the enforcement of IPR in particular in the digital environment via:

  • increased international cooperation and
  • deployment of IPR enforcement practices.

Due to the potential impact that such an agreement may have on individuals’ privacy, the implications related to each of the above-mentioned elements should be carefully evaluated in view of the respect of fundamental rights.

Continue reading “Anti-Counterfeiting Trade Agreement (ACTA): towards a legalised regime of privacy invasion?”

The first EU steps towards the accession to the European Convention of Human rights

The European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) debated on February 23rd the state of the play of the EU accession to the European Convention of Human Rights (ECHR).

The accession is imposed by Article 6 TEU and its main impact will be the creation of an additional layer of protection of fundamental rights in the EU legal order. This entails the possibility to challenge before the European Court of Human Rights (ECtHR) also EU acts if they breach the fundamental rights of an individual (see my previous post here).

Continue reading “The first EU steps towards the accession to the European Convention of Human rights”