The new proposal on the security of EU informations: transforming the EU “Bubble” in an EU “Fortress” ? (3)

3. How the INFOSEC proposal builds a wider, but still incomplete, legal framework for EU Classified informations (EUCI)

“The core of the proposed Regulation on the security of EU information (hereafter the INFOSEC proposal) concerns the creation and management of EU classified information (EUCI). In doing so, it substantially modifies Article 9 of Regulation 1049/2001, which deals with public access (or not) to so-called “sensitive documents”.

According to that article:

“Sensitive documents are documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organizations, classified as ‘TRÈS SECRET/TOP SECRET’, ‘SECRET’ or ‘CONFIDENTIEL’ in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defense and military matters.”

Paragraph 3 of the same article also makes clear that: “Sensitive documents shall be recorded in the register or released only with the consent of the originator.”

Paragraph 7 says: “The Commission and the Council shall inform the European Parliament regarding sensitive documents in accordance with arrangements agreed between the institutions.”

It should be noted that Article 9 of Regulation 1049/2001 was a “fast and dirty” solution for a problem which arose in July 2000: Javier Solana, newly appointed Secretary General of the Council, negotiated with the new NATO Secretary General, Mr Robertson, an administrative arrangement with NATO on the exchange of classified information with the Council of the EU. However, that arrangement was challenged before the Court by the European Parliament (EP) and the Dutch government, because they considered that it limited a citizen’s fundamental right of access to documents, and exceptions to such fundamental right should have been framed by law.

At the time, the negotiation of Regulation 1049/01 was under the pressure of a deadline established in the Treaty. The reference to “sensitive” documents was added at the end of the legislative procedure and, because of this, the EP and the Dutch government withdrew their case before the Court.

Unfortunately, it was a Pyrrhic victory – it soon became clear that Article 9 of Regulation 1049/2001 was (and still is) a rather elusive and patchy framework for EU classified information.

A number of points can be made in this regard:

a) It does not regulate how the information should be classified and declassified in the interests of the EU, as opposed to the interests of the originator (whether that be a member State, EU institution, agency or body). Quite the contrary – by transferring the definition of these aspects to the internal security of each institution it paved the way to different standards and the very well-known risk of over classification.

b) It foresees a very weak framework for parliamentary oversight. By making reference to interinstitutional agreements and not codifying in secondary law the EP’s constitutional right to oversee classified information, it places the institution in an ancillary position. It is unfortunate that the EP has not fought until now to obtain treatment comparable to the one reserved for national parliaments with regard to their governments.

The solutions may be different, and special procedures and perhaps even special parliamentary bodies may be needed, but a stronger EP role is more than necessary because this lack of oversight will not be covered at national level – governments will declare that they are barred from revealing the information because it is classified at “European” level! Moreover, the instrument of an “interinstitutional agreement/arrangement” as currently foreseen by Article 295 of the Lisbon Treaty has strong constitutional limitations. As the Council Legal Service itself recognized in 2018: “The wording of the provision (NDR art.295 TFEU), and notably the use of the term ‘arrangements’, points to the fact that IIAs are instruments for regulating the modalities of cooperation and not for the regulation of substantive policy areas.”

It is thus quite surprising that, since the first Interinstitutional Agreement in 2002, the European Parliament has not asked for a sturdier legal basis for its oversight power.

With the adoption of the INFOSEC Regulation the situation will become even worse, because the EP will be obliged to negotiate interinstitutional agreements with all the other EU institutions, agencies and bodies if access to classified information is necessary for fulfilling its own constitutional role. From the outside, 21 years after the first interinstitutional agreement, the fact that the EP is still negotiating the revision of the 2002 interinstitutional agreement on access to classified information in the Common Security and Defence Policy (CSDP) area instead of creating a true legislative legal basis for its oversight may look to some like a form of Stockholm syndrome. To exit from such an impasse would not be wise for the European Parliament to study the more suitable model by looking at the experience of the major EU Member States and, even of the USA ?

c) Article 9 recognises, albeit only in the domain of “sensitive” documents and information, the so-called “originator privilege” or “author rule.” This is an exception to the general philosophy of Regulation 1049/2001, as made clear in Article 4(5):

“A Member State may request the institution not to disclose a document originating from that Member State without its prior agreement.” The point was, and still is, that the EU institutions may only by bound by law and not by the will of an “author”, even if it were an EU member state, a point confirmed in the jurisprudence of the Court of Justice of the EU.

What the INFOSEC proposal does is to transform the exception of the “originator principle” in a rule. But, by recognizing to each EU Institution, Agency and Body the power of classify information in the interest of the EU it does not establish a mechanism which may verify that the EU interest is adequately by the classification or if it has been abusively established. For instance, an oversight power may be recognized to the European Commission or to the Ombudsman to decide if a document/information created by the EU Agencies should be declassified.

Clear rules on this point at INFOSEC level, may prevent from happening, other “incidents”, such as the one which occurred between Europol, the Ombudsman and the Commission, in 2015 when the Ombudsman asked to inspect the report of Europol’s Joint Supervisory Body (JSB) on the implementation of the EU-US Terrorist Finance Tracking Programme Agreement ( see https://www.ombudsman.europa.eu/fr/case/en/42114 )

d) It does not foresee a judicial oversight of classified information. Today it is still up to the originator to decide whether or not to give the Court of Justice access to classified information. This is not a rhetorical question: it has already happened that the Council did’nt answer positively to a Court of Justice request of having access to classified informations. As Deirdre Curtin remind us in her essay Top Secret Europe: “…in the OMPI case (*) on the blacklisting of terrorists by the UN and within the EU context, the Court said clearly that the Council could not base its decision on information that is not revealed to the Court.” ( Case T-248/08, People’s Mojahedin Organization of Iran v Council (OMPI III) para 73). It is worth recalling that in some Countries such as the USA

e) It does not solve the problem of sharing of “sensitive information” between entities which have a legitimate “need to know.” Instead, as Article 9 is focused on the security of each author of “sensitive information” and does not refer to common legislative standards, this has been done until now by the Council. This institution remains the main creator and exchanger of classified information, and has imposed via bilateral agreements with all the other EU institutions, agencies and bodies its internal security rules which, in turn, mirror the NATO standards. It is because of the legal fragility of this “de facto harmonisation” that the Commission has decided to launch a legislative initiative establishing at secondary law level the principles which should be respected in this domain inside the EU.

However, the solution envisaged in the INFOSEC proposal still does not address the main weaknesses of Article9 of Regulation 1049/2001 nor the weaknesses of the Council Internal Security Rules which are proposed to become the common EU standard. . In fact, in some cases it makes the situation even worse.

A useful example can be seen in the EU security agreements with third countries and international organizations on the exchange of classified information foreseen by articles 55-68 of the INFOSEC proposal.

The proposal requires, as a rule, that these agreements be negotiated and concluded according to Article 218 of the Lisbon Treaty, which will finally give the possibility for the EP to give its consent and to be fully and timely informed of the agreements’ content. But INFOSEC foresees also the possibility of continuing with “executive” arrangements which can be negotiated not only by the Council but also by other EU Institutions, agencies and bodies without associating the EP. That exclusion of the EP has been , unfortunately, until now the case and dozens of international agreements have been negotiated by the Council using Article 13 of its internal security rules as a legal basis.

Now, if the INFOSEC proposal is adopted not only the Council but also all the other EU Institutions Agencies and bodies will have a legal basis for negotiating and concluding these executive “arrangements”. It would be wise to make clear in the INFOSEC proposal that the arrangements shall foresee that, because of the EU’s constitutional framework, no veto can be exercised over the transmission of classified information to the EP and to the CJEU.

4. Summing up: by endorsing the INFOSEC legislative proposal is the EP shooting on its Foot ?

(EUROPEAN LAW BLOG) EU/US Adequacy Negotiations and the Redress Challenge: How to Create an Independent Authority with Effective Remedy Powers (2)

16 FEBRUARY 2022/ BY THEODORE CHRISTAKIS, KENNETH PROPP AND PETER SWIRE

Can the U.S. Government create, by non-statutory means, an independent redress authority capable of providing an effective remedy for a European person who believes that her or his rights have been infringed by an intelligence service? In this article we put forward a novel non-statutory solution that could resolve the “redress” problem in the EU/US adequacy negotiations. This solution is based on three “building blocks” inspired by methods utilized in U.S. administrative law. First, the U.S. Department of Justice should issue a binding regulation creating within that executive agency an independent “Foreign Intelligence Redress Authority” (FIRA). Second, the President should issue a separate Executive Order providing the necessary investigative powers and giving FIRA’s decisions binding effect across the intelligence agencies and other components of the U.S. government. Finally, European individuals could obtain judicial review of an independent redress decision by using the existing Administrative Procedure Act.

Our first article, published on January 31, concentrated on whether the U.S. Congress would necessarily have to enact a new statute in order to create an adequate redress mechanism. We examined political, practical, and U.S. constitutional difficulties in enacting such a statute. Based on careful attention to EU law, we concluded that relying on a non-statutory solution could be compatible with the “essential equivalence” requirements of Article 45 of the EU’s General Data Protection Regulation (GDPR), if the requisite substantive protections for redress were put into place.

This article examines, from both a U.S. and a European law perspective, measures that could address the substantive requirements, notably the deficiencies highlighted by the Court of Justice of the European Union (CJEU) in its Schrems II judgment: independence of the redress body; its ability to substantively review the requests; and its authority to issue decisions that are binding on the intelligence agencies. We discuss only the redress issues highlighted by the CJEU. We do not address here the other deficiency cited by the Court — whether U.S. surveillance statutes and procedures sufficiently incorporate principles of “necessity and proportionality” also required under EU law.

Part I of this article explains how the U.S. executive branch could create an independent administrative institution to review redress requests and complaints. The institution, which we call “FIRA”, would be similar in important ways to what in Europe is considered as an independent administrative authority, such as the several surveillance oversight/redress bodies operating in Europe and listed in the EU Agency for Fundamental Rights’ (FRA) 2017 comparative study on surveillance (p. 115 – in France, for example, the National Commission for Control of Intelligence Techniques, CNCTR). We submit that, in the U.S., such an institution could be based on a binding regulation adopted by the Department of Justice (DOJ). Despite being created by the executive branch, the independence of FIRA will be guaranteed, since leading U.S. Supreme Court precedent considers such a regulation to have binding effect and to protect members of the redress authority from interference by the President or the Attorney General.

Next, Part II of this article assesses how the U.S. executive branch could provide the necessary investigatory powers for FIRA to review European requests and complaints and to adopt decisions binding upon intelligence agencies. This could be done through a Presidential Executive Order that the President may use to limit executive discretion.

Finally, Part III of this article discusses the important question of whether the ultimate availability of judicial redress is necessary under EU law and whether there is a path under U.S. law to achieve it, despite the 2021 Supreme Court decision in the TransUnion case limiting standing in some privacy cases. We examine reasons why judicial review of decisions by the independent FIRA may not be required under EU law. Nonetheless, we describe a potential path to U.S. judicial review based on the existing Administrative Procedure Act.

I. Creating an Independent Redress Authority

Based on our discussions with stakeholders, the most difficult intellectual challenge has been how a redress authority can be created within the executive branch yet have the necessary independence from it. We first present the EU criticisms of the Privacy Shield Ombudsperson approach, and then explain how a binding regulation issued by DOJ can address those criticisms satisfactorily.

1. Identifying the problems of independence with the previous Privacy Shield mechanism

Four criteria for independence of the redress body have been identified by EU authorities in their critiques of the Ombudsperson approach included in the 2016 Privacy Shield.

a) Protection against dismissal or revocation of the members of the redress body

A crucial measure of independence under EU law, is protection against removal of any member of the independent body. In Schrems II, the CJEU noted there was “nothing in [the Privacy Shield Decision] to indicate that the dismissal or revocation of the appointment of the Ombudsperson is accompanied by any particular guarantees” (§195), a point previously made in 2016 by the Article 29 Working Party (WP29) when it observed “the relative ease with which political appointees can be dismissed” (here, p. 51). Protection against removal is also recognized under U.S. law and a key indicator for independence.(1)

b) Independence as protection against external intervention or pressure

Protection against external intervention is a major requirement for a redress authority, as stated by the Advocate General in his 2019 Schrems II Opinion:

“The concept of independence has a first aspect, which is external and presumes that the body concerned is protected against external intervention or pressure liable to jeopardise the independent judgment of its members as regards proceedings before them” (note 213).

By contrast, the Ombudsperson in the original Privacy Shield was “presented as being independent of the ‘intelligence community’, [but] (…) not independent of the executive” (§ 337).

c) Impartiality

In the same opinion, Advocate General Saugmandsgaard Øe stressed (and the CJEU endorsed), the importance of impartiality: “The second aspect of [independence], which is internal, is linked to impartiality and seeks to ensure a level playing field for the parties to the proceedings and their respective interests with regard to the subject matter of those proceedings” (note 213, emphasis added).

d) Relationship to the intelligence community

In its 2015 study on surveillance, FRA noted that there is a “Goldilocks” challenge concerning the ties between redress bodies and intelligence agencies: “While ties that are too close may lead to a conflict of interest, too much separation might result in oversight bodies that, while independent, are very poorly informed” (p. 71). In 2016, the WP29 found that the Privacy Shield solution did not appropriately respond to this challenge:

“The Under Secretary is nominated by the U.S. President, directed by the Secretary of State as the Ombudsperson, and confirmed by the U.S. Senate in her role as Under Secretary. As the letter and the Memorandum representations stress, the Ombudsperson is ‘independent from the U.S. Intelligence community’. The WP29 however questions if the Ombudsperson is created within the most suitable department. Some knowledge and understanding of the workings of the intelligence community seems to be required in order to effectively fulfil the Ombudsperson’s role, while at the same time indeed sufficient distance from the intelligence community is required to be able to act independently.” (p.49)

2. How the creation of FIRA by DOJ Regulation could fix these problems

To date, despite insightful discussions of the challenges, we have not seen any detailed public proposals for how the U.S. executive branch might create a redress institution to meet the strict EU requirements for independence.(2) One innovation, which we understand that the parties might now be considering, could be a binding U.S. regulation, issued by an agency pursuant to existing statutory authority, to create and govern FIRA. Crucially, leading U.S. Supreme Court cases have given binding effect to a comparable regulation, even in the face of objections by the President or Attorney General.

a) Binding DOJ regulation to ensure independence of the FIRA

The Department of Justice could issue a regulation to create FIRA and guarantee its independent functioning. It could guarantee independence for the members of FIRA, including protections against removal, in the same fashion.

Under the U.S. legal system, such an agency regulation has the force of law, making it suitable for defining the procedures for review of redress requests and complaints. DOJ regularly issues such regulations, under existing statutory authorities, and pursuant to established and public procedures. To protect against arbitrary or sudden change, modifying or repealing the regulation would require following the same public procedural steps as enacting the regulation in the first place did. In Motor Vehicles Manufacturers Association vs. State Farm Mutual Automobile Insurance Co., the Supreme Court held that since a federal agency had the discretion to issue a regulation initially, it would have to utilize the same administrative procedures to repeal it.

In an EU/U.S. framework for a new Privacy Shield, the U.S. Government unilaterally could commit to maintain this DOJ regulation in force, and the European Commission could reference the U.S. commitment as a condition of its adequacy decision. This would provide both to the EU and to members of FIRA a guarantee against revocation of the regulation ensuring that the authority would act independently.

b) Supreme Court precedents protect against external intervention or pressure

During the Watergate scandal involving then-President Richard Nixon, the Department of Justice issued a regulation creating an independent “special prosecutor” (also called “independent counsel”) within that department. The special prosecutor was designed to be independent from Presidential control, with the regulation stipulating that he could not be removed except with involvement by designated members of Congress.

Acting within the powers defined in the regulation, the special prosecutor issued a subpoena for audio tapes held by the White House. The President, acting through the Attorney General, objected to the subpoena. In a unanimous 1974 Supreme Court decision, United States v. Nixon, it was held that the special prosecutor’s decision to issue the subpoena had the force of law, despite the Attorney General’s objection. The Court noted that although the Attorney General has general authority to oversee criminal prosecutions, including by issuing a subpoena, the fact that the special prosecutor had acted pursuant to a binding DOJ regulation deprived the Attorney General of his otherwise plenary power over subpoenas.

The Supreme Court observed that “[t]he regulation gives the Special Prosecutor explicit power” to conduct the investigation and issue subpoenas, and that “[s]o long as this regulation is extant, it has the force of law” (emphasis added). The Court concluded:

“It is theoretically possible for the Attorney General to amend or revoke the regulation defining the Special Prosecutor’s authority. But he has not done so. So long as this regulation remains in force, the Executive Branch is bound by it, and indeed the United States, as the sovereign composed of the three branches, is bound to respect and to enforce it.”

In sum, as supported by clear Supreme Court precedent, a DOJ regulation can create a mechanism within the executive branch, so that the members of the administration must comply with its terms, even in the face of contrary instructions from the President or Attorney General. And, as stated earlier, the lasting character of the DOJ regulation creating FIRA could be guaranteed by the US Government in the EU/US agreement and be identified by the European Commission in its subsequent adequacy decision as a condition for maintaining this decision in force.

c) Impartiality

We are not aware of significant U.S. constitutional obstacles to ensuring impartiality in FIRA. DOJ appoints Administrative Law Judges (ALJ), such as for deciding immigration matters, and “[t]he ALJ position functions, and is classified, as a judge under the Administrative Procedure Act.”

U.S. law concerning ALJ’s, including those located in DOJ, states that they are “independent impartial triers of fact in formal proceedings”.(3) In Nixon the Supreme Court reaffirmed the lawfulness of an independent adjudicatory function located within the DOJ.(4) A DOJ FIRA regulation could similarly offer guarantees in terms of the impartiality and expertise of members.

d) Relationship to the intelligence community

Furthermore, the DOJ appears to be the executive agency best-suited to resolve the “Goldilocks” problem, mentioned above, by combining knowledge and understanding of the intelligence agencies with sufficient distance to judge their conduct independently.

As noted, EU bodies questioned whether the Department of State, a diplomatic agency, was a “suitable department” for the redress role. The DOJ is more suitable in part because of its experience with the Watergate independent counsel and, for instance, with Immigration Judges as independent triers of fact.

At the same time, a FIRA located within the DOJ would be well-placed to have knowledge about the intelligence community. The DOJ provides extensive oversight of intelligence activities through its National Security Division, including by issuing regular reports concerning classified activities of the Foreign Intelligence Surveillance Court. Other DOJ components, such as the Office of Privacy and Civil Liberties, also have access to classified information including Top Secret information about intelligence agency activities. In addition, an Executive Order could empower the DOJ to enlist other agencies, such as the Office of the Director of National Intelligence, to gain information from the intelligence community.

II. Creating Effective Powers for the Independent Redress Authority

A DOJ regulation creating an independent redress authority within that executive department must be accompanied by additional government-wide steps for effectively investigating redress requests and for issuing decisions that are binding on the entire intelligence community. The DOJ-issued regulation would define the interaction of FIRA with other parts of that Department. For the overall mechanism to be effective in other parts of the U.S. government, however, the key legal instrument would be a separate Executive Order issued by the President. In issuing an EO, the President would act within the scope of his overall executive power to define legal limits, such as by requiring intelligence agencies to be bound by FIRA decisions.

1. Identifying the problems of effectiveness concerning the previous Privacy Shield mechanism

To meet the EU requirement of effective remedial powers, the new redress system would need to have two types of effective powers that the Privacy Shield Ombudsperson lacked.

a) Investigative Powers

The WP29 wrote in 2016:

“concerns remain regarding the powers of the Ombudsperson to exercise effective and continuous control. Based on the available information (…), the WP29 cannot come to the conclusion that the Ombudsperson will at all times have direct access to all information, files and IT systems required to make his own assessment” (p. 51).

In 2019, the European Data Protection Board (EDPB) likewise stated:

“[T]he EDPB is not in a position to conclude that the Ombudsperson is vested with sufficient powers to access information and to remedy non-compliance, (…)” (§103).

b) Decisional Powers

In Schrems II, the CJEU stated:

“Similarly, (…) although recital 120 of the Privacy Shield Decision refers to a commitment from the US Government that the relevant component of the intelligence services is required to correct any violation of the applicable rules detected by the Privacy Shield Ombudsperson, there is nothing in that decision to indicate that that ombudsperson has the power to adopt decisions that are binding on those intelligence services and does not mention any legal safeguards that would accompany that political commitment on which data subjects could rely” (§196).

The EDPB similarly concluded in 2019:

“Based on the available information, the EDPB still doubts that the powers to remedy non-compliance vis-à-vis the intelligence authorities are sufficient, as the ‘power’ of the Ombudsperson seems to be limited to decide not to confirm compliance towards the petitioner. In the understanding of the EDPB, the (acting) Ombudsperson is not vested with powers, which courts or other similarly independent bodies would usually be granted to fulfil their role” (§102).

2. How a Presidential Executive Order Could Confer These Powers upon FIRA

These passages describe key EU legal requirements for a new redress system. President Biden could satisfy them by issuance of an Executive Order (EO). The American Bar Association has published a useful overview explaining that an EO is a “signed, written, and published directive from the President of the United States that manages operations of the federal government.” EOs “have the force of law, much like regulations issued by federal agencies.” Once in place, only “a sitting U.S. President may overturn an existing executive order by issuing another executive order to that effect.”

As a general matter, the President has broad authority under Article II of the Constitution to direct the executive branch. In addition, the Constitution names the President as Commander-in-Chief of the armed forces, conferring additional responsibilities and powers with respect to national security. The President’s powers in some instances may be limited by a properly enacted statute, but we are not aware of any such limits relevant to redress.

Not only does the President enjoy broad executive powers, but he or she also may decide to limit how he or she exercises such powers through an EO which, under the law, would govern until and unless withdrawn or revised. Thus, the President would appear to have considerable discretion to instruct the intelligence community, by means of an EO, to cooperate in investigations and to comply with binding rulings concerning redress.

As with the DOJ regulation, the U.S. Government could commit in the EU/US adequacy arrangement to maintain this EO in force. But how could the EU and the general public have confidence that the EO is actually being followed by intelligence agencies? First, FIRA will be able to assess whether this is the case, backed by an eventual provision in the Presidential EO fixing penalties for lack of compliance with its orders (similarly as legislation in European countries fixes penalties for failure to comply with the orders of equivalent redress bodies – for an example see art. L 833-3 of the French surveillance law). Furthermore, U.S. intelligence agencies are already subject to parliamentary oversight, including on classified matters, by the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence. Oversight might also be performed by other governmental actors that have access to classified materials, such as an agency official called the Inspector General or the Civil Liberties and Privacy Office, or by the independent Privacy and Civil Liberties Oversight Board (whose new Director, Sharon Bradford Franklin, recently confirmed by the Senate, is known for her commitment to strong surveillance safeguards and oversight). Oversight may be performed at the Top Secret or other classification level, with unclassified summaries released to the public.

III. Creating Judicial Review of the Decisions of the Independent Redress Authority

Finally, we turn to whether and how decisions of FIRA may be reviewed judicially. We first explain why judicial review in these circumstances may not be required under EU law. Nonetheless, to minimize the risk of invalidation by the CJEU, we set forth possible paths for creating U.S. judicial review.

1. Reasons that judicial redress is not necessarily required

There are at least four reasons to believe that EU law does not necessarily require judicial redress if FIRA is independent and capable of exercising the quasi-judicial functions described above by adopting decisions binding on intelligence agencies.

First, as explained in our earlier article, Article 13 of the European Convention on Human Rights (ECHR) may be the appropriate legal standard for the European Commission to use in deciding upon the “essential equivalence” of third countries for international data transfer purposes. Article 13 only requires an independent “national authority,” thus a non-judicial body could suffice.

Second, the Advocate General in Schrems II seemed to give the impression that judicial review should only be required in a case where the redress body itself is not independent:

“in accordance with the case-law, respect for the right guaranteed by Article 47 of the Charter thus assumes that a decision of an administrative authority that does not itself satisfy the condition of independence must be subject to subsequent control by a judicial body with jurisdiction to consider all the relevant issues. However, according to the indications provided in the ‘privacy shield’ decision, the decisions of the Ombudsperson are not the subject of independent judicial review.” (§340, emphasis added)

Since FIRA, unlike the Ombudsperson, will not only enjoy independence but also will exercise quasi-judicial functions by adopting decisions binding on intelligence agencies, separate judicial redress may not be required.

Third, this is exactly what seems to be happening in practice in EU Member States themselves. FRA noted in its 2017 comparative study on surveillance that, in most European countries, redress bodies are non-judicial bodies. It also observed that such non-judicial remedies appear better than judicial ones, because their procedural rules are less strict, proceedings are faster and cheaper, and non-judicial avenues generally offer greater expertise than judicial mechanisms. Furthermore, FRA found that “across the EU only in a few cases can decisions of non-judicial bodies be reviewed by a judge” (ibid., p.114 – and table pp.115-116). Requiring the U.S. to provide judicial redress would thus be more than what exists in many Member States.(5)

Fourth, these observations are even more relevant when one focuses on international surveillance. In France, for instance, an individual may file complaints with the Supreme Administrative Court (Conseil d’Etat) on the basis of the domestic surveillance law of July 2015. There is no possibility to do so under the international surveillance law of November 2015, however, since that law gives only the CNCTR, an administrative authority, the power to initiate (under some conditions) proceedings in the Conseil d’Etat – but does not confer this right directly upon an individual.(6)

Of course, actual practice under Member States law does not necessarily mean that a third country’s similar practices meet the “essential equivalence” standard of EU fundamental rights law, since the relevant comparator seems to be European Law standards – not Member States’ practices which do not always necessarily meet these standards.(7) Nonetheless, demanding from the U.S. a much more elaborate process than what already exists for international surveillance in most EU Member States might be complicated, particularly if there is an effective independent administrative regime in the U.S. exercising quasi-judicial functions.

2. Ultimate judicial redress will however help ensure meeting CJEU requirements

Despite these indications that European law may not require judicial redress, we acknowledge that the position of the CJEU on this point remains ambiguous.

As indicated in our first article, the CJEU in Schrems II expressly used the term “body,” giving the impression that an independent national administrative authority (in conformity with the requirements of Art. 13 ECHR) could be enough to fulfill the adjudicatory function. As we explained, this is how the EDPB seems to have read Schrems II in its 2020 European Essential Guarantees Recommendations. Long-time EU data protection official Christopher Docksey concurs as well.

However, it is also true that the Schrems II judgment contains multiple references to judicial redress. It refers to “ the premiss [sic] that data subjects must have the possibility of bringing legal action before an independent and impartial court ” (§194); “the right to judicial protection” (ibid.); “data subject rights actionable in the courts against the US authorities” (§192); “the judicial protection of persons whose personal data is transferred to that third country” (§190); and “the existence of such a lacuna in judicial protection in respect of interferences with intelligence programmes” (§191). It is not clear whether these statements should also apply (following the Advocate General’s logic) to an independent redress body such as FIRA capable of exercising quasi-judicial functions, in contrast to the Ombudsperson examined by the CJEU. Nevertheless, the CJEU judgment might be read as requiring at least some form of ultimate judicial control of a redress authority’s decisions. This also appears to be the interpretation of a senior Commission official.

In light of these statements, it would be prudent for the U.S. to provide for some form of ultimate judicial review of FIRA decisions, to increase the likelihood of passing the CJEU test in an eventual Schrems III case.

3. A path to ultimate judicial review of FIRA decisions

As we explained in our first article, the U.S. constitutional doctrine of standing poses a major hurdle in creating a pathway to judicial redress. In the 2021 TransUnion case, the Supreme Court held that plaintiffs incorrectly identified by a credit reporting agency as being on a government terrorism watch list had not shown the required “injury in fact”. This lack of injury in fact, and thus lack of standing, existed even though the underlying statute appeared to confer the right to sue. While one might find this U.S. constitutional jurisprudence unduly restrictive, any new Privacy Shield agreement must take it into account.

There might be, however, another way to provide an individual with judicial redress. An unsatisfied individual could appeal to a federal court an administrative disposition of a redress petition on the grounds that FIRA has failed to follow the law. In such a case an individual would not be challenging the surveillance actions of intelligence agencies (for which injury in fact may be impossible to satisfy) as such; instead, the suit would allege the failure of an independent administrative body (FIRA) to take the actions required by law.

As Propp and Swire have written previously, one useful precedent is the U.S. Freedom of Information Act (FOIA), under which any individual can request an agency to produce documents, without first having to demonstrate that he or she has suffered particular “injury in fact”. The agency is then required to conduct an effective investigation and to explain any decision not to supply the documents. After the agency responds, the individual may appeal the decision to federal court. The judge then examines the quality of the agency’s investigation to ensure compliance with law, and the judge can order changes in the event of mistakes by the agency.

Analogously, a European individual, unsatisfied by FIRA’s investigation and decision, could bring a challenge in court. Taking into consideration that FOIA concerns a distinct question, the appeal against FIRA’s decisions would be based upon the umbrella U.S. Administrative Procedure Act (APA). The APA provides generally for judicial review of an agency action that is “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.” Since both a regulation and an Executive Order have the force of law, an APA-based appeal could examine whether the FIRA decision and its implementation was “in accordance with law.” Since the APA applies generally, it could operate in these circumstances without need for an additional federal statute. In addition, U.S. federal courts deciding APA-based appeals already have methods for handling classified national security information. For instance, they access classified information under the Classified Information Procedures Act (CIPA).

Including judicial review under the APA would be a good faith effort by the U.S. government to respond to ultimate EU law concerns. However, since the FIRA approach has not been judicially tested, some legal uncertainty concerning standing to bring the APA suit in federal court would remain. FOIA practice provides a good legal basis for meeting the standing requirement through challenging agency action itself, but TransUnion highlighted the level of privacy injuries which must be shown to enable a decision in federal court.

Conclusion

In these two articles, we have sought to examine rigorously and fully the requirements of EU law with respect to redress. We also have examined U.S. constitutional law, explaining both the difficulties surrounding some solutions (for instance the problem of standing for judicial redress) and the opportunities created by some precedents (such as the protection offered to independent investigative bodies by decisions of the U.S. Supreme Court).

We are not aware of any other published proposal that wrestles in such detail with the complexity of EU and U.S. law requirements for foreign intelligence redress. We hope that our contribution helps fill this gap and presents a promising path permitting resolution of the “redress challenge” in the EU/US adequacy negotiations.

Much will depend on the details of construction and implementation for this protective mechanism. What our articles contribute is the identification of three fundamental building blocks on which a solid and long-lasting transatlantic adequacy agreement could stand. We have shown that there is a promising way to create, by non-statutory means, an independent redress authority and to provide the necessary investigative and decisional powers to respond to redress requests by European persons. We also suggest a way to successfully address the problem of standing and thereby to provide for an ultimate possibility of judicial control. Using these building blocks to create an effective redress mechanism could enable the U.S. and the EU not only to establish a solid transatlantic adequacy regime capable of resisting CJEU scrutiny but also to advance human rights more broadly.

Notes

(1) In 2020, as discussed here, the Supreme Court addressed the President’s removal power in the Siela Law LLC case, finding unconstitutional Congress’ establishment of independence for an agency head. At the same time, the Court reaffirmed that protections against removal can exist for “inferior officers” (roughly, officials appointed through a civil service process rather than by the President) and for multi-member bodies. Either or both of these categories may apply to FIRA members. In 2021, the Supreme Court, in U.S. v. Arthrex, struck down a system of independent Administrative Patent Judges. The approach in our article would be different since the President here issues an executive order, and thus the President serves as the “politically accountable officer” required by the Supreme Court in Arthrex.

(2) More specifically, there have been proposals for providing redress for surveillance conducted pursuant to Section 702 FISA, such as here and here. However, an additional “thorny issue is whether international surveillance, conducted by US intelligence agencies outside the territory of the US on the basis of Executive Order 12333 (EO 12333) should be (or not) part of the adequacy assessment.” Although arguments exist under EU law that redress for EO 12333 surveillance might be excluded from the assessment, this article proceeds on the understanding that the current negotiations will only succeed if EO 12333 surveillance is covered as well. We are not aware of any published proposal that would do so, and seek in this article to present such an approach. For example, the proposal here would apply to requests for redress concerning surveillance conducted under EO 12333, such as programs recently declassified by the U.S. government.

(3) It appears that terms such as “adjudication” and “court” may be understood somewhat differently in the U.S. compared with the EU, creating a risk of confusion in proposals concerning redress. Under U.S. law, many federal agencies, including the Federal Trade Commission and Department of Justice, routinely conduct what is called “adjudication.” Many federal agencies have Administrative Law Judges, defined by the U.S. government as “independent impartial triers of fact in formal proceedings.” By contrast, in Europe, “courts” and “judges” generally exist outside of the Executive. Therefore, our discussion of FIRA avoids words such as “adjudication” that may be understood differently in different legal systems.

(4) In the 1954 case, Accardi v. Shaughnessy, the Attorney General by regulation had delegated certain of his discretionary powers to the Board of Immigration Appeals. The regulation required the Board to exercise its own discretion on appeals for deportation cases. As noted in U.S. v. Nixon, the Supreme Court in Accardi had held that, “so long as the Attorney General’s regulations remained operative, he denied himself the authority to exercise the discretion delegated to the Board even though the original authority was his and he could reassert it by amending the regulations.”

(5) For a recent description of the German system, see here by Daniel Felz.

(6) This finding was confirmed in a June 2018 decision by the Conseil d’Etat following a request introduced in this court by the Member of the European Parliament Sophie In ’t Veld (analysis here). The Court also rejected the possibility for the claimant to challenge indirectly an alleged misuse of power resulting from the failure of the chairman of the CNCTR to refer the matter to the Council of State. However, as stated by the CNCTR (here, at 46) this is one of the points appearing in the (no less than) 14 challenges currently pending at the ECHR against the French surveillance laws.

(7) See for instance this study by I. Brown and D. Korff arguing that “the EU institutions should stand up for the rule of law and demand the member states and third countries bring their practices in line with those standards” (at 111).

(EUROPEAN LAW BLOG) EU/US Adequacy Negotiations and the Redress Challenge: Whether a New U.S. Statute is Necessary to Produce an “Essentially Equivalent” Solution (1)

31 JANUARY 2022/ BY THEODORE CHRISTAKIS, KENNETH PROPP AND PETER SWIRE

Must the U.S. Congress change statutory law to solve the major issue of “redress” in the EU-US adequacy negotiations? This is a crucial question, especially since a series of political, pragmatic and even legal/constitutional difficulties mean that the U.S. might not be able to come up with a short-term statutory solution for redress. In this article we analyse this question for the first time in detail, and argue that, provided the U.S. is able to address the deficiencies highlighted by the Court of Justice of the European Union (CJEU) in its Schrems II judgment (independence of the redress body; ability to substantively review the requests; and authority to issue decisions that are binding on the intelligence agencies), then relying on a non-statutory solution could be compatible with the “essential equivalence” requirements of Article 45 of the EU’s General Data Protection Regulation (GDPR). In a second, forthcoming article, we set forth specific elements of a novel non-statutory solution and assess whether it would meet the substantive European legal requirements for redress.

The CJEU issued its Schrems II judgment in July, 2020, invalidating the EU/U.S. Privacy Shield and creating uncertainty about the use of Standard Contractual Clauses (SCCs) for transfers of personal data to all third countries (see analysis here, here, here, here and here). In light of the legal uncertainty and the increasing tensions concerning transatlantic data transfers resulting from the intensification of enforcement actions by European data protection authorities (DPAs) since Schrems II (such as this and this), there is both strong reason to reach a new EU/U.S. agreement and also a stated willingness of both sides to do so. The European Commission, understandably, has emphasized though that there is no “quick fix” and that any new agreement must meet the full requirements of EU law.

This article focuses on one of the two deficiencies highlighted by the CJEU: the need for the U.S. legal system to provide a redress avenue accessible to all EU data subjects. We do not address here the other deficiency– whether U.S. surveillance statues and procedures sufficiently incorporate principles of ‘necessity and proportionality’ also required under EU law.

We concentrate our inquiry, from both a U.S. and a European law perspective, on whether the U.S. Congress would necessarily have to enact a new statute in order to create an adequate redress mechanism. Part I of this article explains the pragmatic and political reasons why it would be difficult to adopt a new U.S. statute, and especially to do so quickly. Part II examines the U.S. constitutional requirements for “standing”, and explains the legal difficulties and uncertainty concerning proposals, such as the one advanced by the American Civil Liberties Union (ACLU), to provide redress through an individual action in U.S. federal courts. Part III then addresses European law concerning whether a statute is necessary, concluding that the substance of the protections of fundamental rights and respect of the essence of the right to an effective remedy are the key considerations, rather than the form by which an independent and effective redress mechanism would be created.

This article will be followed by a second article exploring whether a non-statutory solution for redress is capable of satisfying the strict substantive standards required by EU law.

I. Political Difficulties of an Immediate Statutory Approach to Redress

There are important advantages to enacting a new U.S. statute to provide redress:

There is greater democratic legitimacy if the legislature passes a statute.
A law can set limits on Executive discretion that only may be changed by a subsequent statute.
A law can fix in a stable, permanent and objective way the rules and procedures for the appointment of the members of the redress body, the duration of their mandate, and guarantees concerning their independence.

However, there are strong pragmatic and political reasons why it would be difficult to enact a new statute in the short term to create a new redress mechanism.

First, it is no secret that the U.S. Congress currently finds it difficult to pass legislation generally, with partisan battles and procedural obstacles slowing passage of even essential legislation. As Politico recently reported, “it is increasingly unlikely that Congress will pass any digital-focused bills before lawmakers shut down ahead of November’s midterms”.
Second, legislative reform of U.S. surveillance laws is a particularly complex and contentious issue. The national security community in the U.S. has little appetite for sweeping reforms, and even a strong push from the White House may not be sufficient to move such legislation through Congress. In Europe as well, substantial reform of surveillance laws requires a lot of time to seek the necessary political consensus (see for instance this).[i]
Third, the international dimensions of a redress reform make legislation even more difficult. If a new redress mechanism benefits only EU data subjects, then it is hard to explain to Congress why they should get greater rights than Americans. On the other hand, if redress rights were also to be conferred on U.S. data subjects, then a novel and complex set of institutional changes to the overall U.S. surveillance system would be needed.
Fourth, it would be difficult for U.S. legislators to vote for a statute without knowing in advance whether the CJEU will accept it as good enough.
Fifth, Congress historically has been reluctant to regulate in great detail how the President conducts foreign policy and protects national security. For instance, Congress has adopted detailed statutes (such as the Foreign Intelligence Surveillance Act, FISA)) concerning “compelled access”, e.g. how intelligence agencies can request data from service providers. By contrast, it has rarely enacted any statute that applies to “direct” surveillance conducted outside of the U.S. under the standards of Executive Order (EO) 12,333. Furthermore, specific actions under that Executive Order have never, so far as we know, been subject to review by federal judges.

For these reasons, we believe at a pragmatic level that it would be extremely difficult for Congress to promptly pass legislation to provide redress to EU persons. By contrast, if an adequate fix to the redress problem can be created at least in large part without new legislation, then it would be considerably easier for Congress subsequently to enact a targeted statute ratifying the new mechanism, perhaps adding other provisions to perfect an initial non-statutory approach. That sort of legislation is far easier to enact than writing a law in Congress from a blank page.

II. Constitutional Difficulties for a U.S. Statutory Approach to Redress: The Problem of Standing

These political and pragmatic reasons alone would justify U.S. government and European Commission negotiators seeking to address the redress deficiencies highlighted in Schrems II through a non-statutory solution. But, in addition, there is a constitutional dimension. The U.S. Constitution establishes a “standing” requirement as a prerequisite to a case being heard before judges in the federal court system. Any new U.S. redress mechanism must be consistent with the U.S. Constitution, just as it must meet EU fundamental rights requirements.

U.S. standing doctrine derives from Article III of the U.S. Constitution, which governs the federal court system. The federal judicial power extends only to “cases” and “controversies” – meaning that there has to be an “injury in fact” in order to have a case heard. A related doctrine is the ban on issuance of “advisory opinions” by federal judges, a position of the Supreme Court dating back to the first President, George Washington, and defined most clearly in Muskrat v. United States. In sum, a statute that creates a cause of action in the federal courts is unconstitutional unless it meets the requirements of standing and injury in fact, and does not violate the prohibition on advisory opinions.

The ACLU in 2020 called for a “standing fix” to enable suit in federal court “where a person takes objectively reasonable protective measures in response to a good-faith belief that she is subject to surveillance.” However, since the right to redress under European law also exists for individuals who did not take protective measures, the proposal seems too narrow to meet the CJEU requirements.

A second difficulty with the ACLU approach is that the Supreme Court made standing related to privacy injuries even more difficult to establish in its TransUnion LLC v. Ramirez decision in June, 2021. As discussed here, the majority in that case made it significantly more difficult for privacy plaintiffs henceforth to sue in federal court. The Court restated its 2016 Spokeo case that a plaintiff does not automatically satisfy “the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right.” More bluntly, the Court stated: “An injury in law is not an injury in fact”. [ii] The majority in TransUnion found “concrete harm” for some plaintiffs but not others. Even individuals whose credit histories were badly mistaken – stating they were on a government list as “potential terrorists” – did not enjoy a right of action created by statute. In sum, there would be substantial legal uncertainty surrounding a U.S. statute conferring upon EU data subjects the right to go straight to U.S. courts to get redress (for a similar conclusion see here).

The standing objection applies only to direct access to federal courts, and not to an independent non-judicial redress authority. However, Congress might be reluctant to intervene ex nihilo in a field such as “direct” foreign surveillance conducted under EO 12,333, which traditionally belongs to the Executive power under the U.S. Constitution. Congress might be more willing to act and endorse by statute an effective redress mechanism if, as a first step, the Executive branch itself had first created such an independent non-judicial redress authority within the Executive branch. In any case, such a statute does not appear to be a necessary precondition under U.S. law for creating a redress system

III. Is a Non-Statutory Approach to Redress Compatible with European Law?

Since the U.S. government might not be able to produce a short-term statutory solution for redress, the question then arises as to whether a non-statutory approach would be acceptable under EU law. In order for the European Commission to be able to issue an adequacy decision under Article 45 of the GDPR, the U.S. must ensure an “adequate” level of protection.

If the U.S. is able to address by non-statutory means the deficiencies highlighted by the CJEU in Schrems II (mentioned above), then such a solution could be compatible with the “essential equivalence” requirements of Article 45 of the GDPR. We defer for now the question of whether a non-statutory path would indeed be able to address these substantive issues, instead focusing only on whether a non-statutory approach in principle is compatible with European law.

A. The Starting Point: The Right to Effective Remedy Under European Human Rights Law

What we call “redress” in the context of transatlantic adequacy negotiations corresponds to the “right to effective remedy” under European law. Article 47(1) of the Charter of Fundamental Rights of the European Union (“Charter”) states that:

“Everyone whose rights and freedoms guaranteed by the law of the Union are violated has the right to an effective remedy before a tribunal in compliance with the conditions laid down in this Article.”

The official explanations of Article 47 make clear that this article is “based on Article 13 of the European Convention of Human Rights” (ECHR), according to which:

“Everyone whose rights and freedoms as set forth in this Convention are violated shall have an effective remedy before a national authority notwithstanding that the violation has been committed by persons acting in an official capacity.”

A comparison of the two articles reveals that in EU law the protection is more extensive than in ECHR law, since the former guarantees the right to an effective remedy before a “tribunal” while the latter only refers to a “national authority”. The term “tribunal” seems to refer to a judicial body, as the official explanation suggests. This is confirmed by reference to non-English language versions of Article 47(1), which translate the word “tribunal” as “court” (e.g.“Gericht” in German and “Gerecht” in Dutch). It is also evident that neither Article 47(1) of the Charter nor Article 13 of the ECHR require that a redress body be created by statute.

However, Article 47 (2) of the Charter adds additional, complicating requirements.:

“Everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal previously established by law. Everyone shall have the possibility of being advised, defended and represented”.

As the official explanations point out, this second paragraph “corresponds to Article 6(1) of the ECHR”, which reads as follows:

“In the determination of his civil rights and obligations or of any criminal charge against him, everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal established by law. Judgment shall be pronounced publicly but the press and public may be excluded from all or part of the trial in the interests of morals, public order or national security in a democratic society, where the interests of juveniles or the protection of the private life of the parties so require, or to the extent strictly necessary in the opinion of the court in special circumstances where publicity would prejudice the interests of justice”.

Both Article 47(2) of the Charter and Article 6(1) of the ECHR thus require “an independent and impartial tribunal established by law”. Yet, what is the exact relationship between the provisions on “effective remedy” (Article 47(1) of the Charter and Article 13 of the ECHR), and those on “a fair and public hearing by independent and impartial tribunals established by law” (Article 47(2) of the Charter and Article 6(1) of the ECHR)?

A restrictive analysis would regard the two sets of articles as entirely interlinked, in which case redress bodies would always have to be “established by law”.

A second more flexible and plausible interpretation would maintain that this latter set of requirements constitutes lex specialis in relation to the former; in other words, the “right to effective remedy” (“redress”) is broader than the “right to a fair trial”. This interpretation finds support in the ECHR, which textually separates the two sets of rights and requirements (Articles 13 and 6(1)). It is also confirmed by the official guide to Article 13 which states that “Article 6 § 1 of the Convention is lex specialis in relation to Article 13” (here, at 41), and by the fact that Article 6(1) is limited in scope to civil rights and criminal charges. It therefore would be difficult to merge the obligation of states to put in place an “effective remedy” with the “established by law” requirement, as this latter requirement only concerns the right to a fair trial before a “tribunal” under Article 6(1) – and not the broader right of redress before a “national authority” under Article 13. It seems then that, at least under the ECHR, a redress body need not always be a judicial body nor be “established by law”, provided that it satisfies the substantive requirements of the “right to effective remedy”. As we will see, the standards of the ECHR have always been particularly relevant for the European Data Protection Board (EDPB) in assessing the “essential equivalence” of “redress” mechanisms under Article 45 of the GDPR.

B. Flexibility Introduced by the “Essentially Equivalent” Standard of EU Data Protection Law

A flexible interpretation of the “effective remedy” requirement is also supported by the “essential equivalence” standard of the GDPR for third countries.

In Schrems I, the Court clearly acknowledged that “the means to which [a] third country has recourse, [… ] for the purpose of ensuring such a level of protection may differ from those employed within the European Union, [… ] those means must nevertheless prove, in practice, effective in order to ensure protection essentially equivalent to that guaranteed within the European Union” (§74 of the October 6, 2015 judgment, emphasis added).

The CJEU Advocate General emphasised in his 2019 Schrems II Opinion that the “essentially equivalent” standard “does not mean that the level of protection must be ‘identical’ to that required in the Union”. He explained that:

“It also follows from that judgment, in my view, that the law of the third State of destination may reflect its own scale of values according to which the respective weight of the various interests involved may diverge from that attributed to them in the EU legal order. Moreover, the protection of personal data that prevails within the European Union meets a particularly high standard by comparison with the level of protection in force in the rest of the world. The ‘essential equivalence’ test should therefore in my view be applied in such a way as to preserve a certain flexibility in order to take the various legal and cultural traditions into account” (§§ 248-249, emphasis added).

The EDPB previously had endorsed this flexible interpretation of the elements for adequacy. In its 2016 Opinion on Privacy Shield, for instance, the EDPB’s predecessor (WP29) emphasised that:

“the WP29 does not expect the Privacy Shield to be a mere and exhaustive copy of the EU legal framework […]. The Court has underlined that the term ‘adequate level of protection’, although not requiring the third country to ensure a level of protection identical to that guaranteed in the EU legal order, must be understood as requiring the third country in fact to ensure, by reason of its domestic law or its international commitments, a level of protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed within the European Union [… ]” (p. 3).

It is precisely this flexible approach that allowed EU authorities to set aside the requirement that a redress body should be a “tribunal” – despite clear terms to the contrary in Article 47(1) of the Charter. As the EDPB noted in its Recommendations 02/2020 on the European Essential Guarantees for surveillance measures of November 10, 2020 (§47): “an effective judicial protection against such interferences can be ensured not only by a court, but also by a body which offers guarantees essentially equivalent to those required by Article 47 of the Charter” (emphasis added). The EDPB noted that the CJEU itself “expressly” used the word “body” in §197 of Schrems II. Indeed, in all its extant positions on U.S. redress mechanisms, the EDPB has recognised that the applicable standards equate with those in Article 13 of the ECHR, which “only obliges Members States to ensure that everyone whose rights and freedoms are violated shall have an effective remedy before a national authority, which does not necessarily need to be a judicial authority” (ibid, §46, emphasis added).

Therefore, provided that the U.S. redress mechanism meets the substantive requirements of Article 13 ECHR as cited in Schrems II and the EDPB opinions, a judicial body will not be necessarily required, and an “established by law” standard need not be applied in order to meet the “essential equivalence” test. As the astute European legal observer Chris Docksey concluded:

“This could be an opportunity for the CJEU to give meaning to the difference between essential equivalence and absolute equivalence mentioned above when deciding on the standard of individual redress to be applied in the specific case of international transfers. If the content of the right under Article 47 is ensured, then the form should not be an obstacle” (emphasis added).

C. Interpreting “Law” in a Substantive, Not Formal, Sense

European human rights law seems, in fact, to prioritise substance over form even in situations that go beyond an “essential equivalence” assessment. This can be shown by examining interpretations of the “in accordance with the law” requirement found in the ECHR, the Charter and several fundamental EU data protection sources of law, including the GDPR.

ECHR articles concerning human rights, including Article 8 (right to privacy), stipulate that some restrictions to these rights may be acceptable provided they are “in accordance with the law” and “necessary in a democratic society” in order to protect certain legitimate interests (such as national security, public safety, or the prevention of disorder or crime). Similarly, Article 52 of the Charter requires that: “Any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law (…)”.

Both the Convention and the Charter, however, interpret the term “law” in a flexible way. The ECtHR, for instance, has emphasised on multiple occasions that:

“[A]s regards the words “in accordance with the law” and “prescribed by law” which appear in Articles 8 to 11 of the Convention, the Court observes that it has always understood the term “law” in its “substantive” sense, not its “formal” one; it has included both “written law”, encompassing enactments of lower ranking statutes and regulatory measures (…), and unwritten law” (Sanoma Uitgevers B.V. v. the Netherlands, 2010, § 83, emphasis added). See also Sunday Times (No. 1) v. the United Kingdom, 1979, §47).

Similarly, in EU data protection law, both the Law Enforcement Data Protection Directive (LED) and the GDPR also understand the term “law” in its substantive sense. According to Recital 33 of the LED, for instance:

“Where this Directive refers to Member State law, a legal basis or a legislative measure, this does not necessarily require a legislative act adopted by a parliament, without prejudice to requirements pursuant to the constitutional order of the Member State concerned (…)” (emphasis added).

Further, Recital 41 of the GDPR provides:

“Where this Regulation refers to a legal basis or a legislative measure, this does not necessarily require a legislative act adopted by a parliament, without prejudice to requirements pursuant to the constitutional order of the Member State concerned. However, such a legal basis or legislative measure should be clear and precise and its application should be foreseeable to persons subject to it, in accordance with the case-law of the [CJEU] and the European Court of Human Rights” (emphasis added).

This flexible interpretation of the term “law” in the data protection context for assessing the incursion of state interests on fundamental rights is formally separate from the requirement in Article 47(2) of the Charter that a tribunal be “previously established by law”. However, this analytic flexibility is consistent with how EU bodies have interpreted the “essentially equivalent” standard, including in the context of the Privacy Shield. It therefore supports the conclusion that a U.S. decision to put in place an independent and effective redress mechanism for surveillance would satisfy the requirements of European law even if it does not involve the adoption of a statute. This conclusion is also supported by the European DPAs previous positions concerning the Privacy Shield Ombudsperson.

D. The CJEU and EU DPAs Did Not Object to Non-Statutory Redress

The fact that the Privacy Shield Ombudsperson was not created by statute did not seem to be a primary concern for either the CJEU or the EDPB in assessing whether this mechanism offers “essentially equivalent” protection to European law.

In Schrems II the Court did not identify as a deficiency that the Ombudsperson mechanism was not created by statute. Rather, the problems detected were that there was “nothing in [the Privacy Shield Decision] to indicate that the dismissal or revocation of the appointment of the Ombudsperson is accompanied by any particular guarantees” and, also, that there was “nothing in that decision to indicate that the ombudsperson has the power to adopt decisions that are binding on those intelligence services (…)” (§§ 195-196). Thus, provided there is a way to fix these deficiencies by non-statutory means, the new redress solution could pass the “essential equivalence” test.

The EDPB also seems to support this argument. In its 2016 Opinion on Privacy Shield, the WP29 began by stating that:

“in addition to the question whether the Ombudsperson can be considered a ‘tribunal’, the application of Article 47 (2) Charter implies an additional challenge, since it provides that the tribunal has to be ‘established by law’. It is doubtful however whether a Memorandum which sets forth the workings of a new mechanism can be considered ‘law’” (p. 47).

The WP29 therefore seemed to link Articles 47(1) and 47(2). However, it did not appear to consider the legal form by which the Ombudsperson was created as an insuperable obstacle. It stated:

“As a consequence – with the principle of essential equivalency in mind – rather than assessing whether an Ombudsperson can formally be considered a tribunal established by law, the Working Party decided to elaborate further the nuances of the case law as regards the specific requirements necessary to consider ‘legal remedies’ and ‘legal redress’ compliant with the fundamental rights of Articles 7, 8 and 47 Charter and Article 8 (and 13) ECHR” (ibid., emphasis added).

The WP29 then went on to analyse the requirements of European law concerning the “right to effective remedy”, focusing primarily on the case law of the ECtHR, and concluded that the Ombudsperson did not meet these requirements, essentially for the same reasons mentioned by the CJEU in the Schrems II Judgment.

In their subsequent assessments of Privacy Shield, the WP29 and the EDPB arrived at the same conclusion. They did not consider that the means by which the Ombudsperson was created represented an obstacle to passing the “essentially equivalent” test. On the contrary, the EDPB “welcomed the establishment of an Ombudsperson mechanism as a new redress mechanism” (see for instance here, §99) and repeated that “having analysed the jurisprudence of the ECtHR in particular”, it “favored an approach which took into account the powers of the Ombudsperson” (see here, p.19).

Similarly, the European Data Protection Supervisor (EDPS) did not oppose the creation of the Ombudsperson on the grounds that it was done in a non-statutory way. On the contrary he argued that “in order to improve the redress mechanism proposed in the national security area, the role of the Ombudsperson should also be further developed, so that she is able to act independently not only from the intelligence community but also from any other authority” (here, at 8, emphasis added).

Conclusion

In sum, European law is flexible in interpreting whether the United States must adopt a new statute to meet redress requirements, especially when the question is viewed through the “essential equivalence” prism of data protection. Substance prevails over form. It remains true that a statutory approach would in abstracto be the easiest way for the United States to establish a permanent and independent redress body for effectively reviewing complaints and adopting decisions that bind intelligence services. However, when one takes into consideration the political, practical and constitutional difficulties confronting negotiators, it makes sense to achieve the same results in a different way.

In a second article, to be published shortly, we will detail specific elements of a non-statutory solution and assess whether it would meet the substantive European requirements on redress.

[i] As this report shows even in a country like Germany, particularly sensitive to intelligence law questions, its major Signals Intelligence (SIGINT) reform did not provide any judicial redress options for non-Germans: “There is no legally defined path for foreign individuals, such as journalists abroad, who want to find out if their communications have been collected in SIGINT operations and, if so, to verify whether the collection and processing of their data was lawful. What is more, the legislators opted to explicitly waive notification rights for foreigners regarding the bulk collection of their personal data.” (p. 63)

[ii] The European Court of Human Rights has developed jurisprudence that is more flexible than U.S. standing law in terms of who may bring a suit. European human rights law accepts since Klass and Others v. Germany case (1978) that an individual may, under certain conditions, claim to be the victim of a violation occasioned by the mere existence of legislation permitting secret measures of surveillance, without having to allege that such measures were in fact applied to him or that that he has been subject to a concrete measure of surveillance (the famous theory of “potential victim” of a human rights violation, see here, paras 34-38 and here, p. 15 for an updated analysis). Notwithstanding this greater flexibility in European law, we reiterate that the limits on U.S. standing are a matter of U.S. constitutional law, which cannot be overruled by a statute enacted by Congress.

Worth Reading :”Understanding EU data protection policy “

European Parliament Research Service (EPRS) : Policy Briefing

Summary : The datafication of everyday life and data scandals have made the protection of personal information an increasingly important social, legal and political matter for the EU. In recent years, awareness of data rights and expectations for EU action in this area have both grown considerably. The right to privacy and the right to protection of personal data are both enshrined in the Charter of Fundamental Rights of the EU and in the EU Treaties. The entry into force of the Lisbon Treaty in 2009 gave the Charter the same legal value as the Treaties and abolished the pillar structure, providing a stronger basis for a more effective and comprehensive EU data protection regime.

In 2012, the European Commission launched an ambitious reform to modernise the EU data protection framework. In 2016, the co-legislators adopted the EU’s most prominent data protection legislation – the General Data Protection Regulation (GDPR) – and the Law Enforcement Directive. The framework overhaul also included adopting an updated Regulation on Data Protection in the EU institutions and reforming the e-Privacy Directive, which is currently the subject of negotiation between the co-legislators. The European Parliament has played a key role in these reforms, both as co-legislator and author of own-initiative reports and resolutions seeking to guarantee a high level of data protection for EU citizens. The European Court of Justice plays a crucial role in developing the EU data protection framework through case law. In the coming years, challenges in the area of data protection will include balancing compliance and data needs of emerging technologies, equipping data protection authorities with sufficient resources to fulfil their tasks, mitigating compliance burdens for small and medium-sized enterprises, taming digital surveillance and further clarifying requirements of valid consent. (This is an updated edition of a briefing written by Sofija Voronova in May 2020.)

LINK TO THE FULL TEXT

VERFASSUNGSBLOG : A cautious green light for technology-driven mass surveillance

The Advocate General’s Opinion on the PNR Directive

by Christian Thönnes

Yesterday, on 27 January 2022, Advocate General (AG) Pitruzzella published his Opinion (“OP”) in the Court of Justice of the European Union’s (CJEU) preliminary ruling procedure C-817/19. The questions in this case pertain to Directive (EU) 2016/681 of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (in short: PNR Directive) and its compatibility with EU primary law.

In his Opinion (which, besides the Press Release (“PR”), was only available in French at the time of writing), the AG, while criticizing the PNR Directive’s overbroad data retention period and its lack of clarity and precision in certain points, generally considers the PNR Directive to be “compatible with the fundamental rights to respect for private life and to the protection of personal data” (PR). His arguments are not convincing.

Certainly, much more can and will be written about this case in general and the Opinion in particular. This entry can only shine a light on some of the AG’s major arguments. In so doing, it shall point out why, in my opinion, the CJEU would do well not to follow the AG’s recommendations. Instead, I believe the PNR Directive is incompatible with Articles 7 and 8 of the EU Charter of Fundamental Rights (CFR). Consequently, it ought to be invalidated.

What the AG has to say about the PNR Directive

The PNR Directive obliges EU Member States to require air carriers to transmit a set of data for each passenger to national security authorities, where they are subjected to automated processing against pre-existing databases (Art. 6 § 3 letter a) and “pre-determined criteria” (Art. 6 § 3 letter b), which contain (allegedly) suspicious flight behaviors (such as a mismatch between luggage and length of stay and destination, see the Commission’s Evaluation Report, point 5.1, in order to identify potential perpetrators of serious crimes or acts of terrorism (a more detailed description of the Directive’s workings can be found in paras 9-18 of the AG’s Opinion or here).

The AG points to certain (limited) problems with the Directive’s wording. Firstly, he contends that point 12 of Annex I, enabling “General Remarks” to be included in PNR data sets, fail to “satisfy the conditions of clarity and precision laid down by the Charter” (PR, also para 150 OP). He also considers the Directive’s five-year-retention period for PNR data excessive and proposes that this period be limited to cases where “a connection is established, on the basis of objective criteria, between those data and the fight against terrorism or serious crime” (PR, also para 245 OP). In addition, he provides clarifying criteria for the relevancy of databases under Art. 6 § 3 letter a (para 219 OP), regarding the applicability of the GDPR (para 53 OP) as well as collisions with the Schengen Borders Code (para 283 OP). He also demands that, due to their lack of transparency, (at least some) “machine-learning artificial intelligence systems” (PR), should not be used for pre-determined criteria (para 228 OP).

The most resounding message of his Opinion, however, is that the PNR Directive’s mass retention and processing regime is “relevant, adequate and not excessive in relation to the objectives pursued” (PR) and thus compatible with Articles 7 and 8 CFR. He therefore recommends to let it stand, albeit with some interpretative limitations (para 254 OP).

Incompatibility with Digital Rights Ireland and its successors

The AG’s reasoning in support of the PNR Directive’s proportionality relies on his central finding that “the Court’s case-law on data retention and access in the electronic communications sector is not transposable to the system laid down by the PNR Directive” (PR). He is referring to decisions like Digital Rights Ireland, Tele2 Sverige and Quadrature du Net, in which the CJEU had laid down strict limits on governments’ power to collect and process telecommunications data. Notably, it posited that “the fight against serious crime […] and terrorism […] cannot in itself justify that national legislation providing for the general and indiscriminate retention of all traffic and location data should be considered to be necessary for the purposes of that fight” (Tele2 Sverige, para 103; also Digital Rights Ireland, para 51). Instead, the CJEU required that in order to be considered “limited to what is strictly necessary […] the retention of data must continue nonetheless to meet objective criteria, that establish a connection between the data to be retained and the objective pursued” (Tele2 Sverige, para 110).

Evidently, the PNR Directive would clash with these criteria – were they found to be applicable. The collection and automated processing of PNR data is completely indiscriminate. Given Member States’ universal extension to EU domestic flights, it affects all European flight passengers, regardless of their personal histories and independently of a potential increased domestic threat situation (this is proposed as a possible criterion in Quadrature du Net, para 168). The use of pre-determined criteria is not, like the comparison against existing databases, aimed at recognizing known suspects, but at conjuring up new suspicions (see EU Commission PNR Directive Proposal, SEC(2011) 132, p. 12). Also, taking a flight is a perfectly ordinary form of human behavior. There is no empirically demonstrated connection to the perpetration of serious crimes or acts of terrorism (in para 203, the AG presupposes such a “lien objectif” without providing any evidence exceeding anecdotal intuitions about terrorism and human trafficking) and the PNR Directive, given its broad catalogue of targeted crimes, is not limited to dangers caused by air traffic. What behavior will be targeted next? Visiting the museum? Going to a rock concert? Belgium, for example, has already expanded the PNR Directive’s scope to international trains, busses and ferries (Doc. parl., Chambre, 20152016, DOC 54-2069/001, p.7).

Good reasons for applicability

It thus is quite clear: Should Digital Rights Ireland and its successors apply, the PNR Directive is in trouble. Now, why wouldn’t their criteria be transposable? The AG’s arguments mainly turn on a perceived difference in sensitivity of PNR data, compared to telecommunications meta-data. The latter, the AG explains, contain intimate information of users’ private lives (para 195, 196), and almost uncontrollable in their scope and processing because everyone uses telecommunication (paras 196, 198). Moreover, because they are used for communication, telecommunications data, unlike PNR data, have an intrinsic connection to fundamental democratic freedoms (para 197). PNR data, on the other hand, he opines, are limited to a delineated life domain and narrower target groups because fewer people use planes than telecommunication (paras 196, 198).

Under closer examination, this comparison falls apart. Firstly, PNR data contain very sensitive information, too. As the CJEU has pointed out in his Opinion 1/15 regarding the once-envisaged EU-Canada PNR Agreement, “taken as a whole, the data may, inter alia, reveal a complete travel itinerary, travel habits, relationships existing between air passengers and the financial situation of air passengers, their dietary habits or state of health” (para 128). Unlike the AG (see para 195 in his Opinion), I can find no remarks in Opinion 1/15 that would relegate PNR data to a diminished place compared to telecommunications data. But secondly, and more importantly, the AG fails to consider other factors weighing on the severity of the PNR Directive’s data processing when compared against the processing of Directive 2006/24/EC and its siblings: The method and breadth of processing and the locus of storage.

Only a small minority of telecommunication datasets, upon government requests in specific cases (see Articles 4 and 8 of Directive 2006/24/EC), underwent closer scrutiny, while the vast majority remained untouched. Under the PNR Directive, however, all passengers, without exception, are subjected to automated processing. In so doing, the comparison against pre-determined criteria, as the AG points out himself (para 228 OP), can be seen as inviting Member States to use self-learning algorithms to establish suspicious movement patterns. Other EU law statutes like Art. 22 GDPR or Art. 11 of Directive 2016/618, as well as comparable decisions by national constitutional courts (BVerfG, Beschluss des Ersten Senats vom 10. November 2020 – 1 BvR 3214/15 -, para 109) are inspired by an understanding that such automated processing methods greatly increase the severity of respective interferences with fundamental rights. Moreover, while telecommunications data were stored on telecommunication service providers’ servers (to whom users had entrusted these data), PNR data are all transferred from air carriers to government entities and then stored there.

Hence, there are good reasons to assume that the data processing at hand causes even more severe interferences with Articles 7 and 8 CFR than Directive 2006/24/EC did. It thus follows, that the case law of Digital Rights Ireland should apply a fortiori.

An inaccurate conception of automated algorithmic profiling and base rate fallacy

There are other problems with the AG’s reasoning; completely untangling all of them would exceed this space. Broadly speaking, however, the AG seems to underestimate the intrinsic pitfalls of unleashing predictive self-learning algorithms on datapools like these. The AG claims that the PNR Directive contains sufficient safeguards against false-positives and discriminatory results (para 176 OP).

Firstly, it is unclear what these safeguards are supposed to be. The Directive does not enunciate clear standards for human review. Secondly, even if there were more specific safeguards, it is hard to see how they could remedy the Directive’s central inefficiency. That inefficiency does not reside in the text, it’s in the math – and it’s called ‘base rate fallacy’. The Directive forces law enforcement to look for the needle in a haystack. Even if their algorithms were extremely accurate, false-positives would most likely exceed true-positives. Statistics provided by Member States showing extremely high false-positive rates support this observation. The Opinion barely even discusses false-positives as a problem (only in an aside in para 226 OP). Also, it is unclear how the antidiscrimination principle of Art. 6 § 4 is supposed to work. While the algorithms in question may be programmed in way to not process explicit data points on race, religion, health etc., indirect discrimination is a well-established problem of antidiscrimination law. Both humans and algorithms may just use the next-best proxy trait. (see for example Tischbirek, Artificial Intelligence and Discrimination).

Now, the AG attempts to circumvent these problems by reading the PNR Directive in a way that prohibits the use of self-learning algorithms (para 228 OP). But that interpretation, which is vaguely based on some “système de garanties“ (para 228 OP), is both implausible – it lacks textual support and the pile of PNR data is amassed precisely to create a use case for AI at EU borders – and insufficient to alleviate this surveillance tool’s inherent statistical inefficiency.

This cursory analysis sheds light on some of the AG’s Opinion’s shortcomings. It thus follows that the CJEU should deviate from Pitruzzella’s recommendations. The PNR Directive, due to the severity of its effects and its inherent inefficiency in fulfilling its stated purpose, produces disproportionate interferences with Articles 7 and 8 CFR. It ought to be invalidated.

Between 2017 and 2021, the author worked for the German NGO “Gesellschaft für Freiheitsrechte”, among other things, on a similar case (C-148/20 to C-150/20) directed against the PNR Directive.

Does the EU PNR Directive pave the way to Mass surveillance in the EU? (soon to be decided by the CJEU… )

Fundamental Rights European Experts Group

(FREE-Group)

Opinon on the broader and core issues arising in the PNR Case currently before the CJEU (Case C-817/19)

by Douwe Korff (Emeritus Professor of International Law, London Metropolitan University Associate, Oxford Martin School, University of Oxford)

(LINK TO THE FULL VERSION 148 Pages)

EXECUTIVE SUMMARY

(with a one-page “at a glance” overview of the main findings and conclusions)

Main findings and conclusions at a glance

In my opinion, the appropriate tests to be applied to mass surveillance measures such as are carried out under the PNR Directive (and were carried out under the Data Retention Directive, and are still carried out under the national data retention laws of the EU Member States that continue to apply in spite of the CJEU case-law) are:

Have the entities that apply the mass surveillance measure – i.e., in the case of the PNR Directive (and the DRD), the European Commission and the EU Member States – produced reliable, verifiable evidence:

that those measures have actually, demonstrably contributed significantly to the stated purpose of the measures, i.e., in relation to the PNR Directive, to the fight against PNR-relevant crimes (and in relation the DRD, to the fight against “serious crime as defined by national law”); and
that those measures have demonstrably not seriously negatively affected the interests and fundamental rights of the persons to whom they were applied?

If the mass surveillance measures do not demonstrably pass both these tests, they are fundamentally incompatible with European human rights and fundamental rights law and the Charter of Fundamental Rights; this means the measures must be justified, by the entities that apply them, on the basis of hard, verifiable, peer-reviewable data.

The conclusion reached by the European Commission and Dutch Minister of Justice: that overall, the PNR Directive, respectively the Dutch PNR law, had been “effective” because the EU Member States said so (Commission) or because PNR data were quite widely used and the competent authorities said so (Dutch Minister) is fundamentally flawed, given that this conclusion was reached in the absence of any real supporting data. Rather, my analyses show that:

Full PNR data are disproportionate to the purpose of basic identity checks;
The necessity of the PNR checks against Interpol’s Stolen and Lost Travel Document database is questionable;
The matches against unspecified national databases and “repositories” are not based on foreseeable legal rules and are therefore not based on “law”;
The necessity and proportionality of matches against various simple, supposedly “suspicious” elements (tickets bought from a “suspicious” travel agent; “suspicious” travel route; etc.) is highly questionable; and
The matches against more complex “pre-determined criteria” and profiles are inherently and irredeemably flawed and lead to tens, perhaps hundreds of thousands of innocent travellers wrongly being labelled to be a person who “may be” involved in terrorism or serious crime, and are therefore unsuited (D: ungeeignet) to the purpose of fighting terrorism and serious crime.

The hope must be that the Court will stand up for the rights of individuals, enforce the Charter of Fundamental Rights, and declare the PNR Directive (like the Data Retention Directive) to be fundamentally in breach of the Charter.

– o – O – o –

Executive Summary

This document summarises the analyses and findings in the full Opinion on the broader and core issues arising in the PNR Case currently before the CJEU (Case C-817/19), using the same headings and heading numbers. Please see the full opinion for the full analyses and extensive references. A one-page “at a glance” overview of the main findings and conclusions is also provided.

The opinion drew in particular on the following three documents, also mentioned in this Executive Summary:

Report from the Commission to the European Parliament and the Council on the review of Directive 2016/681 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, COM(2020) 305 final, 24 July 2020 (hereafter: “Commission report”), available at: https://op.europa.eu/en/publication-detail/-/publication/4bfd0de3-cda3-11ea-adf7-01aa75ed71a1/language-en

Commission Staff Working Document accompanying the above Commission Report, SWD(2020) 128 final, 24 July 2020 (hereafter: “Staff working document”), available at: https://op.europa.eu/en/publication-detail/-/publication/9c419b94-cda3-11ea-adf7-01aa75ed71a1/language-en/format-PDF/source-search

Evaluatie PNR-Wet (Evaluation of the Dutch PNR Law), October 2021, carried out under Article 25 of the Dutch PNR Law and presented to the First Chamber of the Dutch Parliament on 12 November 2021, available at: https://www.eerstekamer.nl/overig/20211112/evaluatie_pnr_wet_wodc_oktober/document (in Dutch; relevant passages are translated into English in the full opinion)

– o – O – o –

Introduction

In the opinion, after explaining, at 2, the broader context in which personal data are being processed under the PNR Directive, I try to assess whether the processing that the PNR Directive requires or allows is suitable, effective and proportionate to the aims of the directive. In doing so, in making those assessments, I base myself on the relevant European human rights and data protection standards, summarised at 3.

NB: The opinion focusses on the system as it is designed and intended to operate, and on what it allows (even if not everything that may be allowed is [yet] implemented in all Member States), and less on the somewhat slow implementation of the directive in the Member States and on the technical aspects that the Commission report and the staff working document often focussed on. It notes in particular a number of elements or aspects of the directive and the system it establishes that are problematic, either conceptually or in the way they are supposed to operate or to be evaluated.

2. PNR in context

In the footsteps of the US and UK intelligence services (as revealed by Snowden), the EU Member States’ law enforcement agencies are increasingly using their access to bulk data – bulk e-communications data, financial data, PNR data, etc. – to “mine” the big data sets by means of sophisticated, self-learning algorithms and Artificial Intelligence (AI).

The European Union Agency for Law Enforcement Cooperation, Europol, has become increasingly involved in algorithm/AI-based data analysis (or at least in the research underpinning those technologies), and last year the Commission proposed to significantly further expand this role.

The processing of PNR data under the PNR Directive must be seen in these wider contexts: the clear and strengthening trend towards more “proactive”, “preventive” policing by means of analyses and algorithm/AI-based data mining of (especially) large private-sector data sets and databases; the increasingly central role played by Europol in this (and the proposal to expand that role yet further); the focusing on “persons of interest” against whom there is (as yet) insufficient evidence for action under the criminal law (including, in relation to Europol, persons against whom there is an “Article 36 alert” in its SIS II database); and the still increasing intertwining of law enforcement and national security “intelligence” operations in those regards.

Notably, “Article 36 SIS alerts” have been increasing, and in the Netherlands, in 2020, 82.4% of all PNR “hits” against the Schengen Information System, confirmed by the Dutch Passenger Information Unit established under the PNR Directive, were “hits” against “Article 36 alerts”.

Human rights-, digital rights- and broader civil society NGOs have strongly criticised these developments and warned of the serious negative consequences. Those concerns should be taken seriously, and be properly responded to.

3 Legal standards

General fundamental rights standards stipulate that all interferences with fundamental rights must be based on a “law” that meets the European “quality of law” standards: the law must be public, clear and specific, and foreseeable in its application; the interferences must be limited to what is “necessary” and “proportionate” to serve a “legitimate aim” in a democratic society; the relevant limitations must be set out in the law itself (and not left to the discretion of states or state authorities); and those affected by the interferences must be able to challenge them and have a remedy in a court of law. Generalised, indiscriminate surveillance of whole populations (such as all air passengers flying to or from the EU) violates the EU Charter of Fundamental Rights. A special exception to this prohibition accepted by the EU Court of Justice in the La Quadrature du Net case, which allows EU Member States to respond to “serious”, “genuine and present or foreseeable” threats to “the essential functions of the State and the fundamental interests of society” must be strictly limited in time and place: it cannot form the basis for continuous surveillance of large populations (such as all air passengers) generally, on a continuous, indefinite basis: that would turn the (exceptional) exception into the rule. Yet that is precisely what the PNR Directive provides for.

European data protection law expands on the above general principles in relation to the processing of personal data. The (strict) case-law of the CJEU and the European Court of Human Rights on data protection generally and generalised surveillance in particular are reflected in the European Data Protection Board’s European Essential Guarantees for surveillance (EEGs).

Processing of information on a person suggesting that that person “may be” involved in criminal activities is subject to especially strict tests of legitimacy, necessity and proportionality.

Contrary to assertions by the European Commission and representatives of EU Member States (inter alia, at the hearing in the PNR case in July 2021) that the processing under the PNR Directive has little or no effect on the rights and interests of the data subjects, the processing under the directive must under EU data protection law be classified as posing “high risks” to the fundamental rights and interests of hundreds of millions of airline passengers.

Under the Law Enforcement Directive (as under the GDPR), this means that the processing should be subject to careful evaluation of the risks and the taking of remedial action to prevent, as far as possible, any negative consequences of the processing – such as the creation of “false positives” (cases in which a person is wrongly labelled to be a person who “may be” involved in terrorism or serious crime). It also means that if it is not possible to avoid excessive negative consequences, the processing is “not fit for purpose” and should not be used.

Under the proposed Artificial Intelligence Act that is currently under consideration, similar duties of assessment and remedial action – or abandoning of systems – are to apply to AI-based processes.

4 The PNR Directive

4.1 Introduction

4.2 The system

Under the PNR Directive, special “Passenger Information Units” (PIUs) in each EU Member State match the data contained in so-called passenger name records (PNRs) that airlines flying into or from the EU have to provide to those units against supposedly relevant lists and databases, to both identify already “known” formally wanted persons or already “known” “persons of interest” who “may be” involved in terrorism or other serious crime, and to “identify” (i.e., label) previously “unknown” persons who “may be” involved in such activities by means of “risk analyses” and the identification of “patterns” and “profiles” based on the identified patterns (see below, at 4.7).

The opinion analyses and assesses all major elements of the system in turn.

4.3 The aims of the PNR Directive

In simple terms, the overall aim of the PNR Directive is to facilitate the apprehension of terrorists and individuals who are involved in terrorism or other serious transnational crime, including in particular international drug- and people trafficking.

However, the first aim of the checking of the PNR data by the PIUs is more limited than the aims of the directive overall; this is: to identify persons who require further examination by the competent authorities [see below, at 4.5], and, where relevant, by Europol [see below, at 4.11], in view of the fact [?] that such persons may be involved in a terrorist offence or serious crime. (Article 6(1)(a))

When there is a match of PNR data against various lists, i.e., a “hit” (see below, at 4.9), the PNR passes this “hit” on to certain “competent authorities” (see below, at 4.5) for “further examination”; if the initial “hit” was generated by automated means, this is only done after a manual review by PIU staff. In practice, about 80% of initial “hits” are discarded (see below, at 4.9).

It is one of the main points of the opinion that the suitability, effectiveness and proportionality of the PNR Directive cannot and should not be assessed by reference to the number of initial “hits” noted by the PIUs, compared to the number of cases passed on for “further examination” to the competent authorities, but rather, with reference to more concrete outcomes (as is done in section 5.2).

4.4 The Legal Basis of the PNR Directive

It appears obvious from the Court of Justice opinion on the Draft EU-Canada Agreement that the PNR Directive, like that draft agreement, should have been based on Articles 16 and 87(2)(a) TFEU, and not on Article 82(1) TFEU. It follows that the PNR Directive, too, appears to not have been adopted in accordance with the properly applicable procedure. That could lead to the directive being declared invalid on that ground alone.

4.5 The Competent Authorities

Although most competent authorities (authorities authorised to receive PNR data and the results of processing of PNR data from the PIUs) in the EU Member States are law enforcement agencies, “many Member States [have designated] intelligence services, including military intelligence services, as authorities competent to receive and request PNR data from the Passenger Information Unit”, and “in some Member States the PIUs are actually “embedded in … [the] state security agenc[ies]”.

Given the increasingly close cooperation between law enforcement agencies (and border agencies) and intelligence agencies, in particular in relation to the mining of large data sets and the development of evermore sophisticated AI-based data mining technologies by the agencies working together (and in future especially also with and through Europol), this involvement of the intelligence agencies (and in future, Europol) in PNR data mining must be seen as a matter of major concern.

4.6 The crimes covered (“PNR- Relevant offences”)

The PNR Directive stipulates that PNR data and the results of processing of PNR data may only be used for a range of terrorist and other serious offences, as defined in Directive 2017/541 and in an annex to the PNR Directive, respectively (so-called “PNR-relevant offences”).

The processing under the PNR Directive aims to single out quite different categories of data subjects from this large base: on the one hand, it seeks to identify already “known” formally wanted persons (i.e., persons formally designated suspects under criminal [procedure] law, persons formally charged with or indicted for, or indeed already convicted of PNR-relevant offences) and already “known” “persons of interest” (but who are not yet formally wanted) by checking basic identity data in the PNRs against the corresponding data in “wanted” lists (such as “Article 26 alerts” in SIS II); and on the other hand, it seeks to “identify” previously “unknown” persons as possibly being terrorist or serious criminals, or “of interest”, on the basis of vague indications and probability scores. In the latter case, the term “identifying” means no more than labelling a person as a possible suspect or “person of interest” on the basis of a probability.

The opinion argues that any assessment of the suitability, effectiveness and proportionality of the processing must make a fundamental distinction between these different categories of data subjects (as is done in section 5).

4.7 The categories of personal data processed

An annex to the PNR Directive lists the specific categories of data that airlines must send to the database of the PIU of the Member State on the territory of which the flight will land or from the territory of which the flight will depart. This obligation is stipulated with regard to extra-EU flights but can be extended by each Member State to apply also to intra-EU flights – and all but one Member States have done so. The list of PNR data is much longer than the Advance Passenger Information (API) data that airlines must already send to the Member States under the API Directive, and includes information on travel agents used, travel routes, email addresses, payment (card) details, luggage, and fellow travellers. On the other hand, often some basic details (such as date of birth) are not included in the APIs.

The use of sensitive data

The PNR Directive prohibits the processing of sensitive data, i.e., “data revealing a person’s race or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health, sexual life or sexual orientation”. In the event that PNR data revealing such information are received by a PIU, they must be deleted immediately. Moreover, competent authorities may not take “any decision that produces an adverse legal effect on a person or significantly affects a person” on the basis of such data. However, PNR data can be matched against national lists and data “repositories” that may well contain sensitive data. Moreover, as noted at 4.9(f), below, the provisions in the PNR Directive do not really protect against discriminatory outcomes of the profiling that it encourages.

4.8 The different kinds of matches

(a) Matching of basic identity data in PNRs against the identity data of “known” formally wanted persons

PNR data are matched against SIS II alerts on “known” formally wanted persons (including “Article 26 alerts”) and against “relevant” national lists of “known” formally wanted persons.

This is usually done by automated means, followed by a manual review. The Commission reports that approximately 81% of all initial matches are rejected – and not passed on to competent authorities for further examination. Notably:

– the quality of the PNR data as received by the PIUs, including even of the basic identity data, is apparently terrible and often “limited”; this is almost certainly the reason for the vast majority of the 81% rejections;

– most of the long lists of PNR data are not needed for basic identity checks: full names, date of birth, gender and citizenship/nationality should suffice – and a passport or identity card number would make the match more reliable still. All those data are included in the API data, and all are included in optical character recognition format in the machine-readable travel documents (MRTD) that have been in wide use since the 1980s.

In other words, paradoxically, PNR data are both excessive for the purpose of basic identity checks (by containing extensive data that are not needed for such checks), and insufficient (“too limited”), in particular in relation to intra-Schengen flights (by not [always] including the dates of birth of the passengers).

– the lists against which the PNR data are compared, including in particular the SIS alerts and the EAW lists, but also many national lists, relate to many more crimes than are subject to the PNR Directive (“PNR-relevant offences”) – but in several Member States “hits” against not-PNR-relevant suspects (etc.) are still passed on to competent authorities, in clear breach of the purpose-limitation principle underpinning the directive.

In that respect, it should be noted that the Commission staff working document claims that in relation to situations in which the PNR data is “too limited” (typically, by not including date of birth), “[t]he individual manual review provided for in Article 6.5 of the PNR Directive protects individuals against the adverse impact of potential ‘false positives’” – but this is simply untrue: While a confirmed matching of identity data in relation to a person who is formally wanted in relation to PNR-relevant offences can be regarded as a “positive” result of the identity check, a “hit” in relation to a person who is wanted for not-PNR-relevant offences should of course not be regarded as a positive result under the PNR Directive.

(b) Matching of basic identity data in PNRs against the identity data of “known” “persons of interest”

In principle, the matching of basic identity data from PNRs against lists of basic identity data of “persons of interest” listed in the SIS system (and comparable categories in national law enforcement repositories), like the matching of data on formally wanted persons, should be fairly straight-forward.

However, the PNRs in this regard first of all suffer from the same two deficiencies as were discussed in relation to matches for formally wanted persons, discussed at (a), above: PNR data are both excessive for the purpose of basic identity checks (by containing extensive data that are not needed for such checks), and insufficient (“too limited”), in particular in relation to intra-Schengen flights (by not [always] including the dates of birth of the passengers). The third issue identified in the previous sub-section, that SIS alerts (and similar alerts in national law enforcement repositories) can relate to many more criminal offences than those that are “PNR-relevant” also applies: many persons labelled “person of interest” will be so labelled in relation to “non-PNR-relevant” offences.

In my opinion, while a confirmed matching of identity data in relation to persons who are formally wanted in relation to (formally suspected of, charged with, or convicted of) PNR-relevant offences can be regarded as a “positive” result of an identity check, a “hit” in relation to persons who are labelled “person of interest” should not be regarded as a positive result under the PNR Directive – certainly of course not if they are so labelled in relation to non-PNR-relevant offences, but also not if they are in no way implicated as in any way being culpable of PNR-relevant offences.

In my opinion, even confirmed “hits” confirming the identity of already listed “persons of interest” should not be regarded as “positive” results under the PNR Directive unless they result in those persons subsequently being formally declared to be formal suspects in relation to terrorist or other serious, PNR-relevant criminal offences.

(c) Matching of PNR Data against data on lost/stolen/fake credit cards and lost/stolen/fake identity or travel documents

The staff working document makes clear that PNR data are checked by “a large majority of PIUs” against Interpol’s Stolen and Lost Travel Document database as one “relevant database”. However, this is somewhat of a residual check because that database is also already made available to airlines through Interpol’s “I-Checkit” facility. Moreover:

Even leaving the issue of purpose-limitation aside, a “hit” against a listed lost/stolen/fake credit card or a lost/stolen/fake identity or travel document should still only be considered a “positive result” in terms of the PNR Directive if it results in a person subsequently being formally declared to be (at least) a formal suspect in relation to terrorist or other serious, PNR-relevant criminal offences.

(d) Matching of PNR data against other, unspecified, supposedly relevant (in particular national) databases

It is far from clear what databases can be – and in practice, in the different Member States, what databases actually are – regarded as “relevant databases” in terms of the PNR Directive: this is left to the Member States. At the July 2021 Court hearing, the representative of the Commission said that the data of Facebook, Amazon and Google could not be regarded as “relevant”, and that law enforcement databases (des bases policières) would be the most obvious “relevant” databases. But the Commission did not exclude matches against other databases with relatively “hard” data, such as databases with financial data (credit card data?) or telecommunications data (location data?).

The vagueness of the phrase “relevant databases” in Article 6(3)(a) and the apparently wide discretion granted to Member States to allow matching against all sorts of unspecified data sets is incompatible with the Charter of Fundamental Rights and the European Convention on Human Rights. It means that the application of the law is not clear or foreseeable to those affected – i.e., the provision is not “law” in the sense of the Charter and the Convention (and EU law generally) – and that the laws can be applied in a disproportionate manner.

In other words, even in relation to the basic checks on the basis of lists of “simple selectors”, the PNR Directive does not ensure that those checks are based on clear, precise, and in their application foreseeable Member State laws, or that those laws are only applied in a proportionate manner. In the terminology of the European Court of Human Rights, the directive does not protect individuals against arbitrary interferences with the rights to privacy and protection of personal data.

(e) Matching of PNR data against lists of “suspicious travel agents”, “suspicious routes”, etc.

The staff working document repeatedly refers to checks of PNR data against “patterns” such as tickets being bought from “suspicious” travel agents; the use of “suspicious” travel routes; passengers carrying “suspicious” amounts of luggage (and the Dutch evaluation report even mentions that a person wearing a suit and hastening through customs [while being black] was regarded by custom authorities as fitting a “suspicious” pattern). No proper prosecuting or judicial authority could declare travellers to be a formal suspect – let alone to charge, prosecute or convict a traveller – on the basis of a match against such simple “suspicious” elements alone. In my opinion:

For the purpose of evaluating the suitability, effectiveness and proportionality of the PNR Directive (and of the practices under the directive), a simple “hit” against these vague and far-from-conclusive factors or “criteria” should not be regarded as a “positive” result. Rather, a “hit” against such vague “criteria” as the purchase of an air ticket from a “suspicious” travel agent, or the using of a “suspicious” route, or the carrying of a “suspicious” amount of luggage – let alone “walking fast in a suit (while being black)” – should again only be considered a “positive result” in terms of the PNR Directive if it result in a person subsequently being formally declared to be (at least) a formal suspect in relation to terrorist or other serious, PNR-relevant criminal offences.

(f) Matching of data in the PNRs against more complex “pre-determined criteria” or profiles

(fa) Introduction

Under the PNR Directive, PIUs may, in the course of carrying out their assessment of whether passengers “may be involved in a terrorist offence or [other] serious crime”, “process PNR data against pre-determined criteria”. As also noted by the EDPS, it is clear that the PNR data can be matched against “patterns” discerned in previous data and against “profiles” of possible terrorists and serious criminals created on the basis of these patterns, that are more complex than the simple patterns discussed at (e), above. This is also undoubtedly the direction in which searches for terrorists and other serious criminals are moving.

(fb) The nature of the “pre-determined criteria”/“profiles”

The EU and EU Member State agencies are increasingly applying, or are poised to apply, increasingly sophisticated data mining technologies such as are already used by the UK (and US) agencies. This involves self-learning, AI-based algorithms that are constantly dynamically re-generated and refined through loops linking back to earlier analyses. The software creates constantly self-improving and refining profiles against which it matches the massive amounts of data – and in the end, it produces lists of individuals that the algorithm suggests may (possibly or probably) be terrorists, or associates of terrorists or other serious criminals. It is the stated policy of the EU to accelerate the development and deployment of these sophisticated technologies, under the guidance of Europol.

Whatever the current level of use of such sophisticated techniques in law enforcement and national security contexts in the Member States (as discussed at (fd), below), if the PNR Directive is upheld as valid in its current terms, nothing will stand in the way of the ever-greater deployment of these more sophisticated (but flawed) technologies in relation to air passengers. That would also pave the way to yet further use of such (dangerous) data mining and profiling in relation to other large population sets (such as all users of electronic communications, or of bank cards).

(fc) The creation of the “pre-determined criteria”/“profiles”

Given (a) the increasingly sophisticated surveillance and data analysis/data mining/risk assessment technologies developed by the intelligence services of the EU Member States (often drawing on US and UK experience) and now also by law enforcement agencies and (b) the clear role assigned to Europol in this respect, it would appear clear that there is being developed a cadre of data mining specialists in the EU – and that the PNR data are one of the focus areas for this work. In other words, the “pre-determined criteria” – or AI-based algorithms – that are to be used in the mining of the PNR data are being developed, not solely by or within the PIUs but by this broader cadre that draws in particular on intelligence experts (some of whom may be embedded in the PIUs). The PNR databases are (also) between them a test laboratory for data mining/profiling technologies. And (c) there is nothing in the PNR Directive that stands in the way of using other data than PNR data in the creation of “pre-determined criteria”, or indeed in the way of using profiles developed by other agencies (including intelligence agencies) as “pre-determined criteria” in the PIU analyses.

(fd) The application of the more complex “pre-determined criteria”/“profiles” in practice

It would appear that to date, few Member States are as yet using data mining in relation to PNR data in as sophisticated a way as described in sub-section (fb), above (or at least acknowledge such uses).

However, in a range of EU Member States algorithm/AI-based profiling is already in use in relation to broader law enforcement (and especially crime prevention). Moreover, the aim of the Commission and the Member States is expressly to significantly expand this use, with the help of Europol and its Travel Intelligence Task Force, and through “training on the development of pre-determined criteria” in “an ongoing EU-funded project, financed under the ISF-Police Union Actions.”

This merely underlines the point I made in the previous sub-sections: that the PNR database is being used as a test laboratory for advanced data mining technologies, and that if the PNR Directive is upheld as valid in its current terms, nothing will stand in the way of the ever-greater deployment of these more sophisticated (but flawed) technologies in relation to air passengers, and others. The fact that sophisticated data mining and profiling is said to not yet be in widespread operational use in most Member States should not be a reason for ignoring this issue – on the contrary: this is the desired destination of the analyses.

(fe) The limitations of and flaws in the technologies

There are three main problems with algorithmic data mining-based detection of rare phenomena (such as terrorists and serious criminals in a general population):

– The base-rate fallacy and its effect on false positives:

In very simple layperson’s terms, the base-rate fallacy means that if you are looking for very rare instances or phenomena in a very large dataset, you will inevitably obtain a very high percentage of false positives in particular – and this cannot be remedied by adding more or somehow “better” data: by adding hay to a haystack.

As noted above, at 4.7, a very rough guess would be that on average the 1 billion people counted by Eurostat as flying to or from the EU relate to 500 million distinct individuals. In other words, the base rate for PNR data can be reasonably assumed to be in the region of 500 million.

The Commission reports that there are initial “hits” in relation to 0.59% of all PNRs, while 0.11% of all PNRs are passed on as confirmed “hits” to competent authorities for “further examination”. The Commission report and the staff working document appear to imply – and certainly do nothing to refute – that the 0.11% of all confirmed “hits” that are passed on to competent authorities are all “true positives”. However, that glaringly fails to take account of the base rate, and its impact on results.

Even if the PNR checks had a failure rate of just 0.1% (meaning that (1) in relation to persons who are actually terrorists or serious criminals, the PIUs will rightly confirm this as a proper “hit” 99.9% of the time, and fail to do so 0.1% of the time and (2) in relation to persons who are not terrorists, the PIUs will rightly not generate a confirmed “hit” 99.9% of the time, but wrongly register the innocent person as a confirmed “hit” 0.1% of the time) the probability that a person flagged by this system is actually a terrorist would still be closer to 1% than to 99%. In any case, even if the accuracy rate of the PNR checks were to be as high as this assumed 99.9% (which of course is unrealistic), that would still lead to some 500,000 false positives each year.

Yet the Commission documentation is silent about this.

– Built-in biases:

The Commission staff working document claims that, because the “pre-determined criteria” that are used in algorithmic profiling may not be based on sensitive data, “the assessment cannot be carried out in a discriminatory manner” and that “[t]his limits the risk that discriminatory profiling will be carried out by the authorities.” This is simply wrong.

In simple terms: since “intimate part[s] of [a person’s] private life” can be deduced, or at least inferred, from seemingly innocuous information – such as data included in PNRs (in particular if matched against other data) – those “intimate aspects” are not “fully protected by the processing operations provided for in the PNR Directive”. Indeed, in a way, the claim to the contrary is absurd: the whole point of “risk analysis” based on “pre-determined criteria” is to discover unknown, indeed hidden matters about the individuals who are being profiled: inferring from the data on those people, on the basis of the application of those criteria, that they are persons who “may be” involved in terrorism or other serious crimes surely is a deduction of an “intimate aspect” of those persons (even if it is not specifically or necessarily a sensitive datum in the GDPR sense – although if the inference was that a person “might be” an Islamist terrorist, that would be a [tentatively] sensitive datum in the strict sense). Moreover, even without specifically using or revealing sensitive information, the outcomes of algorithmic analyses and processing, and the application of “abstract”, algorithm/AI-based criteria to “real” people can still lead to discrimination.

The PNR Directive stipulates that the assessment[s] of passengers prior to their scheduled arrival in or departure from the Member State carried out with the aim of identifying persons who require further examination by the competent authorities of the directive “shall be carried out in a non-discriminatory manner”. However, this falls considerably short of stipulating: (i) that the “pre-determined criteria” (the outputs of the algorithms) are not biased in some way and (ii) that measures must be taken to ensure that the outcomes of the assessments are not discriminatory. It is important to address both those issues (as explained in a recent EDRi/TU Delft report).

Given that profile-based matches to detect terrorists and other serious criminals are inherently “high risk” (as noted at 3, above and further discussed at 5, below), it requires an in-depth Data Protection Impact Assessment under EU data protection law, and indeed a broader human rights impact assessment. The need for serious pre-evaluation of algorithms to be used in data mining and for continuous re-evaluation throughout their use is also stressed in various paragraphs in the recent Council of Europe recommendation on profiling. The proposed AI Act also requires this.

However, no serious efforts have been made by the European Commission or the EU Member States to fulfil these duties. Neither have ensured that full, appropriate basic information required for such serious ex ante and ex post evaluations is even sought or recorded.

In sum: the European Commission and the EU Member States have not ensured that in practice the processing of the PNR data, and the linking of those data to other data (databases and lists), does not have discriminatory outcomes. The mere stipulation that outputs of algorithmic/AI-based profiling should not be “solely based on” sensitive aspects of the data subjects (the airline passengers) falls far short of ensuring compliance with the prohibition of discrimination.

– Opacity and unchallengeability of decisions:

In the more developed “artificial intelligence” or “expert” systems, the computers operating the relevant programmes create feedback loops that continuously improve the underlying algorithms – with almost no-one in the end being able to explain the results: the analyses are based on underlying code that cannot be properly understood by many who rely on them, or even expressed in plain language. This makes it extremely difficult to provide for serious accountability in relation to, and redress against, algorithm-based decisions generally. Profiling thus poses a serious threat of a Kafkaesque world in which powerful agencies take decisions that significantly affect individuals, without those decision-makers being able or willing to explain the underlying reasoning for those decisions, and in which those subjects are denied any effective individual or collective remedies.

That is how serious the issue of profiling is: it poses a fundamental threat to the most basic principles of the Rule of Law and the relationship between the powerful and the people in a democratic society. Specifically in relation to PNR:

– PIU staff cannot challenge algorithm-based computer outputs;

– The staff of the competent authorities are also unlikely (or indeed also effectively unable) to challenge the computer output; and

– Supervisory bodies cannot properly assess the systems.

External supervisory bodies such as Member States’ data protection supervisory authorities will generally not be given access to the underlying data, cannot review the algorithms at the design stage or at regular intervals after deployment and in any case do not have the expertise. Internal bodies are unlikely to be critical and may involve the very people who design the system (who write the code that provides the [dynamic] algorithm). The report on the evaluation of the Dutch PNR Law noted that under that law (under which the algorithms/profiles are supposed to be checked by a special commission):

The rules [on the creation of the pre-determined criteria] do not require the weighing [of the elements] or the threshold value [for regarding a “hit” against those criteria to be a valid one] to meet objective scientific standards.

This is quite an astonishing matter. It acknowledges that the algorithm/AI-based profiles are essentially unscientific. In my opinion, this fatally undermines the way the pre-determined criteria are created and “tested” in the Netherlands. Yet at the same time, the Dutch system, with this “special commission”, is probably better than what is in place in most other EU Member States. This surely is a matter that should be taken into account in any assessment of the PNR system EU-wide – including the assessment that is shortly to be made by the Luxembourg Court.

In sum:

– because the “base-rate” for the PNR data mining is so high (in the region of 500 million people) and the incidence of terrorists and serious criminals within this population so relatively low, algorithm/AI-based profiling is likely to result in tens of thousands of “false positives”: individual air passengers who are wrongly labelled to a be person who “may be” involved in terrorism or other serious crime;

– the provisions in the PNR Directive that stipulate that no sensitive data may be processed, and that individual decisions and matches may not be “solely based on” sensitive aspects of the individuals concerned do not protect those individuals from discriminatory outcomes of the profiling;

– the algorithm/AI-based outcomes of the processing are almost impossible to challenge because those algorithms are constantly dynamically changed (“improved” through self-learning) and therefore in effect impossible to fully comprehend even by those carrying out the analyses/risk assessments; and

– the outputs and outcomes of the algorithm/AI-based profiling and data mining and matching are not subject to proper scientific testing or auditing, and extremely unlikely to made subject to such testing and auditing.

4.9 Direct access to PNR data by EU Member States’ intelligence agencies

It appears that at least in the Netherlands, the national intelligence agencies are granted direct access to the bulk PNR database, without having to go through the PIU (or at least without this being properly recorded). If the Dutch authorities were to argue that such direct access to data by the Dutch intelligence agencies is outside EU law, they would be wrong. Specifically, in its LQDN judgment, the CJEU held that the rules on personal data processing operations by entities that are, in that processing, subject to EU data protection law (in that case, providers of electronic communication services, who are subject to the e-Privacy Directive), including processing operations by such entities resulting from obligations imposed on them (under the law) by Member States’ public authorities (in that case, for national security purposes) can be assessed for their compatibility with the relevant EU data protection instrument and the Charter of Fundamental Rights.

In my opinion, if the Dutch intelligence and security agencies do indeed have direct access to the PNR database, without having to go through the Dutch PIU (the Pi-NL), or without that being recorded – as appears to be pretty obviously the case – that is in direct breach of the PNR Directive, of the EU data protection instruments, and of the EU Charter of Fundamental Rights.

Whether the EU data protection instruments and the PNR Directive are similarly circumvented in other EU Member States, I do not know. Let me just recall that in several Member States, the PIU is “embedded in … [the] state security agenc[ies]”. However, the Dutch example shows how dangerous, in a democratic society, the accruing of such bulk databases is.

4.10 Dissemination and subsequent use of the data and purpose-limitation

(a) Spontaneous provision of PNR data and information on (confirmed) “hits”

In principle, subject only to a “relevant and necessary” requirement in relation to transmissions to the other PIUs, confirmed “hits” can be very widely shared across all the EU Member States, both between the PIUs but also, via the PIUs, with any “competent authority” in any Member State (including intelligence agencies where those are designated as such: see at 4.5, above).

(aa) Spontaneous provision of information to domestic competent authorities on the basis of matches against lists and databases (including SIS II)

The Commission staff working report gives no insight into the actual scope of spontaneous dissemination of PNR data or “results of the processing” of PNR data by the PIUs on the basis of (confirmed) “hits” to competent authorities in the PIUs’ own countries.

The report on the evaluation of the Dutch PNR Law suggests that, in that country, spontaneous provisions of PNR to Dutch authorities “for further examination” are still effectively limited to (confirmed) matches against the SIS II database, and indeed to matches against the alerts listed in Articles 26 and 36 of the Council Decision establishing that database (respectively, alerts for persons wanted for arrest for extradition, and alerts relating to people or vehicles requiring discreet checks). The Dutch SIS II matches amounted to roughly 10 in every 100,000 passengers (2:100,000 “Article 26” matches and 8:100,000 “Article 36” matches).

If the Dutch statistics of 10:100,000 and 82.4% are representative of the overall situation in the EU, this would mean that each year, out of the 500 million passengers on whom PNR data are collected annually, approximately 50,000 passengers are subjected to “further examination” on the basis of a SIS II match, 40,000 of whom are relate to “Article 36 alerts”, i.e., to “persons of interest” who are not (yet) formally wanted in relation to any crime (let alone a PNR-relevant one).

But of course, there are also (confirmed) “hits” on other bases (including on the basis of “pre-determined criteria” and matches resulting from requests for information) – and other countries may also match against more than just Article 26 and Article 36 alerts on SIS II.

(ab) Spontaneous provision of information to other PIUs on the basis of matches against lists and databases (including SIS II)

It would appear that, until now, in practice, information – including information on matches against SIS II alerts – is only rarely spontaneously shared between PIUs.

However, the clear aim of the Commission is to significantly increase the number of spontaneous transmissions of PNR data and of information on (confirmed) “hits” against SIS II (or against pre-determined criteria: see below) between PIUs, and via PIUs to competent authorities in other EU Member States (again including intelligence agencies in Member States where those are designated as such).

(ac) Spontaneous provision of information to domestic competent authorities and to other PIUs on the basis of matches against pre-determined criteria

It would appear that matching of PNR data against pre-determined criteria – and consequently also the spontaneous informing of competent authorities of (confirmed) “hits” against such criteria – is still extremely rare in the EU Member States. However, the aim is for the use of such criteria to be greatly expanded.

(ad) Spontaneous provision of “results of processing” of PNR data other than information on matches against list or databases (such as SIS II) or pre-determined criteria

The spontaneous sharing of new or improved criteria is more likely to occur within the data mining cadre that is being formed (see above, at 4.9(fc)), rather than done through exchanges between PIUs. But that of course does not mean that it will not occur – on the contrary, the aim is clearly to extend the use of pre-determined criteria, and for the EU Member States to cooperate much more closely in the development and sharing of those criteria, specifically through a much-enhanced role for Europol.

(b) Provision of PNR data and analysis data to competent authorities, other PIUs or Europol on request

(ba) Provision of information to domestic competent authorities at the request of such authorities

In relation to the provision of information by the PIUs to their domestic competent authorities at the latter’s request, the relevant national rules apply. The Commission staff working document provides no information whatsoever on the extent to which this option is used beyond saying that the numbers are increasing. In the Netherlands, some procedural safeguards are established to seek to ensure that requests are only made in appropriate cases, and in particular only in relation to PNR-relevant offences. Whether other Member States impose procedural safeguards such as prior authorisation of requests from certain senior officials, I do not know. The PNR Directive does not require them (it leaves this to the laws of the Member States) and the Commission staff working report does not mention them.

(bb) Provision of information to competent authorities of other EU Member States at the request of such authorities

The Commission claims that provision of PNR data at the request of competent authorities of other EU Member States is one part of the PNR system that operates well. However, the Commission staff working report suggests that there are problems, in particular in relation to compliance with the purpose-limitation principle underpinning the PNR Directive: see below, at (d).

Moreover, if the Dutch data are anything to go by, it would appear that the vast majority of requests for PNR data come from the national authorities of the PIU’s own country: in the Netherlands, in 2019-20, there were 3,130 requests from national authorities, against just 375 requests from other PIUs and authorities in other EU Member States. This rather qualifies the Commission claim that “the exchange of data between the Member States based on requests functions in an effective manner” and that “[t]he number of requests has grown consistently”. Both statements could be true, but the actual total numbers of requests from other Member States may still be extremely low (for now), at least in comparison with the number of requests the PIUs receive from their own national authorities.

(bc) Provision of information to Europol at the latter’s request

The Commission staff working document does not provide any information on the number of requests made by Europol, or on the responses to such requests from the PIUs. The report on the evaluation of the Dutch PNR notes that within Europol there appear to be no procedural conditions or safeguards relating to the making of requests (such as the safeguard that requests from Dutch authorities must be checked by a Dutch prosecutor (OvJ).

If the Dutch data are anything to go by, it would appear that there are in fact very view requests for information from Europol: in that country, the PIU only received 32 such requests between June 2019 and the end of 2020, i.e., less than two a month. But if Europol is to be given a much more central role in the processing of PNR data, especially in the matching of those data against more sophisticated pre-determined criteria (with Europol playing the central role in the development of those more sophisticated criteria, as planned), the cooperation between the Member States’ PIUs and Europol, and the sharing of PNR data and data on “hits”, is certain to greatly expand.

(c) Transfer of PNR data to third countries on a case-by-case basis.

The transfer of PNR data by the Member States to countries outside the EU is only allowed on a case-by-case basis and only when necessary for fighting terrorism and serious crime, and PNR data may be shared only with public authorities that are competent for combating PNR-relevant offences. Moreover, the DPO of the relevant PIU must be informed of all such transfers.

However, the Commission reports that four Member States have failed to fully transpose other conditions provided for by the Directive relating to the purposes for which the data can be transferred or the authorities competent to receive it, and two do not require the informing of the DPO.

It is seriously worrying that several Member States do not adhere to the conditions and safeguards relating to transfers of PNR data (and of “the results of processing” of PNR data – which can include the fact that there was a “hit” against lists or criteria) to third countries that may not have adequate data protection rules (or indeed other relevant rule of law-conform rules) in place. Some of the (unnamed) Member States that do not comply with the PNR Directive in this regard are likely to pass on such data in breach of the Directive (in particular, without ensuring that the data are only used in the fight against terrorism and serious crime) to close security and political allies such as the ones that make up the “Five Eyes” intelligence group: the USA, the UK, Australia, Canada and New Zealand.

This concern is especially aggravated in relation to the USA, which the Court of Justice has now held several times to not provide adequate protection to personal data transferred to it from the EU, specifically because of its excessive mass surveillance (and there are similar concerns in relation to the UK, in spite of the Commission having issued an adequacy decision in respect of that country).

Moreover, neither the Commission staff working document nor the Dutch report provides any information on how it is – or indeed can be – guaranteed that data provided in response to a request from a third country are really only used by that third country in relation to PNR-relevant offences, or how this is – or indeed can be – monitored.

For instance, if data are provided to the US Federal Bureau of Investigation (FBI) in relation to an investigation into suspected terrorist activity, those data will also become available to the US National Security Agency (NSA), which may use them in relation to much broader “foreign intelligence purposes”. That issue of course arises in relation to provision of information from any EU Member State to any third country that has excessive surveillance laws.

Furthermore, if I am right to believe that the Dutch intelligence agencies have secret, unrecorded direct access to the PNR database (see above, at 4.10), they may also be sharing data from that database more directly with intelligence partners in other countries, including third countries, bypassing the whole PNR Directive system. Neither the Commission staff working document nor the report on the evaluation of the Dutch PNR law addresses this issue. And that issue, too, may well arise also in relation to other EU Member States.

(d) Subsequent use of the data and purpose-limitation

In principle, any information provided by the PIUs to any other entities, at home or abroad, or to Europol, is to be used by any recipient only for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, more specifically for the prevention, detection, investigation and prosecution of PNR-relevant offences.

But it has become clear that this is far from assured in practice:

– because of the dilemma faced by PIUs in some EU Member States caused by the duty of any agency to pursue any offence that comes to their attention, the PIUs in some Member States pass on information also on (confirmed) “hits” relating to not-PNR-relevant offences (both spontaneously and in response to requests), and those data are then used in relation to the prevention, detection, investigation and prosecution of those not-PNR-relevant offences;

– in the Netherlands (and probably other Member States), once information is provided to a domestic competent authority, those data enter the databases of that authority (e.g., the general police databases) and will be subject to the legal regime that applies to the relevant database – which means that there is no guarantee that their subsequent use is in practice limited to PNR-relevant offences;

– when PNR data are provided by a PIU of one Member State to a PIU of another Member State (or to several or all of the other PIUs), they are provided subject to the purpose-limitation principle of the PNR Directive – but if those data are then provided by the recipient PIU(s) to competent authorities in their own countries, the same problems arise as noted in the previous indents;

– Member States take rather different views of what constitute PNR-relevant offences, and some make “broad and unspecified requests to many (or even all Passenger Information Units)” – suggesting that in this regard, too, the purpose-limitation principle is not always fully adhered to;

– within Europol there appears to be no procedural conditions or safeguards relating to the making of requests for PNR data from PIUs (such as the safeguard that requests from Dutch authorities must be checked by a Dutch prosecutor) and the Commission staff report does not indicate whether all the PIUs check whether Europol requests are strictly limited to PNR-relevant offences (or if they do, how strict and effective those checks are);

– “four Member States have failed to fully transpose … [the] conditions provided for by the Directive relating to the purposes for which [PNR data] can be transferred [to third countries] or [relating to] the authorities competent to receive [such data]”;

– neither the Commission staff working document nor the Dutch report provides any information on how it is – or indeed can be – guaranteed that data provided in response to a request from a third country are really only used by that third country in relation to PNR-relevant offences, or how this is – or indeed can be – monitored;

and

– if I am right to believe that the Dutch intelligence agencies have secret, unrecorded direct access to the PNR database, they may also be sharing data from that database more directly with intelligence partners in other countries, including third countries, bypassing the whole PNR Directive system. Neither the Commission staff working document nor the report on the evaluation of the Dutch PNR law addresses this issue. And that issue, too, may well arise also in relation to other EU Member States.

In sum: There are major deficiencies in the system as concerns compliance, by the EU Member States, by Europol, and by third countries that may receive PNR data on a case-by-case-basis, with the fundamental purpose-limitation principle underpinning the PNR Directive, i.e., with the rule that any PNR data (or data resulting from the processing of PNR data) may only be used – not just by the PIUs, but also by any other entities that may receive those data – for the purposes of the prevention, detection, investigation and prosecution of PNR-relevant offences. In simple terms: in this respect, the PNR system leaks like a sieve.

4.11 The consequences of a “match”

It is quite clear from the available information that confirmed “hits” and the associated PNR data on at the very least tens of thousands and most probably several hundred thousand innocent people are passed on to law enforcement (and in many cases, intelligence agencies) of EU Member States and to Europol – and in some cases to law enforcement and intelligence agencies of third countries – for “further examination”. Many of those data – many of those individuals – will end up in miscellaneous national databases as data on “persons of interest”, and/or in the Europol SIS II database as “Article 36 alerts”. They may even end up in similar databases or lists of third countries.

In terms of European human rights and data protection law, even the supposedly not-very-intrusive measures such as “only” being made the object of “discreet checks” constitute serious interferences with the fundamental rights of the individuals concerned – something that the European Commission and several Member States studiously avoided acknowledging at the Court hearing. More intrusive measure such as being detained and questioned or barred from flying of course constitute even more serious interferences. Both kinds require significant justification in terms of suitability, effectiveness and proportionality – with the onus of proof lying squarely on those who want to impose or justify those interferences, i.e., in casu, the European Commission and the Member States.

Moreover, in practice “watch lists” often become “black lists”. History shows that people – innocent people – will suffer if there are lists of “suspicious”, “perhaps not reliable”, “not one of us” people lying around, and not just in dictatorships.

That is yet another reason why those who argue in favour of such lists – and that includes “Article 36 alerts” and other lists of “persons of interest” “identified” on the basis of flimsy or complex criteria or profiles – bear a heavy onus to prove that those lists are absolutely necessary in a democratic society, and that the strongest possible measures are in place to prevent such further slippery uses of the lists.

5. The suitability, effectiveness and proportionality of the processing

5.1 The lack of data and of proof of effectiveness of the PNR Directive

Neither the European Commission’s review nor the Dutch evaluation has come up with serious, measurable data showing that the PNR Directive and the PNR law are effective in the fight against terrorism or serious crime.

The Dutch researchers at least tried to find hard data, but found that in many crucial respects no records were kept that could provide such data. At most, some suggestions for better recording were made, and some ideas are under consideration, to obtain better data (although the researchers also noted that some law enforcement practitioners thought it would be too much effort).

To date, neither the Commission nor the Member States (including the Netherlands) have seriously tried to design suitable, scientifically valid methods and methodologies of data capture (geeignete Formen der Datenerfassung) in this context. Given that the onus is clearly on them to demonstrate – properly, scientifically demonstrate, in a peer-reviewable manner – that the serious interferences with privacy and data protection they insist on perpetrating are effective, this is a manifest dereliction of duty.

The excuse for not doing this essential work – that it would be too costly or demanding of law enforcement time and staff – is utterly unconvincing, given the many millions of euros that are being devoted to developing the “high risk” intrusive technologies themselves.

5.2 An attempt at an assessment

(a) The appropriate tests to be applied

(aa) The general tests

(iii) that those measures have actually, demonstrably contributed significantly to the stated purpose of the measures, i.e., in relation to the PNR Directive, to the fight against PNR-relevant crimes (and in relation the DRD, to the fight against “serious crime as defined by national law”); and

(iv) that those measures have demonstrably not seriously negatively affected the interests and fundamental rights of the persons to whom they were applied?

If the mass surveillance measures do not demonstrably pass both these tests, they are fundamentally incompatible with European human rights and fundamental rights law.

This means the measures must be justified, by the entities that apply them, on the basis of hard, verifiable, peer-reviewable data.

(ab) When a (confirmed) “hit can be said to constitute a “positive” result (and when not)

In the context of collecting and assessing data, it is important to clarify when a (confirmed) “hit can be said to constitute a “positive” result (and when not).

In my opinion, confirmed “hits” confirming the identity of “known” “persons of interest”/subjects of “Article 36 alerts” and the “identification” (labelling) of previously “unknown” persons by the PIUs as “persons who may be involved in terrorism or serious crime” can only be regarded as “positive” results under the PNR Directive if they result in those persons subsequently being formally declared to be formal suspects in relation to terrorist or other serious, PNR-relevant criminal offences.

(b) The failure of the European Commission (and the Dutch government) to meet the appropriate test

It is the equivalent to a snake oil salesman claiming that the effectiveness of his snake oil is proven by the fact that his franchise holders agree with him that the product is effective, or by the fact that many gullible people bought the stuff.

Or to use the example of Covid vaccines, invoked by the judge-rapporteur: it is equivalent to a claim that a vaccine is effective because interested parties say it is, or because many people had been vaccinated with the vaccine – without any data on how many people were protected from infection or, perhaps worse, how many people suffered serious side-effects.

At the very least, the competent authorities in the EU Member States should have been required to collect, in a systematic and comparable way, reliable information on the outcomes of the passing on of (confirmed) “hits”. Given that they have not done so – and that the Commission and the Member States have not even tried to establish reliable systems for this – there is no insight into how many of the (confirmed) “hits” actually, concretely contributed to the fight against PNR-relevant offences.

(c) An attempt to apply the tests to the different types of matches

At the very least, the competent authorities in the EU Member States should have been required to collect, in a systematic and comparable way, reliable information on such outcomes. Given that they have not done so – and that the Commission and the Member States have not even tried to establish reliable systems for this, there is no insight into how many of the (confirmed) “hits” actually, concretely contributed to the fight against PNR-relevant offences.

However, the following can still usefully be observed as regards the lawfulness, suitability, effectiveness and proportionality of the different kinds of matches:

– Full PNR data are disproportionate to the purpose of basic identity checks;

– The necessity of the PNR checks against Interpol’s Stolen and Lost Travel Document database is questionable;

– The matches against unspecified national databases and “repositories” are not based on foreseeable legal rules and are therefore not based on “law”;

– The necessity and proportionality of matches against various simple, supposedly “suspicious” elements (tickets bought from a “suspicious” travel agent; “suspicious” travel route; etc.) is highly questionable; and

– The matches against more complex “pre-determined criteria” and profiles are inherently and irredeemably flawed and lead to tens and possibly hundreds of thousands of innocent travellers wrongly being labelled to be a person who “may be” involved in terrorism or serious crime, and are therefore unsuited (D: ungeeignet) for the purpose of fighting terrorism and serious crime.

5.3 Overall conclusions

The PNR Directive and the generalised, indiscriminate collection of personal data on an enormous population – all persons flying to or from, and the vast majority of people flying within, the EU – that it facilitates (and intends to facilitate) is part of a wider attempt by the European Union and the EU Member States to create means of mass surveillance that, in my opinion, fly in the face of the case-law of the Court of Justice of the EU.

In trying to justify the directive and the processing of personal data on hundreds of millions of individuals, the vast majority of whom are indisputably entirely innocent, the European Commission and the Member States not only do not produce relevant, measurable and peer-reviewable data, they do not even attempt to provide for the means to obtain such data. Rather, they apply “measures” of effectiveness that are not even deserving of that name: the wide use of the data and the “belief” of those using them that they are useful.

If proper tests are applied (as set out in sub-section 5.2(a), above), the disingenuousness of the “justifications” becomes clear: the claims of effectiveness of the PNR Directive (and the Dutch PNR Law) are based on sand; in fact, as the Dutch researchers rightly noted:

“There are no quantitative data on the way in which [and the extent to which] PNR data have contributed to the prevention, detection, investigation and prosecution of terrorist offences and serious crime.”

The Commission and the Member States also ignore the “high risks” that the tools used to “identify” individuals who “may be” terrorists or serious criminals entail. This applies in particular to the use of algorithm/AI-based data mining and of profiles based on such data mining that they want to massively increase.

If the Court of Justice were to uphold the PNR Directive, it would not only endorse the mass surveillance under the directive as currently practised – it would also give the green light to the massive extension of the application of (so far less used) sophisticated data mining and profiling technologies to the PNR data without regard for their mathematically inevitable serious negative consequences for tens and possible hundreds of thousands of individuals.

What is more, that would also pave the way to yet further use of such (dangerous) data mining and profiling technologies in relation to other large population sets (such as all users of electronic communications, or of bank cards). Given that the Commission has stubbornly refused to enforce the Digital Rights Ireland judgment against Member States that continue to mandate retention of communications data, and is in fact colluding with those Member States in actually seeking to re-introduce mandatory communications data retention EU wide in the e-Privacy Regulation that is currently in the legislative process, this is a clear and imminent danger.

– o – O – o –

Douwe Korff (Prof.)

Cambridge (UK)

November 2021

1.1 The categories of personal data processed

An annex to the PNR Directive lists the specific categories of data that airlines must send to the database of the PIU of the Member State on the territory of which the flight will land or from the territory of which the flight will depart. This obligation is stipulated with regard to extra-EU flights but can be extended by each Member State to apply also to intra-EU flights – and all but one Member States have done so. The list of PNR data is much longer than the Advance Passenger Information (API) data that airlines must already send to the Member States under the API Directive, and includes information on travel agents used, travel routes, email addresses, payment (card) details, luggage, and fellow travellers. On the other hand, often some basic details (such as date of birth) are not included in the APIs.

The European Commission’s Activation of Article 7: Better Late than Never?

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

by Dimitry Kochenov, Professor of EU Constitutional Law at the University of Groningen; Laurent Pech, Professor of European Law at Middlesex University London; and Kim Lane Scheppele, Professor of Sociology and International Affairs at Princeton University

‘The European Union is first and foremost a Union of values and of the rule of law. The conquest of these values is the result of our history. They are the hard core of the Union’s identity and enable every citizen to identify with it. The Commission is convinced that in this Union of values it will not be necessary to apply penalties pursuant to Article 7 of the Union Treaty’ European Commission, 15 October 2003

1. What has just happened?

On Wednesday, the European Commission reacted to the continuing deterioration of the rule of law situation in Poland by (i) issuing a fourth Rule of Law Recommendation, which complements three previous Recommendations, adopted on 27 July 2016, 21 December 2016 and 27 July 2017; (ii) submitting a Reasoned Proposal for a Decision of the Council on the determination of a clear risk of a serious breach of the rule of law by Poland under Article 7(1) TEU and (iii) referring the Polish Law on the Ordinary Courts Organisation to the Court of Justice of the EU under Article 258 TFEU and in the context of which the Commission is raising for the first time (to the best of our knowledge) a violation of Article 19(1) TEU in combination with Article 47 of the EU Charter of Fundamental Rights by Poland to the extent that the Minister of Justice has been given a discretionary power to prolong the mandate of judges which have reached retirement age (a similar combination was raised in the first stage of an infringement action against Hungary in December 2015 with regard to immigration issues but this language was dropped by the time it got to the Court of Justice).

Should the Polish authorities finally decide to implement the Commission’s recommendations within three months, the Commission has indicated its readiness to ‘reconsider’ its Article 7(1) proposal (para 50 of the Commission’s fourth rule of law recommendation).

The intensity and repeated nature of Poland’s ruling party attacks on the most basic tenets of the rule of law are unprecedentedly aggressive and in obvious breach of the Polish Constitution, which in our view warrants the Commission’s action (this is not to say that Article 7(1) should not also be activated against Hungary as two of the present authors previously argued in this 2016 article). Indeed, as rightly noted by the Commission, the Polish authorities have adopted over a period of two years no less ‘than 13 laws affecting the entire structure of the justice system in Poland, impacting the Constitutional Tribunal, Supreme Court, ordinary courts, National Council for the Judiciary, prosecution service and National School of Judiciary’. It was time therefore for the Commission to defend the independence of Member State judiciaries and the rule of law (as nicely put by Maximilian Steinbeis, ‘Polish courts are our courts’, that is, ‘if the legal system in a Member State is broken, the legal system in the whole of the EU is broken’).

The media have so far only almost exclusively focused on the first ever invocation of what is often described as the EU’s ‘nuclear option’, which, however, as correctly pointed out by Frans Timmermans in his press conference announcing the Commission’s actions, is a misnomer (as we previously argued here). To put it briefly, Article 7 TEU provides for two main mechanisms: a preventive one in case of a ‘clear risk of a serious breach’ of the values common to the EU and its Member States and a sanctioning one where ‘a serious and persistent breach’ of the same values has materialised (for more detailed commentaries on the mechanics of Article 7 see hereand here).

The Commission merely initiated the preventive mechanism on Wednesday when one could however reasonably argue that we are already way beyond the stage of a ‘clear risk’ and entered ‘serious and persistent breach’ territory following the capture of the Polish Constitutional Tribunal in obvious breach both of the Polish Constitution and the Commission’s first and second rule of law recommendations (see Pech and Scheppele, January 2017). Before however offering further details on the situation in Poland, however, it may be worth offering a brief overview of Article 7’s genesis.

2. Genesis of Article 7

Continue reading “The European Commission’s Activation of Article 7: Better Late than Never?”

The EU and the Spanish Constitutional Crisis

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

by Cecilia Rizcallah, (Research Fellow at the Belgian National Fund for Scientific Research affiliated both to Université Saint-Louis Bruxelles and Université libre de Bruxelles)

Background

Spain is facing, since more than a month now, a constitutional crisis because of pro-independence claims in Catalonia. These claims resulted in the holding of an independence referendum on 1 October 2017, organized by the Spanish autonomous community of Catalonia’s authorities, led by its President Mr. Carles Puigdemont. According to Barcelona, 90% of the participants voted in favor of Catalonia’s independency on a turnout of 43%.

Several weeks before the holding of the referendum, the Spanish Constitutional Court held that such plebiscite was contrary to the Spanish Constitution, and it was therefore declared void by the same Court. The Spanish central Government moreover firmly condemned this act and suspended Catalonia’s autonomy, on the basis of Article 155 of the Spanish Constitution which allows the central Government to adopt “the necessary measures to compel regional authorities to obey the law” and, thereby, to intervene in the running of Catalonia.

EU’s Incompetency in Member States’ Internal Constitutional Affairs

During these events, a contributor to the New York Times wondered “Where is the European Union?”. The Guardian stated “As Catalonia crisis escalates, EU is nowhere to be seen”. EU authorities’ restraint can yet easily be explained, at least, from a legal point of view. Indeed, the European Union has in principle neither the competence, nor the legitimacy, to intervene in its Member States’ internal constitutional affairs. Article 4.2 TEU incidentally underlines that the EU shall respect Member States’ “national identities, inherent in their fundamental structures, political and constitutional, inclusive of regional and local self-government” and that it “shall respect their essential State functions, including ensuring the territorial integrity of the State, maintaining law and order and safeguarding national security. In particular, national security remains the sole responsibility of each Member State”. The President of the Commission, J.-C. Junker stated that it was “an internal matter for Spain that has to be dealt with in line with the constitutional order of Spain” but however noted that in case of separation of Catalonia from Spain, the region would consequently “find itself outside of the European Union”.

Puigdemont’s Departure for Brussels

Theoretically, the EU has thus no legal standing to intervene in the Spanish constitutional crisis. Recent events have, however, brought the EU incidentally on stage.

Mr. Puigdemont, the deposed leader of Catalan authorities, left Barcelona for Brussels several days ago, where he declared he was not intended to seek asylum and that he would return in Spain if judicial authorities so request, provided he was guaranteed conditions of a fair judicial process. In the meanwhile, the State prosecutor decided to start proceedings against Mr. Puigdemont and other officials of the ousted Catalan government for rebellion, sedition and embezzlement and demanded to the judge in charge of the processing charges to issue a European arrest warrant (hereafter EAW) for Mr. Puigdemont and four other members of his former cabinet, after they failed to appear at the High Court hearing last Thursday. The EAW was issued by the Spanish judge last week. EU law has thus been relied upon by Spanish authorities to respond to its internal crisis, because of the departure of several Catalan officials to Brussels, which constituted, at the outset at least, nothing more than a lawful exercise of their free movement rights within the Schengen area.

Mr. Puidgemont and the other people subject to a EAW presented themselves to Belgian authorities, which decided to release them upon several conditions including the prohibition to leave the Belgian territory. A Belgian Criminal Chamber has as of now two weeks to decide if they should be surrendered to Spain or not.

The Quasi-automaticity of the European Arrest Warrant System

According to Puidgemont’s Belgian lawyer, the former Catalan leader will agree to return in Spain provided that he will be guaranteed respect of his fundamental rights, including the right to an impartial and independent trial. He moreover underlined that Puidgemont will submit itself to Belgian judicial authorities which will have to assess whether or not these conditions are met.

The system of the EAW, however, entails a quasi-automaticity of the execution by requested authorities of any Member State. Indeed, because it relies upon the principle of mutual trust between Member States, requested authorities may not, save in exceptional circumstances, control the respect by the requesting State of fundamental values of the EU, including democracy and human rights. The Council Framework Decision 2002/584 of 13 June 2002, which establishes the EAW includes a limitative list of mandatory and optional grounds for refusal which does not include a general ground for refusal based on human rights protection (Articles 3 and 4). Indeed, only specific violations or risk of violations of fundamental freedoms justify the refusal to surrender, according to the Framework Decision. As far as the right to a fair trial is concerned, the Framework Decision does not include possibilities to rebut the presumption of the existence of fair proceedings in other Member States except when the EAW results from an in abstentia decision and only under certain conditions (Article 4a).

A strong presumption of respect of EU values underlies EU criminal cooperation and the ECJ has, as of now, accepted its rebuttal on grounds of human right not included in the main text of the Framework Decision only where a serious and genuine risk of inhuman and degrading treatment existed for the convicted person in case of surrender (see the Aranyosi case, discussed here). In that respect, the lawyer of the other Catalan ministers who are already in jail has lodged a complaint for mistreatment of them, but more elements will be required to refuse the execution on the EAW on this basis.

Indeed, according to the Court of Justice, “the executing judicial authority must, initially, rely on information that is objective, reliable, specific and properly updated on the detention conditions prevailing in the issuing Member State and that demonstrates that there are deficiencies, which may be systemic or generalised, or which may affect certain groups of people, or which may affect certain places of detention”. Moreover, the domestic judge must also “make a further assessment, specific and precise, of whether there are substantial grounds to believe that the individual concerned will be exposed to that risk because of the conditions for his detention envisaged in the issuing Member State” before refusing the execution of the EAW (Aranyosi, paras 89 and 92).

Furthermore, the possibility to refuse to surrender persons convicted for political offences – which is traditionally seen as being part of the international system of protection of refugees – has been removed from the Convention on Extradition between Member States of the European Union concluded in 1996 – which is the ancestor of the current EAW system – precisely because of Member States’ duty to trust their peers’ judicial system. Interestingly, the removal of this ground for refusal had been required by Spain when it faced difficulties to obtain the extradition of Basque independentists who were seeking for protection in Belgium. The Spanish government pleaded that the ground for refusal for political infractions constituted a hurdle to criminal cooperation within the EU which was at odds with the trust that Member States should express to each other (see E. Bribosia and A. Weyembergh, “Extradition et asile: vers un espace judiciaire européen?”, R.B.D.I., 1997, pp. 69 to 98).

In the current state of EU law, no option for refusal of execution of the EAW concerning Mr. Puidgemont seems thus to exist. It is noteworthy, however, that the EAW system may, as a whole, be suspended, when the procedure provided for by Article 7 TEU is initiated if there is a (clear risk of) violation of the values referred to in Article 2 TEU on which the Union is founded, including human rights, democracy and the rule of law. Although some people have called for the initiation of this mechanism, the reliance on Article 7 is very unlikely to happen politically: it needs at least a majority of four fifths at the Council just to issue a warning, and the substantive conditions of EU values’ violations are very high.

Nonetheless, Belgium has included in its transposing legislation (Federal Law of 19 December 2003 related to the EAW) an obligatory ground of refusal – whose validity regarding EU law can seriously be put into question – if there are valid grounds for believing that its execution would have the effect of infringing the fundamental rights of the person concerned, as enshrined by Article 6(2) of the TEU (Art. 4, 5°). Triggering this exception will however result, in my view, in a violation of EU law by the Belgian judge since the ECJ has several times ruled that the grounds for refusal included in the Framework Decision were exhaustive and that a Member State could not rely upon its national human rights protection to refuse the execution of a EAW which respects the conditions laid down in the Framework Decision (Melloni). Another option for the Belgian judge will be to make a reference to the ECJ for a preliminary ruling in order to ask whether, in the case at hand, the presumption of conformity with EU fundamental rights in Spain may be put aside because of the specific situation of Mr. Puidgemont.

The Quasi-Exclusion of the Asylum Right for EU Citizens

Besides asking for the refusal of his surrender to Spanish authorities, Mr. Puidgmont could – at least theoretically – seek asylum in Belgium on the basis of the Refugee Convention of 1951, which defines as refugees people with a well-founded fear of persecution for (among other things) their political opinion (Article 1.A.2).

However, Spain also requested – besides the removal of the ground for refusal to surrender a person based on the political nature of the alleged crime in the European Extradition Convention of 1996 – the enactment of Protocol No 24, on asylum for nationals of Member States of the European Union, annexed to the Treaty of Amsterdam signed in 1997. This Protocol practically removes the right of EU citizens to seek asylum in other countries of the Union.

Founding itself on the purported trustful character of Member States’ political and judicial systems and the (presumed) high level of protection of fundamental rights in the EU, the Protocol states that all Member States “shall be regarded as constituting safe countries of origin in respect of each other for all legal and practical purposes in relation to asylum matters” (Art. 1). Any application for asylum made by an EU citizen in another Member State shall therefore be declared inadmissible, except if the Member State of which the applicant is a national has decided to suspend temporarily the application of the European Convention on Human Rights in time of emergency (Article 15 of the ECHR; note that it’s not possible to suspend all provisions of the ECHR on this basis) or if this Member State has been subject to a decision based on Art. 7.1. or 7.2. TEU establishing the risk or the existence of a serious and persistent breach by the Member State of EU values referred to in Art. 2 TEU.

A Member State may also decide, unilaterally, to take an asylum demand into consideration at the double condition that it immediately informs the Council and that that the application shall be dealt with on the basis of the presumption that it is manifestly unfounded. This last derogation has been invoked by Belgium which has adopted a declaration stating that it would proceed to an individual examination of each asylum demand of a EU citizen lodged with it. To comply with EU law, it must however consider each application manifestly unfounded rendering the burden of the proof very heavy for the EU citizen asylum seeker. Belgian alien’s law provides for an accelerated procedure for asylum when the individual comes from an EU country (Article 57/6 2 of the Belgian Aliens Act) but statistics nevertheless show that about twenty asylum demands from EU citizens where declared founded in 2013 and 2014 by Belgian authorities.

The EU Brought on Stage…

In both cases, the refusal to execute the EAW or the granting of an asylum right to Mr. Puidgemont would result from the consideration that the Spanish judiciary does not present the basic and essential qualities of independence and impartiality to adjudicate the case related to Catalan independence activists. This observation would likely result in a major diplomatic dispute between the two countries and, more widely, in the EU. Indeed, the consideration made by Belgium and/or the ECJ that Spain would not respect fundamental values of the EU in treating the case of Catalonia would jeopardize the essential principle of mutual trust between Member States, which is relied upon in criminal, asylum but also in civil judicial cooperation. The Spanish constitutional crisis could thereby potentially call into question the whole system of cooperation in the European Area of Freedom Security and Justice.

Refuge ou asile ? La situation de Carles Pbyuigdemont en Belgique au regard du droit de l’Union européenne

ORIGINAL PUBLISHED ON THE CDRE SITE

by Henri Labayle, CDRE et Bruno Nascimbene, Université de Milan

Quoique largement circonscrite à la Belgique, l’agitation médiatique provoquée par l’arrivée à Bruxelles de Carles Puigdemont et de certains de ses proches soulève d’intéressants points de droit quant à leur situation sur le territoire d’un autre Etat membre de l’Union. Attisée par les déclarations imprudentes d’un secrétaire d’Etat belge à l’Asile et à la Migration, Theo Francken, cette présence a réveillé d’anciennes querelles entre les deux royaumes concernés tenant tout à la fois à la possibilité pour la Belgique d’accorder l’asile à l’intéressé (1) et, à défaut, de constituer un refuge face aux éventuelles poursuites intentées à son égard par les juridictions espagnoles (2).

1. La recherche d’une terre d’asile

Le suspense n’a guère duré. Après avoir géré son départ de Catalogne dans le plus grand des secrets, dans une posture digne de l’homme du 18 juin 1940 dont il porte le prénom, le président déchu du gouvernement catalan y a mis fin en déclarant qu’il n’était « pas venu ici pour demander l’asile politique ». Pourtant, son entourage comme les déclarations du secrétaire d’Etat Theo Francken, nationaliste flamand, membre du parti indépendantiste ultra-conservateur N-VA, avaient donné corps à la polémique.

a. Le choix de son avocat, d’abord, n’a rien eu d’innocent. Tout en déclarant que son client n’était pas en Belgique pour demander l’asile, ce dernier n’en a pas moins jugé utile de préciser soigneusement avoir « une expérience de plus de 30 ans avec l’extradition et l’asile politique de basques espagnols et c’est probablement sur la base de cette expérience qu’il a fait appel à moi ». Les agences de presse se sont du reste empressées de souligner qu’il avait en son temps assuré la défense du couple Luis Moreno et Raquel Garcia, réclamés en vain à la Belgique par l’Espagne en raison de leur soutien à l’organisation terroriste ETA.

Source de vives tensions entre l’Espagne et la Belgique en raison du refus de cette dernière de les extrader puis de les remettre à Madrid autant qu’à propos du débat sur leur éventuel statut de réfugié politique, le cas de ces derniers éclaire l’insistance espagnole à inscrire en 1997 un protocole à ce sujet, le fameux protocole « Aznar » joint au traité d’Amsterdam. A tout le moins donc, la symbolique du recours à un avocat ainsi spécialisé n’est pas neutre, même s’il est permis de douter de l’adresse d’un tel amalgame pour une cause se présentant comme victime de la violence de l’Etat et d’un déni de démocratie.

Dans le même temps, exprimant sans détours sa sympathie à la cause nationaliste, le secrétaire d’Etat Theo Francken n’a pas manié la langue de bois. D’abord, à travers un constat sur la situation espagnole quelque peu téméraire : « la situation en Catalogne est en train de dégénérer. On peut supposer, de manière réaliste qu’un certain nombre de Catalans vont demander l’asile en Belgique. Et ils le peuvent. La loi est là. Il pourront demander une protection et introduire une demande d’asile et on y répondra convenablement ». Ensuite en fournissant une explication à son attitude au demeurant tout aussi douteuse : « en regardant la répression de Madrid et les peines de prison envisagées, la question peut se poser de savoir s’il a encore une chance d’un jugement équitable».

La volée de critiques faisant suite à cette provocation, y compris le désaveu a minima d’un premier ministre belge passablement gêné, oblige alors à rappeler les termes du débat juridique.

b. Sur l’insistance du premier ministre espagnol de l’époque, Jose Maria Aznar, le protocole n° 24 additionnel au traité d’Amsterdam s’efforce de réduire le droit d’asile à un droit seulement offert aux ressortissants tiers. En effet, « vu le niveau de protection des droits fondamentaux et des libertés fondamentales dans les États membres de l’Union européenne, ceux-ci sont considérés comme constituant des pays d’origine sûrs les uns vis-à-vis des autres pour toutes les questions juridiques et pratiques liées aux affaires d’asile». Le protocole n° 24 fut accompagné à l’époque de la déclaration n° 48 de la Conférence, ne préjugeant pas du droit de chaque Etat membre de prendre les mesures d’organisation nécessaires au respect de la Convention de Genève. Pour sa part, la Belgique déclara alors que, tout en approuvant le protocole n° 24, « conformément à ses obligations au titre de la convention de Genève de 1951 et du protocole de New York de 1967, elle effectuera, conformément à la disposition énoncée à l’article unique, point d), de ce protocole, un examen individuel de toute demande d’asile présentée par un ressortissant d’un autre Etat membre» (déclaration n° 5).

Le HCR n’avait pas manqué alors d’émettre des critiques fermes et fondées sur la conventionnalité d’une telle option, hostile à l’idée simpliste selon laquelle l’appartenance à l’UE constituerait par principe un critère objectif et légitime de distinction du point de vue de la protection entre Etats membres de l’Union et Etats tiers (UNHCR, « Position on the proposal of the European Council concerning the treatment of asylum applications from citizens of European Union Member States », annexe à la lettre du Directeur de la Division de la protection of internationale à M. Patijn, Ministre des Affaires étrangères des Pays Bas, 3 février 1997 ; voir également UNHCR Press release 20 juin 1997). Vingt ans après, la situation des droits fondamentaux dans certains Etats membres de l’Union conforte cette critique.

Conscients de ces difficultés, les Etats membres ont alors opté pour une solution de contournement, se gardant de toute interdiction frontale du droit d’asile à propos de leurs ressortissants et préférant en retenir une approche extrêmement restrictive. Il s’agit, comme l’indique le protocole, « d’empêcher que l’asile en tant qu’institution soit utilisé à des fins autres que celles auxquelles il est destiné ».

Le traité de Lisbonne n’a modifié ce dispositif qu’à la marge, à deux précisions près. La première tient dans la disparition des déclarations formulées à Amsterdam et la seconde voit l’invocation des « valeurs » de l’Union justifier désormais l’existence du protocole puisque, par hypothèse, les Etats membres les respectent pour pénétrer et demeurer dans l’Union. Ils ne peuvent donc être sources de persécutions, sauf preuve du contraire.

c. La pratique de l’asile entre Etats membres de l’Union est donc régie aujourd’hui par le Protocole n° 24 révisé à Lisbonne, lequel constitue la lex specialis du « droit d’asile pour les ressortissants des Etats membres de l’Union européenne ». Il n’est pas indifférent de rappeler que l’ensemble du droit primaire et dérivé de l’Union de l’asile se conforme à cette logique. Le champ d’application personnel du droit d’asile selon la directive « Qualification » ne concerne que les ressortissants de pays tiers, en application de l’article 78 TFUE qui en fait un droit de ces ressortissants et s’impose à l’article 18 de la Charte dont les « explications » mentionnent spécifiquement le Protocole.

Ce dernier, outre les hypothèses qui visent une violation établie des valeurs de l’Union ou une dérogation en vertu de l’article 15 de la Convention EDH, régit l’éventuel octroi d’une protection à un citoyen de l’Union dans son article unique point d) : « si un État membre devait en décider ainsi unilatéralement en ce qui concerne la demande d’un ressortissant d’un autre État membre; dans ce cas, le Conseil est immédiatement informé; la demande est traitée sur la base de la présomption qu’elle est manifestement non fondée sans que, quel que soit le cas, le pouvoir de décision de l’État membre ne soit affecté d’aucune manière ».

Le plus grand flou règne ensuite en la matière quant à la pratique dégagée par les Etats à ce propos. On sait, par exemple qu’en France le Conseil d’Etat a dégagé une interprétation littérale du protocole Aznar à propos de citoyens roumains tout en n’écartant pas l’hypothèse d’un examen (CE, 30 décembre 2009, OFPRA c/ Cosmin, req. 305226, note Aubin, AJDA 2010). De même, l’administration française s’est-elle empressée de souligner par voie de circulaire, à l’occasion de l’adhésion de la Croatie en 2013, que le retrait de ce nouvel Etat membre de la liste des pays tiers d’origine sûrs n’entraînait aucun changement sur le plan de l’admission provisoire au titre de l’asile et du jeu de la procédure d’examen prioritaire, dans la logique du protocole Aznar.

Les choses sont beaucoup plus incertaines concernant l’Union elle-même et les doutes que l’on peut légitimement éprouver quant à la situation des droits fondamentaux dans l’Union en général comme en particulier invitent à la réserve.

En 2015, la Commission canadienne de l’immigration et du statut de réfugié fait ainsi état de la grande diversité des pratiques nationales au sein de l’Union à l’égard de ce protocole, principalement en raison des divergences portant sur la présence des Etats membres de l’Union sur les listes nationales de pays d’origine « sûrs ». Seuls la Belgique et les Pays Bas auraient, à ce jour, rendu des décisions positives de protection.

Pour ce qui est plus précisément de la Belgique, susceptible d’accueillir M. Puigdemont, si elle semble ne pas avoir renouvelé à Lisbonne sa déclaration d’Amsterdam, elle conserve néanmoins la possibilité de procéder à une évaluation des situations individuelles. Quasiment exclusivement saisie par des nouveaux Etats membres, le plus souvent à propos de la question des Roms, elle fait un usage très parcimonieux de cette possibilité puisque près d’un millier de demandes auraient été déposées depuis 2011 pour moins de quinze reconnaissances au total.

La déclaration de la Belgique, qui a certainement une valeur politique, conserve sa valeur juridique, même si elle n’a pas été répétée, comme elle aurait dû être révoquée. En tout état de cause, les Etats membres conservent le droit souverain d’accorder l’asile sur la base de leur droit interne. Ainsi, dans la Constitution d’un État membre comme l’Italie, il existe une disposition fondamentale, à l’instar du troisième paragraphe de l’article 10, qui prévoit qu’un étranger qui est effectivement empêché d’exercer ses libertés démocratiques garanties de la Constitution italienne, a le droit à l’asile sur le territoire de la République, dans les conditions prévues par la loi. Bien que l’Italie n’ait fait aucune déclaration, il n’y a aucun doute que l’Etat garde sa souveraineté quant à la concession de l’asile, aussi appelé asile constitutionnel et qui fait abstraction des obligations internationales ou de l’Union. De même, en droit français, le préambule de la Constitution de 1946 prévoit-il que« tout homme persécuté en raison de son action en faveur de la liberté a droit d’asile sur les territoires de la République ». Ces formes d’asile particulier n’ont pas été prises en considération par M. Puigdemont , la Belgique lui paraissant un Etat plus sûr ou protecteur.

En Italie, d’un autre côté, dans la jurisprudence administrative, il s’est posé également la question de ne pas expulser vers la Grèce mais aussi vers la Bulgarie, considérés comme des pays non sûrs, malgré leur statut d’Etats membres de l’Union. Les juges administratifs ont ainsi démontré, s’il y en avait besoin, que la confiance mutuelle entre pays membres, dans la réalité et pratique courante, est souvent théorique…

C’est dans ce contexte peu encourageant que l’accueil de l’ex-président catalan peut être évalué.

2. La recherche d’une terre de refuge

Deux hypothèses se présentent alors : celle d’un accueil en bonne et due forme au plan de l’asile et celle d’une réponse à un éventuel mandat d’arrêt européen. Les dénégations de M. Puigdemont quant à son éventuelle demande de protection ne sont pas aussi catégoriques qu’il y paraît au premier abord. Il a, en effet, ouvertement évoqué des « menaces » et un « besoin de sécurité » que les autorités espagnoles ne seraient plus à même de lui assurer soit en raison de la nature des poursuites exercées à son encontre soit en ne le protégeant pas efficacement des menaces pesant sur sa personne. On retrouve là derrière ces arguments des questions très classiques du droit de l’asile dont les réponses ne sont pas sans intérêt du point de vue de la recherche d’un refuge devant le risque pénal.

a. Même s’il s’avère que la Belgique n’a pas renouvelé sa déclaration d’Amsterdam, elle se trouve placée comme tout Etat membre de l’Union devant à une double contrainte posée par le Protocole n° 24. La première est de nature procédurale et elle consiste à « informer le Conseil » de sa volonté. Nul doute qu’ici surgiront des tensions diplomatiques avec d’autres Etats membres, au premier rang desquels l’Espagne se situera, et qu’elles mettront également à rude épreuve la coalition gouvernementale gouvernant la Belgique. A en rester sur le terrain politique, les déclarations des partis nationalistes flamands sur la nécessité de soutenir « ses amis » le laissent présager. A venir sur le terrain juridique, le soulagement politique pourrait alors naître de l’impossibilité de répondre favorablement à une quelconque demande, au vu de la réalité du droit de l’Union.

La seconde contrainte est matérielle et elle consiste à renverser la présomption posée par le protocole Aznar. Le point d) de son article unique spécifie bien que « la demande est traitée sur la base de la présomption qu’elle est manifestement non fondée ». Il convient donc pour les autorités nationales saisies de renverser cette présomption pour se placer en conformité avec le droit de l’Union.

On se trouve ici dans un schéma tout à fait comparable à celui que la Cour a dégagé avec force dans l’avis 2/13relatif à l’adhésion à la Convention EDH lorsqu’elle met en relief cette « prémisse fondamentale selon laquelle chaque État membre partage avec tous les autres Etats membres, et reconnaît que ceux-ci partagent avec lui, une série de valeurs communes sur lesquelles l’Union est fondée, comme il est précisé à l’article 2 TUE. Cette prémisse implique et justifie l’existence de la confiance mutuelle entre les Etats membres dans la reconnaissance de ces valeurs et, donc, dans le respect du droit de l’Union qui les met en œuvre » (point 168). « Fondamentale » car elle « permet la création et le maintien d’un espace sans frontières intérieures. Or, ce principe impose, notamment en ce qui concerne l’espace de liberté, de sécurité et de justice, à chacun de ces Etats de considérer … que tous les autres Etats membres respectent le droit de l’Union et, tout particulièrement, les droits fondamentaux reconnus par ce droit » (point 191).

S’atteler au défi de prouver que le Royaume d’Espagne ne respecte pas les valeurs de l’Union, au point de justifier d’accorder protection à l’un de ses citoyens au prétexte que son pays lui demande des comptes de sa violation d’une légalité établie par la juridiction constitutionnelle de ce pays, ne sera donc pas aisé. Une chose est en effet de se réclamer de la démocratie et de l’exercice des droits qui y sont attachés et une autre est de faire la preuve que cet exercice est légal. Dénoncer une éventuelle « politisation de la justice espagnole et son absence d’impartialité » comme « l’injustice du gouvernement espagnol » et son « désir de vengeance » ne se paie pas seulement de mots.

Or, rien dans l’état du droit positif n’accrédite une accusation d’une telle gravité, laquelle n’a été portée ni devant les juridictions suprêmes européennes ni au sein de leurs organes internes. Il sera donc difficile aux autorités d’un autre Etat membre de la reprendre à leur compte en allant jusqu’au point de renverser la présomption établie par le protocole et de la confiance mutuelle entre Etats membres. Bien au contraire, l’unanimité des déclarations des représentants des autres Etats membres comme des institutions de l’Union s’est attachée depuis le début de la crise à souligner la nécessité de respecter le cadre légal national ainsi contesté.

b. C’est donc sur le terrain pénal que la suite de la partie se jouera. Avec la convocation à Madrid de l’ex-président et de treize de ses ministres par une juge d’instruction de l’Audience nationale, saisie par le parquet espagnol qui a requis des poursuites notamment pour « rébellion et sédition », chefs passibles respectivement d’un maximum de 30 et 15 ans de prison. Mettre en cause la partialité de la juridiction espagnole et son mode de fonctionnement nécessitera des arguments forts qu’aucune juridiction européenne n’a jusqu’alors établi, même en des cas autrement dramatiques.

Car pour le reste, et sous couvert de l’intitulé exact de l’émission inévitable du mandat d’arrêt européen qui suivra le refus annoncé de déférer à cette convocation judiciaire, le scénario est écrit. La décision-cadre 2002/584 établissant le mandat d’arrêt européen est inflexible : « rien dans la présente décision-cadre ne peut être interprété comme une interdiction de refuser la remise d’une personne qui fait l’objet d’un mandat d’arrêt européen s’il y a des raisons de croire, sur la base d’éléments objectifs, que ledit mandat a été émis dans le but de poursuivre ou de punir une personne en raison de son sexe, de sa race, de sa religion, de son origine ethnique, de sa nationalité, de sa langue, de ses opinions politiques ou de son orientation sexuelle, ou qu’il peut être porté atteinte à la situation de cette personne pour l’une de ces raisons ». Malgré le libellé peu clair du considérant n° 12 de la décision-cadre 2002/584, celui-ci invoque l’hypothèse d’un refus d’exécution d’un mandat d’arrêt européen s’il y a des raisons de présumer que la personne est persécutée pour ses opinions politiques. On remarquera d’une part qu’il s’agit d’une disposition non contraignante et d’autre part que la partie contraignante de la décision-cadre ne formule aucun motif de cette nature empêchant la coopération et donc l’exécution du mandat dans ces cas, hors les hypothèses des articles 3 et 4. Son article premier se borne à rappeler que « la présente décision-cadre ne saurait avoir pour effet de modifier l’obligation de respecter les droits fondamentaux et les principes juridiques fondamentaux tels qu’ils sont consacrés par l’article 6 du traité sur l’Union européenne ».

Et il est vrai à cet égard que la jurisprudence de la Cour de justice, évoquée à plusieurs reprises dans ces colonnes, confirme la rigueur de la force obligatoire de l’exécution d’un mandat. Ceci vaut sans exception, dans le sens où la Cour a considéré les raisons/motifs de refus prévues par la décision-cadre comme exhaustives (voir spécialement affaire C‑192/12 PPU West, pt. 55; affaire C‑399/11 Melloni, pt. 38). A la lumière de la jurisprudence dans les affaires Aranyosi et Caldararu, une certaine atténuation du principe établi apparait admissible si l’exécution implique une violation grave d’un droit fondamental bénéficiant d’une protection absolue, tel que la dignité de la personne humaine. Il semble difficile d’imaginer, au cas où la question serait adressée à la Cour de justice, que celle-ci puisse parvenir à intégrer la législation de l’UE en identifiant une raison supplémentaire pour cette hypothèse, la logique de l’avis 2/13 devrait alors être renversée et, en fait, la présomption même de non-octroi de l’asile.

En revanche, et pour ce que l’on en sait à travers la presse, les infractions pour lesquelles un mandat d’arrêt européen pourrait être émis (rébellion et sédition ?) contre M. Puigdemont ne semblent pas figurer sur la liste positive visée à l’art. 2, par. 2 de la décision cadre qui permet de procéder à une remise même en l’absence de double incrimination. Par conséquent, l’État d’exécution que serait la Belgique pourrait soumettre la remise à la vérification que les infractions couvertes par le mandat d’arrêt européen émis par l’Espagne soient également des infractions pénales en droit belge (art. 2, par. 4, et art. 4, par. 1, de la décision cadre).

Le scénario judiciaire risque donc, par l’automaticité de sa réponse, d’écarter toute hypothèse de refuge, de négociation ou autres compromis que le droit de l’extradition, hier, permettait encore. Là encore, prendre la décision de déférer à la demande de remise impliquera de procéder sous le feu des caméras à une arrestation pour y parvenir … Lourde responsabilité à prendre dans une coalition gouvernementale belge fragilisée sur la question nationaliste…

Sauf à croire qu’il n’y a finalement là que faux semblant, épisode nouveau d’une guerre de communication accréditée par la proximité de la consultation électorale en Catalogne. Jouer la carte de « l’exil » comme aux heures les plus noires, victimiser l’acteur principal de la crise, dénoncer la poursuite étatique en la discréditant dessinent les ressorts à peine dissimulés d’une stratégie dont nul ne sait si elle sera payante, pariant qu’elle parviendra à convaincre les hésitants. Donner en spectacle l’arrestation et l’emprisonnement ou même leurs simples éventualités permettra de prendre ainsi chacun à témoin de la justesse de la cause défendue. La brièveté des délais d’exécution du mandat d’arrêt européen, deux mois en vertu de l’article 17, pourrait alors pousser les uns ou les autres à une véritable course de lenteur pour l’éviter avant des élections cruciales …

Un seul enseignement mérite alors d’en être tiré, à ce stade de la crise. Son théâtre n’est plus national mais il est européen, faisant émerger un paradoxe imprévu mais dont il faudra tirer les leçons. S’il est banal chez les souverainistes de prétendre que l’Union a pu affaiblir ses Etats membres, la crise catalane et son déroulement révèlent très exactement l’inverse. D’abord car l’attrait européen et le risque de devoir s’en priver, comme nous l’avons démontré, constitue une puissante barrière défensive pour le maintien au sein de l’Etat que l’on est tenté de quitter. Ensuite car l’Union, ses dirigeants et son droit, ainsi pris à témoin par le choix des nationalistes d’européaniser la crise pour espérer la dénouer, s’avèrent être les premiers défenseurs de l’intégrité territoriale d’Etats membres. Ceux-ci se découvrent là une alliée inattendue. Ont-ils aussi compris qu’ils partagent désormais avec elle le choix de la décision finale sans en demeurer les seuls maîtres ?

On October 11, the Parliamentary Assembly of the Council of Europe (PACE) approved a list of six criteria, set out by the Venice Commission in 2016, to clarify the so far undefined notion of the rule of law.

The pragmatic approach of the Venice Commission got round the problem of a formal definition of the notion of “Rule of Law” by setting out specific criteria as resulting by the doctrine and the jurisprudence of the European and national Courts such as:

– legality (implying a procedure for the adoption of legal texts based on transparency, accountability and democracy);
– legal certainty;
– a prohibition on arbitrary measures;
– access to justice before independent and impartial courts with jurisdictional control over administrative acts;
– respect for human rights, and;
– non-discrimination and equality before the law.

Below the text of the Venice Commission Check-list (available also HERE ( EN, FR, DE, IT and RU)

———

Strasbourg, 18 March 2016 CDL-AD(2016)007 Study No. 711 / 2013 Or. Engl.

EUROPEAN COMMISSION FOR DEMOCRACY THROUGH LAW (VENICE COMMISSION)

RULE OF LAW CHECKLIST

Adopted by the Venice Commission at its 106th Plenary Session (Venice, 11-12 March 2016)
Endorsed by the Ministers’ Deputies at the 1263th Meeting (6-7 September 2016)
Endorsed by the Congress of Local and Regional Authorities of the Council of Europe at its 31st Session (19-21 October 2016) on the basis of comments by Mr Sergio BARTOLE (Substitute Member, Italy) Ms Veronika BILKOVA (Member, Czech Republic)Ms Sarah CLEVELAND (Member, United States of America)Mr Paul CRAIG (Substitute Member, United Kingdom)Mr Jan HELGESEN (Member, Norway)Mr Wolfgang HOFFMANN-RIEM (Member, Germany)Mr Kaarlo TUORI (Member, Finland)Mr Pieter van DIJK (Former Member, the Netherlands)Sir Jeffrey JOWELL (Former Member, United Kingdom)

TABLE OF CONTENTS (…)

INTRODUCTION

At its 86th plenary session (March 2011), the Venice Commission adopted the Report on the Rule of Law (CDL-AD(2011)003rev). This report identified common features of the Rule of Law, Rechtsstaat and Etat de droit. A first version of a checklist to evaluate the state of the Rule of Law in single States was appended to this report.

On 2 March 2012, the Venice Commission organised, under the auspices of the UK Chairmanship of the Committee of Ministers of the Council of Europe, in co-operation with the Foreign and Commonwealth Office of the United Kingdom and the Bingham Centre for the Rule of Law, a conference on “The Rule of Law as a practical concept”. The conclusions of this conference underlined that the Venice Commission would develop the checklist by, inter alia, including some suggestions made at the conference.

A group of experts made up of Mr Bartole, Ms Bilkova, Ms Cleveland, Mr Craig, Mr Helgesen, Mr Hoffmann-Riem, Mr Tuori, Mr van Dijk and Sir Jeffrey Jowell prepared the present detailed version of the checklist.

The Venice Commission wishes to acknowledge the contribution of the Bingham Centre for the Rule of Law, notably for the compilation of the selected standards in part III. The Commission also wishes to thank the secretariats of the Consultative Council of European Judges (CCJE), the European Commission against Racism and Intolerance (ECRI), the Framework Convention for the Protection of National Minorities and the Group of States against Corruption (GRECO), as well as of OSCE/ODIHR and of the European Union Agency for Fundamental Rights (FRA) for their cooperation.

The introductive part (I) first explains the purpose and scope of the report and then develops the interrelations between the Rule of Law on the one side and democracy and human rights on the other side (“the Rule of Law in an enabling environment”).

The second part (II, benchmarks) is the core of the checklist and develops the various aspects of the Rule of Law identified in the 2011 report: legality; legal certainty; prevention of abuse of powers; equality before the law and non-discrimination and access to justice; while the last chapter provides two examples of particular challenges to the Rule of Law (corruption and conflict of interest, and collection of data and surveillance).

The third part (III, selected standards) lists the most important instruments of hard and soft law addressing the issue of the Rule of Law.

The present checklist was discussed by the Sub-Commission on the Rule of Law on 17 December 2015 and on 10 March 2016, and was subsequently adopted by the Venice Commission at its 106th plenary session (Venice, 11-12 March 2016).

Purpose and scope

The Rule of Law is a concept of universal validity. The “need for universal adherence to and implementation of the Rule of Law at both the national and international levels” was endorsed by all Members States of the United Nations in the 2005 Outcome Document of the World Summit (§ 134). The Rule of Law, as expressed in the Preamble and in Article 2 of the Treaty on European Union (TEU), is one of the founding values that are shared between the European Union (EU) and its Member States.1 In its 2014 New Framework to Strengthen the Rule of Law, the European Commission recalls that “the principle of the Rule of Law has progressively become a dominant organisational model of modern constitutional law and international organisations /…/ to regulate the exercise of public powers” (pp. 3-4). In an increasing number of cases States refer to the Rule of Law in their national constitutions.2

The Rule of Law has been proclaimed as a basic principle at universal level by the United Nations – for example in the Rule of Law Indicators -, and at regional level by the Organization of American States – namely in the Inter-American Democratic Charter – and the African Union – in particular in its Constitutive Act. References to the Rule of Law may also be found in several documents of the Arab League.

The Rule of Law is mentioned in the Preamble to the Statute of the Council of Europe as one of the three “principles which form the basis of all genuine democracy”, together with individual freedom and political liberty. Article 3 of the Statute makes respect for the principle of the Rule of Law a precondition for accession of new member States to the Organisation. The Rule of Law is thus one of the three intertwined and partly overlapping core principles of the Council of Europe, with democracy and human rights. The close relationship between the Rule of Law and the democratic society has been underlined by the European Court of Human Rights through different expressions: “democratic society subscribing to the Rule of Law”, “democratic society based on the Rule of Law” and, more systematically, “Rule of Law in a democratic society”. The achievement of these three principles – respect for human rights, pluralist democracy and the Rule of Law – is regarded as a single objective – the core objective – of the Council of Europe.

The Rule of Law has been systematically referred to in the major political documents of the Council of Europe, as well as in numerous Conventions and Recommendations. The Rule of Law is notably mentioned as an element of common heritage in the Preamble to the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR), as a founding principle of European democracies in Resolution Res(2002)12 establishing the European Commission for the Efficiency of Justice (CEPEJ), and as a priority objective in the Statute of the Venice Commission. However, the Council of Europe texts have not defined the Rule of Law, nor has the Council of Europe created any specific monitoring mechanism for Rule of Law issues.

The Council of Europe has nevertheless acted in several respects with a view to promoting and strengthening the Rule of Law through several of its bodies, notably the European Court of Human Rights (ECtHR), the European Commission for the Efficiency of Justice (CEPEJ), the Consultative Council of Judges of Europe (CCJE), the Group of States against Corruption (GRECO), the Monitoring Committee of the Parliamentary Assembly of the Council of Europe, the Commissioner for Human Rights and the Venice Commission.

In its Report on the Rule of Law of 2011,3 the Venice Commission examined the concept of the Rule of Law, following Resolution 1594(2007) of the Parliamentary Assembly which drew attention to the need to ensure a correct interpretation of the terms “Rule of Law”, “Rechtsstaat” and “Etat de droit” or “prééminence du droit”, encompassing the principles of legality and of due process.

The Venice Commission analysed the definitions proposed by various authors coming from different systems of law and State organisation, as well as diverse legal cultures. The Commission considered that the notion of the Rule of Law requires a system of certain and foreseeable law, where everyone has the right to be treated by all decision-makers with dignity, equality and rationality and in accordance with the laws, and to have the opportunity to challenge decisions before independent and impartial courts through fair procedures. The Commission warned against the risks of a purely formalistic concept of the Rule of Law,merely requiring that any action of a public official be authorised by law. “Rule by Law”, or “Rule by the Law”, or even “Law by Rules” are distorted interpretations of the Rule of Law.4

The Commission also stressed that individual human rights are affected not only by the authorities of the State, but also by hybrid (State-private) actors and private entities which perform tasks that were formerly the domain of State authorities, or include unilateral decisions affecting a great number of people, as well as by international and supranational organisations. The Commission recommended that the Rule of Law principles be applied in these areas as well.

The Rule of Law must be applied at all levels of public power. Mutatis mutandis, the principles of the Rule of Law also apply in private law relations. The following definition by Tom Bingham covers most appropriately the essential elements of the Rule of Law: “All persons and authorities within the State, whether public or private, should be bound by and entitled to the benefit of laws publicly made, taking effect (generally) in the future and publicly administered in the courts”.5

In its report, the Commission concluded that, despite differences of opinion, consensus exists on the core elements of the Rule of Law as well as on those of the Rechtsstaat and of the Etat de droit, which are not only formal but also substantive or material (materiellerRechtsstaatsbegriff). These core elements are:

(1) Legality, including a transparent,accountable and democratic process for enacting law;
(2) Legal certainty;
(3) Prohibition of arbitrariness;
(4) Access to justice before independent and impartial courts, including judicial review of administrative acts;
(5) Respect for human rights; and
(6) Non-discrimination and equality before the law.

Since its 2011 Report was oriented towards facilitating a correct and consistent understanding and interpretation of the notion of the Rule of Law and, therefore, aimed at facilitating the practical application of the principles of the Rule of Law, a “checklist for evaluating the state of the Rule of Law in single countries” was appended to the report, listing these six elements, broken down into several sub-parameters.

In 2012, at a conference which the Venice Commission organised in London under the auspices of the UK Foreign Office and in co-operation with the Bingham Centre for the Rule of Law, it launched the project to further develop the checklist as a ground-breaking new, functional approach to assessing the state of the Rule of Law in a given State.

In 2013, the Council of the European Union has begun implementing a new Rule of Law Dialogue with the member States, which would take place on an annual basis. It underlined that “respecting the rule of law is a prerequisite for the protection of fundamental rights” and called on the Commission “to take forward the debate in line with the Treaties on the possible need for and shape of a collaborative and systematic method to tackle these issues”.6 In 2014, the European Commission adopted a mechanism for addressing systemic Rule of Law issues in Member States of the European Union (EU). This “new EU Framework to strengthen the Rule of Law” establishes an early warning tool based on “the indications received from available sources and recognised institutions, including the Council of Europe”; “[i]n order to obtain expert knowledge on particular issues relating to the rule of law in Member States, the (European) Commission … will as a rule and in appropriate cases, seek the advice of the Council of Europe and/or its Venice Commission”.7

At the United Nations level, following the publication of “Rule of Law Indicators” in 2011,8 the United Nations General Assembly adopted in 2012 a Declaration of the High-level Meeting of the General Assembly on the Rule of Law at the National and International Levels, recognising that the “Rule of Law applies to all States equally, and to international organizations”.

The sustainable development agenda with its 17 Sustainable Development Goals (SDGs) and 169 targets to be delivered by 2030 was unanimously adopted by the UN General Assembly in September 2015. The SDGs, which comprise a number of Goals, are aimed to be truly transformative and have profound implications for the realization of the agenda, envisaging “[a world] in which democracy, good governance and the rule of law, as well as an enabling environment at the national and international levels, are essential for sustainable development…” Goal 16 commits States to “Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels”. The achievement of Goal 16 will be assessed against a number of targets, some of which incorporate Rule of Law components, such as the development of effective accountable and transparent institutions (target 16.6) and responsive, inclusive participatory and representative decision making at all levels (target 16.7). However, it is Target 16.3, committing States to “Promote the rule of law at the national and international levels and ensure equal access to justice for all” that offers a unique opportunity for revitalizing the relationship between citizens and the State. This Checklist could be a very important tool to assist in the qualitative measurement of Rule of Law indicators in the context of the SDGs.

The present checklist is intended to build on these developments and to provide a tool for assessing the Rule of Law in a given country from the view point of its constitutional and legal structures, the legislation in force and the existing case-law. The checklist aims at enabling an objective, thorough, transparent and equal assessment.

The checklist is mainly directed at assessing legal safeguards. However, the proper implementation of the law is a crucial aspect of the Rule of Law and must therefore also be taken into consideration. That is why the checklist also includes certain complementary benchmarks relating to the practice. These benchmarks are not exhaustive.

Assessing whether the parameters have been met requires sources of verification standards). For legal parameters, these will be the law in force, as well as, for example, in Europe, the legal assessments thereof by the European Court of Human Rights, the Venice Commission, Council of Europe monitoring bodies and other institutional sources. For parameters relating to the practice, multiple sources will have to be used, including institutional ones such as the CEPEJ and the European Union Agency for Fundamental Rights.

The checklist is meant as a tool for a variety of actors who may decide to carry out such an assessment: These may include Parliaments and other State authorities when addressing the need and content of legislative reform, civil society and international organisations, including regional ones – notably the Council of Europe and the European Union. Assessments have to take into account the whole context, and avoid any mechanical application of specific elements of the checklist.

It is not within the mandate of the Venice Commission to proceed with Rule of Law assessments in given countries on its own initiative; however, it is understood that when the Commission, upon request, deals with Rule of Law issues within the framework of the preparation of an opinion relating a given country, it will base its analysis on the parameters of the checklist within the scope of its competence.

The Rule of Law is realised through successive levels achieved in a progressive manner: the more basic the level of the Rule of Law, the greater the demand for it. Full achievement of the Rule of Law remains an on-going task, even in the well-established democracies. Against this background, it should be clear that the parameters of the checklist do not necessarily all have to be cumulatively fulfilled in order for a final assessment on compliance with the Rule of Law to be positive. The assessment will need to take into account which parameters are not met, to what extent, in what combination etc. The issue must be kept under constant review.

The checklist is neither exhaustive nor final: it aims to cover the core elements of the Rule of Law. The checklist could change over time, and be developed to cover other aspects or to go into further detail. New issues might arise that would require its revision. The Venice Commission will therefore provide for a regular updating of the Checklist.

The Rule of Law and human rights are interlinked, as the next chapter will explain. The Rule of Law would just be an empty shell without permitting access to human rights. Vice-versa, the protection and promotion of human rights are realised only through respect for the Rule of Law: a strong regime of Rule of Law is vital to the protection of human rights. In addition, the Rule of Law and several human rights (such as fair trial and freedom of expression) overlap.9 While recognising that the Rule of Law can only be fully realised in an environment that protects human rights, the checklist will expressly deal with human rights only when they are linked to specific aspects of the Rule of Law.10

Since the Venice Commission is a body of the Council of Europe, the checklist emphasises the legal situation in Europe, as expressed in particular in the case-law of the European Court of Human Rights and also of the Court of Justice of the European Union within its specific remit. The Rule of Law is however a universal principle, and this document also refers, where appropriate, to developments at global level as well as in other regions of the world, in particular in part III enumerating international standards.

B The Rule of Law in an enabling environment

The Rule of Law is linked not only to human rights but also to democracy, i.e. to the third basic value of the Council of Europe. Democracy relates to the involvement of the people in the decision-making process in a society; human rights seek to protect individuals from arbitrary and excessive interferences with their freedoms and liberties and to secure human dignity; the Rule of Law focuses on limiting and independently reviewing the exercise of public powers. The Rule of Law promotes democracy by establishing accountability of those wielding public power and by safeguarding human rights, which protect minorities against arbitrary majority rules.

The Rule of Law has become “a global ideal and aspiration”,11 with a common core valid everywhere. This, however, does not mean that its implementation has to be identical regardless of the concrete juridical, historical, political, social or geographical context. While the main components or “ingredients”12 of the Rule of Law are constant, the specific manner in which they are realised may differ from one country to another depending on the local context; in particular on the constitutional order and traditions of the country concerned. This context may also determine the relative weight of each of the components.

Historically, the Rule of Law was developed as a means to restrict State (governmental) power. Human rights were seen as rights against intrusions by holders of this power (“negative rights”). In the meantime the perception of human rights has changed in many States as well as in European and international law. There are several differences in the details, but nonetheless there is a trend to expand the scope of civil and political rights, especially by acknowledging positive obligations of the State to guarantee effective legal protection of human rights vis-à-vis private actors. Relevant terms are “positive obligations to protect”, “horizontal effects of fundamental rights” or “Drittwirkung der Grundrechte“.

The European Court of Human Rights has acknowledged positive obligations in several fields, for instance related to Art. 8 ECHR.13 In several decisions the Court has developed specific positive obligations of the State by combining Art. 8 ECHR and the Rule of Law.14 Even though positive obligations to protect could not be solely derived from the Rule of Law in these cases, the Rule of Law principle creates additional obligations of the State to guarantee that individuals under their jurisdiction have access to effective legal means to enforce the protection of their human rights, in particular in situations when private actors infringe these rights. Thus the Rule of Law creates a benchmark for the quality of laws protecting human rights: legal provisions in this field – and beyond 15 – have to be, inter alia, clear and predictable, and non-discriminatory, and they must be applied by independent courts under procedural guarantees equivalent to those applied in conflicts resulting from interferences with human rights by public authorities.

One of the relevant contextual elements is the legal system at large. Sources of law which enshrine legal rules, thus granting legal certainty, are not identical in all countries: some States adhere largely to statute law, save for rare exceptions, whereas others include adherence to the common law judge-made law.

States may also use different means and procedures – for example related to the fair trial principle – in criminal proceedings(adversarial system as compared to inquisitorial system, right to a jury as compared to the resolution of criminal cases by judges). The material means that are instrumental in guaranteeing fair trial, such as legal aid and other facilities, may also take different forms.

The distribution of powers among the different State institutions may also impact the context in which this checklist is considered. It should be well-adjusted through a system of checks and balances. The exercise of legislative and executive power should be reviewable for its constitutionality and legality by an independent and impartial judiciary. A well-functioning judiciary, whose decisions are effectively implemented, is of the highest importance for the maintenance and enhancement of the Rule of Law.

At the international level, the demands and implications of the Rule of Law reflect the particularities of the international legal system. In many respects that system is far less developed than national constitutional and legal systems. Apart from special regional systems like that of the European Union, international systems have no permanent legislator, and for most cases no judiciary with obligatory jurisdiction, while the democratic characteristics in decision-making are still very weak.

The European Union’s supranational nature led it to develop the concept of Rule of Law as a general principle of law applicable to its own legal system. According to the case law of the Court of Justice of the European Union, the Rule of Law includes the supremacy of law, the institutional balance, judicial review, (procedural) fundamental rights, including the right to a judicial remedy, as well as the principles of equality and proportionality.

The contextual elements of the Rule of Law are not limited to legal factors. The presence (or absence) of a shared political and legal culture within a society, and the relationship between that culture and the legal order help to determine to what extent and at what level of concreteness the various elements of the Rule of Law have to be explicitly expressed in written law. Thus, for instance, national traditions in the area of dispute settlement and conflict resolution will have an impact upon the concrete guarantees of fair trial offered in a country. It is important that in every State a robust political and legal culture supports particular Rule of Law mechanisms and procedures, which should be constantly checked, adapted and improved.
43 The Rule of Law can only flourish in a country whose inhabitants feel collectively responsible for the implementation of the concept, making it an integral part of their own legal, political and social culture.
II BENCHMARKS

Legality 16

Supremacy of the law

Is supremacy of the law recognised?
i. Is there a written Constitution?
ii.Is conformity of legislation with the Constitution ensured?
iii. Is legislation adopted without delay when required by the Constitution? iv. Does the action of the executive branch conform with the Constitution and other laws?17
v. Are regulations adopted without delay when required by legislation?
vi.Is effective judicial review of the conformity of the acts and decisions of the executive branch of government with the law available?
vii. Does such judicial review also apply to the acts and decisions of independent agencies and private actors performing public tasks?
viii. Is effective legal protection of individual human rights vis-à-vis infringements by private actors guaranteed?

State action must be in accordance with and authorised by the law. Whereas the necessity for judicial review of the acts and decisions of the executive and other bodies performing public tasks is universally recognised, national practice is very diverse on how to ensure conformity of legislation with the Constitution. While judicial review is an effective means to reach this goal, there may also be other means to guarantee the proper implementation of the Constitution to ensure respect for the Rule of Law, such as a priori review by a specialised committee.18

Compliance with the law 19

Do public authorities act on the basis of, and in accordance with standing law?20
i.Are the powers of the public authorities defined by law? 21
ii.Is the delineation of powers between different authorities clear?
iii. Are the procedures that public authorities have to follow established by law?
iv. May public authorities operate without a legal basis? Are such cases duly justified?
v. Do public authorities comply with their positive obligations by ensuring implementation and effective protection of human rights?
vi. In cases where public tasks are delegated to private actors, are equivalent guarantees established by law?22

45. A basic requirement of the Rule of Law is that the powers of the public authorities are defined by law. In so far as legality addresses the actions of public officials, it also requires that they have authorisation to act and that they subsequently act within the limits of the powers that have been conferred upon them, and consequently respect both procedural and substantive law. Equivalent guarantees should be established by law whenever public powers are delegated to private actors – especially but not exclusively coercive powers. Furthermore, public authorities must actively safeguard the fundamental rights of individuals vis-à-vis other private actors.23

46. “Law” covers not only constitutions, international law, statutes and regulations, but also, where appropriate, judge-made law,24 such as common-law rules, all of which is of a binding nature. Any law must be accessible and foreseeable.25

Relationship between international law and domestic law

Does the domestic legal system ensure that the State abide by its binding obligations under international law? In particular: i. Does it ensure compliance with human rights law, including binding decisions of international courts? ii. Are there clear rules on the implementation of these obligations into domestic law? 26

47. The principle pacta sunt servanda (agreements must be kept) is the way in which international law expresses the principle of legality. It does not deal with the way in which international customary or conventional law is implemented in the internal legal order, but a State “may not invoke the provisions of its internal law as justification for its failure to perform a treaty” 27 or to respect customary international law.

48. The principle of the Rule of Law does not impose a choice between monism and dualism, but pacta sunt servanda applies regardless of the national approach to the relationship between international and internal law. At any rate, full domestic implementation of international law is crucial. When international law is part of domestic law, it is binding law within the meaning of the previous paragraph relating to supremacy of law (II.A.2). This does not mean, however, that it should always have supremacy over the Constitution or ordinary legislation.

Law-making powers of the executive

Is the supremacy of the legislature ensured? i. Are general and abstract rules included in an Act of Parliament or a regulation based on that Act, save for limited exceptions provided for in the Constitution? ii. What are these exceptions? Are they limited in time? Are they controlled by Parliament and the judiciary? Is there an effective remedy against abuse?iii. When legislative power is delegated by Parliament to the executive, are the objectives, contents, and scope of the delegation of power explicitly defined in a legislative act? 28

49. Unlimited powers of the executive are, de jure or de facto, a central feature of absolutist and dictatorial systems. Modern constitutionalism has been built against such systems and therefore ensures supremacy of the legislature.29

5 Law-making procedures

Is the process for enacting law transparent, accountable, inclusive and democratic? i. Are there clear constitutional rules on the legislative procedure?30 ii. Is Parliament supreme in deciding on the content of the law? iii. Is proposed legislation debated publicly by parliament and adequately justified (e.g. by explanatory reports)?31 iv. Does the public have access to draft legislation, at least when it is submitted to Parliament? Does the public have a meaningful opportunity to provide input? 32 v.Where appropriate, are impact assessments made before adopting legislation (e.g. on the human rights and budgetary impact of laws)?33 vi.Does the Parliament participate in the process of drafting, approving, incorporating and implementing international treaties?

50. As explained in the introductory part, the Rule of Law is connected with democracy in that it promotes accountability and access to rights which limit the powers of the majority.

Exceptions in emergency situations

Are exceptions in emergency situations provided for by law? i. Are there specific national provisions applicable to emergency situations (war or other public emergency threatening the life of the nation)? Are derogations to human rights possible in such situations under national law? What are the circumstances and criteria required in order to trigger an exception? ii. Does national law prohibit derogation from certain rights even in emergency situations? Are derogations proportionate, that is limited to the extent strictly required by the exigencies of the situation, in duration, circumstance and scope? 34 iii. Are the possibilities for the executive to derogate from the normal division of powers in emergency circumstances also limited in duration, circumstance and scope? iv.What is the procedure for determining an emergency situation? Are there parliamentary control and judicial review of the existence and duration of an emergency situation, and the scope of any derogation thereunder?

51. The security of the State and of its democratic institutions, and the safety of its officials and population, are vital public and private interests that deserve protection and may lead to a temporary derogation from certain human rights and to an extraordinary division of powers. However, emergency powers have been abused by authoritarian governments to stay in power, to silence the opposition and to restrict human rights in general. Strict limits on the duration, circumstance and scope of such powers is therefore essential. State security and public safety can only be effectively secured in a democracy which fully respects the Rule of Law.35 This requires parliamentary control and judicial review of the existence and duration of a declared emergency situation in order to avoid abuse.

52. The relevant provisions of the International Covenant on Civil and Political Rights, of the European Convention on Human Rights and the American Convention on Human Rights are similar.36 They provide for the possibility of derogations (as distinguished from mere limitations of the rights guaranteed) only in highly exceptional circumstances. Derogations are not possible from “the so-called absolute rights: the right to life, the prohibition of torture and inhuman or degrading treatment or punishment, and of slavery, and the nullum crimen, nulla poena principle” among others.37

Duty to implement the law

What measures are taken to ensure that public authorities effectively implement the law i. Are obstacles to the implementation of the law analysed before and after its adoption? ii. Are there effective remedies against non-implementation of legislation? iii. Does the law provide for clear and specific sanctions for non-obedience of the law? 38 iv. Is there a solid and coherent system of law enforcement by public authorities to enforce these sanctions ? v. Are these sanctions consistently applied?

53. Although full enforcement of the law is rarely possible, a fundamental requirement of the Rule of Law is that the law must be respected. This means in particular that State bodies must effectively implement laws. The very essence of the Rule of Law would be called in question if law appeared only in the books but were not duly applied and enforced.39 The duty to implement the law is threefold, since it implies obedience to the law by individuals, the duty reasonably to enforce the law by the State and the duty of public officials to act within the limits of their conferred powers.

54. Obstacles to the effective implementation of the law can occur not only due to the illegal or negligent action of authorities, but also because the quality of legislation makes it difficult to implement. Therefore, assessing whether the law is implementable in practice before adopting it, as well as checking a posteriori whether it may be and is effectively applied is very important. This means that ex ante and ex post legislative evaluation has to be performed when addressing the issue of the Rule of Law.

55. Proper implementation of legislation may also be obstructed by the absence of sufficient sanctions (lex imperfecta), as well as by an insufficient or selective enforcement of the relevant sanctions.

Private actors in charge of public tasks

Does the law guarantee that non-State entities which, fully or in part, have taken on traditionally public tasks, and whose actions and decisions have a similar impact on ordinary people as those of public authorities, are subject to the requirements of the Rule of Law and accountable in a manner comparable to those of public authorities?40

56. There are a number of areas where hybrid (State-private) actors or private entities exercise powers that traditionally have been the domain of State authorities, including in the fields of prison management and health care. The Rule of Law must apply to such situations as well.

Legal certainty
Accessibility of legislation

Are laws accessible?

i. Are all legislative acts published before entering into force? ii. Are they easily accessible, e.g. free of charge via the Internet and/or in an official bulletin?

Accessibility of court decisions

Are counts decisions accessible? i. Are court decisions easily accessible to the public?41 ii. Are exemptions sufficiently justified?

57. As court decisions can establish, elaborate upon and clarify law, their accessibility is part of legal certainty. Limitations can be justified in order to protect individual rights, for instance those of juveniles in criminal cases.

3. Foreseeability of the laws

Are the effects of laws foreseeable?42 i. Are the laws written in an intelligible manner? ii. Does new legislation clearly state whether (and which) previous legislation is repealed or amended? Are amendments incorporated in a consolidated, publicly accessible, version of the law?

58. Foreseeability means not only that the law must, where possible, be proclaimed in advance of implementation and be foreseeable as to its effects: it must also be formulated with sufficient precision and clarity to enable legal subjects to regulate their conduct in conformity with it.43

59. The necessary degree of foreseeability depends however on the nature of the law. In particular, it is essential in criminal legislation. Precaution in advance of dealing with concrete dangers has now become increasingly important; this evolution is legitimate due to the multiplication of the risks resulting in particular from the changing technology. However, in the areas where the precautionary approach of laws apply, such as risk law, the prerequisites for State action are outlined in terms that are considerably broader and more imprecise, but the Rule of Law implies that the principle of foreseeability is not set aside.

Stability and consistency of law

Are laws stable and consistent?
i Are laws stable, to the extent that they are changed only with fair warning ? 44 ii. Are they consistently applied?

60. Instability and inconsistency of legislation or executive action may affect a person’s ability to plan his or her actions. However, stability is not an end in itself: law must also be capable of adaptation to changing circumstances. Law can be changed, but with public debate and notice, and without adversely affecting legitimate expectations (see next item).

Legitimate expectations

Is respect for the principle of legitimate expectations ensured?

61. The principle of legitimate expectations is part of the general principle of legal certainty in European Union law, derived from national laws. It also expresses the idea that public authorities should not only abide by the law but also by their promises and raised expectations. According to the legitimate expectation doctrine, those who act in good faith on the basis of law as it is, should not be frustrated in their legitimate expectations. However, new situations may justify legislative changes going frustrating legitimate expectations in exceptional cases. This doctrine applies not only to legislation but also to individual decisions by public authorities.45

Non-retroactivity

Is retroactivity of legislation prohibited? i. Is retroactivity of criminal legislation prohibited? ii.To what extent is there also a general prohibition on the retroactivity of other laws? 46 iii. Are there exceptions, and, if so, under which conditions?

Nullum crimen sine lege and nulla poena sine lege principles

Do the nullum crimen sine lege and nulla poena sine lege (no crime, no penalty without a law) principles apply?

62. People must be informed in advance of the consequences of their behaviour. This implies foreseeability (above II.B.3) and non-retroactivity especially of criminal legislation. In civil and administrative law, retroactivity may negatively affect rights and legal interests.47 However, outside the criminal field, a retroactive limitation of the rights of individuals or imposition of new duties may be permissible, but only if in the public interest and in conformity with the principle of proportionality (including temporally). The legislator should not interfere with the application of existing legislation by courts.

Res judicata 48

Is respect of res judicata ensured? i. Is respect for the ne bis in idem principle (prohibition against double jeopardy) ensured? ii. May final judicial decisions be revised? iii. If so, under which conditions?

63. Res judicata implies that when an appeal has been finally adjudicated, further appeals are not possible. Final judgments must be respected, unless there are cogent reasons for revising them.49

C. Prevention of abuse (misuse) of powers 50

Are there legal safeguards against arbitrariness and abuse of power (détournement de pouvoir) by public authorities? i.If yes, what is the legal source of this guarantee (Constitution, statutory law, case-law)?ii. Are there clear legal restrictions to discretionary power, in particular when exercised by the executive in administrative action?51 iii. Are there mechanisms to prevent, correct and sanction abuse of discretionary powers (détournement de pouvoir)? When discretionary power is given to officials, is there judicial review of the exercise of such power? iv. Are public authorities required to provide adequate reasons for their decisions, in particular when they affect the rights of individuals? Is the failure to state reasons a valid ground for challenging such decisions in courts?

64. An exercise of power that leads to substantively unfair, unreasonable, irrational or oppressive decisions violates the Rule of Law.

65. It is contrary to the Rule of Law for executive discretion to be unfettered power. Consequently, the law must indicate the scope of any such discretion, to protect against arbitrariness.

66. Abuse of discretionary power should be controlled by judicial or other independent review. Available remedies should be clear and easily accessible.

67. Access to an ombudsperson or another form of non-contentious jurisdiction may also be appropriate.

68. The obligation to give reasons should also apply to administrative decisions.52

Equality before the law and non-discrimination

Principle

Does the Constitution enshrine the principle of equal treatment, the commitment of the State to promote equality as well as the right of individuals to be free from discrimination?

Non-discrimination 53

Is respect for the principle of non-discrimination ensured? i. Does the constitution prohibit discrimination? ii. Is non-discrimination effectively guaranteed by law? iii. Do the Constitution and/or legislation clearly define and prohibit both direct and indirect discrimination?

69. The principle of non-discrimination requires the prohibition of any unjustified unequal treatment under the law and/or by law, and that all persons have guaranteed equal and effective protection against discrimination on grounds such as race, colour, sex, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth or other status.

1. 1. Equality in law

Is equality in law guaranteed? i. Does the constitution require legislation (including regulations) to respect the principle of equality in law? 54 ii. Does it provide that differentiations have to be objectively justified? Can legislation violating the principle of equality be challenged in the court? iii. Are there individuals or groups with special legal privileges? Are these exceptions and/or privileges based on a legitimate aim and in conformity with the principle of proportionality? iv.Are positive measures expressly provided for the benefit of particular groups, including national minorities, in order to address structural inequalities?

70. Legislation must respect the principle of equality: it must treat similar situations equally and different situations differently and guarantee equality with respect to any ground of potential discrimination.

71. For example, rules on parliamentary immunities, and more specifically on inviolability, “should … be regulated in a restrictive manner, and it should always be possible to lift such immunity, following clear and impartial procedures. Inviolability, if applied, should be lifted unless justified with reference to the case at hand and proportional and necessary in order to protect the democratic workings of Parliament and the rights of the political opposition”.55

72. “The law should provide that the prohibition of discrimination does not prevent the maintenance or adoption of temporary special measures designed either to prevent or compensate for disadvantages suffered by persons on grounds [of belonging to a particular group], or to facilitate their full participation in all fields of life. These measures should not be continued once the intended objectives have been achieved.” 56

1. 1. Equality before the law

Is equality before the law guaranteed? i. Does the national legal order clearly provide that the law applies equally to every person irrespective of race, colour, sex, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth or status?57 ii. Does it provide that differentiations have to be objectively justified, on the basis of a reasonable aim, and in conformity with the principle of proportionality? 58 iii. Is there an effective remedy against discriminatory or unequal application of legislation? 59

73. The Rule of Law requires the universal subjection of all to the law. It implies that law should be equally applied, and consistently implemented. Equality is however not merely a formal criterion, but should result in substantively equal treatment. To reach that end, differentiations may have to be tolerated and may even be required. For example, affirmative action may be a way to ensure substantive equality in limited circumstances so as to redress past disadvantage or exclusion.60

Access to justice 6

1. 1. Independence and impartiality
  1. Independence of the judiciary

Are there sufficient constitutional and legal guarantees of judicial independence? i. Are the basic principles of judicial independence, including objective procedures and criteria for judicial appointments, tenure and discipline and removals, enshrined in the Constitution or ordinary legislation?62 ii. Are judges appointed for life time or until retirement age? Are grounds for removal limited to serious breaches of disciplinary or criminal provisions established by law, or where the judge can no longer perform judicial functions? Is the applicable procedure clearly prescribed in law? Are there legal remedies for the individual judge against a dismissal decision?63 iii. Are the grounds for disciplinary measures clearly defined and are sanctions limited to intentional offences and gross negligence?64 iv. Is an independent body in charge of such procedures?65 v. Is this body not only comprised of judges? vi. Are the appointment and promotion of judges based on relevant factors, such as ability, integrity and experience?66 Are these criteria laid down in law? vii. Under which conditions is it possible to transfer judges to another court? Is the consent of the judge to the transfer required? Can the judge appeal the decision of transfer? viii. Is there an independent judicial council? Is it grounded in the Constitution or a law on the judiciary?67 If yes, does it ensure adequate representation of judges as well as lawyers and the public?68 ix. May judges appeal to the judicial council for violation of their independence? x.Is the financial autonomy of the judiciary guaranteed? In particular, are sufficient resources allocated to the courts, and is there a specific article in the budget relating to the judiciary, excluding the possibility of reductions by the executive, except if this is done through a general remuneration measure?69 Does the judiciary or the judicial council have input into the budgetary process? xi. Are the tasks of the prosecutors mostly limited to the criminal justice field?70 xii. Is the judiciary perceived as independent? What is the public’s perception about possible political influences or manipulations in the appointment and promotion of the judges/prosecutors, as well as on their decisions in individual cases? If it exists, does the judicial council effectively defend judges against undue attacks? xiii. Do the judges systematically follow prosecutors’ requests (“prosecutorial bias”)? xiv. Are there fair and sufficient salaries for judges?

74. The judiciary should be independent. Independence means that the judiciary is free from external pressure, and is not subject to political influence or manipulation, in particular by the executive branch. This requirement is an integral part of the fundamental democratic principle of the separation of powers. Judges should not be subject to political influence or manipulation.

75. The European Court of Human Rights highlights four elements of judicial independence: manner of appointment, term of office, the existence of guarantees against outside pressure – including in budgetary matters – and whether the judiciary appears as independent and impartial.71

76. Limited or renewable terms in office may make judges dependent on the authority which appointed them or has the power to re-appoint them.

77. Legislation on dismissal may encourage disguised sanctions.

78. Offences leading to disciplinary sanctions and their legal consequences should be set out clearly in law. The disciplinary system should fulfil the requirements of procedural fairness by way of a fair hearing and the possibility of appeal(s) (see section II.E.2 below).

79. It is important that the appointment and promotion of judges is not based upon political or personal considerations, and the system should be constantly monitored to ensure that this is so.

80. Though the non-consensual transfer of judges to another court may in some cases be lawfully applied as a sanction, it could also be used as a kind of a politically-motivated tool under the disguise of a sanction.72 Such transfer is however justified in principle in cases of legitimate institutional reorganisation.

81. “[I]t is an appropriate method for guaranteeing the independence of the judiciary that an independent judicial council have decisive influence on decisions on the appointment and career of judges”. Judicial councils “should have a pluralistic composition with a substantial part, if not the majority, of members being judges.”73 That is the most effective way to ensure that decisions concerning the selection and career of judges are independent from the government and administration.74 There may however be other acceptable ways to appoint an independent judiciary.

82. Conferring a role on the executive is only permissible in States where these powers are restrained by legal culture and traditions, which have grown over a long time, whereas the involvement of Parliament carries a risk of politicisation.75 Involving only judges carries the risk of raising a perception of self-protection, self-interest and cronyism. As concerns the composition of the judicial council, both politicisation and corporatism must be avoided.76 An appropriate balance should be found between judges and lay members.77 The involvement of other branches of government must not pose threats of undue pressure on the members of the Council and the whole judiciary.78

83. Sufficient resources are essential to ensuring judicial independence from State institutions, and private parties, so that the judiciary can perform its duties with integrity and efficiency, thereby fostering public confidence in justice and the Rule of Law 79 Executive power to reduce the judiciary’s budget is one example of how the resources of the judiciary may be placed under undue pressure.

84. The public prosecutor’s office should not be permitted to interfere in judicial cases outside its standard role in the criminal justice system – e.g. under the model of the “Prokuratura”. Such power would call into question the work of the judiciary and threaten its independence.80

85. Benchmarks xii-xiv deal, first of all, with the perception of the independence of the judiciary. The prosecutorial bias is an example of absence of independence, which may be encouraged by the possibility of sanctions in case of “wrong” judgments. Finally, fair and sufficient salaries are a concrete aspect of financial autonomy of the judiciary. They are a means to prevent corruption, which may endanger the independence of the judiciary not only from other branches of government, but also from individuals. 81

1. 1. Independence of individual judges

Are there sufficient constitutional and legal guarantees for the independence of individual judges? i. Are judicial activities subject to the supervision of higher courts – outside the appeal framework -, court presidents, the executive or other public bodies? ii. Does the Constitution guarantee the right to a competent judge (“natural judge pre-established by law”)82? iii. Does the law clearly determine which court is competent? Does it set rules to solve any conflicts of competence? iv. Does the allocation of cases follow objective and transparent criteria? Is the withdrawal of a judge from a case excluded other than in case a recusal by one of the parties or by the judge him/herself has been declared founded? 83

86. The independence of individual judges must be ensured, as also must the independence of the judiciary from the legislative and, especially, executive branches of government.

87. The possibility of appealing judgments to a higher court is a common element in judicial systems and must be the only way of review of judges when applying the law. Judges should not be subject to supervision by their colleague-judges, and a fortiori to any executive hierarchical power, exercised for example by civil servants. Such supervision would contravene their individual independence, and consequently violate the Rule of Law84.

88. “The guarantee can be understood as having two aspects. One relates to the court as a whole. The other relates to the individual judge or judicial panel dealing with the case. … It is not enough if only the court (or the judicial branch) competent for a certain case is determined in advance. That the order in which the individual judge (or panel of judges) within a court is determined in advance, meaning that it is based on general objective principles, is essential”.85

1. 1. Impartiality of the judiciary 86

Are there specific constitutional and legal rules providing for the impartiality of the judiciary? 87 i. What is the public’s perception of the impartiality of the judiciary and of individual judges? ii. Is there corruption in the judiciary? Are specific measures in place against corruption in the judiciary (e.g. a declaration of assets)? What is the public’s perception on this issue?88

89. Impartiality of the judiciary must be ensured in practice as well as in the law. The classical formula, as expressed for example by the case-law of the European Court of Human Rights, is that “justice must not only be done, it must also be seen to be done”.89 This implies objective as well as subjective impartiality. The public’s perception can assist in assessing whether the judiciary is impartial in practice.

90. Declaration of assets is a means of fighting corruption because it can highlight any conflict of interest and possibly lead to scrutiny of any unusual income.90

1. 1. The prosecution service: autonomy and control

Is sufficient autonomy of the prosecution service ensured? i. Does the office of the public prosecution have sufficient autonomy within the State structure? Does it act on the basis of the law rather than of political expediency? 91 ii. Is it permitted that the executive gives specific instructions to the prosecution office on particular cases? If yes, are they reasoned, in writing, and subject to public scrutiny? 92 iii. May a senior prosecutor give direct instructions to a lower prosecutor on a particular case? If yes, are they reasoned and in written form? iv. Is there a mechanism for a junior prosecutor to contest the validity of the instruction on the basis of the illegal character or improper grounds of the instruction?v. Also, can the prosecutor contesting the validity of the instruction request to be replaced? 93 vi. Is termination of office permissible only when prosecutors reach the retirement age, or for disciplinary purposes, or, alternatively, are the prosecutors appointed for a relatively long period of time without the possibility of renewal?94 vii. Are these matters and the grounds for dismissal of prosecutors clearly prescribed by law?95 viii. Are there legal remedies for the individual prosecutor against a dismissal decision? 96 ix.Is the appointment, transfer and promotion of prosecutors based on objective factors, in particular ability, integrity and experience, and not on political considerations? Are such principles laid down in law ? x.Are there fair and sufficient salaries for prosecutors?97 xi. Is there a perception that prosecutorial policies allow selective enforcement of the law?xii. Is prosecutorial action subject to judicial control?

91. There is no common standard on the organisation of the prosecution service, especially about the authority required to appoint public prosecutors, or the internal organisation of the public prosecution service. However, sufficient autonomy must be ensured to shield prosecutorial authorities from undue political influence. In conformity with the principle of legality, the public prosecution service must act only on the basis of, and in accordance with, the law.98 This does not prevent the law from giving prosecutorial authorities some discretion when deciding whether to initiate a criminal procedure or not (opportunity principle).99

92. Autonomy must also be ensured inside the prosecution service. Prosecutors must not be submitted to strict hierarchical instructions without any discretion, and should be in a position not to apply instructions contradicting the law.

93. The concerns relating to the judiciary apply, mutatis mutandis, to the prosecution service, including the importance of assessing legal regulations, as well as practice.

94. Here again,100 sufficient remuneration is an important element of autonomy and a safeguard against corruption.

95. Bias on the part of public prosecution services could lead to improper prosecution, or to selective prosecution, in particular on behalf of those in, or close to, power. This would jeopardise the implementation of the legal system and is therefore a danger to the Rule of Law. Public perception is essential in identifying such a bias.

96. As in other fields, the existence of a legal remedy open to individuals whose rights have been affected is essential to ensuring that the Rule of Law is respected.

1. 1. Independence and impartiality of the Bar

Are the independence and impartiality of the Bar ensured? i. Is there a recognised, organised and independent legal profession (Bar)?101 ii. Is there a legal basis for the functioning of the Bar, based on the principles of independence, confidentiality and professional ethics, and the avoidance of conflicts of interests? iii. Is access to the Bar regulated in an objective and sufficiently open manner,also as remuneration and legal aid are concerned? iv. Are there effective and fair disciplinary procedures at the Bar? v.What is the public’s perception about the Bar’s independence?

97. The Bar plays a fundamental role in assisting the judicial system. It is therefore crucial that it is organised so as to ensure its independence and proper functioning. This implies that legislation provides for the main features of its independence and that access to the Bar is sufficiently open to make the right to legal counsel effective. Effective and fair criminal and disciplinary proceedings are necessary to ensure the independence and impartiality of the lawyers.

98. Professional ethics imply inter alia that “[a] lawyer shall maintain independence and be afforded the protection such independence offers in giving clients unbiased advice and representation”102. He or she “shall at all times maintain the highest standards of honesty, integrity and fairness towards the lawyer’s clients, the court, colleagues and all those with whom the lawyer comes into professional contact”,103 “shall not assume a position in which a client’s interest conflict with those of the lawyer”104 and “shall treat client interest as paramount”.105

Fair trial 106

Access to courts

Do individuals have an effective access to courts? i. Locus standi (right to bring an action): Does an individual have an easily accessible and effective opportunity to challenge a private or public act that interferes with his/her rights?107 ii. Is the right to defence guaranteed, including through effective legal assistance?108 If yes, what is the legal source of this guarantee? iii. Is legal aid accessible to parties who do not have sufficient means to pay for legal assistance, when the interests of justice so require? 109 iv. Are formal requirements,110 time-limits111 and court fees reasonable?112 v. Is access to justice easy in practice?113 What measures are taken to make easy? vi.Is suitable information on the functioning of the judiciary available to the public?

99. Individuals are usually not in a position to bring judicial proceedings on their own. Legal assistance is therefore crucial and should be available to everyone. Legal aid should also be provided to those who cannot afford it.

100. This question addresses a number of procedural obstacles which may jeopardise access to justice. Excessive formal requirements may lead to even serious and well-grounded cases being declared inadmissible. Their complexity may further necessitate recourse to a lawyer even in straightforward cases with little financial impact. Simplified standardised forms easily accessible to the public should be available to simplify judicial procedures.

101. Very short time-limits may in practice prevent individuals from exercising their rights. High fees may discourage a number of individuals, especially those with a low income, from bringing their case to court.

102. Responses to the preceding questions concerning procedural obstacles, should enable a preliminary conclusion to be made regarding how access to the court is guaranteed. However, a complete reply should take into account the public’s perception on these matters.

103. The judiciary should not be perceived as remote from the public and shrouded in mystery. The availability, in particular on the internet, of clear information regarding how to bring a case to court is one way of guaranteeing effective public engagement with the judicial system. Information should be easily accessible to the whole population, including vulnerable groups and also made available in the languages of national minorities and/or migrants. Lower courts should be well-distributed around the country and their court houses easily accessible.

Presumption of innocence114

Is the presumption of innocence guaranteed? i. Is the presumption of innocence guaranteed by law? ii. Are there clear and fair rules on the burden of proof? iii. Are there legal safeguards which aim at preventing other branches of government from making statements on the guilt of the accused? 115 iv. Is the right to remain silent and not to incriminate oneself nor members of one’s family ensured by law and in practice? 116 v. Are there guarantees against excessive pre-trial detention?117

104. The presumption of innocence is essential in ensuring the right to a fair trial. In order for the presumption of innocence to be guaranteed, the burden of proof must be on the prosecution.118 Rules and practice concerning the required proof have to be clear and fair. The unintentional or purposeful exercise of influence by other branches of government on the competent judicial authority by prejudging the assessment of the facts must be avoided. The same holds good for certain private sources of opinion like the media. Excessive pre-trial detention may be considered as prejudging the accused’s guilt.119

Other aspects of the right to a fair trial

Are additional fair trial standards enshrined in law and applied in practice? i. Is equality of arms guaranteed by law? Is it ensured in practice?120 ii. Are there rules excluding unlawfully obtained evidence?121 iii. Are proceedings started and judicial decisions made without undue delay?122 Is there a remedy against undue lengths of proceedings?123 iv. Is the right to timely access to court documents and files ensured for litigants?124 v. Is the right to be heard guaranteed?125 vi.Are judgments well-reasoned?126 vii. Are hearings and judgments public except for the cases provided for in Article 6.1 ECHR or for in absentia trials? viii. Are appeal procedures available, in particular in criminal cases? 127 ix. Are court notifications delivered properly and promptly?

105. The right to appeal against a judicial decision is expressly guaranteed by Article 2 Protocol 7 ECHR and Article 14.5 ICCPR in the criminal field, and by Article 8.2.h ACHR in general. This is a general principle of the Rule of Law often guaranteed at constitutional or legislative level by domestic legislation, in particular in the criminal field. Any court whose decisions cannot be appealed would run the risk of acting arbitrarily.

106. All aspects of the right to a fair trial developed above may be inferred from the right to a fair trial as defined in Article 6 ECHR, as elaborated in the case-law of the European Court of Human Rights. They ensure that legal subjects are properly involved in the whole judicial process.

Effectiveness of judicial decisions

Are judicial decisions effective? i. Are judgments effectively and promptly executed?128 ii. Are complaints for non-execution of judgments before national courts and/or the European Court of Human Rights frequent? iii. What is the perception of the effectiveness of judicial decisions by the public?

107. Judicial decisions are essential to the implementation of the Constitution and of legislation. The right to a fair trial and the Rule of Law in general would be devoid of any substance if judicial decisions were not executed.

3 Constitutional justice (if applicable)

Is constitutional justice ensured in States which provide for constitutional review (by specialised constitutional courts or by supreme courts)? i. Do individuals have effective access to constitutional justice against general acts, i.e., may individuals request constitutional review of the law by direct action or by constitutional objection in ordinary court proceedings?129 What “interest to sue” is required on their part? ii. Do individuals have effective access to constitutional justice against individual acts which affect them, i.e. may individuals request constitutional review of administrative acts or court decisions through direct action or by constitutional objection?130 iii. Are Parliament and the executive obliged, when adopting new legislative or regulatory provisions, to take into account the arguments used by the Constitutional Court or equivalent body? Do they take them into account in practice? iv. Do Parliament or the executive fill legislative/regulatory gaps identified by the Constitutional Court or equivalent body within a reasonable time?v. Where judgments of ordinary courts are repealed in constitutional complaint proceedings, are the cases re-opened and settled by the ordinary courts taking into account the arguments used by the Constitutional Court or equivalent body? 131 vi. If constitutional judges are elected by Parliament, is there a requirement for a qualified majority132 and other safeguards for a balanced composition?133 vii. Is there an ex ante control of constitutionality by the executive and or/legislative branches of government?

108. The Venice Commission usually recommends providing for a constitutional court or equivalent body. What is essential is an effective guarantee of the conformity of governmental action, including legislation, with the Constitution. There may be other ways to ensure such conformity. For example, Finnish law provides at the same time for a priori review of constitutionality by the Constitutional Law Committee and for a posteriori judicial control in case the application of a statutory provision would lead to an evident conflict with the Constitution. In the specific national context, this has proven sufficient.134

109. Full judicial review of constitutionality is indeed the most effective means to ensure respect for the Constitution, and includes a number of aspects which are set out in detail above. First, the question of locus standi is very important: leaving the possibility to ask for a review of constitutionality only to the legislative or executive branch of government may severely limit the number of cases and therefore the scope of the review. Individual access to constitutional jurisdiction has therefore been developed in a vast majority of countries, at least in Europe.135 Such access may be direct or indirect (by way of an objection raised before an ordinary court, which refers the issue to the constitutional court).136 Second, there should be no limitation as to the kinds of acts which can be submitted to constitutional review: it must be possible to do so for (general) normative as well as for individual (administrative or judicial) acts. However, an individual interest may be required on the part of a private applicant.

110. The right to a fair trial imposes the implementation of all courts’ decisions, including those of the constitutional jurisdiction. The mere cancellation of legislation violating the Constitution is not sufficient to eliminate every effect of a violation, and would at any rate be impossible in cases of unconstitutional legislative omission.

111. This is why this document underlines the importance of Parliament adopting legislation in line with the decision of the Constitutional Court or equivalent body.137 What was said about the legislator and the executive is also true for courts: they have to remedy the cases where the constitutional jurisdiction found unconstitutionality, on the basis of the latter’s arguments.

112. “The legitimacy of a constitutional jurisdiction and society’s acceptance of its decisions may depend very heavily on the extent of the court’s consideration of the different social values at stake, even though such values are generally superseded in favour of common values. To this end, a balance which ensures respect for different sensibilities must be entrenched in the rules of composition of these jurisdictions”.138 A qualified majority implies a political compromise and is a way to ensure a balanced composition when no party or coalition has such a majority.

113. Even in States where ex post control by a constitutional or supreme court is possible, ex ante control by the executive or legislative branch of government helps preventing unconstitutionalities.

Examples of particular challenges to the Rule of Law

114. There are many examples where particular actions and decisions offend the Rule of Law. However, because they are topical and pervasive at the time of the drafting of this document, two such examples are presented in this section: corruption and conflict of interest; and collection of data and surveillance.

Corruption 139 and conflict of interest

Preventive measures

What are the preventive measures taken against corruption? i. In the exercise of public duties, are specific rules of conduct applicable to public officials? Do these rules take into account: (1) the promotion of integrity in public life by means of general duties (impartiality and neutrality etc.); (2) restrictions on gifts and other benefits; (3) safeguards with respect to the use of public resources and information which is not meant to be public; (4) regulations on contacts with third parties and persons seeking to influence a public decision including governmental and parliamentary work? ii. Are there rules aimed at preventing conflicts of interest in decision-making by public officals, e.g. by requiring disclosure of any conflicts in advance? iii. Are all categories of public officials covered by the above measures, e.g. civil servants, elected or appointed senior officials at State and local levels, judges and other holders of judicial functions, prosecutors etc. ? iv. Are certain categories of public officials subject to a system of disclosure of income, assets and interests, or to further requirements at the beginning and the end of a public office or mandate e.g. specific integrity requirements for appointment, professional disqualifications, post-employment restrictions (to limit revolving doors or so-called “pantouflage”)? v. Have specific preventative measures been taken in specific sectors which are exposed to high risks of corruption, e.g. to ensure an adequate level of transparency and supervision over public tenders, and the financing of political parties and election campaigns?

Criminal law measures

What are the criminal law measures taken against corruption? i. To what extent does bribery involving a public official constitute an offence? ii. Is corruption defined in policy documents or other texts, in conformity with international standards? Are there criminal law provisions aimed at preserving public integrity, e.g. trading in influence, abuse of office, breach of official duties? iii. Which public officials are within the scope of such measures, e.g. civil servants, elected or appointed senior officials including the head of State and members of government and public assemblies, judges and other holders of judicial functions, prosecutors etc. ? iv. What consequences are attached to convictions for corruption-related offences? Do these include additional consequences such as exclusion from a public office or confiscation of profits?

Effective compliance with, and implementation of preventive and repressive measures

How is effective compliance with the above measures ensured? i. How is the overall level of compliance with anti-corruption measures and policies perceived domestically? ii. Does the State comply with the results of international monitoring in this field? Are effective, proportionate and dissuasive criminal and administrative sanctions provided for corruption-related acts and non-compliance with preventive mechanisms? iii. Are the bodies responsible for combating corruption and preserving public sector integrity provided with adequate resources, including investigative powers, personnel and financial support? Do these bodies enjoy sufficient operational independence from the executive and the legislature?140 iv. Are measures in place to make the above bodies accessible to individuals and to encourage disclosure of possible corrupt acts, notably reporting hotlines and a policy on whistle-blowers141 which offers protection against retaliation in the workplace and other negative consequences? v. Does the State itself assess the effectiveness of its anti-corruption policies, and is adequate corrective action taken when necessary vi. Have any phenomena been observed in practice, which would undermine the effectiveness or integrity of anti-corruption efforts, e.g. manipulation of the legislative process, non-compliance and non-enforcement of court decisions and sanctions, immunities, interference with the enforcement efforts of anti-corruption and other responsible bodies – including political intimidation, instrumentalisation of certain public institutions, intimidation of journalists and members of civil society who report on corruption?

115. Corruption leads to arbitrariness and abuse of powers since decisions will not be made in line with the law, which will lead to decisions being arbitrary in nature. Moreover, corruption may offend equal application of the law: it therefore undermines the very foundations of the Rule of Law. Although all three branches of powers are concerned, corruption is a particular concern for the judiciary, prosecutorial and law enforcement bodies, which play an instrumental role in safeguarding the effectiveness of anti-corruption efforts. Preventing and sanctioning corruption-related acts are important elements of anti-corruption measures, which are addressed in a variety of international conventions and other instruments.142

116. Preventing conflicts of interest is an important element of the fight against corruption. A conflict of interest may arise where a public official has a private interest (which may involve a third person, e.g. a relative or spouse) liable to influence, or appearing to influence, the impartial and objective performance of his or her official duties.143 The issue of conflicts of interest is addressed in international conventions and soft law.144 Legislation on lobbying and the control of campaign finance may also contribute to preventing and sanctioning conflicts of interest.145

Collection of data and surveillance

Collection and processing of personal data

How is personal data protection ensured? i. Are personal data undergoing automatic processing sufficiently protected with regard to their collection, storing and processing by the State as well as by private actors? What are the safeguards to secure that personal data are: – processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”); – collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (“purpose limitation”)? – adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”)? – accurate and, where necessary, kept up to date (“accuracy”)? – kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”); – processed in a way that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (“integrity and confidentiality”)? 146 ii. Is the data subject provided at least with information on: – the existence of an automated personal data file, its main purposes; – the identity and the contact details of the controller and of the data protection officer; – the purposes of the processing for which the personal data are intended; – the period for which the personal data will be stored; – the existence of the right to request from the controller access to and rectification or erasure of the personal data concerning the data subject or to object to the processing of such personal data; – the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority; the recipients or categories of recipients of the personal data; – where the personal data are not collected from the data subject, from which source the personal data originate; – any further information necessary to guarantee fair processing in respect of the data subject.147 iii. Does a specific independent authority ensure compliance with the legal conditions under domestic law giving effect to the international principles and requirements with regard to the protection of individuals and of personal data? 148 iv. Are effective remedies provided for alleged violations of individual rights by collection of data? 149

117. The increasing use of information technology has made the collection of data possible to an extent which was unthinkable in the past. This has led to the development of national and international legal protection of individuals with regard to automatic processing of personal information relating to them. The most important requirements of such protection are enumerated above. These are also applicable mutatis mutandis to data processing for security purposes.

Targeted surveillance

What are the guarantees against abuse of targeted surveillance? i. Is there a mandate in the primary legislation and is it restricted by principles like the principle of proportionality? ii. Are there norms providing for procedural controls and oversight? iii. Is an authorisation by a judge or an independent body required? iv. Are there sufficient legal remedies available for an alleged violation of individual rights?150

118. Surveillance may seriously infringe the right to private life. The developments of technical means make it easier and easier to use. Ensuring that it does not provide the State an unlimited power to control the life of individuals is therefore crucial.

119. Targeted surveillance must be understood as covert collection of conversations by technical means, covert collection of telecommunications and covert collection of metadata).151

Strategic surveillance

What are the legal provisions related to strategic surveillance which guarantee against abuse? i. Are the main elements of strategic surveillance regulated in statute form, including the definition of the agencies which are authorised to collect such intelligence, the detailed purposes for which strategic surveillance can be collected and the limits, including the principle of proportionality, which apply to the collection, retention and dissemination of the data collected? 152 ii. Does the legislation extend data protection/privacy also to non-citizens/non-residents? iii. Is strategic surveillance submitted to preventive judicial or independent authorisation? Are there independent review and oversight mechanisms in place? 153 iv. Are effective remedies provided for alleged violations of individual rights by strategic surveillance?154

120. Signals intelligence must be understood as means and methods for the interception of radio – including satellite and cell phone and cable-borne communications.155

121. “One of the most important developments of intelligence oversight in recent years has been that signals intelligence… can now involve monitoring “ordinary telecommunications” (it is “surveillance”) and it has a much greater potential for affecting human rights.”156

Video surveillance

What are the guarantees against abuse of video surveillance, especially of public places?157 i. Is video surveillance performed on grounds of security or safety requirements, or for the prevention and control of criminal offences, and submitted in law and in practice to the requirements laid down in Article 8 ECHR?158 ii. Are people notified of their being surveyed in places accessible to the public? iii. Do people have access to any video surveillance that may relate to them?

III. SELECTED STANDARDS

III.a. General Rule of Law Standards Hard Law

Council of Europe, European Convention on Human Rights (1950) http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/005
European Union (EU), Charter of Fundamental Rights of the EU (2009) http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.C_.2010.083.01.0389.01.ENG
United Nations (UN), International Covenant on Civil and Political Rights (1966) (ICCPR) http://www.unhcr.org/refworld/pdfid/3ae6b3aa0.pdf
Council of Europe, Statute of the Council of Europe, Preamble (1949) http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/001
OAS, American Convention on Human Rights (‘Pact of San Jose’) (1969) http://www.oas.org/dil/treaties_B-32_American_Convention_on_Human_Rights.htm
African Union (AU), Constitutive Act http://www.au.int/en/sites/default/files/ConstitutiveAct_EN.pdf
African Union (AU) Charter on Democracy, Elections and Governance (2007), Article 3

Click to access AFRICAN_CHARTER_ON_DEMOCRACY_ELECTIONS_AND_GOVERNANCE.pdf

2. Soft Law

Council of Europe

European Commission for Democracy through Law (Venice Commission), Report on the Rule of Law, CDL-AD (2011)003rev http://www.venice.coe.int/webforms/documents/?pdf=CDL-AD(2011)003rev-e
Council of Europe Committee of Ministers, ‘The Council of Europe and the Rule of Law’, CM(2008)170 http://www.coe.int/t/dghl/standardsetting/minjust/mju29/CM%20170_en.pdf
The European Commission for the Efficiency of Justice’s Evaluation of European Judicial Systems project http://www.coe.int/t/dghl/cooperation/cepej/series/Etudes6Suivi_en.pdf

European Union

EU, Justice Scoreboard (ongoing annual reports) http://ec.europa.eu/justice/effective-justice/scoreboard/index_en.htm
Communication from the European Commission to the European Parliament and the Council, ‘A new EU Framework to strengthen the Rule of Law’, COM(2014) 158 final/2. http://ec.europa.eu/justice/effective-justice/files/com_2014_158_en.pdf
Council of the EU, Conclusions on fundamental rights and rule of law and on the Commission 2012 Report on the Application of the Charter of Fundamental Rights of the European Union (2013) http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/jha/137404.pdf
EU Accession Criteria (‘Copenhagen Criteria’) http://europa.eu/rapid/press-release_DOC-93-3_en.htm?locale=en

Other International Organisations

Conference on Security and Co-operation in Europe (CSCE, now OSCE), Document of the Copenhagen Meeting of the Conference on the Human Dimension of the CSCE (“the Copenhagen document”) (1989) http://www.osce.org/odihr/elections/14304?download=true
Organization for Security and Co-operation in Europe, Decision No. 7/08, ‘Further strengthening the rule of law in the OSCE area’ (2008). http://www.osce.org/mc/35494?download=true
Organization of American States (OAS), Inter-American Democratic Charter (2001), http://www.oas.org/OASpage/eng/Documents/Democractic_Charter.htm
Conference on Security and Co-operation in Europe (CSCE, now OSCE), Document of the Moscow meeting of the Conference on the Human Dimension of the CSCE (“the Moscow document) (1991) http://www.osce.org/odihr/elections/14310?download=true

Rule of Law Indicators

World Justice Project Rule of Law Index http://worldjusticeproject.org/sites/default/files/files/wjp_rule_of_law_index_2014_report.pdf
Vera-Altus Rule of Law Indicators http://www.altus.org/pdf/dimrol_en.pdf
The United Nations Rule of Law Indicators http://www.un.org/en/events/peacekeepersday/2011/publications/un_rule_of_law_indicators.pdf
World Bank’s World Governance Indicators http://info.worldbank.org/governance/wgi/index.aspx#home

III.b. Standards relating to the Benchmarks

Legality

Hard Law

ECHR Articles 6ff, in particular 6.1, 7, 8.2, 9.2, 10.2 and 11.2
EU, Charter of Fundamental Rights of the EU (2009), Article 49 (concerning the principles of legality and proportionality of criminal offences and penalties) http://www.europarl.europa.eu/charter/pdf/text_en.pdf
UN, ICCPR Articles 14ff, in particular 14.1, 15, 18.3, 19.3, 21; 22.3
UN, International Covenant on Civil and Political Rights (1966), Article 4 (emergency derogations must be strict), 15 (nullum crimen, nullum poena) http://www.unhcr.org/refworld/pdfid/3ae6b3aa0.pdf
UN, International Convention on the Protection of the Rights of All Migrant Workers and Members of their Families (1990), Articles 16(4), 19 http://www2.ohchr.org/english/bodies/cmw/cmw.htm
Rome Statute of the International Criminal Court (1998), Article 22 http://www.icc-cpi.int/nr/rdonlyres/ea9aeff7-5752-4f84-be94-0a655eb30e16/0/rome_statute_english.pdf
AU Charter on Democracy, Elections and Governance (2007), Article 10
http://www.au.int/en/sites/default/files/AFRICAN_CHARTER_ON_DEMOCRACY_ELECTIONS_AND_GOVERNANCE.pdf
OAS, American Convention on Human Rights (‘Pact of San Jose’) (1969), Article 27
http://www.oas.org/dil/treaties_B32_American_Convention_on_Human_Rights.htm

Soft Law

UN, Universal Declaration of Human Rights (1948), Article 11(2) (concerning criminal offences and penalties) http://www.un.org/en/documents/udhr/index.shtml
Organization of American States (OAS), American Declaration of the Rights and Duties of Man (1948), Article XXV (protection from arbitrary arrest)
http://www.oas.org/dil/1948%20American%20Declaration%20of%20the%20Rights%20and% 20Duties%20of%20Man.pdf
Commonwealth (Latimer House) Principles on the Accountability of and the Relationship Between the Three Branches of Government (1998), Principles II, VIII http://www.cmja.org/downloads/latimerhouse/commprinthreearms.pdf
Charter of the Commonwealth (2013), Sections VI, VIII http://thecommonwealth.org/sites/default/files/page/documents/CharteroftheCommonwealth.pdf
Association of Southeast Asian Nations (ASEAN) Human Rights Declaration (2012), para 20(2)Available at http://aichr.org/documents

Legal certainty

Hard Law

ECHR Articles 6ff, in particular 6.1, 7, 8.2, 9.2, 10.2 and 11.2
OAS, American Convention on Human Rights (‘Pact of San Jose’) (1969), Article 9 http://www.oas.org/dil/treaties_B32_American_Convention_on_Human_Rights.htm
AU, African Charter on Human and People’s Rights (Banjul Charter) (1981), Article 7(2) http://www.unhcr.org/refworld/pdfid/3ae6b3630.pdf
League of Arab States (LAS), Arab Charter on Human Rights (Revised) (2004), Article 16 http://www.refworld.org/docid/3ae6b38540.html

Soft Law

UN, Universal Declaration of Human Rights (1948), Article 11 http://www.un.org/en/documents/udhr/index.shtml
UN, Declaration of the High-level Meeting of the General Assembly on the Rule of Law at the National and International Levels (2012), para 8 http://www.unrol.org/article.aspx?article_id=192
ASEAN, Human Rights Declaration (2012), para 20(3) Available at http://aichr.org/documents

Prevention of abuse of powers

Hard Law

UN, International Covenant on Civil and Political Rights (1966), Article 17 (interference with freedoms) http://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx
UN, International Convention on the Protection of the Rights of All Migrant Workers and Members of their Families (1990), Articles 14 (interference with freedoms), 15 (deprivation of property) http://www2.ohchr.org/english/bodies/cmw/cmw.htm
UN, Convention on the Rights of the Child (1989), Article 37(b) (arbitrary arrest or detention) http://www.ohchr.org/EN/ProfessionalInterest/Pages/CRC.aspx
AU, African Charter on Human and People’s Rights (Banjul Charter) (1981), Article 14 http://www.unhcr.org/refworld/pdfid/3ae6b3630.pdf

Soft Law

Council of Europe Committee of Ministers, ‘The Council of Europe and the Rule of Law’, CM(2008)170, section 46 http://www.coe.int/t/dghl/standardsetting/minjust/mju29/CM%20170_en.pdf
UN, Universal Declaration of Human Rights (1948), Articles 9, 12, 17 http://www.un.org/en/documents/udhr/index.shtml
Commonwealth (Latimer House) Principles on the Accountability of and the Relationship Between the Three Branches of Government (1998), Principle VII http://www.cmja.org/downloads/latimerhouse/commprinthreearms.pdf
ASEAN Human Rights Declaration (2012), paras 11-12, 21 (arbitrary deprivations of life, liberty, privacy) Available at http://aichr.org/documents

Equality before the law and non-discrimination

Hard Law

Council of Europe

ECHR (1950), Article 14

European Union

Charter of Fundamental Rights of the EU (2009), Articles 20-21 http://www.europarl.europa.eu/charter/pdf/text_en.pdf
EU Equality Directives, including Council Directive 2000/78/EC of 27 November 2000 establishing a general framework for equal treatment in employment and occupation and Council Directive 2000/43/EC of 29 June 2000 implementing the principle of equal treatment between persons irrespective of racial or ethnic origin

Other international organisations

UN, International Covenant on Civil and Political Rights (1966), Articles 2, 14(1), 26 (equality before courts and tribunals) http://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx
UN, International Convention on the Elimination of All Forms of Racial Discrimination (CEDR) (1969), especially Article 5 http://www.ohchr.org/EN/ProfessionalInterest/Pages/CERD.aspx
UN, International Convention on the Protection of the Rights of All Migrant Workers and Members of their Families (1990), Articles 1, 7, 18 http://www2.ohchr.org/english/bodies/cmw/cmw.htm
UN, International Covenant on Economic, Social and Cultural Rights (1966), Article 3 http://www.ohchr.org/EN/ProfessionalInterest/Pages/CESCR.aspx
UN, Convention on the Elimination of All Forms of Discrimination against Women (CEDAW)(1979) http://www.ohchr.org/EN/ProfessionalInterest/Pages/CERD.aspx
UN, Convention on the Rights of Persons with Disabilities (CRPD) (2006) http://www.un.org/disabilities/convention/conventionfull.shtml
UN, Convention on the Rights of the Child (1989), Article 2 http://www.ohchr.org/EN/ProfessionalInterest/Pages/CRC.aspx
International Committee of the Red Cross and Red Crescent Societies, Geneva Conventions (1949), Common Article 3 https://www.icrc.org/ihl/WebART/375-590006
AU, African Charter on Human and People’s Rights (Banjul Charter) (1981), Articles 3, 19 http://www.unhcr.org/refworld/pdfid/3ae6b3630.pdf
AU Charter on Democracy, Elections and Governance (2007), Article 8 http://www.au.int/en/sites/default/files/AFRICAN_CHARTER_ON_DEMOCRACY_ELECTIONS_AND_GOVERNANCE.pdf
OAS, American Convention on Human Rights (‘Pact of San Jose’) (1969), Articles 3, 24 http://www.oas.org/dil/treaties_B-32_American_Convention_on_Human_Rights.htm
LAS, Arab Charter on Human Rights (Revised) (2004), Articles 2, 9 http://www.refworld.org/docid/3ae6b38540.html

Soft Law

Council of Europe, Recommendation CM/Rec(2007)7 of the Committee of Ministers to member States on good administration, Article 3 https://wcd.coe.int/ViewDoc.jsp?id=1155877
European Commission for Democracy through Law (Venice Commission), Report on the scope and lifting of parliamentary immunities, CDL-AD(2014)011 http://www.venice.coe.int/webforms/documents/?pdf=CDL-AD(2014)011-e
UN, Universal Declaration of Human Rights (1948), Articles 1, 2, 6-7, 16-17, 22-23 http://www.un.org/en/documents/udhr/index.shtml
UN Declaration of the High-level Meeting of the General Assembly on the Rule of Law at the National and International Levels (2012), sections 12, 14 http://www.unrol.org/article.aspx?article_id=192
UN Human Rights Committee, General Comment No. 32 (2007), Article 14: Right to equality before courts and tribunals and to a fair trial http://www1.umn.edu/humanrts/gencomm/hrcom32.html
The Commonwealth, Harare Commonwealth Declaration (1991), para 4 http://thecommonwealth.org/sites/default/files/history-items/documents/Harare%20Commonwealth%20Declaration%201991.pdf
The Commonwealth, Singapore Declaration of Commonwealth Principles (1971), Principle 6 http://thecommonwealth.org/sites/default/files/history -items/documents/Singapore%20Declaration.pdf
ASEAN, Human Rights Declaration (2012), paras 2, 7-9 Available at http://aichr.org/documents
OAS, American Declaration of the Rights and Duties of Man (1948), Articles II, XVII http://www.oas.org/dil/1948%20American%20Declaration%20of%20the%20Rights%20and%20Duties%20of%20Man.pdf
OAS, Inter-American Democratic Charter (2001), Article 9 http://www.oas.org/OASpage/eng/Documents/Democractic_Charter.htm
South Asian Association for Regional Cooperation (SAARC), Charter of Democracy (2011) http://saarc-sec.org/SAARC-Charter-of-Democracy/88/

Access to justice

Hard Law

ECHR (1950), Article 6
Charter of Fundamental Rights of the EU (2009), Articles 41, 47, 48, 50 http://www.europarl.europa.eu/charter/pdf/text_en.pdf
Directive 2010/64/EU of the European Parliament and of the Council of 20 October 2010 on the right to interpretation and translation in criminal proceedings http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1455724770445&uri=CELEX:32010L0064
Directive 2012/13/EU of the European Parliament and of the Council of 22 May 2012 on the right to information in criminal proceedings http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1455724843769&uri=CELEX:32012L0013
Directive 2013/48/EU of the European Parliament and of the Council of 22 October 2013 on the right of access to a lawyer in criminal proceedings and in European arrest warrant proceedings, and on the right to have a third party informed upon deprivation of liberty and to communicate with third persons and with consular authorities while deprived of liberty http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1455724901649&uri=CELEX:32013L0048
UN, International Covenant on Civil and Political Rights (1966), Articles 9, 14 http://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx
UN, International Convention on the Elimination of All Forms of Racial Discrimination (1969), Article 6
http://www.ohchr.org/EN/ProfessionalInterest/Pages/CERD.aspx
UN, Convention on the Rights of the Child (1989), Articles 12(2), 40 http://www.ohchr.org/EN/ProfessionalInterest/Pages/CRC.aspx
UN, International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families (1990), Articles 16, 18 http://www2.ohchr.org/english/bodies/cmw/cmw.htm
Rome Statute of the International Criminal Court (1998), Article 55 http://www.icc-cpi.int/nr/rdonlyres/ea9aeff7-5752-4f84-be94-0a655eb30e16/0/rome_statute_english.pdf
OAS, American Convention on Human Rights (‘Pact of San Jose’) (1969), Articles 8, 25 http://www.oas.org/dil/treaties_B-32_American_Convention_on_Human_Rights.htm
LAS, Arab Charter on Human Rights (Revised) (2004), Articles 7, 9 http://www.refworld.org/docid/3ae6b38540.html
LAS, The Riyadh Arab Agreement for Judicial Cooperation (1983), Articles 3-4 http://www.refworld.org/docid/3ae6b38d8.html

Soft Law

Council of Europe

Council of Europe Commission for Democracy through Law (Venice Commission), Report on the Independence of the Judicial System Part I: The Independence of Judges, CDL-AD(2010)004 http://www.venice.coe.int/webforms/documents/?pdf=CDL-AD(2010)004-e
Venice Commission, Report on European Standards as regards the Independence of the Judicial System: Part II – the Prosecution Service, CDL-AD(2010)040 http://www.venice.coe.int/webforms/documents/?pdf=CDL-AD(2010)040-e
Venice Commission, Report on Judicial Appointments, CDL-AD(2007)028 http://www.venice.coe.int/webforms/documents/default.aspx?pdffile=CDL-AD%282007%29028-e
Venice Commission, Compilation of Venice Commission opinions, reports and studies on Constitutional Justice, CDL-PI(2015)002 http://www.venice.coe.int/webforms/documents/?pdf=CDL-PI%282015%29002-e
Venice Commission, Compilation of Venice Commission Opinions and Reports concerning Prosecutors, CDL-PI(2015)009 http://www.venice.coe.int/webforms/documents/?pdf=CDL-PI%282015%29009-e
Venice Commission, Compilation of Venice Commission Opinions and Reports concerning Courts and Judges, CDL-PI(2015)001 http://www.venice.coe.int/webforms/documents/?pdf=CDL-PI%282015%29001-e
Council of Europe, Recommendation CM/Rec(94)12 of the Committee of Ministers to member States on the Independence, Efficiency and Role of Judges (1994)
https://wcd.coe.int/ViewDoc.jsp?id=524871&Site=CM&BackColorInternet=C3C3C3&BackCo lorIntranet=EDB021&BackColorLogged=F5D383
Council of Europe, Recommendation CM/Rec(2010)12 of the Committee of Ministers to member States on judges: independence, efficiency and responsibilities https://wcd.coe.int/ViewDoc.jsp?id=1707137
Council of Europe, Recommendation CM/Rec(2000)19 of the Committee of Ministers to member States on the role of public prosecution in the criminal justice system https://wcd.coe.int/com.instranet.InstraServlet?command=com.instranet.CmdBlobGet&Instra netImage=2719990&SecMode=1&DocId=366374&Usage=2
Council of Europe, Recommendation CM/Rec(2012)11 of the Committee of Ministers to member States on the role of public prosecutors outside the criminal justice system https://wcd.coe.int/ViewDoc.jsp?id=1979395&Site=CM&BackColorInternet=C3C3C3&BackC olorIntranet=EDB021&BackColorLogged=F5D383
Consultative Council of European Judges (CCJE), Opinion No. 1 on standards concerning the independence of the judiciary and the irremovability of judges (2001) https://www.coe.int/t/dghl/monitoring/greco/evaluations/round4/CCJE%20Opinion%201_EN. pdf
Council of Europe, Recommendation No. R(2000)21 of the Committee of Ministers to member States on the freedom of exercise of the profession of lawyer https://wcd.coe.int/ViewDoc.jsp?id=380771&Site=CM&BackColorInternet=C3C3C3&BackCo lorIntranet=EDB021&BackColorLogged=F5D383

European Union

European Network of Councils for the Judiciary, Dublin Declaration on Standards for the Recruitment and Appointment of Members of the Judiciary (2012) http://www.encj.eu/images/stories/pdf/GA/Dublin/encj_dublin_declaration_def_dclaration_de _dublin_recj_def.pdf
European Network of Councils for the Judiciary, Judicial Ethics: Principles, Values and Qualities (2010) http://encj.eu/images/stories/pdf/ethics/judicialethicsdeontologiefinal.pdf
European Network of Councils for the Judiciary, Resolution on Transparency and Access to Justice (2009) http://encj.eu/images/stories/pdf/opinions/resolutionbucharest29may_final.pdf
Council of Bars and Law Societies in Europe, Charter of Core Principles of the European Legal Profession (2006) and Code of Conduct for European Lawyers (1988, latest amendment 2006) http://www.ccbe.eu/fileadmin/user_upload/NTCdocument/EN_CCBE_CoCpdf1_1382973057 .pdf
European Association of Judges, Judges’ Charter in Europe (1997) http://www.richtervereinigung.at/international/eurojus1/eurojus15a.htm

United Nations

UN, Universal Declaration of Human Rights (1948), Articles 8, 10 http://www.un.org/en/documents/udhr/
UN Human Rights Council Resolution 25/4, Integrity of the judicial system (2014) http://ap.ohchr.org/documents/dpage_e.aspx?si=A/HRC/RES/25/4
UN Human Rights Council, Resolution 23/6, Independence and impartiality of the judiciary, jurors and assessors and the independence of lawyers (2013) http://daccess-dds-ny.un.org/doc/UNDOC/GEN/G13/148/94/PDF/G1314894.pdf?OpenElement
UN Declaration of the High-level Meeting of the General Assembly on the Rule of Law at the National and International Levels (2012), para 13 http://www.unrol.org/article.aspx?article_id=192
UN Human Rights Committee, General Comment No. 32 (2007), Article 14: Right to equality before courts and tribunals and to a fair trial http://www1.umn.edu/humanrts/gencomm/hrcom32.html
UN Office on Drugs and Crime Judicial Group on Strengthening Judicial Integrity, The Bangalore Principles of Judicial Conduct (2002) http://www.unodc.org/pdf/crime/corruption/judicial_group/Bangalore_principles.pdf
UN OHCHR, Principles relating to the Status of National Institutions (The Paris Principles) (1993), section 2 (Composition and guarantees of independence and pluralism) http://www.ohchr.org/EN/ProfessionalInterest/Pages/StatusOfNationalInstitutions.aspx
UN Basic Principles on the Role of Lawyers (welcomed by General Assembly resolution 45/166, 1990) http://www.ohchr.org/EN/ProfessionalInterest/Pages/RoleOfLawyers.aspx
UN Guidelines on the Role of Prosecutors (welcomed by General Assembly resolution 45/166, 1990) http://www.ohchr.org/EN/ProfessionalInterest/Pages/RoleOfProsecutors.aspx
UN Draft Universal Declaration on the Independence of Justice (“Singhvi Declaration”) (referenced by UN Commission on Human Rights, resolution 1989/32) http://icj.wpengine.netdna-cdn.com/wp-content/uploads/2014/03/SR-Independence-of-Judges-and-Lawyers-Draft-universal-declaration-independence-justice-Singhvi-Declaration-instruments-1989-eng.pdf
UN Basic Principles on the Independence of the Judiciary (endorsed by General Assembly resolutions 40/32 and 40/146, 1985) http://www.ohchr.org/EN/ProfessionalInterest/Pages/IndependenceJudiciary.aspx
United Nations Principles and Guidelines on Access to Legal Aid in Criminal Justice Systems https://www.unodc.org/documents/justice-and-prison-reform/UN_principles_and_guidlines_on_access_to_legal_aid.pdf
International Association of Prosecutors, Standards of professional responsibility and Statement of the essential duties and rights of prosecutors (1999) http://www.iap-association.org/getattachment/34e49dfe-d5db-4598-91da-16183bb12418/Standards_English.aspx
OSCE Ministerial Council Decision No. 12/05 on Upholding Human Rights and the Rule of Law in Criminal Justice Systems (Ljubljana) http://www.osce.org/mc/17347?download=true
OSCE, Brussels Declaration on Criminal Justice Systems (2006) http://www.osce.org/mc/23017?download=true

The Commonwealth of Nations

Charter of the Commonwealth (2013), section 7 http://thecommonwealth.org/sites/default/files/page/documents/CharteroftheCommonwalth.pdf
Commonwealth (Latimer House) Principles on the Accountability of and the Relationship Between the Three Branches of Government (2003), Principles III-VI http://www.cmja.org/downloads/latimerhouse/commprinthreearms.pdf
Harare Commonwealth Declaration (1991), para 4 http://thecommonwealth.org/sites/default/files/history-items/documents/Harare%20Commonwealth%20Declaration%201991.pdf
Limassol Conclusions on Combating Corruption within the Judiciary (2002) http://www.cmja.org/downloads/limassolconclusionwithannexe.pdf

Organization for Security and Co-operation in Europe

Organization for Security and Co-operation in Europe, Office for Democratic Institutions and Human Rights, ‘Kyiv Recommendations on Judicial Independence in Eastern Europe, South Caucasus and Central Asia: Judicial Administration, Selection and Accountability’ (2010) http://www.osce.org/odihr/KyivRec?download=true
Organization for Security and Co-operation in Europe, Office for Democratic Institutions and Human Rights, Legal Digest of International Fair Trial Rights, http://www.osce.org/odihr/94214.

Other International Organisations

OAS, American Declaration of the Rights and Duties of Man (1948), Articles XVII, XXVI http://www.oas.org/dil/1948%20American%20Declaration%20of%20the%20Rights%20and%20Duties%20of%20Man.pdf
OAS, Inter-American Democratic Charter (2001), Articles 2-4 http://www.oas.org/OASpage/eng/Documents/Democractic_Charter.htm
African Union (AU), Constitutive Act (2000), Article 4(m) http://www.au.int/en/sites/default/files/ConstitutiveAct_EN.pdf
AU, African Charter on Human and People’s Rights (Banjul Charter) (1981), Articles 7, 26 http://www.unhcr.org/refworld/pdfid/3ae6b3630.pdf
ASEAN, Human Rights Declaration (2012), para 5 Available at http://aichr.org/documents
SAARC, Charter of Democracy (2011) http://saarc-sec.org/SAARC-Charter-of-Democracy/88/

Other

American Bar Association Rule of Law Initiative – Arab Council for Judicial and Legal Studies, Justice Sector Benchmarks – A User’s Guide for Civil Society Organizations http://www.albersconsulting.eu/justicebenchmarks.html
The Appointment, Tenure and Removal of Judges under Commonwealth Principles: A Compendium and Analysis of Best Practice (J. van Zyl Smit, Report of Research Undertaken by Bingham Centre for the Rule of Law) (2015) http://www.biicl.org/documents/689_bingham_centre_compendium.pdf
Bingham Center for the Rule of Law, Cape Town Principles on the Role of Independent Commissions in the Selection and Appointment of Judges (2016) http://www.biicl.org/documents/868_cape_town_principles_-_february_2016.pdf

Examples of particular challenges to the Rule of Law

Hard Law

Corruption

Council of Europe, Criminal Convention against Corruption, http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/173
Council of Europe, Civil Convention on Corruption, http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/174
Council of Europe, Additional Protocol to the Criminal Law Convention on Corruption http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/191
UN, Convention Against Corruption (2003) http://www.unodc.org/unodc/en/treaties/CAC/
OAS, Inter-American Convention against Corruption (1996) http://www.oas.org/juridico/english/treaties/b-58.html

Collection of data and surveillance

Council of Europe, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108European Union, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046&from=EN

Soft Law

Corruption

Council of Europe, Recommendation CM/Rec(2000)10 of the Committee of Ministers to members States on codes of conduct for public officials, https://wcd.coe.int/ViewDoc.jsp?id=353945&Site=CM&BackColorInternet=C3C3C3&BackCo lorIntranet=EDB021&BackColorLogged=F5D383
CM/Res (97) 24 on the twenty guiding principles for the fight against corruption https://wcd.coe.int/ViewDoc.jsp?id=593789&Site=CM&BackColorInternet=C3C3C3&BackColorIntranet=EDB021&BackColorLogged=F5D383
Group of States Against Corruption (GRECO), Immunities of public officials as possible obstacles in the fight against corruption, in Lessons learned from the three Evaluation Rounds (2000-2010) – Thematic Articles https://www.coe.int/t/dghl/monitoring/greco/general/Compendium_Thematic_Articles_EN.pdf
European Union, regular EU-Anti Corruption report, e.g. COM(2014) 38 final as of 3 February 2015 http://ec.europa.eu/dgs/home-affairs/e-library/documents/policies/organized-crime-and-human-trafficking/corruption/docs/acr_2014_en.pdf

Collection of data and surveillance

European Commission for Democracy through Law (Venice Commission), Opinion on Video Surveillance in Public Places by Public Authorities and the Protection of Human Rights, CDL-AD(2007)014 http://www.venice.coe.int/webforms/documents/?pdf=CDL-AD%282007%29014-e
European Commission for Democracy through Law (Venice Commission Report on the Democratic Oversight of Signals Intelligence Agencies, CDL-AD(2015)011 http://www.venice.coe.int/webforms/documents/?pdf=CDL-AD%282015%29011-e

ENDNOTES

1 See, for example, FRA (Fundamental Rights Agency) (2016), Fundamental rights: challenges and achievements in 2015 – FRA Annual report 2013, Luxembourg, Publications Office of the European Union (Publications Office),Chapter 7 (upcoming).
2 Cf. CDL-AD(2011)003rev, § 30ff.
3 CDL-AD(2011)003rev.
4 See Parliamentary Assembly of the Council of Europe, Motion for a resolution presented by Mr Holovaty and others, The principle of the rule of law, Doc. 10180, § 10. In this context, see also the Copenhagen document of the CSCE, para. 2: “[participating States] consider that the rule of law does not mean merely a formal legality which assures regularity and consistency in the achievement and enforcement of democratic order, but justice based on the recognition and full acceptance of the supreme value of the human personality and guaranteed by institutions providing a framework for its fullest expression.”
5 Tom Bingham, The Rule of Law (2010).
6 Council conclusions on fundamental rights and rule of law and on the Commission 2012 Report on the Application of the Charter of Fundamental Rights of the European Union, Justice and Home Affairs Council Meeting, Luxembourg, 6-7 June 2013,   part c, available at: http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/jha/137404.pdf.
7 Communication from the European Commission to the European Parliament and the Council, ‘A new EU Framework to strengthen the Rule of Law’, COM(2014) 158 final/2, http://ec.europa.eu/justice/effective-justice/files/com_2014_158_en.pdf.
8 This document is a joint publication of the United Nations Department of Peacekeeping Operations (DPKO) and the Office of the United Nations High Commissioner for Human Rights (OHCHR).
9 See FRA (2014), An EU internal strategic framework for fundamental rights: joining fundamental rights: joining forces to achieve better results. Luxembourg, Publications Office of the European Union (Publications Office).
10 On the issue, see in particular the Report on the Rule of Law adopted by the Venice Commission, CDL-AD(2011)003rev, § 59-61. The report also underlines (§ 41) that “[a] consensus can now be found for the necessary elements of the Rule of Law as well as those of the Rechtsstaat which are not only formal but also substantial or material” (emphasis added).
11 Rule of Law. A Guide for Politicians, HIIL, Lund/The Hague, 2012, p. 6.
12 Venice Commission Report on the Rule of Law, CDL-AD(2011)003rev, § 37.
13 See for example ECtHR, Centro Europe 7 and di Stefano v. Italy, 38433/09, 7 June 2012, § 134, 156; B?rbulescu v. Romania, 61496/08, 12 January 2016, § 52ff.
14 See ECtHR, Sylvester v. Austria, 36812/97 and 40104/98, 24 April 2003, § 63; P.P. v. Poland, 8677/03, 8 January 2008, § 88.
15 As Rule of Law guarantees apply not only to human rights law but to all laws.
16 The principle of legality is explicitly recognised as an aspect of the Rule of Law by the European Court of Justice, see ECJ, C-496/99 P, Commission v. CAS Succhi di Frutta, 29 April 2004, § 63.
17 This results from the principle of separation of powers, which also limits the discretion of the executive: cf. CM(2008)170, The Council of Europe and the Rule of Law, § 46.
18 The Venice Commission is in principle favourable to full review of constitutionality, but a proper implementation of the Constitution is sufficient: cf. CDL-AD(2008)010, Opinion on the Constitution of Finland, § 115ff. See especially the section on Constitutional Justice (II.E.3).
19 On the hierarchy of norms, see CDL-JU(2013)020, Memorandum – Conference on the European standards of Rule of Law and the scope of discretion of powers in the member States of the Council of Europe (Yerevan, Armenia, 3-5 July 2013).
20 The reference to « law » for acts and decisions affecting human rights is to be found in a number of provisions of the European Convention on Human Rights, including Article 6.1, 7 and Articles 8.2, 9.2, 10.2 and 11.2 concerning restrictions to fundamental freedoms. See, among many other authorities, ECtHR Amann v. Switzerland, 27798/95,
16 February 2000, § 47ff; Slivenko v. Latvia, 48321/99, 9 October 2003, § 100; X. v. Latvia, 27853/09, 26 November 2013, § 58; Kuri? and Others v. Slovenia, 26828/06, 12 March 2014, § 341.
21 Discretionary power is, of course, permissible, but must be controlled. See below II.C.1.
22 Cf. below II.A.8.
23 For a recent reference to positive obligations of the State to ensure the fundamental rights of individuals vis-à-vis private actors, see ECtHR B?rbulescu v. Romania, 61496/08, 12 January 2016, § 52ff (concerning Article 8 ECHR).
24 Law “comprises statute law as well as case-law”, ECtHR Achour v. France, 67335/01, 29 March 2006, § 42; cf Kononov v. Latvia [GC], 36376/04, 17 May 2010, § 185.
25 ECtHR The Sunday Times v. the United Kingdom (No. 1), 6538/74, 26 April 1979, § 46ff. On the conditions of accessibility and foreseeability, see, e.g., ECtHR Kuri? and Others v. Slovenia, 26828/06, 26 June 2012, § 341ff; Amann v. Switzerland, 27798/95, 16 February 2000, § 50; Slivenko v. Latvia, 48321/99, 9 October 2003, § 100. The Court of the European Union considers that the principles of legal certainty and legitimate expectations imply that “the effect of Community legislation must be clear and expectable to those who are subject to it”: ECJ, 212 to 217/80, Amministrazione delle finanze dello Stato v. SRL Meridionale Industria Salumi and Others, 12 November 1981, § 10; or “that legislation be clear and precise and that its application be foreseeable for all interested parties”: CJEU, C-585/13, Europäisch-Iranische Handelsbank AG v. Council of the European Union, 5 March 2015, § 93; cf. ECJ, C-325/91, France v Commission, 16 June 1993, § 26. For more details, see II.B (legal certainty).
26 Cf. Article 26 (pacta sunt servanda) and Article 27 (internal law and observance of treaties) of the 1969 Vienna Convention on the Law of Treaties; CDL-STD(1993)006, The relationship between international and domestic law, § 3.6 (treaties), 4.9 (international custom), 5.5 (decisions of international organisations), 6.4 (international judgments and rulings); CDL-AD(2014)036, Report on the Implementation of Human Rights Treaties in Domestic Law and the Role of Courts, § 50.
27 Article 27 of the Vienna Convention on the Law of Treaties; see also Article 46 (Provisions of internal law regarding the competence to conclude treaties).
28 See Article 80 of the German Constitution; Article 76 of the Italian Constitution; Article 92 of the Constitution of Poland; Article 290.1 of the Treaty on the Functioning of the European Union, which states that “[t]he essential elements of an area shall be reserved for the legislative act and accordingly shall not be the subject of a delegation of power”.
29        ECtHR Sunday Times, above note 25.
30        On the need to clarify and streamline legislative procedures, see e.g. CDL-AD(2012)026, § 79; cf. CDL-AD(2002)012, Opinion on the draft revision of the Romanian Constitution, § 38ff.
31        According to the European Court of Human Rights, exacting and pertinent review of (draft) legislation, not only a posteriori by the judiciary, but also a priori by the legislature, makes restrictions to fundamental rights guaranteed by the Convention more easily justifiable: ECtHR Animal Defenders International v. the United Kingdom, 48876/08, 22 April 2013, §106ff.
32        UN Human Rights Committee, General Comment No. 25 (1996), Article 25 (Participation in Public Affairs and the Right to Vote) – The Right to Participate in Public Affairs, Voting Rights and the Right of Equal Access to Public Service, – provides that “[c]itizens also take part in the conduct of public affairs by exerting influence through       public debate” (§         8).        Available        at            http://www.refworld.org/cgi-
bin/texis/vtx/rwmain?page=search&docid=453883fc22&skip=0&query=general comment         25.       The      CSCE Copenhagen Document provides that legislation is “adopted at the end of a public procedure” and the 1991 Moscow Document (http://www.osce.org/odihr/elections/14310) states that “[L]egislation will be formulated and adopted as the result of an open process” (§ 18.1).
33        ECtHR Hatton v. the United Kingdom, 36022/97, 8 July 2003, § 128: “A governmental decision-making process concerning complex issues of environmental and economic policy such as in the present case must necessarily involve appropriate investigations and studies in order to allow them to strike a fair balance between the various conflicting interests at stake.” See also Evans v. the United Kingdom, 6339/05, 10 April 2007, § 64. About the absence of real parliamentary debate since the adoption of a statute, which took place in 1870, see Hirst (No. 2) v. the United Kingdom, 74025/01, 6 October 2005, § 79. In Finland, the instructions for law-drafting include such a requirement.
34        Cf. Article 15 ECHR (“derogation in time of emergency”); Article 4 ICCPR; Article 27 ACHR. For an individual application of Article 15 ECHR, see ECtHR A. and Others v. the United Kingdom, 3455/05, 19 February 2009, § 178, 182: a derogation to Article 5 § 1 ECHR was considered as disproportionate. On emergency powers, see also CDL-STD(1995)012, Emergency Powers; CDL-AD(2006)015, Opinion on the Protection of Human Rights in Emergency Situations.
35        CDL-AD(2006)015, § 33.
36        Article 15 ECHR: Article 4 ICCPR; Article 27 ACHR.
37        CDL-AD(2006)015, § 9. On derogations under Article 15 ECHR, see more generally CDL-AD(2006)015, § 9ff, and the quoted case-law.
38        On the need for effective and dissuasive sanctions, see e.g. CDL-AD(2014)019, § 89; CDL-AD(2013)021, § 70.
39        The need for ensuring proper implementation of the legislation is often underlined by the Venice Commission: see e.g. CDL-AD(2014)003, § 11: “the key challenge for the conduct of genuinely democratic elections remains the exercise of political will by all stakeholders, to uphold the letter and the spirit of the law, and to implement it fully and effectively”; CDL-AD(2014)001, § 85.
40        Cf. Article 124 of the Constitution of Finland: “A public administrative task may be delegated to others than public authorities only by an Act or by virtue of an Act, if this is necessary for the appropriate performance of the task and if basic rights and liberties, legal remedies and other requirements of good governance are not endangered.”
41        ECtHR Fazlyiski v. Bulgaria, 40908/05, 16 April 2013, § 64-70, in particular § 65; Ryakib Biryukov v. Russia, 14810/02, 17 January 2008, in particular § 30ff; cf. Kononov v. Latvia, 36376/04, 17 May 2010, § 185.
42        ECtHR The Sunday Times v. the United Kingdom (No. 1), 6538/74, 26 April 1979, § 46ff; Rekvényi v. Hungary, 25390/94, 20 May 1999, § 34ff.
43        ECtHR The Sunday Times v. the United Kingdom (No. 1), 6538/74, 26 April 1979, § 49.
44        The Venice Commission has addressed the issue of stability of legislation in the electoral field: Code of Good Practice in Electoral Matters, CDL-AD(2002)023rev, II.2; Interpretative Declaration on the Stability of the Electoral Law, CDL-AD(2005)043.
45        For example, individuals who have been encouraged to adopt a behaviour by Community measures may legitimately expect not to be subject, upon the expiry of this undertaking, to restrictions which specifically affect them precisely because they availed themselves of the possibilities offered by the Community provisions: ECJ, 120/86, Mulder v. Minister van Landbouw en Visserij, 28 April 1988, § 21ff. In the case-law of the European Court of Human Rights, the doctrine of legitimate expectations essentially applies to the protection of property as guaranteed by Article 1 of the First Additional Protocol to the European Convention on Human Rights: see e.g. ECtHR Anhaeuser-Busch Inc. v. Portugal [GC], 73049/01, 11 January 2007, § 65; Gratzinger and Gratzingerova v. the Czech Republic [GC] (dec.), 39794/98, 10 July 2002, § 68ff; National & Provincial Building Society, Leeds Permanent Building Society and Yorkshire Building Society v. the United Kingdom, 21319/93, 21449/93, 21675/93, 21319/93, 21449/93 and 21675/93, 23 October 1997, § 62ff.
46        See Article 7.1 ECHR, Article 15 ICCPR, Article 9 ACHR, Article 7.2 of the African (Banjul) Charter on Human and Peoples’ Rights [ACHPR] for criminal law; Article 28 of the Vienna Convention on the Law of Treaties for international treaties.
47        The principle of non-retroactivity does not apply when the new legislation places individuals in a more favourable position. The European Court of Human considers that Article 7 ECHR includes the principle of retrospectiveness of the more lenient criminal law: see Scoppola v. Italy (No. 2), 10249/03, 17 September 2009.
48        Article 4 Protocol 7 ECHR, Article 14.7 ICCPR, Article 8.4 ACHR (in the penal field); on the respect of the principle of res judicata, see e.g. ECtHR Brum?rescu v. Romania, 28342/95, 28 October 1999, § 62; Kulkov and Others v. Russia, 25114/03, 11512/03, 9794/05, 37403/05, 13110/06, 19469/06, 42608/06, 44928/06, 44972/06 and 45022/06, 8 January 2009, § 27; Duca v. Moldova, 75/07, 3 March 2009, § 32. The Court considers respect of res judicata as an aspect of legal certainty. Cf. Marckx v. Belgium, 6833/74, 13 June 1979, § 58.
49        Cf. The Council of Europe and the Rule of Law – An overview, CM(2008)170, 21 November 2008, § 48.
50        Protection against arbitrariness was mentioned by the European Court of Human Rights in a number of cases. In addition to those quoted in the next note, see e.g. Husayn (Abu Zubaydah) v. Poland, 7511/13, 24 July 2014, § 521ff; Hassan v. the United Kingdom, 29750/09, 16 September 2014, § 106; Georgia v. Russia (I), 13255/07, 3 July 2014, § 182ff (Article 5 ECHR); Ivinovi? v. Croatia, 13006/13, 18 September 2014, § 40 (Article 8 ECHR). For the Court of Justice of the European Union, see e.g. ECJ, 46/87 and 227/88, Hoechst v. Commission, 21 September 1989, § 19; T-402/13, Orange v. European Commission, 25 November 2014, § 89. On the limits of discretionary powers, see Appendix to Recommendation of the Committee of Ministers on good administration, CM/Rec(2007)7, Article 2.4 (“Principle of lawfulness”): “[Public authorities] shall exercise their powers only if the established facts and the applicable law entitle them to do so and solely for the purpose for which they have been conferred”.
51        CM(2008)170, The Council of Europe and the Rule of Law, § 46; ECtHR Malone, 8691/79, 2 August 1984, § 68; Segerstedt-Wiberg and Others v. Sweden, 62332/00, 6 June 2006, § 76 (Article 8). The complexity of modern society means that discretionary power must be granted to public officials. The principle by which public authorities must strive to be objective (“sachlich”) in a number of States such as Sweden and Finland goes further than simply forbidding discriminatory treatment and is seen as an important factor buttressing confidence in public administration and social capital.
52        See e.g. Article 41.1.c of the Charter of Fundamental Rights of the European Union. Cf. also item II.E.2.c.vi and note 126.
53        See for exemple, Article 14 ECHR; Protocol 12 ECHR; Articles 12, 26 ICCPR, Article 24 ACHR; Article ACHPR.
54        Cf. e.g. CDL-AD(2014)010, § 41-42; CDL-AD(2013)032, Opinion on the Final Draft Constitution of the Republic of Tunisia, § 44ff: equality should not be limited to citizens and include a general non-discrimination clause.
55        CDL-AD(2014)011, Report on the Scope and Lifting of Parliamentary Immunities (§ 200); ECtHR Cordova v. Italy, No. 1 and No. 2, 40877/98 and 45649/99, 30 January 2003, § 58-67.
56        ECRI (European Commission against Racism and Intolerance) Recommendation No. 7, § 5.
57        For example, Article 1.2 Protocol 12 ECHR makes clear that “any public authority” – and not only the legislator – has to respect the principle of equality. Article 26 ICCPR States that “All persons are equal before the law and are entitled without discrimination to the equal protection of the law”. “The principle of equal treatment is a general principle of European Union law, enshrined in Articles 20 and 21 of the Charter of Fundamental Rights of the European Union”: CJEU, C-550/07 P, Akzo Nobel Chemicals and Akcros Chemicals v Commission, 14 September 2010, § 54.
58        A distinction is admissible if the situations are not comparable and/or if it is based on an objective and reasonable justification: See ECtHR Hämäläinen v. Finland, 37359/09, 26 July 2014, § 108: “The Court has established in its case-law that in order for an issue to arise under Article 14 there must be a difference in treatment of persons in relevantly similar situations. Such a difference of treatment is discriminatory if it has no objective and reasonable justification; in other words, if it does not pursue a legitimate aim or if there is not a reasonable relationship of proportionality between the means employed and the aim sought to be realised. The Contracting States enjoy a margin of appreciation in assessing whether and to what extent differences in otherwise similar situations justify a difference in treatment (see Burden v. the United Kingdom GC, no. 13378/05, § 60, ECHR 2008)”.
59        Cf. Article 13 ECHR; Article 2.3 ICCPR ; Article 25 ACHR ; Article 7.1.a ACHPR.
60        Cf. Article 1.4 and 2.2 of the International Convention on the Elimination of All Forms of Racial Discrimination (CEDR); Article 4 of the Convention on the Elimination of All Forms of Discrimination against Women (CEDAW); Article 5.4 of the Convention on the Rights of Persons with Disabilities (CRPD).
61        On the issue of access to justice and the Rule of Law, see SG/Inf(2016)3, Challenges for judicial independence and impartiality in the member States of the Council of Europe, Report prepared jointly by the Bureau of the CCJE and the Bureau of the CCPE for the attention of the Secretary General of the Council of Europe as a follow-up to his 2015 report entitled “State of Democracy, Human Rights and the Rule of Law in Europe – a shared responsibility for democratic security in Europe.
62        CDL-AD(2010)004, § 22: “The basic principles ensuring the independence of the judiciary should be set out in the Constitution or equivalent texts”.
63        Cf. CM/Rec(2010)12 of the Committee of Ministers to member States on judges: independence, efficiency and responsibilities, § 49ff; CDL-AD(2010)004, § 33ff; for constitutional justice, see “The Composition of Constitutional Courts”, Science and Technique of Democracy No. 20, CDL-STD(1997)020, p. 18-19.
64        “Judges… should enjoy functional – but only functional – immunity (immunity from prosecution for acts performed in the exercise of their functions, with the exception of intentional crimes, e.g. taking bribes)”: CDL-AD(2010)004, §61.
65        OSCE Kyiv Recommendations on Judicial Independence, § 9.
66        Cf. CM/Rec(2010)12, § 44.
67        The Venice Commission considers it appropriate to establish a Judicial Council having decisive influence on decisions on the appointment and career of judges: CDL-AD(2010)004, § 32.
68        “A substantial element or a majority of the members of the Judicial Council should be elected by the Judiciary itself”: CDL-AD(2007)028, § 29.
69        CDL-AD(2010)038, Amicus Curiae Brief for the Constitutional Court of the “the former Yugoslav Republic of Macedonia” on amending several laws relating to the system of salaries and remunerations of elected and appointed officials.
70        Recommendation CM/Rec(2012)11 of the Committee of Ministers to member States on the role of public prosecutors outside the criminal justice system; CDL-AD(2010)040, § 81-83; CDL-AD(2013)025, Joint Opinion on the draft law on the public prosecutor’s office of Ukraine, § 16-28.
71        See in particular ECtHR Campbell and Fell v. the United Kingdom, 28 June 2014, 7819/77 and 7878/77, § 78.
72        Cf. CDL-AD(2010)004, § 43.
73        CDL-AD(2010)004, § 32.
74        Cf. Recommendation (94)12 of the Committee of Ministers on the Independence, Efficiency and Role of Judges (Principle I.2.a), which reflects a preference for a judicial council but accepts other systems.
75        CDL-AD(2007)028, Report on Judicial Appointments, § 44ff. The trend in Commonwealth countries is away from executive appointments and toward appointment commissions, sometimes known as judicial services commissions. See J. van Zyl Smit (2015), The Appointment, Tenure and Removal of Judges under Commonwealth Principles: A Compendium and Analysis of Best Practice (Report of Research Undertaken by Bingham Centre for the Rule of Law), available at http://www.biicl.org/documents/689_bingham_centre_compendium.pdf.
76        CDL-AD(2002)021, Supplementary Opinion on the Revision of the Constitution of Romania, § 21, 22.
77        See CDL-PI(2015)001, Compilation of Venice Commission Opinions and Reports concerning Courts and Judges, ch. 4.2, and the references.
78        CDL-INF(1999)005, Opinion on the reform of the judiciary in Bulgaria, § 28; see also, e.g., CDL-AD(2007)draft, Report on Judicial Appointments by the Venice Commission, § 33; CDL-AD(2010)026, Joint opinion on the draft law on the judicial system and the status of judges of Ukraine, § 97, concerning the presence of ministers in the judicial council.
79        CM/Rec(2010)12, § 33ff; CDL-AD(2010)004, § 52ff.
80        CDL-AD(2010)040, § 71ff.
81        Cf. CDL-AD(2012)014, Opinion on Legal Certainty and the Independence of the Judiciary in Bosnia and Herzegovina, § 81.
82        CDL-AD(2010)004, § 78; see e.g. European Commission on Human Rights, Zand v. Austria, 7360/76, 16 May 1977, D.R. 8, p. 167; ECtHR Fruni v. Slovakia, 8014/07, 21 June 2011, § 134ff.
83        On the allocation of cases, see CM/Rec(2010)12, § 24; CDL-AD(2010)004, § 73ff. The OSCE Kyiv Recommendations cite as a good practice either random allocation of cases or allocation based on predetermined, clear and objective criteria (§ 12).
84        CM/Rec(2010)12, § 22ff; CDL-AD(2010)004, § 68ff; CM/Rec(2000)19 of the Committee of Ministers to member States on the role of public prosecution in the criminal justice system, § 19; CDL-AD(2010)004, Report on the Independence of the Judicial System Part I: The Independence of Judges), § 72.
85        CDL-AD(2010)004, § 79.
86        Article 6.1 ECHR; Article 14.1 ICCPR; Article 8.1 ACHR; Article 7.1.d ACHPR. See also the various aspects of impartiality in the Bangalore principles of judicial conduct, Value 2, including absence of favour, bias or prejudice.
87        See e.g. ECtHR Micallef v. Malta GC], 17056/06, 15 October 2009, § 99-100.
88        On corruption, see in general II.F.1.
89        See e.g. ECtHR De Cubber v. Belgium, 9186/80, 26 October 1984, § 26: Micallef v. Malta, 17056/06, 15 October 2009, § 98; Oleksandr Volkov v. Ukraine, 21722/11, 9 January 2013, § 106.
90        CDL-AD(2011)017, Opinion on the introduction of changes to the constitutional law “on the status of judges” of Kyrgyzstan, § 15.
91        See in particular CM/Rec(2000)19, § 11ff; CDL-AD(2010)040, § 23ff.
92        Cf. CDL-AD(2010)040, § 22.
93        Cf. CDL-AD(2010)040, § 53ff.
94        CDL-AD(2010)040, § 34ff, 47ff.
95        CDL-AD(2010)040, Report on European Standards as regards the Independence of the Judicial System: Part II -the Prosecution Service, § 39.
96        CDL-AD(2010)040, § 52.
97        CDL-AD(2010)040, § 69.
98        See II.A.1.
99        CDL-AD(2010)040, § 7, 53ff.
100      See II.E.1.a.xiv for judges.
101      See Recommendation No. R(2000)21 of the Committee of Ministers to member States on the freedom of exercise of the profession of lawyer.
102      International Bar Association – International Principles of Conduct for the Legal Profession, 1.1.
103      Ibid., 2.1.
104      Ibid., 3.1.
105      Ibid., 5.1.
106      Article 6 ECHR, Article 14 ICCPR, Article 8 ACHR, Article 7 ACHPR. The right to a fair trial was recognised by the European Court of Justice, as “inspired by Article 6 of the ECHR”: C-174/98 P and C-189/98 P, Netherlands and Van der Wal v Commission, 11 January 2000, § 17. See now Article 47 of the Charter of Fundamental Rights.
107      “The degree of access afforded by the national legislation must also be sufficient to secure the individual’s “right to a court”, having regard to the principle of the Rule of Law in a democratic society. For the right of access to be effective, an individual must have a clear, practical opportunity to challenge an act that is an interference with his rights”, ECtHR Bellet v. France, 23805/94, 4 December 1995, § 36; cf. ECtHR M.D. and Others v. Malta, 64791/10, 17 July 2012, § 53.
108      Article 6.3.b-c ECHR, Article 14.3 ICCPR; Article 8.2 ACHR; the right to defence is protected by Article 6.1 ECHR in civil proceedings, see e.g. ECtHR Oferta Plus SRL v. Moldova, 14385/04, 19 December 2006, § 145. It is recognised in general by Article 7.1.c ACHPR.
109      Article 6.3.c ECHR, Article 14.3.d ICCPR for criminal proceedings; the right to legal aid is provided up to a certain extent by Article 6.1 ECHR for civil proceedings: see e.g. ECtHR A. v. the United Kingdom, 35373/97, 17 December 2002, § 90ff; for constitutional courts in particular, see CDL-AD(2010)039rev, Study on individual access to constitutional justice, § 113.
110      For constitutional justice, see CDL-AD(2010)039rev, § 125.
111      For constitutional justice, see CDL-AD(2010)039rev, § 112; for time limits for taking the decision, see § 149.
112      On excessive court fees, see e.g. ECtHR Kreuz v. Poland (no. 1)¸ 28249/95, 19 June 2001, § 60-67; Weissman and Others v. Romania, 63945/00, 24 May 2006, § 32ff; Scordino v. Italy, 36813/97, 29 March 2006, § 201; Sakhnovskiy v. Russia, 21272/03, 2 November 2010, § 69; on excessive security for costs, see e.g. ECtHR Aït-Mouhoub v. France, 22924/93, 28 October 1998, § 57-58; Garcia Manibardo v. Spain, 38695/97, 15 February 2000, § 38-45; for constitutional justice, see CDL-AD(2010)039rev, § 117.
113      On the need for an effective right of access to court, see e.g. Golder v. the United Kingdom, 4451/70, 21 January 1975, § 26ff; Yagtzilar and Others v. Greece, 41727/98, 6 December 2001, § 20ff.
114      Article 6.2 ECHR; Article 15 ICCPR; Article 8.2 ACHR; Article 7.1.b ACHPR.
115      ECtHR Allenet de Ribemont v. France, 15175/89, 10 February 1995, § 32ff. On the involvement of authorities not belonging to the judiciary in issues linked to a criminal file, see CDL-AD(2014)013, Amicus Curiae Brief in the Case of Rywin v. Poland (Application Nos 6091/06, 4047/07, 4070/07) pending before the European Court of Human Rights (on Parliamentary Committees of Inquiry). The European Court of Human Rights decided on the Rywin case on 18 February 2016: see in particular § 200ff. On the issue of the systematic follow-up to prosecutors’ requests (prosecutorial bias), see item II.E.1.a.xiii.
116      ECtHR Saunders v. the United Kingdom, 19187/91, 17 December 1996, § 68-69; O’Halloran and Francis v.the United Kingdom, 5809/02 and 25624/02, 29 June 2007, § 46ff, and the quoted case-law. On the incrimination of members of one’s family, see e.g. International Criminal Court, Rules of Procedure and Evidence, Rule 75.1.
117      Cf. Article 5.3 ECHR.
118      “The burden of proof is on the prosecution”: ECtHR Barberá, Messegué and Jabardo v. Spain, 10590/83, 6 December 1988, § 77; Telfner v. Austria, 33501/96, 20 March 2001, § 15; cf. Grande Stevens and Others v. Italy, 18640/10, 18647/10, 18663/10, 18668/10 and 18698/10, 4 March 2014, § 159.
119      Human Rights Committee, General Comment No. 32, Article 14: Right to equality before courts and tribunals and to a fair trial, U.N. Doc. CCPR/C/GC/32 (2007), IV.
120      See e.g. Rowe and Davis v. the United Kingdom, 28901/95, 16 February 2000, § 60.
121      See e.g. Jalloh v. Germany, 54810/00, 17 July 2006, § 94ff, 104; Göçmen v. Turkey, 72000/01, 17 October 2006, § 75; O’Halloran and Francis v. the United Kingdom, 5809/02 and 25624/02, 29 June 2007, § 60.
122      Article 6.1 ECHR; Article 8.1 ACHR; Article 7.1.d ACHPR (« within reasonable time »).
123      CDL-AD(2010)039rev, § 94. See e.g. ECtHR Panju v. Belgium, 18393/09, 28 October 2014, § 53, 62 (the absence of an effective remedy in case of excessive length of proceedings goes against Article 13 combined with Article 6.1 ECHR).
124      This right is inferred in criminal matters from Article 6.3.b ECHR (the right to have adequate time and facilities for the preparation of one’s defence): see e.g. Foucher v. France, 22209/93, 18 March 1993, § 36.
125      Cf. ECtHR Micallef v. Malta, 17056/06, 15 October 2009, § 78ff; Neziraj v. Germany, 30804/07, 8 November 2012, § 45ff.
126      “Article 6 § 1 (Article 6-1) obliges the courts to give reasons for their judgments”: ECtHR Hiro Balani v. Spain, 18064/91, 9 September 1994, § 27; Jokela v. Finland, 28856/95, 21 May 2002, § 72; see also Taxquet v. Belgium, 926/05, 16 November 2010, § 83ff. Under the title “Right to good administration”, Article 41.2.c of the Charter of Fundamental Rights of the European Union provides for “the obligation of the administration to give reasons for its decisions”.
127      On appeals procedures, see ODIHR Legal Digest of International Fair Trial Rights, p. 227.
128      See e.g. Hirschhorn v. Romania, 29294/02, 26 July 2007, § 49; Hornsby v. Greece, 18357/91, 19 March 1997, § 40; Burdov v. Russia, 59498/00, 7 May 2002, § 34ff ; Gerasimov and Others v. Russia, 29920/05, 3553/06, 18876/10, 61186/10, 21176/11, 36112/11, 36426/11, 40841/11, 45381/11, 55929/11, 60822/11, 1 July 2014, § 167ff.
129      CDL-AD(2010)039rev, Study on individual access to constitutional justice, § 96.
130      CDL-AD(2010)039rev, § 62, 93, 165.
131      CDL-AD(2010)039rev, § 202; CDL-AD(2002)005 Opinion on the Draft Law on the Constitutional Court of the Republic of Azerbaijan, § 9, 10.
132      CDL-AD(2004)043, Opinion on the Proposal to Amend the Constitution of the Republic of Moldova (introduction of the individual complaint to the constitutional court), § 18, 19; CDL-AD(2008)030, Opinion on the Draft Law on the Constitutional Court of Montenegro, § 19; CDL AD(2011)040, Opinion on the law on the establishment and rules of procedure of the Constitutional Court of Turkey, § 24.
133      CDL-AD(2011)010, Opinion on the draft amendments to the Constitution of Montenegro, as well as on the draft amendments to the law on courts, the law on the State prosecutor’s office and the law on the judicial council of Montenegro, § 27; CDL-AD(2012)024, Opinion on two Sets of draft Amendments to the Constitutional Provisions relating to the Judiciary of Montenegro, § 33; CDL-AD(2009)014, Opinion on the Law on the High Constitutional Court of the Palestinian National Authority, § 13; The Composition of Constitutional Courts, Science and Technique of Democracy No. 20, CDL-STD(1997)020, pp. 7, 21.
134      CDL-AD(2008)010, Opinion on the Constitution of Finland, § 115ff.
135      There is only one (limited) exception in the Council of Europe member States with a constitutional jurisdiction:CDL-AD(2010)039rev, § 1, 52-53.
136      CDL-AD(2010)039rev, § 1ff, 54-55, 56 ff.
137      Cf. CDL-AD(2008)030, Opinion on the Draft Law on the Constitutional Court of Montenegro, § 71.
138      CDL-STD(1997)020, p. 21.
139      On the issue of corruption, see Group of States Against Corruption (GRECO), Immunities of public officials as possible obstacles in the fight against corruption, in Lessons learned from the three Evaluation Rounds (2000-2010) – Thematic Articles.
140      On the issue of corruption in the judiciary, see II.E.1.c.ii.
141      See Recommendation CM/Rec(2014)7 on the protection of whistle-blowers, of the Council of Europe’s Committee of Ministers.
142      See for example the United Nations Convention against Corruption; Criminal Law Convention on Corruption (CETS 173); Civil Law Convention on Corruption (CETS 174); Additional Protocol to the Criminal Law Convention on Corruption (CETS 191); CM/Rec(2000)10 on codes of conduct for public officials; CM/Res (97) 24 on the twenty guiding principles for the fight against corruption.
143      CM/Rec(2000)10 on codes of conduct for public officials, Article 13.
144      United Nations Convention against Corruption, in particular Article 8.5; CM/Rec(2000)10, Appendix – Model code of conduct for public officials, Articles 13ff; cf. CM/Res (97) 24 on the twenty guiding principles for the fight against corruption.
145      The Venice Commission adopted in 2013 a Report on the Role of Extra-Institutional Actors in the Democratic System (Lobbying) (CDL-AD(2013)011). The European Committee on Legal Co-operation (CDCJ) carried out in 2014 a feasibility study on a Council of Europe legal instrument concerning the legal regulation of lobbying activities. It is expected that the draft recommendation will be submitted for approval to the CDCJ plenary meeting in November 2016.
146      An early document (of 1981) is Article 5 of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS 108) ; see also Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Articles 6, 7; in the meantime in the EU a “Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” has been agreed on (Interinstitutional File 2012/0011 (COD) of Dec 15, 2015). Principles of data protection are enshrined in Art. 5. See also a “Proposal for a Directive of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purpose of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data” (Interinstitutional file: 2012/0010 (COD) of 16 December 2015. In 2013 the OECD adopted “The OECD Privacy Framework”, with “principles” in Part 2.
147      See the Proposal for a Regulation quoted in the previous footnote, Article 14; Directive 95/46/EC, Articles 10-11; CETS 108, Article 8.
148      CDL-AD(2007)014, § 83.
149      Cf. Articles 8 and 13 ECHR.
150      Cf. Articles 8 and 13 ECHR.
151      The level of the interference metadata collection involves in private life is disputed. The CJEU has extended privacy protection to metadata as well. The case law of the ECtHR so far accepts that lesser safeguards can apply for less serious interferences with private life. see CDL-AD(2015)006 §62, 63, 83. Where no prior judicial authorisation is provided for metadata collection, there must at least be strong independent post hoc review..
152      CDL-AD(2015)011, § 8, 69, 129; cf. ECtHR Liberty and others v. the United Kingdom, 58240/00, 1 July 2008, § 59 ff; Weber and Saravia v. Germany (dec.) 54934/00, 29 June 2006, § 85 ff.
153      CDL-AD(2015)011, § 24-27, 115ff, 129.
154      Cf. Articles 8 and 13 ECHR; CDL-AD(2015)011, § 26, 126 ff.
155      CDL-AD(2015)011, § 33.
156      CDL-AD(2015)011, § 1. See e.g. CJEU, C-212/13, František Ryneš v. Urad pro ochranu osobních údaj?, 11 December 2014. CDL-AD(2007)014, § 82.

Category: 3. Fundamental rights – Charter

The new proposal on the security of EU informations: transforming the EU “Bubble” in an EU “Fortress” ? (3)

3. How the INFOSEC proposal builds a wider, but still incomplete, legal framework for EU Classified informations (EUCI)

(EUROPEAN LAW BLOG) EU/US Adequacy Negotiations and the Redress Challenge: How to Create an Independent Authority with Effective Remedy Powers (2)

(EUROPEAN LAW BLOG) EU/US Adequacy Negotiations and the Redress Challenge: Whether a New U.S. Statute is Necessary to Produce an “Essentially Equivalent” Solution (1)

Worth Reading :”Understanding EU data protection policy “

VERFASSUNGSBLOG : A cautious green light for technology-driven mass surveillance

The Advocate General’s Opinion on the PNR Directive

by Christian Thönnes

What the AG has to say about the PNR Directive

Incompatibility with Digital Rights Ireland and its successors

Good reasons for applicability

An inaccurate conception of automated algorithmic profiling and base rate fallacy

Does the EU PNR Directive pave the way to Mass surveillance in the EU? (soon to be decided by the CJEU… )

Fundamental Rights European Experts Group

The European Commission’s Activation of Article 7: Better Late than Never?

The EU and the Spanish Constitutional Crisis

Refuge ou asile ? La situation de Carles Pbyuigdemont en Belgique au regard du droit de l’Union européenne

1. La recherche d’une terre d’asile

2. La recherche d’une terre de refuge

Worth Reading : the “Rule of Law Checklist”, of the Venice Commission adopted by the Parliamentary Assembly of the Council of Europe