Openness, Transparency and the Right of Access to Documents in the EU

THIS IS AN  “In-depth analysis” FOR THE PETITIONS COMMITTEE OF THE EUROPEAN PARLIAMENT. FULL TEXT ACCESSIBLE HERE 

AUTHORS : Deirdre CURTIN, Päivi LEINO-SANDBERG.

Abstract . Upon request of the PETI Committee, the Policy Department on Citizens’ Rights and Constitutional Affairs commissioned the present analysis, which examines the situation in relation to openness, transparency, access to documents and information in the EU. Case law and developments in the jurisprudence of the CJEU are examined, notably for legislative documents, documents relating to administrative proceedings, to Court proceedings, infringement proceedings and EU Pilot cases, protection of privacy and international relations. Current and future challenges, as well as conclusions and policy recommendations are set out, in order to ensure compliance with the Treaties’ and Charter of Fundamental Rights’ requirements aimed at enhancing citizens’ participation in the EU decision-making process, and consequently stronger accountability and democracy in the EU.

  1. OPENNESS, TRANSPARENCY AND THE RIGHT TO ACCESS DOCUMENTS IN THE EU

The Treaty of Lisbon, in force since December 2009, includes a number of reforms emphasising open-decision making, citizen participation and the role of transparency and good administration in building up the democratic credentials of the European Union (EU).

As regards democratic decision-making and transparency in particular, a specific Title in the Treaty on the European Union (TEU) now includes a number of core provisions on democratic principles, applicable in all areas of Union action.

They underline the principle of representative democracy through the European Parliament, representing the citizens directly at Union level, and through the governments forming the European Council and the Council and that are democratically accountable either to their national parliaments, or to their citizens.1

Even participatory democracy enjoys a pivotal role in the new Treaty framework; in order to guarantee the right of ’every citizen’ to ’participate in the democratic life of the Union’, the Treaty establishes that ’[d]ecisions shall be taken as openly and as closely as possible to the citizen’ and that both citizens and representatives should be given opportunities to ’make known and publicly exchange their views in all areas of Union action’.2

These provisions have a linkage both with the new citizens’ initiative3 and with Article 15 TFEU, which places the legislature under an obligation to act publicly, and establishes that citizens have the right to access documents held by all Union institutions, bodies and agencies.

The right of access to documents, and its nature as a fundamental right, is further emphasised by Article 42 of the EU Charter of Fundamental Rights, which now enjoys ‘the same legal value as the Treaties’.4

In practice, open decision-making is to a large extent realised through the right of the general public to access documents. Regulation No 1049/2001 on public access to documents held by the EU institutions (Access Regulation),5 builds on the principle of ‘widest possible access’, and has together with case law been instrumental in operationalising the right of citizen access by establishing procedures and standards for the exercise of their democratic rights.

All documents held by the European Parliament, Council and Commission are public, as the main principle, but certain public and private interests are protected through specific exceptions under Article 4. But as exceptions derogate from the principle of the widest possible public access to documents, they must, according to established case-law, be interpreted and applied narrowly.6

Article 15(3) TFEU extends the public right of access to documents of all the Union institutions, bodies, offices and agencies. The Court of Justice, the European Central Bank and the European Investment Bank are subject to this provision only when exercising their administrative tasks.

The original 2001 Regulation only directly applies to the European Parliament, the Council, and the Commission. However, its application has been extended to the agencies by virtue of a specific provision in their respective founding acts. Furthermore, a number of institutions and bodies have adopted voluntary acts laying down rules on access to their documents which are identical or similar to Regulation No 1049/2001.

It has been 15 years since the adoption of Regulation No 1049/2001. In the same time frame the Commission and the Council set about adopting internal rules based on their rules of procedure on security and other classifications for documents. Such rules continue to exist in amended form today and exist alongside the legislative rules on access to documents.

Discussions on the reform of Regulation No 1049/2001 have been pending since 2008.7

While one would think that the tendency was – in line with the recent Treaty reforms – to strengthen the rights of citizens further, in fact the opposite seems to be the case, with discussions on reform mainly circulating around new ways to limit citizen access,8 many of them in rather fundamental ways that seem to be at odds with the letter of the Treaties.

These discussions bear witness to what seems to be a change of paradigm and priorities.

The tendency since the Treaty of Maastricht has been to strengthen the rights of citizens,9 now this objective seems lees squarely at the forefront of either the policy agenda or actual institutional practice. Staffan Dahllöf, a journalist specialising in freedom of information, describes the situation as follows: The voices asking for openness and citizen’s involvement are today weaker and fewer than they were when the present rules were decided in 2001 – at least amongst the Member State governments, and definitely in the Commission. It’s more like the Empire strikes back.10

Since there is a complete impasse in the legislative procedure (already for a very long time) on amending the 2001 Regulation, the role of the CJEU is very much centre-stage with litigants attempting to challenge a range of embedded secretive practices across a range of institutions and tasks.11

From a democratic point of view this can be considered problematic as it shifts responsibility from the EU legislator to the courts who cannot re-design the system in the required manner but deal with issues on a case by case basis, as and when they are brought before it. The same applies to the European Ombudsman, although her work is increasingly significant in bringing specific secretive practices to light and tackling them both on a case by case basis and more structurally through a growing number of own initiative enquiries.

Keeping in mind Dahllöf’s accurate observation quoted above, opening negotiations on the reform of Regulation No 1049/2001 naturally brings with it a risk of discussions leading to a further tightening of the EU transparency regime. The current Commission is not necessarily positively disposed to increasing transparency (as evidenced in legal observations before the CJEU in particular), and it has the backup of the majority of Member States in the Council.

Despite this, we think that there should be an open discussion about the possibilities of increasing openness. If this proves to be impossible, the Parliament can always block any reform that could result in negative outcomes or a levelling down.

In this note we discuss recent developments in jurisprudence and the challenges that currently exist in the application of the Regulation No 1049/2001 with a focus on public access by citizens. We conclude with a number of policy recommendations for consideration.

CONTINUE READING...

NOTES (to the section above)

1 Article 10(1) and (2) TEU.
2 Article 10(3) TEU, Article 11 TEU.
3 See Regulation No 211/2011 on the citizens’ initiative, OJ L [2011] 65/1.
4 Article 6(1) TEU.
5 Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents, OJ L 145/43.
6 See e.g. C-280/11 P Council v Access Info Europe para 30 and the case law quoted in the paragraph.
7. See e.g. Ian Harden, ‘The Revision of Regulation 1049/2001 on Public Access to Documents’, 15(2) European Public Law (2009) 239-256.
8 See the open letter by Beatrice Ask, Minister for Justice, Sweden and Anna-Maja Henriksson, Minister of Justice, Finland, published at http://www.wobbing.eu/sites/default/files/Open%20letter.pdf.
9 For one account of the EU’s transparency development so far, see Deirdre Curtin, ’Judging EU Secrecy’, Cahiers de Droit Européen, 2012 (2) 459 – 490.
10 Staffan Dahllöf, ‘Guide to the battle of transparency – UPDATED’, 09/06/2012, available at the EU wobbing website http://www.wobbing.eu/news/guide-battle-transparency-%E2%80%93-updated. On the varying positions of the Member States to the reform process, see M.Z. Hillebrandt, D.M. Curtin and A.J. Meijer, ‘Transparency in the EU Council of Ministers: An Institutional Analysis’, 20(1) European Law Journal, 2014, 1-20.
11 For a discussion, see Päivi Leino, “Transparency, Participation and EU Institutional Practice: An Inquiry into the Limits of the ‘Widest Possible’”, EUI Working Paper (LAW 3/2014).

European Data Protection Supervisor Opinion on the EU-U.S. Privacy Shield draft adequacy decision

ORIGINAL PUBLISHED HERE

Executive Summary (emphasis are added)

Data flows are global. The EU is bound by the Treaties and the Charter of Fundamental Rights of the European Union which protect all individuals in the EU. The EU is obliged to take all necessary steps to ensure the rights to privacy and to the protection of personal data are respected throughout all processing operations, including transfers.

Since the revelations in 2013 of surveillance activities, the EU and its strategic partner the United States have been seeking to define a new set of standards, based on a system of self-certification, for the transfer for commercial purposes to the U.S. of personal data sent from the EU. Like national data protection authorities in the EU, the EDPS recognises the value, in an era of global, instantaneous and unpredictable data flows, of a sustainable legal framework for commercial transfers of data between the EU and the U.S., which represent the biggest trading partnership in the world. However, this framework needs to fully reflect the shared democratic and individual rights-based values, which are expressed on the EU side in the Lisbon Treaty and the Charter of Fundamental Rights and on the U.S. side by the U.S. Constitution.

The draft Privacy Shield may be a step in the right direction but as currently formulated it does not adequately include, in our view, all appropriate safeguards to protect the EU rights of the individual to privacy and data protection also with regard to judicial redress. Significant improvements are needed should the European Commission wish to adopt an adequacy decision. In particular, the EU should get additional reassurances in terms of necessity and proportionality, instead of legitimising routine access to transferred data by U.S. authorities on the basis of criteria having a legal basis in the recipient country, but not as such in the EU, as affirmed by the Treaties, EU rulings and constitutional traditions common to the Member States.

Moreover, in an era of high hyperconnectivity and distributed networks, self-regulation by private organisations, as well as representation and commitments by public officials, may play a role in the short term whilst in the longer term they would not be sufficient to safeguard the rights and interests of individuals and fully satisfy the needs of a globalised digital world where many countries are now equipped with data protection rules.

Therefore, a longer term solution would be welcome in the transatlantic dialogue, to also enact in binding federal law at least the main principles of the rights to be clearly and concisely identified, as is the case with other non EU countries which have been ‘strictly assessed’ as ensuring an adequate level of protection; what the CJEU in its Schrems judgment expressed as meaning ‘essentially equivalent’ to the standards applicable under EU law, and which according to the Article 29 Working Party, means containing ‘the substance of the fundamental principles’ of data protection.

We take positive note of the increased transparency demonstrated by the U.S. authorities as to the use of the exception to the Privacy Shield principles for the purposes of law enforcement, national security and public interest.

However, whereas the 2000 Safe Harbour Decision formally treated access for national security as an exception, the attention devoted in the Privacy Shield draft decision to access, filtering and analysis by law enforcement and intelligence of personal data transferred for commercial purposes indicates that the exception may have become the rule. In particular, the EDPS notes from the draft decision and its annexes that, notwithstanding recent trends to move   from   indiscriminate   surveillance   on   a   general   basis   to   more   targeted   and   selected approaches, the scale of signals intelligence and the volume of data transferred from the EU, subject to potential collection and use once transferred and notably when in transit, may still be high and thus open to question.

Although these practices may also relate to intelligence in other countries, and while we welcome the transparency of the U.S. authorities on this new reality, the current draft decision may legitimise this routine. We therefore encourage the European Commission to give a stronger signal: given the obligations incumbent on the EU under the Lisbon Treaty, access and use by public authorities of data transferred for commercial purposes, including when in transit, should only take place in exceptional circumstances and where indispensable for specified public interest purposes.

On the provisions for transfers for commercial purposes, controllers should not be expected constantly to change compliance models. And yet the draft decision has been predicated on the existing EU legal framework, which will be superseded by Regulation (EU) 2016/679 (General Data Protection Regulation) in May 2018, less than one year after the full implementation by controllers of the Privacy Shield. The GDPR creates and reinforces obligations on controllers which extend beyond the nine principles developed in the Privacy Shield. Regardless of any final changes to the draft, we recommend the European Commission to comprehensively assess the future perspectives since its first report, to timely identify relevant steps for longer term solutions to replace the Privacy Shield, if any, with more robust and stable legal frameworks to boost transatlantic relations.

The EDPS therefore issues specific recommendations on the Privacy Shield.

(FULL TEXT)  Continue reading

EP Research Service : Interinstitutional Agreement on Better Law-Making

ORIGINAL ACCESSIBLE HERE

Author: Laura Tilindyte

According to Article 295 TFEU, the European Parliament, the Council and the Commission may conclude interinstitutional agreements (IIAs) setting out arrangements for their cooperation. A number of such agreements are in place, including the 2003 IIA on Better Law-Making, which is now to be replaced by a new agreement. With the aim of ensuring a high quality of legislation, the new agreement contains provisions concerning the various stages of the policy cycle, including programming, legislating and implementation.

Background

In May 2015, the Commission presented a comprehensive Better Regulation Package, including a proposal for a new Interinstitutional Agreement (IIA) on Better Regulation. The current IIA on Better Law-Making dates back to 2003, and was considered in need of revision given the developments in the better regulation agenda. A new interinstitutional agreement also reflects the recognition of the need for a renewed commitment on the part of all three institutions involved in the legislative process (Parliament, Council and Commission) in order for better law-making efforts to succeed. The Parliament’s Conference of Presidents charged the ALDE Group leader, Guy Verhofstadt, with conducting negotiations on the Parliament’s behalf. Negotiations between the three institutions were formally launched on 25 June 2015 under the Luxembourg Presidency of the Council. The text of the agreement was finalised on 8 December 2015, and endorsed by the Council and Commission in the same month. Following its endorsement by the Constitutional Affairs (AFCO) Committee, it now requires the Parliament’s approval in plenary.

The contents of the agreement

In its structure, the new IIA on Better Law-Making roughly follows the phases of the policy cycle. It contains provisions regarding, inter alia, common objectives, programming, better law-making tools (impact assessment, stakeholder consultation and ex-post evaluation), legislative instruments, delegated and implementing acts, transparency, implementation and simplification.

The agreement first of all sets out the common commitment of the three institutions to promote simplicity, clarity and consistency in Union legislation as well as ‘utmost transparency’ in the legislative process. The agreement envisages strengthened cooperation between the three institutions with regard to multiannual and annual programming. The latter is to encompass (early) exchanges of views both before and after the adoption of the Commission Work Programme, as well as interinstitutional consultations on Commission plans to withdraw any legislative proposal. The agreement requires the Commission to provide reasons for such withdrawals and to take due account of the co-legislators’ positions when doing so. The agreement further calls upon the Commission to ‘give prompt and detailed consideration’ to own-initiative requests made by the Parliament and the Council (based on Articles 225 and 241 TFEU respectively), and to reply to such requests within three months, including giving reasons when it makes no subsequent proposal.

The agreement emphasises the positive contribution of better law-making tools to better quality legislation, including ex-ante impact assessment (IA), stakeholder consultation and ex-post evaluation of legislation. The final agreement explicitly reaffirms that impact assessment is a tool for taking well-informed decisions and not a substitute for political decision-making. Departing from the notion in the Commission’s initial IIA proposal that all substantial amendments should be subject to impact assessment, the final text provides that the EP and Council are free to carry out impact assessments of their substantial amendments ‘when they consider this to be appropriate and necessary’. One innovation of the final text (as well as of the better regulation package in general) is the commitment of the Commission systematically to conduct IAs on delegated and implementing acts with significant potential impacts. The agreement further stresses the important role of stakeholder input in ensuring well-informed decision-making, and calls upon the Commission to encourage direct participation of ‘end users’ of legislation, in particular SMEs. The new agreement will replace the 2005 common approach of the institutions to impact assessment.

When proposing legislative instruments, the Commission is expected to explain and justify, inter alia, its choice of the legal basis and the proposal’s compliance with the principles of subsidiarity and proportionality. To safeguard the Parliament’s prerogatives, the IIA now also explicitly provides for a trilateral exchange of views in case there is a suggestion of modification of the legal basis, entailing a change from ordinary legislative procedure to special legislative procedure, or non-legislative procedure.

The provisions regarding delegated and implementing acts contain a few important novelties. In a move to safeguard the Council’s interests, the IIA further commits the Commission to conduct consultation of Member States’ experts, as well as public consultations prior to the adoption of delegated acts. The Parliament and the Council are to have equal access to information regarding such expert consultations and, importantly, systematic access to the meetings of such expert groups. The IIA envisages further negotiations between the institutions with a view to establishing delineation criteria for delegated and implementing acts and, finally, provides for establishing a joint register of delegated acts by the end of 2017. Moreover, the agreement calls upon the Commission to make proposals by the end of 2016 for the alignment of existing legislation, which still needs adapting to the new legal framework created by the Lisbon Treaty (i.e. the new hierarchy of norms, including delegated and implementing acts), in particular acts which provide for use of the ‘regulatory procedure with scrutiny’. On delegated acts, the annex to the agreement sets out a revised ‘common understanding’ of the three institutions, replacing that of 2011, in particular setting some principles for the Commission’s preparation of delegated acts.

The IIA reaffirms the principle of sincere cooperation between the institutions, including information-sharing and dialogue, and emphasises that the Parliament and the Council, as co-legislators, shall exercise their powers on an equal footing. The agreement contains a commitment to enhanced transparency, which is to include ‘appropriate handling of trilateral negotiations’ (trilogues). To this end, the institutions agree to ‘improve communication to the public during the whole legislative cycle’, and commit to identifying, by 31 December 2016, ‘ways of further developing platforms and tools’ to ‘facilitate the traceability of the various steps in the legislative process’. Actual improvements in this respect thus depend on further action still to be agreed.

The new IIA reflects a new emphasis on the question of how Union law is being implemented and applied in practice. Accordingly, the agreement stresses the need for swift and correct application of Union law at national level, and calls upon the Member States to ‘communicate clearly’ to their citizens when transposing Union legislation. In particular, with the aspiration to tackle ‘gold-plating’, the IIA provides that, whenever Member States choose to add elements ‘that are in no way related’ to the said Union legislation, they should make such additions ‘identifiable’ through the transposing acts or associated documents. The IIA further calls for interinstitutional cooperation with the aim of updating and simplifying existing Union legislation, as well as the avoidance of administrative burdens without, however, compromising the objectives of the legislation in question.

Procedure and areas for further action

The conclusion of interinstitutional agreements by the Parliament is governed by Rule 140 of the Parliament’s Rules of Procedure, which provides that such agreements are to be ‘signed by the President after examination by the committee responsible for constitutional affairs and after approval by Parliament.’

On 23 February 2016, the AFCO Committee adopted a report on the conclusion of the IIA, drafted by its Chair, Danuta Hübner (EPP, Poland). Besides endorsing the new agreement and the improvements it brings, the report also sets out areas requiring further action. These include, inter alia, open questions on the delineation criteria for delegated and implementing acts, practical arrangements for interinstitutional cooperation, and transparency of trilateral negotiations, as well as a review of the relevant points of Parliament’s Rules of Procedure with a view to possible adjustments. The agreement will enter into force upon the signature of the parties, and is binding upon those parties only.

BETTER…ADMINISTRATIVE MAKING AT EU LEVEL (when the European Parliament paves the way to an, almost reluctant, European Commission…).

Since years the European Parliament ask the European Commission to submit a formal legislative proposal framing the administrative activity of the European Union as foreseen by art 298 of the Treaty on the functioning of the European Union and by the European Charter of Fundamental Rights.

According to the former “In carrying out their missions, the institutions, bodies, offices and agencies of the Union shall have the support of an open, efficient and independent European administration”.

Even more clearly the art 41 of the Charter (Right to good administration) states that :
1. Every person has the right to have his or her affairs handled impartially, fairly and within a reasonable time by the institutions, bodies, offices and agencies of the Union.
2.This right includes:
(a)the right of every person to be heard, before any individual measure which would affect him or her adversely is taken;
(b)the right of every person to have access to his or her file, while respecting the legitimate interests of confidentiality and of professional and business secrecy;
(c)the obligation of the administration to give reasons for its decisions.
3.Every person has the right to have the Union make good any damage caused by its institutions or by its servants in the performance of their duties, in accordance with the general principles common to the laws of the Member States.
4. Every person may write to the institutions of the Union in one of the languages of the Treaties and must have an answer in the same language.”

More than six year have past since the entry into force of the Treaty, in the meantime the EU administrative constellation has become even more complex with new agencies, authorities and networks but the European Commission has not yet considered that the time has come to bring some order in a domain which many have described as the “maquis” communautaire (instead of “aquis” communautaire..). This is even more appalling bearing in mind the increasing importance recognized also by the Court of Justice to the principle of good administration when assessing the legitimacy of the activity of the EU Member States or even of third countries. ..

It has then to be praised the fact that also in this legislature the Legal Affairs Committee (JURI) of the European Parliament has decided to ask to a group of eminent experts in this domain to write a full fledged legislative text which can “inspire” the European Commission. The full study and the text are accessible here .

Below the text of the draft legislative proposal as well as the first part of the study “The context and legal elements of a Proposal for a Regulation on the Administrative Procedure of the European Union’s institutions, bodies, offices and agencies” authored by Professors  Diana-Urania    Galetta,   Herwig   C.   H.   Hofmann,   Oriol  Mir Puigpelat and Jacques Ziller.

Emilio De Capitani

—————————————

Proposal for  a REGULATION OF THE   EUROPEAN PARLIAMENT AND OF THE COUNCIL on the  Administrative Procedure  of  the  European  Union’s  institutions, bodies,  offices  and  agencies

THE EUROPEAN   PARLIAMENT  AND  THE  COUNCIL OF  THE EUROPEAN UNION,
Having    regard    to    the    Treaty    on    the    Functioning    of   the    European    Union,   and    in    particular Article  298   thereof,
Having  regard  to  the proposal  from  the European  Commission,
After  transmission of  the draft legislative act  to  the national  parliaments,
Acting in accordance with  the  ordinary  legislative procedure, Whereas:
(1) With the development of the competences of the European Union, citizens are increasingly confronted with the Union’s institutions, bodies, offices and agencies, without  always having their procedural  rights adequately  protected.
(2) In a Union under the rule of law it is necessary to ensure that procedural rights and obligations are always adequately defined, developed and complied with. Citizens are entitled to expect a high level of transparency, efficiency, swift execution and responsiveness from the Union’s institutions, bodies, offices and agencies. Citizens are also entitled to receive adequate information regarding possibility to take any further  action  in the matter.
(3) The existing rules and principles on good administration are scattered across a wide variety of sources: primary law, secondary law, case-law of the Court of Justice of the European Union, soft law and unilateral commitments by the Union’s institutions.
(4) Over the years, the Union has developed an extensive number of sectoral administrative procedures, in the form of both binding provisions and soft law, without necessarily taking into account the overall coherence of the system. This complex variety of procedures has resulted in gaps and inconsistencies in these procedures.
(5) The fact that the Union lacks a coherent and comprehensive set of codified rules of administrative law makes it difficult for citizens to understand their administrative rights under  Union  law.
(6) In April 2000, the European Ombudsman proposed to the institutions a Code of Good Administrative Behaviour in the belief that the same code should apply to all Union institutions,  bodies,  offices   and   agencies.
(7) In its resolution of 6 September 2001, Parliament approved the European Ombudsman’s draft code with modifications and called on the Commission to submit a proposal for a regulation containing a Code of Good Administrative Behaviour based   on  Article  308  of the  Treaty establishing  the European Community.
(8) The existing internal codes of conduct subsequently adopted by the different institutions, mostly based on that Ombudsman’s Code, have a limited effect, differ from one   another  and  are  not   legally binding.
(9) The entry into force of the Treaty of Lisbon has provided the Union with the legal basis for the adoption of an Administrative Procedure Regulation. Article 298 of the Treaty on the Functioning of the European Union (TFEU) provides for the adoption of regulations to assure that in carrying out their mission, the institutions, bodies, offices and agencies of the Union have the support of an open, efficient and independent European administration. The entry into force of the Treaty of Lisbon also gave the Charter of Fundamental Rights of the European Union (“the Charter”) the  same  legal   value  as  the  Treaties.
(10) Title V (“Citizens’ Rights”) of the Charter enshrines the right to good administration in Article 41, which provides that every person has the right to have his or her affairs handled impartially, fairly and within a reasonable time by the institutions, bodies, offices and agencies of the Union. Article 41 of the Charter further indicates, in a non-exhaustive way, some of the elements included in the definition of the right to good administration such as the right to be heard, the right of every person to have access to their file, the right to be given reasons for a decision of the administration and the possibility of claiming damages caused by the institutions and  its servants  in  the  performance  of their  duties,  and  language  rights.
(11) An efficient Union administration is essential for the public interest. An excess as well as a lack of rules and procedures can lead to maladministration, which may also result from the existence of contradictory, inconsistent or unclear rules and procedures.
(12) Properly structured and consistent administrative procedures support both an efficient administration and a proper enforcement of the right to good administration guaranteed  as a  general  principle  of  Union  law  and under Article  41 of  the Charter.
(13) In its Resolution of 15 January 2013 the European Parliament called for the adoption of a regulation on a European Law of Administrative Procedure to guarantee the right to good administration by means of an open, efficient and independent European administration. Establishing a common set of rules of administrative procedure at the level of the Union’s institutions, bodies, offices and agencies should enhance legal certainty, fill gaps in the Union legal system and should thereby contribute to compliance  with  the  rule  of law.
(14) The purpose of this Regulation is to establish a set of procedural rules which the Union’s administration should comply with when carrying out its administrative activities. These procedural rules aim at assuring both an open, efficient and independent administration and a proper enforcement of the right to good administration.
(15) In line with Article 298 TFEU this Regulation should not apply to the Member States’ administrations.. Furthermore, this Regulation should not apply to legislative procedures, judicial proceedings and procedures leading to the adoption of non-legislative acts directly based on the Treaties, delegated acts or implementing  acts.
(16) This Regulation should apply to the Union’s administration without prejudice to other Union’s legal acts which provide for specific administrative procedural rules. However, sector-specific administrative procedures are not fully coherent and complete. With a view to ensuring overall coherence in the administrative activities of the Union’s administration and full respect of the right to a good administration, legal acts providing for specific administrative procedural rules should, therefore, be interpreted in compliance with this Regulation and their gaps should be filled by the relevant provisions of this Regulation. This Regulation establishes rights and obligations as a default rule for all administrative procedures under Union law and therefore reduces the fragmentation of applicable procedural rules, which result from  sector-specific  legislation.
(17) The procedural administrative rules laid down in this Regulation aim at implementing the principles on good administration established in a large variety of legal sources in light of the case law of the Court of Justice of the European Union. Those principles are set out here below and their formulation should inspire the  interpretation   of  the  provisions  of   this   Regulation.
(18) The principle of the rule of law, as recalled in Article 2 of the Treaty on European Union (TEU), is the heart and soul of the Union’s values. In accordance with that principle, any action of the Union has to be based on the Treaties in compliance with the principle of conferral. Furthermore, the principle of legality, as a corollary to the rule of law, requires that activities of the Union’s administration are carried out in full  accordance with the law.
(19) Any legal act of Union law has to comply with the principle of proportionality. This requires any measure of the Union’s administration to be appropriate and necessary for meeting the objectives legitimately pursued by the measure in question: where there is a choice among several potentially appropriate measures, the least burdensome option has to be taken and any charges imposed by the administration not  be  disproportionate  to  the  aims  pursued.
(20) The right to good administration requires that administrative acts be taken by the Union’s administration pursuant to administrative procedures which guarantee impartiality,  fairness  and   timeliness.
(21) The right to good administration requires that any decision to initiate an administrative procedure be notified to the parties and provide the necessary information enabling them to exercise their rights during the administrative procedure. In duly justified and exceptional cases where the public interest so requires,  the  Union’s   administration   may  delay   or  omit   the  notification.
(22) When the administrative procedure is initiated upon application by a party, the right to good administration imposes a duty on the Union’s administration to acknowledge receipt of the application in writing. The acknowledgment of receipt should indicate the necessary information enabling the party to exercise his or her rights of defence during the administrative procedure. However, the Union’s administration should be entitled to reject pointless or abusive applications as they might  jeopardize  administrative  efficiency.
(23) For the purposes of legal certainty an administrative procedure should be initiated within a reasonable time after the event has occurred. Therefore, this Regulation should  include   provisions   on   a  period  of  limitation.
(24) The right to good administration requires that the Union’s administration exercise a duty of care, which obliges the administration to establish and review in a careful and impartial manner all the relevant factual and legal elements of a case taking into account all pertinent interests, at every stage of the procedure. To that end, the Union’s administration should be empowered to hear the evidence of parties, witnesses and experts, request documents and records and carry out visits or inspections. When choosing experts, the Union’s administration should ensure that they  are  technically   competent  and  not  affected  by  a  conflict   of  interest.
(25) During the investigation carried out by the Union’s administration the parties should have a duty to cooperate by assisting the administration in ascertaining the facts and circumstances of the case. When requesting the parties to cooperate, the Union’s administration should give them a reasonable time-limit to reply and should remind them of the right against self-incrimination where the administrative procedure  may  lead  to  a  penalty.
(26) The right to be treated impartially by the Union’s administration is a corollary of the fundamental right to good administration and implies staff members’ duty to abstain   from   taking   part   in   an   administrative   procedure   where   they   have,   directly or indirectly,    a    personal    interest,    including,    in    particular,    any    family    or    financial interest,  such   as  to   impair  their  impartiality.
(27) The right to good administration might require that, under certain circumstances inspections be carried out by the administration, where this is necessary to fulfil a duty or achieve an objective under Union law. Those inspections should respect certain   conditions  and  procedures  in   order  to   safeguard   the   rights   of  the  parties.
(28) The right to be heard should be complied with in all proceedings initiated against a person which are liable to conclude in a measure adversely affecting that person. It should not be excluded or restricted by any legislative measure. The right to be heard requires that the person concerned receive an exact and complete statement of the claims or objections raised and is given the opportunity to submit comments on  the  truth   and  relevance  of  the   facts  and   on   the  documents  used.
(29) The right to good administration includes the right of a party to the administrative procedure to have access to its own file, which is also an essential requirement in order to enjoy the right to be heard. When the protection of the legitimate interests of confidentiality and of professional and business secrecy does not allow full access to a file, the party should at least be provided with an adequate summary of the content of the file. With a view to facilitating access to one’s files and thus ensuring transparent information management, the Union’s administration should keep records of its incoming and outgoing mail, of the documents it receives and measures it takes, and establish an index of the recorded   files.
(30) The Union’s administration should adopt administrative acts within a reasonable time-limit. Slow administration is bad administration. Any delay in adopting an administrative act should be justified and the party to the administrative procedure should be duly informed thereof and provided with an estimate of the expected date  of  the  adoption   of  the  administrative  act.
(31) The right to good administration imposes a duty on the Union’s administration to state clearly the reasons on which its administrative acts are based. The statement of reasons should indicate the legal basis of the act, the general situation which led to its adoption and the general objectives which it intends to achieve. It should disclose clearly and unequivocally the reasoning of the competent authority which adopted the act in such a way as to enable the parties concerned to decide if they wish   to  defend  their   rights  by  an  application   for  judicial   review.
(32) In accordance with the right to an effective remedy, neither the Union nor Member States can render virtually impossible or excessively difficult the exercise of rights conferred by Union law. Instead, they are obliged to guarantee real and effective judicial protection and are barred from applying any rule or procedure which might prevent,   even   temporarily,  Union  law  from   having   full   force  and   effect.
(33) In accordance with the principles of transparency and legal certainty, parties to an administrative procedure should be able to clearly understand their rights and duties that derive from an administrative act addressed to them. For these purposes, the Union’s administration should ensure that its administrative acts are drafted in a clear, simple and understandable language and take effect upon notification to the parties. When carrying out that obligation it is necessary for the Union’s administration to make proper use of information and communication technologies and  to adapt  to their development.
(34) For the purposes of transparency and administrative efficiency, the Union’s administration should ensure that clerical, arithmetic or similar errors in its administrative  acts are corrected  by  the competent authority.
(35) The principle of legality, as a corollary to the rule of law, imposes a duty on the Union’s administration to rectify or withdraw unlawful administrative acts. However,   considering   that   any   rectification   or   withdrawal of   an   administrative   act may conflict with the protection of legitimate expectations and the principle of legal certainty, the Union’s administration should carefully and impartially assess the effects of the rectification or withdrawal on other parties and include the conclusions of such an assessment in the reasons of the rectifying or withdrawing act.
(36) Citizens of the Union have the right to write to the Union’s institutions, bodies, offices and agencies in one of the languages of the Treaties and to have an answer in the same language. The Union’s administration should respect the language rights of the parties by ensuring that the administrative procedure is carried out in one of the languages of the Treaties chosen by the party. In the case of an administrative procedure initiated by the Union’s administration, the first notification should be drafted in one of the languages of the Treaty corresponding to  the  Member  State  in  which  the  party  is  located.
(37) The principle of transparency and the right of access to documents have a particular importance under an administrative procedure without prejudice of the legislative acts adopted under Article 15(3) TFEU. Any limitation of those principles should be narrowly construed to comply with the criteria set out in Article 52(1) of the Charter and therefore should be provided for by law and should respect the essence of the rights and freedoms and be subject to the principle of proportionality.
(38) The right to protection of personal data implies that without prejudice of the legislative acts adopted under Article 16 TFEU, data used by the Union’s administration   should  be  accurate,  up-to-date   and  lawfully   recorded.
(39) The principle of protection of legitimate expectations derives from the rule of law and implies that actions of public bodies should not interfere with vested rights and final legal situations except where it is imperatively necessary in the public interest. Legitimate expectations should be duly taken into account where an administrative act  is  rectified  or  withdrawn.
(40) The principle of legal certainty requires Union rules to be clear and precise. That principle aims at ensuring that situations and legal relationships governed by Union law remain foreseeable in that individuals should be able to ascertain unequivocally what their rights and obligations are and be able to take steps accordingly. In accordance with the principle of legal certainty, retroactive measures should not be taken  except  in  legally justified circumstances.
(41) With a view to ensuring overall coherence in the activities of the Union’s administration, administrative acts of general scope should comply with the principles  of  good administration  referred  to  in  this  Regulation.
(42) In the interpretation of this Regulation, regard should be had especially to equal treatment and non-discrimination, which apply to administrative activities as a prominent corollary to the rule of law and the principles of an efficient and independent  European  administration,
 
HAVE  ADOPTED  THIS  REGULATION: 
 
CHAPTER I GENERAL   PROVISIONS
 
Article  1 Subject  matter and objective…
  Continue reading

Strasbourg Court: Hungarian legislation on secret anti-terrorist surveillance does not have sufficient safeguards against abuse

Press release accessible here 

In January 12 Chamber judgment1 in the case of Szabó and Vissy v. Hungary (application no. 37138/14) the European Court of Human Rights held, unanimously, that there had been:

  • a violation of Article 8 (right to respect for private and family life, the home and correspondence)
  • of the European Convention on Human Rights, and
  • no violation of Article 13 (right to an effective remedy) of the European Convention.

The case concerned Hungarian legislation on secret anti-terrorist surveillance introduced in 2011.

The Court accepted that it was a natural consequence of the forms taken by present-day terrorism that governments resort to cutting-edge technologies, including massive monitoring of communications, in pre-empting impending incidents.

However, the Court was not convinced that the legislation in question provided sufficient safeguards to avoid abuse. Notably, the scope of the measures could include virtually anyone in Hungary, with new technologies enabling the Government to intercept masses of data easily concerning even persons outside the original range of operation. Furthermore, the ordering of such measures was taking place entirely within the realm of the executive and without an assessment of whether interception of communications was strictly necessary and without any effective remedial measures, let alone judicial ones, being in place.

Principal facts

The applicants, Máté Szabó and Beatrix Vissy, are Hungarian nationals who were born in 1976 and 1986 respectively and live in Budapest. At the relevant time they worked for a non-governmental watchdog organisation (Eötvös Károly Közpolitikai Intézet) which voices criticism of the Government.

A specific Anti-Terrorism Task Force was established within the police force as of 1 January 2011. Its competence is defined in section 7/E of Act no. XXXIV of 1994 on the Police, as amended by Act no. CCVII of 2011. Under this legislation, the task force’s prerogatives in the field of secret intelligence gathering include secret house search and surveillance with recording, opening of letters and parcels, as well as checking and recording the contents of electronic or computerised communications, all this without the consent of the persons concerned.

In June 2012 the applicants filed a constitutional complaint arguing that the sweeping prerogatives in respect of secret intelligence gathering for national security purposes under section 7/E (3) breached their right to privacy. The Constitutional Court dismissed the majority of the applicants’ complaints in November 2013. In one aspect the Constitutional Court agreed with the applicants, namely, it held that the decision of the minister ordering secret intelligence gathering had to be supported by reasons. However, the Constitutional Court held in essence that the scope of national security-related tasks was much broader than the scope of the tasks related to the investigation of particular crimes, thus the differences in legislation between criminal secret surveillance and secret surveillance for national security purposes were not unjustified.

Complaints, procedure and composition of the Court

Relying on Article 8 (right to respect for private and family life, the home and the correspondence), the applicants complained that they could potentially be subjected to unjustified and disproportionately intrusive measures within the Hungarian legal framework on secret surveillance for national security purposes (namely, “section 7/E (3) surveillance”). They alleged in particular that this legal framework was prone to abuse, notably for want of judicial control. They also complained that their exposure to secret surveillance without judicial control or remedy breached their rights under Article 6 § 1 (right to a fair hearing/ access to court) and Article 13 (right to an effective remedy) read in conjunction with Article 8.

The application was lodged with the European Court of Human Rights on 13 May 2014.

Privacy International and the Center for Democracy & Technology, both non-governmental organisations, were given permission to make written submissions as third parties.

Judgment was given by a Chamber of seven judges, composed as follows:

Vincent A. de Gaetano (Malta), President,
András Sajó (Hungary),
Boštjan M. Zupančič (Slovenia),
Nona Tsotsoria (Georgia),
Paulo Pinto de Albuquerque (Portugal),
Krzysztof Wojtyczek (Poland),
Iulia Antoanella Motoc (Romania),
and also Fatoş Aracı, Deputy Section Registrar.

————————————————-
Decision of the Court

Article 8 (privacy rights)

Firstly, the Court noted that the Constitutional Court, having examined the applicants’ constitutional complaint on the merits, had implicitly acknowledged that they had been personally affected by the legislation in question. In any case, whether or not the applicants – as staff members of a watchdog organisation – belonged to a targeted group, the Court considered that the legislation directly affected all users of communication systems and all homes. Moreover, the domestic law does not apparently provide any possibility for an individual who suspected that their communications were being intercepted to lodge a complaint with an independent body. Considering these two circumstances, the Court was of the view that the applicants could therefore claim to be victims of a violation of their rights under the European Convention. Furthermore, the Court was satisfied that the applicants had exhausted domestic remedies by bringing to the attention of the national authorities – namely the Constitutional Court – the essence of their grievance.

The Court found that there had been an interference with the applicants’ right to respect for private and family life as concerned their general complaint about the rules of section 7/E (3) (and not as concerned any actual interception of their communications allegedly taking place). It was not in dispute between the parties that that interference’s aim was to safeguard national security and/or to prevent disorder or crime and that it had had a legal basis, namely under the Police Act of 1994 and the National Security Act. Furthermore, the Court was satisfied that the two situations permitting secret surveillance for national security purposes under domestic law, namely the danger of terrorism and rescue operations of Hungarian citizens in distress abroad, were sufficiently clear to give citizens an adequate indication as to the circumstances in which and the conditions on which public authorities were empowered to resort to such measures.

However, the Court was not convinced that the Hungarian legislation on “section 7/E (3) surveillance” provided safeguards which were sufficiently precise, effective and comprehensive in as far as the ordering, execution and potential redressing of such measures were concerned.

Notably, under “section 7/E”, it is possible for virtually any person in Hungary to be subjected to secret surveillance as the legislation does not describe the categories of persons who, in practice, may have their communications intercepted. The authorities simply have to identify to the government minister responsible the name of the individual/s or the “range of persons” to be intercepted, without demonstrating their actual or presumed relation to any terrorist threat.

Furthermore, under the legislation, when requesting permission from the Minister of Justice to intercept an individual’s communications, the anti-terrorism task force is merely required to argue that the secret intelligence gathering is necessary, without having to provide evidence in support of their request. In particular, such evidence would provide a sufficient factual basis to apply such measures and would enable an evaluation of their necessity based on an individual suspicion regarding the targeted individual. The Court reiterated that any measure of secret surveillance which did not correspond to the criteria of being strictly necessary for the safeguarding of democratic institutions or for the obtaining of vital intelligence in an individual operation would be prone to abuse by authorities with formidable technologies at their disposal.

Another element which could be prone to abuse is the duration of the surveillance. It was not clear from the wording of the law whether the renewal of a surveillance warrant (on expiry of the initial 90 days stipulated under the National Security Act) for a further 90 days was possible only once or repeatedly.

Moreover, these stages of authorisation and application of secret surveillance measures lacked judicial supervision. Although the security services are required, when applying for warrants, to outline the necessity of the secret surveillance, this procedure does not guarantee an assessment of whether the measures are strictly necessary, notably in terms of the range of persons and the premises concerned. For the Court, supervision by a politically responsible member of the executive, such as the Minister of Justice, did not provide the necessary guarantees against abuse. External, preferably judicial control of secret surveillance activities offers the best guarantees of independence, impartiality and a proper procedure.

As concerned the procedures for redressing any grievances caused by secret surveillance measures, the Court noted that the executive did have to give account of surveillance operations to a parliamentary committee. However, it could not identify any provisions in Hungarian legislation permitting a remedy granted by this procedure to those who are subjected to secret surveillance but, by necessity, are not informed about it during their application. Nor did the twice yearly general report on the functioning of the secret services presented to this parliamentary committee provide adequate safeguards, as it was apparently unavailable to the public. Moreover, the complaint procedure outlined in the National Security Act also seemed to be of little relevance, since citizens subjected to secret surveillance measures were not informed of the measures applied. Indeed, no notification – of any kind – of secret surveillance measures is foreseen in Hungarian law. The Court reiterated that as soon as notification could be carried out without jeopardising the purpose of the restriction after the termination of the surveillance measure, information should be provided to the persons concerned.

In sum, given that the scope of the measures could include virtually anyone in Hungary, that the ordering was taking place entirely within the realm of the executive and without an assessment of whether interception of communications was strictly necessary, that new technologies enabled the Government to intercept masses of data easily concerning even persons outside the original range of operation, and given the absence of any effective remedial measures, let alone judicial ones, the Court concluded that there had been a violation of Article 8 of the Convention.

Other articles

Given the finding relating to Article 8, the Court considered that it was not necessary to examine the applicants’ complaint under Article 6 of the Convention.
Lastly, the Court reiterated that Article 13 could not be interpreted as requiring a remedy against the state of domestic law and therefore found that there had been no violation of Article 13 taken together with Article 8.

Article 41 (just satisfaction)

The Court held that the finding of a violation constituted in itself sufficient just satisfaction for any non-pecuniary damage sustained by the applicants. It awarded 4,000 for costs and expenses.

Separate opinion

Judge Pinto de Albuquerque expressed a separate opinion which is annexed to the judgment. The judgment is available only in English.

Under Articles 43 and 44 of the Convention, this Chamber judgment is not final. During the three-month period following its delivery, any party may request that the case be referred to the Grand Chamber of the Court. If such a request is made, a panel of five judges considers whether the case deserves further examination. In that event, the Grand Chamber will hear the case and deliver a final judgment. If the referral request is refused, the Chamber judgment will become final on that day.

Once a judgment becomes final, it is transmitted to the Committee of Ministers of the Council of Europe for supervision of its execution. Further information about the execution process can be found here: www.coe.int/t/dghl/monitoring/execution.

Press contacts

echrpress@echr.coe.int | tel.: +33 3 90 21 42 08
Tracey Turner-Tretz (tel: + 33 3 88 41 35 30)
Nina Salomon (tel: + 33 3 90 21 49 79) Denis Lambert (tel: + 33 3 90 21 41 09) Inci Ertekin (tel: + 33 3 90 21 55 30)

The European Court of Human Rights was set up in Strasbourg by the Council of Europe Member States in 1959 to deal with alleged violations of the 1950 European Convention on Human Rights.

Zakharov v Russia: Mass Surveillance and the European Court of Human Rights

Reblogged also by EU LAW ANALYSIS on Wednesday, 16 December with permission from the IALS Information Lawand Policy Centre blog

by Lorna Woods, (*) 

Introduction 

The European Court of Human Rights has heard numerous challenges to surveillance regimes, both individual and mass surveillance, with mixed results over the years.   Following the Snowden revelations, the question would be whether the ECtHR would take a hard line particularly as regards mass surveillance, given its suggestion in Kennedy that indiscriminate acquisition of vast amounts of data should not be permissible. Other human rights bodies have condemned this sort of practice, as can be seen by the UN Resolution 68/167 the Right to Privacy in the Digital Age. Even within the EU there has been concern as can be seen in cases such as Digital Rights Ireland (discussed here) and more recently in Schrems (discussed here). The Human Rights Court has now begun to answer this question, in the Grand Chamber judgment in Zakharov v. Russia(47143/06), handed down on December 4 2015.

Facts

Zakharov, a publisher and a chairman of an NGO campaigning for media freedom and journalists’ rights, sought to challenge the Russian system for permitting surveillance in the interests of crime prevention and national security. Z claimed that the privacy of his communications across mobile networks was infringed as the Russian State, by virtue of Order No. 70, had required the network operators to install equipment which permitted the Federal Security Service to intercept all telephone communications without prior judicial authorisation.

This facilitated blanket interception of mobile communications. Attempts to challenge this and to ensure that access to communications was restricted to authorised personnel were unsuccessful at national level. The matter was brought before the European Court of Human Rights. He argued that the laws relating to monitoring infringe his right to private life under Article 8; that parts of these laws are not accessible; and that there are no effective remedies (thus also infringing Art. 13 ECHR).

Judgment

The first question was whether the case was admissible. The Court will usually not rule on questions in abstracto, but rather on the application of rules to a particular situation. This makes challenges to the existence of a system, rather than its use, problematic. The Court has long recognised that secret surveillance can give rise to particular features that may justify a different approach. Problematically, there were two lines of case law, one of which required the applicant to show a ‘reasonable likelihood’ that the security services had intercepted the applicant’s communications (Esbester) and which favoured the Government’s position, and the other which suggested the menace provided by a secret surveillance system was sufficient (Klass) and which favoured the applicant.

The Court took the opportunity to try to resolve these potentially conflicting decisions, developing its reasoning in Kennedy. It accepted the principle that legislation can be challenged subject to two conditions: the applicant potentially falls within the scope of the system; and the level of remedies available. This gives the Court a form of decision matrix in which a range of factual circumstances can be assessed. Where there are no effective remedies, the menace argument set out in its ruling in Klass would be accepted.

Crucially, even where there are remedies, an applicant can still challenge the legislation if ‘due to his personal situation, he is potentially at risk of being subjected to such measures’ [para 171]. This requirement of ‘potentially at risk’ seems lower than the ‘reasonable likelihood’ test in the earlier case of Esbester. The conditions were satisfied in this case as it has been recognised that mobile communications fall within ‘private life’ and ‘correspondence’ (see Liberty, para 56, cited here para 173).

This brought the Court to consider whether the intrusion could be justified. Re-iterating the well-established principles that, to be justified, any interference must be in accordance with the law, pursue a legitimate aim listed in Article 8(2) and be necessary in a democratic society, the Court considered each in turn.

The requirement of lawfulness has a double aspect, formal and qualitative. The challenged measure must be based in domestic law, but it must also be accessible to the person concerned and be foreseeable as to its effects (see e.g Rotaru). While these principles are generally applicable to all cases under Article 8 (and applied analogously in other rights, such as Articles 9, 10 and 11 ECHR), the Court noted the specificity of the situation. It stated that:

‘…. domestic law must be sufficiently clear to give citizens an adequate indication as to the circumstances in which and the conditions on which public authorities are empowered to resort to any such measures’ [para 229].

In this, the Court referred to a long body of jurisprudence relating to surveillance, which recognises the specific nature of the threats that surveillance is used to address. In the earlier case of Kennedy for example, the Court noted that ‘threats to national security may vary in character and may be unanticipated or difficult to define in advance’ [para 159].

While the precision required of national law might be lower than the normal standard, the risk of abuse and arbitrariness are clear, so the exercise of any discretion must be laid down by law both as to its scope and the manner of its exercise. It stated that ‘it would be contrary to the rule of law … for a discretion granted to the executive in the sphere of national security to be expressed in terms of unfettered power’ [para 247]. Here, the Court noted that prior judicial authorisation was an important safeguard [para 249]. The Court gave examples of minimum safeguards:

  • The nature of offences which may give rise to an interception order
  • A definition of the categories of people liable to have their telephones tapped
  • A limit on the duration of telephone tapping
  • Protections and procedures for use, storage and examination of resulting data
  • Safeguards relating to the communication of data to third parties
  • Circumstances in which data/recordings must be erased/destroyed (para 231)
  • the equipment installed by the secret services keeps no logs or records of intercepted communication, which coupled with the direct access rendered any supervisory arrangements incapable of detecting unlawful interceptions
  • the emergency procedure provided for in Russian law, which enables interception without judicial authorization, does not provide sufficient safeguards against abuse.

The Court then considered the principles for assessing whether the intrusion was ‘necessary in a democratic society’, highlighting the tension between the needs to protect society and the consequences of that society of the measures taken to protect it. The Court emphasised that it must be satisfied that there are adequate and effective guarantees against abuse.

In this oversight mechanisms are central, especially where individuals will not – given the secret and therefore unknowable nature of surveillance – be in a position to protect their own rights. The court’s preference is to entrust supervisory control to a judge. For an individual to be able to challenge surveillance retrospectively, affected individuals need either to be informed about surveillance or for individuals to be able to bring challenges on the basis of a suspicion that surveillance has taken place.

Russian legislation lacks clarity concerning the categories of people liable to have their phones tapped, specifically through the blurring of witnesses with suspects and the fact that the security services have a very wide discretion. The provisions regarding discontinuation of surveillance are omitted in the case of the security services. The provisions regarding the storage and destruction of data allow for the retention of data which is clearly irrelevant; and as regards those charged with a criminal offence is unclear as to what happens to the material after the trial.

Notably, the domestic courts do not verify whether there is a reasonable suspicion against the person in respect of whose communications the security services have requested interception be permitted. Further, there is little assessment of whether the interception is necessary or justified: in practice it seems that the courts accept a mere reference to national security issues as being sufficient.

The details of the authorisation are also not specified, so authorisations have been granted without specifying – for example – the numbers to be interception. The Russian system, which at a technical level allows direct access, without the police and security services having to show an authorisation is particularly prone to abuse. The Court determined that the supervisory bodies were not sufficiently independent. Any effectiveness of the remedies available to challenge interception of communications is undermined by the fact that they are available only to persons who are able to submit proof of interception, knowledge and evidence of which is hard if not impossible to come by.

Comments

The Court could be seen as emphasising in its judgment by repeated reference to its earlier extensive case law on surveillance that there is nothing new here. Conversely, it could be argued that Zakharov is a Grand Chamber judgment which operates to reaffirm and highlight points made in previous judgments about the dangers of surveillance and the risk of abuse. The timing is also significant, particularly from a UK perspective. Zakharov was handed down as the draft Investigatory Powers Bill was published. Cases against the UK are pending at Strasbourg, while it follows the ECJ’s ruling in Schrems, with Davis (along with the Swedish Tele2 reference), querying whether theDigital Rights ruling applies to national data retention schemes, now pending before the ECJ (on that issue, see discussion here). The ECtHR noted the Digital Rights Ireland case in its summary of applicable law.

In setting out its framework for decisions, the Court’s requirement of ‘potentially at risk’ even when remedies are available seems lower than the ‘reasonable likelihood’ test in Esbester. The Court’s concern relates to ‘the need to ensure that the secrecy of surveillance measures does not result in the measures being effectively unchallengeable and outside the supervision of the national judicial authorities and of the Court’ [para 171]. This broad approach to standing is, as noted by Judge Dedon’s separate but concurring opinion, in marked contrast to the approach of the United States Supreme Court in Clapper where that court ‘failed to take a step forward’ (Opinion, section 4).

The reassessment of ‘victim status’ simultaneously determines standing, the question of the applicability of Article 8 and the question of whether there has been an infringement of that right. The abstract nature of the review then means that a lot falls on the determination of ‘in accordance with the law’ and consequently the question of whether the measures (rather than individual applications) are necessary in a democratic society. The leads to a close review of the system itself and the safeguards built in. Indeed, it is noteworthy that the Court did not just look at the provisions of Russian law, but also considered how they were applied in practice.

The Court seemed particularly sceptical about broadly determined definitions in the context of ‘national, military, economic or ecological security’ which confer ‘almost unlimited degree of discretion’ [para 248]. Although the system required prior judicial authorisation (noted para 259], in this case it was not sufficient counter to the breadth of the powers. So, prior judicial authorisation will not be a ‘get out of gaol free’ card for surveillance systems. There must be real oversight by the relevant authorities.

Further, the Court emphasised the need for the identification of triggering factor(s) for interception of communications, as otherwise this will lead to overbroad discretion [para 248]. Moreover, the Court stated that the national authorisation authorities must be capable of ‘verifying the existence of a reasonable suspicion against the person concerned’ [260-2], which in the context of technological access to mass communications might be difficult to satisfy. The Court also required that specific individuals or premises be identified. If it applies the same principles to mass surveillance currently operated in other European states, many systems might be hard to justify.

A further point to note relates to the technical means by which the interception was carried out. The Court was particularly critical of a system which allows the security services and the police the means to have direct access to all communications. It noted that ‘their ability to intercept the communications of a particular individual or individuals is not conditional on providing an interception authorisation to the communications service provider’ [para 268], thereby undermining any protections provided by the prior authorisation system.

Crucially, the police and security services could circumvent the requirement to demonstrate the legality of the interception [para 269]. The problem is exacerbated by the fact that the equipment used does not create a log of the interceptions which again undermines the supervisory authorities’ effectiveness [para 272]. This sort of reasoning could be applied in other circumstances where police and security forces have direct technical means to access content which is not dependent on access via a service provider (e.g. hacking computers and mobiles).

In sum, not only has the Russian system been found wanting in terms of compliance with Article 8, but the Court has drawn its judgment in terms which raised questions about the validity of other systems of mass surveillance.

  • Professor of Internet Law, University of Essex

 

EU-US Umbrella Data Protection Agreement : Detailed analysis by Douwe Korff

14 October 2015 (NOTA BENE : This text is more than 60 pages)

by Douwe KORFF (FREE GROUP MEMBER)

About the Fundamental Rights Europe Expert Group (FREE): The Fundamental Rights European Experts Group (FREE Group : http://www.free-group.eu)  is a Belgian non governmental organisation (Association Sans But Lucratif (ASBL) Registered at Belgian Moniteur: Number 304811. According to art 3 and 4 of its Statute ( see below *) the association focus is on monitoring, teaching and advocating in the European Union freedom security and justice related policies. In the same framework we follow also the EU actions in protecting and promoting EU values and fundamental rights in the Member States as required by the article 2, 6 and 7 of the Treaty on the European Union (risk of violation by a Member State of EU founding values)

About the author: Douwe Korff is a Dutch comparative and international law expert on human rights and data protection. He is Emeritus Professor of International Law, London Metropolitan University; Associate, Oxford Martin School, University of Oxford (Global Cybersecurity Capacity Centre); Fellow, Centre for Internet & Human Rights, University of Viadrina, Frankfurt/O and Berlin; and Visiting Fellow, Yale University (Information Society Project).

Acknowledgments: The author would like to express his thanks to Mme. Marie Georges and Prof. Steve Peers, members of FREE Group, for their very helpful comments on and edits of the draft of this Note.

OVERALL CONCLUSIONS

We believe the following aspects of the Umbrella Agreement violate, or are likely to lead to violations of, the Treaties and the EU Charter of Fundamental Rights:

  1. The Umbrella Agreement appears to allow the “sharing” of data sent by EU law enforcement agencies to US law enforcement agencies with US national security agencies (including the FBI and the US NSA) for use in the latter’s mass surveillance and data mining operations; as well as the “onward transfer” of such data to “third parties”, including national security agencies of yet other (“third”) countries, which the Agreement says may not be subjected to “generic data protection conditions”;
  2. The Umbrella Agreement does not contain a general human rights clause prohibiting the “sharing” or “onward transfers” of data on EU persons, provided subject to the Agreement, with or to other agencies, in the USA or elsewhere, in circumstances in which this could lead to serious human rights violations, including arbitrary arrest and detention, torture or even extrajudicial killings or “disappearances” of the data subjects (or others);
  3. The Umbrella Agreement does not provide for equal rights and remedies for EU- and US nationals in the USA; but worse, non-EU citizens living in EU Member States who are not nationals of the Member State concerned – such as Syrian refugees or Afghan or Eritrean asylum-seekers, or students from Africa or South America or China – and non-EU citizens who have flown to, from or through the EU and whose data may have been sent to the USA (in particular, under the EU-US PNR Agreement), are completely denied judicial redress in the USA under the Umbrella Agreement.

In addition:

  1. The Umbrella Agreement in many respects fails to meet important substantive requirements of EU data protection law;
  2. The Umbrella Agreement also fails to meet important requirements of EU data protection law in terms of data subject rights and data subjects’ access to real and effective remedies; and
  3. In terms of transparency and oversight, too, the Umbrella Agreement falls significantly short of fundamental European data protection and human rights requirements.

The Agreement should therefore, in our view, not be approved by the European Parliament in its present form.

FULL TEXT OF THE ANALYSIS 

  1. Introduction / Background

Continue reading