Category: 3.1 Transparency

EU-US Umbrella Data Protection Agreement : Detailed analysis by Douwe Korff

14 October 2015 (NOTA BENE : This text is more than 60 pages)

by Douwe KORFF (FREE GROUP MEMBER)

About the Fundamental Rights Europe Expert Group (FREE): The Fundamental Rights European Experts Group (FREE Group : http://www.free-group.eu)  is a Belgian non governmental organisation (Association Sans But Lucratif (ASBL) Registered at Belgian Moniteur: Number 304811. According to art 3 and 4 of its Statute ( see below *) the association focus is on monitoring, teaching and advocating in the European Union freedom security and justice related policies. In the same framework we follow also the EU actions in protecting and promoting EU values and fundamental rights in the Member States as required by the article 2, 6 and 7 of the Treaty on the European Union (risk of violation by a Member State of EU founding values)

About the author: Douwe Korff is a Dutch comparative and international law expert on human rights and data protection. He is Emeritus Professor of International Law, London Metropolitan University; Associate, Oxford Martin School, University of Oxford (Global Cybersecurity Capacity Centre); Fellow, Centre for Internet & Human Rights, University of Viadrina, Frankfurt/O and Berlin; and Visiting Fellow, Yale University (Information Society Project).

Acknowledgments: The author would like to express his thanks to Mme. Marie Georges and Prof. Steve Peers, members of FREE Group, for their very helpful comments on and edits of the draft of this Note.

OVERALL CONCLUSIONS

We believe the following aspects of the Umbrella Agreement violate, or are likely to lead to violations of, the Treaties and the EU Charter of Fundamental Rights:

  1. The Umbrella Agreement appears to allow the “sharing” of data sent by EU law enforcement agencies to US law enforcement agencies with US national security agencies (including the FBI and the US NSA) for use in the latter’s mass surveillance and data mining operations; as well as the “onward transfer” of such data to “third parties”, including national security agencies of yet other (“third”) countries, which the Agreement says may not be subjected to “generic data protection conditions”;
  2. The Umbrella Agreement does not contain a general human rights clause prohibiting the “sharing” or “onward transfers” of data on EU persons, provided subject to the Agreement, with or to other agencies, in the USA or elsewhere, in circumstances in which this could lead to serious human rights violations, including arbitrary arrest and detention, torture or even extrajudicial killings or “disappearances” of the data subjects (or others);
  3. The Umbrella Agreement does not provide for equal rights and remedies for EU- and US nationals in the USA; but worse, non-EU citizens living in EU Member States who are not nationals of the Member State concerned – such as Syrian refugees or Afghan or Eritrean asylum-seekers, or students from Africa or South America or China – and non-EU citizens who have flown to, from or through the EU and whose data may have been sent to the USA (in particular, under the EU-US PNR Agreement), are completely denied judicial redress in the USA under the Umbrella Agreement.

In addition:

  1. The Umbrella Agreement in many respects fails to meet important substantive requirements of EU data protection law;
  2. The Umbrella Agreement also fails to meet important requirements of EU data protection law in terms of data subject rights and data subjects’ access to real and effective remedies; and
  3. In terms of transparency and oversight, too, the Umbrella Agreement falls significantly short of fundamental European data protection and human rights requirements.

The Agreement should therefore, in our view, not be approved by the European Parliament in its present form.

FULL TEXT OF THE ANALYSIS 

  1. Introduction / Background

Continue reading “EU-US Umbrella Data Protection Agreement : Detailed analysis by Douwe Korff”

The General Principles of EU Administrative Procedural Law

THE TEXT BELOW IS AN EXCERPT OF A STUDY ACCESSIBLE HERE 

Nota Bene: Upon request by the European Parliament JURI Committee this in-depth analysis explains what general principles of EU administrative procedural law are, and how they can be formulated in  the recitals of a  Regulation   on  EU  administrative  procedure.
Authors:  Diana-Urania Galetta, Professor of Administrative Law and European Administrative Law, University of Milan, , Herwig C. H. Hofmann,   Professor   of   European   and   Transnational   Public   Law,   Jean   Monnet Chair, University of Luxembourg,  Oriol  Mir Puigpelat,  Professor  of  Administrative Law,  University of Barcelona and  Jacques Ziller,  Professor of  EU  law, University of  Pavia

EXECUTIVE SUMMARY : Background
The Committee on Legal Affairs of the European Parliament has requested an In-depth Analysis on “The general principles of EU administrative procedural law”. The In-depth Analysis is intended to be presented at a meeting of the Working Group on Administrative Law.
Aim
. The Analysis puts forward drafting proposals for the general principles of EU administrative procedural law to be included in the Recitals of a draft Regulation on EU Administrative procedures. More specifically, the Analysis tries to clarify the content of the general principles of EU administrative procedural law and suggest the most accurate formulation for the corresponding recitals.
The following general principles, which are related to the Right to good administration embedded in Article 41 Charter, to the principle of an open, efficient and independent European administration enunciated in Article 298 TFEU are translated into recitals: 1 Access to information and access to documents; Access to the file ; Duty of care; Data protection; Data quality; Effective remedy; Equal treatment and non-discrimination; Fair hearing; Fairness; Good administration; Impartiality; Legal certainty; Legality; Legitimate expectations; Participatory democracy; Proportionality; Reason giving; Rule of Law; Timeliness; Transparency.
(…)
2.2.   Structure and wording of recitals

Which general principles of EU law need to be referred to in the recitals of an EU regulation on Administrative Procedures depends on the content of the substantive provisions of the regulation.   The   purpose   of   establishing   an   EU   regulation   on   administrative   procedures   is   to improve the quality of the EU’s legal system by fostering compliance with the general principles of EU law in the reality of fragmentation between sector-specific procedures and the reality of the multi-jurisdictional nature and pluralisation of actors involved in the implementation of EU policies.
Fragmentation has often resulted in a lack of transparency, predictability, intelligibility and trust in EU administrative and regulatory procedures and their outcome, especially from the point of view of citizens.
A codification of administrative procedures can contribute to simplifying the legal system of the Union, enhancing legal certainty, filling gaps in the legal system and thereby ideally contributing to compliance with the rule of law. Overall, it can be expected that establishing enforceable rights of individuals in procedures that affect them, contributes to compliance with principles of due process  and  fosters procedural  justice.
Adopting such a regulation further has the potential to contribute not only to the clarity of the legal rights and obligations of individuals and participating institutions, offices, bodies and agencies, but also to the transparency and effectiveness of the legal system as a whole. An EU Regulation on Administrative Procedures has the potential to contribute to the objectives of clarification of rights and obligations. It also contributes to simplification of EU law by ensuring that procedures can follow one single rule-book and better regulation by allowing  to  improve the  overall  legislative quality.
The recitals of an EU regulation on administrative procedures will therefore contain various principles of EU law.
When identifying the principles of EU law which should be referred to in the recitals not only is it important to provide a list of principles but also to give them some order. In establishing such order, it has to be taken into account that there is neither an established ‘hierarchy’ of principles, nor do all general and foundational principles of EU law work in the same way. The important aspect of general principles is that they serve to guide the interpretation of legal rules of all levels of the EU’s legal system and fill gaps. In that context, the reference to a general principle of EU law in the recitals serves to reiterate its importance in interpreting a legal text such as the regulation on EU administrative procedure. It also serves to clarify which principles have been balanced by the legislature in establishing  specific  provisions  of  the regulation.

However, in order to structure the approach to the reference to general principles of EU law in the recitals of the EU regulation on administrative procedure, the various principles can be grouped. Taking into account the very nature of recitals our proposal is mainly grounded in the idea that the recitals not only have a legal purpose (of interpreting the norms in the regulation), but should also have a ‘citizen friendly’ informative purpose. The principles in the recitals therefore need to be presented in a way that may prompt the non-expert to read  them.
(…)
The proposed recitals are not comprehensive: they are limited to the scope of clarifying the content of general principles of EU administrative procedure law, what other general principles are relevant to the implementation and interpretation of administrative procedure rules, and why those principles are important. Other components need to be added to the recitals such  as,  to name  one  example, the legal  basis  of  the act.

Recitals (1) to (5) are intended to explain to a broader public why those principles matter. Recitals (7) to (22) attempt to explain what the content and meaning of those principles are. Recital (6) briefly alludes to internal principles which are very important for the implementation of the principles mentioned in Article 298 (1) TFEU of an open, efficient and independent administration without necessarily creating enforceable subjective rights; contrary to the other principles those internal principles are not further developed in their enunciation in so far as they do not necessarily correspond to subjective rights. One or more specific recitals might be devoted to those principles once the articles of the operative part  of  the  Regulation  will  have been  drafted.
The order in which those principles are presented derives from grounds which are explained in section 1.2 of this note. The recitals include footnotes that are obviously not intended to remain in the proposal of a Regulation. Their purpose is to give the most useful references (mainly about case law)  to  the  reader  of this  note.
(…)
3.2. Proposed Recitals Continue reading “The General Principles of EU Administrative Procedural Law”

“(EU’s) Laws are like sausages. You should never watch them being made…” (*)

by Emilio De Capitani

As denounced in several posts of this blog the distance between the daily practice of the EU institutions and the democratic principles enshrined in the Treaties is growing day by day.

I am not referring here to the way how representative democracy is framed at EU level. Suffice to remember how last year the voters have been tricked with the “spitzencandidate” game by four political families suggesting that each one of them was promoting alternative EU models. After the election three of them have become part of the same political majority in the European Parliament  so that left and right are now intertwined that you hardly distinguish whose strategy is prevailing. Moreover in the interinstitutional game such majority in the European Parliament mirrors the majority in the big EU countries and in this situation there is no has no real incentive for the EU citizens representatives in changing the situation in the EU or in its main member states.

No, what I am referring here is the way how the EU institutions are jeopardising day by day the Treaty rules which support participative or “input” democracy which aims to give everyone a ‘say’ notably when the EU legislation is initiated, negotiated and adopted.

This model of the “govern by the people” now enshrined in the Treaties is extremely important in a legal order which is very rightly perceived far from EU citizens and which looks still framed by bureaucrats and diplomats more incline to the so called “output democracy” or the “govern for the people” where the management needs prevail on the citizen (and national parliaments) participation. However this government by the elites has become even stronger since the entry into force of the Lisbon Treaty notwithstanding it is stated that:

Every citizen shall have the right to participate in the democratic life of the Union. Decisions shall be taken as openly and as closely as possible to the citizen.” (art.10 TEU).

“(1) In order to promote good governance and ensure the participation of civil society, the Union’s institutions, bodies, offices and agencies shall conduct their work as openly as possible. (2). The European Parliament shall meet in public, as shall the Council when considering and voting on a draft legislative act. (3). Any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State, shall have a right of access to documents of the Union’s institutions, bodies, offices and agencies, whatever their medium, subject to the principles and the conditions to be defined in accordance with this paragraph.” (art.15 p 1-3 TFEU)

As I have explained here these principles are circumvented by the daily practice of the EU institutions which have built a parallel world of the so called “trilogues” where they meet negotiate and decide without any transparency towards the European citizens or even the National Parliaments. The latter have just a say at the beginning of the “movie” but disappear immediately after and even if most of them could follow the EU legislative works are threatened by the Council of the European Union of not diffusing the legislative preparatory work because it is covered by the …”professional secrecy” rule (!).

To try to change this state of things I have then asked to the European Parliament, the institution which is deemed to take in account more than other the needs of participative democracy, the texts which are debated during the interinstitutional trilogues and which reflect the evolution of the position of the different institutions during the legislative negotiations.

After a first denial from the EP secretariat  I have submitted a confirmatory application  where I have tried to raise the attention of the European Parliament Bureau (which brings together the EP President and Vice Presidents), on the constitutional, institutional and operational arguments in favour of transparency during legislative negotiations (see here).

The answer I have just received (see below a version emphasized/notated  by me) is appalling because not only the European Parliament endorse the Council practice but declares that the protection of the effectiveness of the decision making process (which has no more standing in the treaties for legislative activity) overrides the right of the citizens to be informed and that confidentiality is necessary to avoid the risk of the EP Rapporteur losing the ‘trust’ of the Council Presidency (!?). Until now I was convinced that the EP main preoccupation was not to loose the trust of half billion citizens and to drive in a transparent way a political strategy which can also be supported at national level by the same political families in the national parliaments….
Will this be the position of the Ombusdman who has recently open an inquiry on the Trilogues interinstitutional practice ? Will this be the position of the Court ? It is too early to answer this question but this will arrive (better soon than later)

Emilio De Capitani

(*) Quoted from Otto Von Bismark

LETTER RECEIVED on 08.07.2015 from Ildiko GALL-PELCZ EP Vice-President in charge  of Access to documents Continue reading ““(EU’s) Laws are like sausages. You should never watch them being made…” (*)”

“DON’T MENTION THE EXTRA JUDGES!” WHEN CJEU REFORM TURNS INTO FARCE

PUBLISHED ON EU LAW ANALYSIS ON Friday, 3 July 2015

by Steve Peers

The classic British comedy Fawlty Towers derived its humour from the doomed attempts of the ill-tempered hotel owner Basil Fawlty to control the uncontrollable situations that developed around him, often taking out his frustrations on his waiter, Manuel. No one would seriously suggest emulating Basil Fawlty’s management style. But nevertheless, the debate over the reform of the Court of Justice is increasingly resembling a Fawlty Towers episode.

Let’s review. After several previous failed attempts at reforming the EU judicial system, the Court of Justice suggested that the lower EU court (the General Court) should have double the number of judges – two per Member State, instead of one. The EU’s civil service tribunal (with seven judges) would close down, merged into the General Court. The senior Court of Justice would retain one judge per Member State. For the background, further details and arguments in favour, see my earlierblog post.

This proposal was opposed by many staff in the General Court. So four General Court judges appeared before the European Parliament to object to this plan (let’s call them, collectively, ‘Manuel’). For discussion of Manuel’s counter-arguments, see the recent blog post by Professors Pech and Alemanno; and for Manuel’s written argument itself, see here.

Very recently the proposal was formally adopted by the Council. But it still has to be agreed with the European Parliament (EP), and some Members of the European Parliament (MEPs) appear to have great misgivings, fuelled by the dissenting judges. Cue an angry response by the CJEU’s President Skouris (let’s call him ‘Basil’). As documented by Duncan Robinson in the Financial Times, hecomplained that the EP was willing to listen to the rebels, and threatened retaliationagainst the dissenting judge. Manuel might soon get whacked by that frying pan.

With the greatest respect, there are profound problems with Skouris’ approach. First and foremost, his response has become the story (it’s also been covered elsewhere). This diverts attention from the pros and cons of the argument for CJEU reform. I’m not criticising the journalists – it’s their job to report on his response, and he should have anticipated the effect it would have. Also, now that his response has become the story, it gives the impression that the proposal is a greedy grab for money by the judges. In fact. as I pointed out in my earlier post, the CJEU had previously suggested fewer extra judges. It only asked for doubling the number in despair, when it became clear that Member States could not agree on a more modest number, due to national egotism.

Secondly, Skouris’ angry letters give the impression that the CJEU is an authoritarian institution. Certainly, any ordinary employer would not take kindly to public criticism of its policy by its staff. For instance, if (entirely hypothetically) I had objections to the management of the University of Essex, I would not air them in a public forum. But the CJEU is a public body, in a political system whose legitimacy is clearly fragile. These attempts to silence dissent surely damage the Court’s authority more than the dissent itself would. Anyway, they gave that dissent far more publicity than it would otherwise have had (the well-known ‘Streisand effect’).

Thirdly, by attacking the dissenters instead of countering their arguments, it gives the impression that there is no good argument in favour of the Court’s proposals, since the brave truth-tellers are being silenced. And in tactical terms, it’s particularly hard to see how attacking the very MEPs whom Skouris needs to convince to support his proposals will win them round. Continue reading ““DON’T MENTION THE EXTRA JUDGES!” WHEN CJEU REFORM TURNS INTO FARCE”

Passenger Name Records, data mining & data protection: the need for strong safeguards

EXCERPTS FROM EXPERTS’ OPINION SUBMITTED TO THE COUNCIL OF EUROPE (PUBLISHED ON THE STATEWATCH SITE)

by Douwe KORFF and Marie GEORGES (FREE-Group Members)

Introduction

Much has been said and written about Passenger Name Records (PNR) in the last decade and a half. When we were asked to write a short report for the Consultative Committee about PNR, “in the wider contexts”, we therefore thought we could confine ourselves to a relatively straightforward overview of the literature and arguments.

However, the task turned out to be more complex than anticipated. In particular, the context has changed as a result of the Snowden revelations. Much of what was said and written about PNR before his exposés had looked at the issues narrowly, as only related to the “identification” of “known or [clearly ‘identified’] suspected terrorists” (and perhaps other major international criminals). However, the most recent details of what US and European authorities are doing, or plan to do, with PNR data show that they are part of the global surveillance operations we now know about.

More specifically, it became clear to us that there is a (partly deliberate?) semantic confusion about this “identification”; that the whole surveillance schemes are not only to do with finding previously-identified individuals, but also (and perhaps even mainly) with “mining” the vast amounts of disparate data to create “profiles” that are used to single out from the vast data stores people “identified” as statistically more likely to be (or even to become?) a terrorist (or other serious criminal), or to be “involved” in some way in terrorism or major crime. That is a different kind of “identification” from the previous one, as we discuss in this report.

We show this relatively recent (although predicted) development with reference to the most recent developments in the USA, which we believe provide the model for what is being planned (or perhaps already begun to be implemented) also in Europe. In the USA, PNR data are now expressly permitted to be added to and combined with other data, to create the kinds of profiles just mentioned – and our analysis of Article 4 of the proposed EU PNR Directive shows that, on a close reading, exactly the same will be allowed in the EU if the proposal is adopted.

Snowden has revealed much. But it is clear that his knowledge about what the “intelligence” agencies of the USA and the UK (and their allies) are really up to was and is still limited. He clearly had an astonishing amount of access to the data collection side of their operations, especially in relation to Internet and e-communications data (much more than any sensible secret service should ever have allowed a relatively junior contractor, although we must all be grateful for that “error”). However, it would appear that he had and has very little knowledge of what was and is being done with the vast data collections he exposed.

Yet it is obvious (indeed, even from the information about PNR use that we describe) that these are used not only to “identify” known terrorists or people identified as suspects in the traditional sense, but that these data mountains are also being “mined” to label people as “suspected terrorist” on the basis of profiles and algorithms. We believe that that in fact is the more insidious aspect of the operations.

This is why this report has become much longer than we had planned, and why it focusses on this wider issue rather than on the narrower concerns about PNR data expressed in most previous reports and studies.

The report is structured as follows. After preliminary remarks about the main topic of the report, PNR data (and related data) (further specified in the Attachment), Part I discusses the wider contexts within which we have analyzed the use of PNR data. We look at both the widest context: the change, over the last fifteen years or so, from reactive to “proactive” and “preventive” law enforcement, and the blurring of the lines between law enforcement and “national security” activities (and between the agencies involved), in particular in relation to terrorism (section I.i); and at the historical (immediately post-“9/11”) and more recent developments relating to the use of PNR data in data mining/profiling operations the USA, in the “CAPPS” and (now) the “Secure Flight” programmes (section I.ii).

In section I.iii, we discuss the limitations and dangers inherent in such data mining and “profiling”.

Only then do we turn to PNR and Europe by describing, in Part II. both the links between the EU and the US systems (section II.1), and then the question of “strategic surveillance” in Europe (II.ii).

In Part III, we discuss the law, i.e., the general ECHR standards (I); the ECHR standards applied to surveillance in practice (II, with a chart with an overview of the ECtHR considerations); other summaries of the law by the Venice Commission and the FRA (III); and further relevant case-law (IV).

In Part IV, we first apply the standards to EU-third country PNR agreements (IV.i), with reference to the by-passing of the existing agreements by the USA (IV.ii) and to the spreading of demands for PNR to other countries (IV.iii). We then look at the human rights and data protection-legal issues raised by the proposal for an EU PNR scheme. We conclude that part with a summary of the four core issues identified: purpose-specification and –limitation; the problem with remedies; “respect for human identity”; and the question of whether the processing we identify as our main concern – “dynamic”-algorithm-based data mining and profiling – actually works.

Part V contains a Summary of our findings; our Conclusions (with our overall conclusions set out in a box on p. 109); and tentative, draft Recommendations. (…)

Conclusions Continue reading “Passenger Name Records, data mining & data protection: the need for strong safeguards”

How the EU “legislative triangle” is becoming a “Bermudes, triangle “…

by Emilio De Capitani

According to several scholars the Lisbon Treaty has strengthened the implementation of the democratic principle in the EU as well as the framework for participative democracy. In theory with entry into force of the Charter the EU has become more accountable to its citizens and there has been a clear improvement of the legal framework for EU legislative and non legislative activity. Even if not perfectly sound) there is now a clear definition of what should be considered of “legislative” nature and there is now a clear obligation (at primary law level) to debate publicly both in the Council and in the European Parliament.

Needless to say, the latter has been for years the champion of legislative and administrative transparency  not only in the citizens interest but also in view of the definition of its own marge of maneuver during the negotiations with the Council. This former EP attitude was not particularly appreciated by the Council and the Commission when in 2001, before Lisbon, the three institutions negotiated the first EU legislation in this domain. (Regulation 1049/01). However at the time it was easy to say that time was needed to promote open debates and votes in the Council and in the Commission because it would had required a change of culture in an institution mainly structured as a bureaucratic machinery (the Commission) or in an other framed by a diplomatic approach (the Council).

Five years after Lisbon such a change of culture in the Council and the Commission is it under way or is the other way round for the EP?

Have a look to the exchange of messages below and make your own opinion. The issue is still pending but risks to have some interesting developments… Continue reading “How the EU “legislative triangle” is becoming a “Bermudes, triangle “…”

Les lourdes chaînes de Prométhée, réflexions critiques sur la Stratégie européenne de sécurité intérieure 2015 – 2020

ORIGINAL PUBLISHED HERE ON  23 JUIN 2015

par Pierre Berthelet, CDRE

Le Professeur Panayotis Soldatos comparait il y a peu l’Union européenne à Prométhée enchaîné par les Etats membres. Ces réflexions mettant en évidence une construction européenne dépendante des États, « dont les élites politiques, écrit-il, se refusent à admettre la réalité de l’obsolescence de la souveraineté nationale », s’illustrent parfaitement avec l’adoption par le Conseil de la stratégie européenne de sécurité intérieure pour la période 2015-2020.

À première vue, la sécurité intérieure vient de franchir un pas supplémentaire dans l’intégration avec l’approbation par le Conseil le 16 juin 2015, de conclusions renouvelant et modernisant pour cinq années à venir la stratégie 2010-2014. Pour autant, il semble bien que les chaînes soient pesantes, car les États conservent la main, et de main ferme pourrait-on dire, le processus d’intégration dans ce domaine.

Ces conclusions entraînent une série de réflexions critiques quant aux conséquences institutionnelles et quant à la manière dont les États décident d’œuvrer dans la construction européenne en matière de sécurité intérieure.

Elles suscitent d’emblée des interrogations concernant l’inclusion du Parlement européen dans le processus décisionnel lié au déroulement du cycle, ainsi que sur la préservation accrue des droits fondamentaux (1).
Continue reading “Les lourdes chaînes de Prométhée, réflexions critiques sur la Stratégie européenne de sécurité intérieure 2015 – 2020”

COE Human Rights Commissioneer : Reinforcing democratic oversight of security services cannot be further delayed

Strasbourg, 5 June 2015 – “The current systems of oversight of national security services in Europe remain largely ineffective. Revelations over the last years about security operations which have violated human rights should have prompted reforms in this field, but progress has been disappointingly slow. European countries must now ensure more democratic and effective oversight of what their security services do and avoid future operations leading to new human rights violations,” said today Nils Muižnieks, Commissioner for Human Rights, while presenting a report on this topic.

The report intends to provide guidance to strengthen human rights protection in the field of security services. It sets forth a number of measures necessary for making national oversight systems more effective and the security services accountable and fully compliant with human rights standards.  “Security service activities impact a variety of human rights, including the right to life, to personal liberty and security, and the prohibition of torture or inhuman, cruel and degrading treatment. They also impinge on the right to privacy and family life, as well as the rights to freedom of expression, association and assembly, and fair trial. It is therefore crucial that security services uphold the rule of law and human rights in undertaking their tasks.”

Council of Europe member states have taken diverse approaches to oversight, which include parliamentary committees, independent oversight bodies, institutions with broader jurisdictions such as ombudspersons, data commissioners and judicial bodies. However, none abides fully to internationally established norms. Drawing upon international and European standards and national practices, the paper sets out the most significant objectives and overriding principles that can enable more effective oversight of security services. “It is necessary to keep oversight democratic, primarily through the involvement of parliaments. It is also crucial to ensure prior authorisation of the most intrusive measures, including surveillance, and to establish a body able to issue legally binding decisions over complaints by individuals affected by security activities, as well as to access all intelligence-related information,” said the Commissioner.

“Security services exist to protect our democracies. Their work is fundamental to ensure that we all can live in security. This paper intends to show how their activities can be best sustained by policies which ensure their lawfulness and accountability. Ensuring that security agencies operate under independent scrutiny and judicial review does not reduce their effectiveness. On the contrary, governments would increase their credibility among the public and weaken support for anti-democratic causes if they show as much resolve in safeguarding human rights as in fighting terrorism.”

The executive summary and the Commissioner’s recommendations are also available in French and German. Translations into Turkish and Russian are under way.

To read more about the Commissioner’s work on counter-terrorism and human rights, please visit this page.

Press contact in the Commissioner’s Office:
Stefano Montanari, + 33 (0)6 61 14 70 37; stefano.montanari@coe.int
www.commissioner.coe.int; Twitter: @CommissionerHR; Facebook; youtube
 
The Commissioner for Human Rights is an independent, non-judicial institution within the Council of Europe, mandated to promote awareness of, and respect for, human rights in the 47 member states of the Organisation. Elected by the Parliamentary Assembly of the Council of Europe, the present Commissioner, Mr Nils Muižnieks, took up his function on 1 April 2012

OPEN LETTER TO UK MPS: ENSURING DEMOCRATIC SCRUTINY OF UK SURVEILLANCE LAW CHANGES

ORIGINAL PUBLISHED ON EU LAW ANALYSIS 

by Steve PEERS

Due to my concern about inadequate democratic scrutiny of changes to UK law (often linked to EU law) affecting privacy rights, I am one of the signatories to today’s letter to MPs on this issue, published in the Guardian and elsewhere. Thanks to Andrew Murray and Paul Bernal for taking this initiative.

An open letter to all members of the House of Commons,

Dear Parliamentarian,

Ensuring the Rule of Law and the democratic process is respected as UK surveillance law is revised

Actions Taken Under the Previous Government

During the past two years, the United Kingdom’s surveillance laws and policies have come under scrutiny as the increasingly expansive and intrusive powers of the state have been revealed and questioned in the media. Such introspection is healthy for any democracy. However, despite a need for transparency in all areas of lawmaking, and in particular in areas of controversy, the previous Government repeatedly resisted calls for an open and transparent assessment and critique of UK surveillance powers. Instead, in response to legal challenges, it extended the powers of the state in the guise of draft Codes of Practice and “clarifying amendments.” As we welcome a new Government we expect another round of revisions to UK surveillance laws, with the likelihood that the Queen’s Speech will signal a revival of the Communications Data Bill. At this time we call on the new Government, and the members of the House, to ensure that any changes in the law, and especially any expansions of power, are fully and transparently vetted by Parliament, and open to consultation from the public and all relevant stakeholders.

Last year, in response to the introduction of the Data Retention and Investigatory Powers Bill (“DRIP”), a number of leading academics in the field – including many of the signatories to this letter – called for full and proper parliamentary scrutiny of the Bill to ensure Parliamentarians were not misled as to what powers it truly contained. Our concern emanated from the Home Secretary’s attempt to characterize the Bill, which substantially expanded investigatory powers, as merely a re-affirmation of the pre-existing data retention regime.[1]

Since that letter was written, it has become apparent that the introduction of the DRIP Bill was not the only time an expansion of surveillance powers was presented in a way seemingly designed to stifle robust democratic consideration. In February 2015, the Home Office published the draft Equipment Interference Code of Practice.[2] The draft Code was the first time the intelligence services openly sought specific authorisation to hack computers both within and outside the UK. Hacking is a much more intrusive form of surveillance than any previously authorised by Parliament. It also threatens the security of all internet services as the tools intelligence services use to hack can create or maintain security vulnerabilities that may be used by criminals to commit criminal acts and other governments to invade our privacy. The Government, though, sought to authorise its hacking, not through primary legislation and full Parliamentary consideration, but via a Code of Practice.

The previous Government also introduced an amendment via the Serious Crimes Act 2015, described in the explanatory notes to the Bill as a ‘clarifying amendment’.[3] The amendment effectively exempts the police and intelligence services from criminal liability for hacking. This has had an immediate impact on the ongoing litigation of several organisations who are suing the Government based in part on the law amended, the Computer Misuse Act 1990.[4]

The Way Ahead

The new Conservative Government has announced its intention to propose new surveillance powers through a resurrection of the Communications Data Bill. This will require internet and mobile phone companies to keep records of customers’ browsing activity, social media use, emails, voice calls, online gaming and text messages for a year, and to make that information available to the government and security services. We also anticipate this Parliament will see a review of the Regulation of Investigatory Powers Act 2000, which currently regulates much of the Government’s surveillance powers. The Independent Reviewer of Terrorism Legislation, David Anderson QC, has conducted an independent review of the operation and regulation of investigatory powers, with specific reference to the interception of communications and communications data. The report of that review has been submitted to the Prime Minister, but has yet to be made public: when it is made public, parliamentary scrutiny of the report and any recommendations made following it will be essential.

As the law requires that surveillance powers must be employed proportionate to any harm to privacy caused (as required by Article 8 of the European Convention on Human Rights and Article 12 of the Universal Declaration of Human Rights) we believe that any expansion or change to the UK’s surveillance powers should be proposed in primary legislation and clearly and accurately described in the explanatory notes of any Bill. The Bill and its consequences must then be fully and frankly debated in Parliament. When reaching an assessment of the proportionality, of any measure that restricts rights, both our domestic courts and the European Court of Human Rights place great stock on the degree and quality of Parliamentary involvement prior to any measure being adopted. If the matter ever came to before the courts one issue examined would be the nature of any “exacting review” undertaken by MPs into the necessity of extending these powers. The Government should not be permitted to surreptitiously change the law whenever it so desires, especially where such changes put our privacy and security at risk.

This letter has been prepared and signed by 35 academic researchers. We are comprised of people from both sides of this issue – those who believe that increased powers are a reasonable response to an emerging threat, and those who think them an unjustified extension of state interference. Our common goal is to see the Rule of Law applied and Parliamentary oversight reasserted. We are calling on all members of the House of Commons, new and returning, and of all political persuasions to support us in this by ensuring Parliamentary scrutiny is applied to all developments in UK surveillance laws and powers as proposed by the current Government.

Signatories

 

Andrew Murray (contact signatory) Paul Bernal (contact signatory)
Professor of LawLondon School of Economics

a.murray@lse.ac.uk

 Lecturer in Information Technology, Intellectual Property and Media Law University of East AngliaPaul.Bernal@uea.ac.uk

 
Subhajit BasuAssociate Professor
University of Leeds
 		 Sally Broughton MicovaDeputy Director LSE Media Policy Project, Department of Media and Communications
London School of Economics and Political Science
 
Abbe E.L. BrownSenior Lecturer
School of Law
University of Aberdeen
 		 Ian BrownProfessor of Information Security and Privacy
Oxford Internet Institute
Ray CorriganSenior Lecturer in Maths, Computing and Technology
Open University
 		 Angela DalyPostdoctoral Research Fellow
Swinburne Institute for Social Research
Swinburne University of Technology
Richard DanburyPostdoctoral Research Fellow Faculty of Law University of Cambridge
 		 Catherine EastonLancaster University School of Law  
Lilian EdwardsProfessor of E-Governance Strathclyde University Andres GuadamuzSenior Lecturer in Intellectual Property Law University of Sussex
 
Edina HarbinjaLecturer in Law University of Hertfordshire
 		 Julia HörnleProfessor in Internet Law Queen Mary University of London
Theodore KonstadinidesSenior Lecturer in Law University of Surrey
 		 Douwe KorffProfessor of International Law London Metropolitan University
 
Mark LeiserPostgraduate Researcher Strathclyde University
 		 Orla LynskeyAssistant Professor of Law London School of Economics
 
 
 
David MeadProfessor of UK Human Rights Law UEA Law School University of East Anglia
 		 Robin MansellProfessor, Department of Media and Communication London School of Economics
 
Chris MarsdenProfessor of Law University of Sussex
 		 Steve PeersProfessor of Law University of Essex
 
Gavin PhillipsonProfessor, Law School University of Durham Julia PowelsResearcher Faculty of Law University of Cambridge
 
Andrew PuddephattExecutive Director Global Partners Digital Judith RauhoferLecturer in IT Law University of Edinburgh
 
Chris ReedProfessor of Electronic Commerce Law Queen Mary University of London
 		 Burkhard SchaferProfessor of Computational Legal Theory University of Edinburgh
 
Joseph SavirimuthuSenior Lecturer in Law University of Liverpool
 		 Andrew ScottAssociate Professor of Law London School of Economics
 
Peter SommerVisiting Professor Cyber Security Centre, De Montfort University
 		 Gavin SutterSenior Lecturer in Media Law Queen Mary University of London
 
Judith TownendDirector of the Centre for Law and Information Policy Institute of Advanced Legal Studies
University of London
 		 Asma VranakiPost-Doctoral Researcher in Cloud Computing Queen Mary University of London
 
Lorna WoodsProfessor of Law University of Essex
 

 
 
[1] http://bit.ly/1jNzlUz
[2] http://bit.ly/1yiXUZD
[3] http://bit.ly/1LfVFz3
[4] http://bit.ly/1S4RCdJ

Posted by Steve Peers at 03:18

Europe and “Whistleblowers” : still a bumpy road…

by Claire Perinaud (FREE Group trainee) The 9th and the 10th of April was organized in Paris by the University Paris X Nanterre la Défense in collaboration with the University Paris I Sorbonne a Conference on «  whistleblowers and fundamental rights »[1] which echoed a rising debate on the figure of  wistleblowers  after the numerous revelations of scandals and corruption which occurred last years, with some of them directly linked to EU institutions. In the following lines I will try to sketch a) the general framework then b) the main issues raised during the Conference

A) The general framework 

The term « whistle-blower » was created by Ralph Nader in 1970 in the context of the need to ensure the defense of citizens from lobbies. He defined « whistle blowing » as « an act of a man or woman who, believing that the public interest overrides the interest of the organization he serves, blows the whistle that the organization is in corrupt, illegal, fraudulent or harmful activity »[2]. The interest of scholars and lawyers to the figure of whistle-blowers in the United States dates back to the adoption by the Congress in 1863 of the False claims act which is deemed to be the first legislation related to the right of alert[3].
The system which developed afterwards is notably based on the idea that whistle-blowing is a strong mechanism to fight corruption and has to be encouraged by means of financial incentives[4]. If this mechanism is of utmost importance in the United States, protection of whistle blowers is only slowly introduced in Europe[5]
With numerous scandals related to systemic violations of human rights, the subject is progressively dealt with in the European Union (EU) and in the Council of Europe. Nevertheless, in both organizations, the protection of whistleblowers remain at the stage of project or only recommendations to the states.

The Council of Europe… Continue reading “Europe and “Whistleblowers” : still a bumpy road…”