The European Area of Freedom Security and Justice : still.. lost in transition ?

by Emilio De Capitani

More than five years ago the Lisbon Treaty entered into force carrying along great expectations for the transformation of the EU into a Freedom Security and Justice area. However even if some progress has been made on Schengen,  asylum policies, procedural guarantees in criminal proceedings and judicial cooperation in civil matters the results are far lower than the initial expectations and of the ambitious objectives enshrined in the Stockholm Programme adopted by the European Council on December 10th 2009.

That Programme has been criticized by some member states as it was a sort of “Christmas tree”. However what the European Council adopted in June  last year is little more than a “dry bush” mainly focused on the need for …thorough reflections before adopting new EU legislation. Some commentators considered that this was a Machiavellian move of the European Council to pass the baton to the newly appointed President of the European Commission so that it could take the lead of this European policy as for any other “ordinary” policy.

A deceiving Commission..

In the following months this interpretation was confirmed by the appointment of the first Commission Vice President, in charge of the implementation of the rule of law, of the European Charter of fundamental rights and of better legislation. Moreover the creation of a specific portfolio for migration policy gave the impression of the Commission’s stronger political commitment “ place the individual at the heart of its activities, by establishing the citizenship of the Union and by creating an area of freedom, security and justice” (European Charter Preamble)

However very soon these initial hopes had been deceived:

1 The rule of law mechanism which was suggested by the last “Barroso” Commission was soon forgotten

2 As far as the Charter is concerned the Commission has apparently been taken by surprise by the Court of Justice opinion 2/13 dealing with the EU accession to the ECHR and is still considering what to do. But the Juncker Commission also seems lost when the issue at stake is to transpose the EU Charter principles into new EU legislation. It will only take more than one year to evaluate what could be the impact of the CJEU ruling on data retention on the pending legislation such as the EU PNR, the entry-exit and the registered travel proposals (not to speak of its impact on EU legislation and agreements that are already in force..)

3 Migration and human mobility are still dealt with and financed by the same General Directorate which is in charge of internal security policy instead of being moved to social affairs policies which should have been a real holistic and individual-centred approach.

4 Last but not least the Commission’s legislative programme for 2015 is more than reticent and it appears more and more evident that for the time being most (if not all) of the Commission’s political energy will be focused on economic objectives so that the Freedom security and justice area related policies have to wait for a new season.

but the situation between Member States is even worse..

The situation of FSJA policies is even more frustrating on the Member States side.

Not only some legislative procedures like the ones on consular protection, access to documents  or the fight against discrimination remain blocked and others including the data protection reform will require a caesarean section to come to life,  but day after day it appears clearer and clearer  that there is still a majority of member states which do not want  the modernisation of measures adopted before the Lisbon treaty (or even before the entry into force of the Amsterdam Treaty. This is notably the case of Germany which (as a rule)  oppose any new measure which can have a financial impact or will change the former “unbalance” of power between the Council and the European Parliament. Take the case of the recent three Commission proposals (1) repealing FSJA measures dating back to the intergovernamental period. According to German delegation even a 1998 Schengen decision on the adoption of measures to fight illegal immigration should be preserved because “None of the (current) legal instruments include a similarly comprehensive approach to fight illegal migration and immigrant smuggling.” This is appalling : would it not be wiser to urge the Commission to submit a new proposal which could better comply with the EU Treaties and with the Charter by also associating the European Parliament to this endeavour ?

This case apart it is worth noting that all the pre-Lisbon measures dealing with police cooperation and judicial cooperation in criminal matters (2) have been legally “embalmed” by art 9 of Prot.36 according to which “The legal effects of the acts of the institutions, bodies, offices and agencies of the Union adopted on the basis of the Treaty on European Union prior to the entry into force of the Treaty of Lisbon shall be preserved until those acts are repealed, annulled or amended in implementation of the Treaties. The same shall apply to agreements concluded between Member States on the basis of the Treaty on European Union.”

A “Transitional” period ….until when ? Continue reading “The European Area of Freedom Security and Justice : still.. lost in transition ?”

The European Union and State Secrets: a fully evolving institutional framework…in the wrong direction (2).


In a passionate intervention before the Civil Liberties Committee of the European Parliament (LIBE) on January 8 the European Ombudsman has denounced the fact that:For the first time in its twenty year history, the European Ombudsman was denied its right under Statute to inspect an EU institution document, even under the guarantee of full confidentiality, as part of an inquiry… This power to inspect documents is fundamental to the democratic scrutiny role of the Ombudsman and acts as a guarantor of certain fundamental rights to the EU citizen.”

The case concerned Europol’s refusal to give access to a Joint Surpervisory Body (JSB) report on the implementation of the EU-US Terrorist Finance Tracking Program (TFTP) Agreement (known as “SWIFT” agreement). The JSB consists of representatives of the data protection authorities of the Member States which should ensure that the storage, processing and use of the data held by Europol do not violate fundamental EU rights. To check if  Europol was correctly applying EU law the Ombusdman has asked to inspect the JSB report. ”However”,as stated by Mrs O’Reilly,”..according to Europol, the “technical modalities” agreed between the Commission and the US under Article 4(9) of the TFTP Agreement required Europol to obtain the permission of the US authorities before allowing the Ombudsman, or any other entity, any access, including an Ombudsman confidential inspection, to the record. The US authorities have refused such permission to Europol.” Reportedly the  US authorities refused this permission because the Ombudsman “need to know” requirement for having access to that classified document was not met.

Many LIBE members have considered this statement quite appalling because it allowed the US authorities to be the arbiters of whether or not the Ombudsman may exercise her statutory, democratic power to inspect the document at issue in conformity with EU law. It is worth recalling that art. 3 par. 2 of the Ombusdman statute states that : The Community institutions and bodies shall be obliged to supply the Ombudsman with any information he has requested from them and give him access to the files concerned. Access to classified information or documents, in particular to sensitive documents within the meaning of Article 9 of Regulation (EC) No 1049/2001, shall be subject to compliance with the rules on security of the Community institution or body concerned.” 

To shed some light on this controversy it could be worth recalling some elements which to my opinion have not been developed during the parliamentary debate and I had the occasion to recall in a previous post …five years ago.

The “Originator’s principle” in art. 9 of Regulation 1049/01

First of all it should be noted that art. 9 of Regulation 1049/01 cited in the Ombudsman Statute is the only EU legislative basis which allows the classification of “sensitive documents” which are “..documents are documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organizations, classified as ‘TRÈS SECRET/TOP SECRET’, ‘SECRET’ or ‘CONFIDENTIEL’ in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defense and military matters.” According to paragraph 3 of the same article “Sensitive documents shall be recorded in the register or released only with the consent of the originator.”

However, according to Regulation 1049/01 the Originator’s consent is an exception to the general rule according to which an Institution when requested for access to a document should be driven by objective criteria and not by the will of the “originator” even when the latter it is an EU Member State (see art. 4 p.4-6 of Regulation 1049/01). The only obligation foreseen by the Regulation is to establish a fair dialogue with the “originator” and the final judge will remain the Court of justice which should assess if Regulation 1049/01 principles and rules have been violated. Not surprisingly this general rule was not easy to agree with the Member States but it was chosen as it was the only possible way out to preserve the autonomy of EU law against the risk of inconsistent decisions at EU level if taken  following national standards which are still extremely diverse (think how different is the approach to transparency in Sweden or in Spain..).

Why then establish an exception in art. 9 ?

The main factor has been the Council reqyest to cover the first 2000 EU-NATO agreement  on exchange of classified information  which, like all similar international agreements was built on the “originator” principle and also because of this was challenged by the European Parliament before the Court of Justice. Mid 2001 a deal was then struck with the European Parliament which obtained that the exception of the “originator’s principle” should had been limited to the intergovernmental domains (at the time the internal and external security policies covered by art. 24 and 38 of the EU Treaty). The logic was that for these policies the Member States are mainly under the control of their national parliaments so that the European Parliament (as well as the Court of Justice) could not be considered co-responsible for violation of EU law.

On this basis the Council has progressively built an autonomous legal framework which can hardly be considered a simple implementation of Art.9 of Regulation 1049/01. Not only the Council has added another lower level of classified documents (“Restricted”) but it embodied  the “originator’s principle”. The Council latest version of these security rules is the Decision 2013/488/EU and  has been adopted  by the Council on its internal organizational powers (art. 240 TFEU) and “without prejudice to Articles 15 and 16 of the Treaty on the Functioning of the European Union (TFEU) and to instruments implementing them”.(eg Regulation 1049/01 and the measures protecting personal data).

Notwithstanding this “disclaimer” this Council Decision has become “de facto” an harmonizing measure as it  define the “principles” which should frame the European Union Classified Informations (EUCI). To comply with the rule of law and democratic principles these “principles” should had been adopted by the  co-legislator as foreseen by art. 15 of the TFEU (1) and by the EU Charter. But the general application of these “internal rules” derives by the fact that they should be “copy and pasted” as such in all the EU Institutions agencies and bodies “internal” security rules if the latter want to share classified informations with the Council or between them.

Also in the international negotiations the Originator’s principle has been spread in dozen of international agreements even if since the entry into force of the Lisbon Treaty these agreements deals with the exchange of classified information linked with  the common foreign and security policy (art. 37 of the TEU) (2). When classified informations deals with Judicial and police cooperation in criminal matters they now require an internal legal basis as it happened  for the  Decision concluding the EU-US agreement on TFTP. The “mutual respect clause foreseen by art. 40 TEU (3) should be respected and the European Parliament approbation is required.

Quite rightly then the European Parliament Legal Service has considered that the “technical modalities” invoked by Europol to justify the refusal of access by the Ombusdman could not be considered a sound legal basis as they were simple  “implementing measures” of the TFTP agreement and have been not part of the agreement itself.

Can the Ombusdman, the European Parliament and the Court of justice be considered simple “third parties” ?

However I am less convinced of the EP Legal Service reasoning  when it justify  the EUROPOL refusal to give the Ombusdman access to the JSB report because the originator’s  principle is embodied in …the Europol internal Security Rules.

First of all I believe that in case of conflict between the Europol Security Rules (which mirror the Council Internal security rules which themselves are implementing measure of art. 9 of Regulation 1049/01) and the Ombudsman Statute the latter should  prevail as the latter it is a direct implementation of the Treaty and is of legislative nature (as it has been adopted in codecision by the European Parliament and the Council).

Secondly (and more importantly) I consider that the question as highlighted by the Ombudsman is indeed more of constitutional nature and deals with the preservation of the principle of institutional balance in an autonomous legal order as it is the European Union (see the recent Court of Justice opinion 2/13 on the EU accession to the ECHR).

Under this perspective I think that the way how the Council has implemented the art 9 of Regulation 1049/01 is creating a sort of “executive privilege” which has no  basis in the EU primary law and can which moreover is threatening the prerogatives of the other institutions.

I find also misleading (to say the least) the formula applied by the Council in the international agreements on the exchange of classified information (even if now limited to external security policy). The formula is the following : 

The EU institutions and entities to which this Agreement applies shall be: the European Council, the Council of the European Union (hereinafter ‘the Council’), the General Secretariat of the Council, the High Representative of the Union for Foreign Affairs and Security Policy, the European External Action Service (hereinafter ‘the EEAS’) and the European Commission. For the purposes of this Agreement, these institutions and entities shall be referred to as ‘the EU’..

How can be considered complying with the EU founding values of democracy and of the rule of law as well as with the principle of legal certainty a formula which give the right to a third country such as Russia, Georgia, Turkey,  (4)  to decide that the Ombudsman, the European Parliament and the Court of Justice are “third parties which can be forbidden from acceding to classified information” even when their access is linked with the exercise of their constitutional prerogatives? (5)


For all these reasons I think that the Ombudsman should had challenged the Europol refusal before the Court of justice by giving to the Luxembourg Judges the possibility to better frame the scope of the originator’s principle and of the “third party” rule in the EU law.

In the meantime it could also be possible that the Commission (and notably its Vice president of  Timmermans in charge of the Rule of law of the EU Charter) take on board the amendments to Regulation 1049/01 (and to art. 9) as voted by the European Parliament on December 2011.

Last but not least I think that also the European Parliament should take advantage of what he has learned in Ombudsman-Europol case in  the  current negotiations with the Council on the post-Lisbon  EUROPOL decision. It could be worth amending some worrying articles of the Council “general approach” (Council Doc 10033/14 of May 28 2014) . For instance art.67 of rightly makes reference to Regulation 1049/01 but art. 69 makes reference to the Council Internal Security rules instead to art. 9 of Regulation 1049/01. I think it could also be wise to examine the content of the Europol adopted and pending international agreements as the Council “general approach” foresee  that Europol International agreements “established on the basis of Decision 2009/371/JHA and agreements concluded by Europol as established by the Europol Convention before 1 January 2010 should remain in force”.


(1)  “General principles and limits on grounds of public or private interest governing this right of access to documents shall be determined by the European Parliament and the Council, by means of regulations, acting in accordance with the ordinary legislative procedure.” (art. 15 p 3 TFEU)

(2)  See for example the 2011 agreement between the EU and Serbia on the exchange of classified information)

(3) Art 40 TEU. “The implementation of the common foreign and security policy shall not affect the application of the procedures and the extent of the powers of the institutions laid down by the Treaties for the exercise of the Union competences referred to in Articles 3 to 6 of the Treaty on the Functioning of the European Union. 

Similarly, the implementation of the policies listed in those Articles shall not affect the application of the procedures and the extent of the powers of the institutions laid down by the Treaties for the exercise of the Union competences under this Chapter.”

(4)  The third Countries with which the agreements have been concluded are :   Australia, Bosnia and Herzegovina, Former Yugoslav Republic of Macedonia, Iceland,  Israel, Liechtenstein, Montenegro, Norway, Serbia, Switzerland, Ukraine and United States of America. Agreements have also been signed with: Canada (Negotiating mandate approved by the Council  on 21.10.2003 – Under negotiation),  Turkey (Negotiated but not yet approved by the Council), Russian Federation (Agreement signed on 01.6.2010 and published  in OJ L 155, 22.6.2010, p.57. Exchange of  notes verbales following entry into force of the  Lisbon Treaty . Negotiations on  the implementing arrangements are ongoing), Albania Negotiating mandate approved by the Council  on 20.01.2014 (Under  negotiation), Georgia (Negotiating mandate approved by the Council  on 20.01.2014.Under negotiation).

(5) The fact that  the “third party rule” constitutes a guarantee for the third party to a certain extent, but it is not an absolute principle of law has been debated during the negotiations of the EU-Canada exchange of classified informations (with reference to Section 38 of the Canada Evidence Act).

The US Senate reveals the truth on renditions and torture, now it’s Europe’s turn.

NB Translated by Yasha Maccanico from an original italian version published on Europeanrights internet site. 

by Armando Spataro[1]

On 9 December 2014, as had been announced the day before by Josh Earnest, the White House spokesman, the US Senate released a report of around 500 pages that officially acknowledged all sorts of torture (including water-boarding) and the practice of extraordinary renditions, enacted by the CIA for around a decade within the framework of an unacceptable strategy to fight international terrorism. Moreover, the report consists of a summarised review of an even wider study which is around 6,700 pages long, the rest of which will remain ‘classified’, as is said in jargon, and hence secret. The work by the Senate’s Intelligence Committee monitoring the secret services, on which the report is based, lasted for around five years and included analysis of around 6 million documents.

Thus, practically the whole world had official confirmation of what was already known to an extent and which, according to several commentators, constituted a practice enacted since the years that immediately preceded the 11 September [attacks], when the CIA was headed by George Tenet (from 1997 to 2004), and up until 2009 (hence, also at the time when Tenet’s role was assumed first by Porter Gross and then by Michael Hayden). In any case, these were methods developed with certainty – according to the report – after 11 September. Yet, the truly innovative element did not consist in this practice being revealed, but in its clear and unequivocal condemnation by the United States Senate.

The president of the Senate’s Intelligence Committee, the California Democrat Dianne Feinstein, who had already reported the violation of the computers of the Committee she presided over by the CIA[2] in March 2014, insisted for the immediate publication of this dossier. The senator, who overcame internal resistance even within her party by those who opposed the report’s publication, declared: “We have to divulge it because whoever reads it will act in order for it never to happen again”. The position taken by President Obama was no different, as he stated: “We were not worthy of our values… Torture has not even contributed to making us safer against terrorism. I will continue to use my presidential authority to guarantee that we will never use those methods again”[3]. Brutal and inefficient methods, whose only consequences were summed up by Harry Raid, leader of the outgoing Democratic majority in the Senate, in just a few words:“All of this has just muddied us”.

But the top echelons of the CIA immediately stated that they had done what was asked of them, assuring that everything was lawful.

Hence, it is worth reconstructing the route along which, at a certain point, governments, including European ones, political leaders and many jurists came to claim that acts of torture and the kidnapping of suspected terrorists had a juridical legitimation and, therefore, could be practised.

It all arises from an abstruse juridical theorisation, that of the war on terror, whereby war must be met with war, also because it is a way of producing democracy, so much so that “after the bombing of Falluja, the inhabitants of the destroyed city were happier and voted in great numbers”[4]. It was a theory that was drawn up in the wake of 11 September and had quickly become so popular as to be mentioned using an acronym: “W.o.T.”

In essence, acts of so-called international terrorism supposedly constitute acts of war that may be countered with similar techniques among which kidnappings and torture are included. Of course, it is true that acts of terrorism may also be carried out in times and zones of war, but it is likewise evident that this does not justify that kind of response in any way. In fact, everyone, and not just jurists, knows that in war situations the law for armed conflict situations is applicable as it is laid out in the Geneva Convention, its additional protocols and its further, more general purposes that are found in humanitarian law.

However, within the frame of the WoT principles become flexible, “grey areas” in which rights exist in a limited form become admissible, where any rule subsides or rules are often violated, starting from, for example, the very creation of the category of enemy combatants, that is, of illegal enemy combatants which, according to the view of those who created it, enables terrorist suspects who are “captured” in any part of the world to be denied their fundamental rights.

We owe the creation of this monstruous juridical category to John Woo from the US Department of Justice’s Legal Advice Office, the author of a 42-page memorandum in which Al Qaeda and the entire Taleban regime were included among the illegal enemy combatants, to whom the Geneva Conventions would not be applied.[5]

Moreover, John Yoo later complained (in 2008) in some press articles that the unveiling of his role as counsellor-strategist exposed him to the risk of reprisals, whereas he now claims, with renewed pride and following the publication of the Feinstein report, the authorship of that memorandum. Yoo recently published the book “Point Attack”, in which he redevelops that “emergency law” which was decisive – in his view – after 11 September[6].

Fears that were somewhat similar to those expressed by Woo prior to his more recent coming out, had been voiced by Matthew Waxman, professor at the Columbia Law School and a high ranking official in the staff of the US State Department between 2005 and 2007, who complained about[7] the worldwide release of the photographs that documented the inhumane treatment inflicted upon prisoners in Abu Ghraib and Guantánamo: «What image are we giving of the fight against terrorism?», he commented.

In reality, using the words of Antonio Cassese, this system constitutes a “juridical limbo”, which is enriched by ad hoc clauses and provisions directed at further legitimating it. Continue reading “The US Senate reveals the truth on renditions and torture, now it’s Europe’s turn.”

National security and secret evidence in legislation and before the courts: exploring the challenges

Visit the European Parliament’s Studies website:

This Study examines the way in which justice systems across a selection of EU Member States use and rely on intelligence information that is kept secret and not disclosed to the defendants and judicial authorities in the name of national security.
It analyses the laws and practices in place from the perspective of their multifaceted impact on the EU Charter of Fundamental Rights (in particular its provisions related to the rights of the defence and freedom of information and expression), as well as on wider ‘rule of law’ principles. The analysis is based on a comparative study of the legal regimes, interpretations by domestic and European tribunals as well as key developments and contemporary practices concerning the use of intelligence information as ‘evidence’ and the classification of information as ‘state secrets’ during trials in the name of ‘national security’ in the following seven EU Member States (EUMS): the United Kingdom, France, Germany, Spain, Italy, the Netherlands and Sweden.

The examination has highlighted a number of key research findings.

It first shows a wide variety of national legal systems and judicial practices embedded in domestic historical, political and constitutional trajectories characterising each Member State jurisdiction (see Section 1 of the Study and Annex 5 with detailed Country Fiches).
The United Kingdom and the Netherlands are the only two Member States examined with official legislation allowing for the formal use of classified intelligence information in judicial proceedings. The United Kingdom constitutes an ‘exception’ in the broader EU landscape due to the existence of the much-contested ‘Closed Material Procedures’ (CMPs) – secret court hearings where only the judge and security-cleared special advocates are given access to sensitive intelligence material. The Netherlands operates a system of ‘shielded witnesses’ in courts, allowing intelligence officials to be heard before a special examining magistrate (Sections 1.1. and 1.2 of this Study). Other EUMS analysed (Germany, Spain and Sweden) present indirect judicial practices in which certain evidence may be hidden from a party during trials under a number of conditions (Section 1.3).

Nevertheless, the Study demonstrates that secret evidence is not always legal evidence. In countries such as Germany, Italy or Spain the rights of the defence and the right to a fair trial cannot be ‘balanced’ against national security or state interests as this would directly contravene their respective constitutional frameworks (Section 1.4).

Yet, all EUMS under examination face a number of challenges as regards the difficult and often controversial declassification or disclosure of intelligence materials, which too often lacks proper independent judicial oversight and allows for a disproportionate margin of appreciation by state authorities (Section 1.5 of this Study).

Another issue resulting from the comparative investigation relates to the fuzziness and legal uncertainties inherent to the very term ‘national security’ (as evidenced in Section 1.6 and Annex 3).
While this notion is quite regularly part of political and legal debates in EU and national arenas, the Study reveals that a proper definition of what national security actually means is lacking across a majority of EUMS under investigation.
The few definitional features that appear in EUMS’ legal regimes and doctrinal practices fail to meet legal certainty and ‘rule of law’ standards, such as the “in accordance with the law” test (see below). This too often leads to a disproportionate degree of appreciation for the executive and over-protection from independent judicial oversight, which is further exacerbated in a context where some EUMS have bilateral systems of mutual respect of state secrets with third countries such as the US.
Moreover, the disparities and heterogeneous legal protection regimes among EUMS also mean that EU citizens who are suspects in judicial procedures are protected differently or to divergent degrees across the EU. There are variable ‘areas of justice’ in the EU when it comes to the rights of defence of suspects in cases dealing with national security and state secrets. This diversity is at odds with the ambition of developing a common AFSJ and achieving non discrimination between EU nationals when it comes to the delivery of fundamental rights.

A second key finding of the Study relates to a growing transnational exchange of intelligence and use of these intelligence materials before courts (as developed in Section 2 and Annex 1 of this Study).

The 2013 Snowden revelations provide the general context within which EUMS’ regimes and practices need to be analysed. There has been a growing expansion of intelligence cooperation across the world, which is mainly transatlantic and asymmetrical in nature due to the more prominent role played by the US.
This has strengthened the view that transnational threats require a more extensive sharing of raw data on individuals collected by internet or mobile devices. This trend poses a number of dilemmas from the perspective of judicial accountably and the rule of law (Section 2.1 of this Study). One relates to the difficulties in assessing the quality, lawfulness and accuracy of the information, and the extent to which this very information can be considered ‘evidence’ in trials (Section 2.2). The current reliance on intelligence information is, moreover, problematic in light of insufficient or deferential judicial oversight of executive decisions taken ‘in the name of national security’.
This is particularly also the case in respect of the ways in which the use of state secrets can disrupt government officials’ accountability in cases of alleged ‘wrongdoing’ (Section 2.3).

A third finding concerns an emerging set of European judicial standards from the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU) on issues related to intelligence information, national security and state secrets, in particular when these affect the rights of the defence (refer to Section 3, Annex 1 and Annex 2 of this Study).

One of the most important legal standards when assessing national security and intelligence information is the “in accordance with the law” principle. Continue reading “National security and secret evidence in legislation and before the courts: exploring the challenges”

Towards a Declaration of Internet Rights

by Professor Stefano RODOTA’ (FREE Group member) (*)

For many years there has been a wide discussion about the possibility of adopting an Internet Bill of Rights, and debates have produced a considerable number of proposals. The Berkman Centre at Harvard University counted 87 of such proposals, to which we can add the Internet Magna Charta that Tim Berners-Lee is working on, and lastly the Declaration of the Rights of Internet Rights that has been drafted by a Committee established by the President of the Italian Chamber of Deputies. The novelty of the latter is that for the first time the proposal of an Internet Bill of Rights has not been produced by scholars, associations, dynamic coalitions, enterprises, or groups of stakeholders, but by an institutional entity.

It is necessary to recall that the debate on this topic dates back to the World Summit on the Information Society organised in 2005 by the UN in Tunis, where the need for an International Convention on Internet rights was explicitly underlined. This subject was deepened in the following UN Internet Governance Forums. But the international debate was progressively turned into precise rules within the European Union, even before the issue of the Internet Bill of Rights appeared in the international arena. These are not, however, parallel situationsdestined not to meet at any point. The European Union progressively brought to light the constitutional basis of the protection of personal data, finding its full recognition in Article 8 (**) of its Charter of Fundamental Rights. Here a strong similarity with the Internet Bill of Rights is identified, and it concerns precisely the constitutional scope of rules.

We are going through a phase of deep change in the way in which we are facing the problems highlighted by the Internet dynamics, in the passage from Web 1.0 to Web 2.0 and now to Web 3.0. It is not just a matter of following technological changes by adjusting legal provisions to suit them. A new definition is being developed of the rationale driving actions in this area, through a radical U-turn as regards the dynamics of the latest phase. A possible historical turning point is ahead of us, whose/that’s opportunities must be seized.

It seemed that an approach had become consolidated, which left little room to rights. From Scott McNealy’s abrupt statement of 1999 – “You have zero privacy. Get over it” – up to the recent hasty conclusion by Mark Zuckerberg about the end of privacy as a “social rule”, a line characterised by the intertwining of two elements emerged: technological irresistibility and the primacy of the economic logic. On the one side, in fact, it was highlighted how technological innovations and the new social practices made it increasingly difficult, not to say impossible, the safeguard of one’s private life and of the public liberties; on the other side, the statement on the “death of privacy” had become the argument to state that personal information had to be considered as property of those who collected it.

These certainties were radically challenged by Edward Snowden’s disclosure on the magnitude of the National Security Agency’s Prism programme and by the judgements of the European Court of Justice on data retention and Google. The idea according to which the protection of fundamental rights shall give way to the interests of security agencies and enterprises was rejected.

A new hierarchy has been established, with the fundamental rights as the first and starting point. The US President had to admit the inadmissibility of the procedures provided for by the Prism program and the Court of Justice, with its decision of 8th April, that declared that the Directive on data retention was illegal. And in the Google case the same Court explicitly stated that “the fundamental rights under Articles 7 and 8 of the Charter (…) override, as a norm (…) the economic interest of the operator of the search engine”, in a perspective broadening the European Union’s jurisdiction beyond its borders.

We are faced with a true “resurrection of privacy” and, more generally, with the primacy of the need and legitimacy of rules effectively protecting the rights of Internet users. Making reference to article 8 of the Charter, the Court of Justice was acting as a true constitutional court, opening a new and wide perspective.

The Italian initiative

This is the framework within which the Italian initiative on the Declaration of Internet Rights was adopted. Its goal is not limited to having a text to be used for national debate only.

The establishment of the Committee that drafted the document, in fact, was preceded by an international conference gathering some of the authors of the Brazilian Marco Civil, the representatives of European Institutions, and several experts from different Countries.

The text drafted by the Committee was presented on 13th October during a meeting at the Chamber of Deputies with the Presidents of the Parliamentary Committees of Member Countries in charge of fundamental rights.

The present draft is now submitted to a four-month public consultation on the Internet, at the end of which the Committee will draft the final text. Such consultation, however, is also being carried out at a European and international level, as shown by the contacts with other European Parliaments and by the video conference that will be held at the beginning of December between the Italian and the French Committees. Consultations are also taking place with experts and associations from non-European Countries.

An ambitious target was set: drafting a text allowing a common international debate, accompanied by a constant monitoring by the Chamber of Deputies. The goal is not limited to working in the complex and remote perspective of an international convention. Short-term and feasible results can be achieved, concerning the strengthening of the European system, its developments and the relationships with other countries, and most of all the consolidation of a culture highlighting common dynamics in the different legal systems. In this way, the debate around a future Internet Bill of Rights may lead to the awareness that in the different legal systems several elements already exist that, once connected to one another, establish an informal Internet Bill of Rights. An evidence of such trend is found in the decisions of the Courts of the different Countries and in the choice of legislative models, as shown by the clear influence of the European model on the Brazilian Marco Civil.

The Italian Declaration is characterised by a fundamental choice. Differently from almost all the other ones, it does not contain a specific and detailed wording of the different principles and rights already stated by international documents and national Constitutions. Of course, these are generally recalled as an unavoidable reference. But the attempt of the Declaration, as a matter of fact, was to identify the specific principles and rights of the digital world, by underlining not only their peculiarities but also the way in which they generally contribute to redefining the entire sphere of rights.

The key words – besides the most well-known ones concerning the protection of personal data and the right to the informational self-determination – include access, neutrality, integrity and inviolability of IT systems and domains, mass surveillance, development of digital identity, rights and guarantees of people in Internet platforms, anonymity and right to be forgotten, interoperability, right to knowledge and education, and control over Internet governance. The importance of the needs linked to security and to the market is obviously taken into consideration, but the balancing of these interests with fundamental rights and freedoms cannot take place on equal terms, in the sense of ensuring first and foremost the full respect for rights and freedom according to the clear provisions of the Charter of Fundamental Rights and to European case law.

In particular, security needs shall not determine the establishment of a society of surveillance, control and social sorting. Economic needs are taken into consideration in the framework of the neutrality principle that, by guaranteeing the generative nature of the Internet, keeps the possibilities for innovation unchanged, and prevents strong subjects from creating conditions of exclusion of possible competitors. Furthermore, whenever Internet platforms provide public services that are essential for the life and the activities of people, it is necessary to guarantee the conditions for a suitable interoperability in compliance with the principle of competition and equal treatment of people.

Provided that not all the issues can be analysed in this document, it is suitable recalling the need to consider the access to the Internet as a fundamental right of individuals (Tim Berners-Lee compared it to the access to water), as an essential guarantee not only against any form of censorship, but also against indirect limitations, such as taxation as it is presently happening in Hungary. The set of rights recognised do not guarantee a general freedom on the Internet, but specifically aims at preventing the dependency of people from the outside, the expropriation of the right to freely develop one’s personality and identity as it may happen with the wide and increasing use of algorithms and probabilistic techniques. The autonomy in the management of personal data, therefore, shall also consider new rights as those not to be tracked and to keep silent the chip. This perspective requires a particular in-depth analysis, since a deeply interconnected society is being developed, with a passage to Internet of Things in forms that have suggested some people to speak of an Internet of Everything, which determines a digitalisation of day-to-day lives that is able to transform any person and their bodies.

People cannot be reduced to objects of external powers, they must recover the sovereignty on their digital person. Identity is a key issue. The free development of one’s personality must be safeguarded.

Starting from this set of references, it is necessary to thoroughly examine the issue of the transformation of copyright, whose analysis was postponed to the end of the consultation, since knowledge on the Internet appears as a shared asset that can be considered as a common global resource.

A broader perspective is therefore opened by the Italian draft Declaration, in consideration of the large amount of topics to be tackled and the debate between different points of view; and such Declaration is significantly in line with the European Union policy that particularly emphasises the Charter of Fundamental Rights. The unquestionable aspect is the need to fine-tune a constitutional policy for the Internet, whose users – presently amounting to three billion people – cannot rely on a freedom guaranteed by the absence of rules, as it is still presently stated.

The reality is very different, showing an interconnected network heavily regulated by private subjects that cannot be controlled and that have no democratic legitimation, as it happens – beyond any disputes – with the “Over the Top” operating on the Internet. Internet rights are denied by totalitarian regimes and, unfortunately, by democratic regimes as well. The perspective of a Declaration of Internet rights aims at developing – through procedures different from the ones of the past – the constitutional rules that are fundamental in order to allow the Internet to keep its main feature as a place of freedom and democracy, as the widest space of the history of mankind.


(*) Intervention at the Friedrich-Ebert-StiftungFREE Group experts meeting on :
Internet: only a “single digital market” or also a space to promote fundamental rights – Towards a European “Marco Civil”? (November 12, 2014). The main idea of this experts’ conference has been to have a first look to the impact of the EU Digital Agenda on fundamental rights as framed by the Treaties, the EU Charter and the recent CJEU jurisprudence (Data retention, Google Case..). As stated by the Charter the individual should be at the center of all EU policies and this objective underpins the recent proposal for an Internet Bill Of Rights of the Italian Chamber of Deputies as well as other national examples (Brasilian “Marco Civil” and recent US initiatives at government, congress and civil society level).
Bearing in mind that EU is competent on most of the aspects dealing with Internet the question arises how to preserve and promote individual rights notably in the pending negotiations on legislative proposals notably on Data Protection, Net Neutrality and Network Security (NIS). Moreover what should be the future initiatives to be developed by the a new Commission’s legislative programme impacting on Internet ? How the future EU single digital market could preserve the principles of non-discrimination, and of informational self determination by strengthening the access to internet as a public common good ?
Together with Stefano Rodotà took also part to the Seminar
Claude Moraes Chairman of the European Parliament Civil liberties Committee (which adopted in 2009 a first Internet Bill of Rights resolution)
Jan Philipp Albrecht EP Rapporteur for the Data Protection Regulaiton and for the transatlantic “umbrella” Agreement
Paul Nemitz Director at the European Commission
Giovanni Buttarelli, Assistant European Data Protection Supervisor
Marc ROTENBERG Professor at the Georgetown University and Director of EPIC and Marie GEORGES expert at the Council of Europe
as well as Joe Mc Namee, Executive Director, European Digital Rights (EDRi).

(**) Article 8 Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority



Some questions to the would-be Commissioner for Better Regulation, Fundamental Rights and Rule of Law (Timmermans)

by Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be Commissioners for Better Regulation, Fundamental Rights and Rule of Law (Timmermans) will be questioned tomorrow by Members of the European Parliament (MEPs), to determine whether the EP should vote to confirm them in office. MEPs have already asked some written questions and the would-be Commissioner have replied. However, during the oral hearing will be an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments.
Rather strangely the hearing will not follow to the EP very detailed internal rules (of art.118 and Annex XVI (*) which require that hearing should take place before the Parliamentary committees Candidate Vice President Timmermans will instead be heard by the Conference of President of political Groups.

1.Rule of law / implementation of EU law
The confidence of all EU citizens and national authorities in the functioning of the rule of law in the Member States is vital to increase the mutual trust and to further develop the EU into “an area of freedom, security and justice without internal frontiers”.
In your written reply you strongly support the recent Commission proposal for a “common rule of law framework (COM(2014)158 as repeatedly advocated by the European Parliament (but criticized by the Council legal Service). However such an exercise risk which should cover all the EU member states, risk to be meaningless if the Commission does not strengthen the mechanisms which implement the principle of sincere cooperation with and between the MS. For instance there is no ground in the Treaty which justify confidential meetings between the Commission and the MS (even in the framework of the so called “EU Pilot mechanism”) when legal certainty on the exact scope of EU citizens rights and obligations are at stake.
As first steps to strengthen the rule of law would not then be appropriate :
– to update the way how the Commission on a daily basis debates with the Member states the implementation of EU legislation?
– make public the MS implementation plans as well as the table of correspondence between EU and national rules ?
– to implement, (five years after the Lisbon Treaty !), the art.70 mechanism on “objective and impartial evaluation of the implementation of the Union policies” in the FSJA by keeping informed the European and national parliaments ?
– to take stock every year of the ruling of the European Courts and of the measures taken at national level ?

2. Charter of Fundamental rights as “roadmap for the EU legislator ?
In a recent ruling the Court of Justice stroke down for the first time an EU Directive (the Data Retention Directive 2006/24) because “.., the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter. ” According to the CJEU the Directive “..does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter” and moreover “does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured…” In other terms from now on the Court of Justice will require a strict assessment of the proportionality and necessity of measures that constitute serious restrictions to fundamental rights, however legitimate the objectives pursued by the EU legislature.
On the basis of this landmark ruling do you not consider your priority to revise under the proportionality perspective the legislation falling in judicial and police cooperation in criminal matters adopted before the entry into force of the Charter and of the Treaty of Lisbon ?
Will you commit to develop a stronger and more transparent strategy to deal with infringements of EU law where the rights in the Charter are threatened by a Member State’s non-existent or incorrect implemenation of its EU law obligations?
Will not be sensible, taking in account your attachment to the REFIT exercise to review the legislation by establishing “sunset clauses” for measures limiting EU citizens rights? Moreover, by sticking on data protection aspects do you not consider that this ruling raise even bigger doubts on the compatibility with the proportionality principle of the EU-US agreements on PNR and TFTP and of the legislative proposals submitted by the Commission on the EU-PNR and the “Entry-Exit” (not to speak of the lack of compliance of the proposal on trusted traveller with the principle of non discrimination) ?  Continue reading “Some questions to the would-be Commissioner for Better Regulation, Fundamental Rights and Rule of Law (Timmermans)”

Access to documents: the Council might not implement a key CJEU judgment

by Professor Steve PEERS

Monday, 19 May 2014

The EU is often accused by critics of a lack of openness and transparency – and often such criticisms are justified. This is particularly the case as regards the EU legislative process. In principle, this process ought to resemble the open process seen in national legislatures, with full public access to the drafts of legislation that passes through the legislative chamber(s).

However, despite the adoption of a general Regulation on access to documents in 2001, this aspect (among others) of EU transparency is problematic.
The reason for this is that, within the Council, some Member States wish to keep their positions secret, at least while the negotiations are ongoing. Of course, this profoundly undermines the argument that citizens of each Member States, via national parliaments, can hold each individual government accountable for its action within the Council. For some Member States, though, accountability would bring embarrassment.

The CJEU, in accordance with its prior case law emphasising the importance of transparency in the EU legislative process, ruled in the Open Access Info judgment last year that the names of Member States in principle had to be released to the public.

This ruling would seem to be straightforward enough. But the Council is trying to wriggle out of it.

According to an internal Council document discussed by Member States’ EU ambassadors (Coreper) last week, the Council is considering three options:
– referring always to Member State positions;
– making no reference to Member State positions;
– or continuing an unsystematic approach to this issue.

The first option (full transparency) is rejected, because it sometimes this will not be ‘appropriate’, ie it might embarrass Member States. The second option is rejected, because it will be useful to have a record of Member States’ positions. So the suggestion is for the third option.

If this third option is chosen, what seems likely to result is that whenever a Member State believes that its position might be embarrassing, it will ask that there should be no listing of its name in the footnotes.

Moreover, the Council document does not foresee any active transparency, ie disclosing a document with Member States’ positions as soon as it is drawn up.

The new rules (when agreed) will only apply to documents when an individual requests a copy of them. By the time that the Council replies to such a request, discussions on a particular issue could have moved on and so there will not be an opportunity to have a public debate on whether a particular Member State’s position is justified.

So the whole process of challenging the Council in Court as regards this crucial aspect of EU legislative decision-making is ultimately likely to have only limited practical effect.

Perhaps the next step in this battle will have to be non-judicial: either a demand by the European Parliament that the Council open up its legislative proceedings further (or at the very least, that both institutions open up the secretive ‘trialogue’ process); or a complaint to the European Ombudsman that the Council should proactively make all its legislative documents public without individual request.
(NDR Emphasized by me)

Transparency in the EU : the distance between principles and Institution’s practices is widening up..

By Emilio De Capitani

As clearly explained in the previous post (Henri Labayle study on Access to documents) Transparency and good administration have become a core element of the post-Lisbon Constitutional Framework (1) However, notwithstanding the recurrent rhetoric declarations and promises in these pre-electoral days by several political figures at European and national level, four years after the entry into force of the Treaty and of the Charter the situation is even worse than before.
It is then more than likely that the the best supporters of the Eurosceptic movements are in these days the EU institutions and the Member States which are still blocking the reform of the EU rules on access to documents and whose daily practices are often contrary to the Treaties, the legislation into force, the ECJ jurisprudence and probably their own internal rules

A dead end for the rules on access to documents (Regulation 1049/01) ?

The EU legislative framework on access to documents dates back to 2001 when Regulation 1049/01 was adopted. It was against the unwillingness of the Commission and of several Members States but it was a success because of a (temporary) strong political majority in the European Parliament, a skilled Swedish Council Presidency and clear support by the civil society.

However in the following years notwithstanding a growing support by the European Court of Justice Jurisprudence the Council and Commission practice has tried to rebuild the previous opaque practices. Paradoxically the turning point has been after the groundbreaking “Turco” Case (C-39/05 P and C-52/05 P Sweden and Turco v Council and Commission, judgment of 1 July 2008) by which the Court considered that openness “contributes to strengthening democracy by enabling citizens to scrutinise all the information which has formed the basis for a legislative act. The possibility for citizens to find out the considerations underpinning legislative action is a precondition for the effective exercise of their democratic rights”(Sweden and Turco v Council, paragraph 46). In this perspective the Court of justice considered that it was also admissible to have access even to the Institution’s legal service opinions notably when dealing with the soundness of legislative works (2).
Continue reading “Transparency in the EU : the distance between principles and Institution’s practices is widening up..”

Henri LABAYLE : Openness, transparency and access to documents and information in the EU

Source : European Parliament Policy Department: Citizens’ Rights and Constitutional Affairs
Full text of the Study
Author: Henri Labayle, professor at University de Pau et des pays de l’Adour (FR)



1.1 Constitutional framework
1.1.1 Principle of openness
1.1.2 Principle of transparency
1.1.3 Right of access to documents
1.2 Regulatory framework of the right of access to documents
1.2.1 System for the right of access
1.2.2 Exercise of the right of access
1.3 Case-law framework of the right of access to documents
1.3.1 Principle of right of access
1.3.2 Content of right of access


2.1 Details of comparison
2.1.1 The Council of Europe
2.1.2 National comparisons
2.2 Institutional practices relating to access to documents
2.2.1 Practice of the Commission
2.2.2 Practice of the Council
2.2.3 Practice of the European Parliament
2.2.4 Details of comparison



This study is an update to a previous study about case law in relation to the right of (1) access to documents. It puts into perspective the Union’s institutional practice in relation to the entry into force of the Treaty of Lisbon. The right of access to documents in the Union is part of a legal context updated by the Treaty of Lisbon. The principles of transparency and good governance have constitutional implications for the Union’s institutions, and the Charter of Fundamental Rights of the European Union establishes them as a fundamental right. While the implementation of Regulation (EC) No 1049/2001 has been a success during the last 10 years, it now needs to be revised to bring it up to date.
In fact, the constitutional progress represented by the Treaty of Lisbon has been boosted by advances in case law.
The challenge of the revision process, requested by the European Parliament since 2006 and initiated in 2008, involves giving consideration to the following two elements: the declaration of a fundamental right and the important lessons learnt from case law.
This body of case law and observation of the Union’s institutional practice have given rise to the following significant remarks.

I – The first remark concerns the very nature of the right of access.

The combination of the Treaty of Lisbon with the case law relating to Regulation (EC) No 1049/2001 now creates a different perception of the right of access. Before being an institutional challenge within the Union, requiring institutions to have the same amount of information when performing their duties, access to documents has now become a right of the individual. This is a general trend. It is noted in comparative law and in European law in particular, with this being confirmed by the Convention of the Council of Europe on Access to Official Documents. The nature of the obstacles it describes preventing the right of access is largely the same as that under EU law. On the other hand, the Union does not give a specific independent authority the guarantee of access to documents, unlike many of its Member States.

II – A second series of remarks derives from the Court of Justice’s interpretation of Regulation (EC) No 1049/2001.

Apart from the far-reaching nature of this right, in less than five years, the Court has given its verdict accordingly on exercising the right of access in relation to administrative, legislative and judicial matters.
1. The right of access to documents is linked to the Union’s democratic nature. Transparency guarantees greater legitimacy and accountability of the administration in a democratic system because citizens need to have the opportunity to understand the considerations underpinning EU regulations in order to exercise their democratic rights (Turco, Access Info Europe cases).
2. Access must be as broad as possible, thereby reducing the internal `space to think’ or the `negotiation space’ which the institutions want. Therefore, protecting the decision-making process within the Union excludes any general confidentiality, especially in the field of legislation (Borax, Access Info and MyTravel cases).
3. The scope of the various exceptions is tightly controlled. Therefore, the major challenge posed by the exception concerning international relations does not automatically entail confidentiality (In’t Veld cases). Similarly, court proceedings are not excluded from transparency under the guise of respect for the proper administration of justice (API case). Legal opinions are not necessarily bound by confidentiality, especially on legislative matters (Turco and MyTravel cases), no more than the identity of Member States is protected by confidentiality during the legislative procedure (Access Info Europe case).
4. Combining data protection schemes may require ‘switching’ from a general regulation to a special regulation on data protection (Bavarian Lager case) and on monitoring activities. Legal protection for confidentiality (Bavarian Lager case) and a `general presumption’ of confidentiality (Technische Glaswerke Ilmenau case) may reduce the scope of transparency.
5. The documents supplied by Member States are not covered by general confidentiality (IFAW judgment).

III – There are also plenty of lessons which may be drawn from the practice of the three EU institutions, by reading the annual reports required by the regulation and looking at certain national practices.

1. The number of applications for access in the European Union is in decline. This is not in keeping with the practices in some Member States or even in states outside the EU such as the United States or Australia.
2. The volume of refusals to provide access remains proportionally large and is tending to rise.
3. The number of applications for access in the areas of Common and Foreign Security Policy (CFSP) and Justice and Home Affairs (JHA) confirms the sensitive nature of these matters.

The type of public interested in gaining access to documents should raise questions for the Union on two counts.
Firstly, professionals are the main group requesting access to documents (particularly Commission documents) and, secondly, university institutions are nowadays the most efficient channels for transmitting information and guaranteeing administrative transparency. The glaring lack of interest from ordinary citizens in transparency must provide some food for thought.


There is an ever-growing demand for openness and transparency in modern societies. The European Union is also subject to this demand, although it is not necessarily successful in finding solutions which meet people’s expectations.2.
The Union has undergone a sea change, from a diplomatic approach to dealing with records, where secrecy is the rule, to an institutional system requiring a democratic basis.
Firstly, and mainly as a result of the accession of new Member States, which are sensitive to this issue, the European Union made some of its documents available for public access. Declaration 17 annexed to the Treaty of Maastricht referred to the link between the transparency of the decision-making process and the democratic nature of the institutions, but its scope remained limited. Two Commission communications on transparency and access to documents were then published, followed by a `Code of Conduct’3 adopting the principle of public access to Council and Commission documents.
Secondly, the Treaty of Amsterdam enshrined these principles in primary law. Firstly, Article 1 of the treaty stated that decisions are taken as openly as possible’, thereby recognising the principle of openness. Secondly, Article 255 TEC provided a legal basis for governing the right of public access to EU documents. This would be achieved with the adoption of Regulation (EC) No 1049/2001 regarding public access to European Parliament, Council and Commission documents . Finally, the White Paper on governance 2001 would highlight the need for involvement from and openness towards citizens to restore confidence in the Union.

Until then, the principles of `openness’ and `transparency’, which were used frequently in common parlance, had actually fulfilled more of a political than a legal function. Highlighted by the European Union with the aim of abating the crisis of confidence over the administration, these principles still had very little regulatory force, unlike the right of access to documents, which would be developed under Regulation (EC) No 1049/2001.

The scope of this study does not extend to a more in-depth examination of this historical period, but it does cover two of its main features. Firstly, openness and transparency basically boiled down to just one thing, access to information; and, secondly, the guarantee from the judicature was key to ensuring that this right had real meaning.
Case law was intended to make the judicature a prominent player in the exercise of the right of access to documents, on the instigation of the European Ombudsman, thereby conferring upon it the status of a real fundamental right.

The prospect of this development was upset by the entry into force of the Treaty of Lisbon. This treaty outlined a new legal framework both in terms of the functioning of the Union’s administration and of European citizens’ rights.


The Treaty of Lisbon changes not only the perception of the right of access to documents in the Union, but also the conditions under which the administration and the legislature perform their duties. Nowadays, the principles of openness and transparency feature in EU primary law, which should have consequences for the right of access to documents as one of the ways of applying that law.

1.1 Constitutional framework
The text of the treaty is clear: the principle of openness is set out in it. Hence its implementation via the principle of transparency and principle of access to documents6.

1.1.1 Principle of openness
This is a general, ‘umbrella’ term incorporating both the principle of transparency and the principle of participation.
Article 1 of the Treaty on European Union (TEU) therefore echoes the Treaty of Amsterdam by stating that it marks ‘a new stage in the process of creating an ever closer union among the peoples of Europe, in which decisions are taken as openly as possible and as closely as possible to the citizen’7.

The treaty conveys the specific meaning of this principle in two places. In Article 10(3) on the ‘functioning of the Union’, under Title II on ‘democratic principles’, the TEU confirms that ‘every citizen shall have the right to participate in the democratic life of the Union. Decisions shall be taken as openly and as closely as possible to the citizen’. The principle of openness is therefore linked for the first time to the ‘democratic life’ of the Union and to ‘representative democracy’. The Union is democratic because it is ‘open’ to its citizens, which is confirmed by the following article.

Article 11(2) TEU is aimed directly at the institutions, which must maintain ‘an open, transparent and regular dialogue’ with representative associations and civil society. It therefore adds an active dimension to the principle of openness.
The Treaty on the Functioning of the European Union (TFEU) reinforces the basis of the principle by setting out the terms for its implementation in Article 15(1) TFEU. The ‘Union’s institutions, bodies, offices and agencies’ have a duty to conduct their work ‘as openly as possible’ and this is ‘in order to promote good governance and ensure the participation of civil society’. This requirement requires several comments.

At this stage, the principle of openness in the Union was still regarded as a prerequisite for its functioning more than as a right of its citizens. This explains why it had a very wide scope of application, extending across the whole administrative machinery. Although it did not have an absolute remit and included no obligations in terms of results, the ‘promotion’ objective assigned to the Union still required the Union to adopt a dynamic approach.

Finally, Article 298(1) and (2) TFEU provided a vital addition to the regulatory transposition of the principle of openness. Stating that in carrying out their missions, the institutions, bodies, offices and agencies of the Union ‘shall have the support of an open, efficient and independent European administration’, it conferred on the Union’s legislature the power to ‘establish provisions to that end’.

1.1.2 Principle of transparency

As the Court of Justice confirmed in a leading case discussed below, ‘a lack of information and debate is capable of giving rise to doubts in the minds of citizens, not only as regards the lawfulness of an isolated act, but also as regards the legitimacy of the decision-making process as a whole’8. With those words, the Union judge put the debate on transparency9 squarely in the camp of legitimacy and democracy. From his perspective, ‘it is precisely openness in this regard that contributes to conferring greater legitimacy on the institutions in the eyes of European citizens and increasing their confidence in them by allowing divergences between various points of view to be openly debated’.

Previously and without yet mentioning the ‘requirement of transparency’10, the case law of the General Court and the Court of Justice had been based on Declaration 17 annexed to the Treaty of Maastricht11, in the absence of another more explicit text. Once this text became available with Regulation (EC) No 1049/2001, the judicature reinforced its argument. Transparency guarantees that ‘the administration enjoys greater legitimacy and is more effective and more accountable to the citizen in a democratic system’12. It enables them ‘to carry out genuine and efficient monitoring of the exercise of the powers vested in the Community institutions’13 . ‘Only where there is appropriate publicity of the activities of the legislature, the executive and the public administration in general, is it possible for there to be effective, efficient supervision, inter alia at the level of public opinion, of the operations of the governing organization and also for genuinely participatory organizational models to evolve as regards relations between the administration and the administered.’14

The procedural transparency and institutional transparency referred to in the TEU and TFEU merged in the Treaty of Lisbon to give some practical meaning to the Union’s action15.

The principle’s normative scope still remained limited,16 but the provisions of Article 11 TEU indicate that the battle lines had shifted. The Union’s institutions now had an obligation to apply the principle ‘by appropriate means’. Whether this involved the ‘open, transparent and regular dialogue’ with civil society stated in Article 11(2) TEU or the EU’s’actions being transparent’, which requires ‘broad consultations’ under paragraph 3, the respect for ‘democratic principles’ mentioned under Title II TEU exerted new pressure on the institutions, especially when it came to access to information, and by extension, documents. Therefore, this citizen’s right shifts from being a judgment call to being exercised in a regulatory context.

The consequences arising from this change of perspective were significant. The call for openness and transparency was no longer an abstract reference in this case, but represented a condition for the democratic legitimacy of the rule of the Union. The treaty ‘legalised’ principles that could, one day, be interpreted on the basis of case law, if, for example, a legislative act has been adopted outside this participatory dialogue required by the treaty.

1.1.3 Right of access to documents

The public’s right to access institutional documents17 was asserted in the Union by way of regulation before being enshrined in the founding treaties. The implementing regulation came before the constitutional declaration in this case, with the judge pointing out that ‘the domestic legislation of most Member States now enshrines in a general manner the public’s right of access to documents held by public authorities as a constitutional or legislative principle’18.
This right is based politically on the principle of transparency. This was confirmed by the Court of Justice in 2007: its ‘aim is to improve the transparency of the Community decision-making process, since such openness inter alia guarantees that the administration enjoys greater legitimacy and is more effective and more accountable to the citizen in a democratic system’19 . As the Court points out, ‘the possibility for citizens to find out the considerations underpinning legislative action is a precondition for the effective exercise of their democratic rights’20.

Legally speaking, this right was therefore established initially on the basis of Article 255 TEC, which gave citizens the right to access the documents of the three main institutions. It subsequently gave rise to a substantial body of case law without the Court of Justice going as far as to establish a general principle. Its general wording in the TEC explained its lack of direct effect21, with the treaty instructing derived law to provide content for it. Nevertheless, at this point the right of access changed from a simple option granted on a discretionary basis to the administered by the institutions to a true ‘subjective, fundamental right’22 granted to those targeted by Article 255 TEC.
The Treaty of Lisbon amends this law as it stands significantly in two respects.

First of all, the Charter of Fundamental Rights makes this access a fundamental right. Article 42 has the heading ‘Right of access to documents’, implying that ‘any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State, has a right of access to European Parliament, Council and Commission documents’. The explanatory notes accompanying the Charter point out that this Article 42 ‘has been taken’23 from Article 255 TEC, which provided the basis on which Regulation (EC) 1049/2001 had been adopted, with the Convention wishing to extend its scope.
Advocate General Maduro emphasised this change in his conclusions on the case Sweden v Commission cited above with this ‘protection of the right of access under ever higher norms’: ‘Since the right of access to documents of the institutions has become a fundamental right of constitutional import linked to the principles of democracy and openness, any piece of secondary legislation regulating the exercise of that right must be interpreted by reference to it, and limits placed on it by that legislation must be interpreted even more restrictively.’24

When referring to the relationship between Article 42 of the Charter and the European Convention on Human Rights (ECHR), this EU judge therefore stated that ‘with respect to the right of access to documents of the Union’s institutions, bodies, offices and agencies, the Charter provides for a special fundamental right’25.

The TFEU itself has also changed the legal environment of the right of access. This has happened, first and foremost, because the protection desired by Member States regarding the confidentiality of the Council’s work disappeared in Article 207(3) TEC 26.
On the other hand, Article 15(1) TFEU confirmed the requirements for ‘good governance’ by providing specific content for the principles of openness and transparency. In paragraph 3 the ways of exercising the right of access to documents on a compulsory basis are expressed in far more precise terms than in Article 255 TEC. The removal of the inter-governmental pillars and the downgrading of the institutional treatment of the JHA and CFSP allow it to cover all the Union’s work, which must be carried out ‘as openly as possible’.

A literal analysis of Article 15 TFEU highlights that this statement is part of an overall initiative. While the Union’s governance requires its work to be conducted ‘openly’ in paragraph 1, paragraph 3(3) of the same article refers to the proceedings of each relevant EU administrative entity being ‘transparent’. Therefore, the systematic nature of the triangle of openness/transparency/document access is outlined in the treaty. Moreover, it clearly states the scope of the obligations incumbent upon the ‘institutions, bodies, offices and agencies’. While the call for the Union’s work to be conducted ‘as openly as possible’ is not necessarily an indication of a constraint, on the other hand, the conditions for the right of access to documents are pinned down in a more binding manner.

Article 15(3) (1) TFEU starts off by defining a right ‘subject to the principles and the conditions to be defined in accordance with this paragraph’. It does not grant the legislature the power of discretion to decide what these ‘principles and conditions’ are. It is the duty of the legislature to implement the right of access allowing EU citizens to enjoy this right. The definition of its general principles and conditions for exercising it is an absolute requirement, governed by ordinary legislative procedure.

The third subparagraph of the same article then reinforces the obligations imposed on the relevant entities: they must ensure that their ‘proceedings are transparent’ and they have to draw up in their own Rules of Procedure ‘specific provisions regarding access’ to documents. This presupposes therefore that the right of access has been regulated before.
Lastly – and this is an important observation – the authors of the treaty expand considerably the group of institutions that are bound by the obligations. The group is no longer just made up of the three main institutions, but in a very general manner incorporates the ‘Union’s institutions, bodies, offices and agencies’. The penultimate subparagraph of paragraph 3 emphasises in the case of the Court of Justice of the European Union (CJEU), the European Central Bank (ECB) and the European Investment Bank (EIB) that they ‘shall be subject to this paragraph only when exercising their administrative tasks’.
This generalisation, which is already taken into account by a number of internal agencies and institutions, therefore reinforces the need for a new text on the right of access, failing which a right based on the Treaties may not be applied.

The value added offered by the Treaty of Lisbon can therefore be summarised as follows: on the one hand, the treaty establishes a real fundamental right of access to documents and, on the other hand, it tightly controls the exceptions to a right whose scope has been generalised. The value added deriving from this for individuals then allows a hierarchy of challenges to be established: before being an institutional challenge within the Union, requiring institutions to have the same amount of information when performing their duties, the access to documents has now become a right of the individual. This shift completes the structural change initiated by the Union’s judicature 20 years ago.

In this legal context, the regulation of the right of access applied by Regulation (EC) No 1049/2001 13 years ago seems considerably out of touch nowadays. Both the ‘general principles’ and legitimate ‘limits’ governing the right of access, mentioned in Article 15(3) TFEU, need to be revamped by the legislator by means of the ordinary legislative procedure, a fact which should not be forgotten.

The need to update the regulation actually comes from the triangle described earlier, linking the duties of openness, transparency and access to documents 27. It extends beyond the framework of Article 15 TFEU alone, for instance, in light of Article 298 TFEU. Furthermore, the strictly minimalist approach of the Commission’s second regulatory proposal28 derives more from the amendment to the previous regulation than from the implementation of the Treaty of Lisbon.
Consequently, with regard to both the scope of the right of access and the particular issues relating to the sensitive nature of some classified documents or codifying the advances made in case law for some categories of documents, a new text needs to be adopted.

1.2 Regulatory framework of the right of access to documents

A quick recap of what this framework29 entails will make it possible to assess not only the challenges involved with its revision but also the significant impact of the case law from the Court of Justice and the General Court.

1.2.1 System for the right of access

As a result of the gap in the Treaties, Regulation (EC) No 1049/2001 has become the cornerstone of the right of access to administrative documents, which has led the Court of Justice to focus specific attention on the reason for this in order to clarify its use.
This reason provides some guiding principles:
• Access to documents is linked to the principles of transparency and openness referred to by the Treaties, with the regulation consolidating current practices.
• The purpose of the regulation is ‘to give the fullest possible effect’30 to the right of access in its definition of its principles and limits. Therefore, in principle, ‘all documents should be accessible to the public’, in other words, ‘any citizen of the Union, and any natural or legal person’ residing there.
• The right of access assumes a particular meaning ‘in cases where the institutions are acting in their legislative capacity’ and it is applicable to CFSP and JHA.

On this point, Regulation (EC) No 1049/2001 provides an extremely broad definition of a ‘document’ as Article 3(a) defines it as ‘any content whatever its medium (written on paper or stored in electronic form or as a sound, visual or audiovisual recording) concerning a matter relating to the policies, activities and decisions falling within the institution’s sphere of responsibility’. In specific terms, each institution has therefore been granted the procedural mechanisms required to obtain access and, by applying Regulation (EC) 1049/2001, they produce an annual report about its application.

In addition to this key text, other specific texts should be mentioned31 whose interaction with Regulation (EC) No 1049/2001 caused difficulties which led the Court of Justice to settle matters (see below)32. The following table33 can provide accordingly a summary of the current state of play….

Continue reading …

1 Public access to the European Union documents, State of the law at the time of revision of Regulation 1049/2001′, PE 393.287, 2008 and `Classified information in light of the Lisbon Treaty’, PE 425.616, 2010.
2 Specific reference will be made to our studies Public access to the European Union documents, State of the law at the time of revision of Regulation 1049/2001′, PE 393.287, 2008 and Classified information in light of the Lisbon Treaty’, PE 425.616, 2010.
3 Code of Conduct concerning public access to Council and Commission documents, OJ L 340 31.12.1993, p. 37.
4 OJ L 145, 31.05.2001, p. 43.
5 COM(2001) 428.
6 A. Allemano, ‘Unpacking the principle of openness in EU Law, transparency, participation and democracy’, European Law Review 2014 (forthcoming).
7 J. Mendes, ‘Participation and the róle of law after Lisbon: a legal view on article 11 TEU’, CMLRev 2011.1849.
8 ECJ, 1 July 2008, Kingdom of Sweden and Turco v Council, C-39/05 P and 52/05P, paragraph 59.
9 M. Hillebrandt, D. Curtin, A. Meijer, ‘Transparency in the Council of ministers of the EU: institutional approach’, Amsterdam Centre for European law, Working paper 2012-04.
10 CFI, 25 April 2007, WWF European Policy Programme/Council, T-264/04, paragraph 61.
11 CFI, 17 June 1998, Svenska journalistfórbundet v Council, T-174/95, ECR II-2289 paragraph 66; CFI, 14 October 1999, Bavarian Lager/Commission, T-309/97, ECR II-3217, paragraph 36.
12 CFI, 7 February 2002, Kuijer/Council, T-2011/00, paragraph 52 and ECJ, 6 March 2003, Interporc/Commission C-41/00 P, ECR p. I-2125 paragraph 39.
13 ECJ, 7 December 1999, Interporc v Commission, paragraph 39.
14 Opinion of Tesauro under ECJ, 30 April 1996, Netherlands v Council, C-58/94, ECR I-2169 paragraph 14.
15 D. Curtin, ‘Judging EU secrecy’, Amsterdam Centre for European law, Working paper 2012-07.
16 See A. Meijers,’Understanding the Complex Dynamics of Transparency’, and S. Castellano et A. Ortiz, ‘Legal Framework for e-transparency and the right to public access in the EU’, Transatlantic Conference on Transparency Research, Utrecht, 2012.
17 The analysis will continue to focus on Regulation (EC) No 1049/2001, apart from provisions relating, for example, to environmental law.
18 ECJ, 30 April 1996, Netherlands v Council, C-58/94, ECR I-2169 paragraph 34.
19 ECJ, 18 December 2007, Kingdom of Sweden v Commission, C-64/05, ECR I-11389, paragraph 54.
20 id paragraph 46; see also CJEU, 17 October 2013, Council v Access Info Europe, C-280/11 P.
21 In spite of the calls of some of its Advocate Generals or the positions of the CFI: Advocate General Tesauro speaks of a ‘fundamental civil right’ in the case Netherlands v Council (paragraph 19) and the CFI talks about a ‘principle of the right to information’ (CFI, 19 July 1999, Hautala v Council, T-14/98, ECR. p. II- 2489, paragraph 87) or of the ‘principle of transparency’ (CFI, 7 February 2002, Kuijer v Council, T-211/00, ECR p. II-485, paragraph 52).
22 Opinion of Maduro under ECJ, 18 December 2007 cited above, ECR I-11389, paragraph 40.
23 By mentioning its extension to the ‘bodies and agencies’ of the EU.
24 Opinion of Maduro under ECJ, 18 December 2007 cited above, ECR I-11389, paragraphs 40-42.
25 GC, 29 November 2012, Gaby Thesing v ECB, T-590/10 paragraphs 72-73.
26 ‘For the purpose of this paragraph, the Council shall define the cases in which it is to be regarded as acting in its legislative capacity, with a view to allowing greater access to documents in those cases, while at the same time preserving the effectiveness of its decision-making process. In any event, when the Council acts in its legislative capacity, the results of votes and explanations of vote as well as statements in the minutes shall be made public.’
27 Acknowledged by the Council in its 2012 annual report on exercising the right of access, p.7.
28 COM(2011) 73.
29 For a more in-depth look at the regulatory framework and the associated case law up until 2008, refer to our study ‘Public access to the European Union documents, State of the law at the time of revision of Regulation 1049/2001’, PE 393.287, 2008.
30 CJEU, 21 July 2011, Sweden and MyTravel v Commission, C-506/08 P cited above, paragraph 73 and CJEU, 17 October 2013, Access Info Europe, C-280/11 P cited above, paragraph 28.

After “Prism” (and US Patriot Act section 215): EDRI and FREE submission to US and EU Institutions.



the European Digital Rights Initiative (EDRi) &

Fundamental Rights European Experts Group

(FREE Group)


the United States Congress,

the European Parliament and  Commission

& the Council of the European Union,

& the Secretary-General & the Parliamentary Assembly

of the Council of Europe


the surveillance activities of the United States and certain European States’ national security and “intelligence” agencies

August 2013

Note on the choice of addressees:

EDRi and FREE are submitting this appeal to the addressees mentioned on the cover page for the following reasons:

                      The US Congress is ultimately responsible for providing democratic oversight over the activities of the US Executive.  It has established a Privacy and Civil Liberties Oversight Board (PCLOB) consultation on FISA and the PATRIOT Act.  However, while we are sending a copy of this submission to that consultation, this document is addressed to the Speaker of the House of Representatives and the President pro tempore of the Senate because we argue that the issues raised can only be addressed properly by the establishment of a special investigation committee of Congress, with appropriate support and powers.  We also wish to stress that, whatever the defects in the scope of protection afforded to non-US citizens under the US Constitution, the USA, as parties to the UN International Covenant on Civil and Political Rights and the Council of Europe Cybercrime Convention, are bound under international law to extend privacy protection to non-US citizens and to observe the principles of legality, necessity and proportionality also in their surveillance activities.

                      The European Parliament is responsible for providing democratic oversight over the activities of the European Union, and has taken a keen interest in the issues raised, as has the European Commission, which forms the executive branch of the EU.  However, the European Council (representing the governments of the EU Member States) has been less demanding.  We are calling for all of them to seek to establish the full truth about the relevant laws and practices, in both Europe and the USA.  We are aware of the “national security” exemptions in the main EU treaties, but these are not and should not be absolute, or seen as granting Member States total exemption from scrutiny in this regard.  The EU Charter on Fundamental Rights, which has fundamental status in the EU (even in relation to UN Security Council decisions) and explicitly demands full protection of personal data, cannot be simply ignored in this context.  Ultimately, it is for the European Court of Justice to determine the scope of the exemption, but we already note that the US’ NSA’s activities are manifestly not limited to national security as defined in international law.  We are therefore urging the EU bodies to address the issues to the fullest extent possible within their legal competences.

                      The Council of Europe (CoE), as the oldest, broadest European institution, has the main responsibility for upholding human rights and the rule of law throughout the territory of its 47 Member States.  Its mandate, in particular in relation to human rights and the upholding of the European Convention on Human Rights, does not exclude matters relating to national security.  On the contrary, the standards that we cite in our submission have been mainly developed by the European Court of Human Rights in its case-law under the Convention.  All European States are legally obliged to “secure” full protection of these rights and freedoms.  Within the Council of Europe, responsibility for the upholding of these standards is shared between the Secretary-General and the Committee of Ministers (representing the CoE Member States), the Parliamentary Assembly of the Council of Europe (PACE), and the Court.

Effective action on the issues addressed in this submission will require the involvement of all of the above.  For that reason, we address this submission to all of them.

I.                   General:

1.                  The activities of national security agencies in Europe and the USA, and the arrangements under which they cooperate, have been outside the scope of effective democratic oversight and outside clear legal frameworks for too long; they must be brought under the Rule of Law.

2.                  For Europe, that means those activities must be made to comply, in law and in practice, with the relevant minimum European human rights standards developed by the European Court of Human Rights under the European Convention on Human Rights (ECHR) summarised below, at II, and in Attachment 1.  At present, it appears that several European States are not complying with these standards.

3.                  These European constitutional standards are in line with the global (UN) standards enunciated by the Human Rights Committee acting under the UN International Covenant on Civil and Political Rights (ICCPR) and others, briefly noted in Attachment 2.  All European States and the USA are parties to the ICCPR in particular.

4.                  For the USA, this means that it, too, should bring its activities in line with these standards.  As a first step, US surveillance law and practice (in relation to surveillance of both US citizens and non-US/European citizens) must be made totally clear, and any divergence from those standards must be made public.  Only that will allow for sensible discussions on how to bring those activities into line with international standards.  Current US law as far as currently known is summarised below, at IV, and in Attachment 3.

II.                European requirements:                         

(For more detail, see Attachment 1)

5.                  If an agency of any European State is given powers under the laws of that State to gather information on (the communications- or other data of) anyone, be that within Europe or not, then that activity must be regarded as being done “within the jurisdiction” of the State concerned.[1]  This means that, in relation to any surveillance activity by any European State, on anyone, wherever they are, the State in question must comply with the minimum European standards, set out in Attachment 1, which are directly derived from the ECHR case-law.

6.                  Moreover, from a European perspective, any spying on Europeans and non-Europeans living in Europe, by any non-European State, anywhere in the world, should meet the same minimum European-constitutional and the similar UN standards, set out in Attachment 2.

7.                  Non-European national security agencies should not seek or gain direct access to any personal data held in Europe (e.g., by asking US companies to “pull” data from their Europe-based servers, or to allow US agencies to query the data in Europe, and hand over the results):  that infringes the sovereignty of the relevant European States (PCIJ, Lotus judgment, pp. 18-19).[2]  Instead, they should seek such access through bi- or multilateral assistance treaties, under arrangements similar to Mutual Legal Assistance Treaties (MLATs) for law enforcement agencies;  and those treaties should in substance and process conform to the minimum European-constitutional and international standards.

8.                  Failure of a European State to prevent improper spying by non-European countries constitutes a breach of that country’s “positive obligations” under the ECHR.  Active support for, complicity in, or even passive condoning of such spying would breach the State’s primary obligations under the ECHR.

9.                  In addition, European States and the European Union should ensure that personal data on Europeans and non-Europeans living in Europe, if held on US-based “cloud” servers, will be accessible to the US national security agencies only on the basis of clear and published provisions of treaty arrangements that also meet those European-constitutional and international standards.

III.              USA requirements:                                               

(For more detail, see Attachment 3)

10.              The First and Fourth Amendments to the US Constitution in principle guarantee the right to free speech and freedom from unreasonable searches to US citizens.  However, even domestically, this protection is weakened by the “third party” doctrine on personal data and the relaxed “pen/trap” rules on searches.  Secret rulings of the FISA Court reportedly further erode these rights, arguably in unconstitutional ways.  Those rulings are being challenged in the US courts.  Here, we may note that current US law and practice, even with regard to spying on US citizens, falls short of European and international standards.

11.              Moreover, it has become clear that non-US citizens outside the USA do not enjoy even the limited protections of the First and Fourth Amendments:  they can be spied upon arbitrarily by US agencies, without any meaningful substantive or procedural limitations, in clear breach of international standards on privacy generally, and on privacy and freedom of expression on the Internet in particular.  Under international human rights law, those guarantees should be afforded to “everyone” affected by the measures.

IV.             How to address the issues:  our demands

12.              The ultimate aim should be for both the US and the European legal systems to offer high-level privacy/data protection to “everyone”, in line with the established European minimum standards (set out in Attachment 1), that are also in line with UN standards (set out in Attachment 2); and for those standards to be adhered to in practice by the USA, all European States, and the EU, whether acting independently or jointly.

To this end, we demand urgent action from both the US and the European institutions.

Demands for review and redress from the USA:

i.                    Clarity about the law, and honesty about practice:

13.              We demand complete transparency in relation to the scope and detail of US spying activities, and of the bi- and multilateral arrangements between the USA and other States and international organisations, in particular “5EYES”[3], Atlantic and/or European ones, relating to this activity, under which data on the communications and Internet activities of European citizens are intercepted, held, recorded and/or monitored and analysed.

14.              We demand complete clarity about the limitations of the US legal system, and in particular as concerns the apparent fact that it provides insufficient protection to US citizens, and effectively none to non-US citizens.  Following such a full clarification, urgent measures should be taken to bring the US surveillance system fully into line with international human rights- and privacy/data protection standards.

ii.                  The way to achieve this:                    

15.              While we appreciate the establishment of the PCLOB consultation, we do not believe that this is the appropriate forum or process to achieve the required full transparency, or that it will lead to US law and practice being brought fully into line with the requirements of international law.

16.              To be more specific:  we are joining US civil liberty organisations in calling on the US Congress to establish a properly staffed special investigatory committee, on the lines of the 1970s CHURCH Commission, with the power to subpoena witnesses and documents; and to make arrangements to ensure that European institutions, States and NGOs can fully participate in the investigation carried out by this special committee, and indeed in the drawing up of the mandate for this committee.

iii.                The changes to be made

17.              Senior European politicians have called for the extension of US legal protections afforded under US constitutional and federal law to (communications) data on US citizens, to (communications) data on European citizens held in the USA or accessed from the USA by US agencies, just as data on US citizens, held in Europe, is already protected under European human rights- and data protection law.

18.              Reciprocity is indeed an important element in international relations.  However, in the present context, this fails to recognise that while, in respect of their data, Europeans currently enjoy hardly any protection under US laws, the protection accorded to US citizens under those laws is also deficient, and falls below European and wider international minimum requirements.  Raising the level of US legal protection for data on Europeans to the level of protection of data on US citizens therefore still leaves European citizens and US citizens subject to a regime that falls short of international standards.  That is not enough.

19.              We are joining civil liberty organisations in the USA in calling for fundamental changes in US law, to ensure proper protection under the law against non-transparent and undemocratic surveillance.  New laws must be introduced at federal level to provide much stricter rules, open judicial warrants and rulings, and full democratic control, in accordance with international human rights and privacy/data protection standards.  Specifically, we demand that when such laws are in place, they should afford equal protection to US and non-US citizens.

20.              Until this is achieved, the USA cannot be said to offer “adequate” protection to data, in relation to any of the areas for which the European Commission has (wrongly) held it to offer such protection:  the “Safe Harbor”, the disclosure of PNR data, and the making available of SWIFT data (see below, para. 29).

Demands for review and redress from Europe:

i.                    Clarity about the law, and honesty about practice:

21.              European States are not blameless when it comes to surveillance:  in spite of a much stronger legal regime on paper (under the ECHR), it appears that practice in some (perhaps many) European States also fall seriously short of the European-legal (ECHR) requirements.  Several States, in particular the UK, also seem to have worked closely with the USA (in particular, in ECHELON) in establishing a global surveillance network that appears to blatantly violate European and international law.  We need complete clarity about the laws in the EU- and Council of Europe Member States, and complete clarity about the treaties entered into by European States, and full, honest disclosure about the practices of the national security agencies and –bodies of the EU- and Council of Europe Member States too.


The way to obtain this:                        EU:

22.              The European Parliament has a crucial role to play.  We welcome the European Parliament’s decision to establish a committee of enquiry within the Civil Liberties Committee, and urge it to be broad, to encompass all the threats posed to the rights of European citizens by foreign and EU Member States’ surveillance activities.

23.              We also – but very cautiously and with serious reservations – note the establishment of an EU-US “expert group” to look at these matters.  However, we oppose the excessively limited mandate of this group, and demand full transparency about its composition and activities.  We demand civil society involvement and complete openness for the work of this group.  Without that, its findings and the arrangements it might propose are likely to be incomplete, will lack credibility and, consequently, will be unacceptable.


Although this should be obvious, for the avoidance of any doubt, the EU should make clear, as a matter of urgency, that any disclosure of data on European citizens that is subject to European data protection law (such as financial or airline data, or Europol/Eurojust/etc. data) to, or any access to such data by, national Member States’ national security agencies (NSAs), and a fortiori by third country agencies, is subject to the European data protection rules governing the processing of such data.

Council of Europe

25.              We note the fact that the Council of Europe, which Europe’s main human rights guarantor, is not excluded from addressing matters relating to national security that may affect the human rights of European citizens and indeed of “everyone” affected by measures of CoE Member States.  On the contrary, the European standards set out in Attachment 1 have been developed by the European Court of Human Rights in what is now established case-law, applicable to all Council of Europe Member States (which includes all EU Member States), and indeed to the EU itself (albeit, for now, still indirectly, through “general principles of Union law” and the EU Charter).

26.              Specifically, we call on the Secretary-General of the Council of Europe to exercise his power under Article 52 ECHR to demand of all CoE Member States full disclosure of “the manner in which [their] internal law[s] ensure[s] the effective implementation of” Article 8 of the ECHR in relation to surveillance of electronic communications- and Internet data by their national security agencies; and on the CoE Commissioner of Human Rights, PACE, and NGOs to be fully involved in this enquiry.

iii.                The changes to be made

27.              Until the full truth has been established, and full, appropriate remedial action has been taken to bring the activities of all relevant US agencies in line with international standards, there can be no close cooperation between US and European agencies, or between US and European State’s agencies on the previous, essentially unregulated basis.

28.              Immediate changes:  Given that, as noted above, in para. 20, in the light of the recent revelations, the USA cannot be said to offer “adequate” protection to data in relation to the “Safe Harbor”, the disclosure of PNR data, and the passing on of SWIFT data, the current arrangements are in clear and blatant breach of the primary law of the European Union and, consequently, the EU is legally obliged to immediately suspend all US-related European data protection “adequacy” decisions.

29.              Changes to the General Data Protection Regulation:  Pending adoption of adequate legislation in the USA, European data protection law should ensure that European citizens are clearly warned that, if they provide data to US companies, or to global Internet companies that have links to the USA, use servers in the USA, or are otherwise subject to US FISA and other surveillance orders, their data will not be safe from arbitrary, intrusive surveillance by US agencies.  This is already proposed by senior EU officials and legislators in relation to the General Data Protection Regulation currently in the process of being adopted.  We endorse that proposal.

30.              New treaty arrangements on cooperation between national security agencies:  The post-WWII treaties and arrangements on “national security” and “intelligence” cooperation (including the definitions of these matters) are totally outdated.  We need a complete overhaul of the national and inter-State arrangements on “national security” and “intelligence” cooperation.  The old treaties  – UKUSA, 5EYES, NATO and others –  should be openly discussed and reviewed, and fundamentally changed to bring them into line with the international standards we have adduced.  Without that, we do not live in the free and democratic societies we are made to believe we live in.

– o – O – o –

EDRi and FREE are grateful to Professor Douwe Korff of London Metropolitan University for drafting this paper.


Rue Belliard 20, B-1040 Brussels,

Tel:+32 2 274 25 70



European Digital Rights (EDRi)


European Digital Rights is an association of 35 digital civil rights organisations from 21 European countries. We work together to defend civil rights in the information society.





11 Rue Darwin
1190 Bruxelles


The Fundamental Rights European Experts Group (FREE Group)


 The Fundamental Rights European Expert Group is an NGO whose focus is on monitoring, teaching and advocating in the European Union freedom security and justice related policies.


Attachment 1:


The case-law of the European Court of Human Rights under the European Convention on Human Rights (ECHR) shows the following considerations and requirements of European human rights law relating to surveillance:[4]

                 A system of secret surveillance for the protection of national security may undermine or even destroy democracy under the cloak of defending it.

                 The mere existence of legislation which allows a system for the secret monitoring of communications entails a threat of surveillance for all those to whom the legislation may be applied.

                 In view of these risks, there must be adequate and effective guarantees against abuse.

                 The first of these guarantees is that such systems must be set out in statute law, rather than in subsidiary rules, orders or manuals.  The rules must moreover be in a form which is open to public scrutiny and knowledge.  Secret, unpublished rules in this context are fundamentally contrary to the Rule of Law; surveillance on such a basis would ipso facto violate the Convention.

The following are the “minimum safeguards” that should be enshrined in such (published) statute law, and adhered to in practice:

·                the offences and activities in relation to which surveillance may be ordered should be spelled out in a clear and precise manner;

·                the law should clearly indicate which categories of people may be subjected to surveillance;

·                there must be strict limits on the duration of any ordered surveillance;

·                there must be strict procedures to be followed for ordering the examination, use and storage of the data obtained through surveillance;

·                there must be strong safeguards against abuse of surveillance powers, including strict purpose/use-limitations (e.g., preventing the too-easy disclosure of intelligence data for criminal law purposes) and strict limitations and rules on when data can be disclosed by NSAs to LEAs, etc.;

·                there must be strict rules on the destruction/erasure of surveillance data to prevent surveillance from remaining hidden after the fact;

·                persons who have been subjected to surveillance should be informed of this as soon as this is possible without endangering national security or criminal investigations, so that they can exercise their right to an effective remedy at least ex post facto; and

·                the bodies charged with supervising the use of surveillance powers should be independent and responsible to, and be appointed by, Parliament rather than the Executive.

Under the ECHR, these principles must be applied to anyone who is affected by surveillance measures taken by any Council of Europe Member State under domestic law.

In addition, European States have a “positive obligation” to protect their citizens from surveillance contrary to the above, perpetrated by any other State.  A fortiori, they are under a legal obligation not to actively support, participate or collude in such surveillance by a non-European State.

– o – O – o –

Attachment 2:


Attachment 1 above summarises the European Court of Human Rights’ standards set for “national security” surveillance.  Here, we briefly note that the same standards are also reflected in law and guidance issued at the global level by the United Nations, and by other international organisations, albeit not always in the same detail.

The primary instrument in this respect is the UN International Covenant on Civil and Political Rights (ICCPR or “the Covenant”), the most important binding global human rights treaty, to which all European States and the USA (indeed, almost all UN Member States) are parties.  It is applied and interpreted by the Human Rights Committee, which has issued important relevant guidance.

Further important guidance has been provided in the 1996 Johannesburg Principles on National Security, Freedom of Expression and Access to Information (drafted by Article 19 and other NGOs but endorsed by the UN Special Rapporteur on Freedom of Opinion and Expression) and more recently in statements and reports by that Special Rapporteur and special rapporteurs from other international organisations.  Also relevant is the guidance issued by the Organisation for Security and Co-operation in Europe (the OSCE), to which again all European countries and the USA (and Canada) are parties.

Here, it may suffice to note that all of these stress the same core principles as are stressed by the European Court of Human Rights:

                  –    “national security” must be defined narrowly (see the “Tenth Anniversary Joint Declaration” by the UN Special Rapporteur on Freedom of Opinion and Expression, together with the OSCE Representative on Freedom of the Media, the Organization of American States (OAS) Special Rapporteur on Freedom of Expression and the African Commission on Human and Peoples’ Rights (ACHPR) Special Rapporteur on Freedom of Expression and Access to Information; also the Johannesburg Principles, Principle 2(a) as well as Principle 1.2);

                   –   any interference with the freedom to seek, receive and impart information by any medium (including the Internet), including e-communications- and Internet surveillance, must be based on “law”, i.e., on clear and specific, published legal rules (and published legal interpretations of the rules):  an interference with privacy and communications can be “arbitrary” – and thus in breach of international human rights law, including the ICCPR –  even if it is in accordance with domestic law;

                    –  the law must limit any such the interference to what is “necessary” and “reasonable” or “proportionate”; and

                     – the law must provide for an “accessible and effective remedy” against the interference.

On all of the above, see General Comment 16 on Article 17 ICCPR, paras. 3 and 4; General Comment 31 on General Legal Obligations Imposed on States Parties to the Covenant, para. 15ff.;  and the reports by the Special Rapporteur passim).

                    –  the requirements of “law”, “necessity” and “proportionality” also apply in relation to measures taken to protect national security (Johannesburg Principles, Principles 1.1.(a) & (b), 2(a) & (b)).

Moreover, in assessing the questions of “necessity” and “proportionality” in particular, the Human Rights Committee and the UN Special Rapporteurs will take into account exactly the same kinds of factors as are listed in the case-law of the European Court of Human Rights.

Two related matters deserve special mention in the present context:  the application of international human rights law to the extraterritorial accessing (or “pulling”) of data from servers in another country;  and the duty to extend the rights enshrined in the ICCPR to all individuals without distinction as to nationality or other status.  Specifically:

                 Article 2(1) of the ICCPR requires all States Parties “to respect and to ensure to all individuals within its territory and subject to its jurisdiction the rights recognized in the present Covenant, without distinction of any kind, such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.

                 In the view of the Human Rights Committee:

This means that a State party must respect and ensure the rights laid down in the Covenant to anyone within the power or effective control of that State Party, even if not situated within the territory of the State Party. … [T]he enjoyment of Covenant rights is not limited to citizens of States Parties but must also be available to all individuals, regardless of nationality or statelessness, such as asylum seekers, refugees, migrant workers and other persons, who may find themselves in the territory or subject to the jurisdiction of the State Party. (General Comment 31, emphasis added)

                 Although the Committee has not yet issued any further views or general comments on the matter, it must be assumed that if a State gives itself legal powers to access (or “pull”) data on individuals, when those data are situated outside its physical territory, that State is “exercising jurisdiction” (to be specific: “enforcement jurisdiction”) extra-territorially, in the State where those data are located.  As noted in the body of this paper with reference to the Lotus case, if this happens without the consent of the other State, it violates the sovereignty of that other State.  Here, it should be noticed that that aside, such extra-territorial action by the first State would also mean that that State is asserting “jurisdiction” over those data.  In respect of their data, the individuals concerned are made to be “subject to [the State’s] jurisdiction”.

                 In any such extra-territorial cross-border accessing (or “pulling”) of data, the State in question must therefore comply with all the general requirements of the Covenant (clear, foreseeable “law”; “legitimate aim”, “necessity” and “proportionality”), and with the requirement of Article 2(1), that it affords the protection of Article 17 to the persons affected irrespective of their nationality or other status.

In sum:  The UN standards are fully concordant with the European ones set out in Attachment 1.

– o – O – o –

Attachment 3:


In the USA, communications data and personal information on US citizens (and on some minor categories of non-US citizens living in the USA) are in principle granted protection under the First and Fourth Amendments to the US Constitution, providing protection of free speech and freedom from unreasonable searches.


1.                  There is no general, cohesive, broadly-applicable federal privacy law.  Rather, there is only a largely incoherent and sectorally-based patchwork for federal and state laws, which provide serious privacy protection only in certain areas and respects. See: Chris Hoofnagle, Country Study on the USA, prepared for a wider EU study on New Challenges to Data Protection, at:

2.                  The Electronic Communications Privacy Act (ECPA) allows for the monitoring of communications “meta” data (data on the devices involved in the communications, time, duration, location, etc., but not the contents of communications) on the basis of a “pen register or trap and trace device” warrant, that will be issued on the basis of simple certification by a government attorney that such information is “relevant” to an “ongoing criminal investigation”; there is no need to show “probable cause”, and there is no meaningful judicial oversight. This is because in Smith v. Maryland, the Supreme Court ruled that use of a pen register does not constitute a search, and is thus not protected under the Fourth Amendment.  The surveillance carried out under ECPA, even on US citizens, is extensive and includes massive amounts of e-communications data.  For further details, see: Douwe Korff, Presentation on behalf of EDRi at the EU – USA Privacy Conference, Washington DC, 19 March 2012, available at:

3.                  The PATRIOT Act and FISA Acts allow even more extensive surveillance over US citizens.  Even on their face, the rules in these Acts fall far short of international-legal requirements.  However, the rules have been even further weakened, to the extent that they now reportedly provide hardly any constraint at all, even in respect of US citizens, in relation to national security and “foreign intelligence” matters, by means of secret rulings by the secretive FISA Court.  See: New York Times, 6 July 2013, In secret, court vastly broadens powers of NSA, at:

4.                  The constitutionality of these secret FISA Court rulings is doubtful, and they are being challenged in the US courts.  See: and  5.

                  In any case, and most worrying to Europeans, the First Amendment does not protect the relevant rights of non-US citizens not in the USA (so-called “excludable aliens”):  “[T]he interests in free speech and freedom of association of foreign nationals acting outside the borders, jurisdiction, and control of the United States do not fall within the interests protected by the First Amendment.”

(DKT Memorial Fund Ltd. v. Agency for Int’l Dev., 1989, quoted in Chevron Corporation v. Steven Donziger et al., U.S. District Judge Kaplan order of June 25, 2013).

6.                  Non-US citizens not resident in the USA similarly do not benefit from the protection of the Fourth Amendment, which does no apply if the person affected by a “search” does not have a “significant voluntary connection with the United States (US v. Verdugo-Urquidez, 1979).  Like the First Amendment, the Fourth Amendment only protect “the people”, i.e., US citizens and some eligible (US-resident) aliens.

7.                  Finally, the FISAA §1881a allows US agencies, including in particular the NSA, to capture and trawl through any data, including e-communications and Internet data, of or on any non-US citizen with essentially no constraints.  All that is required is that the capturing and trawling does not inadvertently relate for more than 50% to US citizens, and that the data that are being looked for are “of interest” to “foreign affairs matters” of the USA:  the exercise of these essentially arbitrary powers is not limited to serious offences or terrorism, or to threats to US (or US allies’) national security.  See the report by Caspar Bowden et al. to the European Parliament, Fighting Cybercrime and Protection Privacy in the Cloud, 2012, and the subsequent article by him and Judith Rauhofer, Protecting their own:  Fundamental rights implications for EU data sovereignty in the cloud, 2013, available at, respectively:

In sum:  The US Constitutional Amendments’ protections (as applied) and US Federal and State laws fall short of international standards.  Under ECPA and the PATRIOT and FISA Acts, as further weakened by the secret rulings of the FISA Court, even US citizens enjoy little protection against widespread and intrusive surveillance by US national security agencies in relation to over-broadly-defined “intelligence” matters, in particular in relation to “meta” communications data and Internet data.  In relation to US citizens, this may be unconstitutional.  But non-US citizens outside the USA enjoy not even the (already too low) protection accorded to US citizens:  they can effectively be spied upon arbitrarily, without any meaningful substantive or procedural limitations.  Moreover, the US surveillance activities under FISAA in particular do not appear to be limited to matters of “national security”, properly (restrictively) defined, for neither US citizens or non-US citizens.

– o – O – o –

[1]               Note that this is the case, even if the exercise of that jurisdiction would violate the sovereignty of another State, e.g., because it concerned data in another country (cf. the Lotus case, referred to in para. 7):  the fact that the act was contrary to international law of course does not mean that the State perpetrating the act is not bound by its human rights obligations; that would be perverse.  The point we make here is that in the circumstances described, the State is bound to comply with the European Convention on Human Rights, because the acts concerned are “within its jurisdiction”.  While generally territorial in nature, this concept also covers acts carried out by State bodies within their home country (or territories of the State overseas) under domestic legislation that affects individuals in other countries.

[2]               This is also the view of the vice-president of the European Commission, Viviane Reding, who issued a statement on 25 July 2013, saying:  “The [EU’s new General Data Protection Regulation] will also provide legal clarity on data transfers outside the EU: when third country authorities want to access the data of EU citizens outside their territory, they have to use a legal framework that involves judicial control. Asking the companies directly is illegal. This is public international law.” See: (emphasis added)

[3] The alliance of intelligence operations between the USA, UK, Australia, Canada and New Zealand.

[4]               See the cases of Klass v. Germany (Judgment of 6 September 1978), Weber and Saravia v. Germany (Admissibility Decision of 29 June 2006), Liberty and Others v. the UK (Judgment of 1 July 2008), and Kennedy v. the UK (Judgment of 18 May 2010).  See in particular the summaries in Weber and Saravia, paras. 93 – 95, and in Kennedy, paras. 151 – 154 (which quote Weber and Saravia, paras 93 – 95, thus reemphasising that the approach there summarised is now regarded as settled case-law).