by Lorna Woods, Professor of Media Law, University of Essex

When can freedom of expression online be curtailed? The recent judgment of the Grand Chamber of the European Court of Human Rights in Delfi v. Estonia has addressed this issue, in the particular context of comments made upon a news article. This ruling raises interesting questions of both human rights and EU law, and I will examine both in turn.

The Facts

Delfi is one of the largest news portals in Estonia. Readers may comment on the news story, although Delfi has a policy to limit unlawful content, and operates a filter as well as a notice and take down system. Delfi ran a story concerning ice bridges, accepted as well-balanced, which generated an above average number of responses. Some of these contained offensive material, including threats directed against an individual known as L.

Some weeks later L requested that some 20 comments be deleted and damages be paid. Delfi removed the offending comments the same day, but refused to pay damages. The matter then went to court and eventually L was awarded damages, though of a substantially smaller amount than L originally claimed. Delfi’s claim to be a neutral intermediary and therefore immune from liability under the EU’s e-Commerce Directiveregime was rejected. The news organisation brought the matter to the European Court of Human Rights and lost the case in a unanimous chamber decision. It then brought the matter before the Grand Chamber.


Europe and “Whistleblowers” : still a bumpy road…

by Claire Perinaud (FREE Group trainee) The 9th and the 10th of April was organized in Paris by the University Paris X Nanterre la Défense in collaboration with the University Paris I Sorbonne a Conference on «  whistleblowers and fundamental rights »[1] which echoed a rising debate on the figure of  wistleblowers  after the numerous revelations of scandals and corruption which occurred last years, with some of them directly linked to EU institutions. In the following lines I will try to sketch a) the general framework then b) the main issues raised during the Conference

A) The general framework 

The term « whistle-blower » was created by Ralph Nader in 1970 in the context of the need to ensure the defense of citizens from lobbies. He defined « whistle blowing » as « an act of a man or woman who, believing that the public interest overrides the interest of the organization he serves, blows the whistle that the organization is in corrupt, illegal, fraudulent or harmful activity »[2]. The interest of scholars and lawyers to the figure of whistle-blowers in the United States dates back to the adoption by the Congress in 1863 of the False claims act which is deemed to be the first legislation related to the right of alert[3].
The system which developed afterwards is notably based on the idea that whistle-blowing is a strong mechanism to fight corruption and has to be encouraged by means of financial incentives[4]. If this mechanism is of utmost importance in the United States, protection of whistle blowers is only slowly introduced in Europe[5]
With numerous scandals related to systemic violations of human rights, the subject is progressively dealt with in the European Union (EU) and in the Council of Europe. Nevertheless, in both organizations, the protection of whistleblowers remain at the stage of project or only recommendations to the states.

The Council of Europe… Continue reading “Europe and “Whistleblowers” : still a bumpy road…”

Do Facebook and the USA violate EU data protection law? The CJEU hearing in Schrems

Sunday, 29 March 2015
by Simon McGarr, solicitor at McGarr solicitors (*)

Last week, the CJEU held a hearing in the important case of Schrems v Data Protection Commissioner, which concerns a legal challenge brought by an Austrian law student to the transfers of his personal data to the USA by Facebook, on the grounds that his data would be subject to mass surveillance under US law, as revealed by Edward Snowden. His legal challenge was actually brought against the Irish data protection commissioner, who regulates such transfers pursuant to an agreement between the EU and the US known as the ‘Safe Harbour’ agreement. This agreement takes the form of a Decision of the European Commission made pursuant to the EU’s data protection Directive, which permits personal data to be transferred to the USA under certain conditions. He argued that the data protection authority has the obligation to suspend transfers due to breaches of data protection standards occurring in the USA. (For more detail on the background to the case, see the discussion of the original Irish judgment here).

The following summarises the arguments made at the hearing by the parties, including the intervening NGO Digital Rights Ireland, as well as several Member States, the European Parliament, the Commission and the European Data Protection Supervisor. It then sets out the question-and-answer session between the CJEU judges (and Advocate-General) and the parties. The next step in this important litigation will be the opinion of the Advocate-General, due June 24th.

Please note: these notes are presented for information purposes only. They are not an official record or a verbatim account of the hearing. They are based on rough contemporaneous notes and the arguments made at the hearing are paraphrased or compressed. Nothing here should be relied on for any legal or judicial purpose, and all the following is liable to transcription error.

Schrems v Data Protection Commissioner
Case C-362/14
M.V Skouris (president); M.K. Lenaerts (Vice President); M.A. Tizzano; Mme R. Silva de Lapuerta; M. T. Von Danwitz (Judge Rapporteur); M. S. Rodin; Mme K. Jurimae; M. A Rosas; M. E. Juhász; M. A. Borg Barthet; M. J. Malenovsky; M. D. Svaby; Mme M. Berger; M. F. Biltgen; M. C. Lycourgos; M. F. Biltgen
M. Y. Bot (Advocat General)

Max Schrems

Noel Travers SC for Mr. Schrems told the court that personal data in the US is subject to mass and indiscriminate mass surveillance. The DRI v Ireland case struck down the EU data retention directive, establishing a principle which applies a fortiori to this case. However, the court held that Data Retention did not affect the essence of the right under Article 8, as it concerned only metadata. The surveillance carried out in the US accesses the content of data as well as the metadata, and without judicial oversight. This interference is so serious that it does violate the essence of Article 8 rights, unlike the data retention directive. Mr. Travers held that the Safe Harbour decision is contrary to the Data Protection directive’s own stated purpose, and that it was accordingly invalid.
Answering the Court’s question as to whether the decision precludes an investigation by a Data Protection Authority (DPA) such as the Irish Data Protection Commissioner, he submitted that compliance with fundamental rights must be part of the implementation of any Directive. Accordingly, national authorities, when called upon in a complaint to investigate breaches must have the power to do so.
Article 25.6 of the data protection Directive allows for findings on adequacy regarding a third country “by reason of its domestic law or of the international commitments it has entered into”. The Safe Harbour Principles (SHPs) and FAQs are not a law or an international agreement under the meaning of the Vienna Convention. And the SHPs do not apply to US public bodies. The Safe Harbour Principles are set out in an annex to a Commission Decision, but that annex is subject to US courts for interpretation and for compliance. Where there is a requirement for compliance with law, it is with US law, not EU law.

Irish Data Protection Commissioner

For the Data Protection Commissioner, Mr. Paul Anthony McDermott said that with power must come limitations. All national regulators are firstly bound by domestic law. The Data Protection Commissioner is also bound by the Irish Constitutional division of powers. She cannot strike down laws, Directives or a Decision.
Mr. Schrems wanted to debate Safe Harbour in a general way- it wasn’t alleged then that Facebook was in breach of safe harbour or that his data was in danger. The Irish High Court had a limited Judicial Review challenge in front of it. Mr. Schrems didn’t challenge Safe Harbour, or the State, or EU law directly, and the Irish High Court declined the application by Digital Right Ireland to refer the validity of the Safe Harbour Decision to Luxembourg. Mr. McDermott asked the court to respect the parameters of the case.
Europe has decided to deal with the transfer of data to the US at a European level. The purpose of the Safe Harbour agreement is to reach a negotiated compromise. The words “negotiate”, “adapt” and “review” appear in the Decision. It is clear therefore that a degree of compromise is envisaged. Such matters are not to be dealt with in a court but, as they involve both legal and political issues, by diplomacy and realpolitik.
The Data Protection Commissioner can have regard to the EU Charter of Fundamental Rights when she’s balancing matters but it doesn’t trump everything. It doesn’t allow her to ignore domestic law or European law, Mr. McDermott concluded. Continue reading “Do Facebook and the USA violate EU data protection law? The CJEU hearing in Schrems”



By Sabine Jacques

In mid-January, Julia Reda (Pirate Party MEP) communicated a draft of her report on the implementation of the Information Society Directive (‘InfoSoc Directive) 2001/29/EC (it’s lengthy, but a summary can be found here). Described as ‘the most progressive official EU document on copyright since the first cat picture was published on the web’, but also as being ‘surprisingly extreme’ and even being ‘inacceptable, this report attracted widespread interest and statements of support from different digital rights organisations.

While the report rightly urges for an ever-increasing ‘internet-friendly copyright law’, the report might have gone too far in relation to parodies. Article 5.3(k) of the InfoSoc Directive currently provides the possibility for EU Member States to introduce a parody exception for the purposes of parody, pastiche and caricature to the exclusive right of reproduction in their national copyright laws (this opportunity was seized by the UK which now includes a parody exception in section 30A CDPA). This provision was interpreted by the Court of Justice of the European Union in the Deckmyn case, guiding national courts in their application of the exception to particular facts (for comments on this decision see here and the AG’s opinion see here).

At 17 on page 6 of the report, Julia Reda suggests ‘that the exception for caricature, parody and pastiche should apply regardless of the purpose of the parodic use’. Without further explanations, such a broad exception raises concerns.

The parody exception is an exception to the right-holder’s exclusive right of reproduction. As such, international treaties subject it to the application of the three-step test (Berne Convention art. 9(2), TRIPS Agreement arts. 9(1) and 13; and, WCT arts. 1(4) and 10). This test requires any exceptions in national legislation to be limited to ‘certain special cases, provided that such reproduction does not conflict with a normal exploitation of the work and does not unreasonably prejudice the legitimate interests of the author’. The French authorities’ response appropriately expresses concerns that a parody exception applicable outside any purpose of parody is unlikely to meet the first step of ‘certain special cases’. As this requirement means that a shapeless provision exempting broad series of uses should not be tolerable and reflects the need for legislators to reconcile opposing interests.

The exception for the purpose of parody, caricature or pastiche aims to provide the possibility for parodists to copy copyrighted works in limited circumstances. The current parody exception is the result of a compromise in light of the objectives underlying the exception. The issue opposes the interests of right-holders (who are entitled to be rewarded for their creation) against the interest of the users (who need to reproduce prior works to create the new work). Removing its purpose is likely to amount to a shapeless exception rebuffed by international obligations.

Yet, La Quadrature du Net interprets Julia Reda’s proposal as: ‘to admit the parody exception for non-humorous creations’. If this is her aim, this could be achieved through the current wording of the exception for the purpose of parody.

The Court of Justice of the European Union has defined ‘parody’ through its requirements in Deckmyn. At para 20, the Court notes that a parody needs: ‘to evoke an existing work while being noticeably different from it, and, secondly, to constitute an expression of humour or mockery’.

The expression of humour or mockery does not exclude the expression of criticisms. By requiring the parodist to have a humorous intent, it is suggested that a broad interpretation should prevail as to include playful, homage or serious expressions (a glimpse at French case law which knows a long history of the application of the parody exception shows evidence of serious expressions and the inclusion of satire). The limit being that the expression should refrain from being prejudicial to the person of the author or his work(s). The failure to meet this requirement enables the right-holder to enforce his or her moral rights (especially the integrity right). Additionally, where an individual is defamed, this person can bring an action under defamation law.

Also, the primary justification to the introduction of a parody exception is to facilitate the exercise of one’s freedom of expression. While freedom of expression is already considered in the current InfoSoc Directive (Recital 3 reads: ‘The proposed harmonisation will help to implement the four freedoms of the internal market and relates to compliance with the fundamental principles of law and especially of property, including intellectual property, and freedom of expression and the public interest.’) and the interpretation of the parody exception in Deckmyn (at para 25), the report (recitals C and D) confirms the importance of the relationship between copyright and related rights and freedom of expression both protected under the Charter of Fundamental Rights of the European Union (respectively enshrined in article 17(2) and 11).

Yet, the concerns expressed by Julia Reda concerning the likelihood of achieving harmonisation of the exceptions throughout the EU territory under the current InfoSoc Directive (at 10) are shared. Additionally, her wish to make copyright exceptions mandatory is welcomed (at 11) and would certainly contribute to the objective of harmonisation desired.

To conclude, it must be reminded that this report is merely a draft. This one will now be handed over to the Legal Affairs Committee and to the Internal Market and Culture committees. Overall, the report makes important proposals but there is still room for improvement. Against this backdrop, care must be taken regarding the details of each provision such as for the parody exception to ensure that the impact of the exception applicable outside parody uses does not disrupt the balance desired between the interests of right-holders and parodists.

D. KORFF : The rule of law on the Internet and in the wider digital world

NB This is the executive summary of an issue paper prepared by Professor Douwe Korff, Visiting Fellow, Yale University (Information Society Project), and Oxford Martin Associate, Oxford Martin School, University of Oxford, UK for the Council of Europe Commissioner for fundamental rights. (Douwe Korff is also member of FREE Group) 


Executive summary

This issue paper addresses a pressing question: how can we ensure that the rule of law is established and maintained on the Internet and in the wider digital world? Section 1 describes the range of online activities and the threats to this environment; section 2 discusses the emerging “Internet governance” principles, and notes the special control exercised over the digital world by the USA (and the UK, in respect of Europe), which could lead to fragmentation of the Internet in response. Section 3 sketches the international standards of the rule of law, and some problems in the application of law in this new environment. Section 4 looks in some more detail at the main issues emerging from the earlier sections – freedom of expression, privatised law enforcement, data protection, cybercrime and national security – and discusses the delicate balances that need to be struck. The Council of Europe Commissioner for Human Rights has formulated a number of recommendations on the basis of the issues raised by this issue paper; these are set out after this executive summary.

A new environment for human activities

We live in a global digital environment that has created new means for local, regional and global activities, including new types of political activism, cultural exchanges and the exercise of human rights. These activities are not virtual in the sense of “not truly real”. On the contrary, they are an essential part of real citizens’ lives. Restrictions on access to the Internet and digital media, and attempts to monitor our online activities or e-communications, interfere with our fundamental rights to freedom of expression and information, freedom of association, privacy and private life (and possibly other rights such as freedom of religion and belief, or the right to a fair trial).

The new global digital environment of course also creates a new space for unlawful behaviour: for the dissemination of hate speech or child pornography, incitement to violence, breaches of copyright (“piracy”), fraud, identity theft, money laundering and attacks on the e-communications infrastructure itself through malware (such as Trojans and worms) or “denial of service” attacks. Cybercrime and cybersecurity have become major concerns. These threats are increasingly transnational, and there is a broad international consensus on the need to deal with cybercrime, cybersecurity and terrorism, but there is much less agreement on specifics – or even what constitutes a threat.

Four issues stand out. First, state actions aiming to counter cybercrime, threats to cybersecurity and threats to national security are increasingly intertwined; the boundaries between such activities are blurred, and the institutions and agencies dealing with them work more closely together. Second, states are now co-ordinating their actions in all these regards. Third, the work of national security and intelligence agencies increasingly depends on monitoring the activities of individuals and groups in the digital environment. Fourth, instead of ex post facto law enforcement, the emphasis is now on intelligence and prevention, with law-enforcement agencies using techniques – and technologies – previously reserved for secret services.

The nature of the digital environment Dangerous data

In an age of “Big Data” (when data on our actions are shared and/or exploited in aggregate form) and the “Internet of Things” (when more and more physical objects – things – are communicating over the Internet), it is becoming difficult to ensure true anonymisation: the more data are available, the easier it becomes to identify a person. Moreover, the mining of Big Data, in ever more sophisticated ways, leads to the creation of profiles. Although these profiles are used to spot rare phenomena (e.g. to find a terrorist in a large set of data, such as airlines’ passenger name records), they are unreliable and can unwittingly lead to discrimination on grounds of race, gender, religion or nationality. These profiles are constituted in such complex ways that the decisions based on them can be effectively unchallengeable: even those implementing the decisions do not fully comprehend the underlying reasoning. The digital environment can by its very nature erode privacy and other fundamental rights, and undermine accountable decision making. There is enormous potential for undermining the rule of law – by weakening or destroying privacy rights, restricting freedom of communication or freedom of association – and for arbitrary interference.

Global and private, but not in the sky

Because of the open nature of the Internet (which is its greatest strength), any end point on the network can communicate with virtually any other end point, following whatever route is calculated as being most efficient, the data flowing through all sorts of switches, routers and cables: the Internet’s physical infrastructure. The electronic communications system is transnational, indeed global, by its very nature; and its infrastructure is physical and located in real places, in spite of talk of a Cloud. At the moment, many of these physical components are in the USA and many of them are managed and controlled by private entities, not by governmental ones.

The main infrastructure for the Internet consists of high-capacity fibre-optic cables running under the world’s oceans and seas, and associated land-based cables and routers. The most important cables for Europe are those that run from continental Europe to the UK, and from there under the Atlantic to the USA. Given the dominance of the Internet and of the Cloud by US companies, these cables carry a large proportion of all Internet traffic and Internet-based communication data, including almost all data to and from Europe.

Who is in control? Internet governance

Important Internet governance principles have been put forward, by the Council of Europe and others, that stress the need to apply public international law and international human rights law equally online and offline, and to respect the rule of law and democracy on the Internet. These principles recognise and promote the multiple stakeholders in Internet governance and urge all public and private actors to uphold human rights in all their operations and activities, including the design of new technologies, services and applications. And they call on states to respect the sovereignty of other nations, and to refrain from actions that would harm persons or entities outside their territorial jurisdiction.

However, these principles still remain largely declaratory and aspirational: there is still a deficiency in actual Internet governance arrangements that can be relied on to ensure the application of these principles in practice. Also, Internet governance must take account of the fact that – partly because of its corporate dominance, and partly because of historical arrangements – the USA has more control over the Internet than any other state (or even all other states combined). Together with its close partner, the UK, it has access to most of the Internet infrastructure.

The former US National Security Agency contractor Edward Snowden has revealed that the USA and the UK are using this control and access to conduct mass surveillance of the Internet and of global electronic communications systems and social networks. There are fears that states may respond to the Snowden revelations by fragmentation of the Internet, with countries or regions insisting that their data are routed solely through local routers and cables, and stored in local clouds. This risks destroying the Internet as we know it, by creating national barriers to a global network. Unless the USA improves compliance with international human rights standards in its activities that affect the Internet and global communication systems, the movement towards such a truncated Internet will be difficult to stop.

Private-sector control

Much of the infrastructure of the Internet and the wider digital environment is in the hands of private entities, many of them US corporations. This is problematic because companies are not directly bound by international human rights law – that directly applies only to states and governments – and it is more difficult to obtain redress against such companies.

In addition, private entities are subject to the national laws of the countries where they are established or active – and those laws do not always conform to international law or international human rights standards: they may impose restrictions on activities on the Internet (typically, on freedom of expression) that violate international human rights law; or they may impose or allow interference, such as surveillance of Internet activity or e-communications, that is contrary to international human rights law; and such actions may be applied extraterritorially, in violation of the sovereignty of other states.

The application of national law to the activities of private entities controlling (significant parts of) the digital world is extremely complex and delicate. Of course states have a right, and indeed a duty, to counter criminal activity that uses the Internet or e-communication systems. In this, they naturally enlist the help of relevant private actors. Responsible companies will also want to avoid their products and services being used for criminal purposes. Nonetheless, in such circumstances, states should in their actions both fully comply with their international human rights commitments and fully respect the sovereignty of other states. In particular, states should not circumvent constitutional or international law obligations by encouraging restrictions on human rights through “voluntary” actions by intermediaries; and companies, too, should respect the human rights of individuals.

The rule of law in the digital environment

The rule of law

The rule of law is a principle of governance by which all persons, institutions and entities, public and private, including the state itself, are accountable to laws that are publicly promulgated, equally enforced, independently adjudicated and consistent with international human rights norms and standards. It entails adherence to the principles of supremacy of law, equality before the law, accountability to the law, fairness in applying the law, separation of powers, participation in decision making, legal certainty, avoidance of arbitrariness and procedural and legal transparency.

The basic “rule of law” tests developed by the European Court of Human Rights

The European Court of Human Rights has developed elaborate “rule of law” tests in its case law, and these have also been adopted by other international human rights bodies. To pass these tests, all restrictions on fundamental rights must be based on clear, precise, accessible and foreseeable legal rules, and must serve clearly legitimate aims; they must be “necessary” and “proportionate” to the relevant legitimate aim (within a certain “margin of appreciation”); and there must be an “effective [preferably judicial] remedy” against alleged violations of these requirements.

“Everyone”, without discrimination

It is one of the hallmarks of international human rights law since 1945, and one of its greatest achievements, that human rights must be accorded to “everyone”, to all human beings: they are humans’ rights, not just citizens’ rights. Thus, subject to very limited exceptions, all laws, of all states, affecting or interfering with human rights must be applied to “everyone”, without discrimination “of any kind”, including discrimination on grounds of residence or nationality.

Because of the unique place of the USA and US companies in the functioning of the Internet, the constitutional and corporate legal framework in the USA is of particular importance. However, in contrast to the above-mentioned principle of international human rights law, many of the human rights guarantees in the US Constitution and in various US laws relating to the digital environment apply only to US citizens and non-US citizens residing in the USA (“US persons”). Only “US persons” benefit from the First Amendment, covering free speech and freedom of association; the Fourth Amendment, protecting US citizens from “unreasonable searches”; and most of the (limited) protections against excessive surveillance provided by the main pieces of legislation on national security and intelligence (FISA Amendment and Patriot Acts).

“Within [a contracting state’s] [territory and] jurisdiction”

The duty of states to comply with their responsibilities under international human rights law also when acting extraterritorially The main international human rights treaties, including the International Covenant on Civil and Political Rights (ICCPR) and the European Convention on Human Rights (ECHR), oblige states to “ensure” or “secure” the human rights laid down in those treaties to “everyone subject to their jurisdiction” (or “within their jurisdiction”). This requirement is increasingly given a functional rather than a territorial meaning – as has recently been reaffirmed by the Human Rights Committee and the European Court of Human Rights. In other words, each state must ensure or secure these rights to anyone under its physical control or whose rights are affected by its (or its agencies’) actions.

Thus, states must comply with their international human rights obligations in any action they take that may affect the human rights of individuals – even when they act extraterritorially, or take actions that have extraterritorial effect. This obligation has specific consequences for data – what the digital world is made of – and especially for personal data, as is recognised by European data-protection law, which protects all individuals whose data are processed by European controllers, irrespective of their place of residence, nationality or other status. However, the USA formally rejects this application of international human rights law. In view of the predominance of the USA (and of US corporations that are subject to that country’s jurisdiction) in the digital environment, this poses a serious threat to the rule of law in that new environment.  Continue reading “D. KORFF : The rule of law on the Internet and in the wider digital world”

H.LABAYLE, R.MEHDI : Terrorisme : le jour d’après

Original Published HERE

<strong>par Henri Labayle et Rostane Mehdi</strong>

The day after
Beyond disgust and emotion, the tragic events that which took place in Paris on 7 January 2014 lead us to think about the place of law in our contemporary societies. One can only be shocked by the inability of the latest to tackle the increasing number of murders driven by fanatism and religious obscurantism.
What strikes in the attack of CharlieHebdo is the position of the victims; journalists, satirical cartoonists and the policemen who were in charge of protecting them. Yet, according to the ECtHR formula the murder aimed at killing the “public watchdog of the democracy” . Who will protect us from hated and intolerant speech tomorrow?
The events that which arose in Paris are unfortunately only exceptional because of their extent. For 25 years, Salman Rushdie has been frightened by those who condemned him.
For almost 10 years, Danish cartoonists from the Jyllands-Posten have been placed under the police protection.
We need to think about it. If we need to talk about a “civilisation war”, it can’t be a religious one or a mere irreducible opposition between Occident and Islam. If there is a war, it can only be a fight for the Rule of law.
The answer to those events is the criminal law so as to reduce the killers to what they are and what they have never ceased to be: criminals. To read things from another prospective would be to acknowledge acknowledging that the fight they intend to conduct can be qualified as such. But it cannot because it is only a crime.
Yet, the collapse of the Rule of law is obvious as it is unable to provide for an efficient answer to the terrorist threat. What strikes the observer of the area of Freedom Security and Justice is indeed the growing number of those criminal actions and the difficulties faced by democratic societies to overcome them.)


Les assassinats commis au journal Charlie Hebdo ne nous sont pas étrangers. Ni le citoyen, ni le juriste, ni l’observateur des développements de l’Espace de liberté, sécurité et de justice ne peuvent y être indifférents. Ils nous invitent, par delà le dégoût et l’émotion, à réfléchir aux grands équilibres de nos sociétés contemporaines et à la place que le droit peut y tenir.

On ne peut qu’être surpris et anéantis devant le spectacle, au XXI° siècle, d’une société occidentale incapable d’interrompre la chronique inexorable de meurtres annoncés par le fanatisme et l’obscurantisme religieux, chaînon supplémentaire à l’abomination quotidienne qui ensanglante le Proche Orient.

Ce qui frappe ici d’abord et nous touche au plus profond, sont les victimes. Journalistes, caricaturistes, policiers les protégeant sont tombés sous les balles de criminels ayant juré leur perte en raison de caricatures jugées offensantes pour la religion musulmane. Aussi, par delà les débats de principe relatifs à la liberté de la presse et à la liberté d’opinion, il est bon, peut-être de rappeler aujourd’hui ce qu’en dit la Cour européenne des droits de l’Homme, dans une formule magnifique : la presse est le « chien de garde de la démocratie » (CEDH, 25 juin 1992, Thorgeir Thorgeirson c. Islande, req. n° 13778/88).

Le meurtre de la rédaction de Charlie Hebdo n’est autre que celui des chiens de garde de nos démocraties. Il nous renvoie à cette interrogation simple : qui nous protégera, demain, des discours de haine et d’intolérance qui ont armé le bras des assassins ?

A la condamnation de ceux là, la Cour européenne des droits de l’Homme participe aussi lorsqu’elle affirme haut et clair que « la tolérance et le respect de l’égale dignité de tous les êtres humains constituent le fondement d’une société démocratique et pluraliste. Il en résulte qu’en principe on peut juger nécessaire, dans les sociétés démocratiques, de sanctionner voire de prévenir toutes les formes d’expression qui propagent, incitent à, promeuvent ou justifient la haine fondée sur l’intolérance (y compris l’intolérance religieuse), si l’on veille à ce que les « formalités », « conditions », « restrictions » ou « sanctions » imposées soient proportionnées au but légitime poursuivi » (CEDH, 2 juillet 2006, Erbakan c. Turquie, req. 59405/00).

C’est bien ainsi qu’il nous faut percevoir les évènements parisiens d’hier, qui ne sont exceptionnels malheureusement que par leur ampleur.


Voici près d’un quart de siècle que Salman Rushdie est poursuivi par la vindicte imbécile de ceux qui l’avaient condamné, que son traducteur japonais puis son éditeur ont été victimes de leur proximité avec l’auteur des Versets sataniques. Voici près de dix ans que les dessinateurs danois du Jyllands-Posten, pour des faits exactement similaires à ceux reprochés à Charlie Hebdo, sont placés sous protection policière.

Y réfléchir est nécessaire. A l’instar de l’historicisme, l’approche consistant à faire de la culture le fondement exclusif du droit mène peu ou prou au relativisme. Or, la ligne suivie par les islamistes est bien celle-là : dans le domaine des droits de l’homme les particularités spirituelles ou culturelles y légitiment, en le systématisant, le rejet de principes généralement considérés comme universels. Dans cette perspective, les droits fondamentaux plongent leurs racines « dans la conviction que Dieu, et Dieu seul, est l’Auteur de la Loi et Source de tous les droits de l’homme » (Introduction, al. 2, Déclaration islamique universelle des droits de l’homme).

Se dessinent ainsi les contours d’un univers dans lequel l’homme n’est pas détenteur de prérogatives inhérentes à sa nature mais redevable à une volonté divine dont tout procède. La prégnance des préceptes religieux est ici absolue, car ils étalonnent (en réalité, ils vident de leur substance) tous les droits et libertés énoncés. Ainsi, même lorsqu’il est expressément reconnu, le droit à la liberté religieuse et donc par extension les droits qui en dérivent ne peuvent s’exercer que dans les limites imposées par la Loi de Dieu (Article 13 de la DIUDH qui doit être lu à la lumière des dispositions de l’article 2). Pour les islamistes, l’attribution de droits s’effectue exclusivement par référence à une appartenance religieuse et selon un raisonnement substantiellement discriminatoire. En effet, toute cette construction repose sur l’idée centrale que les hommes devront être distingués sur la base de leur religion et soumis de ce fait même à des régimes que l’on sait différenciés.

Cette démarche vise à rompre avec un unanimisme factice (du moins au yeux des islamistes), le but recherché étant d’assurer l’intégrité d’un système de valeurs définitivement inconciliables avec les prescriptions universelles notamment en ce qu’elles concernent les droits de la femme, la liberté de conscience ou les peines pénales cruelles et inhumaines. Elle revient à dénier toute pertinence au prolongement moderne le plus remarquable de ces philosophies humanistes en vertu desquelles le respect des droits de l’homme ne résulte que des exigences de la raison humaine.

Par delà les discours convenus et les tentatives de récupération politique auxquels, déjà, la société médiatique se prête, une réflexion s’impose alors quant à la « guerre » de civilisation à laquelle Régis Debray se référait aujourd’hui, sur France Culture. Elle est tout sauf une guerre de religions comme d’aucuns s’empressent de nous le suggérer, un affrontement entre l’Occident et l’Islam, une opposition de nature complaisamment mise en scène par des amateurs de lumière médiatique.

S’il faut employer un vocabulaire belliciste, mieux vaut être conscient de sa portée tant l’utilisation de ces postures a conduit loin, trop loin, outre-Atlantique comme la publication expurgée d’un rapport de la CIA par le Sénat américain le mois dernier en atteste. Si guerre il y a, elle est tout simplement une guerre entre l’Etat de droit et l’Etat de non-droit.


La réponse par le droit est donc la seule qui vaille, et par un droit pénal ramenant les coupables à ce qu’ils sont et non jamais cessé d’être : des criminels. Parler autrement serait reconnaître que le combat qu’ils prétendent mener en est un. Il n’est que crime. Il est d’ailleurs vraisemblable que les brillantes analyses visant à leur prêter une stratégie réfléchie et le projet d’opposer les communautés n’est qu’illusion. Animés de leur volonté de vengeance et sûrs de leur bon droit, ils n’ont sans doute voulu qu’une seule chose : punir et tuer. Qu’en revanche, en amont, le conditionnement des esprits et, en aval, la réalisation du crime aient nécessité l’appui d’une organisation va de soi.
Or la faillite du droit est ici manifeste.
Empilant les législations d’exception les unes sur les autres, sans grands états d’âme du législateur, l’Etat de droit n’apporte aujourd’hui aucune réponse véritablement efficace à la menace, la criminalité terroriste empruntant des formes et des calendriers auxquels l’action policière peine à s’adapter, faute de moyens parfois et parce que les limites du droit l’imposent, souvent.
En l’espèce, la rapidité de la réponse policière ne masquera pas longtemps qu’elle n’est que réaction, qui plus est à propos de Pieds Nickelés de l’horreur oubliant leur carte d’identité dans leur véhicule. Là encore les polémiques habituelles s’en nourriront. Pourtant, en démocratie, c’est ainsi que la loi le commande et c’est bien là que les difficultés se multiplient, en France et en Europe.
Car ce qui frappe, dans l’observation de l’Espace de liberté, sécurité et justice, est bien la généralisation de cette forme d’action criminelle et la difficulté des Etats démocratiques à y répondre. Rapidement classée dans nos esprits au rang des faits divers, la tuerie aveugle du Musée juif de Bruxelles doit davantage l’arrestation de son auteur au hasard qu’à l’efficacité de la loi pénale et ce, après que l’affaire Merah ait pourtant frappé les esprits et provoqué des remises en question.
C’est dire qu’agir en amont est essentiel en la matière, ce dont l’Union européenne a pris conscience au cours de l’année 2014, suivant en cela l’impulsion du Coordinateur de la lutte anti-terroriste. Outre l’identification et le suivi des individus concernés, le stockage des données les concernant, la prévention et la lutte contre la radicalisation terroriste sont ainsi devenus des priorités, en lien avec le dossier des djihadistes européens partant combattre au Proche Orient. Merah, Nemmouche et peut être l’un des suspects du carnage de Charlie Hebdo n’en faisaient-ils pas partie ?
Ainsi, la guerre des idées est venue progressivement s’imposer à l’esprit d’une société qui était largement restée indifférente à cette dimension particulière.
Car c’est vraisemblablement là qu’est le nœud du problème.
Dans une société européenne largement sécularisée où parfois, comme en France, la laïcité est érigée en principe commandant la neutralité de la chose publique, l’irruption du fait religieux n’a pas été perçue à sa juste mesure, en particulier mais pas seulement à propos de l’Islam.
Religion d’implantation relativement nouvelle en France, sinon en Europe, son insertion et son adaptation à la société occidentale n’ont fait l’objet d’aucune attention particulière, d’aucun accompagnement, d’aucune pédagogie réciproque.

Permettant que soit mis l’accent sur ce qui singularise et sépare et non sur ce qui rassemble le corps social, la démocratie libérale a ainsi autorisé sans s’en rendre compte que la place publique devienne le siège de débats récurrents, de la burka aux menus des cantines en passant par les prières de rue, dont les solutions en forme de compromis ont donné à chacun le sentiment qu’il en était le perdant. Confessionnalisation des principes et communautarisation des démarches n’ont sans doute pas suscité l’attention méritée, fait mesurer les risques encourus.

A cette incapacité à dégager des lignes claires de vie en commun s’est ajoutée le spectacle d’un théâtre extérieur où la multiplication des interventions occidentales au Proche Orient puis en Afrique subsaharienne a fini par donner l’impression d’une planification organisée.
L’irrationnel et le fanatisme ont alors enclenché le processus de victimisation et de vengeance. Il conduit à la journée d’hier tandis que l’instrumentalisation de cette violence, de part et d’autre, ouvre le risque de voir se creuser les fossés.

Edgar Morin l’écrit très bien dans le Monde de ce jour : « la pensée réductrice triomphe. Non seulement les fanatiques meurtriers croient combattre les croisés et leurs alliés les juifs (que les croisés massacraient), mais les islamophobes réduisent l’arabe à sa supposée croyance, l’islam, réduisent l’islamique en islamiste, l’islamiste en intégriste, l’intégriste en terroriste».

Lutter contre cette réduction demande donc de changer de logiciel. N’est pas Saint Just qui veut pour réclamer « pas de liberté pour les ennemis de la liberté » mais là est bien l’interrogation qui va dominer le débat politique dans les jours qui viennent.


Original published HERE

By Professor Steve PEERS

Thursday, 8 January 2015

In the wake of the appalling attacks in Paris two days ago, it only took 24 hours for the EU Commission to state that it would propose a new wave of EU anti-terrorist measures in a month’s time. It’s not yet known what the content of this law will be; but the very idea of new legislation is a profound mistake.

Of course, it was right for the EU institutions to express sympathy for the victims of the attack, and solidarity as regards defence of free speech. Equally, it would not be problematic to use existing EU anti-terrorism laws if necessary, in order (for instance) to surrender the suspects in this crime on the basis of a European Arrest Warrant (EAW), in the event that they fled to another Member State.

The question is whether the EU needs more such laws.

For the EU has already reacted to prior terrorism offences, first as regards 9/11 and then to the atrocities in Madrid and London in 2004 and 2005.

The result is a huge body of anti-terrorism law, catalogued here by the SECILE project. This comprises not only measures specifically concerning terrorism (such as substantive criminal law measures, adopted in 2002 and amended in 2008), but many other measures which make it easier to cooperate as regards terrorism as well as other criminal offences, such as the EAW, the laws on exchange of police information and transmission of evidence across borders, and so on.

Moreover, there are proposals already under discussion which would apply to terrorism issues (among others), such as a new law on Europol, the EU’s police intelligence agency (discussed here), and proposed EU legislation on the transfer of airlines’ passenger name records (PNR).

So what new laws is the Commission likely to propose? It may suggest a new version of the data retention Directive, the previous version of which was struck down by the Court of Justice of the European Union (CJEU) last spring, in the Digital Rights judgment (discussed here). Other ideas under discussion, according to leaked documents (see here and here) are new laws strengthening mandatory checks at borders .

Are any of these laws really necessary? Member States can already adopt laws on retention of communications data, pursuant to the EU’s e-privacy directive.

As the European Parliament’s legal service has confirmed (see its advice here), if Member States adopt such measures, they will be subject to the constraints of the Digital Rights judgment, which bans mass surveillance carried out in the absence of safeguards to protect privacy. Equally, Member States are free to establish their own PNR systems, in the absence of any EU-wide measure (besides EU treaties with the USA, Canada and Australia on PNR). The question of whether mass surveillance is as such compatible with human rights has already been sent to the CJEU by the European Parliament, which has asked the Court to rule on this issue in the context of the EU/Canada PNR treaty (see discussion here).

It would be possible to adopt new laws calling for systematic border checks in specific cases. In practice, this would likely mean checks on Muslims who are returning after travel to places like Syria. It is questionable whether asking detailed further questions at the external borders will, by itself, really do a lot to prevent terrorism. After all, in the Paris attacks, it unfortunately proved impossible to prevent an apparent terrorist attack despite extensive anti-terrorist legislation on the books, and bodyguards protecting the staff of a known terrorist target.

There’s also a question of principle here.

The Paris attacks were directed at free speech: the foundation of liberal democracy. Of course efforts should be stepped up to prevent such attacks from happening again; but existing laws allow for targeted intelligence gathering and sharing already, The Commission’s immediate response reeks of panic. And the direct attack on fundamental democratic principles this week in Paris is precisely the wrong context to consider that new legislation curtailing other fundamental freedoms is limited.

National security and secret evidence in legislation and before the courts: exploring the challenges

Visit the European Parliament’s Studies website:

This Study examines the way in which justice systems across a selection of EU Member States use and rely on intelligence information that is kept secret and not disclosed to the defendants and judicial authorities in the name of national security.
It analyses the laws and practices in place from the perspective of their multifaceted impact on the EU Charter of Fundamental Rights (in particular its provisions related to the rights of the defence and freedom of information and expression), as well as on wider ‘rule of law’ principles. The analysis is based on a comparative study of the legal regimes, interpretations by domestic and European tribunals as well as key developments and contemporary practices concerning the use of intelligence information as ‘evidence’ and the classification of information as ‘state secrets’ during trials in the name of ‘national security’ in the following seven EU Member States (EUMS): the United Kingdom, France, Germany, Spain, Italy, the Netherlands and Sweden.

The examination has highlighted a number of key research findings.

It first shows a wide variety of national legal systems and judicial practices embedded in domestic historical, political and constitutional trajectories characterising each Member State jurisdiction (see Section 1 of the Study and Annex 5 with detailed Country Fiches).
The United Kingdom and the Netherlands are the only two Member States examined with official legislation allowing for the formal use of classified intelligence information in judicial proceedings. The United Kingdom constitutes an ‘exception’ in the broader EU landscape due to the existence of the much-contested ‘Closed Material Procedures’ (CMPs) – secret court hearings where only the judge and security-cleared special advocates are given access to sensitive intelligence material. The Netherlands operates a system of ‘shielded witnesses’ in courts, allowing intelligence officials to be heard before a special examining magistrate (Sections 1.1. and 1.2 of this Study). Other EUMS analysed (Germany, Spain and Sweden) present indirect judicial practices in which certain evidence may be hidden from a party during trials under a number of conditions (Section 1.3).

Nevertheless, the Study demonstrates that secret evidence is not always legal evidence. In countries such as Germany, Italy or Spain the rights of the defence and the right to a fair trial cannot be ‘balanced’ against national security or state interests as this would directly contravene their respective constitutional frameworks (Section 1.4).

Yet, all EUMS under examination face a number of challenges as regards the difficult and often controversial declassification or disclosure of intelligence materials, which too often lacks proper independent judicial oversight and allows for a disproportionate margin of appreciation by state authorities (Section 1.5 of this Study).

Another issue resulting from the comparative investigation relates to the fuzziness and legal uncertainties inherent to the very term ‘national security’ (as evidenced in Section 1.6 and Annex 3).
While this notion is quite regularly part of political and legal debates in EU and national arenas, the Study reveals that a proper definition of what national security actually means is lacking across a majority of EUMS under investigation.
The few definitional features that appear in EUMS’ legal regimes and doctrinal practices fail to meet legal certainty and ‘rule of law’ standards, such as the “in accordance with the law” test (see below). This too often leads to a disproportionate degree of appreciation for the executive and over-protection from independent judicial oversight, which is further exacerbated in a context where some EUMS have bilateral systems of mutual respect of state secrets with third countries such as the US.
Moreover, the disparities and heterogeneous legal protection regimes among EUMS also mean that EU citizens who are suspects in judicial procedures are protected differently or to divergent degrees across the EU. There are variable ‘areas of justice’ in the EU when it comes to the rights of defence of suspects in cases dealing with national security and state secrets. This diversity is at odds with the ambition of developing a common AFSJ and achieving non discrimination between EU nationals when it comes to the delivery of fundamental rights.

A second key finding of the Study relates to a growing transnational exchange of intelligence and use of these intelligence materials before courts (as developed in Section 2 and Annex 1 of this Study).

The 2013 Snowden revelations provide the general context within which EUMS’ regimes and practices need to be analysed. There has been a growing expansion of intelligence cooperation across the world, which is mainly transatlantic and asymmetrical in nature due to the more prominent role played by the US.
This has strengthened the view that transnational threats require a more extensive sharing of raw data on individuals collected by internet or mobile devices. This trend poses a number of dilemmas from the perspective of judicial accountably and the rule of law (Section 2.1 of this Study). One relates to the difficulties in assessing the quality, lawfulness and accuracy of the information, and the extent to which this very information can be considered ‘evidence’ in trials (Section 2.2). The current reliance on intelligence information is, moreover, problematic in light of insufficient or deferential judicial oversight of executive decisions taken ‘in the name of national security’.
This is particularly also the case in respect of the ways in which the use of state secrets can disrupt government officials’ accountability in cases of alleged ‘wrongdoing’ (Section 2.3).

A third finding concerns an emerging set of European judicial standards from the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU) on issues related to intelligence information, national security and state secrets, in particular when these affect the rights of the defence (refer to Section 3, Annex 1 and Annex 2 of this Study).

One of the most important legal standards when assessing national security and intelligence information is the “in accordance with the law” principle. Continue reading “National security and secret evidence in legislation and before the courts: exploring the challenges”

Towards a Declaration of Internet Rights

by Professor Stefano RODOTA’ (FREE Group member) (*)

For many years there has been a wide discussion about the possibility of adopting an Internet Bill of Rights, and debates have produced a considerable number of proposals. The Berkman Centre at Harvard University counted 87 of such proposals, to which we can add the Internet Magna Charta that Tim Berners-Lee is working on, and lastly the Declaration of the Rights of Internet Rights that has been drafted by a Committee established by the President of the Italian Chamber of Deputies. The novelty of the latter is that for the first time the proposal of an Internet Bill of Rights has not been produced by scholars, associations, dynamic coalitions, enterprises, or groups of stakeholders, but by an institutional entity.

It is necessary to recall that the debate on this topic dates back to the World Summit on the Information Society organised in 2005 by the UN in Tunis, where the need for an International Convention on Internet rights was explicitly underlined. This subject was deepened in the following UN Internet Governance Forums. But the international debate was progressively turned into precise rules within the European Union, even before the issue of the Internet Bill of Rights appeared in the international arena. These are not, however, parallel situationsdestined not to meet at any point. The European Union progressively brought to light the constitutional basis of the protection of personal data, finding its full recognition in Article 8 (**) of its Charter of Fundamental Rights. Here a strong similarity with the Internet Bill of Rights is identified, and it concerns precisely the constitutional scope of rules.

We are going through a phase of deep change in the way in which we are facing the problems highlighted by the Internet dynamics, in the passage from Web 1.0 to Web 2.0 and now to Web 3.0. It is not just a matter of following technological changes by adjusting legal provisions to suit them. A new definition is being developed of the rationale driving actions in this area, through a radical U-turn as regards the dynamics of the latest phase. A possible historical turning point is ahead of us, whose/that’s opportunities must be seized.

It seemed that an approach had become consolidated, which left little room to rights. From Scott McNealy’s abrupt statement of 1999 – “You have zero privacy. Get over it” – up to the recent hasty conclusion by Mark Zuckerberg about the end of privacy as a “social rule”, a line characterised by the intertwining of two elements emerged: technological irresistibility and the primacy of the economic logic. On the one side, in fact, it was highlighted how technological innovations and the new social practices made it increasingly difficult, not to say impossible, the safeguard of one’s private life and of the public liberties; on the other side, the statement on the “death of privacy” had become the argument to state that personal information had to be considered as property of those who collected it.

These certainties were radically challenged by Edward Snowden’s disclosure on the magnitude of the National Security Agency’s Prism programme and by the judgements of the European Court of Justice on data retention and Google. The idea according to which the protection of fundamental rights shall give way to the interests of security agencies and enterprises was rejected.

A new hierarchy has been established, with the fundamental rights as the first and starting point. The US President had to admit the inadmissibility of the procedures provided for by the Prism program and the Court of Justice, with its decision of 8th April, that declared that the Directive on data retention was illegal. And in the Google case the same Court explicitly stated that “the fundamental rights under Articles 7 and 8 of the Charter (…) override, as a norm (…) the economic interest of the operator of the search engine”, in a perspective broadening the European Union’s jurisdiction beyond its borders.

We are faced with a true “resurrection of privacy” and, more generally, with the primacy of the need and legitimacy of rules effectively protecting the rights of Internet users. Making reference to article 8 of the Charter, the Court of Justice was acting as a true constitutional court, opening a new and wide perspective.

The Italian initiative

This is the framework within which the Italian initiative on the Declaration of Internet Rights was adopted. Its goal is not limited to having a text to be used for national debate only.

The establishment of the Committee that drafted the document, in fact, was preceded by an international conference gathering some of the authors of the Brazilian Marco Civil, the representatives of European Institutions, and several experts from different Countries.

The text drafted by the Committee was presented on 13th October during a meeting at the Chamber of Deputies with the Presidents of the Parliamentary Committees of Member Countries in charge of fundamental rights.

The present draft is now submitted to a four-month public consultation on the Internet, at the end of which the Committee will draft the final text. Such consultation, however, is also being carried out at a European and international level, as shown by the contacts with other European Parliaments and by the video conference that will be held at the beginning of December between the Italian and the French Committees. Consultations are also taking place with experts and associations from non-European Countries.

An ambitious target was set: drafting a text allowing a common international debate, accompanied by a constant monitoring by the Chamber of Deputies. The goal is not limited to working in the complex and remote perspective of an international convention. Short-term and feasible results can be achieved, concerning the strengthening of the European system, its developments and the relationships with other countries, and most of all the consolidation of a culture highlighting common dynamics in the different legal systems. In this way, the debate around a future Internet Bill of Rights may lead to the awareness that in the different legal systems several elements already exist that, once connected to one another, establish an informal Internet Bill of Rights. An evidence of such trend is found in the decisions of the Courts of the different Countries and in the choice of legislative models, as shown by the clear influence of the European model on the Brazilian Marco Civil.

The Italian Declaration is characterised by a fundamental choice. Differently from almost all the other ones, it does not contain a specific and detailed wording of the different principles and rights already stated by international documents and national Constitutions. Of course, these are generally recalled as an unavoidable reference. But the attempt of the Declaration, as a matter of fact, was to identify the specific principles and rights of the digital world, by underlining not only their peculiarities but also the way in which they generally contribute to redefining the entire sphere of rights.

The key words – besides the most well-known ones concerning the protection of personal data and the right to the informational self-determination – include access, neutrality, integrity and inviolability of IT systems and domains, mass surveillance, development of digital identity, rights and guarantees of people in Internet platforms, anonymity and right to be forgotten, interoperability, right to knowledge and education, and control over Internet governance. The importance of the needs linked to security and to the market is obviously taken into consideration, but the balancing of these interests with fundamental rights and freedoms cannot take place on equal terms, in the sense of ensuring first and foremost the full respect for rights and freedom according to the clear provisions of the Charter of Fundamental Rights and to European case law.

In particular, security needs shall not determine the establishment of a society of surveillance, control and social sorting. Economic needs are taken into consideration in the framework of the neutrality principle that, by guaranteeing the generative nature of the Internet, keeps the possibilities for innovation unchanged, and prevents strong subjects from creating conditions of exclusion of possible competitors. Furthermore, whenever Internet platforms provide public services that are essential for the life and the activities of people, it is necessary to guarantee the conditions for a suitable interoperability in compliance with the principle of competition and equal treatment of people.

Provided that not all the issues can be analysed in this document, it is suitable recalling the need to consider the access to the Internet as a fundamental right of individuals (Tim Berners-Lee compared it to the access to water), as an essential guarantee not only against any form of censorship, but also against indirect limitations, such as taxation as it is presently happening in Hungary. The set of rights recognised do not guarantee a general freedom on the Internet, but specifically aims at preventing the dependency of people from the outside, the expropriation of the right to freely develop one’s personality and identity as it may happen with the wide and increasing use of algorithms and probabilistic techniques. The autonomy in the management of personal data, therefore, shall also consider new rights as those not to be tracked and to keep silent the chip. This perspective requires a particular in-depth analysis, since a deeply interconnected society is being developed, with a passage to Internet of Things in forms that have suggested some people to speak of an Internet of Everything, which determines a digitalisation of day-to-day lives that is able to transform any person and their bodies.

People cannot be reduced to objects of external powers, they must recover the sovereignty on their digital person. Identity is a key issue. The free development of one’s personality must be safeguarded.

Starting from this set of references, it is necessary to thoroughly examine the issue of the transformation of copyright, whose analysis was postponed to the end of the consultation, since knowledge on the Internet appears as a shared asset that can be considered as a common global resource.

A broader perspective is therefore opened by the Italian draft Declaration, in consideration of the large amount of topics to be tackled and the debate between different points of view; and such Declaration is significantly in line with the European Union policy that particularly emphasises the Charter of Fundamental Rights. The unquestionable aspect is the need to fine-tune a constitutional policy for the Internet, whose users – presently amounting to three billion people – cannot rely on a freedom guaranteed by the absence of rules, as it is still presently stated.

The reality is very different, showing an interconnected network heavily regulated by private subjects that cannot be controlled and that have no democratic legitimation, as it happens – beyond any disputes – with the “Over the Top” operating on the Internet. Internet rights are denied by totalitarian regimes and, unfortunately, by democratic regimes as well. The perspective of a Declaration of Internet rights aims at developing – through procedures different from the ones of the past – the constitutional rules that are fundamental in order to allow the Internet to keep its main feature as a place of freedom and democracy, as the widest space of the history of mankind.


(*) Intervention at the Friedrich-Ebert-StiftungFREE Group experts meeting on :
Internet: only a “single digital market” or also a space to promote fundamental rights – Towards a European “Marco Civil”? (November 12, 2014). The main idea of this experts’ conference has been to have a first look to the impact of the EU Digital Agenda on fundamental rights as framed by the Treaties, the EU Charter and the recent CJEU jurisprudence (Data retention, Google Case..). As stated by the Charter the individual should be at the center of all EU policies and this objective underpins the recent proposal for an Internet Bill Of Rights of the Italian Chamber of Deputies as well as other national examples (Brasilian “Marco Civil” and recent US initiatives at government, congress and civil society level).
Bearing in mind that EU is competent on most of the aspects dealing with Internet the question arises how to preserve and promote individual rights notably in the pending negotiations on legislative proposals notably on Data Protection, Net Neutrality and Network Security (NIS). Moreover what should be the future initiatives to be developed by the a new Commission’s legislative programme impacting on Internet ? How the future EU single digital market could preserve the principles of non-discrimination, and of informational self determination by strengthening the access to internet as a public common good ?
Together with Stefano Rodotà took also part to the Seminar
Claude Moraes Chairman of the European Parliament Civil liberties Committee (which adopted in 2009 a first Internet Bill of Rights resolution)
Jan Philipp Albrecht EP Rapporteur for the Data Protection Regulaiton and for the transatlantic “umbrella” Agreement
Paul Nemitz Director at the European Commission
Giovanni Buttarelli, Assistant European Data Protection Supervisor
Marc ROTENBERG Professor at the Georgetown University and Director of EPIC and Marie GEORGES expert at the Council of Europe
as well as Joe Mc Namee, Executive Director, European Digital Rights (EDRi).

(**) Article 8 Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority



WARNING: THE EU COUNCIL IS TRYING TO UNDERMINE PRIVACY SEALS (and through this, the General Data Protection Regulation)

by Douwe KORFF (*)

(*) Professor Douwe Korff is an Associate of the Oxford Martin School of the University of Oxford and a Visiting Fellow at Yale University (Information Society Project). He helped to establish the European Privacy Seal (EuroPriSe) scheme discussed in the text.

  1. Introduction

Some people, including myself, believe that good privacy seals, managed by the right bodies, can make a serious contribution to high-level data protection – while bad seals, issued by bodies that are more interested in providing fig-leaves and making money, can seriously harm data protection. The arrangements for data protection certification in the new General Data Protection Regulation (hereafter: “the regulation”) are therefore important. The original draft of the regulation, issued by the Commission in January 2012, merely said that certification schemes should be “encouraged” (although it provided for some EU-level harmonisation of the frameworks).

The European Parliament’s amended text is much more ambitious in this regard and, if adopted, would make certification schemes both more integrated with the general data protection regime and stronger, also in terms of ensuring that no seals could be issued in one Member State that would undermine data protection in other Member States.

However, the text set out in an EU Council document dated 26 September 2014 and just leaked, shows that the Member States are trying to undermine the good proposals of Parliament.

At II, I first briefly set out the problems with European privacy seal schemes under the current rules. Next, at III, I analyse the relevant provisions in the different versions of the regulation, adopted by the Commission, Parliament and the Council. Finally, at IV, I conclude that if the Council text were to be adopted, the provisions on seals could become a Trojan Horse that could seriously undermine the in principle strong data protection regime in the regulation (pace other watering-down attempts by the Council). This note thus seeks to sound a warning to those involved in the upcoming trilateral negotiations on the regulation text, not to allow such a dangerous scheme (or rather, an ill-defined miscellany of schemes) to slip in.

  1. Data protection seals and the 1995 Data Protection Directive

There is no explicit provision on data protection- or privacy seals or certification schemes in the main EC data protection directive (Directive 95/46/EC, hereafter “the directive”), although other self-regulatory mechanisms, such as codes of conduct and contractual arrangements are encouraged under it (see Art. 27 re codes; Art. 26(2) re “appropriate contractual clauses”). Nevertheless, the European Commission has in practice encouraged the establishment of seals, in particular by supporting the establishment of the “European Privacy Seal” (EuroPriSe) scheme under an “e-TEN” programme; this was until recently operated by the data protection authority of the German Land of Schleswig-Holstein, the Independent Centre for Privacy Protection (or ULD after its German initials), but has recently been passed on to a private German company, 2B.[1] The French data protection authority, CNIL, has also established a certification scheme, under which controllers can certify that they meet certain CNIL-specified criteria (but so far only in relation to privacy training, data protection audit, and one product: cloud computing).[2]

Continue reading “WARNING: THE EU COUNCIL IS TRYING TO UNDERMINE PRIVACY SEALS (and through this, the General Data Protection Regulation)”