Data Protection after Lisbon and the Charter : with the “Google” ruling the CJEU deals with possible abuses by private companies…


ORIGINAL TITLE : The CJEU’s Google Spain judgment: failing to balance privacy and freedom of expression
By Steve Peers

The EU’s data protection Directive was adopted in 1995, when the Internet was in its infancy, and most or all Internet household names did not exist. In particular, the first version of the code for Google search engines was first written the following year, and the company was officially founded in September 1998 – shortly before Member States’ deadline to implement the Directive.
Yet, pending the completion of negotiations for a controversial revision of the Directive proposed by the Commission, this legislation remains applicable to the Internet as it has developed since. Many years of controversy as to whether (and if so, how) the Directive applies to key elements of the Web, such as social networks, search engines and cookies have culminated today in the CJEU’s judgment in GoogleSpain, which concerns search engines.

The background to the case, as further explained by Lorna Woods, concerns a Spanish citizen who no longer wanted an old newspaper report on his financial history (concerning social security debts) to be available via Google. Of course, the mere fact that he has brought this legal challenge likely means that that the details of his financial history will become known even more widely – much as many thousands of EU law students have memorised the name of Mr. Stauder, who similarly brought a legal challenge with a view to keeping his financial difficulties private, resulting in the first CJEU judgment on the role of human rights in EU law.

The Court’s judgment Continue reading “Data Protection after Lisbon and the Charter : with the “Google” ruling the CJEU deals with possible abuses by private companies…”

After “Prism” (and US Patriot Act section 215): EDRI and FREE submission to US and EU Institutions.



the European Digital Rights Initiative (EDRi) &

Fundamental Rights European Experts Group

(FREE Group)


the United States Congress,

the European Parliament and  Commission

& the Council of the European Union,

& the Secretary-General & the Parliamentary Assembly

of the Council of Europe


the surveillance activities of the United States and certain European States’ national security and “intelligence” agencies

August 2013

Note on the choice of addressees:

EDRi and FREE are submitting this appeal to the addressees mentioned on the cover page for the following reasons:

                      The US Congress is ultimately responsible for providing democratic oversight over the activities of the US Executive.  It has established a Privacy and Civil Liberties Oversight Board (PCLOB) consultation on FISA and the PATRIOT Act.  However, while we are sending a copy of this submission to that consultation, this document is addressed to the Speaker of the House of Representatives and the President pro tempore of the Senate because we argue that the issues raised can only be addressed properly by the establishment of a special investigation committee of Congress, with appropriate support and powers.  We also wish to stress that, whatever the defects in the scope of protection afforded to non-US citizens under the US Constitution, the USA, as parties to the UN International Covenant on Civil and Political Rights and the Council of Europe Cybercrime Convention, are bound under international law to extend privacy protection to non-US citizens and to observe the principles of legality, necessity and proportionality also in their surveillance activities.

                      The European Parliament is responsible for providing democratic oversight over the activities of the European Union, and has taken a keen interest in the issues raised, as has the European Commission, which forms the executive branch of the EU.  However, the European Council (representing the governments of the EU Member States) has been less demanding.  We are calling for all of them to seek to establish the full truth about the relevant laws and practices, in both Europe and the USA.  We are aware of the “national security” exemptions in the main EU treaties, but these are not and should not be absolute, or seen as granting Member States total exemption from scrutiny in this regard.  The EU Charter on Fundamental Rights, which has fundamental status in the EU (even in relation to UN Security Council decisions) and explicitly demands full protection of personal data, cannot be simply ignored in this context.  Ultimately, it is for the European Court of Justice to determine the scope of the exemption, but we already note that the US’ NSA’s activities are manifestly not limited to national security as defined in international law.  We are therefore urging the EU bodies to address the issues to the fullest extent possible within their legal competences.

                      The Council of Europe (CoE), as the oldest, broadest European institution, has the main responsibility for upholding human rights and the rule of law throughout the territory of its 47 Member States.  Its mandate, in particular in relation to human rights and the upholding of the European Convention on Human Rights, does not exclude matters relating to national security.  On the contrary, the standards that we cite in our submission have been mainly developed by the European Court of Human Rights in its case-law under the Convention.  All European States are legally obliged to “secure” full protection of these rights and freedoms.  Within the Council of Europe, responsibility for the upholding of these standards is shared between the Secretary-General and the Committee of Ministers (representing the CoE Member States), the Parliamentary Assembly of the Council of Europe (PACE), and the Court.

Effective action on the issues addressed in this submission will require the involvement of all of the above.  For that reason, we address this submission to all of them.

I.                   General:

1.                  The activities of national security agencies in Europe and the USA, and the arrangements under which they cooperate, have been outside the scope of effective democratic oversight and outside clear legal frameworks for too long; they must be brought under the Rule of Law.

2.                  For Europe, that means those activities must be made to comply, in law and in practice, with the relevant minimum European human rights standards developed by the European Court of Human Rights under the European Convention on Human Rights (ECHR) summarised below, at II, and in Attachment 1.  At present, it appears that several European States are not complying with these standards.

3.                  These European constitutional standards are in line with the global (UN) standards enunciated by the Human Rights Committee acting under the UN International Covenant on Civil and Political Rights (ICCPR) and others, briefly noted in Attachment 2.  All European States and the USA are parties to the ICCPR in particular.

4.                  For the USA, this means that it, too, should bring its activities in line with these standards.  As a first step, US surveillance law and practice (in relation to surveillance of both US citizens and non-US/European citizens) must be made totally clear, and any divergence from those standards must be made public.  Only that will allow for sensible discussions on how to bring those activities into line with international standards.  Current US law as far as currently known is summarised below, at IV, and in Attachment 3.

II.                European requirements:                         

(For more detail, see Attachment 1)

5.                  If an agency of any European State is given powers under the laws of that State to gather information on (the communications- or other data of) anyone, be that within Europe or not, then that activity must be regarded as being done “within the jurisdiction” of the State concerned.[1]  This means that, in relation to any surveillance activity by any European State, on anyone, wherever they are, the State in question must comply with the minimum European standards, set out in Attachment 1, which are directly derived from the ECHR case-law.

6.                  Moreover, from a European perspective, any spying on Europeans and non-Europeans living in Europe, by any non-European State, anywhere in the world, should meet the same minimum European-constitutional and the similar UN standards, set out in Attachment 2.

7.                  Non-European national security agencies should not seek or gain direct access to any personal data held in Europe (e.g., by asking US companies to “pull” data from their Europe-based servers, or to allow US agencies to query the data in Europe, and hand over the results):  that infringes the sovereignty of the relevant European States (PCIJ, Lotus judgment, pp. 18-19).[2]  Instead, they should seek such access through bi- or multilateral assistance treaties, under arrangements similar to Mutual Legal Assistance Treaties (MLATs) for law enforcement agencies;  and those treaties should in substance and process conform to the minimum European-constitutional and international standards.

8.                  Failure of a European State to prevent improper spying by non-European countries constitutes a breach of that country’s “positive obligations” under the ECHR.  Active support for, complicity in, or even passive condoning of such spying would breach the State’s primary obligations under the ECHR.

9.                  In addition, European States and the European Union should ensure that personal data on Europeans and non-Europeans living in Europe, if held on US-based “cloud” servers, will be accessible to the US national security agencies only on the basis of clear and published provisions of treaty arrangements that also meet those European-constitutional and international standards.

III.              USA requirements:                                               

(For more detail, see Attachment 3)

10.              The First and Fourth Amendments to the US Constitution in principle guarantee the right to free speech and freedom from unreasonable searches to US citizens.  However, even domestically, this protection is weakened by the “third party” doctrine on personal data and the relaxed “pen/trap” rules on searches.  Secret rulings of the FISA Court reportedly further erode these rights, arguably in unconstitutional ways.  Those rulings are being challenged in the US courts.  Here, we may note that current US law and practice, even with regard to spying on US citizens, falls short of European and international standards.

11.              Moreover, it has become clear that non-US citizens outside the USA do not enjoy even the limited protections of the First and Fourth Amendments:  they can be spied upon arbitrarily by US agencies, without any meaningful substantive or procedural limitations, in clear breach of international standards on privacy generally, and on privacy and freedom of expression on the Internet in particular.  Under international human rights law, those guarantees should be afforded to “everyone” affected by the measures.

IV.             How to address the issues:  our demands

12.              The ultimate aim should be for both the US and the European legal systems to offer high-level privacy/data protection to “everyone”, in line with the established European minimum standards (set out in Attachment 1), that are also in line with UN standards (set out in Attachment 2); and for those standards to be adhered to in practice by the USA, all European States, and the EU, whether acting independently or jointly.

To this end, we demand urgent action from both the US and the European institutions.

Demands for review and redress from the USA:

i.                    Clarity about the law, and honesty about practice:

13.              We demand complete transparency in relation to the scope and detail of US spying activities, and of the bi- and multilateral arrangements between the USA and other States and international organisations, in particular “5EYES”[3], Atlantic and/or European ones, relating to this activity, under which data on the communications and Internet activities of European citizens are intercepted, held, recorded and/or monitored and analysed.

14.              We demand complete clarity about the limitations of the US legal system, and in particular as concerns the apparent fact that it provides insufficient protection to US citizens, and effectively none to non-US citizens.  Following such a full clarification, urgent measures should be taken to bring the US surveillance system fully into line with international human rights- and privacy/data protection standards.

ii.                  The way to achieve this:                    

15.              While we appreciate the establishment of the PCLOB consultation, we do not believe that this is the appropriate forum or process to achieve the required full transparency, or that it will lead to US law and practice being brought fully into line with the requirements of international law.

16.              To be more specific:  we are joining US civil liberty organisations in calling on the US Congress to establish a properly staffed special investigatory committee, on the lines of the 1970s CHURCH Commission, with the power to subpoena witnesses and documents; and to make arrangements to ensure that European institutions, States and NGOs can fully participate in the investigation carried out by this special committee, and indeed in the drawing up of the mandate for this committee.

iii.                The changes to be made

17.              Senior European politicians have called for the extension of US legal protections afforded under US constitutional and federal law to (communications) data on US citizens, to (communications) data on European citizens held in the USA or accessed from the USA by US agencies, just as data on US citizens, held in Europe, is already protected under European human rights- and data protection law.

18.              Reciprocity is indeed an important element in international relations.  However, in the present context, this fails to recognise that while, in respect of their data, Europeans currently enjoy hardly any protection under US laws, the protection accorded to US citizens under those laws is also deficient, and falls below European and wider international minimum requirements.  Raising the level of US legal protection for data on Europeans to the level of protection of data on US citizens therefore still leaves European citizens and US citizens subject to a regime that falls short of international standards.  That is not enough.

19.              We are joining civil liberty organisations in the USA in calling for fundamental changes in US law, to ensure proper protection under the law against non-transparent and undemocratic surveillance.  New laws must be introduced at federal level to provide much stricter rules, open judicial warrants and rulings, and full democratic control, in accordance with international human rights and privacy/data protection standards.  Specifically, we demand that when such laws are in place, they should afford equal protection to US and non-US citizens.

20.              Until this is achieved, the USA cannot be said to offer “adequate” protection to data, in relation to any of the areas for which the European Commission has (wrongly) held it to offer such protection:  the “Safe Harbor”, the disclosure of PNR data, and the making available of SWIFT data (see below, para. 29).

Demands for review and redress from Europe:

i.                    Clarity about the law, and honesty about practice:

21.              European States are not blameless when it comes to surveillance:  in spite of a much stronger legal regime on paper (under the ECHR), it appears that practice in some (perhaps many) European States also fall seriously short of the European-legal (ECHR) requirements.  Several States, in particular the UK, also seem to have worked closely with the USA (in particular, in ECHELON) in establishing a global surveillance network that appears to blatantly violate European and international law.  We need complete clarity about the laws in the EU- and Council of Europe Member States, and complete clarity about the treaties entered into by European States, and full, honest disclosure about the practices of the national security agencies and –bodies of the EU- and Council of Europe Member States too.


The way to obtain this:                        EU:

22.              The European Parliament has a crucial role to play.  We welcome the European Parliament’s decision to establish a committee of enquiry within the Civil Liberties Committee, and urge it to be broad, to encompass all the threats posed to the rights of European citizens by foreign and EU Member States’ surveillance activities.

23.              We also – but very cautiously and with serious reservations – note the establishment of an EU-US “expert group” to look at these matters.  However, we oppose the excessively limited mandate of this group, and demand full transparency about its composition and activities.  We demand civil society involvement and complete openness for the work of this group.  Without that, its findings and the arrangements it might propose are likely to be incomplete, will lack credibility and, consequently, will be unacceptable.


Although this should be obvious, for the avoidance of any doubt, the EU should make clear, as a matter of urgency, that any disclosure of data on European citizens that is subject to European data protection law (such as financial or airline data, or Europol/Eurojust/etc. data) to, or any access to such data by, national Member States’ national security agencies (NSAs), and a fortiori by third country agencies, is subject to the European data protection rules governing the processing of such data.

Council of Europe

25.              We note the fact that the Council of Europe, which Europe’s main human rights guarantor, is not excluded from addressing matters relating to national security that may affect the human rights of European citizens and indeed of “everyone” affected by measures of CoE Member States.  On the contrary, the European standards set out in Attachment 1 have been developed by the European Court of Human Rights in what is now established case-law, applicable to all Council of Europe Member States (which includes all EU Member States), and indeed to the EU itself (albeit, for now, still indirectly, through “general principles of Union law” and the EU Charter).

26.              Specifically, we call on the Secretary-General of the Council of Europe to exercise his power under Article 52 ECHR to demand of all CoE Member States full disclosure of “the manner in which [their] internal law[s] ensure[s] the effective implementation of” Article 8 of the ECHR in relation to surveillance of electronic communications- and Internet data by their national security agencies; and on the CoE Commissioner of Human Rights, PACE, and NGOs to be fully involved in this enquiry.

iii.                The changes to be made

27.              Until the full truth has been established, and full, appropriate remedial action has been taken to bring the activities of all relevant US agencies in line with international standards, there can be no close cooperation between US and European agencies, or between US and European State’s agencies on the previous, essentially unregulated basis.

28.              Immediate changes:  Given that, as noted above, in para. 20, in the light of the recent revelations, the USA cannot be said to offer “adequate” protection to data in relation to the “Safe Harbor”, the disclosure of PNR data, and the passing on of SWIFT data, the current arrangements are in clear and blatant breach of the primary law of the European Union and, consequently, the EU is legally obliged to immediately suspend all US-related European data protection “adequacy” decisions.

29.              Changes to the General Data Protection Regulation:  Pending adoption of adequate legislation in the USA, European data protection law should ensure that European citizens are clearly warned that, if they provide data to US companies, or to global Internet companies that have links to the USA, use servers in the USA, or are otherwise subject to US FISA and other surveillance orders, their data will not be safe from arbitrary, intrusive surveillance by US agencies.  This is already proposed by senior EU officials and legislators in relation to the General Data Protection Regulation currently in the process of being adopted.  We endorse that proposal.

30.              New treaty arrangements on cooperation between national security agencies:  The post-WWII treaties and arrangements on “national security” and “intelligence” cooperation (including the definitions of these matters) are totally outdated.  We need a complete overhaul of the national and inter-State arrangements on “national security” and “intelligence” cooperation.  The old treaties  – UKUSA, 5EYES, NATO and others –  should be openly discussed and reviewed, and fundamentally changed to bring them into line with the international standards we have adduced.  Without that, we do not live in the free and democratic societies we are made to believe we live in.

– o – O – o –

EDRi and FREE are grateful to Professor Douwe Korff of London Metropolitan University for drafting this paper.


Rue Belliard 20, B-1040 Brussels,

Tel:+32 2 274 25 70



European Digital Rights (EDRi)


European Digital Rights is an association of 35 digital civil rights organisations from 21 European countries. We work together to defend civil rights in the information society.





11 Rue Darwin
1190 Bruxelles


The Fundamental Rights European Experts Group (FREE Group)


 The Fundamental Rights European Expert Group is an NGO whose focus is on monitoring, teaching and advocating in the European Union freedom security and justice related policies.


Attachment 1:


The case-law of the European Court of Human Rights under the European Convention on Human Rights (ECHR) shows the following considerations and requirements of European human rights law relating to surveillance:[4]

                 A system of secret surveillance for the protection of national security may undermine or even destroy democracy under the cloak of defending it.

                 The mere existence of legislation which allows a system for the secret monitoring of communications entails a threat of surveillance for all those to whom the legislation may be applied.

                 In view of these risks, there must be adequate and effective guarantees against abuse.

                 The first of these guarantees is that such systems must be set out in statute law, rather than in subsidiary rules, orders or manuals.  The rules must moreover be in a form which is open to public scrutiny and knowledge.  Secret, unpublished rules in this context are fundamentally contrary to the Rule of Law; surveillance on such a basis would ipso facto violate the Convention.

The following are the “minimum safeguards” that should be enshrined in such (published) statute law, and adhered to in practice:

·                the offences and activities in relation to which surveillance may be ordered should be spelled out in a clear and precise manner;

·                the law should clearly indicate which categories of people may be subjected to surveillance;

·                there must be strict limits on the duration of any ordered surveillance;

·                there must be strict procedures to be followed for ordering the examination, use and storage of the data obtained through surveillance;

·                there must be strong safeguards against abuse of surveillance powers, including strict purpose/use-limitations (e.g., preventing the too-easy disclosure of intelligence data for criminal law purposes) and strict limitations and rules on when data can be disclosed by NSAs to LEAs, etc.;

·                there must be strict rules on the destruction/erasure of surveillance data to prevent surveillance from remaining hidden after the fact;

·                persons who have been subjected to surveillance should be informed of this as soon as this is possible without endangering national security or criminal investigations, so that they can exercise their right to an effective remedy at least ex post facto; and

·                the bodies charged with supervising the use of surveillance powers should be independent and responsible to, and be appointed by, Parliament rather than the Executive.

Under the ECHR, these principles must be applied to anyone who is affected by surveillance measures taken by any Council of Europe Member State under domestic law.

In addition, European States have a “positive obligation” to protect their citizens from surveillance contrary to the above, perpetrated by any other State.  A fortiori, they are under a legal obligation not to actively support, participate or collude in such surveillance by a non-European State.

– o – O – o –

Attachment 2:


Attachment 1 above summarises the European Court of Human Rights’ standards set for “national security” surveillance.  Here, we briefly note that the same standards are also reflected in law and guidance issued at the global level by the United Nations, and by other international organisations, albeit not always in the same detail.

The primary instrument in this respect is the UN International Covenant on Civil and Political Rights (ICCPR or “the Covenant”), the most important binding global human rights treaty, to which all European States and the USA (indeed, almost all UN Member States) are parties.  It is applied and interpreted by the Human Rights Committee, which has issued important relevant guidance.

Further important guidance has been provided in the 1996 Johannesburg Principles on National Security, Freedom of Expression and Access to Information (drafted by Article 19 and other NGOs but endorsed by the UN Special Rapporteur on Freedom of Opinion and Expression) and more recently in statements and reports by that Special Rapporteur and special rapporteurs from other international organisations.  Also relevant is the guidance issued by the Organisation for Security and Co-operation in Europe (the OSCE), to which again all European countries and the USA (and Canada) are parties.

Here, it may suffice to note that all of these stress the same core principles as are stressed by the European Court of Human Rights:

                  –    “national security” must be defined narrowly (see the “Tenth Anniversary Joint Declaration” by the UN Special Rapporteur on Freedom of Opinion and Expression, together with the OSCE Representative on Freedom of the Media, the Organization of American States (OAS) Special Rapporteur on Freedom of Expression and the African Commission on Human and Peoples’ Rights (ACHPR) Special Rapporteur on Freedom of Expression and Access to Information; also the Johannesburg Principles, Principle 2(a) as well as Principle 1.2);

                   –   any interference with the freedom to seek, receive and impart information by any medium (including the Internet), including e-communications- and Internet surveillance, must be based on “law”, i.e., on clear and specific, published legal rules (and published legal interpretations of the rules):  an interference with privacy and communications can be “arbitrary” – and thus in breach of international human rights law, including the ICCPR –  even if it is in accordance with domestic law;

                    –  the law must limit any such the interference to what is “necessary” and “reasonable” or “proportionate”; and

                     – the law must provide for an “accessible and effective remedy” against the interference.

On all of the above, see General Comment 16 on Article 17 ICCPR, paras. 3 and 4; General Comment 31 on General Legal Obligations Imposed on States Parties to the Covenant, para. 15ff.;  and the reports by the Special Rapporteur passim).

                    –  the requirements of “law”, “necessity” and “proportionality” also apply in relation to measures taken to protect national security (Johannesburg Principles, Principles 1.1.(a) & (b), 2(a) & (b)).

Moreover, in assessing the questions of “necessity” and “proportionality” in particular, the Human Rights Committee and the UN Special Rapporteurs will take into account exactly the same kinds of factors as are listed in the case-law of the European Court of Human Rights.

Two related matters deserve special mention in the present context:  the application of international human rights law to the extraterritorial accessing (or “pulling”) of data from servers in another country;  and the duty to extend the rights enshrined in the ICCPR to all individuals without distinction as to nationality or other status.  Specifically:

                 Article 2(1) of the ICCPR requires all States Parties “to respect and to ensure to all individuals within its territory and subject to its jurisdiction the rights recognized in the present Covenant, without distinction of any kind, such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.

                 In the view of the Human Rights Committee:

This means that a State party must respect and ensure the rights laid down in the Covenant to anyone within the power or effective control of that State Party, even if not situated within the territory of the State Party. … [T]he enjoyment of Covenant rights is not limited to citizens of States Parties but must also be available to all individuals, regardless of nationality or statelessness, such as asylum seekers, refugees, migrant workers and other persons, who may find themselves in the territory or subject to the jurisdiction of the State Party. (General Comment 31, emphasis added)

                 Although the Committee has not yet issued any further views or general comments on the matter, it must be assumed that if a State gives itself legal powers to access (or “pull”) data on individuals, when those data are situated outside its physical territory, that State is “exercising jurisdiction” (to be specific: “enforcement jurisdiction”) extra-territorially, in the State where those data are located.  As noted in the body of this paper with reference to the Lotus case, if this happens without the consent of the other State, it violates the sovereignty of that other State.  Here, it should be noticed that that aside, such extra-territorial action by the first State would also mean that that State is asserting “jurisdiction” over those data.  In respect of their data, the individuals concerned are made to be “subject to [the State’s] jurisdiction”.

                 In any such extra-territorial cross-border accessing (or “pulling”) of data, the State in question must therefore comply with all the general requirements of the Covenant (clear, foreseeable “law”; “legitimate aim”, “necessity” and “proportionality”), and with the requirement of Article 2(1), that it affords the protection of Article 17 to the persons affected irrespective of their nationality or other status.

In sum:  The UN standards are fully concordant with the European ones set out in Attachment 1.

– o – O – o –

Attachment 3:


In the USA, communications data and personal information on US citizens (and on some minor categories of non-US citizens living in the USA) are in principle granted protection under the First and Fourth Amendments to the US Constitution, providing protection of free speech and freedom from unreasonable searches.


1.                  There is no general, cohesive, broadly-applicable federal privacy law.  Rather, there is only a largely incoherent and sectorally-based patchwork for federal and state laws, which provide serious privacy protection only in certain areas and respects. See: Chris Hoofnagle, Country Study on the USA, prepared for a wider EU study on New Challenges to Data Protection, at:

2.                  The Electronic Communications Privacy Act (ECPA) allows for the monitoring of communications “meta” data (data on the devices involved in the communications, time, duration, location, etc., but not the contents of communications) on the basis of a “pen register or trap and trace device” warrant, that will be issued on the basis of simple certification by a government attorney that such information is “relevant” to an “ongoing criminal investigation”; there is no need to show “probable cause”, and there is no meaningful judicial oversight. This is because in Smith v. Maryland, the Supreme Court ruled that use of a pen register does not constitute a search, and is thus not protected under the Fourth Amendment.  The surveillance carried out under ECPA, even on US citizens, is extensive and includes massive amounts of e-communications data.  For further details, see: Douwe Korff, Presentation on behalf of EDRi at the EU – USA Privacy Conference, Washington DC, 19 March 2012, available at:

3.                  The PATRIOT Act and FISA Acts allow even more extensive surveillance over US citizens.  Even on their face, the rules in these Acts fall far short of international-legal requirements.  However, the rules have been even further weakened, to the extent that they now reportedly provide hardly any constraint at all, even in respect of US citizens, in relation to national security and “foreign intelligence” matters, by means of secret rulings by the secretive FISA Court.  See: New York Times, 6 July 2013, In secret, court vastly broadens powers of NSA, at:

4.                  The constitutionality of these secret FISA Court rulings is doubtful, and they are being challenged in the US courts.  See: and  5.

                  In any case, and most worrying to Europeans, the First Amendment does not protect the relevant rights of non-US citizens not in the USA (so-called “excludable aliens”):  “[T]he interests in free speech and freedom of association of foreign nationals acting outside the borders, jurisdiction, and control of the United States do not fall within the interests protected by the First Amendment.”

(DKT Memorial Fund Ltd. v. Agency for Int’l Dev., 1989, quoted in Chevron Corporation v. Steven Donziger et al., U.S. District Judge Kaplan order of June 25, 2013).

6.                  Non-US citizens not resident in the USA similarly do not benefit from the protection of the Fourth Amendment, which does no apply if the person affected by a “search” does not have a “significant voluntary connection with the United States (US v. Verdugo-Urquidez, 1979).  Like the First Amendment, the Fourth Amendment only protect “the people”, i.e., US citizens and some eligible (US-resident) aliens.

7.                  Finally, the FISAA §1881a allows US agencies, including in particular the NSA, to capture and trawl through any data, including e-communications and Internet data, of or on any non-US citizen with essentially no constraints.  All that is required is that the capturing and trawling does not inadvertently relate for more than 50% to US citizens, and that the data that are being looked for are “of interest” to “foreign affairs matters” of the USA:  the exercise of these essentially arbitrary powers is not limited to serious offences or terrorism, or to threats to US (or US allies’) national security.  See the report by Caspar Bowden et al. to the European Parliament, Fighting Cybercrime and Protection Privacy in the Cloud, 2012, and the subsequent article by him and Judith Rauhofer, Protecting their own:  Fundamental rights implications for EU data sovereignty in the cloud, 2013, available at, respectively:

In sum:  The US Constitutional Amendments’ protections (as applied) and US Federal and State laws fall short of international standards.  Under ECPA and the PATRIOT and FISA Acts, as further weakened by the secret rulings of the FISA Court, even US citizens enjoy little protection against widespread and intrusive surveillance by US national security agencies in relation to over-broadly-defined “intelligence” matters, in particular in relation to “meta” communications data and Internet data.  In relation to US citizens, this may be unconstitutional.  But non-US citizens outside the USA enjoy not even the (already too low) protection accorded to US citizens:  they can effectively be spied upon arbitrarily, without any meaningful substantive or procedural limitations.  Moreover, the US surveillance activities under FISAA in particular do not appear to be limited to matters of “national security”, properly (restrictively) defined, for neither US citizens or non-US citizens.

– o – O – o –

[1]               Note that this is the case, even if the exercise of that jurisdiction would violate the sovereignty of another State, e.g., because it concerned data in another country (cf. the Lotus case, referred to in para. 7):  the fact that the act was contrary to international law of course does not mean that the State perpetrating the act is not bound by its human rights obligations; that would be perverse.  The point we make here is that in the circumstances described, the State is bound to comply with the European Convention on Human Rights, because the acts concerned are “within its jurisdiction”.  While generally territorial in nature, this concept also covers acts carried out by State bodies within their home country (or territories of the State overseas) under domestic legislation that affects individuals in other countries.

[2]               This is also the view of the vice-president of the European Commission, Viviane Reding, who issued a statement on 25 July 2013, saying:  “The [EU’s new General Data Protection Regulation] will also provide legal clarity on data transfers outside the EU: when third country authorities want to access the data of EU citizens outside their territory, they have to use a legal framework that involves judicial control. Asking the companies directly is illegal. This is public international law.” See: (emphasis added)

[3] The alliance of intelligence operations between the USA, UK, Australia, Canada and New Zealand.

[4]               See the cases of Klass v. Germany (Judgment of 6 September 1978), Weber and Saravia v. Germany (Admissibility Decision of 29 June 2006), Liberty and Others v. the UK (Judgment of 1 July 2008), and Kennedy v. the UK (Judgment of 18 May 2010).  See in particular the summaries in Weber and Saravia, paras. 93 – 95, and in Kennedy, paras. 151 – 154 (which quote Weber and Saravia, paras 93 – 95, thus reemphasising that the approach there summarised is now regarded as settled case-law).

NEW!! : subscribe to the first summer school on the EAFSJ…



Roma, 8-11 July
Sala conferenze Fondazione Basso – via della Dogana Vecchia, 5 – Roma

The European Area of Freedom Security and Justice (EAFSJ): scope, objectives, actors and dynamics.

Night view of Europe

Aim: to take stock of the current state of EAFSJ and of its foreseeable evolution within the next multiannual program 2015-2019 (to be adopted under Italian Presidency at the beginning of the next legislature).
Lenght: 4 one day modules
Subscriptions: on line on the Fondazione Basso internet site :
Participation fees:

Euro 480,00 (ORDINARY FEE).
(Bank Account of Fondazione Lelio e Lisli Basso – Banca Nazionale del Lavoro Ag. Senato Palazzo Madama: IBAN IT18I0100503373000000002777 ).
Subscriptions should be submitted before June 15th.The Summer School will take place only if a minimum number of subscribers is reached !For further information : tel. 0039.06.6879953 –
Languages: lessons will be mainly in Italian (some lessons will be in English and French), teaching material will be in Italian and/or English, French.
English/Italian translation will be available.
The programme is on the web-site of Fondazione Basso ( -Tel. 06.6879953 – email:

July 8th
A Constitutional and Institutional perspective
09h00 am – 06h30 pm

Opening speeches:
Valerio Onida: Freedom, Security and Justice related policies from a constitutional perspective and in relation with international and supranational dimensions
Stefano Manservisi: After the Stockholm Programme : how to preserve the specificity of the European Area of freedom security and Justice related policies by integrating them in the general EU governance and legal framework?


Freedom Security and Justice as the core of the common constitutional european heritage
Protecting fundamental rights: the impact of the accession of the EU to the ECHR. A common European Constitutional Heritage arising from the Council of Europe and European Union European Courts. What can be expected from the Strasbourg Human Rights Court in areas related to the FSJ?.

Speaker: Giuseppe Cataldi

Freedom Security and Justice as the core of the common constitutional european heritage
Promoting fundamental rights: the European Charter and its impact on EU policies. Even if the Charter does not extend the EU competencies it is now a constitutional parameter to be taken in account not only by the European judges but also by the EU legislature, even for policies designed with a more limited scope.

Speaker:Ezio Perillo


Evolution and transformation of the principle of Primacy of EU law. Dialogue and mutual influence of European and national Constitutional Courts.
Fifty years after the landmark case of Van Gend en Loos and four years after the Lissabon-Urteil (Bundesverfassungsgericht judgment of 30.6.2009), the tensions between EU “limits” and national “counter-limits” could arise again notably in the EAFSJ area.

Speaker: Oreste Pollicino

The EAFSJ a cross road of European and national founding values (art. 2), as well as for fundamental and European citizenship rights. How manage the indivisibility of rights and a Member States differentiated integration ?
(Opt-in Opt-out Countries). How far can the EU impact on Member States internal legislation (Towards a “reverse Solange” mechanism)? How the EU and Council of Europe can influence national fundamental rights related policies

Speaker: Nicoletta Parisi

The EAFSJ as supranational constitutional area of democracy. From National State to the European Union: what kind of relation between national and european legal orders ?
Sixty years of EU integration have changed the concept of democracy and sovereignty. There is a metamorphosis in National State’ s traditional role and its constitutional elements such as territory, citizenship and sovereign power. The Kantian vision of a peaceful cosmopolitan project mirrors the category of EU citizenship arising in the EAFSJ. Today Habermas developed the concept of “Constitutional patriottism”, underlying a “constitutionalisation” of the European supranational area. What are the pro and cons of this EU perspective ? The post-Lisbon Treaty stressed that the EAFSJ is becoming the embryo of a European public sphere as well as of a first example of supranational democracy.

Speaker: Francesca Ferraro


July 9th
Institutional dynamics and EU practices
09h30 am – 06h30 pm

The EAFSJ before Lisbon. The intergovernmental cooperation. From “TREVI” via “Schengen” to Amsterdam. The first phase.
How formerly excluded EAFSJ related policies have been integrated into the EU framework. TREVI cooperation, the Schengen agreement (1985) and its 1990 Implementing Convention as well as the Dublin Convention on Asylum.
The emerging notion of supranational space in the Single European Act (1986). The mutual recognition principle in the Internal Market and in EAFSJ-related policies. The Schengen Acquis in the EU legal framework from Amsterdam to Lisbon. Opt-in and Opt-out Countries: the impact of differentiated integration. Schengen relevance and ECJ jurisprudence on the preservation of the Schengen system consistency. From cooperation to integration.

Speaker: Dino Rinoldi


The EAFSJ after Lisbon (1). How the EAFSJ specificity has been preserved by progressively integrating it in the ordinary EU (communitarized) legal institutional framework. The impact on the EU institutions and on the MS.
Dynamics and the role of the Institutions in promoting, negotiating and implementing the EAFSJ-related policies. European Council, European Parliament, Council of the European Union, Commission and Court of Justice interplaying in the EAFSJ. The preparatory work conducted behind the scene by the Commission Directorates General, the Council working bodies – COREPER, CATS, COSI – and the EP parliamentary committees

Speaker: Antonio Caiola

The EAFSJ after Lisbon (2) How democratic principles are fulfilled in the EAFSJ. The impact of the EP on legislative procedures.
The interparliamentary dialogue and the way how the EP and national parliaments play their role when verifying the subsidiarity and proportionality principles in the EAFSJ policies. The emerging role at EU level of “political families” represented at national European and international level (European political parties, EP political groups, national parties).

Speaker: Emilio De Capitani


The EAFSJ after Lisbon (3). How EU policies are framed and implemented at national level. How cooperation, mutual recognition and harmonisation are implemented
How EAFSJ policies are implemented at national level. Problems and opportunities arising notably when implementing the mutual recognition of other EU countries’ measures. How intertwined are the EU and national administration in the EAFSJ related policies. Is there complementarity between EU and National strategies? The EU financial levy as a facilitator of mutual EU-national coordination. The emerging role of EU Authorities and Agencies as a support and meeting space also for national administrations (Ombudsman, FRA, EDPS, FRONTEX, EASO, EMCDDA, EUROPOL, OLAF, CEPOL, EUROJUST, …).

Speaker: Lorenzo Salazar


July 10th
An European space of freedom and rights
09h30 am- 06h30 pm

The EAFSJ after Lisbon (4) Placing the individuale at the heart of EU activities
How EU legislation implements the principles of equality and non-discrimination. The ECJ jurisprudence and the phenomenon of reverse discrimination. EU citizenship-related jurisprudence. Judicial action at national and European level founded on the EU Charter. Infringement of EU founding values and fundamental rights as possible exceptions to the mutual recognition obligations? Fundamental Rights Agency.

Speaker: Valentina Bazzocchi

The EU evolving framework of Transparency, access to documents, principle of good administration, and of classified information
After Lisbon a more transparent independent and efficient EU administration can be founded on Arts 15 and 298 of the TFEU as well as Arts 41 and 42 of the European Charter. However the close intertwining of the EU and the Member States has created a hybrid system of European Classified Information (EUCI), which is particularly relevant in the EAFSJ policies. How do European and national institutions implement the EU principles? How is the principle of good administration secured? What role should the EU Ombudsman play?

Speaker: Deirdre Curtin

Protection of Personal Data. The EU reform.
After the Lisbon Treaty and the merger of the so-called first and third pillars, protection of personal data can be framed in a globally consistent manner. Informational self determination, protection against possible abuses by the private sector as well as by public sector (law enforcement authorities) can now be framed at European level by taking stock of the lessons learned at national and international level (Council of Europe, OECD). How to preserve the role of national authorities and of the new coordinating body.

Speaker: Vanna Palumbo

Freedom of movement border integrated management
Freedom of movement of European citizens as well as of third country nationals in the EU remains a central and controversial issue. The integrated external border management is progressively framed at legislative level (borders, visas..) and implemented at operational level also thanks to the emerging role of Frontex and of the new European networks (SIS II – VIS). New opportunities as well as risks emerge in the definition of the EU-Member State management of internal and external borders

Speaker: Luisa Marin


European Migratory policies
Objectives, legal framework and operational setting of the EU-Member State policies. Five years after the European Pact on Asylum and Migration (2008), what lessons can be drawn for the next (2015-2019) multiannual programme? What improvements can be foreseen for the EU migration governance at central and national level? How are the Member States implementing the EU legislation? What are the main external aspects of the EU migration policy?

Speaker: Henry Labayle

The European common asylum system (and of EASO and EURODAC)
After the first generation of EU “minimum” rules the EU has now established the Common European Asylum System foreseen by Art. 18 of the Charter and Art 78 of the TFEU by taking account of the jurisprudence of the Luxembourg and Strasbourg Courts. At national level high standards should be granted to avoid the problems found for instance with Greece when implementing the Dublin system. The principle of solidarity still seems to be underexploited. Attention should be paid to the new role of EASO (Reg. (EU) No 439/2010) as well as to the implementation of the EURODAC system.

Speaker: Patricia Van de Peer


July 11
An European space of security and justice
09h30 am -06h30 pm

Judicial cooperation in civil matters; complement of the freedom of movement?
Judicial cooperation in civil matters has been one of the most dynamic domains after the entry into force of the Lisbon Treaty. Enhanced cooperation took place in matrimonial matters and intellectual property. Special attention will be reserved for the recently revised Brussels I Regulation (which abolished the “exequatur” procedure) as well as for the new Regulations on succession and wills and on mutual recognition of protection measures in civil matters.

Speaker: Filomena Albano

Internal security strategy: crisis prevention and management.
Special attention will be paid to the implementation of the 2010 European Internal Security Strategy and its impact on the cooperation between the EU institutions and agencies as framed by the “Policy Cycle” for the 2013-2017 period. There will also be a presentation of the implementation of PRUM cooperation and of the “availability principle” as well as the way how security- and intelligence-related information is exchanged notably within the framework of the so-called “Swedish Initiative”. The role played by COSI, Europol and of the internal security fund will be presented and debated together with the impact of the up-coming “Lisbonisation” of EU measures adopted before the entry into force of the Lisbon Treaty

Speaker: Sandro Menichelli


Judicial Cooperation in criminal matters
How judicial cooperation in criminal matters has been developed between countries of different legal traditions (civil and common law). Problems and opportunities arising at each level of cross-border cooperation (open coordination, mutual recognition, legislative harmonisation). The European jurisprudence (Strasbourg and Luxembourg Courts) as well as the impact of the EU Charter. The implementation of the first post-Lisbon measures and impact of the Lisbonisation of former third pillar measures in this domain. Preserving the independence of the judiciary: towards European-wide judiciary quality evaluation systems.

Speaker: Luca De Matteis

The European Public Prosecutor: a pattern also for Member States?
The OLAF Reform and the Eurojust “Lisbonisation” are intermediate phases towards the creation of the European Public Prosecutor’s office (EPPO) (Art. 86 TFEU). The latter will be empowered to bring action also before national courts. The European legislation will determine the general rules applicable to the European Public Prosecutor’s Office, the conditions governing the performance of its functions, the rules of procedure applicable to its activities, as well as those governing the admissibility of evidence, and the rules applicable to the judicial review of procedural measures taken by it in the performance of its functions. What will be the impact, the risks and opportunities arising from the creation of this new European Institution?

Speaker: Claudia Gualtieri

How to empower the EU citizens when EAFSJ are shaped and implemented ?
Round Table with the Intervention of Paul Nemitz, Antonie Cahen, Robert Bray Tony Bunyan

Final Debate


The Treaty of Lisbon and the Charter of Fundamental Rights of the European Union, which entered into force on 1 December 2009, constituted an important step both at the legal level and at the political level in the evolution of the European Union. The aim of the EU now is not only “… to promote peace, its values and the well-being of its peoples”, having presided over, since the end of the Second World War, the longest ever period of peace between European States, but also to achieve “… an area of freedom, security and justice with respect for fundamental rights and the different legal systems and traditions of the Member States.”

After the Treaty of Lisbon, the policies already provided for in the Maastricht Treaty within the framework of the so-called “third pillar” and originally focused mainly on intergovernmental cooperation and cooperation between administrations, are now to evolve into European “common policies” directly towards the interests of the individual, who is placed “at the heart of European integration.”

It is a Copernican revolution in so far as the Union is called not only to offer “… its citizens an area of freedom, security and justice without internal frontiers, in which the free movement of persons is ensured in conjunction with appropriate measures with respect to external border controls, asylum, immigration and the prevention and combating of crime” (Art. 3 TEU and Title V TFEU) but also to promote (and not only protect) fundamental rights and prevent all forms of discrimination (Art. 10 TFEU) and strengthen EU citizenship (Arts 18-25 TFEU) and with it the democratic principles on which it is based (Title II TEU).

The fact that the competences related to the ASFJ are now “shared” with the Member States (Art. 4 TEU) and are to be focused on the rights of the person brings about a daily interaction between the national and the European level, bringing into play national and European values, rights and objectives.

The process of reciprocal hybridization between the nascent European model and traditional national models is anything but politically painless, as the experience of almost thirty years of Schengen cooperation shows.

The aim of this Summer School is to assess the progress and difficulties encountered by the European institutions and the Member States in implementing the Charter of Fundamental Rights and the objectives set by the European Council in the “Stockholm Programme” of 10 December 2009.

Based on this evaluation, we intend to shed light on the possible priority bearing in mind that:
– it will be necessary to adjust the secondary legislation of the European Union in the light of the values and principles which are now enshrined in the Lisbon Treaty and the Charter of Fundamental Rights (“Lisbonisation”);
– we shall be in the final phase of the accession of the EU to the European Convention on Human Rights;
– at the beginning of the next legislature, we will be entering into a new phase in the European judicial area with the negotiations on the establishment of the European Public Prosecutor and the transition to the ordinary legislative procedure with regard to measures of police and judicial cooperation in criminal matters adopted before the entry into force of the Treaty (the transitional arrangements end on 1 December 2014);
– Member States which have hitherto enjoyed special treatment (Ireland, Denmark and the United Kingdom in particular) should have clarified their position with respect to the new phase of the ASFJ and the Schengen cooperation.

In the course of the next legislature it will also be necessary to promote greater consistency between European and national strategies related to the European area of freedom, security and justice. Just as in the economic sphere, the divergence of national public policies has put at risk the credibility of the common currency, the diversity of standards for the protection of the rights in Member States is straining mutual trust, the application of the principle of mutual recognition and the very credibility of the nascent “European model”. The strengthening of the operational solidarity between Member States’ administrations – which is being developed for example within the framework of Schengen cooperation – must be accompanied by legislative, operational and financial measures that implement solidarity between European citizens and third-country nationals on the territory of the Union.

In this perspective, Italy may play an important role as the new multi-annual programme for 2015-2019 is to be adopted by the second half of 2014 under the Italian Presidency.


Valerio Onida, Former President of the Italian Constitutional Court
Giuseppe Cataldi, Pro-rettore Università L’Orientale (Napoli)
Oreste Pollicino, Public comparative law Professor  (Università Bocconi – Milano)
Nicoletta Parisi, EU Law Professor  (Università Catania)
Francesca Ferraro, Visiting Professor (Università L’Orientale – Napoli)
Dino Rinoldi, International Law Professor  (Università Cattolica – Piacenza)
Valentina Bazzocchi, PHD EU Law (Alma Mater Università Bologna)
Deirdre Curtin, Professor of European Law (University of Amsterdam – NL),
Luisa Marin, Assistant Professor of European Law (University of Twente – NL)
Henri Labayle, Professeur de Droit international et européen (Université de Pau et des
pays de l’Adour – France)

Representatives and officials of European and national administrations:
Ezio Perillo (European Civil Service Tribunal)
Stefano Manservisi DG of the Commission DG Home
Paul Nemitz Director at the Commission DG Justice
Antoine Cahen, Patricia Van Den Peer, Claudia Gualtieri (European Parliament)
Filomena Albano, Luca De Matteis, Lorenzo Salazar (Italian Justice Ministery)
Sandro Menichelli (UE Italian Permanent Representation )
Vanna Palumbo (Garante Privacy IT)

Representatives of Civil Society:
Tony Bunyan, Director of Statewatch,Emilio De Capitani, FREE Group Secretary and Visiting Professor (Università L’Orientale – Napoli)


European Union and Hungary: towards a new “Haider” case ?

(Original IT – translation still to be revised)

Hungary puts at risk the Union’s values?

”Such a change among the democratic frameworks that we did today was only done by revolutions before. […] Hungarians today have proved that there is a reason for democracy. […] Hungarians today overthrew a system of oligarchs who used to abuse their power.” The new government will be modest and humble. “ (1)

Two years later, these April 2010 Viktor Orban statements celebrating the Fidesz Party two thirds majority in Parliament following the Hungarian elections, sound now very different as it is the case for the economic forecasts following the 2010 Hungarian elections according to which such an electoral result would had made possible for the Hungarian Forint to recover from the crisis from which it had been barely saved in 2008 by the International Monetary Fund and the European Union.

Now, not only the relations between the EU and the IMF seem to have reached their lowest point (at least judging from the recent interruption of the negotiations with the Hungarian monetary authorities) but even bolder critics are emerging at European level as far as the compatibility of various initiatives of the Orban Government with fundamental rights and respect for democratic principles are concerned.

The situation is so worrying to push Guy Verohfstadt, President of the Liberal Group in the European Parliament to declare that Hungary seems not to fully respect anymore the “values” it subscribed when it joined the European Union, (“values” that the Lisbon Treaty has made even more explicit (2). Hence, according to Verohfstadt the European institutions should trigger the “alert” procedure foreseen by art. 7 par. 1 of the EU Treaty (3).

It is worth noting that such an “alert” procedure may be launched by the European Parliament itself and that it is designed to verify if “.. there is a clear risk of a serious breach by a Member State of the founding values of the European Union and, if such a risk exists the Council would be entitled to formally recommend the State who has lost its bearings to come back on the rights track.

Needless to say that such an “alert procedure” is very different from the “nuclear option” laid down in the second paragraph of the article 7 where the Council could even suspend a Member State voting rights if “a serious and persistent breach” of European Values has been ascertained.

Yet the mere fact of evoking the “alert” procedure has already led the European Parliament’s political groups, to position themselves as in previous cases by mirroring the political position present at national level (situation which will make difficult to reach the third majority needed in the European Parliament to vote the request the Council to address formal recommendation to Hungary).(4)

The European Parliament debate on this issue will take place during the January Plenary session in Strasbourg then the competent parliamentary committee could start its work as far as the European Commission has shown that there is ground to proceed and the Conference of Presidents of political groups consider that a formal report should be prepared following the proposal of the ALDE President Verohfstadt.

All that having being said on procedural aspects, it is worth recalling which have been the main concerns raised by the recent Hungarian initiatives.
Continue reading “European Union and Hungary: towards a new “Haider” case ?”