Category: 3. Fundamental rights – Charter

Unaccompanied minors: the Meijers Committee criticizes the Council Presidency amendments to the Dublin III Regulation

ORIGINAL PUBLISHED HERE

The Meijers Committee (*) is of the opinion that the judgment in case C-646/11 on the position of unaccompanied minors should be implemented fully. This would be in conformity with both the political agreement reached by the co-legislators upon the adoption of the Dublin III regulation and the requirements of the Charter of Fundamental Rights. Accordingly, the original Commission proposal should be adopted, without the changes made in the Council Presidency compromise text. In addition, the Meijers Committee believes that it is in the best interest of the child to extend these provisions to unaccompanied minors who do not lodge an application for international protection. Finally, the Meijers Committee suggests that effective remedies should also be ensured against decisions not to transfer an asylum applicant.

Introduction

The Meijers Committee has taken note of the proposal1 of the European Commission of 26 June 2014 to amend Regulation 604/2013 (the Dublin III Regulation) and the changes made to this proposal in the Presidency compromise text of 20 November 2014.2

The proposal seeks to revise Article 8(4) of the Regulation in the light of the judgment of the Court of Justice of the European Union in case C648/11 MA and Others vs. Secretary of State for the Home Department. In this judgment the Court of Justice ruled that ‘where an unaccompanied minor with no member of his family legally present in the territory of a Member State has lodged asylum applications in more than one Member State, the Member State in which that minor is present after having lodged an asylum application there is to be designated the Member State responsible’.

Article 8(4a) of the proposal reflects this judgment. However, Articles 8(4b and c) of the Presidency compromise text of 20 November 2014 state that, by way of derogation from Article 8(4a), the Member State which has already taken a decision at first instance on the basis of an adequate and complete examination of its substance is responsible under the Dublin Regulation. This does not conform with the judgment in Case C-648/11.

The proposal also addresses the situation of unaccompanied minor asylum applicants who are present in the territory of a Member State and who do not lodge an application there.  Such a situation was not covered by the judgment in case C-648/11. Article 8(4b) of the proposal provides that in that case the unaccompanied child should be transferred to the Member State where he has lodged his or her most recent application, unless this is not in his best interest. The Meijers Committee welcomes the fact that the proposal ‘takes highest account of the Court of Justice’s ruling in case C-648/11’. However, the Committee also wishes to put forward several comments, in particular with regard to Articles 8(4b and c) of the compromise text and Article 8(4d) of the proposal.

A full implementation of the judgment in Case C-648/11

Case C-648/11 concerned the interpretation of Article 6 of Regulation 343/2003 (the Dublin II Regulation). Some Governments contend that this judgment therefore does not require the Union legislator to bring the Dublin III Regulation into conformity with the Court’s judgment. In fact, the Dutch Government put forward the counterargument that such a rule promotes asylum shopping.3 It therefore argues that the rules for transferring asylum seekers pursuant to the Dublin III Regulation should be the same for children and adults alike.4

The Meijers Committee is of the opinion that the Union Legislator cannot but implement the judgment in case C-648/11. It is true that the Court of Justice in case C-648/11 pertained to the old Dublin II regulation. However, the Meijers Committee recalls that upon adoption of the final text of the Dublin III regulation, the co-legislators attached a declaration in which they committed themselves to amending Article 8, once the judgment in C-648/11 was delivered. The Meijers Committee understands this to mean that the Council and Parliament settled their differences by seeking guidance from the Court. Moreover, as explained below, the Court in its ruling explicitly addressed concerns about so-called ‘asylum shopping.’

There are sound legal reasons to implement the Court’s ruling. The Court took into account the objectives of Article 6 (i.e. to make separate provisions for unaccompanied minors) and the Dublin II regulation as a whole (i.e. to guarantee effective access to an assessment of the applicant’s refugee status). The Court held that [s]ince unaccompanied minors form a category of particularly vulnerable persons, it is important not to prolong more than is strictly necessary the procedure for determining the Member State responsible, which means that, as a rule, unaccompanied minors should not be transferred to another Member State.’ The protection of (unaccompanied) minors and effective access to the procedures for granting international protection are also important objectives of the Dublin III regulation.5

Further, the Court of Justice held that Article 24(2) of the Charter of Fundamental Rights of the European Union (the Charter) requires that the child’s best interests must be a primary consideration in decisions concerning the transfer of unaccompanied minors. According to the Court of Justice it is in the interest of unaccompanied minors not to prolong unnecessarily the procedure for determining the Member State responsible, and to ensure that unaccompanied minors have prompt access to the procedures for determining refugee status’. Therefore an unaccompanied minor who lodges an asylum claim in a Member State and is present there should not be transferred to the Member State where he first lodged an asylum claim.

Article 8(4) of the current Dublin III regulation should also be interpreted in conformity with Article 24(2) of the Charter and thus, in principle, prevent the transfer of an unaccompanied minor.6

Legality of the derogation provisions laid down in Article 8(4b and c) of the compromise text

The principles set out by the Court of Justice in its judgment in Case C-648/11 apply to all unaccompanied minors. The question whether these minors still have an asylum procedure pending or completed in another Member State was irrelevant to the Court. However, Article 8(4b and c) of the compromise text provides that an accompanied minor who is present and lodges an asylum claim in a Member State should be transferred to another Member State if that Member State has already taken a final decision on the basis of an adequate and complete examination of its substance. Article 8(4c) contains short time limits in order to guarantee a relatively swift completion of the Dublin procedure. However, it may still take several months (six weeks for the decision in first instance and the time necessary to lodge an effective remedy and obtain a court decision) before the unaccompanied minor will be transferred.

This is not in conformity with the requirement following from the judgment in case C-648/11 that the Dublin procedure must not be prolonged unnecessarily and prompt access to the procedures for determining refugee status must be ensured.

Therefore these provisions violate Article 24(2) of the Charter. There is a clear risk that Articles 8(4b and c) of the compromise text will be declared invalid by the Court of Justice, should they be adopted by the Union legislator. In this respect, it is important to note that the Court of Justice found that a rule as laid down in Article 8(4a) as originally proposed does not entail a risk of asylum shopping.7 The Court considered that an unaccompanied minor whose application for asylum is substantively rejected in one Member State cannot subsequently compel another Member State to examine an application for asylum. According to the Court, Article 25 of Directive 2005/85/EC (asylum procedures directive) allows Member States to declare an asylum application inadmissible (and thus avoid examination of the substance of the application), if the asylum applicant has lodged an identical application after a final decision has been taken against him in another Member State.

The Member State which becomes responsible under Article 8(4) of the proposal needs to inform the Member State with which the first application has been lodged accordingly. In the reasoning of the Court therefore, there is no risk of asylum shopping, because a Member State may declare inadmissible an asylum application that is identical to an application on which another Member State has already finally decided. This possibility is maintained in the recast asylum procedures directive 2013/32/EU (Art. 33(1)(d)).

The Meijers Committee recommends deletion of paragraphs 4b and 4c (I – IV) in their entirety, as they do not comply with the Charter and the case law of the Court of Justice.

Taking back unaccompanied minors who have not claimed asylum

Article 8(4b) of the Commission proposal (Article 8(4d) of the compromise text) provides that Member States should inform unaccompanied minors who are present on their territory of their right to make an application and give them an effective opportunity to lodge an application in that Member State. If the unaccompanied minor does not lodge such application, he will as a general rule be transferred to the Member State where he has lodged his most recent asylum claim. Member States should refrain from transferring the minor if the transfer is not in his best interests.

The Meijers Committee finds that Article 24(2) of the Charter requires that the best interest of the child is a primary consideration in all decisions concerning the transfer of unaccompanied minors to another Member State. Unaccompanied minors belong to a category of particularly vulnerable persons, whether or not they have applied for asylum.8 It follows from the Court of Justice’s judgment in case C-648/11 that extensive procedures for determining the responsible Member State are not in a child’s best interest. This should therefore also apply to unaccompanied minors who did not lodge an application in the Member State in which they are present, as referred to in Article 8(4b) of the proposal.

The Meijers Committee is concerned that the rule laid down in the proposed Article 8(4b) will place the burden on the unaccompanied minor to prove that transfer is not in her or his best interest. Member States may be inclined to apply the general rule rather than performing a full best-interest determination before taking a decision to transfer or not. Furthermore, the proposed Article 8(4b) will encourage unaccompanied minors who do not wish to be transferred to another Member State to lodge an application, even if such an application has no chance of success. This would not be in the interest of the Member States nor in the best interest of the unaccompanied minor.

The Meijer Committee proposes that when the unaccompanied minor makes an informed decision not to apply for asylum, the Member State in which he is present shall perform a best interest determination before taking a decision on his transfer to another Member State. The duty to perform such a best interest determination should be included in Article 8(4b) of the proposal. The rule that the minor should be transferred to the Member State where he has lodged his most recent asylum claim should be deleted.

Legal protection in case the Member State decides not to transfer

The position of unaccompanied minors also highlights an anomaly in the Dublin Regulation in the sphere of effective remedies. Article 27 of the Regulation only ensures the right to an effective remedy ‘against a transfer decision’. Presumably this means that decisions not to transfer an applicant cannot be challenged before a court pursuant to the Regulation. The Meijers Committee has been informed of a number of cases in which an unaccompanied minor has expressly stated a preference to be transferred to another Member State, because a family member is present there, but where no take-charge request is submitted, or where the requested Member State refuses to accept such a request. The Regulation presumes that this a matter for the Member States to settle among themselves. Where, however, a decision not to transfer affects the asylum applicant in the enjoyment of his or her fundamental rights, such as the right to family life or the child’s best interests, an effective remedy against such a decision must be available. This follows clearly from Article 47 of the EU Charter of Fundamental Rights, which lays down that ‘[e]veryone whose rights and freedoms guaranteed by the law of the Union are violated has the right to an effective remedy’.

The Meijers Committee therefore proposes to change the text of Article 27(1) of the Regulation in such a way that an effective remedy is also open to decisions not to transfer an applicant:

Article 27 Remedies

The applicant or another person as referred to in Article 18(1)(c) or (d) shall have the right to an effective remedy, in the form of an appeal or a review, in fact and in law, [before a court or tribunal, against a transfer decision, a failure to submit a take-charge or take-back request as referred to in Articles 21, 23 and 24, or a decision on the request to take charge or to take back as referred to in Articles 22 and 25] before a court or tribunal.

NOTES

1 COM(2014) 382 final.

2 Council Document No 15567/14 of 20 November 2014.

3 Case C-648/11 MA and Others vs. Secretary of State for the Home Department, para 63.

4 TK 2013-2014, 22 112, nr. 1895.

5 See recitals 5, 13 and 16 and Art. 8 of the Regulation.

6 Case C-648/11 MA and Others vs. Secretary of State for the Home Department, para 58.

7 Case C-648/11 MA and Others vs. Secretary of State for the Home Department, para 63.

8 ECtHR 4 November 2014, Tarakhel v Switzerland, Appl. no. , para 119.

 

 

 

 

(*) About: The Meijers Committee is an independent group of legal scholars, judges and lawyers that advises on European and International Migration, Refugee, Criminal, Privacy, Anti-discrimination and Institutional Law. The Committee aims to promote the protection of fundamental rights, access to judicial remedies and democratic decision-making in EU legislation. The Meijers Committee is funded by the Dutch Bar Association (NOvA), the Dutch Refugee Council (VWN), Forum Institute on Multicultural Affairs, the Dutch Section of the International Commission of Jurists (NJCM), Art. 1 Anti-Discrimination Office, and the Dutch Foundation for Refugee Students UAF. Contact info:

Louis Middelkoop Executive secretary l.middelkoop@commissie-meijers.nl +31(0)30 297 4328

Please visit http://www.commissie-meijers.nl for more information.

Towards a European Union legislation on presumption of innocence in criminal law

By Claire PERINAUD

(FREE Group trainee)

“The law holds that it is better that ten guilty persons escape that one innocent suffer” Sir William Blackstone, (Commentaries on the Laws of England1760).

Foreword

For a long time, legal proceedings have been based on factual events. As far as they cannot be proven to be correct 100% of the time, judges had to use legal presumptions. Indeed, the purpose of presumptions is to distribute the burden of proof in order to give a solution to cases without clear evidence . If the parties to an adversarial case are not able to prove, presumption will prevail and the case will be decided against it[i].

The presumption of innocence, according to which one has to  be considered innocent until his or her guilt can be proven by the prosecution and beyond reasonable doubts, was the answerto this need . Dating back toRoman law and originally considered as a procedural rule, the presumption of innocence became progressively the core principle of criminal proceedings[ii], as well as the ‘axiomatic and elementary’ cornerstone of the right to a fair trial[iii].

As a mark of its accession to the rank of a human right, the presumption of innocence is nowadays enshrined in different international instruments, such as at art. 11 of the Universal Declaration of Human Rights of 1948, at art. 14 of the International Covenant on Civil and Political Rights of 16 December 1966, which has been the object of the General Comment 32 by the Human rights Committee.[iv]

The presumption of innocence is also enshrined as the basis of the right to a fair trial and the right of defence of the accused or suspected by article 6 § 2 of the European Convention of Human Rights of 4 November 1950.

In the European Union, before the entry into force of the Lisbon Treaty the presumption of innocence was recognised by the CJEU jurisprudence mostly in the field of competition law. The Luxembourg Court recognised that the presumption of innocence and the applicable rules of evidence, such as those concerning the burden of proof, were general principles of law, whose non-observance would amount to an error of law[v]

However, after the entry into force of the Lisbon Treaty, article 48 § 1 of the Charter of Fundamental Rights of the European Union  is now the clear reference at primary law level to the need to respect for this principle. . It is worth noting that according to  the Charter’s Explanations the right in Article 48(1) is to be given the same meaning and scope as the rights guaranteed by Article 6(2) of the ECHR, as stated by the art. 52 § 3 of the same Charter. Therefore the understanding of what presumption of innocence would mean at the EU level implies a close scrutiny to the ECHR case-law, with the possibility for EU to stem higher standards of protection.

Preparing a specific EU legislative framework for presumption of innocence Continue reading “Towards a European Union legislation on presumption of innocence in criminal law”

The End of the Transitional Period for Police and Criminal Justice Measures Adopted before the Lisbon Treaty. Who Monitors Trust in the European Justice Area?

 Abstract of a study submitted to the European Parliament Civil Liberties Committee. (LIBE) THE FULL TEXT IS AVAILABLE HERE

Authors:                                                                                                                            Prof. Valsamis Mitsilegas, Head of Department of Law and Professor of European  Criminal Law, Queen Mary, University of London                                                                  Dr Sergio Carrera, Senior Research Fellow and Head of Justice and Home Affairs           Section, Centre for European Policy Studies, CEPS                                                                Dr Katharina Eisele, Researcher, CEPS

This Study examines the legal and political implications of the forthcoming end of the transitional period, enshrined in Protocol 36 to the EU Treaties, applicable to legislative measures dealing with police and judicial cooperation in criminal matters and adopted before the entry into force of the Lisbon Treaty. The analysis focuses on the meaning of the transitional period for the wider nature and fundamentals of the European Criminal Justice area and its interplay in the Area of Freedom, Security and Justice (AFSJ). Particular attention is paid to its multifaceted consequences of ‘Lisbonisation’ as regards supranational legislative oversight and judicial scrutiny, not least by the European Parliament in this context, as well as its relevance at times of rethinking the relationship between the principle of mutual recognition of judicial decisions and the fundamental rights of the defence in criminal matters in the AFSJ.

Legal Framework of the Transition

The transitional provisions envisaged in Protocol 36 have limited some of the most far-reaching innovations introduced by the Treaty of Lisbon over EU cooperation in justice and home affairs (JHA) for a period of five years (1 December 2009 to 1 December 2014). Such limits include restrictions on the enforcement powers of the European Commission and of the judicial scrutiny of the Court of Justice of the European Union over legislative measures adopted in these fields before the entry into force of the Lisbon Treaty under the old EU Third Pillar (Title VI of the former version of the Treaty on the European Union). Moreover, Protocol 36 provides for special ‘opt-out/opt-in’ possibilities for the UK. The scope and rules set out in Protocol 36 are of a highly complex and technical nature. The end of the transitional period enshrined in Protocol 36 reveals a complex conglomerate of legal provisions and procedures primarily designed for meeting the interest of some Member States’ governments to limit EU scrutiny, supervision and enforcement powers over national implementation and compliance with European law on police and criminal justice cooperation. This is a critical juncture because the transitional provisions of Protocol 36 come to a formal end on 1 December 2014.

Findings and Challenges

The main legal and political challenges related to the transitional provisions of Protocol 36 are multifaceted. The forthcoming end of the transitional period will only partially address the diverse legal landscape of fundamental rights protection in Europe’s area of criminal justice. The Study argues that the non-participation of the UK in EU legal instruments dealing with suspects’ rights in criminal proceedings undermines severely the effective operability of pre-Lisbon Treaty instruments driven by the mutual recognition principle, such as the European Arrest Warrant, even if from a ‘black letter’ law perspective the UK is entitled to ‘pick and choose’. In addition, the complex legal setting has contributed to creating legal uncertainty and lack of transparency characterising EU criminal justice instruments and their common applicability and implementation across the EU. The ambivalent position of the UK opens up the emergence of different and even competing areas of justice as well as dispersed levels of Europeanisation where enforcement of the principle of mutual recognition and protection of suspect rights are variable and anachronistic across the Union.

That notwithstanding, the Study argues that one of the most far-reaching consequences of the end of the transitional period will be the shifting of supervision on compliance and faithful implementation of EU law on police and criminal justice from domestic authorities in the Member States to EU institutional instances. The end of the transition will most significantly mean the liberalisation of ‘who monitors trust in the AFSJ’. This shift will for the first time ensure transnational legal, judicial and democratic accountability of Member States’ laws and practices implementing EU law in these contested areas, in particular the extent to which EU legislation is timely and duly observed by national authorities.

Protocol 36 does not foresee a formal role for the European Parliament in the decisions involved in the transition. Yet, the Parliament does have responsibility for the partly highly sensitive content of the Third Pillar measures directly affecting the citizens’ rights and freedoms and as co-legislator in post-Lisbon Treaty laws in these same domains. The lack of an effective and independent evaluation mechanism of EU criminal justice instruments based on the principle of mutual recognition poses a major challenge to legal and democratic accountability.

Protocol 36 has primarily aimed at limiting the degree of supranational (EU) legal, judicial and democratic scrutiny concerning EU Member States’ obligations in the EU Area of Justice. The legal patchwork of UK participation in pre- and post-Treaty of Lisbon criminal justice acquis indeed sends a critical signal of incoherency in the current delineation of the European Criminal Justice Area. The Study argues that the varied landscape resulting from the selective participation of the UK in EU criminal law measures poses significant challenges for legal certainty, the protection of fundamental rights in Europe’s area of criminal justice and the overall coherence of EU law.

Article 82(2) TFEU grants express EU competence to legislate on rights of the defence in criminal procedures where necessary to facilitate the operation of the principle of mutual recognition in criminal matters. The legality of post-Lisbon legislation on defence rights is thus inextricably linked with the effective operation of mutual recognition in criminal matters, including of the Framework Decision on the European Arrest Warrant. This is supported by pertinent case law of the Court of Justice of the European Union (CJEU), which ruled against previous UK requests to participate in the Visa Information System, or the Frontex and biometrics regulations on the basis of a teleological and contextual approach focusing on the coherence of EU law.

The Study argues that defence rights should not be negotiable at the expense of citizens’ and residents’ rights and freedoms. There is a direct causal link under EU primary law between the adoption of EU defence rights measures and the effective operation of mutual recognition enforcement instruments. Differing levels of EU Member State commitment to and participation in the fundamental rights of individuals in criminal proceedings run counter to a teleological approach which respects fully the objectives and the integrated nature of the AFSJ.

Recommendations

  • Increasing Coherency and Practical Operability: Suspects Rights as Sine qua non

The transition envisaged in Protocol 36 may well lead to incoherency and practical inoperability of the European Criminal Justice Area. The European Parliament as co-legislator in EU criminal justice law has an active role to play at times of ensuring that a common understanding of ‘ensuring coherency’ and ‘practical operability’ of the EU AFSJ is firmly anchored on strong defence rights and fair trial protection (rights of suspected or accused persons) and a sound rule of law-compliant (on-the­ground) implementation across the domestic justice arenas of EU Member States.

  • Promoting Consolidation and Codification — Better Linking of Mutual Recognition and Rights of Suspects in Criminal Proceedings

The European Parliament should give priority at times of implementing previous inter-institutional calls for consolidation and even codification of existing EU rules and instruments dealing with judicial cooperation in criminal matters. The new LIBE Committee should follow up the calls outlined in the European Parliament Report with recommendations to the Commission on the review of the European Arrest Warrant (2013/2109(INL). This should go along with the full accomplishment of the EU Roadmap of suspects’ rights in criminal proceedings as well as the procedural rights package.

  • Implementation and Evaluation — A Stronger Democratic Accountability

The European Parliament should give particular priority to better ensuring Member States’ timely and effective implementation of pre- and post-Lisbon Treaty European criminal law. An effective and independent evaluation mechanism should be developed following the template provided by the new 2013 Schengen Evaluation Mechanism, in which the European Parliament has played a role in the decision-making and implementation. This template should be followed at times of implementing any future system for criminal justice cooperation.

The Study starts by situating the discussion and briefly explaining the material scope and particulars featuring the transitional period in Protocol 36 in Section 2. Section 3 then moves into locating the debate in the specific context of the UK, and outlining its casuistic or privileged position in respect of the expansion of `supranationalism’ over EU police and criminal justice cooperation. Section 4 identifies a number of cross-cutting dilemmas and challenges affecting the transitional period, in particular those related to the impact of activating the Commission and Luxembourg Court’s legal and judicial scrutiny powers, questions of incoherencies due to UK’s variable participation and the obstacles to practical operability. Section 5 lays down three potential scenarios for the way forward in what concerns issues of fragmentation and coherence, reforming old EU Third Pillar law and the EAW while ensuring their added value, and questions related to implementation, consolidation and codification of EU criminal law. Section 6 offers some conclusions and puts forward a set of policy suggestions to the European Parliament and its LIBE Committee.

Towards a Declaration of Internet Rights

by Professor Stefano RODOTA’ (FREE Group member) (*)

For many years there has been a wide discussion about the possibility of adopting an Internet Bill of Rights, and debates have produced a considerable number of proposals. The Berkman Centre at Harvard University counted 87 of such proposals, to which we can add the Internet Magna Charta that Tim Berners-Lee is working on, and lastly the Declaration of the Rights of Internet Rights that has been drafted by a Committee established by the President of the Italian Chamber of Deputies. The novelty of the latter is that for the first time the proposal of an Internet Bill of Rights has not been produced by scholars, associations, dynamic coalitions, enterprises, or groups of stakeholders, but by an institutional entity.

It is necessary to recall that the debate on this topic dates back to the World Summit on the Information Society organised in 2005 by the UN in Tunis, where the need for an International Convention on Internet rights was explicitly underlined. This subject was deepened in the following UN Internet Governance Forums. But the international debate was progressively turned into precise rules within the European Union, even before the issue of the Internet Bill of Rights appeared in the international arena. These are not, however, parallel situationsdestined not to meet at any point. The European Union progressively brought to light the constitutional basis of the protection of personal data, finding its full recognition in Article 8 (**) of its Charter of Fundamental Rights. Here a strong similarity with the Internet Bill of Rights is identified, and it concerns precisely the constitutional scope of rules.

We are going through a phase of deep change in the way in which we are facing the problems highlighted by the Internet dynamics, in the passage from Web 1.0 to Web 2.0 and now to Web 3.0. It is not just a matter of following technological changes by adjusting legal provisions to suit them. A new definition is being developed of the rationale driving actions in this area, through a radical U-turn as regards the dynamics of the latest phase. A possible historical turning point is ahead of us, whose/that’s opportunities must be seized.

It seemed that an approach had become consolidated, which left little room to rights. From Scott McNealy’s abrupt statement of 1999 – “You have zero privacy. Get over it” – up to the recent hasty conclusion by Mark Zuckerberg about the end of privacy as a “social rule”, a line characterised by the intertwining of two elements emerged: technological irresistibility and the primacy of the economic logic. On the one side, in fact, it was highlighted how technological innovations and the new social practices made it increasingly difficult, not to say impossible, the safeguard of one’s private life and of the public liberties; on the other side, the statement on the “death of privacy” had become the argument to state that personal information had to be considered as property of those who collected it.

These certainties were radically challenged by Edward Snowden’s disclosure on the magnitude of the National Security Agency’s Prism programme and by the judgements of the European Court of Justice on data retention and Google. The idea according to which the protection of fundamental rights shall give way to the interests of security agencies and enterprises was rejected.

A new hierarchy has been established, with the fundamental rights as the first and starting point. The US President had to admit the inadmissibility of the procedures provided for by the Prism program and the Court of Justice, with its decision of 8th April, that declared that the Directive on data retention was illegal. And in the Google case the same Court explicitly stated that “the fundamental rights under Articles 7 and 8 of the Charter (…) override, as a norm (…) the economic interest of the operator of the search engine”, in a perspective broadening the European Union’s jurisdiction beyond its borders.

We are faced with a true “resurrection of privacy” and, more generally, with the primacy of the need and legitimacy of rules effectively protecting the rights of Internet users. Making reference to article 8 of the Charter, the Court of Justice was acting as a true constitutional court, opening a new and wide perspective.

The Italian initiative

This is the framework within which the Italian initiative on the Declaration of Internet Rights was adopted. Its goal is not limited to having a text to be used for national debate only.

The establishment of the Committee that drafted the document, in fact, was preceded by an international conference gathering some of the authors of the Brazilian Marco Civil, the representatives of European Institutions, and several experts from different Countries.

The text drafted by the Committee was presented on 13th October during a meeting at the Chamber of Deputies with the Presidents of the Parliamentary Committees of Member Countries in charge of fundamental rights.

The present draft is now submitted to a four-month public consultation on the Internet, at the end of which the Committee will draft the final text. Such consultation, however, is also being carried out at a European and international level, as shown by the contacts with other European Parliaments and by the video conference that will be held at the beginning of December between the Italian and the French Committees. Consultations are also taking place with experts and associations from non-European Countries.

An ambitious target was set: drafting a text allowing a common international debate, accompanied by a constant monitoring by the Chamber of Deputies. The goal is not limited to working in the complex and remote perspective of an international convention. Short-term and feasible results can be achieved, concerning the strengthening of the European system, its developments and the relationships with other countries, and most of all the consolidation of a culture highlighting common dynamics in the different legal systems. In this way, the debate around a future Internet Bill of Rights may lead to the awareness that in the different legal systems several elements already exist that, once connected to one another, establish an informal Internet Bill of Rights. An evidence of such trend is found in the decisions of the Courts of the different Countries and in the choice of legislative models, as shown by the clear influence of the European model on the Brazilian Marco Civil.

The Italian Declaration is characterised by a fundamental choice. Differently from almost all the other ones, it does not contain a specific and detailed wording of the different principles and rights already stated by international documents and national Constitutions. Of course, these are generally recalled as an unavoidable reference. But the attempt of the Declaration, as a matter of fact, was to identify the specific principles and rights of the digital world, by underlining not only their peculiarities but also the way in which they generally contribute to redefining the entire sphere of rights.

The key words – besides the most well-known ones concerning the protection of personal data and the right to the informational self-determination – include access, neutrality, integrity and inviolability of IT systems and domains, mass surveillance, development of digital identity, rights and guarantees of people in Internet platforms, anonymity and right to be forgotten, interoperability, right to knowledge and education, and control over Internet governance. The importance of the needs linked to security and to the market is obviously taken into consideration, but the balancing of these interests with fundamental rights and freedoms cannot take place on equal terms, in the sense of ensuring first and foremost the full respect for rights and freedom according to the clear provisions of the Charter of Fundamental Rights and to European case law.

In particular, security needs shall not determine the establishment of a society of surveillance, control and social sorting. Economic needs are taken into consideration in the framework of the neutrality principle that, by guaranteeing the generative nature of the Internet, keeps the possibilities for innovation unchanged, and prevents strong subjects from creating conditions of exclusion of possible competitors. Furthermore, whenever Internet platforms provide public services that are essential for the life and the activities of people, it is necessary to guarantee the conditions for a suitable interoperability in compliance with the principle of competition and equal treatment of people.

Provided that not all the issues can be analysed in this document, it is suitable recalling the need to consider the access to the Internet as a fundamental right of individuals (Tim Berners-Lee compared it to the access to water), as an essential guarantee not only against any form of censorship, but also against indirect limitations, such as taxation as it is presently happening in Hungary. The set of rights recognised do not guarantee a general freedom on the Internet, but specifically aims at preventing the dependency of people from the outside, the expropriation of the right to freely develop one’s personality and identity as it may happen with the wide and increasing use of algorithms and probabilistic techniques. The autonomy in the management of personal data, therefore, shall also consider new rights as those not to be tracked and to keep silent the chip. This perspective requires a particular in-depth analysis, since a deeply interconnected society is being developed, with a passage to Internet of Things in forms that have suggested some people to speak of an Internet of Everything, which determines a digitalisation of day-to-day lives that is able to transform any person and their bodies.

People cannot be reduced to objects of external powers, they must recover the sovereignty on their digital person. Identity is a key issue. The free development of one’s personality must be safeguarded.

Starting from this set of references, it is necessary to thoroughly examine the issue of the transformation of copyright, whose analysis was postponed to the end of the consultation, since knowledge on the Internet appears as a shared asset that can be considered as a common global resource.

A broader perspective is therefore opened by the Italian draft Declaration, in consideration of the large amount of topics to be tackled and the debate between different points of view; and such Declaration is significantly in line with the European Union policy that particularly emphasises the Charter of Fundamental Rights. The unquestionable aspect is the need to fine-tune a constitutional policy for the Internet, whose users – presently amounting to three billion people – cannot rely on a freedom guaranteed by the absence of rules, as it is still presently stated.

The reality is very different, showing an interconnected network heavily regulated by private subjects that cannot be controlled and that have no democratic legitimation, as it happens – beyond any disputes – with the “Over the Top” operating on the Internet. Internet rights are denied by totalitarian regimes and, unfortunately, by democratic regimes as well. The perspective of a Declaration of Internet rights aims at developing – through procedures different from the ones of the past – the constitutional rules that are fundamental in order to allow the Internet to keep its main feature as a place of freedom and democracy, as the widest space of the history of mankind.

NOTE

(*) Intervention at the Friedrich-Ebert-StiftungFREE Group experts meeting on :
Internet: only a “single digital market” or also a space to promote fundamental rights – Towards a European “Marco Civil”? (November 12, 2014). The main idea of this experts’ conference has been to have a first look to the impact of the EU Digital Agenda on fundamental rights as framed by the Treaties, the EU Charter and the recent CJEU jurisprudence (Data retention, Google Case..). As stated by the Charter the individual should be at the center of all EU policies and this objective underpins the recent proposal for an Internet Bill Of Rights of the Italian Chamber of Deputies as well as other national examples (Brasilian “Marco Civil” and recent US initiatives at government, congress and civil society level).
Bearing in mind that EU is competent on most of the aspects dealing with Internet the question arises how to preserve and promote individual rights notably in the pending negotiations on legislative proposals notably on Data Protection, Net Neutrality and Network Security (NIS). Moreover what should be the future initiatives to be developed by the a new Commission’s legislative programme impacting on Internet ? How the future EU single digital market could preserve the principles of non-discrimination, and of informational self determination by strengthening the access to internet as a public common good ?
Together with Stefano Rodotà took also part to the Seminar
Claude Moraes Chairman of the European Parliament Civil liberties Committee (which adopted in 2009 a first Internet Bill of Rights resolution)
Jan Philipp Albrecht EP Rapporteur for the Data Protection Regulaiton and for the transatlantic “umbrella” Agreement
Paul Nemitz Director at the European Commission
Giovanni Buttarelli, Assistant European Data Protection Supervisor
Marc ROTENBERG Professor at the Georgetown University and Director of EPIC and Marie GEORGES expert at the Council of Europe
as well as Joe Mc Namee, Executive Director, European Digital Rights (EDRi).

(**) Article 8 Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority

 

 

Tarakhel v Switzerland: Another nail in the coffin of the Dublin system?

ORIGINAL PUBLISHED HERE

by  Professor Steve Peers (FREE Group Member)

Introduction

Despite the EU’s purported adherence to high standards of human rights protection, the EU’s Dublin system, which allocates responsibility for each asylum-seeker’s application to a single Member State, has repeatedly run foul of human rights standards. Yesterday’s judgment of the European Court of Human Rights (‘ECtHR’, or ‘Strasbourg Court’) in Tarakhel v Switzerland, and the recent judgment of the same court in Sharifi v Italy and Greece, have further confirmed the problems in making this system compatible with ECHR obligations.

In fact, the Tarakhel judgment goes further than the prior judgments, which had merely exposed the lack of sufficient human rights protection in the EU legislation, as applied by Member States. Rather, it is now clear that the approach of the Court of Justice of the European Union (CJEU) in interpreting the Dublin rules is also incompatible with the ECHR.

Background

The Dublin rules initially appeared as part of the Schengen Convention, which bound only certain Member States. They were then set out in the form of the Dublin Convention,signed in 1990. This Convention was replaced by an EC Regulation (known as the ‘Dublin II Regulation’) from 2003. That Regulation was in turn replaced by the Dublin III Regulation, adopted in 2013, which applies to all applications made after 1 January 2014. Furthermore, the Dublin rules have been extended to the non-EU countries associated with the Schengen system, by means of treaties with Norway and Iceland on the one hand, and Switzerland and Liechtenstein on the other.

The previous leading cases on the compatibility of the Dublin regime with human rights were (for the Strasbourg court) the 2011 judgment in MSS v Belgium and Greece, and (for the CJEU) the judgment in NS, delivered later that same year. In MSS, the ECtHR ruled that Greece had violated Article 3 ECHR (the ban on torture or other inhuman or degrading treatment) in three ways: its treatment of the Afghan asylum-seeker in question in detention; its failure to secure adequate living conditions for him after release from detention; and its highly deficient asylum procedure. The evidence of these violations was found in numerous reports by NGOs and international bodies. The Court also ruled that Belgium had violated Article 3 ECHR because it had returned the same asylum-seeker to Greece (in accordance with the Dublin rules), even though it must have known of the situation there. For good measure, the Court also ruled that Belgium had violated Article 13 ECHR (the right to an effective remedy), since Belgium did not provide for sufficient reviews of the merits in cases such as this one.

Subsequently, the CJEU ruled in NS that asylum-seekers could not be returned to Greece, pursuant to the Dublin rules, because of systematic deficiencies in the asylum system in that country. Removals in such cases would constitute a breach of Article 4 of the EU Charter of Fundamental Rights (the equivalent of Article 3 ECHR). However, the Court distinguished such major breaches of fundamental rights from minor violations of EU or international rules relating to refugees, which would not require Member States to refrain from applying the Dublin rules.

Before the ECtHR could rule in Tarakhel, the CJEU clarified its position in its judgment in Abdullahi, delivered late in 2013. The Court started out by emphasising the presumption that all EU Member States protected human rights, noting that there was now second-phase legislation establishing the Common European Asylum System. It then characterised the Dublin rules as essentially regulating the relationship between Member States, referring in particular to the optional ‘sovereignty’ and ‘humanitarian’ clauses in the Dublin II Regulation, as well as the possibility of conciliation or separate arrangements between Member States. It followed that when two Member States agreed which of them was the Member State of first authorised entry (triggering responsibility under the Dublin rules), an asylum-seeker could ‘only’ challenge that decision by ‘pleading systemic deficiencies in the asylum procedure and in the conditions for the reception of applicants for asylum’ in the Member State which was deemed responsible for the asylum application.

Finally, the recent Sharifi judgment pf the Strasbourg Court established that Italy’s interception of asylum-seekers from Greece in the Adriatic, and their forced return to Greece, violated Article 3 ECHR as well as the ban on collective expulsions in the Fourth Protocol to the ECHR. In doing so, it confirmed a key corollary of the MSS ruling: Member States breach the ECHR if they stop asylum-seekers fleeing an unsafe country directly from crossing their borders. Although the rules on freedom to travel for third-country nationals in the Schengen Convention do not give asylum-seekers the right to move between Schengen States (unless, improbably, they have a visa or residence permit, or the visa requirement is waived for their country of origin), the ECHR nevertheless gives asylum-seekers the freedom to travel between Schengen countries (or any States) in such circumstances. Also, the right to move to another country extends beyond the three-month time limit on intra-Schengen travel, since asylum-seekers can in principle stay until their claim is finally rejected.

The Tarakhel judgment

Yesterday’s judgment concerned a family of eight Afghans, who entered the EU by crossing the Italian border first. This made Italy responsible for their applications under the Dublin rules. However, the family soon left the asylum-seekers’ reception centre which they were assigned to in Italy, on the grounds that conditions there were inadequate for families. They moved to Austria, which triggered the Dublin rules, asking Italy to take charge of them. Italy agreed, but before their transfer to Italy could be carried out, they moved on to Switzerland. That country in turn asked Italy to take charge of the family; Italy tacitly accepted.

However, they challenged their removal to Italy on the grounds that their treatment in that country, if they were removed there, would violate Article 3 ECHR. They lost their case in the Swiss courts, so asked the ECtHR to rule that their removal to Italy would constitute a breach of Article 3, as well as Article 8 ECHR (the right to family life). They also alleged a breach of Article 13.

The ECtHR rejected the Article 13 claim on the merits, since the Swiss courts had examined the merits of their legal arguments and they were allowed to stay on Swiss territory in the meantime. It held that it was not necessary to examine the Article 8 argument. Most importantly, by a majority of 14-3, it found that there was a breach of Article 3 ECHR.

Yet there are important differences between the MSS judgment and the Tarakheljudgment. Yesterday’s judgment does not state that Italy’s asylum system has effectively collapsed, as was the case in Greece. In particular, there were no allegations in Tarakhelrelating to flaws in Italy’s asylum procedures, or as regards detention. The argument instead was solely about living conditions in Italian detention centres.

The ECtHR began by reiterating its case law from MSS about reception conditions for asylum-seekers. While Article 3 ECHR did not guarantee a home or financial assistance, in cases involving EU Member States the Court took account of their specific obligations in that respect under the EU’s reception conditions Directive. Also asylum-seekers were an ‘underprivileged and vulnerable group’, and it was possible that extreme poverty could raise issues under Article 3. The Court also referred to other prior case law on the need to ensure that child asylum-seekers, who were in a position of ‘extreme vulnerability’, enjoyed ‘protection and humanitarian assistance’.

Next, the Court reiterated the usual rule that Article 3 prevents removal if ‘substantial grounds have been shown for believing’ that there is a ‘real risk’ of treatment contrary to Article 3 in the state of destination. The same rule could be used to rebut the assumption that countries applying the Dublin system were all safe. In this context, the ECtHR referred to the CJEU’s ‘systemic deficiencies’ test set out in the judgment in NS, but made no reference to the ruling in Abdullahi that this was the ‘only’ ground for challenging the application of the Dublin rules. However, the ECtHR also ‘notes’ the recent EM judgmentof the UK Supreme Court, which expressly stated that ‘systemic deficiencies’ were not the only ground for such challenges. Overall, the Court stated that these tests had to be applied by examining ‘the applicant’s individual situation in light of the overall situation prevailing’ in the state of destination.

Applying these rules to this case, the applicants had made three complaints about the situation of the Italian reception system. The first complaint, about the slowness of identification procedures, was dismissed out of hand, since the applicants had in fact been identified quickly. As for the second complaint, the Court accepted the evidence that there were not enough places for all asylum applicants. Thirdly, as for the reception conditions within the available facilities, a number of problems had been identified by the UNHCR and the Council of Europe’s Human Rights Commissioner.

Taken as a whole, then, the Court ruled that the ‘current situation in Italy can in no way be compared to the situation in Greece at the time of the MSS judgment’, where only a small fraction of asylum-seekers could be accommodated and ‘the conditions of the most extreme poverty…existed on a large scale’. So there could not be ‘a bar to all removals of asylum seekers to that country’. Having said that, the Court accepted that there was some risk that asylum-seekers might not get accommodation, or that the accommodation would be inadequate.

As for the individual position of the applicants, that was not comparable to the facts of theMSS case either.  The family in this case were taken care of immediately by the Italian government, rather than detained and then left to fend for themselves. But again, having said that, the Court was concerned that, in light of the vulnerability of asylum-seekers, and children in particular, there was no guarantee of (adequate) accommodation for families seeking asylum in Italy. So Switzerland could not send the family to Italy unless they obtained sufficient assurances on this point. This alone constituted a breach of Article 3 ECHR.

Interestingly, the majority judgment makes no reference to the alternative possibility of asylum-seekers obtaining private family housing at the expense of the State, which the CJEU developed in its recent Saciri judgment on the reception conditions Directive.

Comments

With great respect, there are many flaws with the CJEU’s judgment in Abdullahi. That judgment confuses Regulations (directly applicable in national legal systems) with Conventions (essentially governing relations between States). It places undue reliance on provisions of the Dublin II Regulation which were never applied in practice (conciliation) or were irrelevant to the case at hand (separate arrangements between Member States). It ignores the CJEU’s own case law on the ability to challenge Member States’ application of the Dublin II rules as regards unaccompanied minors (MA), humanitarian situations (K) or withdrawn applications (Kastrati). Its scope is unclear: does it only apply when Member States agree that the criterion regarding irregular entry is applicable, or in other cases as well? In any event, the judgment needs to be rethought in light of the Dublin III Regulation, which considerably expanded the procedural rights of asylum-seekers in the Dublin context. Why do that, if they can only challenge their transfer if there is a complete breakdown in the asylum system of the State responsible for their application?

But the most fundamental flaw in the Abdullahi judgment is exactly that: the CJEU’s statement that at least in some cases, the determination of the responsible Member State can ‘only’ be challenged if there are ‘systemic deficiencies’ in the asylum system of that State. Is that statement still correct after Tarakhel?

Certainly the statement is wrong if the CJEU meant (as it appeared to say) that both the asylum procedure and the reception conditions systems have to have failed in the responsible Member State, before a transfer to that State can be challenged. In Tarakhel, there is no issue raised regarding the asylum procedure in Italy. More generally, the Italian reception system is not in complete breakdown: the Tarakhel family faces neither extreme poverty nor vile detention conditions, but merely some risk that accommodation will either not be available or that it will be somewhat unpleasant. Accordingly, the Swiss obligations are nuanced: there is no ban on transfers, merely a procedural obligation to make arrangements with the Italian authorities.

It isn’t clear whether Tarakhel abandons the CJEU’s assumption that only ‘systemic deficiencies’ in the asylum system of a responsible State can justify a challenge to a Dublin transfer, or whether the judgment merely modifies the notion of ‘systemic deficiencies’ considerably, lowering the threshold for its application. On the first hypothesis, ‘systemic deficiencies’ are just one example of a situation that could lead to rebuttal of the assumption that another Dublin State is safe. Uncertainty about adequate reception conditions for families is another. But surely this cannot be an exhaustive list.

On the second hypothesis, a ‘systemic deficiency’ would not exist only where an asylum system had entirely collapsed, but where some particular aspect of the system was malfunctioning regularly to some extent. By analogy, a car needs to be fixed not only when the brakes entirely fail to work, but also when the windshield wipers occasionally malfunction. The risk is far greater in the first case, but the second case shouldn’t be ignored either. Again, the problems in Tarakhel cannot be the only example of a flaw in the asylum system of a responsible Member State that needs to be fixed before asylum-seekers can be transferred there.

There isn’t much difference between these two possible interpretations of Tarakhel. Although the first interpretation is in principle more open-ended than the second one, it shouldn’t take too much imagination to argue that any particular problem an asylum-seeker might face in the responsible Member State is ‘systematic’ in this very broad sense. The second interpretation does give the CJEU more leeway to back down from its head-banging judgment in Abdullahi, and explain that this was also what it had meant by ‘systemic deficiencies’ all along.

Of course, given the strong insistence on the efficiency of the Dublin system in theAbdullahi judgment, this is obviously not what the Court had meant at the time. Yet the clear message from the Tarakhel case is that there is not a simple binary distinction between cases when all Dublin transfers should stop, on the one hand, and cases when all Dublin transfers should go ahead at full speed, on the other. Instead, like a traffic light, yesterday’s judgment creates an intermediate category of cases in which national administrations must proceed with caution. This will undoubtedly make the Dublin system more costly and complex to administer, but that is often the only way to ensure that human rights are protected effectively.

Barnard & Peers:  chapter 9, chapter 26

THE PROPOSED GENERAL DATA PROTECTION REGULATION: SUGGESTED AMENDMENTS TO THE DEFINITION OF PERSONAL DATA

by Douwe Korff, Professor of International Law

(and FREE Group Member)

  1. Background

In a recent judgment (discussed previously on this blog) the third chamber of the CJEU has ruled that the concept of “personal data” in the 1995 data protection (DP) directive is limited to data directly relating to a person, and does not include legal analyses in the file on the person, on which the state (NL) relied in taking its decisions in relation to that person (Joined Cases C-141/12 and C-372/12). I believe the Court’s restriction of the concept is wrong and contrary to the intended purpose of data protection; and should be corrected in the new General Data Protection Regulation.

First of all, the Court based itself on the, in my opinion erroneous, view that the 1995 EC DP Directive was solely aimed at protecting privacy. In particular, it felt that the right of data subjects to access to their personal data should not extend to a legal analysis of their case, contained in a file on them, because (in the Court’s view) such an analyses “is not in itself liable to be the subject of a check of its accuracy by [a data subject]”, and data subjects should not be able to use data protection to seek a rectification of such an analysis (cf. para. 44 of the judgment).

Secondly, the Court also relied on the fact that data of the kind at issue in the joined cases was administrative data held by a public authority and, drawing a parallel with EU regulations on privacy and access to documents, held that access to the legal analysis should be addressed under the latter rules rather than the former. This failed to take into account the fact that the EU rules referred to apply only to public (i.e., EU) bodies, whereas the 1995 DP Directive applies also, and in indeed especially, to private-sector bodies (in particular companies) that are not subject to public-sector rules on access to administrative data.

The Court’s judgment, in sum, seriously limits the concept of personal data and the right of access to one’s personal data, and thus seriously limits the application of the entire EU data protection regime. It leaves individuals with seriously less rights in respect of data on them (or relating to them, or used to take decisions on them, or that affect them) than was previously thought.

Specifically,the judgment runs directly counter to the authoritative 2007 Article 29 Working Party (WP) Opinion on the concept of personal data (Opinion 4/2007, WP136, of 20 June 2007). This first of all noted that the purpose of data protection is not limited to a narrow concept of privacy – as is indeed also clear from the fact that data protection is guaranteed in the Charter of Fundamental Rights (CFR) as a separate right, sui generis, from the right to private life/privacy (data protection is guaranteed in Article 8 CFR; Privacy in Article 7 CFR). Astonishingly, given that the WP29 is expressly charged with providing guidance on the interpretation and application of the 1995 DP Directive, the Court did not even mention either the Working Party or this specific opinion.

In the opinion, the Working Party discussed four elements of the definition, from which it deduces the appropriate criteria for determining whether data should be regarded as personal data within the meaning of the directive. They can be paraphrased as follows:

The first element: “any information”:

The WP concludes that these words indicate that the concept of personal data should be interpreted broadly, and not limited to matters relating to a person’s private and family life stricto senso (as has wrongly been done in the UK under the Durant decision, and as appears to also underpin the Court’s judgment). It also covers information in any form, including documents, photographs, videos, audio and biometric data, body tissues and DNA.

The second element: “relating to”:

In general terms, information can be considered to “relate” to an individual when it is about that individual. However, data about “things” can also be personal data, if the object in question is closely associated with a specific individual (e.g., mobile phone location data). This is of increasing importance in the era of the Internet of Things. Important in relation to the CJEU judgment, the WP29 adds the following consideration, with reference to an earlier opinion, on radio frequency identification (RFID) tags, WP105 of 19 January 2005 (original italics and bold; underlining added):

In the context of discussions on the data protection issues raised by RFID tags, the Working Party noted that “data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated.“…

[I]n order to consider that the data “relate” to an individual, a “content” element OR a “purpose” element OR a “result” element should be present.

The “content” element is present in those cases where – corresponding to the most obvious and common understanding in a society of the word “relate” – information is given about a particular person, regardless of any purpose on the side of the data controller or of a third party, or the impact of that information on the data subject. (…)

Also a “purpose” element can be responsible for the fact that information “relates” to a certain person. That “purpose” element can be considered to exist when the data are used or are likely to be used, taking into account all the circumstances surrounding the precise case, with the purpose to evaluate, treat in a certain way or influence the status or behaviour of an individual. (…)

A third kind of ‘relating’ to specific persons arises when a “result” element is present. Despite the absence of a “content” or “purpose” element, data can be considered to “relate” to an individual because their use is likely to have an impact on a certain person’s rights and interests, taking into account all the circumstances surrounding the precise case. It should be noted that it is not necessary that the potential result be a major impact. It is sufficient if the individual may be treated differently from other persons as a result of the processing of such data.

These three elements (content, purpose, result) must be considered as alternative conditions, and not as cumulative ones. In particular, where the content element is present, there is no need for the other elements to be present to consider that the information relates to the individual. A corollary of this is that the same piece of information may relate to different individuals at the same time, depending on what element is present with regard to each one. The same information may relate to individual Titius because of the “content” element (the data is clearly about Titius), AND to Gaius because of the “purpose” element (it will be used in order to treat Gaius in a certain way) AND to Sempronius because of the “result” element (it is likely to have an impact on the rights and interests of Sempronius). This means also that it is not necessary that the data “focuses” on someone in order to consider that it relates to him. …

The “legal analyses” that the CJEU ruled were not personal data are clearly covered by the above: they are the very basis on which the data subjects in questions (asylum seekers) were “treated” and “evaluated”. To apply the reasoning of the Working Party: they determine whether Titius should be treated the same way as Gaius or not; and they may also have an impact on the rights and interests of Sempronius.

This is also crucially important in relation to “profiles”. Under the judgment, states and companies could argue that individuals should also not have a right to challenge the accuracy of a profile, any more than the accuracy of a legal analysis; and that, indeed, they are not entitled to be provided on demand with the elements used in the creation of a profile. After all, a profile, by definition, is also based on an abstract analysis of facts and assumptions not specifically related to the data subject – although both are of course used in relation to the data subject, and determine the way he or she is treated.

In my opinion, the above is the most dangerous limitation flowing from the Court’s judgment.

The third element: “identified or identifiable”:

Although this issue did not arise in the CJEU cases, it is still crucial, in particular in relation to the ever-increasing and ever-more-widely-available massive sets of “Big Data”. In the opinion of the WP, the core issue is whether a person is, or can be, singled out from the data, whether by name or not. A name sometimes suffices for this, but often not, while a photograph or an identity number often does allow such singling out even if no other details of the person are known. In relation to pseudonymised or supposedly anonymised data, the WP concluded (with reference to the recitals in the 1995 directive) that the central issue is whether the person can be identified (singled out), whether by the data controller or by any other person, “taking account of all the means likely reasonably to be used either by the controller or by any other person to identify that individual.

The fourth element: “natural person”:

In principle, personal data are data relating to identified or identifiable living individuals. There are some issues relating to data on deceased persons and unborn children: these can often still (also) relate to living individuals, in the way discussed above, and would then still be personal data in relation to those latter individuals. Data on legal entities can sometimes also, similarly, relate to living individuals associated with those entities. Also, in some contexts some data protection rights are expressly extended to legal persons (companies etc.) per se, in particular under the so-called “e-Privacy Directive”. But that is a special case. This too, however, was not an issue relevant to the CJEU judgment.

Until the CJEU judgment, it could be assumed that as long as the General Data Protection Regulation used the same definition of personal data as the 1995 DP Directive, the above elements and criteria could simply be read into the new instrument.

However, the judgment could result in the definition in the GDPR being read in accordance with the Court’s restricted views, rather than in line with the WP29 guidance.

In my opinion, if the EU wishes to retain a strong European data protection framework, as is often asserted, it is essential that the GDPR expressly (if of course briefly) endorses the WP29 view of the issue, rather than the CJEU’s one.

Below, I suggest amendments to the definition of the concept of personal data in the GDPR that would achieve that (some further amendments should be made to the recitals).

  1. Proposed amendments to the GDPR

As can be seen from the Annexes, with the different definitions of personal data and data subject in the Commission text of the GDPR and in the amended version of the Regulation adopted by the EP (and with the corresponding definitions in the current 1995 DP Directive), the definitions all say in essence that:

‘personal data’ means any information relating to a data subject (with ‘data subject’ then defined as “an identified or identifiable natural person”), or:

‘personal data’ means any information relating to an identified or identifiable natural person which comes to the same thing (and is in accordance with the current directive).

The EP text adds clarification on when a person can be regarded as “identifiable”, on the lines of the views of the Article 29 Working Party (drawing on a recital in the current directive); and more specific provisions on “pseudonymous data” and “encrypted data”.

However, neither text adds clarification on the question of when data can be said to “relate” to a (natural, living) persons – which is the issue so badly dealt with in the CJEU judgment.

I propose that the definition of “personal data” in the GDPR be expanded to expressly clarify the question of when data can be said to “relate” to a person, by drawing on the guidance of the Article 29 Working Party set out above; and by also expressly clarifying that “profiles” always “relate” to any person to whom they may be applied. Specifically, I propose that an additional paragraph be added to Article 2(2), spelling out that:

“data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in [Article 20 in the Commission text/Article 4(3a) of the EP text] by their nature relate to any person to whom they may be applied.”

The Annexes indicate more specifically how such an amendment could be incorporated into the current (Commission and EP) texts of the Regulation.

Annex I

PROPOSED AMENDMENTS TO ARTICLE 4 OF THE GENERAL DATA PROTECTION REGULATION:

(Added or amended text in bold)

The proposed amendments if applied to the Commission text:

(1)        ‘data subject’ means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;

(2)        ‘personal data’ means any information relating to a data subject;

(2a)      data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in Article 20 by their nature relate to any person to whom they may be applied.

The proposed amendments if applied to the EP text:

(2)        ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’);

(2a)      an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person;

(2b)     data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person’s rights and interests. Profiles resulting from ‘profiling’ as defined in paragraph (3a) by their nature relate to any person to whom they may be applied.

(2c) ‘pseudonymous data’ means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution;

(2d) ‘encrypted data’ means personal data, which through technological protection measures is rendered unintelligible to any person who is not authorised to access it;

NB: The actual Commission and EP texts are set out in Annex II

Annex II

The definition of “personal data” in the original Commission text of the GDPR and in the amended version of the Regulation adopted by the European Parliament:

Text proposed by the Commission Amendment
Definitions Definitions
For the purposes of this Regulation: For the purposes of this Regulation:
(1) ‘data subject’ means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;
(2) ‘personal data’ means any information relating to a data subject; (2) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject‘); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person;
(2a) ‘pseudonymous data’ means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution;
(2b) ‘encrypted data’ means personal data, which through technological protection measures is rendered unintelligible to any person who is not authorised to access it;

Cf. the following definition in the current 1995 DP Directive:

(a) ‘personal data ‘shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

Some questions to the would-be Commissioner for Better Regulation, Fundamental Rights and Rule of Law (Timmermans)

by Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be Commissioners for Better Regulation, Fundamental Rights and Rule of Law (Timmermans) will be questioned tomorrow by Members of the European Parliament (MEPs), to determine whether the EP should vote to confirm them in office. MEPs have already asked some written questions and the would-be Commissioner have replied. However, during the oral hearing will be an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments.
Rather strangely the hearing will not follow to the EP very detailed internal rules (of art.118 and Annex XVI (*) which require that hearing should take place before the Parliamentary committees Candidate Vice President Timmermans will instead be heard by the Conference of President of political Groups.

1.Rule of law / implementation of EU law
The confidence of all EU citizens and national authorities in the functioning of the rule of law in the Member States is vital to increase the mutual trust and to further develop the EU into “an area of freedom, security and justice without internal frontiers”.
In your written reply you strongly support the recent Commission proposal for a “common rule of law framework (COM(2014)158 as repeatedly advocated by the European Parliament (but criticized by the Council legal Service). However such an exercise risk which should cover all the EU member states, risk to be meaningless if the Commission does not strengthen the mechanisms which implement the principle of sincere cooperation with and between the MS. For instance there is no ground in the Treaty which justify confidential meetings between the Commission and the MS (even in the framework of the so called “EU Pilot mechanism”) when legal certainty on the exact scope of EU citizens rights and obligations are at stake.
As first steps to strengthen the rule of law would not then be appropriate :
– to update the way how the Commission on a daily basis debates with the Member states the implementation of EU legislation?
– make public the MS implementation plans as well as the table of correspondence between EU and national rules ?
– to implement, (five years after the Lisbon Treaty !), the art.70 mechanism on “objective and impartial evaluation of the implementation of the Union policies” in the FSJA by keeping informed the European and national parliaments ?
– to take stock every year of the ruling of the European Courts and of the measures taken at national level ?

2. Charter of Fundamental rights as “roadmap for the EU legislator ?
In a recent ruling the Court of Justice stroke down for the first time an EU Directive (the Data Retention Directive 2006/24) because “.., the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter. ” According to the CJEU the Directive “..does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter” and moreover “does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured…” In other terms from now on the Court of Justice will require a strict assessment of the proportionality and necessity of measures that constitute serious restrictions to fundamental rights, however legitimate the objectives pursued by the EU legislature.
On the basis of this landmark ruling do you not consider your priority to revise under the proportionality perspective the legislation falling in judicial and police cooperation in criminal matters adopted before the entry into force of the Charter and of the Treaty of Lisbon ?
Will you commit to develop a stronger and more transparent strategy to deal with infringements of EU law where the rights in the Charter are threatened by a Member State’s non-existent or incorrect implemenation of its EU law obligations?
Will not be sensible, taking in account your attachment to the REFIT exercise to review the legislation by establishing “sunset clauses” for measures limiting EU citizens rights? Moreover, by sticking on data protection aspects do you not consider that this ruling raise even bigger doubts on the compatibility with the proportionality principle of the EU-US agreements on PNR and TFTP and of the legislative proposals submitted by the Commission on the EU-PNR and the “Entry-Exit” (not to speak of the lack of compliance of the proposal on trusted traveller with the principle of non discrimination) ?  Continue reading “Some questions to the would-be Commissioner for Better Regulation, Fundamental Rights and Rule of Law (Timmermans)”

Some questions to the candidate High Representative for external relations (Federica Mogherini)

By Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be High Representative for the Common Foreign and Security Policy and Commission Vice President for external relations (Mogherini) will  questioned in the next two days by Members of the European Parliament (MEPs), to determine whether the EP should vote to confirm her in office. MEPs have already asked some written questions and the would-be Commissioners have replied. However, the oral hearings which will shortly take place are an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments.

The following are suggested questions on institutional issues, although of course MEPs should also ask questions on the substance of EU foreign policy.

QUESTIONS TO HIGH REPRESENTATIVE CANDIDATE MOGHERINI

1 External Internal Security Policy

In your written answer you claim the need of a consistent and global approach to external and internal security. However, legally these two dimensions have been artificially separated in the Treaties by a disconnection clause (art.40 of TEU) [1] according to which the external security will remain intergovernmental. This means that consensus between the 28 Member States will remain the main rule, there are no legislative powers and the Court of Justice has no full judicial oversight. Bearing in mind these flaws of the EU external security policy (also from the point of view of the democracy principle and of the rule of law) would not be better to achieve some of your goals by building them on the external dimension of “internal” policies (such as protection of borders, migration, judicial and police cooperation)? If so qualified majority will be the rule and external agreements will be approved by the EP (as already happened with some EU-US agreements) and EU acts will be under the control of the Court of justice…

2.Solidarity clause in case of terrorist attack or natural or man made disaster (art. 222 TFEU)

On a joint proposal of your predecessor and of the Commission on 24 June 2014 the Council adopted thearrangements for the implementation by the Union of the solidarity clause (art 222 TFEU)  to be activated  if a Member State is the object of a terrorist attack or the victim of a natural or man-made disaster. The text has been adopted without associating the EP and moreover it does not foresee any structured information of the European Parliament on the way in which threats are defined and monitored, not even in the case that such an event occurs. However even if the Treaty does not impose a requirement to provide this information nothing would had prevented the Council from  foreseeing it on its own initiative also because it would be bizarre that the members of the EP discover a terrorist attack from the press rather than from institutional channels. Will you propose an amendment to that Decision by recognising an adequate space for the EP?

3.Global Approach to Migration and mobility partnership as a binding act

As you rightly say in your written answer, EU development policy and international agreements could be the answer to address the root causes of displacement. However the Global Approach of Migration and the mobility partnership are only diplomatic instruments and are meaningless if not framed as full international agreements. Should they be transformed into legal binding acts (both for third countries and the EU and its Member States) and be accompanied by formal EU agreements with the relevant UN Agencies (UNHCR, IOM) tasking (and financing) them for the interventions in third countries? Continue reading “Some questions to the candidate High Representative for external relations (Federica Mogherini)”

WARNING: THE EU COUNCIL IS TRYING TO UNDERMINE PRIVACY SEALS (and through this, the General Data Protection Regulation)

by Douwe KORFF (*)

(*) Professor Douwe Korff is an Associate of the Oxford Martin School of the University of Oxford and a Visiting Fellow at Yale University (Information Society Project). He helped to establish the European Privacy Seal (EuroPriSe) scheme discussed in the text.

  1. Introduction

Some people, including myself, believe that good privacy seals, managed by the right bodies, can make a serious contribution to high-level data protection – while bad seals, issued by bodies that are more interested in providing fig-leaves and making money, can seriously harm data protection. The arrangements for data protection certification in the new General Data Protection Regulation (hereafter: “the regulation”) are therefore important. The original draft of the regulation, issued by the Commission in January 2012, merely said that certification schemes should be “encouraged” (although it provided for some EU-level harmonisation of the frameworks).

The European Parliament’s amended text is much more ambitious in this regard and, if adopted, would make certification schemes both more integrated with the general data protection regime and stronger, also in terms of ensuring that no seals could be issued in one Member State that would undermine data protection in other Member States.

However, the text set out in an EU Council document dated 26 September 2014 and just leaked, shows that the Member States are trying to undermine the good proposals of Parliament.

At II, I first briefly set out the problems with European privacy seal schemes under the current rules. Next, at III, I analyse the relevant provisions in the different versions of the regulation, adopted by the Commission, Parliament and the Council. Finally, at IV, I conclude that if the Council text were to be adopted, the provisions on seals could become a Trojan Horse that could seriously undermine the in principle strong data protection regime in the regulation (pace other watering-down attempts by the Council). This note thus seeks to sound a warning to those involved in the upcoming trilateral negotiations on the regulation text, not to allow such a dangerous scheme (or rather, an ill-defined miscellany of schemes) to slip in.

  1. Data protection seals and the 1995 Data Protection Directive

There is no explicit provision on data protection- or privacy seals or certification schemes in the main EC data protection directive (Directive 95/46/EC, hereafter “the directive”), although other self-regulatory mechanisms, such as codes of conduct and contractual arrangements are encouraged under it (see Art. 27 re codes; Art. 26(2) re “appropriate contractual clauses”). Nevertheless, the European Commission has in practice encouraged the establishment of seals, in particular by supporting the establishment of the “European Privacy Seal” (EuroPriSe) scheme under an “e-TEN” programme; this was until recently operated by the data protection authority of the German Land of Schleswig-Holstein, the Independent Centre for Privacy Protection (or ULD after its German initials), but has recently been passed on to a private German company, 2B.[1] The French data protection authority, CNIL, has also established a certification scheme, under which controllers can certify that they meet certain CNIL-specified criteria (but so far only in relation to privacy training, data protection audit, and one product: cloud computing).[2]

Continue reading “WARNING: THE EU COUNCIL IS TRYING TO UNDERMINE PRIVACY SEALS (and through this, the General Data Protection Regulation)”

Future of EU migration, home and justice policies. Some questions to the new candidates commissioners..

by Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be Commissioners for immigration and home affairs and Justice will shortly be questioned by Members of the European Parliament (MEPs) in hearings, to determine whether the EP should vote to confirm them in office. MEPs have already asked some written questions and the would-be Commissioners have replied. Since most of the written questions were not very searching (except for a couple of questions on data protection issues), the Commissioners did not reply in much detail. However, the hearings are an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments, in these fields. To that end, we have therefore suggested a number of oral questions which MEPs should ask in the hearings.

Immigration and asylum

The Commission consider that migration policy should be framed by the (non binding) objectives of the global approach to migration (GAMM) and relations with third countries should be dealt with by “Mobility Partnership” which are more diplomatic declarations than binding acts. Would you propose a binding legal basis for treaties with the countries concerned, grounded on Articles 77, 78 and 79 of the TFEU?

What actions will the Commission take to ensure that EU legislation in this field is fully and correctly implemented by the Member States?

Will the Commission propose an immediate amendment to the EU visa code, to confirm that Member States are obliged to give humanitarian visas to those who need them and who apply at Member States’ consulates in third countries?

When will the Commission propose EU legislation to guarantee mutual recognition of Member States’ decisions regarding international protection, including the transfer of protection?

When will the Commission make proposals for a framework for sharing responsibility for asylum-seekers and persons who have been granted international protection, starting with those who have applied outside the territory of the Member States?

Will the Commission propose an immigration code, and what will its main contents be?

The Court of Justice has recognised that search and rescue obligations are interlinked with external borders surveillance (Case C-355/10). The EU adopted rules in this field which governing only border control coordinated by Frontex. Do you intend to propose that such rules should apply to all Member States’ border controls as a general rule, by formally amending the Schengen Borders Code ?

What immediate and longer-term steps will the Commission take to address the death toll of migrants crossing the Mediterranean?

Will the Commission propose to amend the EU legislation on facilitation of unauthorised entry to confirm that anyone who saves migrants from death or injury during a border crossing, or who otherwise acts from humanitarian motives, is exempt from prosecution?

Internal Security and Police cooperation Continue reading “Future of EU migration, home and justice policies. Some questions to the new candidates commissioners..”