3. Fundamental rights – Charter – Page 36 – European Area of Freedom Security & Justice

EU Internal Security strategy: towards a EU-USA common path?

The traditional meeting between the justice and home affairs ministerial representatives of the United States of America (USA) and of the European Union (EU) took place the 8th and 9th December 2010. Ms Janet Napolitano, from the Department of Homeland Security and Mr Eric Holder, General Attorney of the Department of Justice have discussed with the European Union presidency and the Commissioners Ms Cecilia Malmström and Ms Viviane Reding the transatlantic initiatives, both planned and underway- aimed at preventing and combating terrorism and organised crime.

The meeting confirmed the hegemonic and inspiring role that the American administration has towards the European Union when it comes to defining and implementing the European Internal Security Strategy (ISS).

This is true when it come to the synchronisation of the EU’ activities, since the Justice and Home Affairs Council which took place in Toledo in February 2010 adopted the strategy while the US administration approved the Fourth revision of its own internal security strategy.

It is also true in relation to the increasing concurrence of the objectives underpinning it. After all this is not so surprising for two allies which cooperate on a daily basis in all different domains, going from intelligence, money laundering, to the fight against drugs.

Therefore, the European ISS includes the fight against cyber crime, measures aimed at the protection of commercial flights and cargo safety, use of financial personal data and airplanes passengers. These objectives have been recalled by the Commission in its recent Communication entitled “The EU Internal Security Strategy in Action: Five steps towards a more secure Europe”.

The crucial element here is that while these objectives correspond to what the Congress requested, this is not the case for the European Union, where the position of the European Parliament – which should ensure the legislative transposition of some of these objectives- is much more cautious than the one of the Congress. This is even more striking if one take into consideration the fact that the Congress is considered even more demanding than both the Bush and Obama Administration, for instance, concerning borders control with the creation of an entry-exit system and limits to visa liberalisation.

The opposition of the Strasbourg Assembly to the indiscriminate collection and systematic storage of personal data of millions of air passengers (PNR) for several years is renowned. Especially, because these data includes also those of individuals which are not wanted nor suspects and that, even after the controls, are not considered a danger for the flights safety.

That is why the Council of the European Union adopted the 3^rd December 2010 a negotiation mandate to the Commission which should allow revising in a more restrictive manner the data protection provisions which are provisionally applied on the basis of the EU-USA agreement, since 2007.

It goes without saying that it would be rather naïve to expect the American Administration to welcome such a measure, especially because the new Republican majority in the Congress would interpret it as a lowering down of the guard. Nevertheless, it is also self-evident that the current agreement risks to be rejected by the European Parliament at any moment and this possibility would open a dangerous vacuum, also for the aviation companies.[1]

Rather, it is reasonable to expect a greater willingness from the European Parliament’s side to adopt measures concerning the fight against cyber-crime, one of the USA priority for a long time and recently recalled by the Obama Administration during the last EU-USA summit of 20^th November 2010 in the Joint EU-US Statement. The summit promoted a EU-USA working group in the field of cyber security and cyber criminality, which within a year will present a report on a series of initiatives, such as those discussed in the recent EU-US-NATO summit of the 24^th November. These measures includes among others,

– the creation of Computer Emergency Response Team (CERTs) in each European country, along the lines of the corresponding American centres, with the support of the European Agency responsible for network security (ENISA)

– – the implementation of an emergency network

– The creation of a sort of control room at the European level, as indicated by the Commission in its proposal for an internal security strategy.

These measures should be complemented by legislative measures such as the Proposal for a Directive on attacks against information systems, currently under review by the European Parliament. This measure will probably get inspiration from the Convention on Cyber crime of the Council of Europe, ratified by the United States itself.

However, all these measures, as well as the last ministerial meeting, all share the same unresolved problem related to the different data protection standards existing in the two sides of the Atlantic, namely in relation to public security. On the one hand, in the United States the protection of privacy and personal data is not considered a fundamental right (at most a penumbral right, subordinated to the safeguard of the right of expression foreseen by the first amendment and to the right of residence foreseen by the fourth amendment). On the other hand, in the EU, these rights are recognised as fundamental by art. 8 of the European Convention on Human Rights as well articles 7 and 8 of the Charter of Fundamental Rights.

Indeed, the European Parliament has requested, especially after 9/11 a transatlantic binding agreement in this field. This could eventually take place on the basis of negotiation mandate which the Council conferred to the Commission on the 3^rd December and that Vice-President Reding has already presented to the Parliament.

Theoretically, the US authorities should not oppose it given that the mandate recalls the recommendations made by a common working group which has elaborated a series of common principles. However, the American authorities fear that the new agreement will make more difficult the transfer of data that is already taking place under the EU-USA agreement in the field of judicial cooperation in criminal matters, the agreements with Europol and Eurojust and more importantly the various bilateral agreements negotiated in the last decades between the USA and the EU Member States, in the field of security and fight against crime.[2]

The next months look quite challenging and it will be interesting to follow not only the negotiations but also the tone of the dialogue that will be established between the Congress and the European Parliament, i.e. whether they will be able to share to a greater extent the perception of a threat and therefore the need to a common answer.

If this will take place, it could be possible to open the way to a Transatlantic Schengen-like space which ahs already been announced in the EU-US Joint Statement on “Enhancing transatlantic cooperation in the area of Justice, Freedom and Security”

EDC

[1] The same issue is true for those measures which are considered too invasive for the individual privacy, such as the installation of body scanners (1300 are foreseen to be installed in the USA and a few tens in the European Union). It remains to be seen what the European Union will do to implement the new international strategy in the field of aviation security adopted by the 37^th ICAO Assembly which took place on 8^th October 2010 (Comprehensive Aviation Security Strategy) (ICASS).

[2] See Prüm-like agreements on the basis of which the EU Member States committed themselves to transfer information, , to the United States. These transfer include sensitive information, such as DNA codes, in exchange of looser conditions to obtain visa for their citizens.

ACTA negotiations concluded…or maybe not?

The Anti-Counterfeiting Trade Agreement (ACTA) negotiations were concluded in Japan on October 2, after 11 round of the negotiations.

The Anti-Counterfeiting Trade Agreement (ACTA) began in Geneva two years ago. It is a plurilateral trade agreement aimed at establishing international standards on intellectual property rights so as to assist those that are part of the agreement to fight against counterfighting and piracy.

It will include:

– state-of-the-art provisions on the enforcement of intellectual property rights (including provisions on civil, criminal, and border enforcement measures)

– cooperation mechanisms among ACTA Parties and

– establishment of best practices for effective Intellectual Property Rights enforcement.

The reason why ACTA has not been negotiated under the framework of the World Intellectual Property Organisation (WIPO) is related to the impossibility to find an agreement between all the members of WIPO. The last round of negotiations included: Mexico, Australia, Canada, the European Union (represented by the European Commission), Spain, an unnamed EU member state, Japan, Korea, Morocco, New Zealand, Singapore, Switzerland and the United States.

Acta has raised several criticisms (see previous post in this blog) concerning both its content and the secretative approach with which negotiations were held as the consolidated text of 2^nd October shows:

The scope

An unresolved issue refers to the scope of the agreement, for instance, in relation to border measures (see italics underlined part).

“ARTICLE 2.X: SCOPE OF THE BORDER MEASURES

In providing, as appropriate, and consistent with a Party’s domestic system of IPR protection and without prejudice to the requirements of the TRIPS Agreement, for effective border enforcement of intellectual property rights, a Party should do so in a manner that does not discriminate unreasonably between intellectual property rights and that avoids the creation of barriers to legitimate trade.

(…)

ARTICLE 2.X: BORDER MEASURES

Each Party shall provide procedures for import and export shipments:

(a) by which customs authorities may act upon their own initiative, to suspend the release of suspect goods; and

(b) where appropriate by which right holders may request the competent authorities to suspend the release of suspect goods.

where appropriate,

2. situations where the goods are under Customs control:

Each Party may provide procedures for suspect goods in transit or in other

(a) by which customs authorities may act upon their own initiative, to suspend the release of, or to detain, suspect goods; and

(b) where appropriate, by which right holders may request the competent authorities to suspend the release of, or to detain, suspect goods.”

The inclusion of patents in enforcement measures at the border is one of the main concerns of civil society. This is particularly worrisome when it comes to public health border-enforcement measures related to patents within the European Union, which resulted in several stopped shipments of legitimate generic medicines in 2008. Although there are,provisions in the ACTA text addressing goods in transit within the border measures section, parties are still engaged in consultations on this issue.

Another controversial aspect is in the first paragraph under border measures,which refers to the product names associated with a particular place or characteristics. The compromise texts sets out a “certain principle” that signatories to ACTA must respect when putting into place enforcement mechanisms, but leaves open flexibilities for each member’s individual implementation. While some parties wants to include GIs, others think that ACTA should focus on issues of trademarks, counterfeiting and piracy.

On criminal enforcement, private acts of infringement will be excluded. Third-party liability has been removed from “Section 5: Enforcement of Intellectual Property Rights in the Digital Environment”. In this respect, third-party liability was a concern for internet freedom advocates . Several discussions surrounded the issue of the “three- strikes” legislation, which however is not included in the text.

Despite these aspects, technological protection measures remain in the digital section:

“Section 5: Enforcement of Intellectual Property Rights in the Digital Environment

ARTICLE 2.18: ENFORCEMENT IN THE DIGITAL ENVIRONMENT

1. Each Party shall ensure that enforcement procedures, to the extent set forth in the civil and criminal enforcement sections of this Agreement, are available under its law so as to permit effective action against an act of intellectual property rights infringement which takes place in the digital environment, including expeditious remedies to prevent infringement and remedies which constitute a deterrent to further infringement.

2. Each Party’s enforcement procedures shall apply to infringement of at least trademark and copyright or related rights over digital networks, including the unlawful use of means of widespread distribution for infringing purposes . These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity,

including electronic commerce, and, consistent with each Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.13

3. Each Party shall endeavor to promote cooperative efforts within the business community to effectively address at least trademark and copyright or related rights infringement while preserving legitimate competition and consistent with each Party’s law, preserving fundamental principles such as freedom of expression, fair process, and privacy.

4. Each Party may provide, in accordance with its laws and regulations, its competent authorities with the authority to order an online service provider to disclose expeditiously to a right holder information sufficient to identify a subscriber whose account was allegedly used for infringement, where that right holder has filed a legally sufficient claim of infringement of at least trademark and copyrights or related rights and where such information is being sought for the purpose of protecting or enforcing at least the right holder’s trademark and copyright or related rights. These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity, including electronic commerce, and, consistent with each Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.”

It is unclear what the procedure will be for resolving final outstanding issues (the one in italics, underlined and bold)..

The European Parliament has repeatedly reported the danger of having an anti-counterfeiting laws that endanger citizens’ fundamental freedoms (see Resolution of the European Parliament). Once MEPs learned that negotiations on the controversial agreement ended without their consent in Tokyo on Saturday (2 October), they called on the Commission to explain the matter at the earliest.

Besides the content of the agreement, the European Parliament has also criticised the Commission for not keeping it informed during the negotiations and for having denied access to ACTA documents.

For all these reasons Members of the European Parliament have asked the Commission to halt ACTA and have warned they will not give the agreement their approval, replicating the SWIFT case which took place at the beginning of the year.

While waiting for the next developments, another post will therefore focus on the relation between governance and transparency.

(to be continued)

The European Union and State Secrets: a fully evolving institutional framework

Many contemporary debates surround the issue of the treatment of confidential information and state secrets both in the United States (1) and the European Union (2) and questions have also been raised over the WikiLeaks phenomenon. It therefore seems timely to try to shed some light on the way confidential information is handled by the European Union institutions, especially since we now have the entry into force of the Treaties of the European Union, on the Functioning of the European Union and the now binding Charter of Fundamental Rights.

Clearly, it is not technically appropriate to talk about state secrets in the case of the European Union, since the latter remains an international organisation entrusted by its Member States to intervene only in those areas established by the founding treaties and to pursue those objectives established by the funding treaties (3). Nevertheless, the European order now spans such a wide range of competences and has developed such a direct relation between citizens and the institutions that the need for transparency and political accountability is as essential for the European Union as it is for its Member States.

As long as the institutions’ work was covered by professional secrecy, there was minimal risk of leaks and any undesirable impact at the national level during the negotiating phases of European measures. Problems related to a different perception of transparency/secrecy were paradoxically raised with the process of democratisation of the European institutions which, due to Maastricht, has been accompanied with the widening of competences. Additionally, and more importantly, the Amsterdam Treaty ensured that the right of access to documents of the Parliament, Council and Commission (art. 255 TEC) was recognised as a fundamental right of European citizens (and of those legally residing in the EU).

In theory, a fundamental right can only be limited by law (4), but the institutional framework resulting from the implementing measures of article 255 ( EC Regulation 1049/01) is a long way from defining a coherent regime of this sensitive topic. To obtain such a result it would have been necessary to mediate between two different juridical traditions which divided (and still divide) some countries; indeed, Northern Europe is traditionally more favourable to transparency needs whereas some southern countries prioritise the efficiency of the decision making process ahead of transparency (5).

This unresolved conflict is reflected in Regulation 1049/01, which regulates for two different regimes, respectively one of a general nature and one of a specific nature. The general one establishes transparency and the right of access to information as the general rule to which it is possible to derogate only under the provisions established by art. 4. Furthermore, it stems from the will of the author who submitted the document to the institution (whether that be another institution, a Member State or a third party). The ratio behind the suppression of the “author rule” as confirmed by the Court (6), is evidently that of avoiding that additional exceptions are added to those already foreseen by law (7), which would have the effect of nullifying the answer to the citizen requesting the access to a document or information (and therefore being incompatible with the principle of certainty of law).

Nonetheless, the general rule of Regulation 1049/01 also presents a significant exception to article 9 (8), which establishes a specific regime for the so-called “sensitive documents” defined as “… documents originating from the institutions or the agencies established by them, from Member States, third countries or International Organisations, classified as ‘TRÈS SECRET/TOP SECRET’, ‘SECRET’ or ‘CONFIDENTIEL’ (9) in accordance with the rules of the institution concerned, which protect essential interests of the European Union or of one or more of its Member States in the areas covered by Article 4(1)(a), notably public security, defence and military matters.

The regime established in Article 9 is evidently a “lex specialis”, which is only applicable to the external affairs and defence matters (the former “second pillar “). However, it is also an incomplete regime because Regulation 1049/01 does not specify (as foreseen in art. 255 TEC which now is replaced by art. 15 TFEU) the general principles regarding the classification of “sensitive” documents. Although the legislator has abdicated its role and referred the decision to the institutions internal regulations, defining such a rule is not a mere organisational matter.

The official justification for this attempt at a ‘quick-fix’ in 2001 was related to the approaching deadline for the approval of the regulation, as foreseen by the Treaty. The real reason, however, was the impossibility to reach an agreement between the European Parliament and the Council over the adoption of NATO standards at the European level.

Due to article 9 and the fact that that it refers to the internal regulation of the institutions, some measures were introduced through the back door, since the internal regulations of the Council and the Commission (11) were accompanied by the need to have the author’s consent when classifying the document as “sensitive”(12).

In this way, not only have NATO standards become de facto the standards of reference for EU classified information (13), although (for the moment) limited to external and defence matters, but it also re-establishes the pre-Maastricht regime for EU citizens and institutions such as the European Parliament and the Court of Justice. Indeed, these actors cannot refer to the “right” of access to information, because the holding institution can always oppose it in the name of non compatibility with NATO standards of internal security regulations (14) or more simply, because the member state or third party (author or co-author) of the classified document does not give its consent to the transmission of the document.

The result is the existence of a conspicuous number of agreements between on one side the Council and the Commission, and the other side third countries, concluded on the basis of an unstable institutional framework (15). Recently, the same agreements have also been concluded by EU agencies such as Europol, Eurojust or Frontex (and therefore outside of the so-called second pillar), on the basis of which the institution and/or the agency (although negotiating on behalf of the European Union) (16) accept that the third country may oppose access to information to EU citizens and even the Parliament and Court.

It is therefore legitimate to wonder about the extent to which this situation is compatible with a European order, allegedly based on the principle of representative democracy (17), fundamental rights and citizenship (18), especially following the entry into force of the Treaty of Lisbon. The issue becomes even more urgent in view of the passage to the ordinary legislative regime and to the (almost) total control of the Court of sensitive matters such as police, internal security and intelligence cooperation (which are increasingly labelled as classified information).

Without effective transparency, risks of abuse or “policy laundering” become too high. This risk is also linked to the reproduction of unwanted situations where information in the field of defence and external affairs (Chapter 2 of the EU Treaty) are kept hidden, not only from the European Parliament for the reasons illustrated above, but also form the national parliaments as the information is regarded as a “European” secret. In this context, the national parliaments arguably receive the same level of access as a third country.

Therefore, the result would be the complete absence of a counterbalance mechanism which should characterise every democratic system and which would be strengthened by these security and defence policies under the formal coverage of European “executive privilege”, which not even the President of the United States of America has ever dreamt.

Luckily, the situation is less worrisome in other parts of the treaties, for example where it is established that the European Parliament must ratify international agreements. In this case, the same Treaty foresees that the Parliament “shall be immediately and fully informed at all stages of the procedure” (art. 218 par. 10 TFEU). This should effectively prohibit the Commission (negotiating the agreements) and the Council (concluding the agreements) from being able to make excuses in order to not reveal all the information.

Indeed, the European Parliament has made reference to these provisions throughout the negotiations on SWIFT, ACTA and the access of the EU to the European Convention on Human Rights. This initiative raised disconcert from the Council and Commission, who obviously realise how difficult it is to maintain two different regimes in the field of classified information depending on whether the negations of the agreements are conducted on the basis of Article 218 TFEU or on the basis of the competences in the field of security and defense (which are based on Article. 9 of Regulation 1049/01 and/or the internal organisation competence of the Council, Commission and security agencies). If in theory it is possible, although difficult, to differentiate between these two agreements at the European level, it turns into a “probation diabolica” to explain to a third country why matters such as the fight against terrorism may sometimes refer to an ordinary regime (article 218 TFEU) or to an extraordinary regime (art. 9 1049/01)

The process of re-negotiating the inter-institutional agreements concerning the European Parliament’s access to classified information is ongoing. A first draft agreement will be reviewed by the Committee on Constitutional Affairs of the European Parliament and a second one will take place between the European Parliament and the Council to modify the 2002 agreement applying Regulation 1049/01 (20).

The problem is that some expression of this agreement (not ratified yet) seem to extend the preventive consent to de-classify the document given by the author from the exceptions of defence and security issues to all the matters of competences of the European Union. Such an iron grip would put the European Parliament in a position leading to its abdication (21) of the right/duty to exercise the democratic control foreseen by the treaty.

However, the issue remains undefined and contradicting signals are coming from the High Representative. This is important as the High Representative is about to adopt a declaration accompanying the decision which establishes the organisation and functioning of the European external service which “ (…) will be applied mutatis mutandis by the High Representative for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.”

It remains to be seen whether the European institutions will be able to finally overcome the long-lasting inconsistencies of the Regulation 1049/01 by establishing a European matter also in the field of the state secrets or whether, by carrying on the current, judicially confusing paths, once again the task of clarification will be left to the Court.

EDC

NOTE

(1) See the fundamental investigation of the Washington Post on the possible abuses of the documents’ classification from the USA administration since 9/11.

(2) See the current debate at the COPASIR concerning the revision of the Italian law on the “services” and the treatment of the state secret (L. 124/2007)

(3) Concept reaffirmed by the German Constitutional Court in several occasions (including 2009 with the famous Lisbon Urteil) the Union cannot gives itself different or wider competences than those granted by the Member State.

(4) As foreseen by the Member States’ constitutions and by the ECHR.

(5) This is an expression also used by article 207 of the “old” EC Treaty but that the Council has always interpreted as the conditions that allow the representatives of the Member States to change their negotiating positions in complete discretion according to circumstantial needs)

(6) This principle has been reaffirmed also recently by the Court of Justice

Case C‑64/05 P Kingdom of Sweden vs Commission of the European Communities (see: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:62005J0064:EN:HTML )

(7) In the case of a member State it could be requested to see applied its own national regime and in the case of a third country needs

(8See: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:145:0043:0048:IT:PDF

(9) Strangely enough the Italian version of the Regulation 1049/01 only refers to the category of the “confidential” documents.

(10) It is “…public interest safeguards, namely:— public order, — safeguard of military matters — International relations, — financial, monetary or economy policy of the Community or Member states

(11)See Council decision 2001/264/CE 19 march 2001 adopting internal security regulation OJ n°101, 11.04.2001 modified following the entry into force of the Lisbon treaty.

(12) The “considering” 15 of the regulation invited the Member states to respect in the name of the principle of loyal cooperation the classifications established by the European institutions so as to avoid leaks related to National security matters “ Even though it is neither the object nor the effect of this Regulation to amend national legislation on access to documents, it is nevertheless clear that, by virtue of the principle of loyal cooperation which governs relations between the institutions and the Member States, Member States should take care not to hamper the proper application of this Regulation and should respect the security rules of the institutions.

(13) European Classified Information (EUCI)

(14) For obvious reasons and given the peculiar nature and constitutional mission of the European Parliament or the court of Justice.

(15) See as a last example the agreement between the EU and Liechtenstein concerning the security procedures for the Exchange of classified information http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:187:0002:0004:EN:PDF

(16) Art. 3 of the above mentioned agreement establishes that “the European Council, the Council of the European Union (hereinafter referred to as ‘the Council’), the General Secretariat of the Council, the High Representative of the Union for Foreign Affairs and Security Policy, the European External Action Service (hereinafter: ‘the EEAS’) and the European Commission. For the purposes of this Agreement, these institutions and entities shall be referred to as ‘the EU»

(17) Artt. 9-12 of the TEU in specific art. 10

(18) Artt.18-24 TFEU

(19). See for example the regime for the treatment of classified information foreseen by the Decision of the Council establishing Europol http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2009:121:SOM:EN:HTML and the implementing measures concerning the exchange of information with third countries: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:325:0006:0011:EN:PDF. These provisions, which entered into force in January 2010 should be interested on the basis of the regime before the entry into force of the Lisbon Treaty in virtue of the transitory provisions foreseen by protocol n° 36.

(20) The text of the inter-institutional agreement EP-Council is available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2002:298:0001:0003:EN:PDF

(21) Obviously it would be only a de fact abdication given that the inter-institutional agreement cannot modify a juridical situation defined by a treaty. However, the signal is worrying as much as the stall of the revision of Regulation 1049/01 and the juridical vacuum under which the EU institutions (and agencies) are now operating, since they should have defined their own norms in the field of transparency/confidentiality on the basis of principles that still need to be defined after Lisbon.

(22) See in specific the declaration f the high represntative:http://register.consilium.europa.eu/pdf/it/10/st12/st12401-ad01.it10.pdf ) “.. The results of the ongoing negotiations on the Framework Agreement between the European Parliament and the Commission on negotiations of international agreements will be applied mutatis mutandis by the HR for agreements falling under her area of responsibility, where the consent of the Parliament is required. The European Parliament will be, in accordance with Article 218 (10) TFEU, immediately and fully informed at all stages of the procedure, including for agreements concluded in the area of CFSP.. (…) 4. The present system of providing confidential information on CSDP missions and operations (through the IIA 2002 ESDP EP Special Committee) will be continued. The HR can also provide access to other documents in the CFSP area on a need to know basis to other MEPs, who, for classified documents, are duly security cleared in accordance with applicable rules, where such access is required for the exercise of their institutional function on the request of the AFET Chair, and, if needed, the EP President. The HR will, in this context, review and where necessary propose to adjust the existing provisions on access for Members of European Parliament to classified documents and information in the field of security and defence policy (2002 IIA ESDP). Pending this adjustment, the HR will decide on transitional measures that she deems necessary to grant duly designated and notified MEPs exercising an institutional function easier access to the above information..”

Trafficking of human beings: towards a more protective regime?

The European Parliament submitted a draft report by the co-rapporteurs for discussion on 28 June 2010 (2010/0065(COD)) on the Proposal for a Directive of the European Parliament and of the Council on preventing and combating trafficking in human beings, and protecting victims, repealing Framework Decision 2002/629/JHA, 28 May 2010, 10330/10.

Trafficking in human beings has been primarily dealt in the international context when in 2000, the United Nations introduced the Convention on Transnational Organized Crime (UNTOC) and the supplementary Protocol to Prevent, Suppress and Punish Trafficking in Persons, Especially Women and Children, (the Trafficking Protocol).

According to the Protocol to Prevent, Suppress and Punish Trafficking in Persons, especially Women and Children 2000 – Article 3(a):

“Trafficking in persons” shall mean the recruitment, transportation, transfer, harbouring or receipt of persons, by means of the threat or use of force or other forms of coercion, of abduction, of fraud, of deception, of the abuse of power or of a position of vulnerability or of the giving or receiving of payments or benefits to achieve the consent of a person having control over another person, for the purpose of exploitation. Exploitation shall include, at a minimum, the exploitation of the prostitution of others or other forms of sexual exploitation, forced labour or services, slavery or practices similar to slavery, servitude or the removal of organs.

This definition clearly distinguish three elements of the trafficking of human beings:

the act
the method
the purpose

Despite important step forwards, trafficking in human beings remains an issue that is still largely misunderstood and, consequently, inadequately addressed. The limited recognition of multiple forms of trafficking, the existence of re-trafficking activities and the role the State should have towards victims of tarfficking are some of the main problems that must be addressed.

The European Commission’s Group of Experts on Trafficking in Human Beings was established in 2008 pursuant to a decision taken in 2007 to establish a body to advise the Commission on policy and legal issues relating to trafficking in human beings. The Group has 21 members, who come from around the EU. The members come from governments of members States, as well as NGOs, international organisations and academia. The Group meets four times per year in Brussels. Its mandate is to provide the Commission with independent advice and recommendations relating to the development of law and policy with regard to trafficking in human beings, both with regard to issues raised by the Commission and also with regard to issues upon which the Group feels it should comment.

The latest opinion of this group refers to the European court of Human Rights case Rantsev v. Cyprus and Russia. The decision of the Court emphasizes the human rights aspects of trafficking of human beings, in particular with respect to the responsibility of the State to protect individuals form such practice. The opinion of the group of experts should be carefully taken into account in the current negotiations on the Proposal for a Directive of the European Parliament and of the Council on preventing and combating trafficking in human beings, and protecting victims, repealing Framework Decision 2002/629/JHA, 28 May 2010, 10330/10 and tehrefore we fully report it below.

Opinion Nº 6/2010 of the Group of Experts on Trafficking in Human Beings of the European Commission

On the Decision of the European Court of Human Rights in the Case of Rantsev v. Cyprus and Russia

The Group of Experts on Trafficking in Human Beings of the European Commission, having taken into consideration the following:

The Decision of the European Court of Human Rights in Rantsev v. Cyprus and Russia,^[1]

The Stockholm Programme, which states that after the entry into force of the Lisbon Treaty, the rapid accession of the EU to the European Convention on Human Rights is of key importance,

Also taking into consideration the Action Plan implementing the Stockholm Programme and its Annex, in which the first action under the title “Promoting citizens’ rights: a Europe of rights. A Europe built on fundamental rights” is the recommendation to authorise negotiation of EU accession to the Convention for the Protection of Human Rights and Fundamental Freedoms,

adopts the following Opinion.

[1] The Group of Experts on Trafficking in Human Beings of the European Commission has examined the decision of the European Court of Human Rights in the case of Rantsev v. Cyprus and Russia.

[2] The Group notes that the European Union, and all of its Member States, are bound by the principles of human rights contained in the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and interpreted by the European Court of Human Rights.

[3] The Group considers that the decision offers important guidance on the human rights aspects of THB. This is important also in view of the 2005 Council of Europe Convention on Action against Trafficking in Human Beings and its monitoring mechanism “GRETA”.

[4] While THB is generally a crime perpetrated by private individuals, the State nevertheless has human rights obligations towards people who have been trafficked or who are at risk of being trafficked in the future, because of the State’s obligation, under Article 1 of the ECHR, to “secure to everyone within their jurisdiction the rights and freedoms” defined in the convention. The Group welcomes the clarification of the meaning of this obligation with regard to THB.

[5] Article 4 of the ECHR prohibits the holding of anyone in slavery or servitude. It also prohibits, with limited exceptions, forced or compulsory labour. No derogations are permitted from that prohibition. The obligations established in Article 4 extend to the prevention of any of these practices by private individuals. As the Court noted in Siliadin v. France:

limiting compliance with Article 4 of the Convention only to direct action by the State authorities would be inconsistent with the international instruments specifically concerned with this issue and would amount to rendering it ineffective. Accordingly, it necessarily follows from this provision that States have positive obligations … to adopt criminal-law provisions which penalise the practices referred to in Article 4 and to apply them in practice…^[2]

[6] The Group notes with approval the acceptance by Cyprus that it had obligations to ascertain whether individuals, who come to the attention of State authorities as potential victims of THB, have in fact been trafficked or subjected to sexual or any other kind of exploitation.^[3]

[7] The decision emphasizes that THB is prohibited by Article 4 of the ECHR without the need to define it either as slavery, servitude or forced labour. However, the Group welcomes the statement by the Court that THB may be very similar to slavery because traffickers exercise powers tantamount to ownership,^[4] and that “trafficking threatens the human dignity and fundamental freedoms of its victims and cannot be considered compatible with a democratic society and the values expounded in the Convention.”^[5]

[8] The Group notes that the obligation under Article 4 of the ECHR extends beyond the duty to prosecute and penalize effectively anyone who has engaged in acts aimed at holding another in slavery, servitude or forced labour. That duty clearly includes having in place national legislation

… adequate to ensure the practical and effective protection of the rights of victims or potential victims of trafficking. Accordingly, in addition to criminal law measures to punish traffickers, Article 4 requires member States to put in place adequate measures regulating businesses often used as a cover for human trafficking. Furthermore, a State’s immigration rules must address relevant concerns relating to encouragement, facilitation or tolerance of trafficking.^[6]

The Group welcomes this recognition that the State’s obligation extends beyond the criminal law to include significant victim-protection measures, not only for those who have already been trafficked but also for those at risk of being trafficked in the future. Furthermore, these obligations apply to all persons within the State’s jurisdiction, irrespective of whether the victim’s State of origin is in the European Union.

In addition the Group also notes positively that the Court has addressed the issue of immigration regulations that can contribute to trafficking; in this regard the Group underlines the importance of systematically assessing the impact of immigration legislation and policy on the prevention of trafficking and the protection of victims’ rights.

[9] The Group notes further the Court’s statement that State authorities may be required to take immediate practical measures of protection of victims or potential victims of THB where

the State authorities were aware, or ought to have been aware, of circumstances giving rise to a credible suspicion that an identified victim had been, or was at real and immediate risk of being, trafficked or exploited within the meaning of Article 3(a) of the Palermo Protocol and Article 4(a) of the Anti-Trafficking Convention. In the case of an answer in the affirmative, there will be a violation of Article 4 of the Convention where the authorities fail to take appropriate measures within the scope of their powers to remove the individual from that situation or risk.^[7]

Accordingly, it is not open to the State to plead ignorance of an individual’s situation where it should have made itself aware of the risk faced.

In the opinion of the Group of Experts, such practical measures include:

the securing of the immediate physical safety of the trafficked person, or person at risk of being trafficked;
their physical, psychological and social recovery, with the immediate provision of information about their rioptions in a language that they understand;
referral to assistance and support with the aim of long-term social inclusion.

[10] The Group considers that these immediate measures should be taken regardless of whether the person is able or willing to cooperate with the authorities. In addition, such measures might include, but are not restricted to:

ensuring that the person has legal assistance and access to justice;
evaluating the need for short or longer-term international protection, whether through refugee status or subsidiary/complementary protection.^[8]
safe and dignified repatriation involving cooperation with the source State and relevant NGOs and following an individual risk assessment;

[11] The Group furthermore welcomes the statement by the Court that the State’s obligation under Article 4 includes a procedural duty to investigate situations of potential trafficking, independently of any actual complaint having been made by the victim, once the State is aware of such a situation. This duty will require urgent action by the State where there is a possibility to remove an individual from a harmful or potentially harmful situation.^[9]

[12] The Group notes the recognition by the Court that not only destination States but also source and transit States have obligations under Article 4 to establish their jurisdiction over any trafficking offence committed on their territory, as well as to cooperate with the relevant authorities in other States.^[10] The Group considers that such cooperation is essential in cases of transnational THB.

[13] The decision of the Court makes clear that THB is not only a serious criminal act; States must take significant action in order to meet their obligation to secure to all those within their jurisdiction the right to be free from the threat of enslavement, servitude and forced labour and to live in dignity. Such action is required by the procedural obligation to investigate possible cases of THB and the substantive obligation to prosecute effectively those accused of THB and to put in place effective systems to protect those at risk and to provide access to justice for victims. Such systems should involve both immediate (urgent) and longer-term measures.

[14] The Group notes with approval that the decision of the Court makes clear that a comprehensive approach, encompassing all aspects of prevention, protection and prosecution, is essential in securing effective (State) action against THB.^[11]22 June 2010

[1] Application No. 25965/04, 7 January 2010.

[2] Siliadin v. France, Chamber Judgment, Application No. 73316/01, 26 October 2005, para 89.

[3] Para 187.

[4] Para 281.

[5] Para 282

[6] Para 284.

[7] Para 286.

[8] UNHCR, Guidelines on International Protection No.7: The application of Article 1A(2) of the 1951 Convention and/or 1967 Protocol relating to the status of refugees to victims of trafficking and persons at risk of being trafficked (2006); Group of Experts on Trafficking in Human Beings set up by the European Commission, Opinion No. 4/2009 of 16 June 2009, On a possible revision of Council Directive 2004/81/EC of 29 April 2004 on the residence permit issues to third-country nationals who are victims of trafficking in human beings or who have been the subject of an action to facilitate illegal immigration, who cooperate with the competent authorities, para 20.

[9] Para 288.

[10] Para 289.

[11] Para 285.

Readmission agreement with Pakistan: international human rights norms respected?

One of the main debates concerning the European Union (EU) refers to whether policy making in an EU institutional setting can be defined as supranational or intergovernmental. Migration policies have traditionally supported the latter argumentation; however, since the implementation of the Treaty of Amsterdam (1999) a slow movement from an intergovernmental to a more communitarian form of cooperation in migration policies is undeniable. This shift of sovereignty is noticeable in relation to readmission agreements with third countries. The last of these agreements is with Pakistan. The LIBE Committee will be voting a draft report the 13 July 2010.

Agreements in force with visa facilitation

Albania

Negotiation lasted from 2003 to 2005 and the agreement entered into force in 2004

Bosnia&Herzegovina

Negotiations lasted from 2006 to 2007 and the agreement was signed 1 January 2008

Fyrom

Negotiations lasted from 2006 to 18 September 2007 and the agreement was signed 1 January 2008

Moldova

Negotiations lasted from 2007 to 2007 and the agreement was signed 1 January 2008

Montenegro

Negotiations lasted from December 2006 to 2007 and the agreement was signed 1 January 2008

Ukraine

Negotiations lasted from 2002 to 2007 and the agreement was signed 1 January 2008

Serbia

Negotiations lasted from 2006 to 2007 and the agreement was signed 1 January 2008

Russia

Agreements with no Visa facilitation

Hong Kong

Negotiations lasted from 2001 to 2003 and the agreement entered into force in 2004

Macao

Negotiations lasted from 2001 to 2003 and entered into force in 2004

Sri Lanka

Negotiations lasted from 2001 to 2004 and entered into force in 2005

Pakistan

After 10 years of negotiations (2000-2010) the LIBE Committee is about to vote on a draft report on 13 July.

Negotiations with visa facilitation

Georgia

Negotiations with Georgia have completed in just one year (from 2009 to 2010). The agreement foresees visa facilitations and is now waiting for the signature of the Council

Leda Bargiotti

SWIFT II: bridging the gap or limiting the damage?

A few months after the rejection by the European Parliament of the Interim Agreement on TFTP between the European Union and the United States of America, a new agreement is under way, after it was signed on 28 June 2010 and will most probably be voted during the plenary in July (5-8).

The new text addresses some of the concerns of the European Parliament. In particular:

It provides higher data protection standards: right to access to data; exclusion of SEPA data; rectification; erasure; administrative and judicial redress, link to the negotiations with the US on general transatlantic data protection framework
It clarify the definition of terrorism: Article 2 of the proposal builds on the definition of terrorism on the approach of Article 1 of Council Framework Decision 2002/475/JHA
It progresses on limitation in the transfer of bulk data: criteria for requesting and providing data.
It narrows down the procedures for onward transfers of personal data to third countries: prior consent of the Member State (of the nationality of the data subject) will be required, except for emergency situations
It foresees the possibility to look again the retention period for transferred but non extracted data: 5 years but after 3 years the issue will be looked at again to look for a shorter period
It introduces a statement on the right to redress: statement to ensure that any redress does not discriminate between EU and US citizens.
It foresees the possibility to develop an EU TFTP
It establishes a review mechanism: 6 months after entry into force, then every year there will be ad hoc reviews, reports to Council and European Parliament. The agreement will already contain list of subjects including data protection for the review; review team will include experts on security and data protection.
It foresees the possibility to suspend the agreement: it kept a clause for suspension of the agreement if breach happens. No reason is required if a 6 months notice is made in advance.
It introduces the examination of US subpoena: examination of the proportionality of the US Subpoena will be done by Europol
It also clarifies the territorial application.

Despite these improvements, the agreement keeps a series of contested aspects (see Working Party 29, EDPS opinion, EDRI article), mainly derived from the social and cultural differences between Europe and the USA in their approach to privacy.

From a European perspective, the Treaty of Lisbon and the European secondary legislation establish stringent safeguards in regard to the rights of data subjects. Although according to the European legislation it is possible to use data initially collected for commercial aims for law enforcement purposes, a series of principles such as purpose limitation should be respected. Purpose limitation is interlinked with the principle of adequacy, which is put into charge by independent authorities responsible to ensure the respect of such principles.

At the European level, data protection against public authorities aims at guaranteeing the freedom of the individual in absolute terms, with justified exceptions. On the contrary, in the United States, this level of freedom does not apply in relation to the public authorities since what the US law establishes is that privacy should be reasonably protected but not in absolute terms.

Specifically, when it comes to the exchange of data for law enforcement purposes, such freedom is limited due to the very nature of TFTP, dominated by its national security component. Indeed, the TFTP builds upon three legislations: the Executive Order 13224, the International Emergency Economic Powers Act and the Patriot Act. It mainly serves the interest of intelligence agencies (CIA) and remains based on the principle of exceptionality where the fight against terrorism prevails over the rights of individuals.

The European Parliament clearly saw this risk and in its resolution it introduced a series of data protection safeguards clearly re-stating the necessity to respect the principles of purpose limitation, effective supervision and redress mechanisms.

Taking into account these criteria, the new TFTP agreement introduces the monitoring and oversight by independent overseers (Article 12).

It has to be reminded that the USA do not have any supervisory authority for enforcing data protection in US territory. However, the American administration had to come to a compromise with the Europeans in this respect, also in relation to the future general EU-US agreement, which will set forth general principles valid for all specific transfer agreements.

This represents the most important novelty of the second TFTP. It is a first brick necessary to build a bridge between the EU and the US models. Indeed, the introduction of independent authorities will contribute to the establishment of a legally binding and enforceable personal data protection standards that will ensure the protection of individuals’ fundamental rights and freedoms in a EU-US framework.

Under the Commission’ proposal the transfer or processing of personal data by EU or US authorities would only be permitted for specified, explicit, legitimate purposes in the framework of the fight against terrorism and will include the right to redress, to correct or erase inaccurate data.

Keeping these elements in mind, which model prevails?

At first sight, the American one. Indeed, the US privacy act does not apply to the TFTP agreement. Furthermore, the US Privacy Act court clauses only apply to US citizens and residents. Therefore no right of judicial review for foreign citizens and residents apply under the US law.

However, the agreement contains some interesting elements which represent a step forward compared to the previous system. For example it puts into place an independent data protection authority to guarantee the enforcement of the necessary safeguards to ensure an effective data protection.

Furthermore, the discussions over the general EU-USA data protection agreement provide the opportunity to:

– include in all future agreements a reference to authorities competent for the data protection enforcement;

– introduce mechanisms for an effective right to redress;

– introduce a mechanism to ensure compliance with the principles established.

It remains to be seen whether such progresses will then lead to a change in the US approach to individuals’ rights, now limited by the fact that all individuals are considered alleged suspects. Although ambitious, this is a necessary step to bridge the two different EU-US data protection and privacy systems. Otherwise, it may well represents only an attempt to limit the damage.

Leda Bargiotti

SWIFT and PNR resolutions adopted by the European Parliament

The European Parliament adopted on the 5th May 2010 the two resolutions on SWIFT and PNR:

European Parliament resolution of 5 May 2010 on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the European Union and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing

European Parliament resolutionof 5 May 2010 on the launch of negotiations for Passenger Name Record (PNR) agreements with the United States, Australia and Canada

The European Parliament to vote on PNR

The European Parliament will vote the resolution on the PNR agreement during the mini-plenary that will take place in Brussels on Thursday 6 May 2010.

This after the LIBE Committee announced in April the intention to postpone the vote on the EU-USA PNR agreement, calling the Commission to put forward a more comprehensive measure defining common data protection terms.

The European Commission is therefore going to put forward a more coherent “package” which will include:

a) a Communication listing general standards that should apply to any PNR agreement (regulate external aspects)

b) a PNR directive which will be a “lisbonisation” of the current agreement and

c) a recommendation for a negotiating mandate with the USA, CANADA and Australia on PNR.

There are several loopholes that have been identified by experts, academics as well as Members of the Parliament which refer to other on-going negotiations as well, namely the so-called SWIFT Agreement and the Framework Agreement on data protection and data sharing.

Different understanding of privacy and data protection

Privacy and data protection are two different albeit interlinked principles and this distinction needs to be applied in the internal and external dimension of the EU.

The right to privacy is not absolute. In fact most of the emphasis is on the conditions under which restriction could be imposed. The right to data protection always applies when personal data are processed. Indeed, the European Court of Human Rights has emphasised that in applying data protection principles also article 8 of the European Convention on Human Rights must be respected.

This interlink becomes increasingly important in relation with data sharing measures and even more when they entails international agreements with third countries, such as in the case of Passenger Name Record (PNR).

In the transatlantic arena, for example, the different understanding of data protection and privacy further complicate the issue, since the U.S. approach to privacy protection relies on industry-specific legislation, regulation and self-regulation whereas the European Union relies on a comprehensive privacy legislation.

Negotiators need to bridge these two approaches ensuring general adequate principles, which can then be applied to all specific agreements.

However, the transfer of personal data is already taking place without the existence of such an overarching agreement via the agreement provisionally implemented on PNR.

This approach is highly objectionable. It is necessary to make sure that the broad agreement is compatible with the EU-US general agreement on data protection and not the other way around, as highlighted by the European Data Protection Supervisor. Otherwise the risk of inconsistency between the general principles and their application to specific agreements becomes more than likely.

This risk is already a reality with the PNR Agreement, which currently entails a series of measures at risk of violation of human rights as enshrined in the European legislation and case law:

Computerised Reservation Systems (CRS) as the “brokers” between the airlines the customers and the security authorities

As Mr Edward Hasbrouck explained, PNR data are entered by travel agencies, travel websites and tour operators in a third-party “Computerised Reservation System” (CSR.

The CSR then send the PNR data to the Department of Homeland Security (DHS) and since three out of four servers are based in the USA (including an office of the major EU sever), DHS and others in the USA can have access to EU data, even when they refer to intra-Europe flights.

The current PNR agreement covers transfers of PNR data from the EU to the DHS, it does not cover DHS relations with CSR. Hence, as Mr Hasbrouck correctly pointed out, standard airlines business completely overpass EU-US PNR agreement.

As far as the CRS are concerned the legal situation in the EU has been recently updated (February 4th, 2009) by Regulation (EC) No 80/2009 of the European Parliament and of the Council of 14 January 2009 on a Code of Conduct for computerised reservation systems and repealing Council Regulation (EEC) No 2299/89.

Art. 11 to which recital 21 refers states:

1. Personal data collected in the course of the activities of a CRS for the purpose of making reservations or issuing tickets for transport products shall only be processed in a way compatible with these purposes. With regard to the processing of such data, a system vendor shall be considered as a data controller in accordance with Article 2(d) of Directive 95/46/EC.

2. Personal data shall only be processed in so far as processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

3. Where special categories of data referred to under Article 8 of Directive 95/46/EC are involved, such data shall only be processed where the data subject has given his or her explicit consent to the processing of those data on an informed basis.

4. Information under the control of the system vendor concerning identifiable individual bookings shall be stored offline within seventy-two hours of the completion of the last element in the individual booking and destroyed within three years. Access to such data shall be allowed only for billing-dispute reasons.

5. Marketing, booking and sales data made available by a system vendor shall include no identification, either directly or indirectly, of natural persons or, where applicable, of the organisations or companies on whose behalf they are acting.

6. Upon request, a subscriber shall inform the consumer of the name and address of the system vendor, the purposes of the processing, the duration of the retention of personal data and the means available to the data subject of exercising his or her access rights.

7. A data subject shall be entitled to have access free of charge to data relating to him or her regardless of whether the data are stored by the system vendor or by the subscriber.

8. The rights recognised in this Article are complementary to and shall exist in addition to the data subject rights laid down by Directive 95/46/EC, by the national provisions adopted pursuant thereto and by the provisions of international agreements to which the Community is party.

9. The provisions of this Regulation particularise and complement Directive 95/46/EC for the purposes mentioned in Article 1.Save as otherwise provided, the definitions in that Directive shall apply. Where the specific provisions with regard to the processing of personal data in the context of the activities of a CRS laid down in this Article do not apply, this Regulation shall be without prejudice to the provisions of that Directive, the national provisions adopted pursuant thereto and the provisions of international agreements to which the Community is party.

10. Where a system vendor operates databases in different capacities such as, as a CRS, or as a host for airlines, technical and organisational measures shall be taken to prevent the circumvention of data protection rules through the interconnection between the databases, and to ensure that personal data are only accessible for the specific purpose for which they were collected.”

It is worth noting that according to art. 14 of the Regulation the activity of the CRS on the EU territory falls under the European Commission oversight and the Commission has the appropriate powers of control and will accept appeals against any infringement of the code of conduct:

“In order to carry out the duties assigned to it by this Regulation, the

Commission may, by simple request or decision, require undertakings or associations of undertakings to provide all necessary information, including the provision of specific audits notably on issues covered by Articles 4, 7, 10 and 11.”

But the extent to which this oversight power can actually be enforced is questionable. This is because the Directorate General (DG) of the European Commission in charge of the CRS is DG Transport (DG TRAN) whereas the DG responsible for PNR is Justice, Liberty and Security (DG JLS). Hence, if the two DG do not coordinate effectively, it is very difficult for the Commission to carry on the investigative tasks mentioned in article 14 and ensure that no infringement of the code of conduct takes place.

The proportionality principle governing the processing of personal data

According to Directive 95/46, Member States must respect the following principles in the processing of personal data: the purpose limitation, the data quality and proportionality principle, and the transparency principle.

Hence, proportionality is also one the criteria that allows for limitation of privacy. In order to deliver proportionality in practice it is necessary to provide answers to the following questions:

– What does “narrowly tailored request” mean?

– What does “case by case request” means?

– Does case refer to a specific individual or more, or rather any data of all individual falling under a specific criteria?

The proportionality principle may only function against evidence. However, the evidence of the necessity of such measure has not been demonstrated yet. On the contrary, using the words of the Director General of DG JLS, Jonathan Faull, during the LIBE Committee on 24 March 2010, any evidence must remain secret as a matter of national security.

The balance between the limitation of privacy and data protection rights and the implementation of security measures can be reached only if such measures are assessed against the actual and not the perceived or presumed impact that they have on security. Otherwise, the very principle of proportionality fails and with it the respect of individuals’ fundamental rights.

The purpose limitation and the question of re-use

The question of proportionality is directly linked to the purpose of data sharing. The recital of the 2004 Agreement states that its purpose is “to prevent and combat terrorism and transnational crime”. Hence, it is necessary to guarantee that when investigations demonstrate that someone is not a terrorist but has committed other unlawful acts, (such as overstay or copyrights infringement) the data collected will not be used to trigger another procedure.

However, as Dr Patrick Breyer pointed out, the High Level Contact Group (HLGC) report of May 2008 “does not provide for restrictive and specific purpose limitation in that sense and thus fails to satisfy human rights requirements to the disclosure of personal information to foreign agents and states”.

Exchange of data between private and public sectors

Furthermore, by allowing the exchange of data between the private and public sectors the risk of breaching the purpose limitation is a given and extra specific legitimacy -in addition to that already required- should be provided in order to guarantee the full respect of data protection and privacy.

In addition to this, another issues related to the private/public transfer of data entails the question of profiling.

Profiling

Currently, no common definition of profiling exists mainly because there are many profiling activities (In this regard, the Council of Europe is preparing a report which, according to Ms Vassiliadou, will provide the guiding principle for the Commission’s future work).

Data profiling consists in using key words to generate new data so as to progress in data analysis. Hence, by using normal data there is the risk of generating sensitive data.

This “practice” has become increasingly popular among private companies in order to create a more tailored service to their clients. Indeed, this commercial purpose may meet the interest of an individual, especially if the result is a better service provided. However, if these profiles are used for law enforcement purposes by public authorities, the same individual may be against it.

That is why, according to Prof. Paul de Hert the principles of data minimisation and purpose limitations should be included when dealing with data protection and privacy legislation.

However, this might not be enough especially when faced with the risks represented by the automated machine data selection, although the European Commission reassured the audience stating that there should always be a person to take the final decision rather then a machine and this should avoid that profiling will lead to a direct effect to a person

Purpose limitation and profiling are even more delicate aspects once analysed together with the right to redress foreseen in the PNR agreement as well as in the work of the HLCG.

Right to redress and effective remedy

Everyone whose right to data protection and privacy have been violated must have the right to an effective remedy before and independent tribunal as guaranteed in Article 13 ECHR and Art. 47 of the Charter of Fundamental Rights of the European Union.

However, the judicial system of the United States does not provide effective remedy and the Annex to the HLCG report of October 2009 only provides for administrative redress which cannot be defined an effective remedy.

Despite these unresolved issued, the Commission and the Council of the EU are determined to carry on negotiations concerning the SWIFT agreement as well as the PNR agreement.

Undisclosed sources referred that during the EU-US JHA meeting which took place at Ministerial level on 8-9 April 2010 in Madrid, the European Commission is looking for solutions on the aspects where divergences between the EU and the USA exist such as the bulk data transfer, redress principle, purpose limitation and push/pull techniques.

It is regrettable that despite all the aforementioned loopholes, to use an euphemism, the Commission did not supported the approach by which first a general framework agreement on data protection and data sharing with the USA should be concluded and only afterwards – if considered necessary on the basis of evidence- specific agreements such as PNR and SWIFT should be negotiated. Even though the current proposal for a general agreement falls way short of being acceptable.

The European Commission argued that it considers that the SWIFT agreement will be reinforced by the conclusion of the EU US data protection agreement.

During the meeting, the USA not only denied the existence of differences on the understanding of principles related to data protection and privacy on the basis of the OECD guidelines (which the EU thinks is not the right basis), but also considered that the issues raised by the European side in relation to the SWIFT agreement are based on pure misconceptions on how the system works.

If the European Parliament will back up such an agreement it will cover only a minimal part of the exchange of information, since it has no power o regulate the flows of data, for example between the US and third countries. The only aspect that the European Parliament can try to regulate, a fundamental aspect, is the flows of information between the federal and the national authorities in the United States. On the 6 May will see if at least this aspect will be covered.

Negotiations on a common asylum system progress with the involvement of the European Parliament

The establishment of a common area of protection and solidarity, based on a common asylum procedure and a uniform status for those granted protection remains one of the prime objectives of the EU. Following the implementation of the first phase, the European Commission submitted (in late 2008 and early 2009) a set of proposals for the recasting of existing legal instruments as well as the setting up of a European Asylum Support Office (requested by the Council in the European Pact on Immigration and Asylum). These proposals aim to commence the second phase of EU asylum policy with the overall objective of bringing in a Common European Asylum System.

The European Parliament, in its new capacity as co-legislator in a co-decision procedure with the Council, gave its position on these proposals at first reading on 7 May 2009, expressing an overall favourable opinion.

In October 2009 the Commission submitted its two most recent proposals for the recasting of the Directive on minimum standards on procedures for granting and withdrawing refugee status and the Directive on minimum standards for qualification for refugee status and the status of beneficiaries of international protection and the content of the protection granted. The LIBE Committee appointed two rapporteurs, Sylvie Guillaume and Jean Lambert, to study these proposals. An initial debate was held in committee on 16 March 2010.

Following the entry into force of the Lisbon Treaty which endowed the Parliament with new responsibilities in the setting up of new legal instruments in this field, the LIBE Committee requested in 2008, a study to the Odysseus network (the Academic Network for legal studies on immigration and asylum in Europe) “Setting up of a Common European Asylum System – on the application of existing instruments and proposals for the new system”.

Some of the most important findings of this study (which will be available in May 2010) were presented during the roundtable organised by the LIBE Committee on 26 April 2010. The debate, far from exhaustively analysing the questions at stake, focused on a number of cross-cutting issues with relevance for many of the legal instruments currently under debate, namely:

General principles of European law as guidelines for the definition of procedural guarantees for asylum seekers
Trust among Member States on each others’ asylum systems
Detention of asylum seekers: Distinction between detention and restriction to freedom of movement
Identification of asylum seekers with special needs
Responsibility towards asylum seekers when the EU and its Member States act outside their territory
Alignment of subsidiary protection and exceptions with international law and Member States’ practices and alignment of equal rights with refugees
Development of a coherent common European asylum system: accession to the Geneva Convention, reinforcement of the powers of the support office or creation of a European asylum court.

1. General principles of European law as guidelines for the definition of procedural guarantees for asylum seekers

The prohibition on refoulement is the cornerstone of international refugee and asylum law. According to this principle States are obliged not to return a person to his country of origin, or any other country, where he/she is at risk of being subject to serious harm or human rights violations.

Current instruments, such as the Geneva Convention and protocol, recommendations of the UNHCR, the Convention on Human Rights Council of Europe’s recommendations, rulings of the European Court of Justice (ECJ), rulings of the European Court of Human Rights (ECtHR), do not establish common procedural guarantees for asylum seekers at the European level.

In order to establish such a common set of guarantees, it is suggested to look at the general rulings of the ECJ as well as the general principles established and transpose them in procedural safeguards. These will then could form a catalogue which allows to address the shortcomings of the directive and look at the proposals of the Commission.

The two concrete interlinked examples of the right to legal aid and the right to appeal help explaining such an approach

Right to legal aid

Legal aid to asylum seekers should be mandatory and should be appropriate to the needs of those who need it. In order to define what appropriate means it is useful to refer to what the jurisprudence has established in this regard, namely that when somebody is vulnerable it is desirable that mandatory and free legal assistance is provided.

More specifically, the right to have access to legal aid should be determined on the basis of two criteria:

– the weaker the user and

– the higher the nature of the right at stake

the higher the legal assistance .

Right to appeal

The right to appeal by asylum seekers should foresee the possibility to suspend the removal of the individual who appealed.

In this regard the new proposals currently under negotiations saw the Parliament proposing a number of amendments designed to strengthen asylum seekers’ rights, in particular by ensuring that they receive free legal assistance and by improving the arrangements for the transfer of asylum seekers between Member States.

2. Trust among Member States on each others’ asylum systems

The concept of mutual trust entails the idea that asylum seekers transferred on the basis of the EU Council Regulation establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national (Dublin Regulation) are not subject to inhuman, unfair treatment and that such a provision is in conformity with the principle of non refoulement.

This principle, entails the idea that the Member State responsible for the asylum seeker transfer is also responsible for the individual’s non refoulement.

That is why it is appropriate to talk about qualified, rather than absolute trust between Member States. In this respect, since all Member States signed the 1951 Geneva Convention and the Convention on Human Rights it is assumed that signatories respect the obligations enshrined in these legal instruments.

However, Member States should be in the position to challenge the Dublin Regulation and refrain from transferring an asylum seeker to a State when they doubt that the principle of non refoulement is respected.

This represents a fundamental guarantee for individuals especially given that human rights standards varies greatly between Member States. Indeed the report of the UNHCR concluded that not all Member States’ standards are in line with international human rights standards.

The sovereignty clause however is not sufficient per se to guarantee adequate and effective safeguards to asylum seekers. Additional safeguards are necessary and that is why the Commission’s proposals are welcomed.

3. Detention of asylum seekers

The detention of asylum seekers is in principle an admissible instrument of preventing unauthorised entry or residence into the EU territory.

Member States possess a broad discretion to decide whether to detain potential immigrants.

According to the ECtHR decision in the Saadi case (Art. 5 para. 1(f)) ECHR does not prohibit that asylum seekers may be detained to prevent unlawful entry, even if detention is not “necessary” in an individual case. Detention, however, is subject to the principle of proportionality, forbidding arbitrariness and excessively long detention.

According to EU law, asylum seekers must not be detained for the mere fact of filing an asylum application and detention should not impede individual to claim international protection. In fact their request should be processed in a priority manner. The same principle can be found in the Reception Conditions Directive (Art. 14 paragraph 8).

The detention of asylum seekers is increasingly used not only as a consequence of a rejection of an application but also upon arrival of an individual. This measure contributes to the overall tendency to blur the lines between genuine refugees and ‘irregular’ migrants in public perception as well as in the management of public policies. Therefore, its legitimacy should be assessed especially against the risk of violation of fundamental rights.

Detention has become a measure of prevention of ‘irregular’ flows where the control strategy is taking over from the exigencies of bona fide asylum seekers and refugees. This phenomenon raises humanitarian as well as legal concerns and that is why detention as a deterrence strategy for prevention of abuse of the asylum system cannot be justified.

In conclusion, detention should be only used as an exceptional measure. However European states’ practice indicates a wide range of approaches to detention which not always ensure the full respect of fundamental rights of asylum seekers. The proposals under revisions should therefore take into considerations the proportionality of such measure vis à vis the risk of violation of fundamental rights.

4. Identification of asylum seekers with special needs

The only legal instrument containing obligations on Member States is to be found in Article 17 of the Reception Directive. A study conducted by Odysseus in 2007 concluded that the majority of the Member States have not transposed the directive correctly and in some cases have not transposed it at all .

This is mainly due to the fact that Article 17 does not explicitly require, from a legal point of view, a specific procedure to be put in place in order to identify those asylum seekers with special needs.

The system rests on an identification of these persons, therefore progress towards a system of identification could be achieved either by:

obliging Member States to draw up a specific procedure for the identification of special needs (ex via medical screening, assessment on whether or not individuals have the mental and physical capability to be transferred), or

by obliging authorities via clear regulations to contact asylum seekers, refer those with special needs and then provide adequate reception conditions.

The proposal of the Commission touches upon this aspect, trying to provide more legal certainty in this respect. Paragraph 20 of the proposal for a directive introduces an obligation for the Member States to carry out identifications.

However, the problem is the overall concept. The Commission has not specified that vulnerability should be considered as a criteria on its own right in order to carry on an accurate identification of individuals with special needs.

Therefore, although the second phase in the development of a common asylum system is an attempt to have a more cross -cutting approach, it still falls short on implementation provisions

5. Responsibility towards asylum seekers when the EU and its Member States act outside their territory

European primary and secondary law oblige the EU and its Member States to uphold the non refoulement principle and related procedural rights towards asylum seekers also when operating outside the EU territory.

Concerning primary law, Article 78 of the TFEU makes a clear reference to international law and inter alia to the Geneva Convention and the principle of non refoulement.

Also case law both at the national and international level confirm that the EU and the Member States are responsible towards individuals under their jurisdiction.

As soon as a contact between an individual and an EU or national authority is established, all the activities related to it involve an exercise of jurisdiction requiring international human and refugee rights to be observed by the EU and /or the Member States , even if the contact does not take place in the EU territory.

Although there is no case law of the ECJ in this regard as yet, such aspect is indeed touched upon by other case law, namely in the field of competition and freedom of movement.

The European Charter of Fundamental Rights in Art. 18 also contains references to obligations under international law. Furthermore, Art. 51 CFR, which regulates the CFR’s scope, does not take territory into account, only the authority responsible.

Also EU secondary law establishes such obligations:

The Qualification Directive (Art. 21 para. 1 of Directive 2004/83/EC): covers both refugee protection, in accordance with the Charter of Fundamental Rights and subsidiary protection

Asylum Procedures Directive (Art. 3 para. 1): member states are obliged to accept and examine requests for international protection submitted on their territory – this includes requests made at the border or in transit zones.

The Schengen Borders Code (Art.3): entry controls must be implemented “without prejudice to […] the rights of refugees and persons requesting international protection, in particular as regards non-refoulement”. Even though non-refoulement does not include a general right to admission, in practice it means that member states are obliged to allow temporary admission for the purpose of verifying the need for protection and the status of the person.

The current revision of the Frontex Mandate represents a very good opportunity to spell out such responsibilities. It has been demonstrated that Frontex is indeed responsible towards asylum seekers when carrying on operations outside EU territory. It is not true that Frontex is only responsible for the logistic of its operations. Frontex is responsible to conduct its activity in full respect of human right law, including the respect of the principle of non refoulement.

To reach this goals it is fundamental that the new revised mandate grants the United Nations High Commissioner for Refugees the participation to the operational activities of Frontex in order to have an effective and transparent monitoring of the agency and ensure that no violation of human rights takes place.

6. Alignment of subsidiary protection and exceptions with international law and Member States’ practices and alignment of equal rights with refugees

The EU Directive on refugee definition and complementary protection (EU Qualification Directive) established for the first time an obligation of the Member States to grant subsidiary protection status to persons who do not qualify as refugees, but are nevertheless in need of international protection.

Therefore, subsidiary protection is granted in some countries when expulsion would be in conflict among others with Article 3 of the European Convention of Human Rights, because such acts would be considered inhuman or cruel treatment.

The current scope of the qualification directive with its use of the subsidiary forms of protection is limited and it does not provide for a widely recognised definition of subsidiary protection .

The application of various solutions to these problems resulted in emergence of practice whereby different statuses were granted, such as “status B”, “subsidiary protection”, de facto status” and “humanitarian status”.

There is no international document, listing all persons that may be eligible for subsidiary protection, but EU Qualification Directive provides three categories of individuals to whom this protection may apply:

– persons who because of reason of death penalty or execution;

– torture or inhuman or degrading treatment or punishment in the country of origin;

– serious and individual threat to life or person by reason of indiscriminate violence in situations of international or internal armed conflict are unable, or owing to such risk, unwilling to avail themselves of the protection of the country of origin.

Despite this no provision regulates cases in which a person who is excluded from subsidiary protection by reason of having committed a serious crime, is unable to return to the country of origin due to threat of torture.

The revision of the directive should address this aspect, as well as the problem related to family reunification, which is not provided by any EU directive.

7. Development of a coherent common European asylum system: accession to the Geneva Convention, reinforcement of the powers of the support office or creation of a European asylum court.

The development of a coherent common European Asylum System can take place either by reforming the current structure or establishing a completely new structure.

Since experience shows that revolutionary interventions are difficult to be put into place, it is probably more realistic to look at possible ways to modify the existing system of EU asylum policies.

The EU already has a series of legal instruments which provide guarantees and rights to asylum seekers. The problem is that they do not have the necessary legal effect.

For example the principle of equality is at best relative in asylum law.

Therefore it is necessary to look at different options to develop a coherent system.

Accession to the Geneva Convention

The accession to the Geneva Convention might be feasible. However it goes much further than EU law in terms of rights recognised to asylum seekers. Therefore, the EU and the Member States in this case should align their system to meet the same standards.

European Asylum Support Office

It is currently too early to foresee the direction that the European Asylum Support Office will take. Its activities and development have already been criticised. However, it is necessary to support the further development of this office because in order to be able to reach its goals it must have a comprehensive picture of all migration factors.

Therefore, the Parliament has sought, by means of its amendments, to clarify the tasks of the European Asylum Support Office in the area of the collection, management and analysis of information, in particular as regards countries of origin, with a view to the establishment of common assessment criteria, to clarify the arrangements for cooperation with the UNHCR and the NGOs concerned, and to lay down more precise rules governing the deployment and role of the asylum support teams.

European Asylum Court

These elements however are not sufficient to develop a coherent common European Asylum System. In order to reach a real protection of fundamental rights rather than a simple management of EU asylum policies, it is necessary to eliminate the divergences that exist between the EU and national asylum legislation.

Therefore on the one hand the European Asylum support office should impose further obligation on member States to ensure that principles of EU law is correctly transposed. On the other hand it would be necessary to have a specialised asylum court.

However, this last suggestion might be less realistic due to obstacles in the Treaty of Lisbon as well as the renowned jealousy of the ECJ to keep its own competencies.

In conclusion, in a context of a single space where freedom of movement is one of the funding principles of the European Union, it is paradoxical and counterproductive to still have a mosaic of asylum systems that differ from state to state. The proposals for amendments of the Dublin Regulation, Eurodac, Reception Directive, Qualification Directive and Procedures Directive represent an improvement compared to the previous situation. However, this does not mean that the modified proposals represent the best possible solutions. Indeed, several shortcomings and loopholes have been highlighted in relation to the right of asylum seekers also in relation to the new proposals.

It is true that the EU is building a stronger asylum system, in line with the international standards. However, the asylum system start to apply only once an individual has reached a State territory. Hence, protection is subordinated to admission according to general immigration laws, which generally include a series of clauses that make the access to EU territory increasingly difficult also for those entitled to international protection.

The European Union and its Member States will probably have to put into place a third phase of asylum harmonisation takling the above mentioned shortcomes, including the problems resulting from an increasingly restrictive immigration policy.

Action Plan on the Stockholm Programme released by Statewatch

European Commission: Stockholm Programme: Statewatch Analysis: Action Plan on the Stockholm Programme: A bit more freedom and justice and a lot more security (pdf) by Tony Bunyan: “The “harnessing of the digital tsunami” as advocated by the EU Future Group and the surveillance society, spelt out in Statewatch’s “The Shape of Things to Come” is embedded in the Commission’s Action Plan as it is in the Stockholm Programme….There is no mention of the European Security Research Programme (ESRP). Much of the technological development is being funded under the 1.4 billion euro security research programme. See: Statewatch/TNI report: Neoconopticon: EU security-industrial complex.”

– Statewatch Briefing: European Commission: Action Plan on the Stockholm Programme (pdf) Comments by Professor Steve Peers, University of Essex – Full-text: Communication from the Commission: Delivering an area of freedom, security and justice for Europe’s citizens Action Plan Implementing the Stockholm Programme (COM 171/2010, pdf)

http://www.statewatch.org/