6. Borders control policies (Schengen) – Page 15 – European Area of Freedom Security & Justice

THE UK IMPLEMENTS EU FREE MOVEMENT LAW – IN THE STYLE OF FRANZ KAFKA

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

Thursday, 19 March 2015

By Steve PEERS

Most laws are complicated enough to start with, but with EU Directives there is an extra complication – the obligation to transpose them into national law. A case study in poor transposition is the UK’s implementation of the EU’s citizens’ Directive, which regulates many aspects of the movement of EU citizens and their family members between EU Member States. Unfortunately, that defective implementation is exacerbated by a further gap between the wording of this national law and its apparent application in practice, and by the unwillingness of the EU Commission to sue the UK (or other Member States) even for the most obvious breaches of the law.

It’s left to private individuals, who usually have limited means, to spend considerable time and money challenging the UK government in the national courts. One such case was the recent victory in McCarthy (discussed here), concerning short-term visits to the UK by EU citizens (including UK citizens living elsewhere in the EU) with third-country (ie, non-EU) family members. The UK government has just amended the national rules implementing the EU citizens’ Directive (the ‘EEA Regulations’) to give effect to that judgment – but it has neglected to amend the rules relating to another important free movement issue.

Implementing the McCarthy judgment

The citizens’ Directive provides that if EU citizens want to visit another Member State for a period of up to three months, they can do so with very few formalities. However, if those EU citizens are joined by a third-country family member, it’s possible that this family member will have to obtain a short-term visa for the purposes of the visit. The issue of who needs a short-term visa and who doesn’t is mostly left to national law in the case of people visiting the UK and Ireland, but it’s mostly fully harmonised as regards people visiting all the other Member States.

Although the EU’s citizens’ Directive does simplify the process of those family members obtaining a visa, it’s still a complication, and so the Directive goes further to facilitate free movement, by abolishing the visa requirement entirely in some cases. It provides that no visa can be demanded where the third-country family members have a ‘residence card’ issued by another EU Member State. According to the Directive, those residence cards have to be issued whenever an EU citizen with a third-country family member goes to live in another Member State – for instance, where a British man moves to Germany with his Indian wife. Conversely, though, they are not issued where an EU citizen has not left her own Member State – for instance, a British woman still living in the UK with her American wife.

How did the UK implement these rules? The main source of implementation is the EEA Regulations, which were first adopted in 2006, in order to give effect to the citizens’ Directive by the deadline of 30 April that year. Regulation 11 of these Regulation states that non-EU family members of EU citizens must be admitted to the UK if they have a passport, as well as an ‘EEA family permit, a residence card or a permanent residence card’. A residence card and permanent residence card are creations of the EU Directive, but an ‘EEA family permit’ is a creature of UK law.

While the wording of the Regulation appears to say that non-EU family members of EU citizens have a right of admission if they hold any of these three documents, the UK practice is more restrictive than the wording suggests. In practice, having a residence card was usually not enough to exempt those family members from a visa requirement to visit the UK, unless they also held an EEA family permit. Regulation 12 (in its current form) says that the family member is entitled to an EEA family permit if they are either travelling to the UK or will be joining or accompanying an EU citizen there. In practice, the family permit is issued by UK consulates upon application, for renewable periods of six months. In many ways, it works in the same way as a visa requirement.

An amendment to the Regulations in 2013 provided that a person with a ‘qualifying EEA State residence card’ did not need a visa to visit the UK. But only residence cards issued by Germany and Estonia met this definition. This distinction was made because the UK was worried that some residence cards were issued without sufficient checks or safeguards for forgery, but Germany and Estonia had developed biometric cards that were less likely to be forged.

In the McCarthy judgment, the CJEU ruled that the UK rules breached the EU Directive, which provides for no such thing as an EEA family permit as a condition for admission of non-EU family members of EU citizens with residence cards to the territory of a Member State. The UK waited nearly three months after the judgment to amend the EEA Regulations to give effect to it.

The new amendments cover many issues, but to implement McCarthy they simply redefine a ‘qualifying EEA State residence card’ to include a residence card issued by any EU Member State, as well as any residence card issued by the broader group of countries applying the EEA treaty; this extends the rule to cards issued by Norway, Iceland and Liechtenstein. Presumably this brings the rules into compliance with EU law on this point (the new rules apply from April 6th). That means that non-EU family members of EU citizens will not need a visa to visit the UK from this point, provided that they hold a residence card issued in accordance with EU law, because they are the non-EU family member of an EU citizen who has moved to another Member State. However, this depends also on the practice of interpretation of the rules, including the guidance given to airline staff.

‘Surinder Singh’ cases Continue reading “THE UK IMPLEMENTS EU FREE MOVEMENT LAW – IN THE STYLE OF FRANZ KAFKA”

DENMARK AND EU JUSTICE AND HOME AFFAIRS LAW: DETAILS OF THE PLANNED REFERENDUM

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

Tuesday, 17 March 2015

by STEVE PEERS

Danish participation in cross-border criminal law measures is symbolised by ‘The Bridge’, the ‘Nordic Noir’ series about cross-border cooperation in criminal matters between Denmark and Sweden. But due to the changes in EU law in this field, that cooperation might soon be jeopardised. As a result, in the near future, Denmark will in principle be voting on whether to replace the current nearly complete opt-out on EU Justice and Home Affairs (JHA) law with a partial, selective opt-out. I have previously blogged on the implications of this plan in general terms, but it’s now clear exactly what this vote will be about.

First of all, a short recap of the overall framework (for more detail, see that previous blog post). Back in 1992, Denmark obtained an opt-out from the single currency, defence and aspects of JHA law (it’s widely believed that it also obtained an opt-out from EU citizenship, but this is a ‘Euromyth’). These opt-outs were formalised in the form of a Protocol attached to the EU Treaties as part of the Treaty of Amsterdam. The JHA opt-out was then amended by the Treaty of Lisbon.

At present, Denmark participates in: the EU policing and criminal law measures adopted before the entry into force of the Treaty of Lisbon; measures relating to the Schengen border control system (as matter of international law, not EU law); the EU rules on visa lists (as a matter of EU law); and the EU’s Dublin rules on allocation of asylum applications, ‘Brussels’ rules on civil jurisdiction and legislation on service of documents (in the form of treaties with the EU). In contrast, Denmark does not – and cannot – participate in other EU rules on immigration and asylum law or cross-border civil law, or policing and criminal law rules adopted since the entry into force of the Treaty of Lisbon.

The Protocol on Denmark’s legal position either allows it to repeal its JHA opt-out entirely, or selectively. If it chooses to repeal the opt-out selectively, it would then be able to opt in to JHA measures on a case-by-case basis, like the UK and Ireland, although (unlike those states) it would remain fully bound by the Schengen rules. Indeed, those rules will then apply as a matter of EU law in Denmark, not as a matter of international law. Continue reading “DENMARK AND EU JUSTICE AND HOME AFFAIRS LAW: DETAILS OF THE PLANNED REFERENDUM”

European and national parliamentarians divided on the EU “Smart Borders Package” ?

By FERN BOWLES (Free Group Trainee)

On February 23 the LIBE Committee has organized a interparliamentary meeting focused on the Smart Borders Package (see “EU Compass” factsheet here). The meeting served as a forum for the exchange of views between European and national parliamentarians, as well as the Commission and European agency representatives, in an aim to debate the possible future alternatives at technological and legal level of the “smart border package”. According to the Commissioner for Migration, Home Affairs and Citizenship, Dimitris Avramopoulos this “new start” is justified to overcome various “technical, political and cost related issues” raised by the initial Commission proposal. In October 2014, the first stage of the new Commission analysis was completed with the delivery of the Technical Study (see the executive summary ) and Costs Study. The “Pilot” will be completed during 2015 and a new legislative package could then be submitted in 2016.

The context

At the moment, manual checks are performed by border force personnel at the external frontiers where they are required to check non-EU citizens’ travel documents. The Smart Borders project plans to create a pan-Schengen automated database to be able to store information of third country nationals (TCN) electronically. Thorough an entry-exit system (EES) TCNs would be required to undergo a biometric identification check upon arrival to the EU, while the registered travellers programme (RTP) will pre-vet non-EU citizens before their travel, in order to speed up border crossing.

The justification for increased checks on non-EU citizens with the Entry-Exit System (EES) was initially to fight terrorist’ travel but it is argued that the real reason is to prevent the phenomenon of ‘overstayers’ (TCN that stay in the EU longer than they are permitted), which according to the Commission is one of the biggest issues of irregular migration within the EU. The European Commission’s original proposal (2013) for a Regulation on the Smart Borders Package will however be revised and revealed at the beginning of 2016.

The main issues that were raised during the debate… Continue reading “European and national parliamentarians divided on the EU “Smart Borders Package” ?”

TRIBUNE : “Schengen”, terrorism and security (Bertoncini / Vitorino)

by Yves Bertoncini and Antonio Vitorino (*)

The Paris attacks of January 2015 gave rise to an emotion shared by millions of Europeans, while fueling some doubts on their ability to combat terrorist threats within the “Schengen Area”, write Yves Bertoncini and António Vitorino.

1. The Schengen Agreement has resulted in a diversification of police checks, making them more effective, including those to identify terrorist threats.

The creation of the Schengen Area, which currently comprises twenty-six member countries, including twenty-two of the twenty-eight EU Member States, has led to a redeployment of national and European police checks, based on four complementary principles.

Firstly, the closure of permanent “internal” border posts within the Schengen Area, in order to avoid long and pointless queues to hundreds of thousands of Europeans who cross over every week to work, study, meet relatives and enjoy themselves – while this wait remains compulsory for those who wish to travel to or from Bulgaria, Cyprus, Croatia, Ireland, Romania and the United Kingdom.

Secondly, the organisation of mobile patrols across all Schengen Area member countries, which may be conducted jointly: these checks are much more effective, particularly with regard to the fight against cross-border crime and terrorism, as they can be used to flush out wanted persons when they are not expecting it (as is the case at a border). No terrorist has ever declared his intention when crossing a border!

Thirdly, the joint management of external borders, which are ipso facto “our” borders, as those crossing them can travel to other member countries, provided that they comply with European regulations on visas and resources. These common borders are land, sea and air borders (all airports welcoming flights from non-Schengen countries). Each country is in charge of a section of these borders, and must act to combat terrorist threats as a priority, particularly when they escalate due to conflicts occurring around the EU, namely in the Middle East and the Sahel regions.

Lastly, the possibility of applying “safeguard clauses” to reestablish national border checks for a limited period of time, for example during sporting or social events, and also in the case of terrorist threats. These clauses have already been used dozens of times since 1985, under EU supervision, in order to enable governments to deal with emergency situations.

2. Terrorist threats call for the spirit of the Schengen Agreement to be furthered

The emotion aroused in the aftermath of terrorist attacks often revives a need for reassurance that can be centred around the reopening of posts at national borders, given their importance in the collective psyche. In-depth considerations, however, urge us to satisfy this need for security within the very framework of the Schengen Area, in which the spirit of cooperation and mutual trust must be fostered.

The Madrid bombings in March 2004 were perpetrated by Islamic fundamentalists from Morocco and the East, with the complicity of Spanish nationals: it is through increased security at the Schengen Area’s external borders and stronger police and judicial cooperation that this terrorist attack could have been thwarted. While it is not a member of the Schengen Area, the United Kingdom was the target of bloody attacks in July 2005. These attacks were perpetrated by British nationals, one of whom was able to leave the country after crossing a national border: he was arrested in Rome, thanks to European police and judicial cooperation.

The perpetrators of the Paris attacks in January 2015 were born in France and were known to the country’s police and legal departments and/or its intelligence services. One of the men had been checked by Paris police a few days prior to the attacks and a few hours before leaving for Spain with his girlfriend, currently in hiding in Syria. In light of the information in the police’s possession, it’s equally unlikely that he would have been detained at the border between France and Spain. In hindsight, it can be noted that the surveillance of the three terrorists was insufficiently constant and effective to be able to detect their intention to attack.

It is by granting additional financial, human and legal resources to the police and justice bodies on both national and European levels that we can combat such terrorist attacks more effectively. Not by allocating these resources to controls at Schengen Area internal borders, which would result in pointless and very onerous checks of the millions of crossings that take place each month.

3. The police and judicial cooperation organised by the Schengen Agreement and the EU must be reinforced, including cooperation to combat terrorism

The Convention implementing the Schengen Agreement is made up of 141 articles, which were then integrated into community legislation. The first articles set out the rules that offer residents of member countries the possibility of freedom of movement. Most of the articles concern the organisation of police and judicial cooperation between national authorities – in which even non-member countries such as the United Kingdom may take part occasionally. “Schengen” therefore results in greater freedom and increased security, efforts intended to compensate and to balance, but which could be reassessed in light of terrorist threats.

The reinforcement of the financial and human resources allocated to member country policing and justice must come together with an improvement of the “Schengen Information System”, and the stepping up of exchanges between intelligence services, including bilateral arrangements. The creation of a European legal framework for air passenger data exchanges (known as “EU-PNR”) will improve police forces’ effectiveness – while the guarantees governing the use of personal data are reinforced in consequence.

European bodies such as Europol, Eurojust and the Frontex agency could step up their technical assistance for member countries if they were allocated more resources. They will contribute to reinforcing the quality of checks conducted in all respects of the Schengen Area, including on the basis of one-off assessment assignments that target suspected “weak links” and by heightening mutual trust between countries.

In conclusion, European cooperation with third countries in which terrorists are likely to travel must be improved – for example Turkey and North African countries – and also with the USA. A globalised movement of police and judicial cooperation must be promoted to increase Europeans’ safety, against a movement of unrealistic and ineffective focus on national borders.

An improved application of the Schengen Area’s operating rules is without doubt possible, to enable its member countries and the EU to withstand terrorist threats. Questioning these rules does not in any way impede freedom of movement, a right granted since the Rome Treaty to all EU residents, regardless of whether or not their country is a member of the Schengen Area. Yet this would make the exercise of this right much more complex and costly, while undermining the shared responsibility that Europeans require in order to dismantle terrorist networks.

(*) António Vitorino is president and Yves Bertoncini director of Notre Europe – Jacques Delors Institute, the EU think tank based in Paris. Vitorino is also former European Commissioner for justice and home affairs.

This Tribune of Notre Europe / Jacques DELORS Institute was also published on the HuffingtonPost.fr and on Euractiv.com.

(S. PEERS) BRINGING THE PANOPTICON HOME: THE UK JOINS THE SCHENGEN INFORMATION SYSTEM

ORIGINAL PUBLISHED ON EU LAW ANALYSIS blog

BY Steve Peers

Over two hundred years ago, British philosopher Jeremy Bentham devised the concept of the ‘Panopticon’: a prison designed so that a jailer could in principle watch any prisoner at any time. His theory was that the mere possibility of constant surveillance would induce good behaviour in prison inmates. In recent years, his idea for a panopticon has become a form of shorthand for describing developments of mass surveillance and social control.

The EU’s forays in this area began with the creation of the Schengen Information System (SIS) in the 1990s. The SIS is a well-known EU-wide database containing enormous amounts of information used by policing, immigration and criminal law authorities.

Until now, the UK has not had any access to the SIS. But this week, the EU Council finally approved the UK’s participation in the System, thereby linking the EU’s most iconic database with the intellectual home of the panopticon theory. What are the specific consequences and broader context of this decision?

Background

The main purpose of the Schengen system is to abolish internal border checks between EU Member States, as well as some associated non-EU States. At the moment, the full Schengen rules apply to all EU Member States except the UK, Ireland, Cyprus, Romania, Bulgaria and Croatia. Those rules also apply to four associates: Norway, Iceland, Switzerland and Liechtenstein.

All of the Member States are obliged ultimately to become part of the Schengen system, except for the UK and Ireland. Those two Member States negotiated an exemption in the form of a special Protocol at the time when the Schengen rules (which originated in theSchengen Convention, ie a treaty drawn up outside the EU legal order) were integrated into the EU legal system, as part of the Treaty of Amsterdam (in force 1999).

The UK and Ireland are not entirely excluded from the Schengen system. In fact, they negotiated the option to apply to join only some of the Schengen rules if they wished. Their application has to be approved by the Council, acting unanimously. The UK and Ireland essentially chose to opt in to the Schengen rules concerning policing and criminal law, including the SIS, but not the rules concerning the abolition of internal border controls and the harmonisation of rules on external borders and short-term visas.

The UK’s application to this end was approved in 2000 (see Decision here), and Ireland’s was approved in 2002 (see Decision here). But in order to apply each Decision in practice, a separate subsequent Council decision was necessary, because the Schengen system cannot be extended before extensive checks to see whether the new participant is capable of applying the rules in practice. On that basis, most of the Schengen rules which apply to the UK have applied from the start of 2005 (see Decision, after later amendments, here). The exception is the rules on the SIS, which the UK was not then ready to apply. After spending considerable sums trying to link to the SIS, the UK gave up trying to do so, on the basis that the EU was anyway planning to replace the SIS with a second-generation system (SIS II). There’s a lot of further background detail in the House of Lords report on the UK’s intention to join the SIS (see here), on which I was a special advisor. (Note that Ireland does not apply any of the Schengen rules in practice yet).

It took ages for the EU to get SIS II up and running, and it finally accomplished this task by April 2013 (see Decision here). The UK had planned to join SIS II shortly after it became operational, but this was complicated by the process of opting out of EU criminal law and policing measures adopted before the entry into force of the Treaty of Lisbon, and simultaneously opting back in to some of them again, on December 1^st 2014 (see discussion of that process here). This included an opt back in to the SIS rules.

Once that particular piece of political theatre concluded its final act, the EU and the UK returned to the business of sorting out the UK’s opt in to SIS II in practice. This week’sdecision completed that process, giving the UK access to SIS II data starting from March 1^st. The UK can actually use that data, and enter its own data into the SIS, from April 13^th.

Consequences

What exactly does participation in the SIS entail? The details of the system are set out in the 2007 Decision which regulates the use of SIS II for policing and criminal law purposes. There are also separate Regulations governing the use of SIS II for immigration purposesand giving access to SIS II data for authorities which register vehicles. The former Regulation provides for the storage of ‘alerts’ on non-EU citizens who should in principle be denied a visa or banned from entry into the EU, while the latter Regulation aims to ensure that vehicles stolen from one Member State are not registered in another one. The UK participates in the latter Regulation, but not the former, since it could only have access to Schengen immigration alerts if it fully participated in the Schengen rules on the abolition of internal border controls. On current plans, this will happen when hell freezes over.

The SIS II Decision provides for sharing ‘alerts’ on five main categories of persons or things: persons wanted for arrest for surrender or extradition purposes (mainly linked to the European Arrest Warrant); missing persons; persons sought to assist with a judicial procedure; persons and objects who should be subject to discreet checks or specific checks (ie police surveillance); and objects for seizure or use as evidence in criminal proceedings. There are also rules on the exchange of supplementary information between law enforcement authorities after a ‘hit’. For instance, if the UK authorities find that a European Arrest Warrant has been issued for a specific person, they could ask for further details from the authority which issued it.

On the other hand, the SIS does not, as is sometimes thought, provide for a basis for sharing criminal records or various other categories of criminal law data, although the EU has set up some other databases or information exchange systems dealing with such other types of data. (On criminal records in particular, see my earlier blog post here). The main point of setting up the second-generation system was to extend the SIS to new Member States (although in the end a new system wasn’t actually necessary for that purpose), and to provide for new functionalities such as storing fingerprints, which will likely be put into effect in the near future.

In practice, the UK’s participation in SIS II is likely to result in the Crown Prosecution Service receiving more European Arrest Warrants (EAWs) to process, and in more efficient processing of EAWs which the UK has issued to other Member States. It will also be easier, for instance, to check on whether a car or passport stolen in the UK has ended up on the continent, or vice versa.

Broader context

As noted already, while the UK is only now joining the SIS, the System has been around for many years, and has proved to be the precursor of many EU measures in this field. Indeed, as EU surveillance measures go, the SIS turned out to be a ‘gateway drug’: the friendly puff that led inexorably to the crack den of the data retention Directive.

Of course, interferences with the right to privacy can be justified on the basis of the public interest in enforcement of criminal law and ensuring public safety – if the interference is proportionate and in accordance with the law. Compared to (for instance) the data retention Directive and the planned passenger name records system, the SIS is highly targeted, focussing only on those individuals involved in the criminal law process, or police surveillance, or banned from entry from the EU’s territory. The legitimacy of the system therefore depends upon the accuracy and legality of the personal data placed in to it, and the connected data protection rules. On this point, the EU and national data protection supervisors have reported that many data subjects do not even know about the data held on them in SIS II, and they have produced a guide to help them with accessing their data in the system.

There’s an inevitable tension between the EU’s goal to set the world’s highest data protection standards, on the one hand, while also developing multiple huge databases, information exchange systems and surveillance laws, on the other. It’s as if the brains of the utilitarian Jeremy Bentham and the libertarian John Stuart Mill were both battling for control of the same body – forcing it to draw up plans for the Panopticon at the same time as it was storming the Bastille. If this tension manifested itself in fiction, it would probably take the form of a comedy about a vegetarian butcher, or a virgin porn star. But the need to ensure that measures to protect our security do not remove all our liberty is not a laughing matter.

*This blog post is linked to ongoing research on the upcoming 4^th edition of EU Justice and Home Affairs Law (forthcoming, OUP).

Image credit: nytimes.com

Barnard & Peers: chapter 25

Posted by Steve Peers at 23:48 No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: criminal law, data protection, databases, opt-outs, right to privacy, Schengen, Schengen Information System, United Kingdom

Friday, 6 February 2015

Rights, remedies and state immunity: the Court of Appeal judgment in Benkharbouche and Janah

Steve Peers

Yesterday’s important judgment in Benkharbouche v Sudan and Janah v Libya by the Court of Appeal raised important issues of public international law, the ECHR and the EU Charter of Fundamental Rights, and demonstrated the relationship between them in the current state of the British constitution. The case involved two domestic workers bringing employment law complaints against the respective embassies of Sudan and Libya, which responded to the complaints by claiming state immunity, based on a UK Act of Parliament (the State Immunity Act) which transposes a Council of Europe Convention on that issue.

The question is whether invoking state immunity for these employment claims amounted to a breach of human rights law, given that Article 6 of the ECHR (the right to a fair trial) guarantees access to the courts, according to the case law of the European Court of Human Rights (ECtHR). In turn, this raised issues of EU law, given that Article 47 of the EU Charter of Fundamental Rights likewise guarantees the right to a fair trial, and some of the claims concerned EU law issues (the race discrimination and working time Directives). (Other claims, such as for ordinary wages and unfair dismissal, were not linked to EU law). The two cases didn’t concern human trafficking or modern slavery, although sometimes embassies are involved in such disputes too. But they would be relevant by analogy to such disputes, and there would also be a link to EU law in such cases, since there is an EU Directive banning human trafficking, which the UK has opted in to.

The Court of Appeal, essentially following the prior judgment of the Employment Appeal Tribunal, made a careful study of recent ECtHR case law, concluding that state immunity could no longer be invoked against all employment law claims, but only against those claims concerning core embassy staff. This could not apply to domestic workers; Ms. Janah’s tasks did not involve (for instance) shooting any British policewomen.

But what was the remedy for this breach of human rights principles? At lower levels, the tribunals had been powerless to rule on the claims for breach of the ECHR, since the UK’sHuman Rights Act awards the power to issue a ‘declaration of incompatibility’ that an Act of Parliament breaches the ECHR to higher courts only. So the Court of Appeal was the first court that could issue such a declaration, and it did so in this case. (The Court concluded that it could not ‘read down’ the relevant clauses in the State Immunity Act to interpret them consistently with the ECHR).

However, as compared to the effect of EU law, even a declaration of incompatibility with the ECHR is relatively weak, given that the potential remedy for a breach of EU law is the disapplication of national law, even Acts of Parliament if necessary, by the national courts. So the Court of Appeal also ruled that the relevant provisions of the State Immunity Acthad to be disapplied, to the extent that they were applied as a barrier to the claims based on EU law. On this point, the Court was following the Employment Appeal Tribunal, which had also ruled to disapply the Act, given that any level of national court or tribunal has the power to disapply an act of parliament if necessary to give effect to EU law.

If I had a pound for every law student who has confused the remedies in UK law for the breach of EU law with the remedies for the breach of the ECHR, I would be very rich indeed. Fortunately, the facts of this case easily demonstrate the distinction between them. Only the higher courts could even contemplate issuing a declaration of incompatibility with the ECHR; and the remedy of disapplication of the Act of Parliament is obviously stronger than the declaration of incompatibility, allowing the case to proceed on the merits (as far as it relates to EU law) rather than having to wait for Parliament to change the law in order to do so. And equally, the case shows the importance of the requirement that a case has to be linked to EU law in order for the Charter to apply: only the race discrimination and working time claims benefit from the disapplication of provisions of the Act of Parliament, and so only those claims can proceed to court as things stand.

From an EU law perspective, the most interesting point examined by the Court of Appeal was the application of the ‘horizontal direct effect’ of Charter rights, ie the application of EU law against private parties (since non-EU States aren’t bound by EU law as States, the court assimilated them to private parties). In its judgment last year in AMS (discussedhere), the CJEU distinguished between those Charter rights which could give rise to a challenge against national law based on the principle of supremacy of EU law, and those Charter rights which could not, since they were too imprecise to base a free-standing Charter claim upon. The right to non-discrimination on grounds of age fell within the former category, whereas the right of workers to be consulted and informed fell within the latter category. (Note that the CJEU case law classifies this as an application of the principle of supremacy, not horizontal direct effect, although the final outcome is the same no matter how the principle is classified, at least in cases like these).

The Court of Appeal reaches the conclusion that Article 47 of the Charter is also a provision which is precise enough to be used to challenge national legislation. That’s an important point, since Article 47 is a far-reaching and frequently invoked provision, and applies not just to state immunity issues but to many broader issues concerning access to the courts (including legal aid) and effective remedies. For that reason, this judgment is an important precedent for national courts across the European Union faced with challenges to national laws based on Article 47 of the Charter, although of course it doesn’t formally bind any court besides the lower courts of England and Wales.

The Court didn’t need to rule on whether the substantive Charter rights raised by these cases would have the effect of disapplying national law, since it wasn’t ruling on the merits of the cases, but only on the issue of access to court. If it were ruling on the substantive issues, it would seem obvious that race discrimination claims have the same strong legal effect as age discrimination claims, as both claims are based on the same provision of the Charter (Article 21). However, claims based on breach of Article 31 of the Charter (the working time provision) might not have that strong legal effect. Indeed, an Advocate-General’s opinion in the pending case of Fennoll has concluded as much.

Furthermore, the social rights in the Charter (such as the rights set out in Article 31) are subject to a special rule in the Protocol to the EU Treaties which attempts to limit the effect of the Charter in the UK and Poland. The CJEU ruled in its NS judgment that this Protocol does not generally disapply the Charter in the UK, but it did not then rule if the Protocol might nonetheless affect the enforceability of social rights. Given that yesterday’s judgment was about Article 47 of the Charter, not about a substantive social right, it was not necessary for the Court of Appeal to grasp this nettle either.

Barnard & Peers: chapter 9, chapter 20

Trafficking in Human Beings: the EU legislates but the Member States keep dragging their feet…

by Federica VIGNALE (Free Group Trainee)

Since more than ten years Trafficking in Human beings is a recurrent issue on the agenda of the European Parliament Committee on Civil Liberties, Justice and Home Affairs. The last debate [i] was notably focused on the Commission Mid-term report on the 2012-2016 EU strategy towards the eradication of trafficking in human beings and the Global Report on Trafficking in persons of United Nations Office on Drugs and Crime.

Trafficking in Human Beings (THB) is recognized by the European and the international law as a gross violation of human rights and as a form of organized crime[ii]. At European level, THB is defined as “the recruitment, transportation, transfer, harbouring or reception of persons, including the exchange or transfer of control over those persons, by means of the threat or use of force or other forms of coercion, of abduction, of fraud, of deception, of the abuse of power or of a position of vulnerability or of the giving or receiving of payments or benefits to achieve the consent of a person having control over another person, for the purpose of exploitation”. Furthermore, due to the presence of these forms of violence or coercion, trafficking in human beings represents also a form of modern slavery. Currently there are tens of thousands potential people who are kept in captivity or forced to provide services against their will, but there are some people who were lucky enough to have been identified.

In this respect and before analysing the European and the international legal context, it is worthwhile analysing the data related to victims and traffickers that emerge from the Trafficking in Human Beings Report that the DG Home Affairs and Eurostat published on the occasion of the EU Anti-Trafficking day anniversary. Between 2010 and 2012, 30.146 people were registered by the authorities, but this number is more alarming if we consider that there are certainly other victims of THB that have not been registered. The above-mentioned Report indicates also that:

“80 % of registered victims were female.
Over 1 000 child victims were trafficked for sexual exploitation^{^[iii]}.
69 % of registered victims were trafficked for sexual exploitation.
95 % of registered victims of sexual exploitation were female.
71 % of registered victims of labour exploitation were male.
65 % of registered victims were EU citizens.
There are no discernible trends in the variation of victim data at EU level over the three reference years.
8 551 prosecutions for trafficking in human beings were reported by Member States over the three years 2010-2012.
Over 70 % of traffickers were male. This is the case for suspects, prosecutions and convicted traffickers.
3 786 convictions for trafficking in human beings were reported by Member States over the three years.
There are no discernible trends in the number of prosecutions or convictions at EU level”.

Two thirds of the victims are from the countries within the EU (Romania, Bulgaria, the Netherlands, Hungary and Poland), and the rest of the victims are primarily from Nigeria, China, Vietnam, Brazil and Russia. These figures are extremely worrying, especially because – in terms of legislation – the EU has built a very ambitious legal framework that consists of: Continue reading “Trafficking in Human Beings: the EU legislates but the Member States keep dragging their feet…”

Terrorists and serious criminals beware ! Your travel data can tell everything about you..

by Emilio DE CAPITANI

After the last terrorist attacks the President of The European Council, the EU interior ministers, the EU Counter-Terrorism Coordinator (CTC), the European Commission, some national parliaments and even the press have raised their voice against the European Parliament which is blocking since years a legislative measure on the access by law enforcement authorities to the passenger name record (PNR) managed by the airlines when you make a flight reservation.
Beware!
PNR data are not used to find criminals or already known dangerous persons.
This will be a too easy solution but will require a change in the Member state internal security policy. Member states remain extremely jealous of their security related data. According to the current EU legislation (and the Europol revised proposal) data dealing with already known criminals, terrorists, serial killers dangerous persons remain under the control of each national authority which can share them with other EU member States and EU agencies, (such as Europol and Eurojust), only on voluntary basis.

On the contrary PNR data of ordinary citizens could be mandatory collected from airlines and shared to a enable Law enforcement authorities “..to identify persons who were previously “unknown”, i.e. persons previously unsuspected of involvement in terrorism or serious crime, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities.”

The (non exhaustive) list of “serious crimes” which according to the Council and the Commission can be prevented thanks to these miraculous bits of information is indeed impressive :
1. participation in a criminal organisation, 2. trafficking in human beings, 3. sexual exploitation of children and child pornography, 4. illicit trafficking in narcotic drugs and psychotropic substances, 5. illicit trafficking in weapons, munitions and explosives, 6. fraud, 7. laundering of the proceeds of crime, 8. computer-related crime,9. environmental crime, including illicit trafficking in endangered animal species and in endangered plant species and varieties, 10. facilitation of unauthorised entry and residence, 11. illicit trade in human organs and tissue, 12. kidnapping, illegal restraint and hostage-taking, 13. organised and armed robbery, 14. illicit trafficking in cultural goods, including antiques and works of art, 15. forgery of administrative documents and trafficking therein, 16. illicit trafficking in hormonal substances and other growth promoters, 17. illicit trafficking in nuclear or radioactive materials, 18. unlawful seizure of aircraft/ships, 19. sabotage, and 20. trafficking in stolen vehicles.

But which kind of data are so meaningful that they to reveal such diverse kinds of criminal behavior ?

The (again, non exhaustive) list of these data is attached to the draft Directive and is as follows:
(1) PNR record locator (2) Date of reservation/issue of ticket (3) Date(s) of intended travel (4) Name(s) (5) Address and contact information (telephone number, e-mail address) (6) All forms of payment information, including billing address (7) Complete travel itinerary for specific PNR (8) Frequent flyer information (9) Travel agency/travel agent (10) Travel status of passenger, including confirmations, check-in status, no show or go show information (11) Split/divided PNR information (12) General remarks (including all available information on unaccompanied minors under 18 years, such as name and gender of the minor, age, language(s) spoken, name and contact details of guardian on departure and relationship to the minor, name and contact details of guardian on arrival and relationship to the minor, departure and arrival agent) (13) Ticketing field information, including ticket number, date of ticket issuance and one-way tickets, Automated Ticket Fare Quote fields (14) Seat number and other seat information (15) Code share information (16) All baggage information (17) Number and other names of travellers on PNR (18) Any Advance Passenger Information (API) data collected (inter alia document type, document number, nationality, country of issuance, date of document expiration, family name, given name, gender, date of birth, airline, flight number, departure date, arrival date, departure port, arrival port, departure time, arrival time) (19) All historical changes to the PNR listed in numbers 1 to 18.

The draft Council text allows Member States also to collect other personal data if they so wish. (Guess if also the place of birth was added it would be possible to know also the Astrological profile and we all know after thousand years of consistent scientific observation that people with the sun or ascendant in Scorpio can be extremely dangerous..)

On this basis You still consider that this “machinery” deemed to filter millions a record a day by 28 different Passenger Unit in the member states without a meaningful judicial control and storing them for five years is not only an abuse of fundamental rights of millions of passengers, but is also contrary to the freedom of movement protected by the Treaty and the Charter, and is disproportionate? Moreover is contrary to the rule of law principle discriminatory because data on passengers will differ simply because of the different methods followed by each airline when dealing with their reservation systems?

Do you still think that such a machinery which in the US is backed by an intelligence counter terrorism endeavor of hundred billion dollars per year, will work in countries where police has hardly the resource to pay the petrol for their cars and were the first reflex is not to share “its” criminal records with the other member states and even less with EU agencies (which also stand side by side only for the family photo of the annual budget before the European Parliament) ?

In this framework would not be much wise, as a matter of priority, for the European Union to prevent and fight terrorism and serious crime by interconnecting the member states criminal record systems and by adding also the data of third country nationals who have already been convicted and condemned in their country for serious crimes?

Do you not consider that 28 national PNR (following each one its own profiling tactics) will be useless at European level where in any case only 2% of the Europol data deal with terrorist and are fed by only 4 of the 28 EU Countries ?

Last but not least, a real terrorist and criminals will not be tempted to avoid all of this by using false documents (easily accessible on internet) or, more safely, by keeping a train ?

Read the text below and (maybe) you will change your mind. But if you still consider that the PNR is the silver bullet to fight terrorists I have a used car that can be of your interest..

——————————————
COUNCIL OF THE EUROPEAN UNION
Brussels, 23 April 2012
8916/12
Interinstitutional File: 2011/0023 (COD)
GENVAL 23 AVIATION 73 DATAPROTECT 52 CODEC 1024
NOTE
From: Presidency
to: Council
No. prev. doc.: 8448/1/12 REV 1 GENVAL 17 AVIATI*N 60 DATAPR*TECT 40 C*DEC 897
Subject: Proposal for a Directive of the Council and the European Parliament on the use of
Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

Background

1. The Commission submitted the proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) for law enforcement purposes to the Council on 17 November 2007. This proposal was discussed in detail during the Slovenian, the French and the Czech Presidency. When the Lisbon Treaty entered into force, the proposal, which was not yet adopted, became legally obsolete.

2. On 3 February 2011 the Commission presented a proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.

3. At the Council meeting on 11 April 2011, a discussion was held on whether intra-EU flights should be included in the scope of the draft Directive. Further to that discussion, the
preparatory work on the draft PNR Directive continued at expert-level at the Working Party on General Matters, including Evaluations on the basis of the indication by the Council that the Directive should allow individual Member States the option to mandate the collection of PNR data with regard to intra-EU flights and that the collection and processing of such data should be subject to the legal regime created by the PNR Directive1.

4. Since the Commission presented its proposal, the Working Party on General Matters, including Evaluations has worked on the proposal for over a year. The scope of the proposal has been thoroughly discussed and further refined and it is now established for which purposes and under which conditions PNR data collected under the Directive can be used. A few Member States have argued in favour of extending the scope of the Directive to other purposes than those presently covered. It is, however, the Presidency’s assessment that a clear and strict purpose limitation is important in order to safeguard the proportionality of the Directive. The Presidency therefore considers that no further changes should be made to the scope of the Directive at the present stage. The review clause in the proposal will, however, allow for future revision of the Directive on the basis of national experiences.

5. The Presidency considers that the extensive work on the file and the considerable efforts that have been made to take all views into account during the Hungarian, Polish and Danish Presidency have resulted in a well-balanced draft Directive.
6. Nine delegations maintain a general scrutiny reservation on the proposal, two have a general reservation and two hold a parliamentary scrutiny reservation.

Retention period

7. The Commission had proposed an initial storage period of 30 days, followed by a further retention period of five years of masked out data. The negotiations have shown that an initial storage period of 30 days is generally considered much too short from an operational point of view. Article 9 has been redrafted in such a way that the overall retention period of 5 years is subdivided into two periods: a first period in which the data are fully accessible and a second period during which the data are masked out and where full disclosure of the data is subject to strict conditions. Taking into consideration the operational needs the initial retention period is set at two years. In comparison the initial retention period in the 2011 EU-Australia Agreement, to which the Council has agreed and the EP has given its consent, is three years.

Inclusion of intra-EU flights

8. Article 1a, which has been drafted in line with the indications given at the Council meeting on 11 April 2011, allows Member States to apply this Directive to all or selected intra-EU flights. Hence, the Article allows any Member State to collect PNR data from those intra-EU flights it considers necessary in order to prevent, detect, investigate or prosecute serious crime or terrorism. It thus constitutes a compromise between those Member States that are in favour of mandatory inclusion of all intra-EU flights and those that are opposed to any inclusion of intra-EU flights.

9. The Presidency considers the above solutions as part of a package, which constitutes a compromise between those Member States which would prefer to limit the impact of the collection and processing of PNR data and those Member States which are in favour of an extension of the scope of the collection and processing of PNR data. At the Coreper meeting of 18 April 2012 some Member States maintained for the time being their reservations on the issues of retention periods and intra-EU flights. However, only three delegations indicated that they could not accept the overall package as a basis for commencing negotiations with the EP.

10. In view of the above, the Presidency invites the Council to confirm the compromise text set out in the Annex as a basis for starting the negotiations with the Parliament.

ANNEX

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
on the use of Passenger Name Record (PNR) data for the prevention, detection, investigation
and prosecution of terrorist offences and serious crime

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Articles 82(1)(d) and 87(2)(a) thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national Parliaments,
Having regard to the opinion of the European Economic and Social Committee2,
Having regard to the opinion of the Committee of the Regions3,
Acting in accordance with the ordinary legislative procedure,

Whereas:

(1) On 6 November 2007 the Commission adopted a proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. However, upon entry into force of the Treaty of Lisbon on 1 December 2009, the Commission’s proposal, which had not been adopted by the Council by that date, became obsolete.

(2) The `Stockholm Programme An open and secure Europe serving and protecting the citizens’4 calls on the Commission to present a proposal for the use of PNR data to prevent, detect, investigate and prosecute terrorism and serious crime.

(3) In its Communication of 21 September 2010 “*n the global approach to transfers of Passenger Name Record (PNR) data to third countries” the Commission outlined certain core elements of a Union policy in this area.

(4) Council Directive 2004/82/EC of 29 April 2004 on the obligation of air carriers to communicate passenger data5 regulates the transfer of advance passenger data by air carriers to the competent national authorities for the purpose of improving border controls and combating illegal immigration.

(5) PNR data are necessary to effectively prevent, detect, investigate and prosecute terrorist offences and serious crime and thus enhance internal security, inter alia by comparing them with various databases of persons and objects sought, to construct evidence and, where relevant, to find associates of criminals and unravel criminal networks.
(6) ….

(7) PNR data enable to identify persons who were previously “unknown”, i.e. persons previously unsuspected of involvement in terrorism or serious crime, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities. By using PNR data it is possible to address the threat of terrorism and serious crime from a different perspective than through the processing of other categories of personal data. However, in order to ensure that the processing of data of innocent and unsuspected persons remains as limited as possible, the aspects of the use of PNR data relating to the creation and application of assessment criteria should be further limited to terrorist offences and relevant forms of serious crime. Furthermore, the assessment criteria shall be defined in a manner which ensures that as few innocent people as possible are identified by the system.

(8) Air carriers already collect and process PNR data from their passengers for their own commercial purposes. This Directive should not impose any obligation on air carriers to collect or retain any additional data from passengers or to impose any obligation on passengers to provide any data in addition to that already being provided to air carriers.

(9) Some air carriers retain any collected advance passenger information (API) data as part of the PNR data, while others do not. The use of PNR data together with API data has added value in assisting Member States in verifying the identity of an individual and thus reinforcing their law enforcement value and minimising the risk of carrying out checks and investigations on innocent people. It is therefore important to ensure that, where air carriers collect API data, they should transfer it, irrespective of whether the API data is retained as part of the PNR data or not.

(10) In order to prevent, detect, investigate and prosecute terrorist offences and serious crime, it is essential that all Member States introduce provisions laying down obligations on air carriers operating extra EU-flights, and if the Member State wishes to do so also on air carriers operating intra EU-flights, to transfer any collected PNR and API data. These provisions should be without prejudice to Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data.

(11) The processing of personal data must be proportionate to the specific security goals pursued by this Directive.

(12) The definition of terrorist offences applied in this Directive should be the same as in Council Framework Decision 2002/475/JHA on combating terrorism6 and the definition of serious crime applied in this Directive should be the same as in Council Framework Decision 2002/584/JHA of 13 June 2002 on the European Arrest Warrant and the surrender procedure between Member States7. The list of relevant serious crime with relation to which PNR data may be used for the creation and application of assessment criteria should be based on Framework Decision 2002/584/JHA.

(13) PNR data should be transmitted to a single designated unit (Passenger Information Unit) in the relevant Member State, so as to ensure clarity and reduce costs to air carriers. The Passenger Information Unit may have different locations in one Member State and Member States may also jointly set up one Passenger Information Unit.

(13a) It is desirable that co-financing of the costs related to the establishment of the national Passenger Information Units will be provided for under the instrument for financial support for police cooperation, preventing and combating crime, and crisis management as part of the Internal Security Fund.

(14) The contents of any lists of required PNR data to be obtained by a Passenger Information Unit should be drawn up with the objective of reflecting the legitimate requirements of public authorities to prevent, detect, investigate and prosecute terrorist offences or serious crime, thereby improving internal security within the Union as well as protecting the fundamental rights of persons, notably privacy and the protection of personal data. Such lists should not be based on a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life. The PNR data should contain details on the passenger’s reservation and travel itinerary which enable competent authorities to identify air passengers representing a threat to internal security.

(15) There are two possible methods of data transfer currently available: the `pull’ method, under which the competent authorities of the Member State requiring the data can reach into (access) the air carrier’s reservation system and extract (`pull’) a copy of the required data, and the `push’ method, under which air carriers transfer (`push’) the required PNR data to the authority requesting them, thus allowing air carriers to retain control of what data is provided. The `push’ method is considered to offer a higher degree of data protection and should be mandatory for all air carriers.

(16) The Commission supports the International Civil Aviation *rganisation (ICA*) guidelines on PNR. These guidelines should thus be the basis for adopting the supported data formats for transfers of PNR data by air carriers to Member States. This justifies that such supported data formats, as well as the relevant protocols applicable to the transfer of data from air carriers should be adopted in accordance with the examination procedure provided for in Regulation (EU) No182/2011 of the European Parliament and of the Council of 16 February 2011 lying down rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers8.

(17) The Member States should take all necessary measures to enable air carriers to fulfil their obligations under this Directive. Dissuasive, effective and proportionate penalties, including financial ones, should be provided for by Member States against those air carriers failing to meet their obligations regarding the transfer of PNR data.

(18) Each Member State should be responsible for assessing the potential threats related to terrorist offences and serious crime.

(19) Taking fully into consideration the right to the protection of personal data and the right to non-discrimination, no decision that produces an adverse legal effect on a person or seriously affects him/her should be taken only by reason of the automated processing of PNR data. Moreover, in respect of Article 21 of the Charter of Fundamental Rights of the European Union no such decision should discriminate on any grounds such as a person’s sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.

(20) Member States should share with other Member States the PNR data that they receive where this is necessary for the prevention, detection, investigation or prosecution of terrorist offences or serious crime. The provisions of this Directive should be without prejudice to other Union instruments on the exchange of information between police and judicial authorities, including Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police *ffice (Europol)9 and Council Framework Decision 2006/960/JHA of 18 September 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union10. Such exchange of PNR data between law enforcement and judicial authorities should be governed by the rules on police and judicial cooperation.

(21) The period during which PNR data are to be retained should be proportionate to the purposes of the prevention, detection, investigation and prosecution of terrorist offences and serious crime. Because of the nature of the data and their uses, it is necessary that the PNR data are retained for a sufficiently long period for carrying out analysis and for use in investigations. In order to avoid disproportionate use, it is necessary that, after an initial period, the data are depersonalised through masking out and that the full PNR data are only accessible under very strict and limited conditions.

(22) Where specific PNR data have been transmitted to a competent authority and are used in the context of specific criminal investigations or prosecutions, the retention of such data by the competent authority should be regulated by the national law of the Member State, irrespective of the retention periods set out in this Directive.

(23) The processing of PNR data domestically in each Member State by the Passenger Information Unit and by competent authorities should be subject to a standard of protection of personal data under their national law which is in line with Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters11.

(24) Taking into consideration the right to the protection of personal data, the rights of the data subjects concerning the processing of their PNR data, such as the right of access, the right of rectification, erasure and blocking, as well as the rights to compensation and judicial remedies, should be in line with Framework Decision 2008/977/JHA.

(25) Taking into account the right of passengers to be informed of the processing of their personal data, Member States should ensure they are provided with accurate information about the collection of PNR data and their transfer to the Passenger Information Unit.

(25a) This Directive allows the principle of public access to official documents to be taken into account.

(26) Transfers of PNR data by Member States to third countries should be permitted only on a case-by-case basis and in compliance with Framework Decision 2008/977/JHA. To ensure the protection of personal data, such transfers should be subject to additional requirements relating to the purpose and the necessity of the transfer.

(27) The national supervisory authority that has been established in implementation of Framework Decision 2008/977/JHA should also be responsible for advising on and monitoring of the application and of the provisions adopted by the Member States pursuant to this Directive.

(28) This Directive does not affect the possibility for Member States to provide, under their domestic law, for a system of collection and handling of PNR data for purposes other than those specified in this Directive, or from transportation providers other than those specified in the Directive, provided that such domestic law respects the Union acquis.

(29) This Directive is without prejudice to the current Union rules on the way border controls are carried out or with the Union rules regulating entry and exit from the territory of the Union.

(30) As a result of the legal and technical differences between national provisions concerning the processing of personal data, including PNR, air carriers are and will be faced with different requirements regarding the types of information to be transmitted, as well as the conditions under which this information needs to be provided to competent national authorities. These differences may be prejudicial to effective cooperation between the competent national authorities for the purposes of preventing, detecting, investigating and prosecuting terrorist offences or serious crime.

(31) Since the objectives of this Directive cannot be sufficiently achieved by the Member States, and can be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve that objective.

(32) This Directive respects the fundamental rights and the principles of the Charter of Fundamental Rights of the European Union, in particular the right to the protection of personal data, the right to privacy and the right to non-discrimination as protected by Articles 8, 7 and 21 thereof and has to be implemented accordingly. The Directive is compatible with data protection principles and its provisions are in line with the Framework Decision 2008/977/JHA. Furthermore, and in order to comply with the proportionality principle, the Directive, on specific issues, will have stricter rules on data protection than the Framework Decision 2008/977/JHA.

(33) In particular, the scope of this Directive is as limited as possible, as it allows retention of PNR data in the Passenger Information Units for period of time not exceeding 5 years, after which the data should be deleted, as the data should be depersonalised through masking out after an initial period, and as the collection and use of sensitive data is prohibited. In order to ensure efficiency and a high level of data protection, Member States are required to ensure that an independent national supervisory authority is responsible for advising and monitoring the way PNR data are processed. All processing of PNR data should be logged or documented for the purpose of verification of its legality, self-monitoring and ensuring proper data integrity and security of the processing. Member States should also ensure that passengers are clearly and precisely informed about the collection of PNR data and their rights.

(34) In accordance with Article 3 of the Protocol (No 21) on the position of United Kingdom and Ireland in respect of the Area of Freedom, Security and Justice, annexed to the Treaty on European Union and the Treaty on the Functioning of the European Union, those Member States have notified their wish to participate in the adoption and application of this Directive.
(35) In accordance with Articles 1 and 2 of the Protocol (No 22) on the position of Denmark annexed to the Treaty on European Union and the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Directive and is not bound by it or subject to its application.

HAVE ADOPTED THIS DIRECTIVE:

CHAPTER I GENERAL PROVISIONS

Article 1 Subject matter and scope
1. This Directive provides for the transfer by air carriers of Passenger Name Record (PNR) data of passengers of extra-EU flights to and from the Member States, as well as the processing of that data.
2. The PNR data collected in accordance with this Directive may be processed only for the purpose of prevention, detection, investigation and prosecution of terrorist offences and serious crime as provided for in Article 4 (2) (a), (b) and (c).

Article 1a Application of the directive to intra-EU flights
1. If a Member State wishes to apply this Directive to intra-EU flights, it shall give notice in writing to the Commission to that end. The Commission shall publish such a notice in the Official Journal of the European Union. A Member State may give or revoke such notice at any time after the entry into force of this Directive.
2. Where such a notice is given, all the provisions of this Directive shall apply in relation to intra-EU flights as if they were extra-EU flights and to PNR data from intra-EU flights as if it were PNR data from extra-EU flights.
3. A Member State may decide to apply this Directive only to selected intra-EU flights. In making such a decision the Member State shall select the flights it considers necessary in order to further the purposes of this Directive. The Member State may decide to change the selected intra-EU flights at any time.

Article 2 Definitions
For the purposes of this Directive the following definitions shall apply:
(a) `air carrier’ means an air transport undertaking with a valid operating licence or equivalent permitting it to carry out carriage by air of passengers;
(b) `extra-EU flight’ means any scheduled or non-scheduled flight by an air carrier flying from a third country planned to land on the territory of a Member State or from the territory of a Member State planned to land in a third country, including in both cases flights with any stopovers at the territory of Member States or third countries;
(c) `intra-EU flight’ means any scheduled or non-scheduled flight by an air carrier flying from the territory of a Member State planned to land on the territory of one or more of the other Member States, without any stop-overs at the territory/airports of a third country;
(d) `Passenger Name Record’ or’PNR data’ means a record of each passenger’s travel requirements which contains information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person, whether it is contained in reservation systems, Departure Control Systems (DCS, the system used to check passengers onto flights) or equivalent systems providing the same functionalities.
(e) `passenger’ means any person, except members of the crew, carried or to be carried in an aircraft with the consent of the air carrier, which is manifested by the persons’ registration in the passengers list and which includes transfer or transit passengers;
(f) `reservation systems’ means the air carrier’s internal reservation system, in which PNR data are collected for the handling of reservations;
(g) `push method’ means the method whereby air carriers transfer PNR data into the database of the authority requesting them;
(h) `terrorist offences’ means the offences under national law referred to in Articles 1 to 4 of Council Framework Decision 2002/475/JHA;
(i) `serious crime’ means the offences under national law referred to in Article 2(2) of Council Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under the national law of a Member State;
(k) ‘depersonalising through masking out of data’ means rendering certain data elements of such data invisible to a user without deleting these data elements.

CHAPTER II RESPONSIBILITES OF THE MEMBER STATES

Article 3 Passenger Information Unit
1. Each Member State shall set up or designate an authority competent for the prevention, detection, investigation or prosecution of terrorist offences and serious crime or a branch of such an authority to act as its `Passenger Information Unit’ (“PIU”) responsible for collecting PNR data from the air carriers, storing them, processing them and transmitting the PNR data or the result of the processing thereof to the competent authorities referred to in Article 5. The PIU is also responsible for the exchange of PNR data or the result of the processing thereof with PIUs of other Member States in accordance with Article 7. Its staff members may be seconded from competent public authorities. It shall be provided with adequate resources in order to fulfil its tasks.

2. Two or more Member States may establish or designate a single authority to serve as their Passenger Information Unit. Such a Passenger Information Unit shall be established in one of the participating Member States and shall be considered the national Passenger Information Unit of all such participating Member States. The participating Member States shall agree on the detailed rules for the operation of the Passenger Information Unit and shall respect the requirements laid down in this Directive.

3. Each Member State shall notify the Commission within one month of the establishment or designation of the Passenger Information Unit thereof. It may at any time modify its notification. The Commission shall publish this information, including any modifications of it, in the Official Journal of the European Union.

Article 4 Processing of PNR data
1. The PNR data transferred by the air carriers shall be collected by the Passenger Information
Unit of the relevant Member State, as provided for in Article 6. Should the PNR data transferred by air carriers include data beyond those listed in Annex I, the Passenger Information Unit shall delete such data immediately upon receipt.
2. The Passenger Information Unit shall process PNR data only for the following purposes:
(a) carrying out an assessment of the passengers prior to their scheduled arrival to or departure from the Member State in order to identify persons who require further examination by the competent authorities referred to in Article 5, in view of the fact that such persons may be involved in a terrorist offence or serious crime.
(i) In carrying out such an assessment the Passenger Information Unit may compare PNR data against databases relevant for the purpose of prevention, detection, investigation and prosecution of terrorist offences and serious crime, including databases on persons or objects sought or under alert, in accordance with Union, international and national rules applicable to such databases.
(ii) When carrying out an assessment of persons who may be involved in a terrorist offence or serious crime listed in Annex II to this Directive, the Passenger Information Unit may also process PNR data against pre-determined criteria.
Member States shall ensure that any positive match resulting from automated processing of PNR data conducted under point (a) of paragraph 2 is individually reviewed by non-automated means in order to verify whether the competent authority referred to in Article 5 needs to take action in accordance with national law;
(b) responding, on a case-by-case basis, to duly reasoned requests from competent authorities to provide PNR data and process PNR data in specific cases for the purpose of prevention, detection, investigation and prosecution of a terrorist offence or serious crime, and to provide the competent authorities with the results of such processing; and
(c) analysing PNR data for the purpose of updating or creating new criteria for carrying out assessments referred to point (a) (ii) in order to identify any persons who may be involved in a terrorist offence or serious crimes listed in Annex II.
3. The assessment of the passengers prior to their scheduled arrival or departure from the
Member State carried out against pre-determined criteria referred to in point (a)(ii) of paragraph 2 shall be carried out in a non-discriminatory manner on the basis of assessment criteria established by its Passenger Information Unit. Member States shall ensure that the assessment criteria are set by the Passenger Information Units, in cooperation with the competent authorities referred to in Article 5. The assessment criteria shall in no circumstances be based on a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life.
4. The Passenger Information Unit of a Member State shall transmit the PNR data or the results
of the processing of PNR data of the persons identified in accordance with point (a) of paragraph 2 for further examination to the competent authorities of the same Member State referred to in Article 5. Such transfers shall only be made on a case-by-case basis.
5. The consequences of the assessments of passengers referred to in point (a) of paragraph 2
shall not jeopardise the right of entry of persons enjoying the Union right of free movement into the territory of the Member State concerned as laid down in Directive 2004/38/EC. In addition, the consequences of such assessments, where these are carried out in relation to intra-EU flights between Member States to which the Regulation (EC) No 562/2006 of the European Parliament and of the Council of 15 March 2006 establishing a Community Code on the rules governing the movement of persons across borders12 applies, shall comply with that Code.

12 OJ L 105, 13.4.2006, p. 1.

Article 5 Competent authorities
1. Each Member State shall adopt a list of the competent authorities entitled to request or receive PNR data or the result of the processing of PNR data from the Passenger Information Units in order to examine that information further or take appropriate action for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crime.
2. The authorities referred to in paragraph 1 shall be competent for the prevention, detection, investigation or prosecution of terrorist offences or serious crime.
3. For the purpose of Article 7(4), each Member State shall notify the list of its competent authorities to the Commission eighteen months after entry into force of this Directive at the latest, and may at any time update this notification. The Commission shall publish this information, as well as any modifications of it, in the Official Journal of the European Union.
4. The PNR data and the result of the processing of PNR data received from the Passenger Information Unit may be further processed by the competent authorities of the Member States only for the purpose of preventing, detecting, investigating or prosecuting terrorist offences or serious crime.
5. Paragraph 4 shall be without prejudice to national law enforcement or judicial powers where other violations of criminal law, or indications thereof, are detected in the course of enforcement action further to such processing.
6. The competent authorities shall not take any decision that produces an adverse legal effect on a person or significantly affects a person only by reason of the automated processing of PNR data.

Article 6
Obligations on air carriers on transfer of data
1. Member States shall adopt the necessary measures to ensure that air carriers transfer (‘push’) the PNR data as defined in Article 2(d) and specified in Annex I, to the extent that such data are already collected by them, to the database of the Passenger Information Unit of the Member State on the territory of which the flight will land and/or from the territory of which the flight will depart. Where the flight is code-shared between one or more air carriers, the obligation to transfer the PNR data of all passengers on the flight shall be on the air carrier that operates the flight. Where an extra-EU flight has one or more stopovers at the airports of different Member States, air carriers shall transfer the PNR data of all passengers to the Passenger Information Units of all the Member States concerned. This also applies where an intra-EU flight has one or more stopovers at the airports of different Member States, but only in relation to Member States which are collecting PNR data.
1a. In case the air carriers have collected any advance passenger information (API) data listed under item (18) of Annex 1 to this directive but do not retain these data as part of the PNR data, Member States shall adopt the necessary measures to ensure that air carriers also transfer (‘push’) these data to the Passenger Information Unit of the Member State referred to in paragraph 1. In case of such transfer, all the provisions of this Directive shall apply in relation to these API data as if they were part of the PNR data.
2. Air carriers shall transfer PNR data by electronic means using the common protocols and supported data formats to be adopted in accordance with the procedure referred to in Articles 13 and 14, or, in the event of technical failure, by any other appropriate means ensuring an appropriate level of data security:
(a) once 24 to 48 hours before the scheduled time for flight departure; and
(b) once immediately after flight closure, that is once the passengers have boarded the aircraft in preparation for departure and it is no longer possible for passengers to board or leave.
3. Member States shall permit air carriers to limit the transfer referred to in point (b) of paragraph 2 to updates of the transfer referred to in point (a) of paragraph 2.
4. On a case-by-case basis and where access to PNR data is necessary to respond to a specific and actual threat related to terrorist offences or serious crime, air carriers shall, upon request from a Passenger Information Unit in accordance with the procedures provided under national law, transfer PNR data at other points in time than those mentioned in paragraph 2(a) and (b).

Article 7
Exchange of information between Member States
1. Member States shall ensure that, with regard to persons identified by a Passenger Information Unit in accordance with Article 4(2)(a), the PNR data or the result of any processing thereof is transmitted by that Passenger Information Unit to the corresponding units of other Member States where it considers such transfer to be necessary for the prevention, detection, investigation or prosecution of terrorist offences, or serious crime. The Passenger Information Units of the receiving Member States shall transmit the received information to their competent authorities in accordance with Article 4(4).
2. The Passenger Information Unit of a Member State shall have the right to request, if necessary, the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database and have not yet been depersonalised through masking out under Article 9(2) and, if necessary, also the result of any processing thereof, if it has already been prepared pursuant to Article 4(2)(a). The duly reasoned request for such data may be based on any one or a combination of data elements, as deemed necessary by the requesting Passenger Information Unit for a specific case of prevention, detection, investigation or prosecution of terrorist offences or serious crime. Passenger Information Units shall provide the requested data as soon as practicable. In case the requested data have been depersonalised through masking out in accordance with Article 9(2) the Passenger Information Unit shall only provide the full PNR data where it is reasonably believed that it is necessary for the purpose of Article 4(2)(b) and only when authorised to do so by an authority competent under Article 9(3).
3. (…)
4. Only when necessary in cases of emergency and under the conditions laid down in paragraph 2 may the competent authorities of a Member State request directly the Passenger Information Unit of any other Member State to provide it with PNR data that are kept in the latter’s database. The requests from the competent authorities, a copy of which shall always be sent to the Passenger Information Unit of the requesting Member State, shall be reasoned. In all other cases the competent authorities shall channel their requests through the Passenger Information Unit of their own Member State.
5. Exceptionally, where access to PNR data is necessary to respond to an specific and actual threat related to terrorist offences or serious crime, the Passenger Information Unit of a Member State shall at any time have the right to request the Passenger Information Unit of another Member State to obtain PNR data in accordance with article 6(4) and provide it to the requesting Passenger Information Unit.
6. Exchange of information under this Article may take place using any existing channels for cooperation between the competent authorities of the Member States. The language used for the request and the exchange of information shall be the one applicable to the channel used. Member States shall, when making their notifications in accordance with Article 3(3), also inform the Commission with details of the contact points to which requests may be sent in cases of emergency. The Commission shall communicate to the Member States the notifications received.

Article 8 Transfer of data to third States
A Member State may transfer PNR data as well as the results of the processing of such data stored by the Passenger Information Unit in accordance with Article 9 to a third State only on a case-bycase basis and if-
(a) the conditions laid down in Article 13 of Council Framework Decision 2008/977/JHA are fulfilled;
(b) it is necessary for the purposes of this Directive as specified in Article 1(2);
(c) the third State agrees to transfer the data to another third country only where it is necessary for the purposes of this Directive as specified in Article 1(2) and only with the express authorisation of the Member State that provided the third State with the data; and
(d) similar conditions as those laid down in Article 7(2) are fulfilled.

Article 9 Period of data retention
1. Member States shall ensure that the PNR data provided by the air carriers to the Passenger
Information Unit are retained in a database at the Passenger Information Unit for a period of five years after their transmission to the Passenger Information Unit of the Member State on whose territory the flight is landing or departing.
2. Upon expiry of a period of two years after the transfer of the PNR data as referred to in
paragraph 1, the PNR data shall be depersonalised through masking out of the following data elements which could serve to directly identify the passenger to whom the PNR data relate:
1. Name (s), including the names of other passengers on PNR travelling together;
2. Address and contact information;
3. All forms of payment information, including billing address, to the extent that it contains any information which could serve to directly identify the passenger to whom PNR relate or any other persons;
4. Frequent flyer information;
5. General remarks to the extent that it contains any information which could serve to directly identify the passenger to whom the PNR relate; and
6. Any collected advance passenger information.
3. Upon expiry of the two-year period referred to in paragraph 2, disclosure of the full PNR data shall be permitted only where it is reasonably believed that it is necessary for the purpose of Article 4(2)(b) and only when approved by a judicial authority or by another national authority competent under national law to verify whether the conditions for disclosure are fulfilled.

4. Member States shall ensure that the PNR data are deleted upon expiry of the period specified in paragraph 1. This obligation shall be without prejudice to cases where specific PNR data have been transferred to a competent authority and are used in the context of specific case for the purpose of prevention, detection, investigation or prosecution, in which case the retention of such data by the competent authority shall be regulated by the national law of the Member State.

5. The result of the processing referred to in Article 4(2)(a) shall be kept by the Passenger
Information Unit only as long as necessary to inform the competent authorities of a positive match. Where the result of an automated processing has, further to individual review by non-automated means as referred to in Article 4(2)(a) last subparagraph, proven to be negative, it may, however, be stored so as to avoid future `false’ positive matches for as long as the underlying data have not yet been deleted in accordance with paragraph 1.

Article 10 Penalties against air carriers
Member States shall ensure, in conformity with their national law, that dissuasive, effective and proportionate penalties, including financial penalties, are provided for against air carriers which, do not transmit the data as provided for in Article 6, or do not do so in the required format or otherwise infringe the national provisions adopted pursuant to this Directive.

Article 11 Protection of personal data
1. Each Member State shall provide that, in respect of all processing of personal data pursuant to this Directive, every passenger shall have the same right to access, the right to rectification, erasure and blocking, the right to compensation and the right to judicial redress as those adopted under the national law implementing Articles 17, 18, 19 and 20 of the Council Framework Decision 2008/977/JHA. The provisions of Articles 17, 18, 19 and 20 of the Council Framework Decision 2008/977/JHA shall therefore be applicable.
2. Each Member State shall provide that the provisions adopted under the national law to
implement Articles 21 and 22 of the Council Framework Decision 2008/977/JHA regarding confidentiality of processing and data security shall also apply to all processing of personal data pursuant to this Directive.
3. Any processing of PNR data revealing a person’s racial or ethnic origin, political opinions, religious or philosophical belief, trade union membership, health or sexual life shall be prohibited. In the event that PNR data revealing such information are received by Passenger Information Unit they shall be deleted without delay.
4. All processing, including receipt of PNR data from air carriers and all transfers of PNR data by Passenger Information Units and all requests by competent authorities or Passenger Information Units of other Member States and third countries, even if refused, shall be logged or documented by the Passenger Information Unit concerned and the competent authorities for the purposes of verification of the lawfulness of the data processing, self-monitoring and ensuring proper data integrity and security of data processing, in particular by the national data protection supervisory authorities. These logs shall be kept for a period of five years unless the underlying data have not yet been deleted in accordance with Article 9(4) at the expiry of those five years, in which case the logs shall be kept until the underlying data are deleted.
5. Member States shall ensure that air carriers, their agents or other ticket sellers for the carriage of passengers on air service inform passengers of flights at the time of booking a flight and at the time of purchase of a ticket in a clear and precise manner about the transmission data to the Passenger Information Unit, the purposes of their processing, the period of data retention, their possible use to prevent, detect, investigate or prosecute terrorist offences and serious crime, the possibility of exchanging and sharing such data and their data protection rights, in particular the right to complain to the competent national data protection supervisory authority. The same information shall be made available by the Member States to the public.
6. Without prejudice to Article 10, Member States shall in particular lay down effective, proportionate and dissuasive penalties to be imposed in case of infringements of the provisions adopted pursuant to this Directive.

Article 12 National supervisory authority
Each Member State shall provide that the national supervisory authority or authorities established to implement Article 25 of Framework Decision 2008/977/JHA shall also be responsible for advising on and monitoring the application within its territory of the provisions adopted by the Member States pursuant to the present Directive. The further provisions of Article 25 Framework Decision 2008/977/JHA shall be applicable.

CHAPTER IV IMPLEMENTING MEASURES

Article 13 Common protocols and supported data formats
1. All transfers of PNR data by air carriers to the Passenger Information Units for the purposes
of this Directive shall be made by electronic means or, in the event of technical failure, by any other appropriate means, for a period of one year following the adoption of the common protocols and supported data formats in accordance with Article 14.
2. Once the period of one year from the date of adoption, for the first time, of the common
protocols and supported data formats by the Commission in accordance with paragraph 3, has elapsed, all transfers of PNR data by air carriers to the Passenger Information Units for the purposes of this Directive shall be made electronically using secure methods in the form of those accepted common protocols which shall be common to all transfers to ensure the security of the data during transfer, and in a supported data format to ensure their readability by all parties involved. All air carriers shall be required to select and identify to the Passenger Information Unit the common protocol and data format that they intend to use for their transfers.
3. The list of accepted common protocols and supported data formats shall be drawn up taking due account of ICAO regulations and, if need be, adjusted, by the Commission by means of implementing acts in accordance with the procedure referred to in Article 14(2).
4. As long as the accepted common protocols and supported data formats referred to in paragraphs 2 and 3 are not available, paragraph 1 shall remain applicable.
5. Each Member State shall ensure that the necessary technical measures are adopted to be able to use the common protocols and data formats within one year from the date referred to in paragraph 2.

Article 14 Committee procedure
1. The Commission shall be assisted by a committee. That Committee shall be a committee within the meaning of Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers. The Commission shall not adopt the draft implementing act when no opinion is delivered by the Committee and the third subparagraph of Article 5(4) of Regulation (EU) No 182/2011 shall apply.
2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

CHAPTER V FINAL PROVISIONS

Article 15 Transposition
1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive at the latest 36 months after the entry into force of this Directive. They shall forthwith communicate to the Commission the text of those provisions.
When Member States adopt those provisions, they shall contain a reference to this Directive or be accompanied by such a reference on the occasion of their official publication. Member States shall determine how such reference is to be made.
2. Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.

Article 17 Review
1. The Council shall, at the appropriate level, discuss regularly the practical experiences and relevant issues within the scope and subject matter of the Directive.
2. On the basis of these discussions as well as other information provided by the Member States, including the statistical information referred to in Article 18 (2), the Commission shall undertake a review of the operation of this Directive and:
(a) within two years after the date mentioned in Article 15(1) submit a report to the European Parliament and the Council on the feasibility and necessity of including all or selected intra-EU flights in the scope of this Directive on a mandatory basis, taking into account the experience gained by Member States, especially those Member States that in accordance with Article 1a collect PNR with regard to intra-EU flights,
(b) within four years after the date mentioned in Article 15(1) submit a report to the European Parliament and the Council on all other elements of this Directive and on the feasibility and necessity of including transportation providers other than air carriers in the scope of this Directive, taking into account the experience gained by Member States, especially those Member States that collect PNR from other transportation providers.
3. If appropriate, in light of the review referred to in paragraph 2, the Commission shall make a legislative proposal to the European Parliament and the Council with a view to amending this Directive.

Article 18 Statistical data

1. Member States shall provide on a yearly basis the Commission with a set of statistical information on PNR data provided to the Passenger Information Units. These statistics shall not contain any personal data.
2. The statistics shall as a minimum cover:
1. total number of passengers whose PNR data were collected and exchanged;
2. number of passengers identified for further scrutiny;
3. number of subsequent law enforcement actions that were taken involving the use of PNR data;
3. On a yearly basis, the Commission shall provide the Council with cumulative statistics referred to in Article 18(1).

Article 19 Relationship to other instruments
1. Member States may continue to apply bilateral or multilateral agreements or arrangements
between themselves on exchange of information between competent authorities, in force when this Directive is adopted, in so far as such agreements or arrangements are compatible with this Directive.
2. This Directive is without prejudice to any obligations and commitments of Member States or
of the Union by virtue of bilateral and/or multilateral agreements with third countries.

Article 20 Entry into force
This Directive shall enter into force the twentieth day following that of its publication in the Official Journal of the European Union.
This Directive is addressed to the Member States in accordance with the Treaties.
Done at Brussels,
For the European Parliament For the Council
The President The President

ANNEX I Passenger Name Record data as far as collected by air carriers
(1) PNR record locator
(2) Date of reservation/issue of ticket
(3) Date(s) of intended travel
(4) Name(s)
(5) Address and contact information (telephone number, e-mail address)
(6) All forms of payment information, including billing address
(7) Complete travel itinerary for specific PNR
(8) Frequent flyer information
(9) Travel agency/travel agent
(10) Travel status of passenger, including confirmations, check-in status, no show or go show information
(11) Split/divided PNR information
(12) General remarks (including all available information on unaccompanied minors under 18 years, such as name and gender of the minor, age, language(s) spoken, name and contact details of guardian on departure and relationship to the minor, name and contact details of guardian on arrival and relationship to the minor, departure and arrival agent)
(13) Ticketing field information, including ticket number, date of ticket issuance and one-way tickets, Automated Ticket Fare Quote fields
(14) Seat number and other seat information
(15) Code share information
(16) All baggage information
(17) Number and other names of travellers on PNR
(18) Any Advance Passenger Information (API) data collected (inter alia document type, document number, nationality, country of issuance, date of document expiration, family name, given name, gender, date of birth, airline, flight number, departure date, arrival date, departure port, arrival port, departure time, arrival time)
(19) All historical changes to the PNR listed in numbers 1 to 18.

ANNEX II
1. participation in a criminal organisation,
2. trafficking in human beings,
3. sexual exploitation of children and child pornography,
4. illicit trafficking in narcotic drugs and psychotropic substances,
5. illicit trafficking in weapons, munitions and explosives,
6. fraud,
7. laundering of the proceeds of crime,
8. computer-related crime,
9. environmental crime, including illicit trafficking in endangered animal species and in endangered plant species and varieties,
10. facilitation of unauthorised entry and residence,
11. illicit trade in human organs and tissue,
12. kidnapping, illegal restraint and hostage-taking,
13. organised and armed robbery,
14. illicit trafficking in cultural goods, including antiques and works of art,
15. forgery of administrative documents and trafficking therein,
16. illicit trafficking in hormonal substances and other growth promoters,
17. illicit trafficking in nuclear or radioactive materials,
18. unlawful seizure of aircraft/ships,
19. sabotage, and
20. trafficking in stolen vehicles.

S.PEERS : (AFTER CHARLIE HEBDO) DOES THE EU NEED MORE ANTI-TERRORIST LEGISLATION?

Original published HERE

By Professor Steve PEERS

Thursday, 8 January 2015

In the wake of the appalling attacks in Paris two days ago, it only took 24 hours for the EU Commission to state that it would propose a new wave of EU anti-terrorist measures in a month’s time. It’s not yet known what the content of this law will be; but the very idea of new legislation is a profound mistake.

Of course, it was right for the EU institutions to express sympathy for the victims of the attack, and solidarity as regards defence of free speech. Equally, it would not be problematic to use existing EU anti-terrorism laws if necessary, in order (for instance) to surrender the suspects in this crime on the basis of a European Arrest Warrant (EAW), in the event that they fled to another Member State.

The question is whether the EU needs more such laws.

For the EU has already reacted to prior terrorism offences, first as regards 9/11 and then to the atrocities in Madrid and London in 2004 and 2005.

The result is a huge body of anti-terrorism law, catalogued here by the SECILE project. This comprises not only measures specifically concerning terrorism (such as substantive criminal law measures, adopted in 2002 and amended in 2008), but many other measures which make it easier to cooperate as regards terrorism as well as other criminal offences, such as the EAW, the laws on exchange of police information and transmission of evidence across borders, and so on.

Moreover, there are proposals already under discussion which would apply to terrorism issues (among others), such as a new law on Europol, the EU’s police intelligence agency (discussed here), and proposed EU legislation on the transfer of airlines’ passenger name records (PNR).

So what new laws is the Commission likely to propose? It may suggest a new version of the data retention Directive, the previous version of which was struck down by the Court of Justice of the European Union (CJEU) last spring, in the Digital Rights judgment (discussed here). Other ideas under discussion, according to leaked documents (see here and here) are new laws strengthening mandatory checks at borders .

Are any of these laws really necessary? Member States can already adopt laws on retention of communications data, pursuant to the EU’s e-privacy directive.

As the European Parliament’s legal service has confirmed (see its advice here), if Member States adopt such measures, they will be subject to the constraints of the Digital Rights judgment, which bans mass surveillance carried out in the absence of safeguards to protect privacy. Equally, Member States are free to establish their own PNR systems, in the absence of any EU-wide measure (besides EU treaties with the USA, Canada and Australia on PNR). The question of whether mass surveillance is as such compatible with human rights has already been sent to the CJEU by the European Parliament, which has asked the Court to rule on this issue in the context of the EU/Canada PNR treaty (see discussion here).

It would be possible to adopt new laws calling for systematic border checks in specific cases. In practice, this would likely mean checks on Muslims who are returning after travel to places like Syria. It is questionable whether asking detailed further questions at the external borders will, by itself, really do a lot to prevent terrorism. After all, in the Paris attacks, it unfortunately proved impossible to prevent an apparent terrorist attack despite extensive anti-terrorist legislation on the books, and bodyguards protecting the staff of a known terrorist target.

There’s also a question of principle here.

The Paris attacks were directed at free speech: the foundation of liberal democracy. Of course efforts should be stepped up to prevent such attacks from happening again; but existing laws allow for targeted intelligence gathering and sharing already, The Commission’s immediate response reeks of panic. And the direct attack on fundamental democratic principles this week in Paris is precisely the wrong context to consider that new legislation curtailing other fundamental freedoms is limited.

S.PEERS : 2014 in review . Free Movement, Immigration and Asylum Law

Original Published HERE

Introduction

The issue of the free movement of EU citizens, as well as immigration and asylum from non-EU countries, has in recent years become one of the most contested issues in EU law. This blog post reviews the large number of legal developments over the last year in these two fields, assessing firstly the controversies over EU citizens’ free movement rights and secondly the tensions in EU immigration and asylum law between immigration control and human rights and between national and EU powers. It’s the second in a series of blog posts reviewing aspects of EU law in the last year; the first in the series (on criminal law) can be found here.

Free Movement Law

The case law of the CJEU on EU citizens’ free movement in 2014 was dominated by the themes of the limits to economic migration and equal treatment, in conjunction with EU citizens’ right to family reunion. On the first point, the most prominent judgment of 2014 was the Dano ruling (discussed here), in which the CJEU took a more stringent approach than usual in ruling that an EU citizen who had not worked or looked for work had no right to insist upon a social assistance benefit in the Member State that she had moved to.

As for the basic rules on qualification for EU free movement rights, the CJEU was not asked to rule in 2014 on the definition of EU citizenship. However, a pending case in the UK Supreme Court (discussed here) raises important questions about the extent of EU rules on the loss of national (and therefore EU) citizenship. The acquisition of EU citizenship also proved controversial, in the context of Malta’s sale of national (and EU) citizenship (discussed here).

Furthermore, EU free movement rights usually only apply to those who have moved between Member States. In two linked judgments this spring (discussed here), the CJEU clarified some important exceptions to that rule, as regards EU citizens who have moved to another country to be with their family members and returned, or who are cross-border workers or service providers. Next year, the CJEU will further clarify another important exception to that rule: the Ruiz Zambrano scenario when the non-EU parent of an EU citizen child is expelled to a third country, and the EU child has to follow, resulting in a de facto loss of their EU citizenship. The CS and Rendon Marin cases both ask the Court whether that case law applies to cases where the non-EU parent has been expelled following a criminal conviction.

For those EU citizens who do move between Member States, the CJEU delivered an important judgment in the case of Saint-Prix (discussed here), extending the concept of ‘former workers’ beyond the categories listed in the EU’s citizens Directive, to include also (under certain conditions) cases of pregnant women who gave up their jobs before the baby’s birth.

This judgment concerned the continued access to equal treatment in welfare benefits which former workers enjoy. Indeed, a new Directive on workers’ equal treatment (discussed here) was adopted in 2014, aiming to ensure the effective implementation of such equal treatment rights in practice. Next year, the CJEU will be called upon in theAlimanovic case to clarify whether the limits on EU citizens’ access to benefits set out inDano also impact upon work-seekers, who have previously had limited access to benefits linked to labour market access. The Court will also soon rule on students’ access to benefits again in the case of Martens, where there has already been an Advocate-General’s opinion.

The issue of EU citizens’ right to family reunion was repeatedly addressed throughout the year, with the CJEU taking a consistently liberal view. It ruled for a generous interpretation of ‘dependent’ family members in Reyes (discussed here), and confirmed that separated spouses can still qualify for permanent resident status in Ogierakhi (discussed here). It also ruled in McCarthy (discussed here) that non-EU family members of EU citizens could not be subject to a ‘family permit’ requirement to visit the UK, but rather had to be exempt from the need to obtain a visa if they hold a residence card in the country which they live in. This judgment clarified that Member States could only claim that EU citizens were abusing free movement rights in individual cases. On this topic, the Commission produced a Handbook on the issue of ‘marriages of convenience’ (discussed here). Next year, the Court will be called upon to clarify the application of EU law to divorces (Singh), and for the first time, to same-sex relationships (Cocaj).

Finally, as regards the issue of derogations, the Court took a less generous view of cases involving criminal convictions, ruling in G and Onuekwere that time spent in prison in the host State did not count toward obtaining permanent residence status or the extra protection against expulsion that comes with ten years’ residence.

Of course, the benefits of EU free movement law are not uncontested. Throughout the year, the debate on the merits of these rules in the UK intensified, to the point where Prime Minister David Cameron insisted that there had to be a major renegotiation of these rules as a key feature in the renegotiation of the UK’s membership of the EU. As I pointed out at the time (see discussion here), many of his demands will be difficult to agree, as they would require Treaty amendment.

Immigration and Asylum law Continue reading “S.PEERS : 2014 in review . Free Movement, Immigration and Asylum Law”

Some questions to the candidate High Representative for external relations (Federica Mogherini)

By Steve PEERS, Henri LABAYLE and Emilio DE CAPITANI

The would-be High Representative for the Common Foreign and Security Policy and Commission Vice President for external relations (Mogherini) will questioned in the next two days by Members of the European Parliament (MEPs), to determine whether the EP should vote to confirm her in office. MEPs have already asked some written questions and the would-be Commissioners have replied. However, the oral hearings which will shortly take place are an opportunity for MEPs to ascertain the Commissioners’ plans, and to secure important political commitments.

The following are suggested questions on institutional issues, although of course MEPs should also ask questions on the substance of EU foreign policy.

QUESTIONS TO HIGH REPRESENTATIVE CANDIDATE MOGHERINI

1 External Internal Security Policy

In your written answer you claim the need of a consistent and global approach to external and internal security. However, legally these two dimensions have been artificially separated in the Treaties by a disconnection clause (art.40 of TEU) [1] according to which the external security will remain intergovernmental. This means that consensus between the 28 Member States will remain the main rule, there are no legislative powers and the Court of Justice has no full judicial oversight. Bearing in mind these flaws of the EU external security policy (also from the point of view of the democracy principle and of the rule of law) would not be better to achieve some of your goals by building them on the external dimension of “internal” policies (such as protection of borders, migration, judicial and police cooperation)? If so qualified majority will be the rule and external agreements will be approved by the EP (as already happened with some EU-US agreements) and EU acts will be under the control of the Court of justice…

2.Solidarity clause in case of terrorist attack or natural or man made disaster (art. 222 TFEU)

On a joint proposal of your predecessor and of the Commission on 24 June 2014 the Council adopted thearrangements for the implementation by the Union of the solidarity clause (art 222 TFEU) to be activated if a Member State is the object of a terrorist attack or the victim of a natural or man-made disaster. The text has been adopted without associating the EP and moreover it does not foresee any structured information of the European Parliament on the way in which threats are defined and monitored, not even in the case that such an event occurs. However even if the Treaty does not impose a requirement to provide this information nothing would had prevented the Council from foreseeing it on its own initiative also because it would be bizarre that the members of the EP discover a terrorist attack from the press rather than from institutional channels. Will you propose an amendment to that Decision by recognising an adequate space for the EP?

3.Global Approach to Migration and mobility partnership as a binding act

As you rightly say in your written answer, EU development policy and international agreements could be the answer to address the root causes of displacement. However the Global Approach of Migration and the mobility partnership are only diplomatic instruments and are meaningless if not framed as full international agreements. Should they be transformed into legal binding acts (both for third countries and the EU and its Member States) and be accompanied by formal EU agreements with the relevant UN Agencies (UNHCR, IOM) tasking (and financing) them for the interventions in third countries? Continue reading “Some questions to the candidate High Representative for external relations (Federica Mogherini)”