The Meijers Committee on the “Money Laundering Directive”

ORIGINAL COMMENT PUBLISHED ON 12 MAY 2017 (*)

The Meijers Committee would like to comment on the European Commission’s proposal for a Directive on countering money laundering by criminal law.1

1. The Meijers Committee wishes to express its support for the idea of reviewing existing EU instruments in order to clarify obligations and achieve more coherence in the criminalisation of money laundering. However, the Meijers Committee considers that some elements of the Commission’s proposal deserve reconsideration in light of the principle of proportionality (article 5(4) TEU) and the ideas about criminalisation at EU level that the European Commission, the Council and the Parliament have expounded.2

The Meijers Committee holds that safeguards for suspects and defendants should be improved in the directive, inter alia because such harmonisation is important to enhance the effectiveness of cooperation between Member States.

2. The Meijers Committee deplores the fact that the Commission has not made an impact assessment of this proposal. The Commission reasons that the Directive mainly incorporates existing international obligations. Yet criminalisation of this behaviour at EU level, with its particular legal order, is more far-reaching than most existing international obligations. Moreover, as will be shown below, the proposal does go further than existing international obligations in some important aspects and it concerns a sensitive topic. Therefore, an impact assessment is necessary.

3. In the Commission’s proposal, the definition of criminal activity from which the property is derived (the ‘predicate offences’) has a wide scope. Whereas the Commission explains the necessity of the proposal mainly from the viewpoint of countering (financing of) terrorism, this is in reality only a small part of the proposal. Besides the list of EU-criminal offences, the proposal deals with ‘all offences as defined in the national law of the Member States, which are punishable by deprivation of liberty or a detention order for a maximum of more than one year or, as regards Member States that have a minimum threshold for offences in their legal system, all offences punishable by deprivation of liberty or a detention order for a minimum of more than six months’ (article 2(1 )(v)).

This may include possession of a small amount of property from a minor theft.

As the German delegation proposed, ‘a mandatory criminalisation of money laundering without any limitation to serious crimes could be disproportional’.3 Especially in purely national cases, which will be affected by the directive as well, having such a wide definition of the predicate offence may lead to unjustified outcomes. According to the Meijers Committee, this element of the proposal could be improved by including a requirement that Member States are only obliged to criminalise money laundering with regard to ‘particularly serious criminal activity’, which could include serious criminal activity with a cross-border element.

4. The Meijers Committee finds it questionable whether it is necessary and proportionate to oblige EU Member States to criminalise ‘self-laundering’ (article 3(3)), even though it should be welcomed that this offence only applies to conversion, transfer, concealment and disguise, and not to acquisition, possession or use. The Commission does not convincingly state why an EU-wide obligation to criminalise this behaviour, which is only optional in other instruments such as the Warsaw Convention, should be necessary to achieve the objective of the directive.

In many EU Member States, self-laundering is not criminalised because it is thought to lead to violations of the right not to be tried or punished twice for the same offence.4 The directive’s explanatory memorandum does refer to the ne bis in idem principle laid down in article 50 of the Charter of Fundamental Rights; however, this only applies to persons who have been finally acquitted or convicted and not to cases in which simultaneous prosecution takes place. Thus, the directive still leaves a gap in the protection for the defendant. Moreover, confiscation of the proceeds is already possible (see Directive 2014/42).

An option could be to limit the obligation to criminalise self-laundering to actions (of conversion, transfer, concealment and disguise) that cause further damage to the integrity of the financial system, in addition to the damage already caused by the predicate offence.

Another option could be to oblige states to limit the criminalisation of self-laundering (with regard to conversion, transfer, concealment or disguise) to situations where a person cannot be held criminally responsible for the predicate offence.

5. Even when there is no self-laundering involved, in some countries the prosecution of behaviour such as acquisition, possession or use of the property, when there is also a prosecution of the predicate offence, leads to problems of double jeopardy. As explained in par. 4, these problems cannot simply be solved by referring to article 50 of the Charter. It is exactly issues like these that, according to the Meijers Committee, necessitate an impact assessment of the proposal.

6. The Meijers Committee recommends putting in place more safeguards in relation to article 3(1), as these obligations potentially cover a wide range of conduct. There is a risk that states could use the money laundering offence as a ‘catch-all’ offence that also covers conduct which is not (or only very remotely) related to the rationale of protecting the integrity of the financial system. The Meijers Committee considers that this rationale of protecting the integrity of the financial system should be at the heart of the Directive, because that is what makes money laundering a serious crime and distinguishes it from other forms of assistance or encouragement of criminal conduct.

The latter forms should not be the subject of EU criminal law regulation, because the EU’s competences in article 83(1) TFEU are limited to particularly serious crime with a cross-border dimension.

This element could be improved by requiring that the conduct in article 3(1) – under a, b and c (not only under a) – is carried out with the purpose of concealing or disguising the illicit origin of the property. Also, the proposal would be improved if the offence definition would require that the conduct is suitable for concealing or disguising the illicit origin of the property. 7.

The Meijers Committee recommends amending article 3(2)(b), which states that it shall not be necessary to establish other circumstances relating to the criminal activity. If requirements with regard to establishing the predicate offence are too loose, Member States’ criminal law systems may focus on prosecuting for money laundering in order to evade the problems they may have in prosecuting the predicate offences. The wording proposed by the Council Presidency could provide a solution to this: ‘a conviction for the offences, referred to in paragraph 1 is possible where it is established that the property has been derived from a criminal activity, without it being necessary to establish all the factual elements relating to such activity’.5

(*) The Council has in the meantime agreed a new version of the text : see document 9280/17 on May 22, 2017 (however not directly accessible to the public)

NOTES

1 21 December 2016, COM(2016) 826 final.
2 Council Conclusions on model provisions, guiding the Council’s criminal law deliberations, 2979th JHA Council meeting, 30 November 2009; European Parliament, Resolution ‘An EU approach to criminal law’, 22 May 2012 (2010/2310(INI)); European Commission Communication ‘Towards an EU Criminal Policy: Ensuring the effective implementation of EU policies through criminal law’, 20 September 2011, (COM(2011)0573).
3 Council of the EU, Comments by delegations on the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 10 February 2017, 2016/0414 (COD), 15782/16, 6050/17.
4 Council of the EU, Comments by delegations on the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 10 February 2017, 2016/0414 (COD), 6050/17.
5 Examination of the proposal for a Directive of the European Parliament and of the Council on countering money laundering by criminal law, 9 February 2017, 2016/0414 (COD), 5443/17.

Worth reading : the final report by the EU High Level Expert Group on Information Systems and Interoperability (HLEG),

NB: The full version (PDF)  of the Report is accessible HERE

On May 8th the (EU) High Level Expert Group on Information Systems and Interoperability (HLEG) which was set up in June 2016 following the Commission Communication on “Stronger and Smarter Information Systems for Borders and Security ” has published its long awaited 56 long pages Report on Information Systems and Interoperability.

Members of the HLEG were the EU Members States (+ Norway, Switzerland and Liechtenstein), the EU Agencies (Fundamental Rights Agency, FRONTEX, European Asylum Support Office, Europol and the EU-LISA “Large Information Support Agency”) as well as the representatives of the Commission and the European Data Protection Supervisor (EDPS) and the Anti-Terrorism Coordinator (an High Council General Secretariat Official designated by the European Council).

Three Statements, respectively of the EU Fundamental Rights Agency, of the European Data Protection Supervisor and of the EU Counter-Terrorism Coordinator (CTC),  are attached. The first two can be considered as a sort of partially dissenting Opinions while the CTC  statement is quite obviously in full support of the recommendations set out by the report as it embodies for the first time at EU level the “Availability Principle” which was set up already in 2004 by the European Council. According to that principle if a Member State (or the EU) has a security related information which can be useful to another Member State it has to make it available to the authority of another Member State. It looks as a common sense principle which goes hand in hand with the principle of sincere cooperation between EU Member States and between them and the EU Institutions.

The little detail is that when information is collected for security purposes national and European legislation set very strict criteria to avoid the possible abuses by public EU and National Law enforcement authorities. This is the core of Data Protection legislation and of the art. 6, 7 and 8 of the EU Charter of Fundamental Rights which prevent the EU and its Member States from becoming a sort of Big Brother “State of surveillance”. Moreover, at least until now these principles have guided the post-Lisbon European Court of Justice jurisprudence in this domain and it is quite appalling that no reference is made in this report to the Luxembourg Court Rulings notably dealing with “profiling” and “data retention”(“Digital Rights”, “Schrems”, “TELE 2-Watson”…).

Needless to say to implement all the HLWG recommendations several legislative measures will be needed as well as the definition of a legally EU Security Strategy which should be adopted under the responsibility of the EU co-legislators. Without a strong legally founded EU security strategy not only the European Parliament will continue to be out of the game but also the control of the Court of Justice on the necessity and  proportionality of the existing and planned EU legislative measures will be weakened.  Overall this HLWG report is mainly focused on security related objectives and the references to fundamental rights and data protection are given more as “excusatio non petita” than as a clearly explained reasoning (see the Fundamental Rights Agency Statement). On the Content of the  perceived “threats” to be countered with this new approach it has to be seen if some of them (such as the mixing irregular migration with terrorism)  are not imaginary and, by the countrary, real ones are not taken in account.

At least this report is now public. It will be naive to consider it as purely “technical” : it is highly political and will justify several EU legislative measures. It will be worthless for the European Parliament to wake up when the formal legislative proposals will be submitted. If it has an alternative vision it has to show it NOW and not waiting when the Report will be quite likely “endorsed” by the Council and the European Council.

Emilio De Capitani

TEXT OF THE REPORT (NB  Figures have not been currently imported, sorry.)

——- Continue reading

Immigration detention and the rule of law: the ECJ’s first ruling on detaining asylum-seekers in the Dublin system

ORIGINAL PUBLISHED ON EU LAW ANALYSIS (May 5,2017)

by Tommaso Poli (LL.M. candidate in Human Rights and Humanitarian Law at the University of Essex, School of Law).

One of the most controversial issues in immigration law is the detention of asylum-seekers. This issue was not initially addressed by the European Common Asylum System (CEAS), but is now addressed in some of the second-phase CEAS measures (the CEAS consists of the Asylum Procedures Directive, the Reception Conditions Directive, the Qualification Directive, the Dublin Regulation and the EURODAC Regulation).

In particular, the second-phase CEAS measures contain detailed rules on detaining asylum-seekers in two cases:  a) general rules in the Reception Conditions Directive, which were the subject of a first ECJ ruling in 2016 (discussed here) and a recent opinion of an Advocate-General; and b) more specific rules in the Dublin III Regulation, applying to asylum-seekers whose application is considered to be the responsibility of another Member State under those rules. Recently, the ECJ ruled for the first time on the interpretation of the latter provisions, in its judgment in the Al Chodor case.

As we will see, the Court took a strong view of the need for the rule of law to apply in detention cases. Moreover, its ruling is potentially relevant not just to Dublin cases, but also detention of asylum-seekers and irregular migrants in other contexts too.

The rules on detaining asylum-seekers in the context of the Dublin process are set out in Article 28 of the Dublin III Regulation. First of all, Article 28(1) states that asylum seekers can’t be detained purely because they are subject to the Dublin process. Then Article 28(2) sets out the sole ground for detention: when there is a ‘significant risk of absconding’. If that is the case ‘Member States may detain the person concerned in order to secure transfer procedures in accordance with’ the Dublin rules, ‘on the basis of an individual assessment and only in so far as detention is proportional and other less coercive alternative measures cannot be applied effectively’.

Next, Article 28(3) sets out detailed rules on time limits for ‘Dublin detention’; these are the subject of the pending Khir Amayry case. Finally, Article 28(4) states that the general rules on guarantees relating to procedural rights and detention conditions set out in the Reception Conditions Directive apply to asylum-seekers detained under the Dublin rules.

Al Chodor concerned the interpretation of the grounds for detention under Article 28(2): what is a ‘serious risk of absconding’?  The Dublin III Regulation offers some limited clarity, defining ‘risk of absconding’ as ‘the existence of reasons in an individual case, which are based on objective criteria defined by law, to believe that an applicant or a third country national or a stateless person who is subject to a transfer procedure may abscond.’ (Article 2(n) of the Regulation).

Facts

The case relates to an Iraqi man and his two minor children who were traveling from Hungary in the Czech Republic, without any documentation to establish their identity, with the aim of joining family members in Germany. After stopping the Al Chodors, the Czech Foreigners Police Section (FPS) consulted the Eurodac database and found that they had made an asylum application in Hungary. As a consequence, the Al Chodors were subjected to the transfer procedure according to Article 18(1)(b) of the Dublin III Regulation. In addition, the FPS took the view that there was a ‘serious risk of absconding’, given that the Al Chodors had neither a residence permit nor accommodation in the Czech Republic, while they were waiting for their transfer to Hungary.

So, they placed the Al Chodors in detention for 30 days pending their transfer pursuant to Paragraph 129(1) of the national law on the residence of foreign nationals, read in conjunction with Article 28(2) of the Dublin III Regulation. The Al Chodors brought an action against the decision ordering their detention to the regional Court, which annulled that decision, finding that Czech legislation does not lay down objective criteria for the assessment of the risk of absconding within the meaning of Article 2(n) of the Dublin III Regulation. That Court accordingly ruled that the decision was unlawful. Following the annulment of the decision of the FPS, the Al Chodors were released from custody.

The FPS brought an appeal on a point of law before the Supreme Administrative Court against the decision of the Regional Court. According to the FPS, the inapplicability of Article 28(2) of the Dublin III Regulation cannot be justified by the mere absence in Czech legislation of objective criteria defining the risk of absconding. That provision subjects the assessment of the risk of absconding to three conditions, namely an individual assessment taking account of the circumstances of the case, the proportionality of the detention, and the impossibility of employing a less coercive measure. The FPS has submitted that it satisfied those conditions.

The Supreme Administrative Court was uncertain whether the recognition by its settled case-law of objective criteria on the basis of which the detention of persons pursuant to Paragraph 129 of the Law on the residence of foreign nationals may be carried out can meet the requirement of a definition ‘by law’ within the meaning of Article 2(n) of the Dublin III Regulation, in so far as that case-law confirms a consistent administrative practice of the FPS which is characterised by the absence of arbitrary elements, and by predictability and an individual assessment in each case. So the Court decided to refer to the European Court of Justice for a preliminary ruling asking whether Article 2(n) and Article 28(2) of the Dublin III Regulation, read in conjunction, must be interpreted as requiring Member States to establish, in a national law, objective criteria underlying the reasons for believing that an applicant for international protection who is subject to a transfer procedure may abscond, and whether the absence of those criteria in a national law leads to the inapplicability of Article 28(2) of that regulation.

Judgment

The Court of Justice first of all ruled that Article 2(n) of the Dublin III Regulation explicitly requires that objective criteria defining the existence of a risk of absconding be defined by the national law of each Member State (paragraph 27-28). Then, determining whether the word ‘law’ must be understood as including settled case-law, the Court reaffirmed that in interpreting a provision of EU law, it is necessary to consider not only its wording but also the context in which it occurs and the objectives pursued by the rules of which it forms part (judgment of 26 May 2016, Envirotec Denmark, paragraph 27).

So with regard to the general scheme of the rules of which Article 2(n) of Dublin III Regulation forms part, the Court, referring to recital 9 of that regulation, states that the regulation is intended to make necessary improvements, in the light of experience, not only to the effectiveness of the Dublin system but also to the protection of fundamental rights afforded to applicants under that system. This high level of protection is also clear from Articles 28 and 2(n) of that regulation, read in conjunction. As regards the objective pursued by Article 2(n) of the Dublin III Regulation, read in conjunction with Article 28(2) thereof, the Court recalls that, by authorizing the detention of an applicant in order to secure transfer procedures pursuant to that regulation where there is a significant risk of absconding, those provisions provide for a limitation on the exercise of the fundamental right to liberty enshrined in Article 6 of the Charter.

In that regard, it is clear from Article 52(1) of the Charter that any limitation on the exercise of that right must be provided for by law and must respect the essence of that right and be subject to the principle of proportionality. Furthermore, it is worth noting that in this ruling the European Court of Justice explicitly aligns its interpretation to the European Court of Human Rights (ECtHR), reaffirming that any deprivation of liberty must be lawful not only in the sense that it must have a legal basis in national law, but also that lawfulness concerns the quality of the law and implies that a national law authorizing the deprivation of liberty must be sufficiently accessible, precise and foreseeable in its application in order to avoid risk of arbitrariness (judgment of the European Court of Human Rights of 21 October 2013, Del Río Prada v Spain, paragraph 125).

The Court then concluded by stating that taking account of the purpose of the provisions concerned, and in the light of the high level of protection which follows from their context, only a provision of general application could meet the requirement of clarity, predictability, accessibility and, in particular, protection against arbitrariness. It follows that Article 2(n) and Article 28(2) of the Dublin III Regulation, read in conjunction, must be interpreted as requiring that the objective criteria underlying the reasons for believing that an applicant may abscond must be established in a binding provision of general application. In the absence of such criteria, the detention was unlawful.

Comments

First of all, the Court’s ruling is likely relevant to the interpretation of other EU measures concerning immigration detention. In the Returns Directive, which inter alia concerns the detention of irregular migrants (as distinct from asylum seekers), the ‘risk of absconding’ forms part of the ground for detention (as well as one of the grounds for refusing to allow the irregular migrant a period for voluntary departure); and it is defined exactly the same way as in the Dublin III Regulation. As for asylum seekers who are detained on grounds other than the Dublin process, a ‘risk of absconding’ is an element of one of the grounds for detention under the Reception Conditions Directive, but is not further defined. But a recent Advocate-General’s opinion notes (at para 73) that this clause aims to prevent ‘arbitrary’ detention, which was a key feature of the reasoning in the Al Chodor judgment. This surely points to a consistent interpretation of the two asylum laws. It follows that arguably the Court’s judgment should be relevant not just to Dublin cases but to any immigration detention of non-EU citizens in any Member State bound by the relevant EU legislation.

Secondly, this ruling has reiterated the principle by which although regulations generally have immediate effect in national legal systems without it being necessary for the national authorities to adopt measures of application, some of those provisions may necessitate, for their implementation, the adoption of measures of applicability by the Member States (judgment of 14 April 2011, Vlaamse Dierenartsenvereniging and Janssens, paragraphs 47 and 48).

Most significantly, the Court has reaffirmed the primacy of Human Rights law in EU asylum law implementation, highlighting that the development of the EU asylum law itself depends on its compliance with Human Rights law. In particular, the ECJ’s ruling in this case first of all reflects the ECtHR’s interpretation of the ‘arbitrariness’ of detention, which extends beyond the lack of conformity with national law. Notably, it states that a deprivation of liberty that is lawful under domestic law can still be arbitrary and thus contrary to the general principles, stated explicitly or implied, in the Convention (judgment of the European Court of Human Rights of 9 July 2009, Mooren v. Germany, paragraphs 73-77).

The Court’s ruling also reflects UN human rights norms. The Human Rights Committee’s General Comment No. 31 related to the nature of the general legal obligation imposed on State parties to the UN Covenant on Civil and Political Rights, which all EU Member States are State parties to, which reads that ‘in no case may the restrictions be applied or invoked in a manner that would impair the essence of a Covenant right’ (paragraph 4). Furthermore, the Human Rights Committee’s General Comment No. 35 points out that “arbitrariness is not to be equated with ‘against the law’, but must be interpreted more broadly to include elements of inappropriateness, injustice, lack of predictability and due process of law, as well as elements of reasonableness, necessity and proportionality” (paragraph 12, see also HRC, Van Alphen v. Netherlands, paragraph 5.8).

Finally, the Court’s ruling has confirmed the constitutional value of the Charter of Fundamental Rights of the European Union, which assumes a critical value in this historical period, since, as with any constitutional instrument, the more society as a whole is going through difficult times (such as the perceived ‘migration crisis’ in Europe), the more important it is to reaffirm its principles and values.

Likewise Article 52 of the EU Charter states that in no case may restrictions be applied or invoked in a manner that would impair the essence of a Charter right; in the context of detention, a fortiori it can be also affirmed that essential elements of guarantee for that right, as the requirement of lawfulness and non-arbitrariness for the right of liberty, cannot be disregarded in any circumstance. The Al Chodor ruling puts meat on the bones of that fundamental principle.

EU accession to the Istanbul Convention preventing and combating violence against women. The current state of play.

by Luigi LIMONE (*)

The Council of Europe Convention on preventing and combating violence against women and domestic violence, known as ‘Istanbul Convention’, is the first legally binding treaty in Europe that criminalises different forms of violence against women including physical and psychological violence, sexual violence, sexual harassment and rape, stalking, female genital mutilation, forced marriage, forced abortion and forced sterilization.

It emphasises and recognises that violence against women is a human rights violation, a form of discrimination against women and a cause and a consequence of inequality between women and men. The Convention requires the public authorities of State parties to adopt a set of comprehensive and multidisciplinary measures in a proactive fashion to prevent violence, protect its victims/survivors and prosecute the perpetrators. The Convention recognises that women experience multiple forms of discrimination and requires the State parties to ensure that tits implementation is made without discrimination on any ground such as sex, gender, race, colour, language, religion, political or other opinion, national or social origin, association with a national minority, property, birth, sexual orientation, gender identity, age, state of health, disability, marital status, migrant or refugee status or other. It also states that violence against women can never be justified in the name of culture, custom, religion, tradition nor so-called ‘honour’.

It foresees obligations to adopt a specific gender-sensitive approach in migration and asylum matters, and the establishment of a specific monitoring mechanism, (The Group of Experts on Action against Violence against Women and Domestic Violence “GREVIO”), tasked with ensuring effective implementation of its provisions by the Parties.

The Convention contains 81 articles set out in 12 separate chapters and was adopted by the Committee of Ministers of the Council of Europe on 7 April 2011, and opened for signature.  on 11 May 2011.  The Convention is open for signature and approval by the (47) member States of the Council of Europe, non-member States which have participated in its elaboration and the European Union, and is open for accession by other non-member States. The Istanbul Convention came into force in 2014. It has been signed by all the EU Member States (but the ratification is still missing for Bulgaria, Croatia, Cyprus, Czeck Republik, Estonia, Germany, Greece, Hungary, Ireland Latvia, Lithuania, Luxembourg, Slovakia and UK)

EU Accession : different perspectives of the Commission and of the Council

It should be noted that from a legal point of view the Istanbul Convention, like many other international treaties, is a ‘mixed agreement’ which allows for EU accession in parallel to the Member States’ accession.  While the EU cannot sign up to older international human rights treaties, like the UN Covenants, since they are only open to States, newer treaties expressly provide for the EU to sign up to them. This holds particularly true for the Istanbul Convention, which deals with a number of fields the EU is competent in, including victims’ rights and protection orders, asylum and migration, as well as in judicial cooperation in criminal matters.

As Steve Peers said, the EU accession to the Istanbul Convention can only be welcomed. Although it may not, by itself, prevent any act of violence from being committed, it may accelerate a broader process of ratification and corresponding national law reform on this issue. It may also have the important practical impact of helping victims receive support or protection, particularly in the context of the law on crime victims, immigration or asylum.

More specifically, the EU ratification of the Istanbul Convention could provide encouragement to its Member States, as well as non-EU Member States, to ratify the Convention and, since the CJEU will have jurisdiction to interpret those provisions of the Convention which fall within the scope of EU competence, it could promote a uniform interpretation of those provisions within the EU, thus establishing a truly comprehensive  framework for preventing and combating violence against women and domestic violence.

On 4th March 2016, the European Commission has then issued a proposal for a Council decision on the conclusion, by the European Union, of the Council of Europe Convention on preventing and combating violence against women and domestic violence.

The Commission proposal for the EU accession to the Istanbul Convention has recognised the mixed nature of the Convention and but has explicitly stated that the European Union has exclusive competence to the extent that, according to art.3(2) the Convention may affect common EU rules or alter their scope (recital 6).

However it has to be noted that according to art.73 of the Convention  :“The provisions of this Convention shall not prejudice the provisions of internal law and binding international instruments which are already in force or may come into force, under which more favourable rights are or would be accorded to persons in preventing and combating violence against women and domestic violence.”  Consequently, contracting Parties to the Convention are allowed to maintain or introduce a higher level of protection for women and girls than the norms set out in the Convention.

This gives some leeway to the Member States which have already signed and in some cases also ratified the Convention. Moreover in cases where relevant Union legislation contains minimum standards as well, it can be questioned if they have lost their possibility of adopting national legislation more favorable to the victims. On September 2016, the Slovak Presidency has then requested the Legal Service to give an opinion on the competences of the Union relating to the Convention, and to identify the parts of the Convention, if any, that fall within the Union’s exclusive competence.

This opinion was issued on 27 October 2016 (doc. 13795/16 -only partially accessible to the public) and as a result of subsequent debates in the Council working Groups it was decided that the Convention should be signed on behalf of the EU only as regards matters falling within the competence of the Union insofar as the Convention may affect common rules or alter their scope.

According to an internal Council source the EU must be held to have exclusive competence for some of the provisions of the Convention set out in Chapters IV (“Protection and Support”), V (‘Substantive Law) and VI (‘Investigation, prosecution, procedural law and protective measures’) but only insofar as they relate to victims covered by Directive 2011/92/EU and Directive 2011/36/EU. (Moreover in the case of the Victim Directive it deals with minimum EU rules so that some competence remain at MS level).

On the contrary it seems indisputable that the Union has acquired exclusive competence in relation to two of the three provisions of Chapter VII (‘Migration and Asylum’).  In relation to Article 60(1) and (2) of the Convention, the current EU rules of the “Qualification Directive” does not appear to be much leeway for Member States to exceed the protection level set out in Union rules. The same applies to Article 60(3) of the Convention, in the light of the detailed provisions of the same Qualification Directive, the “Procedures Directive” and the “Reception conditions Directive”, even if they set, technically speaking, Member States to maintain or introduce more favourable protection.  As for Article 61 of the Convention, on non-refoulement, this appears to set “minimum” norms, but only in theory.  The same must be held for the corresponding provisions of EU provisions, whether primary (Article 78(1) TFEU), or secondary law.

Therefore, to protect the MS competence the Council has decided to change the legal basis and the draft decision on the signing on behalf of the European Union of the Istanbul Convention was divided into two decisions: one with regard to matters related to judicial cooperation in criminal matters and the second with regard to asylum and non-refoulement.

Both Council and Commission have recognised that the respective competences of the European Union and the Member States are inter-linked and have considered that it is appropriate to establish arrangements between the Commission and the Member States for the monitoring mechanism provided by the Convention, the so-called Group of experts on action against violence against women and domestic violence (GREVIO).

…in the meantime the European Parliament ..

At the European Parliament level, on several occasions MEPs have recalled that the EU accession to the Istanbul Convention would guarantee a coherent European legal framework to prevent and combat violence against women and gender-based violence and to protect the victims of violence, provide greater coherence and efficiency in EU internal and external policies and ensure better monitoring, interpretation and implementation of EU laws, programs and funds relevant to the Convention, as well as more adequate and better collection of comparable desegregated data on violence against women and gender-based violence at EU.

According to the MEPs the EU ratification would also reinforce the EU accountability at international level and, last but not least, it would apply renewed political pressure on Member States to ratify this instrument (note that so far all EU Member States have signed the Istanbul Convention, but only fourteen of them have ratified it).

The European Parliament has also recalled that the Commission is bound by Article 2 TEU and by the Charter of Fundamental Rights to guarantee, promote and take action in favour of gender equality. It has, therefore, welcomed the Commission proposal to sign and conclude the EU accession to the Istanbul Convention.

In this respect, a draft interim report between the LIBE and FEMM Committees is being drafted by two rapporteurs, Anna Maria Corazza Bildt (EPP – Sweden) and Christine Revault D’Allonnes Bonnefoy (S&D – France). A first LIBE/FEMM joint hearing on the issue took place on 29 November 2016. It was followed by a second joint hearing, which was held on 27 March 2017, whose aim was to highlight the importance as well as the necessity for the EU to access the Istanbul convention as a unique body.

During the latter hearing, some MEPs reiterated the importance of the EU accession to the Istanbul Convention, which could represent the basis for the introduction of a holistic approach addressing the issue of violence against women and girls and gender-based violence from a wide range of perspectives, such as prevention, the fight against discrimination, criminal law measures to combat impunity, victim protection and support, the protection of children, the protection of women asylum seekers and refugees and better data collection.

According to Malin Björk  (GUE/NGL – Sweden), the EU accession to the Istanbul convention would represent a very important step forward and it would allow to see violence against women as a political issue. For her, the EU ratification would be an opportunity to make people understand that such an issue is part of gender politics and it has to be recognised as such.

For Iratxe García Pérez (S&D – Spain), it would be extremely important to use all the best practices provided by some EU countries, such as Spain and Sweden, in order to define a common European framework for an active policy to combat violence against women. In her opinion, the European society is still unequal and gender-based violence derives from such an unbalance of power. The EU accession to the Istanbul Convention would be therefore crucial in order to set the basis for a common European strategy aiming to eliminate gender unbalances across Europe.

The key elements of the interim report were outlined during a third joint hearing which took place on 11 April 2017. On that occasion, the two rapporteurs stressed the needs for a joint effort between the European Parliament and the European Commission, in order to set up a holistic and comprehensive approach towards violence against women. Both the rapporteurs  expressed their strong support for the introduction of an EU directive and recalled that violence against women should not be considered as a national issue but as a European issue, since it affects the whole European society.

Despite the progress made at the European Parliament level, some MEPs deplored the fact that negotiations in the Council were not proceeding at the same speed.

It is not clear if the LIBE members were aware of the debates on the Council side or if they have been “timely and fully informed” of the new approach emerging on the Council side as it should had be the case according to art. 218 of the TFUE. Nor it is clear if the Commission has taken duly informed the LIBE Members in compliance with the EP-Commission Framework agreement.

(*) FREE-GROUP Trainee

 

Authorization of deprivation of liberty by judicial authorities in the recast Reception conditions Directive proposal (ICJ OBSERVATIONS)

 

April 2017

The Commision proposal of the Reception Conditions Directive (recast) COM(2016) 465 final has been published by the European Commission on 13.7.2016. On 23 February 2017, the amendments[1] have been tabled in the European Parliament on the draft report by Sophia in ‘t Veld from 18 January 2017, the Rapporteur of the recast Directive.

The ICJ supports the amendments especially when it comes to its proposals on detention. In particular in the sense that detention or other restrictions of movement that may cumulatively amount to deprivation of liberty should always and only be ordered by judicial authorities (the proposed amendments 10, 30-33, 93-95, and 243-246 regarding Recital 20, Article 8.1, 9.2 and 9.3 of the proposal in particular).

The right to liberty and security of the person is protected under international human rights law (Article 9 ICCPR, Art 5 ECHR), and means that, as a general rule, asylum seekers should not be detained, except where detention can be justified as a necessary and proportionate measure for a legitimate purpose in the specific circumstances of the case. Asylum seekers may have already suffered imprisonment and torture in the country from which they have fled and therefore, the consequences of detention may be particularly serious, causing severe emotional and psychological stress and may amount to inhuman and degrading treatment.

Under international human rights law, it is established that asylum seekers should only be detained, as a last resort, in exceptional cases and where non-custodial measures have been proven on individual grounds not to achieve the stated, lawful and legitimate purpose. Detention must not be imposed arbitrarily, it must be lawful, necessary, and applied without discrimination. Judicial authorization, as well as judicial review, of detention provides an important safeguard against arbitrariness.

The Parliamentary Assembly of the Council of Europe has clearly stated in its Resolution 1707 (2010) on Detention of asylum seekers and irregular migrants in Europe, para 9.1.3, that “detention shall be carried out by a procedure prescribed by law, authorised by a judicial authority and subject to periodic judicial review.

It has been also established in international law that there is a right to judicial review of any form of detention, and that such review must always be of a judicial nature[2] UNHCR guidelines also require both automatic review of detention and regular automatic periodic reviews thereafter, and a right to challenge detention.[3]

 Taking account of the complexity of the assessment of whether a deprivation of liberty is justifiable as necessary and proportionate in the individual case of an asylum seeker and of the seriousness of the impact on human rights of deprivation of liberty, the ICJ considers that authorization by a judicial authority would always be preferential in cases of detention or other serious restrictions of movement.

 NOTES

[1] See Amendments 1-51:; Amendments 52-295:; Amendments 296-543:

[2] see European Court of Human Rights in Öcalan v. Turkey, para 70; Human Rights Committee in C. v. Australia, para 8.2-8.3; HRC General Comment No. 35, Article 9 (Liberty and security of person), UN Doc. CCPR/C/GC/35 (2014), para 18).

[3] Guideline 7: “(iii) to be brought promptly before a judicial or other independent authority to have the detention decision reviewed. This review should ideally be automatic, and take place in the first instance within 24–48 hours of the initial decision to hold the asylum-seeker. The reviewing body must be independent of the initial detaining authority, and possess the power to order release or to vary any conditions of release. (iv) following the initial review of detention, regular periodic reviews of the necessity for the continuation of detention before a court or an independent body must be in place, which the asylum-seeker and his/her representative would have the right to attend. Good practice indicates that following an initial judicial confirmation of the right to detain, review would take place every seven days until the one month mark and thereafter every month until the maximum period set by law is reached. (v) irrespective of the reviews in (iii) and (iv), either personally or through a representative, the right to challenge the lawfulness of detention before a court of law at any time needs to be respected. The burden of proof to establish the lawfulness of the detention rests on the authorities in question. As highlighted in Guideline 4, the authorities need to establish that there is a legal basis for the detention in question, that the detention is justified according to the principles of necessity, reasonableness and proportionality, and that other, less intrusive means of achieving the same objectives have been considered in the individual case.”

Legal Frameworks for Hacking by Law Enforcement: Identification, Evaluation and Comparison of Practices

EXECUTIVE SUMMARY OF A STUDY FOR THE EP LIBE COMMITEE.

FULL TEXT ACCESSIBLE  HERE  

by Mirja  GUTHEIL, Quentin  LIGER, Aurélie  HEETMAN, James  EAGER, Max  CRAWFORD  (Optimity  Advisors)

Hacking by law enforcement is a relatively new phenomenon within the framework of the longstanding public policy problem of balancing security and privacy. On the one hand, law enforcement agencies assert that the use of hacking techniques brings security, stating that it represents a part of the solution to the law enforcement challenge of encryption and ‘Going Dark’ without systematically weakening encryption through the introduction of ‘backdoors’ or similar techniques. On the other hand, civil society actors argue that hacking is extremely invasive and significantly restricts the fundamental right to privacy. Furthermore, the use of hacking practices pits security against cybersecurity, as the exploitation of cybersecurity vulnerabilities to provide law enforcement with access to certain data can have significant implications  for  the security of the internet.

Against this backdrop, the present study provides the LIBE Committee with relevant, actionable insight into the legal frameworks and practices for hacking by law enforcement. Firstly, the study examines the international and EU-level debates on the topic of hacking by law enforcement (Chapter 2), before analysing the possible legal bases for EU intervention in the field (Chapter 3). These chapters set the scene for the primary focus of the study: the comparative analysis of legal frameworks and practices for hacking by law enforcement across six selected Member States (France, Germany, Italy, the Netherlands, Poland and the UK), with further illustrative examples from three non-EU countries (Australia, Israel and the US) (Chapter 4). Based on these analyses, the study concludes (Chapter 5) and presents concrete recommendations and policy proposals for  EU  action  in  the field (Chapter 6).

The international and EU-level debates on the use of hacking techniques by law enforcement primarily evolve from the law enforcement challenge posed by encryption – i.e. the  ‘Going  Dark’  issue.

Going Dark is a term used to describe [the] decreasing ability [of law enforcement agencies] to lawfully access and examine evidence at rest on devices and evidence in motion across   communications   networks.1

According to the International Association of Chiefs of Police (IACP), law enforcement agencies are not able to investigate illegal activity and prosecute criminals without this evidence. Encryption technologies are cited as one of the major barriers to this access. Although recent political statements from several countries (including France, Germany, the UK and the US) seemingly call for ‘backdoors’ to encryption technologies, support for strong encryption at international and EU fora remains strong. As such, law enforcement agencies across the world started to use hacking techniques to bypass encryption. Although the term ‘hacking’ is not used by law enforcement agencies, these practices essentially mirror the techniques used by hackers (i.e. exploiting any possible vulnerabilities – including technical, system  and/or human  vulnerabilities  – within  an  information  technology  (IT) system).

Law enforcement representatives, such as the IACP and Europol, report that access to encrypted and other data through such hacking techniques brings significant investigative benefits. However, it is not the only possible law enforcement solution to the ‘Going Dark’ issue. Outside of the scope of this study, the other options include: requiring users to provide their password or decrypt their data; requiring technology vendors and service providers to bypass   the   security   of   their   own   products   and   services;   and   the    systematic   weakening   of encryption through the mandated introduction of ‘backdoors’ and/or weakened standards for encryption.

With the benefits of hacking established, a 2016 Joint Statement published by the European Union Agency for Network and Information Security (ENISA) and Europol2 noted that the use of  hacking  techniques also brings  several   key  risks.

The primary risk relates to the fundamental right to privacy and freedom of expression and information, as enshrined in international, EU and national-level law. Hacking techniques are extremely invasive, particularly when compared with traditionally intrusive investigative tools (e.g. wiretapping, house searches etc.). Through hacking, law enforcement can gain access to all data stored or in transit from a device; this represents a significant amount of data (e.g. a recent investigation by Dutch law enforcement collected seven terabytes of data, which translates into around 86 million pages of Microsoft Word documents3), as well as extremely sensitive data (e.g. a person’s location and movements, all communications, all stored data etc.). Consequently, the use of hacking techniques will inherently restrict the fundamental right to privacy.

Therefore, current debates at international and EU fora focus on assessing and providing recommendations on the current legal balances and safeguards for the restriction of the right to privacy by hacking techniques. However, these debates have assumed that hacking practices are necessary for law enforcement and simply require governing laws; they have not discussed whether the use of hacking techniques by law enforcement is necessary and proportional. The law enforcement assertions regarding the necessity of these invasive tools have  not   been  challenged.

The second key risk relates to the security of the internet. Law enforcement use of hacking techniques has the potential to significantly weaken the security of the internet by “[increasing] the attack surface for malicious abuse”4. Given that critical infrastructure and defence organisations, as well as law enforcement agencies themselves, use the technologies targeted and potentially weakened by law enforcement hacking, the potential ramifications reach  far  beyond  the intended  target.

As such, debates at international and EU fora focus on the appropriate balances between security and privacy, as well as security and cybersecurity. Regarding security v. privacy, the debates to date have assessed and provided recommendations on the legislative safeguards required to ensure that hacking techniques are only permitted in situations where a restriction of the fundamental right to privacy is valid in line with EU legislation (i.e. legal, necessary and proportional). Regarding security v. cybersecurity, the debates have been limited and primarily centre around the use and/or reporting of zero-day vulnerabilities discovered  by  law enforcement agencies.

Further risks not discussed in the Joint Statement but covered by this study include: the risks to territorial sovereignty – as law enforcement agencies may not know the physical location of the target data; and the risks related to the supply and use of commercially-developed hacking tools by governments with poor consideration for human rights.

Alongside the analysis of international and EU debates, the study presents hypotheses on the legal  bases  for  EU  intervention  in  the  field. Although  possibilities for  EU  legal  intervention  in several areas are discussed, including mutual admissibility of evidence (Art. 82(2) TFEU), common investigative techniques (Art. 87(2)(c) TFEU), operational cooperation (Art. 87(3) TFEU) and data protection (Art. 16 TFEU, Art. 7 & 8 EU Charter), the onus regarding the development of legislation in the field is with the Member States. As such, the management of the risks associated with law enforcement activities is governed at the Member State level.

As suggested by the focus of the international and EU discussions, concrete measures need to be stipulated at national-level to manage these risks. This study presents a comparative analysis of the legal frameworks for hacking by law enforcement across six Member States, as well as certain practical aspects of hacking by law enforcement, thereby providing an overview of the primary Member State mechanisms for the management of these risks. Further illustrative examples are provided from research conducted in three non-EU countries.

More specifically, the study examines the legal and practical balances and safeguards implemented at national-level to ensure: i) the legality, necessity and proportionality of restrictions to the fundamental  right  to  privacy;   and ii) the security  of  the internet.

Regarding restrictions to the right to privacy, the study first examines the existence of specific legal frameworks for hacking by law enforcement, before exploring the ex-ante and ex-post conditions and mechanisms stipulated to govern restrictions of the right to privacy and ensure they are legal, necessary  and  proportional.

It is found that hacking practices are seemingly necessary across all Member States examined, as four Member States (France, Germany, Poland and the UK) have adopted specific legislative provisions and the remaining two are in the legislative process. For all Member States except Germany, the adoption of specific legislative provisions occurred in 2016 (France, Poland and the UK) or will occur later (Italy, the Netherlands).  This  confirms the  new  nature  of these investigative techniques.

Additionally, law enforcement agencies in all Member States examined have used, or still use, hacking techniques in the absence of specific legislative provisions, under so-called ‘grey area’ legal provisions. Given the invasiveness of hacking techniques, these grey areaprovisions are considered  insufficient  to adequately  protect the right to privacy.

Where specific legal provisions have been adopted, all stakeholders agree that a restriction of the right to privacy requires the implementation of certain safeguards. The current or proposed legal frameworks of all six Member States comprise a suite of ex-ante conditions and ex-post mechanisms that aim to ensure the use of hacking techniques is proportionate and necessary. As recommended by various UN bodies, the provisions of primary importance include judicial authorisation of hacking practices, safeguards related to the nature, scope and duration of possible measures (e.g. limitations to crimes of a certain gravity and the  duration  of  the hack,  etc.) and  independent   oversight.

Although many of these types of recommended conditions are common across the Member States examined – demonstrated in the below table – their implementation parameters differ. For instance, both German and Polish law permit law enforcement hacking practices without judicial authorisation in exigent circumstance if judicial authorisation is achieved in a specified timeframe. However, the timeframe differs (three days in Germany compared with five days in Poland). These differences make significant difference, as the Polish timeframe was criticised  by the Council  of  Europe’s  Venice Commission  for being  too long.5

Furthermore, the Member States examined all accompany these common types of ex-ante and ex-post conditions with different, less common conditions. This is particularly true for ex-post oversight mechanisms. For instance, in Poland, the Minister for internal affairs provides macro-level information to the lower (Sejm) and upper (Senat) chambers of Parliament;6 and in the UK, oversight is provided by the Investigatory Powers Commissioner, who reviews all cases of hacking by law enforcement, and the Investigatory Powers Tribunal, which  considers disputes or  complaints surrounding  law enforcement  hacking.7

Key ex-ante considerations
Judicial authorisation The    legal    provisions    of    all    six    Member    States    require    ex-ante judicial        authorisation        for        law        enforcement        hacking.        The information  to  be  provided  in  these requests differ.

Select     Member     States     (e.g.     Germany,     Poland,     the     UK)     also provide for hacking without prior judicial authorisation in exigent circumstances  if  judicial  authorisation  is subsequently  provided. The timeframes  for  ex-post authorisation  differ.

Limitation by crime and  duration All  six Member  States  restrict  the  use  of  hacking  tools  based  on the   gravity   of   crimes.    In    some    Member   States,    the    legislation presents  a  specific  list  of  crimes  for  which  hacking  is permitted; in     others,     the    limit    is    set     for    crimes    that    have    a    maximum custodial    sentence   of   greater   than    a   certain   number    of   years. The lists and numbers  of years required differ by Member   State.

Many Member States also restrict the duration for which hacking may   be   used.   This   restriction   ranges   from   maximum   1   month (France, Netherlands) to a maximum of 6 months (UK), although extensions     are     permitted     under     the     same     conditions     in     all Member States.

Key ex-post considerations
Notification and effective remedy Most    Member    States    provide    for    the    notification    of    targets    of hacking  practices and  remedy  in  cases  of unlawful   hacking.
Reporting and oversight Primarily, Member States report at a micro-level through logging hacking  activities and  reporting them  in  case  files.

However,   some   Member   States   (e.g.   Germany,   Poland   and   the UK) have macro-level  review  and  oversight mechanisms.

Furthermore, as regards the issue of territoriality (i.e. the difficulty law enforcement agencies face obtaining the location of the data to be collected using hacking techniques), only one Member States, the Netherlands, legally permits the hacking of devices if the location is unknown. If the device turns out to be in another jurisdiction, Dutch law enforcement must apply  for Mutual  Legal  Assistance.

As such, when aggregated, these provisions strongly mirror Article 8 of the European Convention on Human Rights, as well as the UN recommendations and paragraph 95 of the ECtHR  judgement  in  Weber and  Saravia  v.  Germany.  However,   there are  many,  and  varied, criticisms when the Member State conditions are examined in isolation. Some of the provisions criticised include: the limits based on the gravity of crimes (e.g. the Netherlands, France and Poland); the provisions for notification and effective remedy (e.g. Italy and the Netherlands); the process for screening and deleting non-relevant data (Germany); the definition of devices that can be targeted (e.g. the Netherlands); the duration permitted for hacking (e.g. Poland); and a lack of knowledge amongst the judiciary (e.g. France, Germany, Italy and the Netherlands).With this said, certain elements, taken in isolation, can be called good  practices. Such  examples  are  presented below.

Select  good practice: Member State legislative frameworks

Germany: Although they were deemed unconstitutional in a 2016 ruling, the provisions for the screening and deletion of data related to the core area of private life are a positive step. If the provisions are amended, as stipulated in the ruling, to ensure screening by an independent body, they would provide strong protection for the targeted individual’s private data.

Italy: The 2017 draft Italian law includes a range of provisions related to the development and monitoring of the continued use of hacking tools. As such, one academic stakeholder remarked that the drafting of the law must have been driven by technicians. However, these provisions bring significant benefits to the legislative provisions in terms of supervision and oversight of the use of hacking tools. Furthermore, the Italian draft law takes great care to separate the functionalities of the hacking tools, thus protecting against the overuse or abuse of a  hacking tool’s  extensive  capabilities.

Netherlands: The Dutch Computer Crime III Bill stipulates the need to conduct a formal proportionality assessment for each hacking request, with the assistance of a dedicated Central Review Commission (Centrale Toetsings Commissie). Also, the law requires rules to be laid down on the authorisation and expertise of the investigation officers that can perform hacking.

With these findings in mind, the study concludes that the specific national-level legal provisions examined provide for the use of hacking techniques in a wide array of circumstances. The varied combinations of requirements, including those related to the gravity of crimes, the duration and purpose of operations and the oversight, result in a situation where the law does not provide for much stricter conditions than are necessary for less  intrusive  investigative activities such  as interception.

Based on the study findings,  relevant  and actionable policy proposals and recommendations have been developed under the two key elements: i) the fundamental right  to  privacy;  and  ii) the security  of the internet.

Recommendations and policy proposals: Fundamental  right  to  privacy

It is recommended that the use of ‘grey area’ legal provisions is not sufficient to protect the fundamental right to privacy. This is primarily because existing legal provisions do not provide for the more invasive nature of hacking techniques and do not provide for the legislative precision  and  clarity  as  required  under  the  Charter and the  ECHR.

Furthermore, many of these provisions have only recently been enacted. As such, there is a need for robust evidence-based monitoring and evaluation of the practical application of these provisions. It is therefore recommended that the application of these new legal provisions is evaluated regularly at national level, and that the results of these evaluations are  assessed at  EU-level.

If specific legislative provisions are deemed necessary, the study recommends a range of good practice, specific ex-ante and ex-post provisions governing the use of hacking practices by  law  enforcement  agencies. These are detailed  in  Chapter 6.

Policy proposal 1: The European Parliament should pass a resolution calling on Member States to conduct a Privacy Impact Assessment when new laws are proposed to permit and govern the use of hacking techniques by law enforcement agencies. This Privacy Impact Assessment should focus on the necessity and proportionality of the use of hacking tools and should  require input  from  national  data protection  authorities.

Policy proposal 2: The European Parliament should reaffirm the need for Member States to adopt a clear and precise legal basis if law enforcement agencies are to use hacking techniques.

Policy proposal 3: The European Parliament should commission more research or encourage the European Commission or other bodies to conduct more research on the topic. In response to the Snowden revelations, the European Parliament called on the EU Agency for Fundamental Rights (FRA) to thoroughly research fundamental rights protection in the context of surveillance. A similar brief related to the legal frameworks governing the use of hacking techniques by law enforcement across all EU Member States would act as an invaluable piece  of  research.

Policy proposal 4: The European Parliament should encourage Member States to undertake evaluation and monitoring activities on the practical application of the new legislative provisions  that  permit  hacking  by  law  enforcement  agencies.

Policy proposal 5: The European Parliament should call on the EU Agency for Fundamental Rights (FRA) to develop a practitioner handbook related to the governing of hacking by law enforcement. This handbook should be intended for lawyers, judges, prosecutors, law enforcement officers and others working with national authorities, as well as non­governmental organisations and other bodies confronted with legal questions in the areas set out by the handbook. These areas should cover the invasive nature of hacking techniques and relevant safeguards as per international and EU law and case law, as well as appropriate mechanisms for supervision  and   oversight.

Policy proposal 6: The European Parliament should call on EU bodies, such as the FRA, CEPOL and Eurojust, to provide training for national-level members of the judiciary and data protection authorities, in collaboration with the abovementioned handbook, on the technical means for hacking in use across the Member States, their potential for invasiveness and the principles of  necessity  and  proportionality in  relation  to these  technical  means.

Recommendations and policy proposals: Security of  the  internet

The primary recommendation related to the security of the internet is that the position of the EU against the implementation of ‘backdoors’ and similar techniques, and in support of strong encryption standards, should be reaffirmed, given the prominent role encryption plays in our society and its importance to the EU’s Digital Agenda. To support this position, the EU should ensure continued engagement with global experts in computer science as well as civil society privacy and  digital  rights groups.

The actual impacts of hacking by law enforcement on the security of the internet are yet unknown. More work should be done at the Member State level to assess the potential impacts such that these data can feed in to overarching discussions on the necessity and proportionality of law enforcement hacking. Furthermore, more work should be done, beyond understanding the risks to the security of the internet, to educate those involved in the authorisation and use of  hacking  techniques by law enforcement.

At present, the steps taken to safeguard the security of the internet against the potential risks of hacking are not widespread. As such, the specific legislative provisions governing the use of hacking techniques by law enforcement, if deemed necessary, should safeguard the security of the internet and the security of the device, including reporting the vulnerabilities used to gain access to a device to the appropriate technology vendor or service provider; and  ensure  the  full  removal  of  the software  or hardware from the targeted  device.

Policy proposal 7: The European Parliament should pass a resolution calling on Member States to conduct an Impact Assessment to examine the impact of new or existing laws governing  the  use  of hacking  techniques by  law  enforcement on  the  security  of  the internet.

Policy proposal 8: The European Parliament, through enhanced cooperation with Europol
and the European Union Agency for Network and Information Security (ENISA), should
reaffirm its commitment to strong encryption considering discussions on the topic of hacking by law enforcement. In addition, the Parliament should reaffirm its opposition to the implementation of  
backdoors and  similar techniques in information technology infrastructures or  services.

Policy proposal 9: Given the lack of discussion around handling zero-day vulnerabilities, the European Parliament should support the efforts made under the cybersecurity contractual Public-Private Partnership (PPP) to develop appropriate responses to handling zero-day vulnerabilities, taking into consideration the risks related to fundamental rights and the security  of the internet.

Policy proposal 10: Extending policy proposal 4, above, the proposed FRA handbook should also cover the risks  posed  to  the  security  of the  internet  by  using hacking  techniques.

Policy proposal 11: Extending policy proposal 5, training provided to the judiciary by EU bodies such as FRA, CEPOL and Eurojust should also educate these individuals on the risks posed  to  the security  of  the internet  by  hacking  techniques.

Policy proposal 12: Given the lack of discussion around the risks posed to the security of the internet by hacking practices, the European Parliament should encourage debates at the appropriate fora specific to understanding this risk and the approaches to managing this risk. It is encouraged that law enforcement representatives should be present within such discussions.

The 2016 EU Justice Scoreboard

NOTA BENE : THE FULL REPORT IS ACCESSIBLE HERE 

The 2016 EU Justice Scoreboard was adopted by the European Commission on 10 April 2016 under reference number COM(2017) 167.

THE 2017 EU JUSTICE SCOREBOARD

(…) Introduction

‘Effective justice systems support economic growth and defend fundamental rights. That is why Europe promotes and defends the rule of law (1).’ This role of Member States’ justice systems underlined by Jean-Claude Juncker, President of the European Commission, is crucial for ensuring that individuals and businesses can fully enjoy their rights, for strengthening mutual trust and for building a business and investment-friendly environment in the single market.

Moreover, as underlined by Frans Timmermans, First Vice-President of the European Commission, effective justice systems also underpin the application of EU law: ‘The European Union is built on a common set of values, enshrined in the Treaty. These values include respect for the rule of law. That is how this organisation functions, that is how our Member States ensure the equal application of EU law across the European Union (2).’ For these reasons, improving the effectiveness of national justice systems is a well-established priority of the European semester — the EU’s annual cycle of economic policy coordination.

Independence, quality and efficiency are the key elements of an effective justice system. The 2017 EU Justice Scoreboard (‘the Scoreboard’) helps Member States to achieve this priority by providing an annual comparative overview of the independence, quality and efficiency of national justice systems. Such a comparative overview assists Member States in identifying potential shortcomings, improvements and good practices as well as trends in the functioning of national justice systems over time. It is also crucial for the effectiveness of EU law (3).

When applying EU law, national courts act as EU courts and ensure that the rights and obligations provided under EU law are enforced effectively. For this reason, the Scoreboard looks closely at the functioning of courts when applying EU law in specific areas.

The 2017 edition further develops this overview and examines new aspects of the functioning of justice systems:

– to better understand how consumers access the justice system, it examines which channels they use to submit complaints against companies (e.g. courts, out of court methods), how legal aid and court fees influence access to justice, particularly for persons at-risk-of-poverty, the length of court proceedings and before consumer authorities and how many consumers are using the online dispute resolution (ODR) platform which became operational in 2016.

–  to keep track of the situation of judicial independence in Member States, this edition presents the result of a new survey on the perception of citizens and companies; it shows new data on safeguards for protecting judicial independence.

– this edition continues to examine how national justice systems function in specific areas of EU law relevant for the single market and for an investment-friendly environment.

It presents a first overview of the functioning of national justice systems when applying EU anti-money laundering legislation in criminal justice. It also examines the length of proceedings for provisional measures to prevent imminent damages in certain areas of law.

– in order to have a clearer picture of the current use of information and communication technologies (ICT) in justice systems, this edition presents the results from a survey of lawyers on how they communicate with courts and for which reasons they use ICT.

– as standards on the functioning of courts can drive up the quality of justice systems, this edition examines in more detail standards aiming to improve the court management and the information given to parties on progress of their case.

As this is the fifth edition, the Scoreboard also takes stock of the progress achieved over time.

Although data are still lacking for certain Member States, the data gap continues to decrease, in particular for indicators on the efficiency of justice systems.

The fruitful cooperation with Member States’ contact points on national justice systems (4) and various committees and European judicial networks have enriched the data significantly.

The remaining difficulties in gathering data are often due to insufficient statistical capacity or to the fact that the national categories for which data are collected do not exactly correspond to the ones used for the Scoreboard. In very few cases, the data gap is due to the lack of willingness of certain national authorities to contribute. The Commission will continue to encourage Member States to further reduce this data gap.

(…) 2. Context

Justice remain high on the agenda (…)

In 2016, a large number of Member States pursued their efforts to improve the effectiveness of their national justice system. Justice reforms take time, sometimes several years from the first announcement of new reforms, over the adoption of legislative and regulatory measures, to the actual implementation of the adopted measures. Figure 1 presents an overview of adopted and envisaged justice reforms. It is a factual presentation of ‘who does what,’ without any qualitative evaluation. In that respect, it is important to underline that any justice reform should uphold the rule of law and comply with European standards on judicial independence. Figure 1 shows that procedural law remains an area of particular attention in a number of Member States and that a significant amount of new reforms have been announced for legal aid, alternative dispute resolution methods (ADR), court specialisation and judicial maps. A comparison with the 2015 Scoreboard shows that the level of activity generally remained stable, both on the announced reforms and measures under negotiation. (…)

The EU is encouraging certain Member States to improve the effectiveness of their justice system. In the 2016 European semester, based on a proposal from the Commission, the Council addressed country specific recommendations to six Member States in this area (21).

Two of the Member States which were subject to a country specific recommendation in 2015 did not receive a recommendation in 2016 due to the progress they had achieved (22).

In addition to those Member States subject to country specific recommendations, a further eight Member States are still facing particular challenges and are being closely monitored by the Commission through the European semester and economic adjustment programmes (23). The Commission further assists justice reforms in Romania and Bulgaria through the cooperation and verification mechanism (24).

In 2016, the Commission adopted, under the EU Rule of Law Framework (25), two recommendations regarding the rule of law in Poland, setting out the Commission’s concerns and recommending how these concerns can be addressed (26). The Commission considers it necessary that Poland’s Constitutional Tribunal is able to fully carry out its responsibilities under the Constitution, in particular to ensure an effective constitutional review of legislative acts.

The Commission continues to support justice reforms through the European Structural and Investment Funds (ESI Funds). During the current programming period 2014 – 2020, ESI Funds will provide up to EUR 4.2 billion to support Member States’ efforts to enhance the capacity of their public administration, including justice. 14 Member States have identified justice as a priority area for support by the ESI Funds. The Commission emphasises the importance of taking a result-oriented approach when implementing these priorities and calls upon Member States to evaluate the impact of ESI Funds support. In 2016, five Member States (27) requested technical assistance from the Structural Reform Support Service of the Commission, for example on sharing national experiences regarding judicial map reforms.

The positive economic impact of the good functioning of justice system deserves these efforts. A 2017 study by the Joint Research Centre identifies correlations between improvement of court efficiency and the growth rate of the economy and between businesses’ perception of judicial independence and the growth in productivity (28).

Where judicial systems guarantee the enforcement of rights, creditors are more likely to lend, firms are dissuaded from opportunistic behaviour, transaction costs are reduced and innovative businesses are more likely to invest. This positive impact is also underlined in further research, including from the International Monetary Fund, European Central Bank, OECD, World Economic Forum, and World Bank (29). (…)

Questions and Answers

 What is the EU Justice Scoreboard?

The EU Justice Scoreboard is a comparative information tool that aims to assist the EU and Member States to improve the effectiveness of their national justice systems by providing objective, reliable and comparable data on the quality, independence and efficiency of justice systems in all Member States. The Scoreboard does not present an overall single ranking but an overview of how all the justice systems function, based on various indicators that are of common interest for all Member States. The Scoreboard does not promote any particular type of justice system and treats all Member States on an equal footing. Timeliness, independence, affordability and user-friendly access are some of the essential parameters of an effective justice system, whatever the model of the national justice system or the legal tradition in which it is anchored.

The Scoreboard mainly focuses on litigious civil and commercial cases as well as administrative cases in order to assist Member States in their efforts to pave the way for a more investment, business and citizen-friendly environment. The Scoreboard is a comparative tool which evolves in dialogue with Member States and the European Parliament, with the objective of identifying the essential parameters of an effective justice system.

What is the methodology of the EU Justice Scoreboard?

The Scoreboard uses various sources of information. Large parts of the quantitative data are provided by the Council of Europe Commission for the Evaluation of the Efficiency of Justice (CEPEJ) with which the Commission has concluded a contract to carry out a specific annual study. These data range from 2010 to 2015, and have been provided by Member States according to CEPEJ’s methodology. The study also provides detailed comments and country specific information sheets that give more context. They should be read together with the figures (5).

Data on the length of proceedings collected by CEPEJ show the ‘disposition time’ which is a calculated length of court proceedings (based on a ratio between pending and resolved cases). Data on courts’ efficiency in applying EU law in specific areas show the average length of proceedings derived from actual length of court cases. It should be noted that the length of court proceedings may differ substantially geographically within a Member State, particularly in urban centres where commercial activities may lead to a higher caseload.

The other sources of data are: the group of contact persons on national justice systems (6), the European Network of Councils for the Judiciary (ENCJ) (7), the Network of the Presidents of the Supreme Judicial Courts of the EU (NPSJC) (8), Association of the Councils of State and Supreme Administrative Jurisdictions of the EU (ACA-Europe) (9), the European Competition Network (ECN) (10), the Communications Committee (COCOM) (11), the European Observatory on infringements of intellectual property rights (12), the Consumer Protection Cooperation Network (CPC) (13), the Expert Group on Money Laundering and Terrorist Financing (EGMLTF) (14), Eurostat (15), the European Judicial Training Network (EJTN) (16), the Council of Bars and Law Societies of Europe (CCBE) (17) and the World Economic Forum (WEF) (18).

The methodology for the Scoreboard has been further developed in close cooperation with the group of contact persons on national justice systems, particularly through a questionnaire and collecting data on certain aspects of the functioning of justice systems.

The Scoreboard contains figures on all three main elements of an effective justice system: quality, independence and efficiency. These should be read together, as all three elements are necessary for the effectiveness of a justice system and are often interlinked (initiatives aimed at improving one of them may have an influence on the other).

How does the EU Justice Scoreboard feed into the European semester?

The Scoreboard provides a comparative overview of the quality, independence and efficiency of national justice systems and helps Member States to improve the effectiveness of their national justice systems. This makes it easier to identify shortcoming and best practices and to keep track of challenges and progress. In the context of the European semester, country-specific assessments are carried out through bilateral dialogue with the national authorities and stakeholders concerned. This assessment takes into account the particularities of the legal system and the context of the Member States concerned. It may lead to the Commission proposing to the Council to adopt country-specific recommendations on the improvement of national justice systems (19).

NOTES

 

(1) 2016 State of the Union Speech delivered before the European Parliament on 14 September 2016: https://ec.europa.eu/priorities/state-union-2016_en
(2) http://europa.eu/rapid/press-release_SPEECH-16-2023_en.htm
(3) See also Communication from the Commission — EU law: Better results through better application, 13 December 2016, 2017/C 18/02.
(4) In view of the preparation of the EU Justice Scoreboard and to promote the exchange of best practices on the effectiveness of justice systems, the Commission asked Member States to designate two contact persons, one from the judiciary and one from the ministry of justice. Regular meetings of this informal group are taking place.
(5) http://ec.europa.eu/justice/effective-justice/scoreboard/index_en.htm
(6) In view of the preparation of the EU Justice Scoreboard and to promote the exchange of best practices on the effectiveness of justice systems, the Commission asked Member States to designate two contact persons, one from the judiciary and one from the ministry of justice. Regular meetings of this informal group are taking place.
(7) ENCJ unites the national institutions in the EU Member States which are independent of the executive and legislature, and which are responsible for the support of the Judiciaries in the independent delivery of justice: https://www.encj.eu/
(8) NPSJC provides a forum through which European institutions are given an opportunity to request the opinions of Supreme Courts and to bring them closer by encouraging discussion and the exchange of ideas: http://network-presidents.eu/
(9) ACA-Europe is composed of the Court of Justice of the EU and the Councils of State or the Supreme administrative jurisdictions of each EU Member State: http://www.juradmin.eu/index.php/en/
(10) ECN has been established as a forum for discussion and cooperation of European competition authorities in cases where Articles 101 and 102 of the TFEU are applied. The ECN is the framework for the close cooperation mechanisms of Council Regulation 1/2003. Through the European Competition Network, the Commission and the national competition authorities in all EU Member States cooperate with each other: http://ec.europa.eu/competition/ecn/index_en.html
(11) COCOM is composed of representatives of EU Member States. Its main role is to provide an opinion on the draft measures that the Commission intends to adopt: https://ec.europa.eu/digital-single-market/en/communications-committee
(12) The European Observatory on Infringements of Intellectual Property Rights is a network of experts and specialist stakeholders. It is composed of public- and private-sector representatives, who collaborate in active working groups. https://euipo.europa.eu/ohimportal/en/web/observatory/home
(13) CPC is a network of national authorities responsible for enforcing EU consumer protection laws in EU and EEA countries: http://ec.europa.eu/internal_market/scoreboard/performance_by_governance_tool/consumer_protection_cooperation_network/index_en.htm
(14) EGMLTF meets regularly to share views and help the Commission define policy and draft new legislation: http://ec.europa.eu/justice/civil/financial-crime/index_en.htm
(15) Eurostat is the statistical office of the EU: http://ec.europa.eu/eurostat/about/overview
(16) EJTN is the principal platform and promoter for the training and exchange of knowledge of the European judiciary. It develops training standards and curricula, coordinates judicial training exchanges and programmes, disseminates training expertise and promotes cooperation between EU judicial training institutions. EJTN has some 34 members representing EU states as well as EU transnational bodies. http://www.ejtn.eu/
(17) CCBE is an international non-profit association which represents European bars and law societies. CCBE membership includes the bars and law societies of 45 countries from the EU, the EEA, and wider Europe: http://www.ccbe.eu/
(18) WEF is an International Organisation for Public-Private Cooperation, whose members are companies: https://www.weforum.org/
(19) The reasons for country-specific recommendations and the progress on the implementation of such recommendations are presented on an annual basis by the Commission in individual country reports in the form of Staff Working Documents: https://ec.europa.eu/info/publications/2017-european-semester-country-reports_en
(20) The information has been collected in cooperation with the group of contact persons on national justice systems for 25 Member States. PL and UK did not submit information. DE explained that a number of reforms are under way as regards judiciary, where the scope and scale of the reform process can vary within the 16 federal states.
(21) BG, HR, IT, CY, PT, SK; see Council Recommendation of 12 July 2016 on the 2016 National Reform Programme of Bulgaria and delivering a Council opinion on the 2016 Convergence Programme of Bulgaria, (2016/C 299/08); Council Recommendation of 12 July 2016 on the 2016 National Reform Programme of Croatia and delivering a Council opinion on the 2016 Convergence Programme of Croatia (2016/C 299/23); Council Recommendation of 12 July 2016 on the 2016 National Reform Programme of Italy and delivering a Council opinion on the 2016 Stability Programme of Italy, (2016/C 299/01); Council Recommendation of 12 July 2016 on the 2016 National Reform Programme of Cyprus and delivering a Council opinion on the 2016 Stability Programme of Cyprus, (2016/C 299/07); Council Recommendation of 12 July 2016 on the 2016 National Reform Programme of Portugal and delivering a Council opinion on the 2016 Stability Programme of Portugal, (2016/C 299/26); Council Recommendation of 12 July 2016 on the 2016 National Reform Programme of Slovakia and delivering a Council opinion on the 2016 Stability Programme of Slovakia, (2016/C 299/15).
(22) LV and SI.
(23) BE, ES, LV, MT, PL, RO, SI. These challenges have been reflected in the recitals of the Country-Specific Recommendations and the country reports relating to these Member States. The country reports are available at: https://ec.europa.eu/info/publications/2017-european-semester-country-reports_en. Furthermore, justice reforms in EL are closely being monitored in the context of the Economic Adjustment Programme for Greece.
(24) Report on progress in Bulgaria under the Cooperation and Verification Mechanism, COM(2017) 43 final; Report on progress in Romania under the Cooperation and Verification Mechanism COM(2017) 44 final.
(25) COM(2014) 158 final/2.
(26) Commission Recommendation (EU) 2016/1374 of 27 July 2016 regarding the rule of law in Poland, OJ L 217, 12.8.2016, p. 53; Commission Recommendation (EU) 2017/146 of 21 December 2016 regarding the rule of law in Poland, OJ L 22, 27.1.2017, p. 65. See also IP/16/2643 and IP/16/4476.
(27) BG, EL, HR, CY, SI.
(28) ‘The judicial system and economic development across EU Member States’, JRC (forthcoming).
(29) See references in the 2016 EU Justice Scoreboard.