(EUROPEAN LAW BLOG) EU/US Adequacy Negotiations and the Redress Challenge: How to Create an Independent Authority with Effective Remedy Powers (2)

16 FEBRUARY 2022/ BY THEODORE CHRISTAKIS, KENNETH PROPP AND PETER SWIRE

Can the U.S. Government create, by non-statutory means, an independent redress authority capable of providing an effective remedy for a European person who believes that her or his rights have been infringed by an intelligence service? In this article we put forward a novel non-statutory solution that could resolve the “redress” problem in the EU/US adequacy negotiations. This solution is based on three “building blocks” inspired by methods utilized in U.S. administrative law. First, the U.S. Department of Justice should issue a binding regulation creating within that executive agency an independent “Foreign Intelligence Redress Authority” (FIRA). Second, the President should issue a separate Executive Order providing the necessary investigative powers and giving FIRA’s decisions binding effect across the intelligence agencies and other components of the U.S. government. Finally, European individuals could obtain judicial review of an independent redress decision by using the existing Administrative Procedure Act.

Our first article, published on January 31, concentrated on whether the U.S. Congress would necessarily have to enact a new statute in order to create an adequate redress mechanism. We examined political, practical, and U.S. constitutional difficulties in enacting such a statute. Based on careful attention to EU law, we concluded that relying on a non-statutory solution could be compatible with the “essential equivalence” requirements of Article 45 of the EU’s General Data Protection Regulation (GDPR), if the requisite substantive protections for redress were put into place.

This article examines, from both a U.S. and a European law perspective, measures that could address the substantive requirements, notably the deficiencies highlighted by the Court of Justice of the European Union (CJEU) in its Schrems II judgment: independence of the redress body; its ability to substantively review the requests; and its authority to issue decisions that are binding on the intelligence agencies. We discuss only the redress issues highlighted by the CJEU. We do not address here the other deficiency cited by the Court — whether U.S. surveillance statutes and procedures sufficiently incorporate principles of “necessity and proportionality” also required under EU law.

Part I of this article explains how the U.S. executive branch could create an independent administrative institution to review redress requests and complaints. The institution, which we call “FIRA”, would be similar in important ways to what in Europe is considered as an independent administrative authority, such as the several surveillance oversight/redress bodies operating in Europe and listed in the EU Agency for Fundamental Rights’ (FRA) 2017 comparative study on surveillance (p. 115 – in France, for example, the National Commission for Control of Intelligence Techniques, CNCTR). We submit that, in the U.S., such an institution could be based on a binding regulation adopted by the Department of Justice (DOJ). Despite being created by the executive branch, the independence of FIRA will be guaranteed, since leading U.S. Supreme Court precedent considers such a regulation to have binding effect and to protect members of the redress authority from interference by the President or the Attorney General.

Next, Part II of this article assesses how the U.S. executive branch could provide the necessary investigatory powers for FIRA to review European requests and complaints and to adopt decisions binding upon intelligence agencies. This could be done through a Presidential Executive Order that the President may use to limit executive discretion.

Finally, Part III of this article discusses the important question of whether the ultimate availability of judicial redress is necessary under EU law and whether there is a path under U.S. law to achieve it, despite the 2021 Supreme Court decision in the TransUnion case limiting standing in some privacy cases. We examine reasons why judicial review of decisions by the independent FIRA may not be required under EU law. Nonetheless, we describe a potential path to U.S. judicial review based on the existing Administrative Procedure Act.

I. Creating an Independent Redress Authority

Based on our discussions with stakeholders, the most difficult intellectual challenge has been how a redress authority can be created within the executive branch yet have the necessary independence from it. We first present the EU criticisms of the Privacy Shield Ombudsperson approach, and then explain how a binding regulation issued by DOJ can address those criticisms satisfactorily.

1. Identifying the problems of independence with the previous Privacy Shield mechanism

Four criteria for independence of the redress body have been identified by EU authorities in their critiques of the Ombudsperson approach included in the 2016 Privacy Shield.

a) Protection against dismissal or revocation of the members of the redress body

A crucial measure of independence under EU law, is protection against removal of any member of the independent body. In Schrems II, the CJEU noted there was “nothing in [the Privacy Shield Decision] to indicate that the dismissal or revocation of the appointment of the Ombudsperson is accompanied by any particular guarantees” (§195), a point previously made in 2016 by the Article 29 Working Party (WP29) when it observed “the relative ease with which political appointees can be dismissed” (here, p. 51). Protection against removal is also recognized under U.S. law and a key indicator for independence.(1)

b) Independence as protection against external intervention or pressure

Protection against external intervention is a major requirement for a redress authority, as stated by the Advocate General in his 2019 Schrems II Opinion:

“The concept of independence has a first aspect, which is external and presumes that the body concerned is protected against external intervention or pressure liable to jeopardise the independent judgment of its members as regards proceedings before them” (note 213).

By contrast, the Ombudsperson in the original Privacy Shield was “presented as being independent of the ‘intelligence community’, [but] (…) not independent of the executive” (§ 337).

c) Impartiality

In the same opinion, Advocate General Saugmandsgaard Øe stressed (and the CJEU endorsed), the importance of impartiality: “The second aspect of [independence], which is internal, is linked to impartiality and seeks to ensure a level playing field for the parties to the proceedings and their respective interests with regard to the subject matter of those proceedings” (note 213, emphasis added).

d) Relationship to the intelligence community

In its 2015 study on surveillance, FRA noted that there is a “Goldilocks” challenge concerning the ties between redress bodies and intelligence agencies: “While ties that are too close may lead to a conflict of interest, too much separation might result in oversight bodies that, while independent, are very poorly informed” (p. 71). In 2016, the WP29 found that the Privacy Shield solution did not appropriately respond to this challenge:

“The Under Secretary is nominated by the U.S. President, directed by the Secretary of State as the Ombudsperson, and confirmed by the U.S. Senate in her role as Under Secretary. As the letter and the Memorandum representations stress, the Ombudsperson is ‘independent from the U.S. Intelligence community’. The WP29 however questions if the Ombudsperson is created within the most suitable department. Some knowledge and understanding of the workings of the intelligence community seems to be required in order to effectively fulfil the Ombudsperson’s role, while at the same time indeed sufficient distance from the intelligence community is required to be able to act independently.” (p.49)

2. How the creation of FIRA by DOJ Regulation could fix these problems

To date, despite insightful discussions of the challenges, we have not seen any detailed public proposals for how the U.S. executive branch might create a redress institution to meet the strict EU requirements for independence.(2) One innovation, which we understand that the parties might now be considering, could be a binding U.S. regulation, issued by an agency pursuant to existing statutory authority, to create and govern FIRA. Crucially, leading U.S. Supreme Court cases have given binding effect to a comparable regulation, even in the face of objections by the President or Attorney General.

a) Binding DOJ regulation to ensure independence of the FIRA

The Department of Justice could issue a regulation to create FIRA and guarantee its independent functioning. It could guarantee independence for the members of FIRA, including protections against removal, in the same fashion.

Under the U.S. legal system, such an agency regulation has the force of law, making it suitable for defining the procedures for review of redress requests and complaints. DOJ regularly issues such regulations, under existing statutory authorities, and pursuant to established and public procedures. To protect against arbitrary or sudden change, modifying or repealing the regulation would require following the same public procedural steps as enacting the regulation in the first place did. In Motor Vehicles Manufacturers Association vs. State Farm Mutual Automobile Insurance Co., the Supreme Court held that since a federal agency had the discretion to issue a regulation initially, it would have to utilize the same administrative procedures to repeal it.

In an EU/U.S. framework for a new Privacy Shield, the U.S. Government unilaterally could commit to maintain this DOJ regulation in force, and the European Commission could reference the U.S. commitment as a condition of its adequacy decision. This would provide both to the EU and to members of FIRA a guarantee against revocation of the regulation ensuring that the authority would act independently.

b) Supreme Court precedents protect against external intervention or pressure

During the Watergate scandal involving then-President Richard Nixon, the Department of Justice issued a regulation creating an independent “special prosecutor” (also called “independent counsel”) within that department. The special prosecutor was designed to be independent from Presidential control, with the regulation stipulating that he could not be removed except with involvement by designated members of Congress.

Acting within the powers defined in the regulation, the special prosecutor issued a subpoena for audio tapes held by the White House. The President, acting through the Attorney General, objected to the subpoena. In a unanimous 1974 Supreme Court decision, United States v. Nixon, it was held that the special prosecutor’s decision to issue the subpoena had the force of law, despite the Attorney General’s objection. The Court noted that although the Attorney General has general authority to oversee criminal prosecutions, including by issuing a subpoena, the fact that the special prosecutor had acted pursuant to a binding DOJ regulation deprived the Attorney General of his otherwise plenary power over subpoenas.

The Supreme Court observed that “[t]he regulation gives the Special Prosecutor explicit power” to conduct the investigation and issue subpoenas, and that “[s]o long as this regulation is extant, it has the force of law” (emphasis added). The Court concluded:

“It is theoretically possible for the Attorney General to amend or revoke the regulation defining the Special Prosecutor’s authority. But he has not done so. So long as this regulation remains in force, the Executive Branch is bound by it, and indeed the United States, as the sovereign composed of the three branches, is bound to respect and to enforce it.”

In sum, as supported by clear Supreme Court precedent, a DOJ regulation can create a mechanism within the executive branch, so that the members of the administration must comply with its terms, even in the face of contrary instructions from the President or Attorney General. And, as stated earlier, the lasting character of the DOJ regulation creating FIRA could be guaranteed by the US Government in the EU/US agreement and be identified by the European Commission in its subsequent adequacy decision as a condition for maintaining this decision in force.

c) Impartiality

We are not aware of significant U.S. constitutional obstacles to ensuring impartiality in FIRA. DOJ appoints Administrative Law Judges (ALJ), such as for deciding immigration matters, and “[t]he ALJ position functions, and is classified, as a judge under the Administrative Procedure Act.”

U.S. law concerning ALJ’s, including those located in DOJ, states that they are “independent impartial triers of fact in formal proceedings”.(3) In Nixon the Supreme Court reaffirmed the lawfulness of an independent adjudicatory function located within the DOJ.(4) A DOJ FIRA regulation could similarly offer guarantees in terms of the impartiality and expertise of members.

d) Relationship to the intelligence community

Furthermore, the DOJ appears to be the executive agency best-suited to resolve the “Goldilocks” problem, mentioned above, by combining knowledge and understanding of the intelligence agencies with sufficient distance to judge their conduct independently.

As noted, EU bodies questioned whether the Department of State, a diplomatic agency, was a “suitable department” for the redress role. The DOJ is more suitable in part because of its experience with the Watergate independent counsel and, for instance, with Immigration Judges as independent triers of fact.

At the same time, a FIRA located within the DOJ would be well-placed to have knowledge about the intelligence community. The DOJ provides extensive oversight of intelligence activities through its National Security Division, including by issuing regular reports concerning classified activities of the Foreign Intelligence Surveillance Court. Other DOJ components, such as the Office of Privacy and Civil Liberties, also have access to classified information including Top Secret information about intelligence agency activities. In addition, an Executive Order could empower the DOJ to enlist other agencies, such as the Office of the Director of National Intelligence, to gain information from the intelligence community.

II. Creating Effective Powers for the Independent Redress Authority

A DOJ regulation creating an independent redress authority within that executive department must be accompanied by additional government-wide steps for effectively investigating redress requests and for issuing decisions that are binding on the entire intelligence community. The DOJ-issued regulation would define the interaction of FIRA with other parts of that Department. For the overall mechanism to be effective in other parts of the U.S. government, however, the key legal instrument would be a separate Executive Order issued by the President. In issuing an EO, the President would act within the scope of his overall executive power to define legal limits, such as by requiring intelligence agencies to be bound by FIRA decisions.

1. Identifying the problems of effectiveness concerning the previous Privacy Shield mechanism

To meet the EU requirement of effective remedial powers, the new redress system would need to have two types of effective powers that the Privacy Shield Ombudsperson lacked.

a) Investigative Powers

The WP29 wrote in 2016:

“concerns remain regarding the powers of the Ombudsperson to exercise effective and continuous control. Based on the available information (…), the WP29 cannot come to the conclusion that the Ombudsperson will at all times have direct access to all information, files and IT systems required to make his own assessment” (p. 51).

In 2019, the European Data Protection Board (EDPB) likewise stated:

“[T]he EDPB is not in a position to conclude that the Ombudsperson is vested with sufficient powers to access information and to remedy non-compliance, (…)” (§103).

b) Decisional Powers

In Schrems II, the CJEU stated:

“Similarly, (…) although recital 120 of the Privacy Shield Decision refers to a commitment from the US Government that the relevant component of the intelligence services is required to correct any violation of the applicable rules detected by the Privacy Shield Ombudsperson, there is nothing in that decision to indicate that that ombudsperson has the power to adopt decisions that are binding on those intelligence services and does not mention any legal safeguards that would accompany that political commitment on which data subjects could rely” (§196).

The EDPB similarly concluded in 2019:

“Based on the available information, the EDPB still doubts that the powers to remedy non-compliance vis-à-vis the intelligence authorities are sufficient, as the ‘power’ of the Ombudsperson seems to be limited to decide not to confirm compliance towards the petitioner. In the understanding of the EDPB, the (acting) Ombudsperson is not vested with powers, which courts or other similarly independent bodies would usually be granted to fulfil their role” (§102).

2. How a Presidential Executive Order Could Confer These Powers upon FIRA

These passages describe key EU legal requirements for a new redress system. President Biden could satisfy them by issuance of an Executive Order (EO). The American Bar Association has published a useful overview explaining that an EO is a “signed, written, and published directive from the President of the United States that manages operations of the federal government.” EOs “have the force of law, much like regulations issued by federal agencies.” Once in place, only “a sitting U.S. President may overturn an existing executive order by issuing another executive order to that effect.”

As a general matter, the President has broad authority under Article II of the Constitution to direct the executive branch. In addition, the Constitution names the President as Commander-in-Chief of the armed forces, conferring additional responsibilities and powers with respect to national security. The President’s powers in some instances may be limited by a properly enacted statute, but we are not aware of any such limits relevant to redress.

Not only does the President enjoy broad executive powers, but he or she also may decide to limit how he or she exercises such powers through an EO which, under the law, would govern until and unless withdrawn or revised. Thus, the President would appear to have considerable discretion to instruct the intelligence community, by means of an EO, to cooperate in investigations and to comply with binding rulings concerning redress.

As with the DOJ regulation, the U.S. Government could commit in the EU/US adequacy arrangement to maintain this EO in force. But how could the EU and the general public have confidence that the EO is actually being followed by intelligence agencies? First, FIRA will be able to assess whether this is the case, backed by an eventual provision in the Presidential EO fixing penalties for lack of compliance with its orders (similarly as legislation in European countries fixes penalties for failure to comply with the orders of equivalent redress bodies – for an example see art. L 833-3 of the French surveillance law). Furthermore, U.S. intelligence agencies are already subject to parliamentary oversight, including on classified matters, by the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence. Oversight might also be performed by other governmental actors that have access to classified materials, such as an agency official called the Inspector General or the Civil Liberties and Privacy Office, or by the independent Privacy and Civil Liberties Oversight Board (whose new Director, Sharon Bradford Franklin, recently confirmed by the Senate, is known for her commitment to strong surveillance safeguards and oversight). Oversight may be performed at the Top Secret or other classification level, with unclassified summaries released to the public.

III. Creating Judicial Review of the Decisions of the Independent Redress Authority

Finally, we turn to whether and how decisions of FIRA may be reviewed judicially. We first explain why judicial review in these circumstances may not be required under EU law. Nonetheless, to minimize the risk of invalidation by the CJEU, we set forth possible paths for creating U.S. judicial review.

1. Reasons that judicial redress is not necessarily required

There are at least four reasons to believe that EU law does not necessarily require judicial redress if FIRA is independent and capable of exercising the quasi-judicial functions described above by adopting decisions binding on intelligence agencies.

First, as explained in our earlier article, Article 13 of the European Convention on Human Rights (ECHR) may be the appropriate legal standard for the European Commission to use in deciding upon the “essential equivalence” of third countries for international data transfer purposes. Article 13 only requires an independent “national authority,” thus a non-judicial body could suffice.

Second, the Advocate General in Schrems II seemed to give the impression that judicial review should only be required in a case where the redress body itself is not independent:

“in accordance with the case-law, respect for the right guaranteed by Article 47 of the Charter thus assumes that a decision of an administrative authority that does not itself satisfy the condition of independence must be subject to subsequent control by a judicial body with jurisdiction to consider all the relevant issues. However, according to the indications provided in the ‘privacy shield’ decision, the decisions of the Ombudsperson are not the subject of independent judicial review.” (§340, emphasis added)

Since FIRA, unlike the Ombudsperson, will not only enjoy independence but also will exercise quasi-judicial functions by adopting decisions binding on intelligence agencies, separate judicial redress may not be required.

Third, this is exactly what seems to be happening in practice in EU Member States themselves. FRA noted in its 2017 comparative study on surveillance that, in most European countries, redress bodies are non-judicial bodies. It also observed that such non-judicial remedies appear better than judicial ones, because their procedural rules are less strict, proceedings are faster and cheaper, and non-judicial avenues generally offer greater expertise than judicial mechanisms. Furthermore, FRA found that “across the EU only in a few cases can decisions of non-judicial bodies be reviewed by a judge” (ibid., p.114 – and table pp.115-116). Requiring the U.S. to provide judicial redress would thus be more than what exists in many Member States.(5)

Fourth, these observations are even more relevant when one focuses on international surveillance. In France, for instance, an individual may file complaints with the Supreme Administrative Court (Conseil d’Etat) on the basis of the domestic surveillance law of July 2015. There is no possibility to do so under the international surveillance law of November 2015, however, since that law gives only the CNCTR, an administrative authority, the power to initiate (under some conditions) proceedings in the Conseil d’Etat – but does not confer this right directly upon an individual.(6)

Of course, actual practice under Member States law does not necessarily mean that a third country’s similar practices meet the “essential equivalence” standard of EU fundamental rights law, since the relevant comparator seems to be European Law standards – not Member States’ practices which do not always necessarily meet these standards.(7) Nonetheless, demanding from the U.S. a much more elaborate process than what already exists for international surveillance in most EU Member States might be complicated, particularly if there is an effective independent administrative regime in the U.S. exercising quasi-judicial functions.

2. Ultimate judicial redress will however help ensure meeting CJEU requirements

Despite these indications that European law may not require judicial redress, we acknowledge that the position of the CJEU on this point remains ambiguous.

As indicated in our first article, the CJEU in Schrems II expressly used the term “body,” giving the impression that an independent national administrative authority (in conformity with the requirements of Art. 13 ECHR) could be enough to fulfill the adjudicatory function. As we explained, this is how the EDPB seems to have read Schrems II in its 2020 European Essential Guarantees Recommendations. Long-time EU data protection official Christopher Docksey concurs as well.

However, it is also true that the Schrems II judgment contains multiple references to judicial redress. It refers to “ the premiss [sic] that data subjects must have the possibility of bringing legal action before an independent and impartial court ” (§194); “the right to judicial protection” (ibid.); “data subject rights actionable in the courts against the US authorities” (§192); “the judicial protection of persons whose personal data is transferred to that third country” (§190); and “the existence of such a lacuna in judicial protection in respect of interferences with intelligence programmes” (§191). It is not clear whether these statements should also apply (following the Advocate General’s logic) to an independent redress body such as FIRA capable of exercising quasi-judicial functions, in contrast to the Ombudsperson examined by the CJEU. Nevertheless, the CJEU judgment might be read as requiring at least some form of ultimate judicial control of a redress authority’s decisions. This also appears to be the interpretation of a senior Commission official.

In light of these statements, it would be prudent for the U.S. to provide for some form of ultimate judicial review of FIRA decisions, to increase the likelihood of passing the CJEU test in an eventual Schrems III case.

3. A path to ultimate judicial review of FIRA decisions

As we explained in our first article, the U.S. constitutional doctrine of standing poses a major hurdle in creating a pathway to judicial redress. In the 2021 TransUnion case, the Supreme Court held that plaintiffs incorrectly identified by a credit reporting agency as being on a government terrorism watch list had not shown the required “injury in fact”. This lack of injury in fact, and thus lack of standing, existed even though the underlying statute appeared to confer the right to sue. While one might find this U.S. constitutional jurisprudence unduly restrictive, any new Privacy Shield agreement must take it into account.

There might be, however, another way to provide an individual with judicial redress. An unsatisfied individual could appeal to a federal court an administrative disposition of a redress petition on the grounds that FIRA has failed to follow the law. In such a case an individual would not be challenging the surveillance actions of intelligence agencies (for which injury in fact may be impossible to satisfy) as such; instead, the suit would allege the failure of an independent administrative body (FIRA) to take the actions required by law.

As Propp and Swire have written previously, one useful precedent is the U.S. Freedom of Information Act (FOIA), under which any individual can request an agency to produce documents, without first having to demonstrate that he or she has suffered particular “injury in fact”. The agency is then required to conduct an effective investigation and to explain any decision not to supply the documents. After the agency responds, the individual may appeal the decision to federal court. The judge then examines the quality of the agency’s investigation to ensure compliance with law, and the judge can order changes in the event of mistakes by the agency.

Analogously, a European individual, unsatisfied by FIRA’s investigation and decision, could bring a challenge in court. Taking into consideration that FOIA concerns a distinct question, the appeal against FIRA’s decisions would be based upon the umbrella U.S. Administrative Procedure Act (APA). The APA provides generally for judicial review of an agency action that is “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.” Since both a regulation and an Executive Order have the force of law, an APA-based appeal could examine whether the FIRA decision and its implementation was “in accordance with law.” Since the APA applies generally, it could operate in these circumstances without need for an additional federal statute. In addition, U.S. federal courts deciding APA-based appeals already have methods for handling classified national security information. For instance, they access classified information under the Classified Information Procedures Act (CIPA).

Including judicial review under the APA would be a good faith effort by the U.S. government to respond to ultimate EU law concerns. However, since the FIRA approach has not been judicially tested, some legal uncertainty concerning standing to bring the APA suit in federal court would remain. FOIA practice provides a good legal basis for meeting the standing requirement through challenging agency action itself, but TransUnion highlighted the level of privacy injuries which must be shown to enable a decision in federal court.

Conclusion

In these two articles, we have sought to examine rigorously and fully the requirements of EU law with respect to redress. We also have examined U.S. constitutional law, explaining both the difficulties surrounding some solutions (for instance the problem of standing for judicial redress) and the opportunities created by some precedents (such as the protection offered to independent investigative bodies by decisions of the U.S. Supreme Court).

We are not aware of any other published proposal that wrestles in such detail with the complexity of EU and U.S. law requirements for foreign intelligence redress. We hope that our contribution helps fill this gap and presents a promising path permitting resolution of the “redress challenge” in the EU/US adequacy negotiations.

Much will depend on the details of construction and implementation for this protective mechanism. What our articles contribute is the identification of three fundamental building blocks on which a solid and long-lasting transatlantic adequacy agreement could stand. We have shown that there is a promising way to create, by non-statutory means, an independent redress authority and to provide the necessary investigative and decisional powers to respond to redress requests by European persons. We also suggest a way to successfully address the problem of standing and thereby to provide for an ultimate possibility of judicial control. Using these building blocks to create an effective redress mechanism could enable the U.S. and the EU not only to establish a solid transatlantic adequacy regime capable of resisting CJEU scrutiny but also to advance human rights more broadly.

Notes

(1) In 2020, as discussed here, the Supreme Court addressed the President’s removal power in the Siela Law LLC case, finding unconstitutional Congress’ establishment of independence for an agency head. At the same time, the Court reaffirmed that protections against removal can exist for “inferior officers” (roughly, officials appointed through a civil service process rather than by the President) and for multi-member bodies. Either or both of these categories may apply to FIRA members. In 2021, the Supreme Court, in U.S. v. Arthrex, struck down a system of independent Administrative Patent Judges. The approach in our article would be different since the President here issues an executive order, and thus the President serves as the “politically accountable officer” required by the Supreme Court in Arthrex.

(2) More specifically, there have been proposals for providing redress for surveillance conducted pursuant to Section 702 FISA, such as here and here. However, an additional “thorny issue is whether international surveillance, conducted by US intelligence agencies outside the territory of the US on the basis of Executive Order 12333 (EO 12333) should be (or not) part of the adequacy assessment.” Although arguments exist under EU law that redress for EO 12333 surveillance might be excluded from the assessment, this article proceeds on the understanding that the current negotiations will only succeed if EO 12333 surveillance is covered as well. We are not aware of any published proposal that would do so, and seek in this article to present such an approach. For example, the proposal here would apply to requests for redress concerning surveillance conducted under EO 12333, such as programs recently declassified by the U.S. government.

(3) It appears that terms such as “adjudication” and “court” may be understood somewhat differently in the U.S. compared with the EU, creating a risk of confusion in proposals concerning redress. Under U.S. law, many federal agencies, including the Federal Trade Commission and Department of Justice, routinely conduct what is called “adjudication.” Many federal agencies have Administrative Law Judges, defined by the U.S. government as “independent impartial triers of fact in formal proceedings.” By contrast, in Europe, “courts” and “judges” generally exist outside of the Executive. Therefore, our discussion of FIRA avoids words such as “adjudication” that may be understood differently in different legal systems.

(4) In the 1954 case, Accardi v. Shaughnessy, the Attorney General by regulation had delegated certain of his discretionary powers to the Board of Immigration Appeals. The regulation required the Board to exercise its own discretion on appeals for deportation cases. As noted in U.S. v. Nixon, the Supreme Court in Accardi had held that, “so long as the Attorney General’s regulations remained operative, he denied himself the authority to exercise the discretion delegated to the Board even though the original authority was his and he could reassert it by amending the regulations.”

(5) For a recent description of the German system, see here by Daniel Felz.

(6) This finding was confirmed in a June 2018 decision by the Conseil d’Etat following a request introduced in this court by the Member of the European Parliament Sophie In ’t Veld (analysis here). The Court also rejected the possibility for the claimant to challenge indirectly an alleged misuse of power resulting from the failure of the chairman of the CNCTR to refer the matter to the Council of State. However, as stated by the CNCTR (here, at 46) this is one of the points appearing in the (no less than) 14 challenges currently pending at the ECHR against the French surveillance laws.

(7) See for instance this study by I. Brown and D. Korff arguing that “the EU institutions should stand up for the rule of law and demand the member states and third countries bring their practices in line with those standards” (at 111).

(EUROPEAN LAW BLOG) EU/US Adequacy Negotiations and the Redress Challenge: Whether a New U.S. Statute is Necessary to Produce an “Essentially Equivalent” Solution (1)

31 JANUARY 2022/ BY THEODORE CHRISTAKIS, KENNETH PROPP AND PETER SWIRE

Must the U.S. Congress change statutory law to solve the major issue of “redress” in the EU-US adequacy negotiations? This is a crucial question, especially since a series of political, pragmatic and even legal/constitutional difficulties mean that the U.S. might not be able to come up with a short-term statutory solution for redress. In this article we analyse this question for the first time in detail, and argue that, provided the U.S. is able to address the deficiencies highlighted by the Court of Justice of the European Union (CJEU) in its Schrems II judgment (independence of the redress body; ability to substantively review the requests; and authority to issue decisions that are binding on the intelligence agencies), then relying on a non-statutory solution could be compatible with the “essential equivalence” requirements of Article 45 of the EU’s General Data Protection Regulation (GDPR). In a second, forthcoming article, we set forth specific elements of a novel non-statutory solution and assess whether it would meet the substantive European legal requirements for redress.

The CJEU issued its Schrems II judgment in July, 2020, invalidating the EU/U.S. Privacy Shield and creating uncertainty about the use of Standard Contractual Clauses (SCCs) for transfers of personal data to all third countries (see analysis here, here, here, here and here). In light of the legal uncertainty and the increasing tensions concerning transatlantic data transfers resulting from the intensification of enforcement actions by European data protection authorities (DPAs) since Schrems II (such as this and this), there is both strong reason to reach a new EU/U.S. agreement and also a stated willingness of both sides to do so. The European Commission, understandably, has emphasized though that there is no “quick fix” and that any new agreement must meet the full requirements of EU law.

This article focuses on one of the two deficiencies highlighted by the CJEU: the need for the U.S. legal system to provide a redress avenue accessible to all EU data subjects. We do not address here the other deficiency– whether U.S. surveillance statues and procedures sufficiently incorporate principles of ‘necessity and proportionality’ also required under EU law.

We concentrate our inquiry, from both a U.S. and a European law perspective, on whether the U.S. Congress would necessarily have to enact a new statute in order to create an adequate redress mechanism. Part I of this article explains the pragmatic and political reasons why it would be difficult to adopt a new U.S. statute, and especially to do so quickly. Part II examines the U.S. constitutional requirements for “standing”, and explains the legal difficulties and uncertainty concerning proposals, such as the one advanced by the American Civil Liberties Union (ACLU), to provide redress through an individual action in U.S. federal courts. Part III then addresses European law concerning whether a statute is necessary, concluding that the substance of the protections of fundamental rights and respect of the essence of the right to an effective remedy are the key considerations, rather than the form by which an independent and effective redress mechanism would be created.

This article will be followed by a second article exploring whether a non-statutory solution for redress is capable of satisfying the strict substantive standards required by EU law.

I. Political Difficulties of an Immediate Statutory Approach to Redress

There are important advantages to enacting a new U.S. statute to provide redress:

There is greater democratic legitimacy if the legislature passes a statute.
A law can set limits on Executive discretion that only may be changed by a subsequent statute.
A law can fix in a stable, permanent and objective way the rules and procedures for the appointment of the members of the redress body, the duration of their mandate, and guarantees concerning their independence.

However, there are strong pragmatic and political reasons why it would be difficult to enact a new statute in the short term to create a new redress mechanism.

First, it is no secret that the U.S. Congress currently finds it difficult to pass legislation generally, with partisan battles and procedural obstacles slowing passage of even essential legislation. As Politico recently reported, “it is increasingly unlikely that Congress will pass any digital-focused bills before lawmakers shut down ahead of November’s midterms”.
Second, legislative reform of U.S. surveillance laws is a particularly complex and contentious issue. The national security community in the U.S. has little appetite for sweeping reforms, and even a strong push from the White House may not be sufficient to move such legislation through Congress. In Europe as well, substantial reform of surveillance laws requires a lot of time to seek the necessary political consensus (see for instance this).[i]
Third, the international dimensions of a redress reform make legislation even more difficult. If a new redress mechanism benefits only EU data subjects, then it is hard to explain to Congress why they should get greater rights than Americans. On the other hand, if redress rights were also to be conferred on U.S. data subjects, then a novel and complex set of institutional changes to the overall U.S. surveillance system would be needed.
Fourth, it would be difficult for U.S. legislators to vote for a statute without knowing in advance whether the CJEU will accept it as good enough.
Fifth, Congress historically has been reluctant to regulate in great detail how the President conducts foreign policy and protects national security. For instance, Congress has adopted detailed statutes (such as the Foreign Intelligence Surveillance Act, FISA)) concerning “compelled access”, e.g. how intelligence agencies can request data from service providers. By contrast, it has rarely enacted any statute that applies to “direct” surveillance conducted outside of the U.S. under the standards of Executive Order (EO) 12,333. Furthermore, specific actions under that Executive Order have never, so far as we know, been subject to review by federal judges.

For these reasons, we believe at a pragmatic level that it would be extremely difficult for Congress to promptly pass legislation to provide redress to EU persons. By contrast, if an adequate fix to the redress problem can be created at least in large part without new legislation, then it would be considerably easier for Congress subsequently to enact a targeted statute ratifying the new mechanism, perhaps adding other provisions to perfect an initial non-statutory approach. That sort of legislation is far easier to enact than writing a law in Congress from a blank page.

II. Constitutional Difficulties for a U.S. Statutory Approach to Redress: The Problem of Standing

These political and pragmatic reasons alone would justify U.S. government and European Commission negotiators seeking to address the redress deficiencies highlighted in Schrems II through a non-statutory solution. But, in addition, there is a constitutional dimension. The U.S. Constitution establishes a “standing” requirement as a prerequisite to a case being heard before judges in the federal court system. Any new U.S. redress mechanism must be consistent with the U.S. Constitution, just as it must meet EU fundamental rights requirements.

U.S. standing doctrine derives from Article III of the U.S. Constitution, which governs the federal court system. The federal judicial power extends only to “cases” and “controversies” – meaning that there has to be an “injury in fact” in order to have a case heard. A related doctrine is the ban on issuance of “advisory opinions” by federal judges, a position of the Supreme Court dating back to the first President, George Washington, and defined most clearly in Muskrat v. United States. In sum, a statute that creates a cause of action in the federal courts is unconstitutional unless it meets the requirements of standing and injury in fact, and does not violate the prohibition on advisory opinions.

The ACLU in 2020 called for a “standing fix” to enable suit in federal court “where a person takes objectively reasonable protective measures in response to a good-faith belief that she is subject to surveillance.” However, since the right to redress under European law also exists for individuals who did not take protective measures, the proposal seems too narrow to meet the CJEU requirements.

A second difficulty with the ACLU approach is that the Supreme Court made standing related to privacy injuries even more difficult to establish in its TransUnion LLC v. Ramirez decision in June, 2021. As discussed here, the majority in that case made it significantly more difficult for privacy plaintiffs henceforth to sue in federal court. The Court restated its 2016 Spokeo case that a plaintiff does not automatically satisfy “the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right.” More bluntly, the Court stated: “An injury in law is not an injury in fact”. [ii] The majority in TransUnion found “concrete harm” for some plaintiffs but not others. Even individuals whose credit histories were badly mistaken – stating they were on a government list as “potential terrorists” – did not enjoy a right of action created by statute. In sum, there would be substantial legal uncertainty surrounding a U.S. statute conferring upon EU data subjects the right to go straight to U.S. courts to get redress (for a similar conclusion see here).

The standing objection applies only to direct access to federal courts, and not to an independent non-judicial redress authority. However, Congress might be reluctant to intervene ex nihilo in a field such as “direct” foreign surveillance conducted under EO 12,333, which traditionally belongs to the Executive power under the U.S. Constitution. Congress might be more willing to act and endorse by statute an effective redress mechanism if, as a first step, the Executive branch itself had first created such an independent non-judicial redress authority within the Executive branch. In any case, such a statute does not appear to be a necessary precondition under U.S. law for creating a redress system

III. Is a Non-Statutory Approach to Redress Compatible with European Law?

Since the U.S. government might not be able to produce a short-term statutory solution for redress, the question then arises as to whether a non-statutory approach would be acceptable under EU law. In order for the European Commission to be able to issue an adequacy decision under Article 45 of the GDPR, the U.S. must ensure an “adequate” level of protection.

If the U.S. is able to address by non-statutory means the deficiencies highlighted by the CJEU in Schrems II (mentioned above), then such a solution could be compatible with the “essential equivalence” requirements of Article 45 of the GDPR. We defer for now the question of whether a non-statutory path would indeed be able to address these substantive issues, instead focusing only on whether a non-statutory approach in principle is compatible with European law.

A. The Starting Point: The Right to Effective Remedy Under European Human Rights Law

What we call “redress” in the context of transatlantic adequacy negotiations corresponds to the “right to effective remedy” under European law. Article 47(1) of the Charter of Fundamental Rights of the European Union (“Charter”) states that:

“Everyone whose rights and freedoms guaranteed by the law of the Union are violated has the right to an effective remedy before a tribunal in compliance with the conditions laid down in this Article.”

The official explanations of Article 47 make clear that this article is “based on Article 13 of the European Convention of Human Rights” (ECHR), according to which:

“Everyone whose rights and freedoms as set forth in this Convention are violated shall have an effective remedy before a national authority notwithstanding that the violation has been committed by persons acting in an official capacity.”

A comparison of the two articles reveals that in EU law the protection is more extensive than in ECHR law, since the former guarantees the right to an effective remedy before a “tribunal” while the latter only refers to a “national authority”. The term “tribunal” seems to refer to a judicial body, as the official explanation suggests. This is confirmed by reference to non-English language versions of Article 47(1), which translate the word “tribunal” as “court” (e.g.“Gericht” in German and “Gerecht” in Dutch). It is also evident that neither Article 47(1) of the Charter nor Article 13 of the ECHR require that a redress body be created by statute.

However, Article 47 (2) of the Charter adds additional, complicating requirements.:

“Everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal previously established by law. Everyone shall have the possibility of being advised, defended and represented”.

As the official explanations point out, this second paragraph “corresponds to Article 6(1) of the ECHR”, which reads as follows:

“In the determination of his civil rights and obligations or of any criminal charge against him, everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal established by law. Judgment shall be pronounced publicly but the press and public may be excluded from all or part of the trial in the interests of morals, public order or national security in a democratic society, where the interests of juveniles or the protection of the private life of the parties so require, or to the extent strictly necessary in the opinion of the court in special circumstances where publicity would prejudice the interests of justice”.

Both Article 47(2) of the Charter and Article 6(1) of the ECHR thus require “an independent and impartial tribunal established by law”. Yet, what is the exact relationship between the provisions on “effective remedy” (Article 47(1) of the Charter and Article 13 of the ECHR), and those on “a fair and public hearing by independent and impartial tribunals established by law” (Article 47(2) of the Charter and Article 6(1) of the ECHR)?

A restrictive analysis would regard the two sets of articles as entirely interlinked, in which case redress bodies would always have to be “established by law”.

A second more flexible and plausible interpretation would maintain that this latter set of requirements constitutes lex specialis in relation to the former; in other words, the “right to effective remedy” (“redress”) is broader than the “right to a fair trial”. This interpretation finds support in the ECHR, which textually separates the two sets of rights and requirements (Articles 13 and 6(1)). It is also confirmed by the official guide to Article 13 which states that “Article 6 § 1 of the Convention is lex specialis in relation to Article 13” (here, at 41), and by the fact that Article 6(1) is limited in scope to civil rights and criminal charges. It therefore would be difficult to merge the obligation of states to put in place an “effective remedy” with the “established by law” requirement, as this latter requirement only concerns the right to a fair trial before a “tribunal” under Article 6(1) – and not the broader right of redress before a “national authority” under Article 13. It seems then that, at least under the ECHR, a redress body need not always be a judicial body nor be “established by law”, provided that it satisfies the substantive requirements of the “right to effective remedy”. As we will see, the standards of the ECHR have always been particularly relevant for the European Data Protection Board (EDPB) in assessing the “essential equivalence” of “redress” mechanisms under Article 45 of the GDPR.

B. Flexibility Introduced by the “Essentially Equivalent” Standard of EU Data Protection Law

A flexible interpretation of the “effective remedy” requirement is also supported by the “essential equivalence” standard of the GDPR for third countries.

In Schrems I, the Court clearly acknowledged that “the means to which [a] third country has recourse, [… ] for the purpose of ensuring such a level of protection may differ from those employed within the European Union, [… ] those means must nevertheless prove, in practice, effective in order to ensure protection essentially equivalent to that guaranteed within the European Union” (§74 of the October 6, 2015 judgment, emphasis added).

The CJEU Advocate General emphasised in his 2019 Schrems II Opinion that the “essentially equivalent” standard “does not mean that the level of protection must be ‘identical’ to that required in the Union”. He explained that:

“It also follows from that judgment, in my view, that the law of the third State of destination may reflect its own scale of values according to which the respective weight of the various interests involved may diverge from that attributed to them in the EU legal order. Moreover, the protection of personal data that prevails within the European Union meets a particularly high standard by comparison with the level of protection in force in the rest of the world. The ‘essential equivalence’ test should therefore in my view be applied in such a way as to preserve a certain flexibility in order to take the various legal and cultural traditions into account” (§§ 248-249, emphasis added).

The EDPB previously had endorsed this flexible interpretation of the elements for adequacy. In its 2016 Opinion on Privacy Shield, for instance, the EDPB’s predecessor (WP29) emphasised that:

“the WP29 does not expect the Privacy Shield to be a mere and exhaustive copy of the EU legal framework […]. The Court has underlined that the term ‘adequate level of protection’, although not requiring the third country to ensure a level of protection identical to that guaranteed in the EU legal order, must be understood as requiring the third country in fact to ensure, by reason of its domestic law or its international commitments, a level of protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed within the European Union [… ]” (p. 3).

It is precisely this flexible approach that allowed EU authorities to set aside the requirement that a redress body should be a “tribunal” – despite clear terms to the contrary in Article 47(1) of the Charter. As the EDPB noted in its Recommendations 02/2020 on the European Essential Guarantees for surveillance measures of November 10, 2020 (§47): “an effective judicial protection against such interferences can be ensured not only by a court, but also by a body which offers guarantees essentially equivalent to those required by Article 47 of the Charter” (emphasis added). The EDPB noted that the CJEU itself “expressly” used the word “body” in §197 of Schrems II. Indeed, in all its extant positions on U.S. redress mechanisms, the EDPB has recognised that the applicable standards equate with those in Article 13 of the ECHR, which “only obliges Members States to ensure that everyone whose rights and freedoms are violated shall have an effective remedy before a national authority, which does not necessarily need to be a judicial authority” (ibid, §46, emphasis added).

Therefore, provided that the U.S. redress mechanism meets the substantive requirements of Article 13 ECHR as cited in Schrems II and the EDPB opinions, a judicial body will not be necessarily required, and an “established by law” standard need not be applied in order to meet the “essential equivalence” test. As the astute European legal observer Chris Docksey concluded:

“This could be an opportunity for the CJEU to give meaning to the difference between essential equivalence and absolute equivalence mentioned above when deciding on the standard of individual redress to be applied in the specific case of international transfers. If the content of the right under Article 47 is ensured, then the form should not be an obstacle” (emphasis added).

C. Interpreting “Law” in a Substantive, Not Formal, Sense

European human rights law seems, in fact, to prioritise substance over form even in situations that go beyond an “essential equivalence” assessment. This can be shown by examining interpretations of the “in accordance with the law” requirement found in the ECHR, the Charter and several fundamental EU data protection sources of law, including the GDPR.

ECHR articles concerning human rights, including Article 8 (right to privacy), stipulate that some restrictions to these rights may be acceptable provided they are “in accordance with the law” and “necessary in a democratic society” in order to protect certain legitimate interests (such as national security, public safety, or the prevention of disorder or crime). Similarly, Article 52 of the Charter requires that: “Any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law (…)”.

Both the Convention and the Charter, however, interpret the term “law” in a flexible way. The ECtHR, for instance, has emphasised on multiple occasions that:

“[A]s regards the words “in accordance with the law” and “prescribed by law” which appear in Articles 8 to 11 of the Convention, the Court observes that it has always understood the term “law” in its “substantive” sense, not its “formal” one; it has included both “written law”, encompassing enactments of lower ranking statutes and regulatory measures (…), and unwritten law” (Sanoma Uitgevers B.V. v. the Netherlands, 2010, § 83, emphasis added). See also Sunday Times (No. 1) v. the United Kingdom, 1979, §47).

Similarly, in EU data protection law, both the Law Enforcement Data Protection Directive (LED) and the GDPR also understand the term “law” in its substantive sense. According to Recital 33 of the LED, for instance:

“Where this Directive refers to Member State law, a legal basis or a legislative measure, this does not necessarily require a legislative act adopted by a parliament, without prejudice to requirements pursuant to the constitutional order of the Member State concerned (…)” (emphasis added).

Further, Recital 41 of the GDPR provides:

“Where this Regulation refers to a legal basis or a legislative measure, this does not necessarily require a legislative act adopted by a parliament, without prejudice to requirements pursuant to the constitutional order of the Member State concerned. However, such a legal basis or legislative measure should be clear and precise and its application should be foreseeable to persons subject to it, in accordance with the case-law of the [CJEU] and the European Court of Human Rights” (emphasis added).

This flexible interpretation of the term “law” in the data protection context for assessing the incursion of state interests on fundamental rights is formally separate from the requirement in Article 47(2) of the Charter that a tribunal be “previously established by law”. However, this analytic flexibility is consistent with how EU bodies have interpreted the “essentially equivalent” standard, including in the context of the Privacy Shield. It therefore supports the conclusion that a U.S. decision to put in place an independent and effective redress mechanism for surveillance would satisfy the requirements of European law even if it does not involve the adoption of a statute. This conclusion is also supported by the European DPAs previous positions concerning the Privacy Shield Ombudsperson.

D. The CJEU and EU DPAs Did Not Object to Non-Statutory Redress

The fact that the Privacy Shield Ombudsperson was not created by statute did not seem to be a primary concern for either the CJEU or the EDPB in assessing whether this mechanism offers “essentially equivalent” protection to European law.

In Schrems II the Court did not identify as a deficiency that the Ombudsperson mechanism was not created by statute. Rather, the problems detected were that there was “nothing in [the Privacy Shield Decision] to indicate that the dismissal or revocation of the appointment of the Ombudsperson is accompanied by any particular guarantees” and, also, that there was “nothing in that decision to indicate that the ombudsperson has the power to adopt decisions that are binding on those intelligence services (…)” (§§ 195-196). Thus, provided there is a way to fix these deficiencies by non-statutory means, the new redress solution could pass the “essential equivalence” test.

The EDPB also seems to support this argument. In its 2016 Opinion on Privacy Shield, the WP29 began by stating that:

“in addition to the question whether the Ombudsperson can be considered a ‘tribunal’, the application of Article 47 (2) Charter implies an additional challenge, since it provides that the tribunal has to be ‘established by law’. It is doubtful however whether a Memorandum which sets forth the workings of a new mechanism can be considered ‘law’” (p. 47).

The WP29 therefore seemed to link Articles 47(1) and 47(2). However, it did not appear to consider the legal form by which the Ombudsperson was created as an insuperable obstacle. It stated:

“As a consequence – with the principle of essential equivalency in mind – rather than assessing whether an Ombudsperson can formally be considered a tribunal established by law, the Working Party decided to elaborate further the nuances of the case law as regards the specific requirements necessary to consider ‘legal remedies’ and ‘legal redress’ compliant with the fundamental rights of Articles 7, 8 and 47 Charter and Article 8 (and 13) ECHR” (ibid., emphasis added).

The WP29 then went on to analyse the requirements of European law concerning the “right to effective remedy”, focusing primarily on the case law of the ECtHR, and concluded that the Ombudsperson did not meet these requirements, essentially for the same reasons mentioned by the CJEU in the Schrems II Judgment.

In their subsequent assessments of Privacy Shield, the WP29 and the EDPB arrived at the same conclusion. They did not consider that the means by which the Ombudsperson was created represented an obstacle to passing the “essentially equivalent” test. On the contrary, the EDPB “welcomed the establishment of an Ombudsperson mechanism as a new redress mechanism” (see for instance here, §99) and repeated that “having analysed the jurisprudence of the ECtHR in particular”, it “favored an approach which took into account the powers of the Ombudsperson” (see here, p.19).

Similarly, the European Data Protection Supervisor (EDPS) did not oppose the creation of the Ombudsperson on the grounds that it was done in a non-statutory way. On the contrary he argued that “in order to improve the redress mechanism proposed in the national security area, the role of the Ombudsperson should also be further developed, so that she is able to act independently not only from the intelligence community but also from any other authority” (here, at 8, emphasis added).

Conclusion

In sum, European law is flexible in interpreting whether the United States must adopt a new statute to meet redress requirements, especially when the question is viewed through the “essential equivalence” prism of data protection. Substance prevails over form. It remains true that a statutory approach would in abstracto be the easiest way for the United States to establish a permanent and independent redress body for effectively reviewing complaints and adopting decisions that bind intelligence services. However, when one takes into consideration the political, practical and constitutional difficulties confronting negotiators, it makes sense to achieve the same results in a different way.

In a second article, to be published shortly, we will detail specific elements of a non-statutory solution and assess whether it would meet the substantive European requirements on redress.

[i] As this report shows even in a country like Germany, particularly sensitive to intelligence law questions, its major Signals Intelligence (SIGINT) reform did not provide any judicial redress options for non-Germans: “There is no legally defined path for foreign individuals, such as journalists abroad, who want to find out if their communications have been collected in SIGINT operations and, if so, to verify whether the collection and processing of their data was lawful. What is more, the legislators opted to explicitly waive notification rights for foreigners regarding the bulk collection of their personal data.” (p. 63)

[ii] The European Court of Human Rights has developed jurisprudence that is more flexible than U.S. standing law in terms of who may bring a suit. European human rights law accepts since Klass and Others v. Germany case (1978) that an individual may, under certain conditions, claim to be the victim of a violation occasioned by the mere existence of legislation permitting secret measures of surveillance, without having to allege that such measures were in fact applied to him or that that he has been subject to a concrete measure of surveillance (the famous theory of “potential victim” of a human rights violation, see here, paras 34-38 and here, p. 15 for an updated analysis). Notwithstanding this greater flexibility in European law, we reiterate that the limits on U.S. standing are a matter of U.S. constitutional law, which cannot be overruled by a statute enacted by Congress.

VERFASSUNGSBLOG : A cautious green light for technology-driven mass surveillance

The Advocate General’s Opinion on the PNR Directive

by Christian Thönnes

Yesterday, on 27 January 2022, Advocate General (AG) Pitruzzella published his Opinion (“OP”) in the Court of Justice of the European Union’s (CJEU) preliminary ruling procedure C-817/19. The questions in this case pertain to Directive (EU) 2016/681 of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (in short: PNR Directive) and its compatibility with EU primary law.

In his Opinion (which, besides the Press Release (“PR”), was only available in French at the time of writing), the AG, while criticizing the PNR Directive’s overbroad data retention period and its lack of clarity and precision in certain points, generally considers the PNR Directive to be “compatible with the fundamental rights to respect for private life and to the protection of personal data” (PR). His arguments are not convincing.

Certainly, much more can and will be written about this case in general and the Opinion in particular. This entry can only shine a light on some of the AG’s major arguments. In so doing, it shall point out why, in my opinion, the CJEU would do well not to follow the AG’s recommendations. Instead, I believe the PNR Directive is incompatible with Articles 7 and 8 of the EU Charter of Fundamental Rights (CFR). Consequently, it ought to be invalidated.

What the AG has to say about the PNR Directive

The PNR Directive obliges EU Member States to require air carriers to transmit a set of data for each passenger to national security authorities, where they are subjected to automated processing against pre-existing databases (Art. 6 § 3 letter a) and “pre-determined criteria” (Art. 6 § 3 letter b), which contain (allegedly) suspicious flight behaviors (such as a mismatch between luggage and length of stay and destination, see the Commission’s Evaluation Report, point 5.1, in order to identify potential perpetrators of serious crimes or acts of terrorism (a more detailed description of the Directive’s workings can be found in paras 9-18 of the AG’s Opinion or here).

The AG points to certain (limited) problems with the Directive’s wording. Firstly, he contends that point 12 of Annex I, enabling “General Remarks” to be included in PNR data sets, fail to “satisfy the conditions of clarity and precision laid down by the Charter” (PR, also para 150 OP). He also considers the Directive’s five-year-retention period for PNR data excessive and proposes that this period be limited to cases where “a connection is established, on the basis of objective criteria, between those data and the fight against terrorism or serious crime” (PR, also para 245 OP). In addition, he provides clarifying criteria for the relevancy of databases under Art. 6 § 3 letter a (para 219 OP), regarding the applicability of the GDPR (para 53 OP) as well as collisions with the Schengen Borders Code (para 283 OP). He also demands that, due to their lack of transparency, (at least some) “machine-learning artificial intelligence systems” (PR), should not be used for pre-determined criteria (para 228 OP).

The most resounding message of his Opinion, however, is that the PNR Directive’s mass retention and processing regime is “relevant, adequate and not excessive in relation to the objectives pursued” (PR) and thus compatible with Articles 7 and 8 CFR. He therefore recommends to let it stand, albeit with some interpretative limitations (para 254 OP).

Incompatibility with Digital Rights Ireland and its successors

The AG’s reasoning in support of the PNR Directive’s proportionality relies on his central finding that “the Court’s case-law on data retention and access in the electronic communications sector is not transposable to the system laid down by the PNR Directive” (PR). He is referring to decisions like Digital Rights Ireland, Tele2 Sverige and Quadrature du Net, in which the CJEU had laid down strict limits on governments’ power to collect and process telecommunications data. Notably, it posited that “the fight against serious crime […] and terrorism […] cannot in itself justify that national legislation providing for the general and indiscriminate retention of all traffic and location data should be considered to be necessary for the purposes of that fight” (Tele2 Sverige, para 103; also Digital Rights Ireland, para 51). Instead, the CJEU required that in order to be considered “limited to what is strictly necessary […] the retention of data must continue nonetheless to meet objective criteria, that establish a connection between the data to be retained and the objective pursued” (Tele2 Sverige, para 110).

Evidently, the PNR Directive would clash with these criteria – were they found to be applicable. The collection and automated processing of PNR data is completely indiscriminate. Given Member States’ universal extension to EU domestic flights, it affects all European flight passengers, regardless of their personal histories and independently of a potential increased domestic threat situation (this is proposed as a possible criterion in Quadrature du Net, para 168). The use of pre-determined criteria is not, like the comparison against existing databases, aimed at recognizing known suspects, but at conjuring up new suspicions (see EU Commission PNR Directive Proposal, SEC(2011) 132, p. 12). Also, taking a flight is a perfectly ordinary form of human behavior. There is no empirically demonstrated connection to the perpetration of serious crimes or acts of terrorism (in para 203, the AG presupposes such a “lien objectif” without providing any evidence exceeding anecdotal intuitions about terrorism and human trafficking) and the PNR Directive, given its broad catalogue of targeted crimes, is not limited to dangers caused by air traffic. What behavior will be targeted next? Visiting the museum? Going to a rock concert? Belgium, for example, has already expanded the PNR Directive’s scope to international trains, busses and ferries (Doc. parl., Chambre, 20152016, DOC 54-2069/001, p.7).

Good reasons for applicability

It thus is quite clear: Should Digital Rights Ireland and its successors apply, the PNR Directive is in trouble. Now, why wouldn’t their criteria be transposable? The AG’s arguments mainly turn on a perceived difference in sensitivity of PNR data, compared to telecommunications meta-data. The latter, the AG explains, contain intimate information of users’ private lives (para 195, 196), and almost uncontrollable in their scope and processing because everyone uses telecommunication (paras 196, 198). Moreover, because they are used for communication, telecommunications data, unlike PNR data, have an intrinsic connection to fundamental democratic freedoms (para 197). PNR data, on the other hand, he opines, are limited to a delineated life domain and narrower target groups because fewer people use planes than telecommunication (paras 196, 198).

Under closer examination, this comparison falls apart. Firstly, PNR data contain very sensitive information, too. As the CJEU has pointed out in his Opinion 1/15 regarding the once-envisaged EU-Canada PNR Agreement, “taken as a whole, the data may, inter alia, reveal a complete travel itinerary, travel habits, relationships existing between air passengers and the financial situation of air passengers, their dietary habits or state of health” (para 128). Unlike the AG (see para 195 in his Opinion), I can find no remarks in Opinion 1/15 that would relegate PNR data to a diminished place compared to telecommunications data. But secondly, and more importantly, the AG fails to consider other factors weighing on the severity of the PNR Directive’s data processing when compared against the processing of Directive 2006/24/EC and its siblings: The method and breadth of processing and the locus of storage.

Only a small minority of telecommunication datasets, upon government requests in specific cases (see Articles 4 and 8 of Directive 2006/24/EC), underwent closer scrutiny, while the vast majority remained untouched. Under the PNR Directive, however, all passengers, without exception, are subjected to automated processing. In so doing, the comparison against pre-determined criteria, as the AG points out himself (para 228 OP), can be seen as inviting Member States to use self-learning algorithms to establish suspicious movement patterns. Other EU law statutes like Art. 22 GDPR or Art. 11 of Directive 2016/618, as well as comparable decisions by national constitutional courts (BVerfG, Beschluss des Ersten Senats vom 10. November 2020 – 1 BvR 3214/15 -, para 109) are inspired by an understanding that such automated processing methods greatly increase the severity of respective interferences with fundamental rights. Moreover, while telecommunications data were stored on telecommunication service providers’ servers (to whom users had entrusted these data), PNR data are all transferred from air carriers to government entities and then stored there.

Hence, there are good reasons to assume that the data processing at hand causes even more severe interferences with Articles 7 and 8 CFR than Directive 2006/24/EC did. It thus follows, that the case law of Digital Rights Ireland should apply a fortiori.

An inaccurate conception of automated algorithmic profiling and base rate fallacy

There are other problems with the AG’s reasoning; completely untangling all of them would exceed this space. Broadly speaking, however, the AG seems to underestimate the intrinsic pitfalls of unleashing predictive self-learning algorithms on datapools like these. The AG claims that the PNR Directive contains sufficient safeguards against false-positives and discriminatory results (para 176 OP).

Firstly, it is unclear what these safeguards are supposed to be. The Directive does not enunciate clear standards for human review. Secondly, even if there were more specific safeguards, it is hard to see how they could remedy the Directive’s central inefficiency. That inefficiency does not reside in the text, it’s in the math – and it’s called ‘base rate fallacy’. The Directive forces law enforcement to look for the needle in a haystack. Even if their algorithms were extremely accurate, false-positives would most likely exceed true-positives. Statistics provided by Member States showing extremely high false-positive rates support this observation. The Opinion barely even discusses false-positives as a problem (only in an aside in para 226 OP). Also, it is unclear how the antidiscrimination principle of Art. 6 § 4 is supposed to work. While the algorithms in question may be programmed in way to not process explicit data points on race, religion, health etc., indirect discrimination is a well-established problem of antidiscrimination law. Both humans and algorithms may just use the next-best proxy trait. (see for example Tischbirek, Artificial Intelligence and Discrimination).

Now, the AG attempts to circumvent these problems by reading the PNR Directive in a way that prohibits the use of self-learning algorithms (para 228 OP). But that interpretation, which is vaguely based on some “système de garanties“ (para 228 OP), is both implausible – it lacks textual support and the pile of PNR data is amassed precisely to create a use case for AI at EU borders – and insufficient to alleviate this surveillance tool’s inherent statistical inefficiency.

This cursory analysis sheds light on some of the AG’s Opinion’s shortcomings. It thus follows that the CJEU should deviate from Pitruzzella’s recommendations. The PNR Directive, due to the severity of its effects and its inherent inefficiency in fulfilling its stated purpose, produces disproportionate interferences with Articles 7 and 8 CFR. It ought to be invalidated.

Between 2017 and 2021, the author worked for the German NGO “Gesellschaft für Freiheitsrechte”, among other things, on a similar case (C-148/20 to C-150/20) directed against the PNR Directive.

VERFASSUNGSBLOG : Time to Rewrite the EU Directive on Combating Terrorism

by Martin Scheinin and Tarik Gherbaoui

The adoption of EU Directive 2017/541 on combating terrorism in March 2017 has profoundly changed the landscape of European counter-terrorism law. The primary aim of this Directive was to further harmonise the legal framework under which terrorist offences are prosecuted across EU Member States by establishing minimum rules and standards. However, the adverse consequences for the rule of law and human rights have been overlooked from the very outset by the EU institutions. Now, five years after its adoption, it is time for a thorough revision.

A Rushed Adoption Process

The adoption process of the Directive was characterised by long periods of inertia interrupted by phases of panic triggered by external developments. In fact, the European Commission introduced its proposal for the Directive, which builds upon the pre-Lisbon Framework Decision (2002/475/JHA) adopted in the aftermath of 9/11, less than three weeks after the terrorist attacks in Paris in November 2015. Later on, its rushed and opaque finalisation was a political response to the flow of European foreign fighters to the armed conflict in Syria and Iraq. Even though the transnational nature of the foreign fighter phenomenon arguably warrants a pan-European response, from the very outset academics and civil society organisations raised fundamental concerns about the Directive’s potentially adverse rule of law and human rights implications.

As there was no human rights impact assessment during the rushed adoption process, in deviation from both the European Agenda on Security and the Better Regulation Agenda, the Directive ultimately came to include a clause providing for a five-year review. On 18 November 2021, the European Commission submitted a report to the European Parliament and the Council on the implementation of the Directive that assesses the added value of the Directive. The report also claims to address ‘the impact of the Directive on fundamental rights and freedoms, including on non-discrimination, the rule of law, and the level of protection and assistance provided to victims of terrorism’. Such impact assessment is amply warranted and arguably already overdue.

Human Rights Concerns Regarding the Implementation of the Directive

The Commission’s recent report provides a seemingly positive yet largely unsubstantiated assessment of the impact of the Directive. The report finds inter alia that the Directive is ‘overall highly relevant’ and ‘overall internally coherent’, and that it ‘achieved its objectives to a satisfactory extent’ and ‘generated added value’. The Commission’s report claims that ‘while the Directive has had an impact on fundamental rights and freedoms, the limitations largely meet the requirements of necessity and proportionality’. The report also asserts that ‘overall, most stakeholders consulted for the external study did not consider the implementation of the Directive to be problematic from a fundamental rights perspective’. At closer examination, such as the one conducted by the first author of this blog post in his recently approved PhD thesis, these assessments may be too positive.

One of these stakeholders was the EU Fundamental Rights Agency (FRA) which had submitted its own contribution to the Commission as part of the legally required impact assessment of the Directive. The FRA report contains a fairly detailed but primarily empirical rather than legal assessment of the Directive’s human rights implications based on extensive fieldwork, including interviews with experts and practitioners, in seven EU Member States (Belgium, Germany, Greece, Spain, France, Hungary and Sweden). The Commission’s report takes note of the findings of the FRA report but blatantly fails to engage with them. As member of the FRA Scientific Committee that reviews draft versions of FRA reports and publications, and having served as one of the Committee’s two rapporteurs in the matter, the second author of this blog post is well aware of the fact that the Scientific Committee would have wanted the FRA to complement the empirically oriented FRA report with more extensive critical legal analysis of the human rights compatibility of the Directive itself.

The Directive has three key features that have adverse ramifications on the rule of law and human rights: (1) the presence of an overly capacious definition of terrorism that manifestly deviates from UN-level definitions of terrorism (e.g. Security Council Resolution 1566 or the 1999 Terrorism Financing Convention) and from the Council of Europe Convention on the Prevention of Terrorism, (2) the criminalisation of many preparatory acts that may be remote from intrinsically harmful conduct, and (3) the existence of ancillary offences that are also accumulable among each other. While monitoring the implementation of the Directive, the Commission has assessed these features individually but has failed to address how the interplay between these key features exacerbates the adverse human rights implications. For example, there might be pertinent reasons to criminalise ‘travelling abroad for a terrorist purpose’ as a terrorist offence. However, the ‘terrorist purpose’, which constitutes the entire mens rea of this particular offence, is tainted by an overly broad definition of terrorism that also fits poorly with acts committed in situations of armed conflict. For European countries, the three main international legal instruments concerning the foreign (terrorist) fighter phenomenon – UN Security Council Resolution 2178, the Additional Protocol to the Council of Europe Convention on Prevention of Terrorism, and the EU Directive discussed here – all seek to address the same conduct but are mutually incompatible as to whether acts committed in the course of engaging in an armed conflict will be within the scope of application of the instrument. Because of the nebulous definitions contained in the Directive, it is unsurprising that the Commission’s report flags that ‘several national authorities and judges reported difficulties in proving terrorist intent’.

In this matter the Commission’s report fails to address in an adequate fashion the legal uncertainty clouding Recital 37 of the Preamble of the Directive. This provision contains an exclusion clause stipulating that the Directive ‘does not govern the activities of armed forces during periods of armed conflict’. In recent years, EU Member States have predominantly used counter-terrorism law to address the activities of foreign (terrorist) fighters, individuals who have been active in the context of an armed conflict but may or may not have committed actual acts of terrorism. The result has been a further conflation between counter-terrorism law and the laws of war, generally to the detriment of the latter. Taking stock of the Directive’s implementation, and a reform of the Directive itself, would be a perfect moment to provide the necessary clarifications to guide prosecutors and judges at the domestic level. Currently prosecutions related to violent acts committed in the course of an armed conflict abroad may often result in acquittal, simply because the prosecutor’s case rests on specific provisions of the Directive and their national transposition, without paying attention to Recital 37 which then is invoked by the defence to challenge the applicability of terrorism charges in respect of conduct that took place as part of an armed conflict.

The Fragmented Transposition and Implementation of the Directive

Due to these human rights concerns and the political sensitivity of countering terrorism, it is hardly surprising that the implementation of the Directive has been rather troublesome until now. The FRA report affirms that the Directive contains loose definitions that reduce ‘legal clarity’ and result in ‘diverging interpretations of the offences across the EU, as well as conflicting jurisprudence within individual Member States, and reduce the foreseeability of what behaviour is criminalised and under what offence’.

Earlier, in September 2020, the European Commission had released its own report on the transposition of the Directive which made clear that transposition has proved to be particularly challenging regarding Article 3, which requires EU Member states to criminalise certain conduct as terrorist offences and essentially contains the EU definition of terrorism, and regarding Article 9, which contains the offence of travelling abroad for terrorist purposes. As these two provisions have both been indispensable elements of the EU’s legal response to terrorism in recent years, the Commission is concerned that their incorrect transposition risks undermining the uniformity of EU counter-terrorism law. Yet, instead of seeking to address the fundamental concerns that evidently exist among lawmakers and policymakers across numerous EU Member States and in fact point to major flaws in the Directive itself, the Commission decided to use its enforcement powers and has opened infringement procedures against 22 Member States. As Ireland and Denmark decided to opt out of the Directive, this means that infringement procedures have been started against 22 of the 25 Member States that are required to implement the Directive.

While such infringement procedures might help to clarify certain points of law, especially were they to result in a determination by the CJEU, it is high time to have a transparent and constructive legal and political discussion about the flaws of the EU Directive itself now that March 2022 marks five years since its adoption. We understand that the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) will meet in February or March to discuss the Commission’s report on the implementation and added value of the Directive. That would be an excellent occasion to take a critical look at the several legal flaws of the Directive as a reason for its so far marginal ‘added value’, instead of following the rather self-congratulatory approach of the Commission’s report which elliptically concludes that the Directive ‘has functioned and largely achieved its objectives in the way that was expected’.

Lutte contre la criminalité et le terrorisme : un meilleur accès aux preuves électroniques, mais à quelles conditions ?

La proposition de la Commission européenne sur la preuve électronique a pour effet de priver les autorités publiques des Etats membres de leurs prérogatives régaliennes et de doter les fournisseurs de services de compétences quasi-judiciaires

Dans une tribune parue dans le journal Le Monde le 27 novembre dernier un collectif de procureurs européens a appelé les législateurs nationaux à adopter la proposition de la Commission européenne relative à la preuve électronique (e-evidence).

Le souhait émis par les cosignataires de la tribune est totalement légitime, s’agissant de représentants du ministère public qui agissent au nom de l’État et défendent ainsi les intérêts de la société : le développement du monde numérique dans tous les aspects de nos vies quotidiennes impose des ajustements dans tous les domaines, y compris celui de la justice. L’accès aux informations électroniques est devenu une nécessité incontournable dans la plupart des affaires pénales, qu’elles soient liées au terrorisme ou non, et cet accès dépend du lieu d’établissement du fournisseur de services.

Accéder plus facilement aux fournisseurs de services doit-il cependant conduire à une remise en cause des principes fondamentaux sur lesquels reposent nos systèmes judiciaires nationaux ? C’est ce que semble penser la Commission, qui envisage dans sa proposition de règlement une coopération directe en matière pénale entre les autorités compétentes d’un Etat membre et un fournisseur de services établi ou représenté dans un autre Etat membre, sans même devoir informer les autorités compétentes de l’Etat sur lequel est établi ou représenté ce fournisseur de services.

Aujourd’hui dans l’Union européenne, définir le droit et rendre la justice relèvent des fonctions régaliennes des Etats, ce qui naturellement n’empêche pas la coopération judiciaire entre eux. L’article 82 du Traité sur le fonctionnement de l’Union européenne prévoit explicitement une telle coopération et précisent que les deux colégislateurs de l’UE, le Parlement européen et le Conseil adoptent notamment les mesures visant « à faciliter la coopération entre autorités judiciaires ou équivalentes des Etats membres dans le cadre des poursuites pénales et de l’exécution des décisions ».

Il s’agit bien d’une coopération entre autorités judiciaires ou équivalentes des Etats membres, et non d’une coopération entre ces autorités et des opérateurs privés, dont les objectifs sont de nature commerciale.

Or, non seulement la Commission envisage sur la base de l’article 82 précité une telle coopération entre autorités compétentes d’un Etat membre et fournisseur de services d’un autre Etat membre, mais elle n’hésite pas, en outre, à investir ce fournisseur de services de compétences quasi-judiciaires. Ainsi, l’article 9 par. 5 de la proposition de règlement prévoit-il la possibilité de ne pas exécuter une injonction de production des preuves électroniques quand il apparaît, sur la base des seules informations contenues dans l’injonction, que celle-ci « enfreint manifestement la Charte des droits fondamentaux de l’Union européenne » ou qu’elle est manifestement abusive.

Le même fournisseur de services peut également ne pas exécuter l’injonction quand il considère que le respect de celle-ci « serait contraire aux lois applicables d’un pays tiers interdisant la divulgation de données concernées au motif que cela est nécessaire pour protéger les droits fondamentaux des personnes concernées ou les intérêts fondamentaux du pays tiers en matière de sécurité ou de défense nationales ».

Le fournisseur de services n’est donc plus simplement une entité commerciale, qui poursuit des intérêts qui lui sont propres, mais par la grâce de la proposition de la Commission, il devient un véritable auxiliaire de justice, doté de compétences juridiques lui permettant d’apprécier la validité de l’injonction qui lui a été adressée.

Un accès plus facile aux données électroniques pour les autorités policières et judiciaires justifie-t-il un tel abandon des compétences exclusives des autorités publiques en matière pénale, et une telle confusion entre intérêt public et intérêts privés ? N’y a-t-il pas d’autres moyens pour faciliter la coopération judiciaire dans l’espace européen de liberté, de sécurité et de justice, au sein duquel précisément est consacré le principe de confiance mutuelle ?

En premier lieu, il convient d’analyser les motifs des difficultés que rencontrent aujourd’hui les autorités policières et judiciaires des Etats membres : les fournisseurs de services sont fréquemment des compagnies régies par le droit américain, ce qui supposerait que les autorités des Etats de l’UE sollicitent une assistance auprès des autorités américaines, alors même que l’affaire pénale à traiter a le plus souvent un caractère national. La solution juridiquement correcte devrait être trouvée dans l’amélioration des traités d’assistance judiciaire mutuelle qui existant déjà : un tel traité a déjà été adopté entre les USA et l’UE en 2003.

Ces traités d’entraide judiciaire sont critiqués en raison de la lenteur des procédures mises en place. Toutefois, dans le cadre des négociations actuellement en cours au Conseil de l’Europe sur le deuxième protocole additionnel à la Convention de Budapest sur la cybercriminalité, a été provisoirement adoptée une disposition spécifique sur la « demandes d’entraide judiciaire urgente ». Cette disposition prévoit une procédure qui soit la plus rapide possible pour les demandes d’entraide effectuées en situation d’urgence, définie comme une situation « présentant un risque significatif et imminent pour la vie ou la sécurité d’une personne physique ». Parmi les exemples donnés dans le rapport explicatif figure notamment le cas où « la localisation de la victime peut être déterminée au moyen de données stockées par le fournisseur ».

Il semble donc possible d’envisager l’amélioration du fonctionnement actuel des traités d’assistance judiciaire, qui sont les seuls instruments susceptibles de régler les épineux problèmes de conflits de lois. A cet égard, force est de constater que la proposition de la Commission ne permet pas de résoudre de tels conflits, lorsque le fournisseur de services saisi d’une injonction de production est également soumis à la loi applicable d’un pays tiers : elle prévoit en revanche un mécanisme complexe de saisine d’une juridiction de l’Etat dont dépend l’autorité émettrice de l’injonction, ce qui paraît pour le moins étonnant dans le cadre d’un conflit qui est un conflit de nature territoriale, entre la loi de l’Etat sur le territoire duquel est établi -ou représenté- le fournisseur de services, et la loi de l’Etat tiers applicable à ce même fournisseur de services.

En deuxième lieu, indépendamment d’une amélioration éventuelle des traités d’assistance judiciaire mutuelle, l’objectif visé par la Commission pourrait être atteint sans remise en cause des principes de base concernant les compétences souveraines des Etats membres : il suffit pour cela de rétablir le canal classique de coopération entre autorités judiciaires des Etats membres, en impliquant activement les autorités de l’Etat sur le territoire duquel se trouve le fournisseur de services (autorités d’exécution). Le rapport du Parlement européen, préparé par Mme Sippel, propose un mécanisme de notification de l’Etat sur le territoire duquel l’injonction devra être exécutée, simultanément à l’envoi de celle-ci au fournisseur de services. L’examen juridique de l’injonction et son exécution éventuelle relèveront de la seule appréciation de l’autorité d’exécution. Le cas échéant, dans les cas-rares- où la personne concernée par la procédure ne réside ni sur le territoire de l’Etat d’émission, ni sur celui d’exécution de l’injonction, celle-ci devra être également adressée aux autorités du lieu de résidence de la personne, à condition naturellement que ce lieu de résidence soit connu.

Une telle notification, conforme aux prérogatives régaliennes des Etats membres aux dispositions de l’article 82 du TFUE, n’est pas antinomique avec la recherche d’efficacité de la procédure : le rapport du Parlement prévoit le même délai de 10 jours dans lequel les fournisseurs de services devront répondre aux demandes. Le respect de ce délai suppose bien entendu la pleine application du principe de confiance mutuelle, sur lequel se fonde précisément la coopération judiciaire dans l’espace européen. Une telle confiance ne peut concerner que les autorités publiques des Etats membres entre elles, et non avec des compagnies privées, que celles-ci soient vertueuses ou non.

La lutte contre la criminalité et le terrorisme à l’ère numérique peut et doit continuer à s’exercer dans un cadre juridique conçu pour assurer le plein respect des droits fondamentaux.

The European Commission’s Activation of Article 7: Better Late than Never?

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

by Dimitry Kochenov, Professor of EU Constitutional Law at the University of Groningen; Laurent Pech, Professor of European Law at Middlesex University London; and Kim Lane Scheppele, Professor of Sociology and International Affairs at Princeton University

‘The European Union is first and foremost a Union of values and of the rule of law. The conquest of these values is the result of our history. They are the hard core of the Union’s identity and enable every citizen to identify with it. The Commission is convinced that in this Union of values it will not be necessary to apply penalties pursuant to Article 7 of the Union Treaty’ European Commission, 15 October 2003

1. What has just happened?

On Wednesday, the European Commission reacted to the continuing deterioration of the rule of law situation in Poland by (i) issuing a fourth Rule of Law Recommendation, which complements three previous Recommendations, adopted on 27 July 2016, 21 December 2016 and 27 July 2017; (ii) submitting a Reasoned Proposal for a Decision of the Council on the determination of a clear risk of a serious breach of the rule of law by Poland under Article 7(1) TEU and (iii) referring the Polish Law on the Ordinary Courts Organisation to the Court of Justice of the EU under Article 258 TFEU and in the context of which the Commission is raising for the first time (to the best of our knowledge) a violation of Article 19(1) TEU in combination with Article 47 of the EU Charter of Fundamental Rights by Poland to the extent that the Minister of Justice has been given a discretionary power to prolong the mandate of judges which have reached retirement age (a similar combination was raised in the first stage of an infringement action against Hungary in December 2015 with regard to immigration issues but this language was dropped by the time it got to the Court of Justice).

Should the Polish authorities finally decide to implement the Commission’s recommendations within three months, the Commission has indicated its readiness to ‘reconsider’ its Article 7(1) proposal (para 50 of the Commission’s fourth rule of law recommendation).

The intensity and repeated nature of Poland’s ruling party attacks on the most basic tenets of the rule of law are unprecedentedly aggressive and in obvious breach of the Polish Constitution, which in our view warrants the Commission’s action (this is not to say that Article 7(1) should not also be activated against Hungary as two of the present authors previously argued in this 2016 article). Indeed, as rightly noted by the Commission, the Polish authorities have adopted over a period of two years no less ‘than 13 laws affecting the entire structure of the justice system in Poland, impacting the Constitutional Tribunal, Supreme Court, ordinary courts, National Council for the Judiciary, prosecution service and National School of Judiciary’. It was time therefore for the Commission to defend the independence of Member State judiciaries and the rule of law (as nicely put by Maximilian Steinbeis, ‘Polish courts are our courts’, that is, ‘if the legal system in a Member State is broken, the legal system in the whole of the EU is broken’).

The media have so far only almost exclusively focused on the first ever invocation of what is often described as the EU’s ‘nuclear option’, which, however, as correctly pointed out by Frans Timmermans in his press conference announcing the Commission’s actions, is a misnomer (as we previously argued here). To put it briefly, Article 7 TEU provides for two main mechanisms: a preventive one in case of a ‘clear risk of a serious breach’ of the values common to the EU and its Member States and a sanctioning one where ‘a serious and persistent breach’ of the same values has materialised (for more detailed commentaries on the mechanics of Article 7 see hereand here).

The Commission merely initiated the preventive mechanism on Wednesday when one could however reasonably argue that we are already way beyond the stage of a ‘clear risk’ and entered ‘serious and persistent breach’ territory following the capture of the Polish Constitutional Tribunal in obvious breach both of the Polish Constitution and the Commission’s first and second rule of law recommendations (see Pech and Scheppele, January 2017). Before however offering further details on the situation in Poland, however, it may be worth offering a brief overview of Article 7’s genesis.

2. Genesis of Article 7

Continue reading “The European Commission’s Activation of Article 7: Better Late than Never?”

The EU and the Spanish Constitutional Crisis

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

by Cecilia Rizcallah, (Research Fellow at the Belgian National Fund for Scientific Research affiliated both to Université Saint-Louis Bruxelles and Université libre de Bruxelles)

Background

Spain is facing, since more than a month now, a constitutional crisis because of pro-independence claims in Catalonia. These claims resulted in the holding of an independence referendum on 1 October 2017, organized by the Spanish autonomous community of Catalonia’s authorities, led by its President Mr. Carles Puigdemont. According to Barcelona, 90% of the participants voted in favor of Catalonia’s independency on a turnout of 43%.

Several weeks before the holding of the referendum, the Spanish Constitutional Court held that such plebiscite was contrary to the Spanish Constitution, and it was therefore declared void by the same Court. The Spanish central Government moreover firmly condemned this act and suspended Catalonia’s autonomy, on the basis of Article 155 of the Spanish Constitution which allows the central Government to adopt “the necessary measures to compel regional authorities to obey the law” and, thereby, to intervene in the running of Catalonia.

EU’s Incompetency in Member States’ Internal Constitutional Affairs

During these events, a contributor to the New York Times wondered “Where is the European Union?”. The Guardian stated “As Catalonia crisis escalates, EU is nowhere to be seen”. EU authorities’ restraint can yet easily be explained, at least, from a legal point of view. Indeed, the European Union has in principle neither the competence, nor the legitimacy, to intervene in its Member States’ internal constitutional affairs. Article 4.2 TEU incidentally underlines that the EU shall respect Member States’ “national identities, inherent in their fundamental structures, political and constitutional, inclusive of regional and local self-government” and that it “shall respect their essential State functions, including ensuring the territorial integrity of the State, maintaining law and order and safeguarding national security. In particular, national security remains the sole responsibility of each Member State”. The President of the Commission, J.-C. Junker stated that it was “an internal matter for Spain that has to be dealt with in line with the constitutional order of Spain” but however noted that in case of separation of Catalonia from Spain, the region would consequently “find itself outside of the European Union”.

Puigdemont’s Departure for Brussels

Theoretically, the EU has thus no legal standing to intervene in the Spanish constitutional crisis. Recent events have, however, brought the EU incidentally on stage.

Mr. Puigdemont, the deposed leader of Catalan authorities, left Barcelona for Brussels several days ago, where he declared he was not intended to seek asylum and that he would return in Spain if judicial authorities so request, provided he was guaranteed conditions of a fair judicial process. In the meanwhile, the State prosecutor decided to start proceedings against Mr. Puigdemont and other officials of the ousted Catalan government for rebellion, sedition and embezzlement and demanded to the judge in charge of the processing charges to issue a European arrest warrant (hereafter EAW) for Mr. Puigdemont and four other members of his former cabinet, after they failed to appear at the High Court hearing last Thursday. The EAW was issued by the Spanish judge last week. EU law has thus been relied upon by Spanish authorities to respond to its internal crisis, because of the departure of several Catalan officials to Brussels, which constituted, at the outset at least, nothing more than a lawful exercise of their free movement rights within the Schengen area.

Mr. Puidgemont and the other people subject to a EAW presented themselves to Belgian authorities, which decided to release them upon several conditions including the prohibition to leave the Belgian territory. A Belgian Criminal Chamber has as of now two weeks to decide if they should be surrendered to Spain or not.

The Quasi-automaticity of the European Arrest Warrant System

According to Puidgemont’s Belgian lawyer, the former Catalan leader will agree to return in Spain provided that he will be guaranteed respect of his fundamental rights, including the right to an impartial and independent trial. He moreover underlined that Puidgemont will submit itself to Belgian judicial authorities which will have to assess whether or not these conditions are met.

The system of the EAW, however, entails a quasi-automaticity of the execution by requested authorities of any Member State. Indeed, because it relies upon the principle of mutual trust between Member States, requested authorities may not, save in exceptional circumstances, control the respect by the requesting State of fundamental values of the EU, including democracy and human rights. The Council Framework Decision 2002/584 of 13 June 2002, which establishes the EAW includes a limitative list of mandatory and optional grounds for refusal which does not include a general ground for refusal based on human rights protection (Articles 3 and 4). Indeed, only specific violations or risk of violations of fundamental freedoms justify the refusal to surrender, according to the Framework Decision. As far as the right to a fair trial is concerned, the Framework Decision does not include possibilities to rebut the presumption of the existence of fair proceedings in other Member States except when the EAW results from an in abstentia decision and only under certain conditions (Article 4a).

A strong presumption of respect of EU values underlies EU criminal cooperation and the ECJ has, as of now, accepted its rebuttal on grounds of human right not included in the main text of the Framework Decision only where a serious and genuine risk of inhuman and degrading treatment existed for the convicted person in case of surrender (see the Aranyosi case, discussed here). In that respect, the lawyer of the other Catalan ministers who are already in jail has lodged a complaint for mistreatment of them, but more elements will be required to refuse the execution on the EAW on this basis.

Indeed, according to the Court of Justice, “the executing judicial authority must, initially, rely on information that is objective, reliable, specific and properly updated on the detention conditions prevailing in the issuing Member State and that demonstrates that there are deficiencies, which may be systemic or generalised, or which may affect certain groups of people, or which may affect certain places of detention”. Moreover, the domestic judge must also “make a further assessment, specific and precise, of whether there are substantial grounds to believe that the individual concerned will be exposed to that risk because of the conditions for his detention envisaged in the issuing Member State” before refusing the execution of the EAW (Aranyosi, paras 89 and 92).

Furthermore, the possibility to refuse to surrender persons convicted for political offences – which is traditionally seen as being part of the international system of protection of refugees – has been removed from the Convention on Extradition between Member States of the European Union concluded in 1996 – which is the ancestor of the current EAW system – precisely because of Member States’ duty to trust their peers’ judicial system. Interestingly, the removal of this ground for refusal had been required by Spain when it faced difficulties to obtain the extradition of Basque independentists who were seeking for protection in Belgium. The Spanish government pleaded that the ground for refusal for political infractions constituted a hurdle to criminal cooperation within the EU which was at odds with the trust that Member States should express to each other (see E. Bribosia and A. Weyembergh, “Extradition et asile: vers un espace judiciaire européen?”, R.B.D.I., 1997, pp. 69 to 98).

In the current state of EU law, no option for refusal of execution of the EAW concerning Mr. Puidgemont seems thus to exist. It is noteworthy, however, that the EAW system may, as a whole, be suspended, when the procedure provided for by Article 7 TEU is initiated if there is a (clear risk of) violation of the values referred to in Article 2 TEU on which the Union is founded, including human rights, democracy and the rule of law. Although some people have called for the initiation of this mechanism, the reliance on Article 7 is very unlikely to happen politically: it needs at least a majority of four fifths at the Council just to issue a warning, and the substantive conditions of EU values’ violations are very high.

Nonetheless, Belgium has included in its transposing legislation (Federal Law of 19 December 2003 related to the EAW) an obligatory ground of refusal – whose validity regarding EU law can seriously be put into question – if there are valid grounds for believing that its execution would have the effect of infringing the fundamental rights of the person concerned, as enshrined by Article 6(2) of the TEU (Art. 4, 5°). Triggering this exception will however result, in my view, in a violation of EU law by the Belgian judge since the ECJ has several times ruled that the grounds for refusal included in the Framework Decision were exhaustive and that a Member State could not rely upon its national human rights protection to refuse the execution of a EAW which respects the conditions laid down in the Framework Decision (Melloni). Another option for the Belgian judge will be to make a reference to the ECJ for a preliminary ruling in order to ask whether, in the case at hand, the presumption of conformity with EU fundamental rights in Spain may be put aside because of the specific situation of Mr. Puidgemont.

The Quasi-Exclusion of the Asylum Right for EU Citizens

Besides asking for the refusal of his surrender to Spanish authorities, Mr. Puidgmont could – at least theoretically – seek asylum in Belgium on the basis of the Refugee Convention of 1951, which defines as refugees people with a well-founded fear of persecution for (among other things) their political opinion (Article 1.A.2).

However, Spain also requested – besides the removal of the ground for refusal to surrender a person based on the political nature of the alleged crime in the European Extradition Convention of 1996 – the enactment of Protocol No 24, on asylum for nationals of Member States of the European Union, annexed to the Treaty of Amsterdam signed in 1997. This Protocol practically removes the right of EU citizens to seek asylum in other countries of the Union.

Founding itself on the purported trustful character of Member States’ political and judicial systems and the (presumed) high level of protection of fundamental rights in the EU, the Protocol states that all Member States “shall be regarded as constituting safe countries of origin in respect of each other for all legal and practical purposes in relation to asylum matters” (Art. 1). Any application for asylum made by an EU citizen in another Member State shall therefore be declared inadmissible, except if the Member State of which the applicant is a national has decided to suspend temporarily the application of the European Convention on Human Rights in time of emergency (Article 15 of the ECHR; note that it’s not possible to suspend all provisions of the ECHR on this basis) or if this Member State has been subject to a decision based on Art. 7.1. or 7.2. TEU establishing the risk or the existence of a serious and persistent breach by the Member State of EU values referred to in Art. 2 TEU.

A Member State may also decide, unilaterally, to take an asylum demand into consideration at the double condition that it immediately informs the Council and that that the application shall be dealt with on the basis of the presumption that it is manifestly unfounded. This last derogation has been invoked by Belgium which has adopted a declaration stating that it would proceed to an individual examination of each asylum demand of a EU citizen lodged with it. To comply with EU law, it must however consider each application manifestly unfounded rendering the burden of the proof very heavy for the EU citizen asylum seeker. Belgian alien’s law provides for an accelerated procedure for asylum when the individual comes from an EU country (Article 57/6 2 of the Belgian Aliens Act) but statistics nevertheless show that about twenty asylum demands from EU citizens where declared founded in 2013 and 2014 by Belgian authorities.

The EU Brought on Stage…

In both cases, the refusal to execute the EAW or the granting of an asylum right to Mr. Puidgemont would result from the consideration that the Spanish judiciary does not present the basic and essential qualities of independence and impartiality to adjudicate the case related to Catalan independence activists. This observation would likely result in a major diplomatic dispute between the two countries and, more widely, in the EU. Indeed, the consideration made by Belgium and/or the ECJ that Spain would not respect fundamental values of the EU in treating the case of Catalonia would jeopardize the essential principle of mutual trust between Member States, which is relied upon in criminal, asylum but also in civil judicial cooperation. The Spanish constitutional crisis could thereby potentially call into question the whole system of cooperation in the European Area of Freedom Security and Justice.

Refuge ou asile ? La situation de Carles Pbyuigdemont en Belgique au regard du droit de l’Union européenne

ORIGINAL PUBLISHED ON THE CDRE SITE

by Henri Labayle, CDRE et Bruno Nascimbene, Université de Milan

Quoique largement circonscrite à la Belgique, l’agitation médiatique provoquée par l’arrivée à Bruxelles de Carles Puigdemont et de certains de ses proches soulève d’intéressants points de droit quant à leur situation sur le territoire d’un autre Etat membre de l’Union. Attisée par les déclarations imprudentes d’un secrétaire d’Etat belge à l’Asile et à la Migration, Theo Francken, cette présence a réveillé d’anciennes querelles entre les deux royaumes concernés tenant tout à la fois à la possibilité pour la Belgique d’accorder l’asile à l’intéressé (1) et, à défaut, de constituer un refuge face aux éventuelles poursuites intentées à son égard par les juridictions espagnoles (2).

1. La recherche d’une terre d’asile

Le suspense n’a guère duré. Après avoir géré son départ de Catalogne dans le plus grand des secrets, dans une posture digne de l’homme du 18 juin 1940 dont il porte le prénom, le président déchu du gouvernement catalan y a mis fin en déclarant qu’il n’était « pas venu ici pour demander l’asile politique ». Pourtant, son entourage comme les déclarations du secrétaire d’Etat Theo Francken, nationaliste flamand, membre du parti indépendantiste ultra-conservateur N-VA, avaient donné corps à la polémique.

a. Le choix de son avocat, d’abord, n’a rien eu d’innocent. Tout en déclarant que son client n’était pas en Belgique pour demander l’asile, ce dernier n’en a pas moins jugé utile de préciser soigneusement avoir « une expérience de plus de 30 ans avec l’extradition et l’asile politique de basques espagnols et c’est probablement sur la base de cette expérience qu’il a fait appel à moi ». Les agences de presse se sont du reste empressées de souligner qu’il avait en son temps assuré la défense du couple Luis Moreno et Raquel Garcia, réclamés en vain à la Belgique par l’Espagne en raison de leur soutien à l’organisation terroriste ETA.

Source de vives tensions entre l’Espagne et la Belgique en raison du refus de cette dernière de les extrader puis de les remettre à Madrid autant qu’à propos du débat sur leur éventuel statut de réfugié politique, le cas de ces derniers éclaire l’insistance espagnole à inscrire en 1997 un protocole à ce sujet, le fameux protocole « Aznar » joint au traité d’Amsterdam. A tout le moins donc, la symbolique du recours à un avocat ainsi spécialisé n’est pas neutre, même s’il est permis de douter de l’adresse d’un tel amalgame pour une cause se présentant comme victime de la violence de l’Etat et d’un déni de démocratie.

Dans le même temps, exprimant sans détours sa sympathie à la cause nationaliste, le secrétaire d’Etat Theo Francken n’a pas manié la langue de bois. D’abord, à travers un constat sur la situation espagnole quelque peu téméraire : « la situation en Catalogne est en train de dégénérer. On peut supposer, de manière réaliste qu’un certain nombre de Catalans vont demander l’asile en Belgique. Et ils le peuvent. La loi est là. Il pourront demander une protection et introduire une demande d’asile et on y répondra convenablement ». Ensuite en fournissant une explication à son attitude au demeurant tout aussi douteuse : « en regardant la répression de Madrid et les peines de prison envisagées, la question peut se poser de savoir s’il a encore une chance d’un jugement équitable».

La volée de critiques faisant suite à cette provocation, y compris le désaveu a minima d’un premier ministre belge passablement gêné, oblige alors à rappeler les termes du débat juridique.

b. Sur l’insistance du premier ministre espagnol de l’époque, Jose Maria Aznar, le protocole n° 24 additionnel au traité d’Amsterdam s’efforce de réduire le droit d’asile à un droit seulement offert aux ressortissants tiers. En effet, « vu le niveau de protection des droits fondamentaux et des libertés fondamentales dans les États membres de l’Union européenne, ceux-ci sont considérés comme constituant des pays d’origine sûrs les uns vis-à-vis des autres pour toutes les questions juridiques et pratiques liées aux affaires d’asile». Le protocole n° 24 fut accompagné à l’époque de la déclaration n° 48 de la Conférence, ne préjugeant pas du droit de chaque Etat membre de prendre les mesures d’organisation nécessaires au respect de la Convention de Genève. Pour sa part, la Belgique déclara alors que, tout en approuvant le protocole n° 24, « conformément à ses obligations au titre de la convention de Genève de 1951 et du protocole de New York de 1967, elle effectuera, conformément à la disposition énoncée à l’article unique, point d), de ce protocole, un examen individuel de toute demande d’asile présentée par un ressortissant d’un autre Etat membre» (déclaration n° 5).

Le HCR n’avait pas manqué alors d’émettre des critiques fermes et fondées sur la conventionnalité d’une telle option, hostile à l’idée simpliste selon laquelle l’appartenance à l’UE constituerait par principe un critère objectif et légitime de distinction du point de vue de la protection entre Etats membres de l’Union et Etats tiers (UNHCR, « Position on the proposal of the European Council concerning the treatment of asylum applications from citizens of European Union Member States », annexe à la lettre du Directeur de la Division de la protection of internationale à M. Patijn, Ministre des Affaires étrangères des Pays Bas, 3 février 1997 ; voir également UNHCR Press release 20 juin 1997). Vingt ans après, la situation des droits fondamentaux dans certains Etats membres de l’Union conforte cette critique.

Conscients de ces difficultés, les Etats membres ont alors opté pour une solution de contournement, se gardant de toute interdiction frontale du droit d’asile à propos de leurs ressortissants et préférant en retenir une approche extrêmement restrictive. Il s’agit, comme l’indique le protocole, « d’empêcher que l’asile en tant qu’institution soit utilisé à des fins autres que celles auxquelles il est destiné ».

Le traité de Lisbonne n’a modifié ce dispositif qu’à la marge, à deux précisions près. La première tient dans la disparition des déclarations formulées à Amsterdam et la seconde voit l’invocation des « valeurs » de l’Union justifier désormais l’existence du protocole puisque, par hypothèse, les Etats membres les respectent pour pénétrer et demeurer dans l’Union. Ils ne peuvent donc être sources de persécutions, sauf preuve du contraire.

c. La pratique de l’asile entre Etats membres de l’Union est donc régie aujourd’hui par le Protocole n° 24 révisé à Lisbonne, lequel constitue la lex specialis du « droit d’asile pour les ressortissants des Etats membres de l’Union européenne ». Il n’est pas indifférent de rappeler que l’ensemble du droit primaire et dérivé de l’Union de l’asile se conforme à cette logique. Le champ d’application personnel du droit d’asile selon la directive « Qualification » ne concerne que les ressortissants de pays tiers, en application de l’article 78 TFUE qui en fait un droit de ces ressortissants et s’impose à l’article 18 de la Charte dont les « explications » mentionnent spécifiquement le Protocole.

Ce dernier, outre les hypothèses qui visent une violation établie des valeurs de l’Union ou une dérogation en vertu de l’article 15 de la Convention EDH, régit l’éventuel octroi d’une protection à un citoyen de l’Union dans son article unique point d) : « si un État membre devait en décider ainsi unilatéralement en ce qui concerne la demande d’un ressortissant d’un autre État membre; dans ce cas, le Conseil est immédiatement informé; la demande est traitée sur la base de la présomption qu’elle est manifestement non fondée sans que, quel que soit le cas, le pouvoir de décision de l’État membre ne soit affecté d’aucune manière ».

Le plus grand flou règne ensuite en la matière quant à la pratique dégagée par les Etats à ce propos. On sait, par exemple qu’en France le Conseil d’Etat a dégagé une interprétation littérale du protocole Aznar à propos de citoyens roumains tout en n’écartant pas l’hypothèse d’un examen (CE, 30 décembre 2009, OFPRA c/ Cosmin, req. 305226, note Aubin, AJDA 2010). De même, l’administration française s’est-elle empressée de souligner par voie de circulaire, à l’occasion de l’adhésion de la Croatie en 2013, que le retrait de ce nouvel Etat membre de la liste des pays tiers d’origine sûrs n’entraînait aucun changement sur le plan de l’admission provisoire au titre de l’asile et du jeu de la procédure d’examen prioritaire, dans la logique du protocole Aznar.

Les choses sont beaucoup plus incertaines concernant l’Union elle-même et les doutes que l’on peut légitimement éprouver quant à la situation des droits fondamentaux dans l’Union en général comme en particulier invitent à la réserve.

En 2015, la Commission canadienne de l’immigration et du statut de réfugié fait ainsi état de la grande diversité des pratiques nationales au sein de l’Union à l’égard de ce protocole, principalement en raison des divergences portant sur la présence des Etats membres de l’Union sur les listes nationales de pays d’origine « sûrs ». Seuls la Belgique et les Pays Bas auraient, à ce jour, rendu des décisions positives de protection.

Pour ce qui est plus précisément de la Belgique, susceptible d’accueillir M. Puigdemont, si elle semble ne pas avoir renouvelé à Lisbonne sa déclaration d’Amsterdam, elle conserve néanmoins la possibilité de procéder à une évaluation des situations individuelles. Quasiment exclusivement saisie par des nouveaux Etats membres, le plus souvent à propos de la question des Roms, elle fait un usage très parcimonieux de cette possibilité puisque près d’un millier de demandes auraient été déposées depuis 2011 pour moins de quinze reconnaissances au total.

La déclaration de la Belgique, qui a certainement une valeur politique, conserve sa valeur juridique, même si elle n’a pas été répétée, comme elle aurait dû être révoquée. En tout état de cause, les Etats membres conservent le droit souverain d’accorder l’asile sur la base de leur droit interne. Ainsi, dans la Constitution d’un État membre comme l’Italie, il existe une disposition fondamentale, à l’instar du troisième paragraphe de l’article 10, qui prévoit qu’un étranger qui est effectivement empêché d’exercer ses libertés démocratiques garanties de la Constitution italienne, a le droit à l’asile sur le territoire de la République, dans les conditions prévues par la loi. Bien que l’Italie n’ait fait aucune déclaration, il n’y a aucun doute que l’Etat garde sa souveraineté quant à la concession de l’asile, aussi appelé asile constitutionnel et qui fait abstraction des obligations internationales ou de l’Union. De même, en droit français, le préambule de la Constitution de 1946 prévoit-il que« tout homme persécuté en raison de son action en faveur de la liberté a droit d’asile sur les territoires de la République ». Ces formes d’asile particulier n’ont pas été prises en considération par M. Puigdemont , la Belgique lui paraissant un Etat plus sûr ou protecteur.

En Italie, d’un autre côté, dans la jurisprudence administrative, il s’est posé également la question de ne pas expulser vers la Grèce mais aussi vers la Bulgarie, considérés comme des pays non sûrs, malgré leur statut d’Etats membres de l’Union. Les juges administratifs ont ainsi démontré, s’il y en avait besoin, que la confiance mutuelle entre pays membres, dans la réalité et pratique courante, est souvent théorique…

C’est dans ce contexte peu encourageant que l’accueil de l’ex-président catalan peut être évalué.

2. La recherche d’une terre de refuge

Deux hypothèses se présentent alors : celle d’un accueil en bonne et due forme au plan de l’asile et celle d’une réponse à un éventuel mandat d’arrêt européen. Les dénégations de M. Puigdemont quant à son éventuelle demande de protection ne sont pas aussi catégoriques qu’il y paraît au premier abord. Il a, en effet, ouvertement évoqué des « menaces » et un « besoin de sécurité » que les autorités espagnoles ne seraient plus à même de lui assurer soit en raison de la nature des poursuites exercées à son encontre soit en ne le protégeant pas efficacement des menaces pesant sur sa personne. On retrouve là derrière ces arguments des questions très classiques du droit de l’asile dont les réponses ne sont pas sans intérêt du point de vue de la recherche d’un refuge devant le risque pénal.

a. Même s’il s’avère que la Belgique n’a pas renouvelé sa déclaration d’Amsterdam, elle se trouve placée comme tout Etat membre de l’Union devant à une double contrainte posée par le Protocole n° 24. La première est de nature procédurale et elle consiste à « informer le Conseil » de sa volonté. Nul doute qu’ici surgiront des tensions diplomatiques avec d’autres Etats membres, au premier rang desquels l’Espagne se situera, et qu’elles mettront également à rude épreuve la coalition gouvernementale gouvernant la Belgique. A en rester sur le terrain politique, les déclarations des partis nationalistes flamands sur la nécessité de soutenir « ses amis » le laissent présager. A venir sur le terrain juridique, le soulagement politique pourrait alors naître de l’impossibilité de répondre favorablement à une quelconque demande, au vu de la réalité du droit de l’Union.

La seconde contrainte est matérielle et elle consiste à renverser la présomption posée par le protocole Aznar. Le point d) de son article unique spécifie bien que « la demande est traitée sur la base de la présomption qu’elle est manifestement non fondée ». Il convient donc pour les autorités nationales saisies de renverser cette présomption pour se placer en conformité avec le droit de l’Union.

On se trouve ici dans un schéma tout à fait comparable à celui que la Cour a dégagé avec force dans l’avis 2/13relatif à l’adhésion à la Convention EDH lorsqu’elle met en relief cette « prémisse fondamentale selon laquelle chaque État membre partage avec tous les autres Etats membres, et reconnaît que ceux-ci partagent avec lui, une série de valeurs communes sur lesquelles l’Union est fondée, comme il est précisé à l’article 2 TUE. Cette prémisse implique et justifie l’existence de la confiance mutuelle entre les Etats membres dans la reconnaissance de ces valeurs et, donc, dans le respect du droit de l’Union qui les met en œuvre » (point 168). « Fondamentale » car elle « permet la création et le maintien d’un espace sans frontières intérieures. Or, ce principe impose, notamment en ce qui concerne l’espace de liberté, de sécurité et de justice, à chacun de ces Etats de considérer … que tous les autres Etats membres respectent le droit de l’Union et, tout particulièrement, les droits fondamentaux reconnus par ce droit » (point 191).

S’atteler au défi de prouver que le Royaume d’Espagne ne respecte pas les valeurs de l’Union, au point de justifier d’accorder protection à l’un de ses citoyens au prétexte que son pays lui demande des comptes de sa violation d’une légalité établie par la juridiction constitutionnelle de ce pays, ne sera donc pas aisé. Une chose est en effet de se réclamer de la démocratie et de l’exercice des droits qui y sont attachés et une autre est de faire la preuve que cet exercice est légal. Dénoncer une éventuelle « politisation de la justice espagnole et son absence d’impartialité » comme « l’injustice du gouvernement espagnol » et son « désir de vengeance » ne se paie pas seulement de mots.

Or, rien dans l’état du droit positif n’accrédite une accusation d’une telle gravité, laquelle n’a été portée ni devant les juridictions suprêmes européennes ni au sein de leurs organes internes. Il sera donc difficile aux autorités d’un autre Etat membre de la reprendre à leur compte en allant jusqu’au point de renverser la présomption établie par le protocole et de la confiance mutuelle entre Etats membres. Bien au contraire, l’unanimité des déclarations des représentants des autres Etats membres comme des institutions de l’Union s’est attachée depuis le début de la crise à souligner la nécessité de respecter le cadre légal national ainsi contesté.

b. C’est donc sur le terrain pénal que la suite de la partie se jouera. Avec la convocation à Madrid de l’ex-président et de treize de ses ministres par une juge d’instruction de l’Audience nationale, saisie par le parquet espagnol qui a requis des poursuites notamment pour « rébellion et sédition », chefs passibles respectivement d’un maximum de 30 et 15 ans de prison. Mettre en cause la partialité de la juridiction espagnole et son mode de fonctionnement nécessitera des arguments forts qu’aucune juridiction européenne n’a jusqu’alors établi, même en des cas autrement dramatiques.

Car pour le reste, et sous couvert de l’intitulé exact de l’émission inévitable du mandat d’arrêt européen qui suivra le refus annoncé de déférer à cette convocation judiciaire, le scénario est écrit. La décision-cadre 2002/584 établissant le mandat d’arrêt européen est inflexible : « rien dans la présente décision-cadre ne peut être interprété comme une interdiction de refuser la remise d’une personne qui fait l’objet d’un mandat d’arrêt européen s’il y a des raisons de croire, sur la base d’éléments objectifs, que ledit mandat a été émis dans le but de poursuivre ou de punir une personne en raison de son sexe, de sa race, de sa religion, de son origine ethnique, de sa nationalité, de sa langue, de ses opinions politiques ou de son orientation sexuelle, ou qu’il peut être porté atteinte à la situation de cette personne pour l’une de ces raisons ». Malgré le libellé peu clair du considérant n° 12 de la décision-cadre 2002/584, celui-ci invoque l’hypothèse d’un refus d’exécution d’un mandat d’arrêt européen s’il y a des raisons de présumer que la personne est persécutée pour ses opinions politiques. On remarquera d’une part qu’il s’agit d’une disposition non contraignante et d’autre part que la partie contraignante de la décision-cadre ne formule aucun motif de cette nature empêchant la coopération et donc l’exécution du mandat dans ces cas, hors les hypothèses des articles 3 et 4. Son article premier se borne à rappeler que « la présente décision-cadre ne saurait avoir pour effet de modifier l’obligation de respecter les droits fondamentaux et les principes juridiques fondamentaux tels qu’ils sont consacrés par l’article 6 du traité sur l’Union européenne ».

Et il est vrai à cet égard que la jurisprudence de la Cour de justice, évoquée à plusieurs reprises dans ces colonnes, confirme la rigueur de la force obligatoire de l’exécution d’un mandat. Ceci vaut sans exception, dans le sens où la Cour a considéré les raisons/motifs de refus prévues par la décision-cadre comme exhaustives (voir spécialement affaire C‑192/12 PPU West, pt. 55; affaire C‑399/11 Melloni, pt. 38). A la lumière de la jurisprudence dans les affaires Aranyosi et Caldararu, une certaine atténuation du principe établi apparait admissible si l’exécution implique une violation grave d’un droit fondamental bénéficiant d’une protection absolue, tel que la dignité de la personne humaine. Il semble difficile d’imaginer, au cas où la question serait adressée à la Cour de justice, que celle-ci puisse parvenir à intégrer la législation de l’UE en identifiant une raison supplémentaire pour cette hypothèse, la logique de l’avis 2/13 devrait alors être renversée et, en fait, la présomption même de non-octroi de l’asile.

En revanche, et pour ce que l’on en sait à travers la presse, les infractions pour lesquelles un mandat d’arrêt européen pourrait être émis (rébellion et sédition ?) contre M. Puigdemont ne semblent pas figurer sur la liste positive visée à l’art. 2, par. 2 de la décision cadre qui permet de procéder à une remise même en l’absence de double incrimination. Par conséquent, l’État d’exécution que serait la Belgique pourrait soumettre la remise à la vérification que les infractions couvertes par le mandat d’arrêt européen émis par l’Espagne soient également des infractions pénales en droit belge (art. 2, par. 4, et art. 4, par. 1, de la décision cadre).

Le scénario judiciaire risque donc, par l’automaticité de sa réponse, d’écarter toute hypothèse de refuge, de négociation ou autres compromis que le droit de l’extradition, hier, permettait encore. Là encore, prendre la décision de déférer à la demande de remise impliquera de procéder sous le feu des caméras à une arrestation pour y parvenir … Lourde responsabilité à prendre dans une coalition gouvernementale belge fragilisée sur la question nationaliste…

Sauf à croire qu’il n’y a finalement là que faux semblant, épisode nouveau d’une guerre de communication accréditée par la proximité de la consultation électorale en Catalogne. Jouer la carte de « l’exil » comme aux heures les plus noires, victimiser l’acteur principal de la crise, dénoncer la poursuite étatique en la discréditant dessinent les ressorts à peine dissimulés d’une stratégie dont nul ne sait si elle sera payante, pariant qu’elle parviendra à convaincre les hésitants. Donner en spectacle l’arrestation et l’emprisonnement ou même leurs simples éventualités permettra de prendre ainsi chacun à témoin de la justesse de la cause défendue. La brièveté des délais d’exécution du mandat d’arrêt européen, deux mois en vertu de l’article 17, pourrait alors pousser les uns ou les autres à une véritable course de lenteur pour l’éviter avant des élections cruciales …

Un seul enseignement mérite alors d’en être tiré, à ce stade de la crise. Son théâtre n’est plus national mais il est européen, faisant émerger un paradoxe imprévu mais dont il faudra tirer les leçons. S’il est banal chez les souverainistes de prétendre que l’Union a pu affaiblir ses Etats membres, la crise catalane et son déroulement révèlent très exactement l’inverse. D’abord car l’attrait européen et le risque de devoir s’en priver, comme nous l’avons démontré, constitue une puissante barrière défensive pour le maintien au sein de l’Etat que l’on est tenté de quitter. Ensuite car l’Union, ses dirigeants et son droit, ainsi pris à témoin par le choix des nationalistes d’européaniser la crise pour espérer la dénouer, s’avèrent être les premiers défenseurs de l’intégrité territoriale d’Etats membres. Ceux-ci se découvrent là une alliée inattendue. Ont-ils aussi compris qu’ils partagent désormais avec elle le choix de la décision finale sans en demeurer les seuls maîtres ?

Category: 8.2 Judicial cooperation in criminal matters