Security and Justice – Page 9 – European Area of Freedom Security & Justice

‘HOTSPOTS’ FOR ASYLUM APPLICATIONS: SOME THINGS WE URGENTLY NEED TO KNOW

PUBLISHED ON EU LAW ANALYSIS on Tuesday, 29 September 2015

by Frances Webber (*)

Through the mechanisms it is setting up for the relocation of refugees from Italy and Greece, the EU is trying to regain control of refugee movement in the EU. The tough screening process it is setting up at points of entry into the EU seems designed as a crude instrument to separate out a minority of ‘good’ refugees from what EU ministers want to convince us are a majority of ‘bad’ economic migrants, and to dispatch the latter rapidly and efficiently. But life is not that simple, and the hotspots’ screening procedures could result in large numbers of people being returned to unsafe or unviable situations without proper consideration of their claims.

According to the Commission’s explanation of ‘hotspots’, as part of the package decided on in September, EU agencies including Frontex and Europol, as well as the EU’s asylum agency will help national officials in Greece and Italy to identify, fingerprint, screen and register asylum applicants, organise relocation to other member states of those who qualify and remove from the territory those ‘who either did not apply for international protection or whose right to remain on the territory has ceased’. (See Article 7 of the second Council Decision on relocation of asylum-seekers). TheEuropean Commission has said that these functions will be performed in ‘hotspots’ in Greece and Italy. Four locations in Italy are already apparently operating, with a total capacity of 1,500:, with another two promised for the end of the year. In Greece, a ‘headquarters hotspot’ is to be set up in Piraeus, where asylum seekers arriving on the islands will be gathered and processed.

Organisations such as Doctors of the World welcomed the announcement as providing some official framework for reception, which they hope will allow them to operate in a more regulated environment. But questions arise immediately. What will the hotspots look like? Will refugee applicants be detained there? Are they to be refugee camps or removal centres? Matteo Renzi suggests they will be EU-run refugee camps, while Francois Hollande sees them as deportation camps – which suggests detention and coercion. And how are decisions to be made, and reviewed?

Who benefits?

We know from the Council decisions of 15 and 22 September that only those nationalities with a recognition rate (as refugees or persons needing international protection) of 75 percent or more will be accepted for relocation. As Steve Peers points out in his previousblog post on relocation, those who benefit from the process (for instance, Syrians, Iraqis and Eritreans, according to current statistics) will be allocated on a no-choice basis (although family unity must be respected), while host countries can express a preference for the kinds of asylum seekers they are prepared to take. No prizes for guessing those at the top and bottom of any preference list. For those relocated, attempts to move from their new host country to somewhere more sympathetic, less racist or where more compatriots live will be met with speedy return to the allocated host. Beggars can’t be choosers.

Peers covers the problems of relocation in his piece. I want to raise questions about the screening process, and what happens to those who are not selected for relocation. Will tests be administered to determine whether applicants are genuinely of the nationality they claim? According to the EU Commission’s paper, Frontex already deploys screening and ‘debriefing’ experts in Italy and Greece (presumably to ask questions about routes taken to get there, with a view to gathering intelligence about smugglers), in addition to ‘advance-level document experts’. These ‘experts’ are likely to be seconded civil servants from member states’ interior ministries. As such, will their mindset be attuned to detecting fraud rather than responding to need? What documents will they be scrutinising? Will possession of a genuine and valid Syrian, Iraqi or Eritrean passport (for instance) be a prerequisite to acceptance? If not, what will nationality-testing entail? And given the shambolic nature of the language and knowledge tests imposed by the Home Office in the UK to determine asylum claimants’ nationality, what appeal or review rights will there be against a decision that someone is not in fact Syrian, or Eritrean or Iraqi?

And what will happen to those not from the big three refugee-producing countries? Presumably, the idea behind the hotspots is that all claims for international protection which do not lead to relocation will be dealt with there. If so, will claimants remain there for the duration, and if not, where and how will the residual group of claimants not selected for relocation live while their claims are processed? And how will their claims be processed? What will the timescales be? In the pressured environment of the camps, where speedy processing will be a priority, claims for international protection are unlikely to receive the careful and sympathetic assessment required by the 1979 UNHCR Handbook. So what will the procedures be? Crucially, what rights of appeal will there be against negative decisions?

The ‘safe countries’ list

It is presumably to facilitate speedy decision-making that the Commission’s package includes a proposed regulation for a list of safe countries of origin, containing countries of the western Balkans – Albania, Bosnia and Herzegovina, the former Yugoslav Republic of Macedonia, Kosovo, Montenegro and Serbia – and Turkey. While the proposed list does not mean automatic rejection of claims, its presumption that the country is a safe one for nationals to return to is a strong one, and forms the basis of an accelerated procedure which, as we know from the UK experience (the ‘detained fast-track’ process, currently suspended after judicial recognition of its unfairness to applicants), easily becomes a self-fulfilling process of rejection. The Commission itself acknowledges the un-safety of most of these countries for Roma, for LGBTI and for other minorities, and for Kurds, journalists and ‘others’ (such as political opponents) in Turkey. As Steve Peers points out in his blog post, ‘Safe countries of origin: assessing the new proposal’, Turkey does not belong on any safe country list; nearly a quarter of asylum applications by Turkish citizens were successful.

Accelerated removals

But if fair determination procedures are not in place, or if it soon becomes apparent that the hotspots are not a gateway to protection, or that application could lead to relocation to a hostile country, why would those who need international protection apply? The Council decisions state the obvious – that only those who have sought protection are eligible for relocation. But Frontex’s removal remit covers not just those whose claims are exhausted and so have no claim to remain on the territory, but also those who have not claimed protection. Does this mean that Frontex officials have a roaming mandate to go around Italy and Greece rounding up all those who have not registered a claim for asylum? The opportunity to claim international protection should be available at any time, up to the point of removal; but how will this right be guaranteed?

Without clear and robust safeguards in place, the EU’s relocation package could turn out to be a figleaf for a quiet but massive removal operation against, rather than a protection operation for, those arriving on Europe’s shores.

(*) Barrister, journalist and lecturer; vice chair, Institute of Race Relations; co-editor of Macdonald’s Immigration Law and Practice, 5th and 6th editions (2001, 2005) and of Halsbury’s Laws: British Nationality, Immigration and Asylum Law(2002); Author of Borderline Justice: the fight for refugee and migrant rights (Pluto, 2012)

(MEIJERS COMMITTEE) Military action against human smugglers: legal questions concerning the EUNAVFOR Med operation

ORIGINAL PUBLISHED HERE ON 23 September 2015

The EUNAVFOR Med operation

On 22 June 2015, the Council of Ministers of the European Union adopted a Common Foreign Security Policy (CFSP) Decision establishing a military crisis management operation with the aim of combatting fighting people smuggling: EUNAVFOR Med.¹ This mission is currently in its first phase, focusing on intelligence gathering, i.e. surveillance and the assessment of existing smuggling networks.

A second phase would involve searching and possibly diverting vessels on the high seas and territorial waters, either under a mandate of the UN Security Council or with the consent of the appropriate coastal state. The Foreign Affairs Council has recently established that the conditions for the second phase have been met insofar as operations in international waters are concerned.² During the third phase, vessels and related assets of human smugglers would be destroyed and smugglers apprehended.

The mission will operate in a complex legal environment of overlapping rules of refugee law, international human rights law, the law of the sea, and international rules on the use of force. This note discusses some of the most pressing legal questions raised by this operation.

General remarks

At the outset, the Meijers Committee would like to raise a general point regarding the focus on people smuggling as a response to the loss of life at sea. In the absence of safe and legal access to the right to seek asylum in Europe, together with routes for legal migration, people will turn to human smugglers as a last resort. Increased border controls have resulted in higher casualties as people are forced to take more dangerous routes.

The Meijers Committee questions the appropriateness of the approach taken under EUNAVFOR Med to stop the loss of life at sea. The Committee would like to point to the shift from saving lives at sea under the Italian-led Mare Nostrum Operation, to border management (Triton), to military action (EUNAVFOR Med). The Meijers Committee emphasizes that the legal obligation to save lives at sea should have primacy in all Union action at sea and that a long-term solution must also involve improving legal access to asylum and legal employment.

Human smuggling as a threat to international peace and
security

The Meijers Committee notes that the decision establishing the EUNAVFOR Med operation refers explicitly to the need for a UN Security Council Resolution or consent of the coastal states concerned before the second phase of the operation can enter into force.

In this respect the Meijers Committee notes a fundamental difference from the EUNAVFOR operation Atalanta against piracy off the Somalian coast, which was taken as a model for EUNAVFOR Med. The Atalanta operation was explicitly supported by a UN Security Council Resolution, and had the consent of the coastal state involved.³

Articles 39 and 42 UN Charter stipulate that the Security Council shall only authorize the use of force if ‘necessary to maintain or restore international peace and security’. The Meijers Committee is not convinced that the EUNAVFOR MED mission meets this standard. Although the humanitarian crisis may meet this standard, the activities of human smugglers – unlike piracy – do not qualify. Although the Security Council has previously adopted resolutions in response to refugee crises in Iraq and Haiti, these were intended to stabilize the countries of origin and not to prevent persons from seeking refuge elsewhere.

Phase 2: search and diversion of ships

The Second Phase of the operation would involve the search and diversion of ships in third-country territorial waters, which requires the consent of the flag state or a UN Security Council Resolution.

The Meijers Committee recalls that on the high seas, Article 87 UN Convention on the Law of the Sea (UNCLOS) ensures the right to freedom of navigation. Article 110 permits a warship to board and inspect a vessel if, inter alia, it has no nationality. As regards the vessel, a finding of statelessness should allow states to exercise jurisdiction in order to ensure compliance with the ‘minimum public order on the high seas’, namely, the duties that normally fall on the flag state (Art. 94 UNCLOS).⁴ This could include a state’s power to escort the vessel into harbor for inspection. As regards the people on board, UNCLOS does not seem to provide a basis for the exercise of jurisdiction.

Although Article 110(1) UNCLOS expressly allows that grounds of interference may be established by Treaty, the UN Smuggling Protocol seems to impose a duty of cooperation only on the contracting parties, while maintaining the requirement of flag state authorization. Article 8(7) of the Smuggling Protocol provides a firmer legal basis for interference with stateless vessels than Article 110 UNCLOS. The wording ‘suppressing the use of the vessel’ or ‘take appropriate measures’ implies the possible use of force. Nevertheless, such force should be used as a means of last resort and will be subject to the requirement of necessity and proportionality. It is noted, however, that the Migrant Smuggling Protocol lacks the precision of, for instance, the UN drug trafficking regime, which explicitly sets out the measures that an intercepting power may take against a drug transport.⁵ Accordingly, no clear legal basis for action is provided in international law.

Diversions on the high seas may not result in the refoulement of people on board. It is important to stress that States cannot relieve themselves of this obligation by labelling an operation as ‘search and rescue’. The IMO Guidelines on the treatment of persons rescued at sea state that ‘[disembarkation of asylum-seekers and refugees recovered at sea, in territories where their lives and freedom would be threatened should be avoided.’ This approach has been confirmed by the European Court of Human Rights in the Hirsi case.⁶ Member States remain bound by their obligations under international human rights law, independently of the nature and location of their intervention. In this regard it is particularly problematic that Libya – one of the most important coastal states whose cooperation is sought – is currently a notoriously dangerous and unstable country.

It is unclear how the EU intends to give practical effect to these obligations in the course of the EUNAVFOR Med mission. The Meijers Committee would recommend that clear guidelines be put in place, comparable to the rules applicable in the framework of Frontex coordinated operations at sea.⁷

Phase 3: destruction of vessels and apprehension of smugglers

The Third Phase of the Operation would entail the destruction of vessels and related assets, and the apprehension of smugglers. The Meijers Committee argues that clear, binding, publicly available rules should be adopted prior to the commencement of Phase 3.

As regards the smugglers it must be noted that unlike piracy and international crimes, international law does not establish universal criminal jurisdiction over human smuggling. As with diversions, the interference with vessels believed to be engaged in human smuggling requires the consent of the flag state (or a UN SC Resolution). In case the ship is sailing without a flag, Article 8 of the Protocol allows a party to take ‘appropriate measures in accordance with relevant domestic and international law’. The extent to which this includes the exercise of criminal jurisdiction over human smugglers is not clear, however.

The Council decision establishing EUNAVFOR Med is silent about the possible detention and prosecution of smugglers. The Meijers Committee points out that even though EUNAVFOR Med is executed by military forces, the EU is not acting as party to an armed conflict and thus normal peacetime law applies. This means that after arrest, those suspected of migrant smuggling should be brought promptly before a judge⁸. In the case of subsequent criminal prosecution, jurisdiction should be established in one of the Member States. In this respect it is noted that not all Member States have established universal jurisdiction over human smuggling. If smugglers are to be extradited or released to third countries, their fundamental rights should be guaranteed.

The Meijers Committee notes that EUNAVFOR Med is aimed at the destruction of vessels used or suspected of being used for migrant smuggling, possibly even inside third-country territory, yet it remains unclear what legal standard is applied to identify such vessels. The Meijers Committee cautions that the destruction of vessels cannot be arbitrary. Unlike UNCLOS, which provides for clear rules on the seizure and liability for seizure of pirate ships, there is no explicit legal basis in international law for the seizure of migrant smuggling boats. The right to property as enshrined in Article 1 of Protocol 1 ECHR, which will apply to the Member States acting extra-territorially, prescribes that any destruction of property must be provided for by law and must be necessary and proportionate.

Unclear division of responsibility between the EU and its
Member States

The Meijers Committee recalls that Article 21 TEU requires CFSP actions to be based on human rights. This includes respect for human dignity, including the prohibition of torture and inhuman treatment; personal security and liberty; and protection from arbitrary detention and arrest.⁹ It also notes, however, that the Court of Justice of the EU has no authority to ensure this respect for fundamental rights as it lack jurisdiction over the CFSP.¹⁰ This means that legal remedies would have to be provided under the national law of the participating Member States.

The experience with joint operations under the coordination of Frontex shows that in case of violations of fundamental rights, it is unclear to whom wrongful conduct must be attributed. Although the operation is coordinated by the EU, it is the Member States that provide the assets and personnel, over which they maintain operational command.

Case law issuing from the European Court of Human Rights on the obligations of the Member States as contracting parties to the European Convention on Human Rights clearly indicates with regard to the Member States that they cannot escape their responsibilities under the Convention by acting outside the Convention’s territorial scope. The situation is more complicated, however, when Member States act as agents for the European Union (Bosphorus) or within the context of UN Peace Keeping Operations (Al Jeddah, Behrami, and Saramati). The Meijers Committee therefore stresses that it is fundamentally important that questions of international responsibility and responsibility under the European Convention for Human Rights are addressed prior to commencement of Phases 2 and 3.

Conclusions and recommendations

I. There are no indications that combating migrant smuggling contributes to the restoration of international peace and security or to ending the ongoing humanitarian crises;

II.      Without express consent from third states or authorization from the UN Security Council, the EU lacks jurisdiction over   vessels or assets in third-country territorial waters;
III.      Without express consent from third-country coastal states or   authorization from the UN Security Council, there is no clear legal basis for coercive measures against vessels or assets on the high seas;
IV Despite the unclear legal framework covering interdiction on the high seas, international human rights law does apply;
V.      Should a legal basis for action on the high seas and in territorial waters be provided, clear rules of engagement and proper safeguards should be in place to prevent indiscriminate destruction of civilian property; any undue loss should be compensated;
VI.      An unambiguous legal basis for the arrest and detention of suspected smugglers is needed, and also for the seizure and destruction of any personal property. Suspects should either be prosecuted, extradited or released, the last action having due regard to the right to asylum and the prohibition of refoulement;
VII.      Clear attribution rules and accountability mechanisms for human rights violations committed by EUNAVFOR assets should be in place;
VIII.      The right to apply for asylum, access to asylum procedures on land with proper language and legal assistance, and the prohibition of refoulement should be respected and subject to judicial oversight;
IX.       Outsourcing migration control to third countries, even though outside Member State jurisdiction, should take place with assurances and safeguards against human rights violations.

Notes

¹ Council Decision (CFSP) 2015/972 of 22 June 2015 launching the European Union military operation in the southern Central Mediterranean (EUNAVFOR MED), OJ 2015, L157/51.

² Council of the European Union, “EUNAVFOR Med: Council adopts a positive assessment on the conditions to move to the first step of phase 2 on the high seas”, Press Release, 14 September 2015, no. 643/15.
³ http://www.un.org/Depts/los/piracy/piracy_documents.htm
⁴ E. Papastavridis, ‘Enforcement Jurisdictions in the Mediterranean Sea: Illicit Activities and the Rule of Law on the High Seas’, International Journal of Marine and Coastal Law, Vol. 25, 2010, p. 585.
⁵ See Council of Europe Agreement on Illicit Traffic by Sea, implementing article 17 of the United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances.
⁶ ECHR, Hirsi Jamaa and others v. Italy, Grand Chamber, Judgment, 23 February 2012, Application no. 27765/09.
⁷ Regulation (EU) No 656/2014 of the European Parliament and of the Council of 15 May 2014 establishing rules for the surveillance of the external sea borders in the context of operational cooperation coordinated by the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union, L 189, 27 June 2014.
⁸ ECHR, Medvedyev v France, 9 March 2010, appl. no. 3394/03.
⁹ The promotion and protection of human rights during common security and defence policy operations. In-between a spreading state of mind and an unsolved concern. M L Sánchez Barrueco, in The EU as a ”Global Player” in human rights?, J E Wetzel (edit.), 2011, pp. 158-160.
¹⁰ See also Case T-271/10, under appeal C-455/14 P.

About : The Meijers Committee is an independent group of legal scholars, judges and lawyers that advises on European and International Migration, Refugee, Criminal, Privacy, Anti-discrimination and Institutional Law. The Committee aims to promote the protection of fundamental rights, access to judicial remedies and democratic decision-making in EU legislation.

The Meijers Committee is funded by the Dutch Bar Association (NOvA), Foundation for Democracy and Media (Stichting Democratie en Media) the Dutch Refugee Council (VWN), Foundation for Migration Law Netherlands (Stichting Migratierecht Nederland), the Dutch Section of the International Commission of Jurists (NJCM), Art. 1 Anti-Discrimination Office, and the Dutch Foundation for Refugee Students UAF.

Contact info: Louis Middelkoop Executive secretary post@commissie-meijers.nl +31(0)20 362 0505

Please visit www.commissie-meijers.nl

AMERICAN MASS SURVEILLANCE OF EU CITIZENS: IS THE END NIGH?

ORIGINAL PUBLISHED ON EU LAW ANALYSIS (Wednesday, 23 September 2015)

by Steve PEERS

*This blog post is dedicated to the memory of the great privacy campaigner Caspar Bowden, who passed away recently. What a tragedy he did not leave to see the developments in this case. To continue his work, you can donate to the Caspar Bowden Legacy Fund here.

A brilliant university student takes on the hidebound establishment – and ultimately wins spectacularly. That was Mark Zuckerberg, founding Facebook, in 2002. But it could be Max Schrems, taking on Zuckerberg and Facebook, in the near future – if the Court of Justice decides to follow the Advocate-General’s opinion in the Schrems case, released today.

In fact, Facebook is only a conduit in this case: Schrems’ real targets are the US government (for requiring Facebook and other Internet companies to hand over personal data to intelligence agencies), as well as the EU Commission and the Irish data protection authority for going along with this. In the Advocate-General’s opinion, the Commission’s decision to allow EU citizens’ data to be subject to mass surveillance in the US is invalid, and the national data protection authorities in the EU must investigate these flows of data and prohibit them if necessary. The case has the potential to change much of the way that American Internet giants operate, and to complicate relations between the US and the EU in this field.

Background

There’s more about the background to this litigation here, and Simon McGarr has summarised the CJEU hearing in this case here. But I’ll summarise the basics of the case again here briefly.

Max Schrems is an Austrian Facebook user who was disturbed by Edward Snowden’s revelations about mass surveillance by US intelligence agencies. Since such mass surveillance is put into effect by imposing obligations to cooperate upon Internet companies, he wanted to complain about Facebook’s transfers of his personal data to the USA. Since Facebook’s European operations are registered in Ireland, he had to bring his complaints to the Irish data protection authority.

The legal regime applicable to such transfers of personal data is the ‘Safe Harbour’ agreement between the EU and the USA, agreed in 2000 – before the creation of Facebook and some other modern Internet giants, and indeed before the 9/11 terrorist attacks which prompted the mass surveillance. This agreement was put into effect in the EU by a decision of the Commission, which used the power conferred by the EU’s current data protection Directive to declare that transfers of personal data to the USA received an ‘adequate level of protection’ there.

The primary means of enforcing the arrangement was self-certification of the companies concerned (not all transfers to the USA fall within the scope of the Safe Harbour decision), enforced by the US authorities. But it was also possible (not mandatory) for the national data protection authorities which enforce EU data protection law to suspend transfers of personal data, if the US authorities or enforcement system have found a breach of the rules, or on the following further list of limited grounds set out in the decision:

there is a substantial likelihood that the Principles are being violated; there is a reasonable basis for believing that the enforcement mechanism concerned is not taking or will not take adequate and timely steps to settle the case at issue; the continuing transfer would create an imminent risk of grave harm to data subjects; and the competent authorities in the Member State have made reasonable efforts under the circumstances to provide the organisation with notice and an opportunity to respond.

In fact, Irish law prevents the national authorities from taking up this option. So the national data protection authority effectively refused to consider Schrems’ complaint. He challenged that decision before the Irish High Court, which doubted that this system was compatible with EU law (or indeed the Irish constitution). So that court asked the CJEU to rule on whether national data protection authorities (DPAs) should have the power to prevent data transfers in cases like these.

The Opinion

The Advocate-General first of all answers the question which the Irish court asks, and then goes on to examine whether the Safe Harbour decision is in fact valid. I’ll address those two issues in turn.

In the Advocate-General’s view, national data protection authorities have to be able to consider claims that flows of personal data to third countries are not compatible with EU data protection laws, even if the Commission has adopted a decision declaring that they are. This stems from the powers and independence of those authorities, read in light of the EU Charter of Fundamental Rights, which expressly refers to DPAs’ role and independence. (On the recent CJEU case law on DPA independence, see discussion here). It’s worth noting that the new EU data protection law under negotiation, the data protection Regulation, will likely confirm and even enhance the powers and independence of DPAs. (More on that aspect of the proposed Regulation here).

On the second point, the opinion assesses whether the Safe Harbour Decision correctly decided that there was an ‘adequate level of protection’ for personal data in the USA. Crucially, it argues that this assessment is dynamic: it must take account of the protection of personal data now, not just when the Decision was adopted back in 2000.

As for the meaning of an ‘adequate level of protection’, the opinion argues that this means that third countries must ensure standards ‘essentially equivalent to that afforded by the Directive, even though the manner in which that protection is implemented may differ from that’ within the EU, due to the importance of protecting human rights within the EU. The assessment of third-country standards must examine both the content of those standards and their enforcement, which entailed ‘adequate guarantees and a sufficient control mechanism’, so there was no ‘lower level of protection than processing within the European Union’. Within the EU, the essential method of guaranteeing data protection rights was independent DPAs.

Applying these principles, the opinion accepts that personal data transferred to the USA by Facebook is subject to ‘mass and indiscriminate surveillance and interception’ by intelligence agencies, and that EU citizens have ‘no effective right to be heard’ in such cases. These findings necessarily mean that the Safe Harbour decision was invalid for breach of the Charter and the data protection Directive.

More particularly, the derogation for the national security rules of US law set out in the Safe Harbour principles was too general, and so the implementation of this derogation was ‘not limited to what is strictly necessary’. EU citizens had no remedy against breaches of the ‘purpose limitation’ principle in the US either, and there should be an ‘independent control mechanism suitable for preventing the breaches of the right to privacy’.

The opinion then assesses the dispute from the perspective of the EU Charter of Rights. It first concludes that the transfer of the personal data in question constitutes interference with the right to private life. As in last year’s Digital Rights Ireland judgment (discussed here), on the validity of the EU’s data retention directive, the interference with rights was ‘particularly serious, given the large numbers of users concerned and the quantities of data transferred’. In fact, due to the secret nature of access to the data, the interference was ‘extremely serious’. The Advocate-General was also concerned about the lack of information about the surveillance for EU citizens, and the lack of an effective remedy, which breaches Article 47 of the Charter.

However, interference with these fundamental rights can be justified according to Article 52(1) of the Charter, as long as the interference is ‘provided for by law’, ‘respect[s] the essence’ of the right, satisfies the ‘principle of proportionality’ and is ‘necessary’ to ‘genuinely meet objectives of general interest recognized by’ the EU ‘or the need to protect the rights and freedoms of others’.

In the Advocate-General’s view, the US law does not respect the ‘essence’ of the Charter rights, since it extends to the content of the communications. (In contrast, the data collected pursuant to the data retention Directive which the CJEU struck down last year concerned only information on the use of phones and the Internet, not the content of phone calls and Facebook posts et al). On the same basis, he objected to the ‘broad wording’ of the relevant derogations on national security grounds, which did not clearly define the ‘legitimate interests’ at stake. Therefore, the derogation did not comply with the Charter, ‘since it does not pursue an objective of general interest defined with sufficient precision’. Moreover, it was too easy under the rules to escape the limitation that the derogation should only apply when ‘strictly necessary’.

Only the ‘national security’ exception was sufficiently precise to be regarded as an objective of general interest under the Charter, but it is still necessary to examine the ‘proportionality’ of the interference. This was a case (like Digital Rights Ireland) where the EU legislature’s discretion was limited, due to the importance of the rights concerned and the extent of interference with them. The opinion then focusses on whether the transfer of data is ‘strictly necessary’, and concludes that it is not: the US agencies have access to the personal data of ‘all persons using electronic communications services, without any requirement that the persons concerned represent a threat to national security’.

Crucially, the opinion concludes that ‘[s]uch mass, indiscriminate surveillance is inherently disproportionate and constitutes an unwarranted interference’ with Charter rights. The Advocate-General agreed that since the EU and the Member States cannot adopt legislation allowing for mass surveillance, non-EU countries ‘cannot in any circumstances’ be considered to ensure an ‘adequate level of protection’ of personal data if they permit it either.

Furthermore, there were not sufficient guarantees for protection of the data. Following the Digital Rights Ireland judgment, which stressed the crucial importance of such guarantees, the US system was not sufficient. The Federal Trade Commission could not examine breach of data protection laws for non-commercial purposes by government security agencies, and nor could specialist dispute resolution bodies. In general, the US lacks an independent supervisory authority, which is essential from the EU’s perspective, and the Safe Harbour decision was deficient for not requiring one to be set up. A third country cannot be considered to have ‘an adequate level of protection’ without it. Furthermore, only US citizens and residents had access to the judicial system for challenging US surveillance, and EU citizens cannot obtain remedies for access to or correction of data (among other things).

So the Commission should have suspended the Safe Harbour decision. Its own reports suggested that the national security derogation was being breached, without sufficient safeguards for EU citizens. While the Commission is negotiating revisions to that agreement with the USA, that is not sufficient: it must be possible for the national supervisory authority to stop data transfers in the meantime.

Comments

The Advocate-General’s analysis of the first point (the requirement that DPAs must be able to stop data flows if there is a breach of EU data protection laws) is self-evidently correct. In the absence of a mechanism to hear complaints on this issue and to provide for an effective remedy, the standards set out in the Directive could too easily be breached. Having insisted that the DPAs must be fiercely independent of national governments, the CJEU should not now accept that they can be turned into the tame poodles of the Commission.

On the other hand, his analysis of the second point (the validity of the Safe Harbour Decision) is more problematic – although he clearly arrives at the correct conclusion. With respect, there are several flaws in his reasoning. Although EU law requires strong and independent DPAs within the EU to ensure data protection rights, there is more than one way to skin this particular cat. The data protection Directive notably does not expressly require that third countries have independent DPAs. While effective remedies are of course essential to ensure that data protection law (likely any other law) is actually enforced in practice, those remedies do not necessarily have to entail an independent DPA. They could also be ensured by an independent judiciary. After all, Americans are a litigious bunch; Europeans could join them in the courts. But having said that, it is clear that in national security cases like this one, EU citizens have neither an administrative nor a judicial remedy worth the name in the USA. So the right to an effective remedy in the Charter has been breached; and it is self-evident that processing information from Facebook interferes with privacy rights.

Is that limitation of rights justified, however? Here the Advocate-General has muddled up several different aspects of the limitation rules. For one thing, the precision of the law limiting rights and the public interest which it seeks to protect are too separate things. In other words, the public interest does not have to be defined precisely; but the law which limits rights in order to protect the public interest has to be. So the opinion is right to say that national security is a public interest which can justify limitation of rights in principle, but it fails to undertake an examination of the precision of the rules limiting those rights. As such, it omits to examine some key questions: should the precision of the law limiting rights be assessed as regards the EU law, the US law, or both? Should the US law be held to the same standards of clarity, foreseeability and accessibility as European states’ laws must be, according to the ECHR jurisprudence?

Next, it’s quite unconvincing to say that processing the content of communications interferes with the ‘essence’ of the privacy and data protection rights. The ECHR case law and the EU’s e-privacy directive expressly allow for interception of the content of communications in specific cases, subject to strict safeguards. So it’s those two aspects of the US law which are problematic: its nature as mass surveillance, plus the inadequate safeguards.

On these vital points, the analysis in the opinion is correct. The CJEU’s ruling inDigital Rights Ireland suggests, in my view, that mass surveillance is inherently a problem, regardless of the safeguards in place to limit its abuse. This is manifestly the Advocate-General’s approach in this case; and the USA obviously has in place mass surveillance well in excess of the EU’s data retention law. The opinion is also right to argue that EU rules banning mass surveillance apply to the Member States too, as I discuss here. But even if this interpretation is incorrect, and mass surveillance is only a problem if there are weak safeguards, then the Safe Harbour decision still violates the Charter, due to the lack of accessible safeguards for EU citizens as discussed above. Hopefully, the Court of Justice will confirm whether mass surveillance is intrinsically problematic or not: it is a key issue for Member States retaining data by way of derogation from the e-privacy Directive, for the validity of EU treaties (and EU legislation) on specific issues such as retaining passenger data (see discussion here of a pending case), and for the renegotiation of the Safe Harbour agreement itself.

This brings us neatly to the consequences of the CJEU’s forthcoming judgment (if it follows the opinion) for EU/US relations. Since the opinion is based in large part upon the EU Charter of Rights, which is primary EU law, it can’t be circumvented simply by amending the data protection Directive (on the proposed new rules on external transfers under the planned Regulation, see discussion here). Instead, the USA must, at the very least, ensure that adequate remedies for EU citizens and residents are in place in national security cases, and that either a judicial or administrative system is in place to enforce in practice all rights which are supposed to be guaranteed by the Safe Harbour certification. Facebook and others might consider moving the data processing of EU residents to the EU, but it’s hard to see how this could work for any EU resident with (for instance) Facebook friends living in the USA. Surely in such cases processing of the EU data in the USA is unavoidable.

Moreover, arguably it would not be sufficient for the forthcoming EU/US trade and investment agreement (known as ‘TTIP’) to provide for a qualified exemption for EU data protection law, along the lines of the WTO’s GATS. Only a complete immunity of EU data protection law from the TTIP – and any other EU trade and investment agreements – would be compatible with the Charter. Otherwise, companies like Facebook and Google might try to invoke the controversial investor dispute settlement system (ISDS) every time a judgment like Google Spain or (possibly) Schrems cost them money.

Schrems Versus Facebook: is the end of Safe Harbor approaching ?

by Emilio De Capitani

Today Advocate General Yves Bot has presented his long-awaited conclusions on the Case C‑362/14 Maximillian Schrems v Data Protection Commissioner. This case better described by the press as the “Schrems v Facebook” Case (why not “David V Goliath” ?) put in question the so called Safe harbor “agreement” which frame the conditions under which personal data of the people under the EU jurisdiction can be transferred or treated by servers of US Companies (such as Facebook, Google, E-Bay) on the US territory.
As the protection of personal data is a fundamental right under EU law (notably after the entry into force of the art.8 of the EU Charter) art. 25 of Directive 95/46 foresees that the transfer of these data to a third country is legitimate only if the data are “adequately” protected.
The problem is that in the US there is no comprehensive legal protection framework comparable to the one existing in the EU so that in 2000 the Commission negotiated with the US the establishment of a specific voluntary regime (the “Safe Harbor Principles”) which could had been considered granting an “adequate” protection of personal data having regard to the standard applicable in Europe.

At the time the European Parliament voted against this regime but was unable to obtain stronger safeguards because of the unwillingness of the US authorities and moreover by the Commission which was more interested to the transfer of data than of their protection.

Since then the transatlantic flow of data has grown every day and with them the economic benefices of the US Companies without any real re-assesment of the compliance of the Safe Harbor principles on the US side (by the Federal Trade Commission) or on the EU side (by the Commission) even after the entry into force of the Lisbon Treaty which changed the legal basis of EU policies linked with the protection of personal data.

However when the Snowden revelations made clear to everybody that all these EU personal data could be massively analyzed without judicial overview by the US Intelligence Services someone in the EU woke up.

Between the EU Institutions the European Parliament asked the suspension of the Safe Harbor agreement but its initiative was not followed by the Commission (as unfortunately happens more and more frequently); but it is thanks to the obstinacy of Maximilian Schrems, an Austrian law student that the case was finally been brought, first before to the Irish Data Protection Commissioner, then before the Irish High Court and now before the Court of Justice.

This case is extremely interesting not only because it confirms that in a democracy someone has to …watch the watchers be they at national or European level (notably if they are sleeping or hiding behind each other…) but also because it shows that also an “ordinary” Citizen can dare to do in name of the EU law and of his rights what the EU Institutions are less and less willing to do.

Enjoy now the reading the instructive and very detailed Yves BOT arguments drawing him to declare that the Commission initial “adequacy finding” was not adequate at all (as also the EP wrote in its 2000 resolution) and that National Authorities should fully play their role and not hiding behind the Commission “Adequacy decisions”.

Such a strong reasoning if endorsed by the Luxembourg Judges should inspire

a re-assessment of other EU-US ‘executive’ agreements dealing with data protection (the draft “Umbrella agreement” included)
a revision of the Data Protection package at least as far as the regime of Commission “adequacy finding” is concerned (which due to its large marge of discretion could no more be considered a simple “implementing measure” but at least a “delegated” power …) and a stronger role of the Data Protection Board which should have a direct jurisdiction at least for Data controller “over the top” such as Facebook, Google, E-Bay and so on…

It is only unfortunate that the European Parliament which on these issues was on the right side between 1999 and 2004 is now slowly sliding away notwithstanding a much stronger constitutional framework and a binding Charter …

Anyway many thanks Max!! Hope that 10, 100, 1000 of European citizens could follow your example…

CONTINUE READING : OPINION OF ADVOCATE GENERAL BOT

delivered on 23 September 2015 (1) Case C‑362/14 Maximillian Schrems v Data Protection Commissioner

Continue reading “Schrems Versus Facebook: is the end of Safe Harbor approaching ?”

A quest for accountability? EU and Member State inquiries into the CIA Rendition and Secret Detention Programme

EXCERPTS FROM A STUDY FOR THE EP LIBE COMMITTEE

Authors: Prof. Didier Bigo, Dr Sergio Carrera, Prof. Elspeth Guild, and Dr Raluca Radescu.

At the request of the LIBE Committee, this study assesses the extent to which EU Member States have delivered accountability for their complicity in the US CIA-led extraordinary rendition and secret detention programme and its serious human rights violations. It offers a scoreboard of political inquiries and judicial investigations in supranational and national arenas in relation to Italy, Lithuania, Poland, Romania and the United Kingdom. The study takes as a starting point two recent and far-reaching developments in delivering accountability and establishing the truth: the publication of the executive summary of the US Senate Intelligence Committee (Feinstein) Report and new European Court of Human Rights judgments regarding EU Member States’ complicity with the CIA. The study identifies significant obstacles to further accountability in the five EU Member States under investigation: notably the lack of independent and effective official investigations and the use of the ‘state secrets doctrine’ to prevent disclosure of the facts, evade responsibility and hinder redress to the victims. The study puts forward a set of policy recommendations for the European Parliament to address these obstacles to effective accountability.

EXECUTIVE SUMMARY

Although much has been done over the last ten years to overcome major obstacles to ensuring democratic and judicial accountability in respect of EU Member States’ complicity in the unlawful US CIA-led extraordinary rendition and secret detention programme, much remains to be done to uncover the truth and hold those responsible accountable for their actions.

This study takes as a starting point two recent and highly significant developments that have helped to shed light on, and establish accountability for, the actions of EU Member States engaged in the Central Intelligence Agency (CIA) rendition and detention programme. The first is the U.S. Senate Intelligence Committee “Study of the Central Intelligence Agency’s Detention and Interrogation Program” (also known as the Feinstein Report) published in December 2014, which provided further evidence of the nature of the relationship between the CIA and several European state authorities and their wrongdoing. The second is the collection of recent judgments of the European Court of Human Rights (ECtHR), particularly in the Al Nashiri and Abu Zubaydah cases, which have helped to provide substantive rule of law standards against which to measure national political inquiries and judicial investigations.

Through the prism of these two important recent developments, this study builds on the 2012 European Parliament study on “The results of inquiries into the CIA’s programme of extraordinary rendition and secret prisons in European states in light of the new legal framework following the Lisbon treaty”. First (section 2), it pinpoints the critical findings of the Feinstein Report and their relevance for EU Member State inquiries, in particular the new revelations that: the CIA was isolated both nationally and internationally; European states that collaborated with the CIA were quick to withdraw assistance when scrutiny increased, leaving the CIA on the run; the UK failed to refute unfounded CIA claims about the intelligence value of information extracted by torture; and the CIA paid large sums of money to cooperative Member States. The study also examines the media controversy provoked by the release of the Feinstein Report and the efforts made by certain actors to undermine its findings.

The study then (section 3) offers an up-to-date account of political inquiries and judicial investigations in five Member States (Italy, Lithuania, Poland, Romania and the United Kingdom). It argues that, while political inquiries and domestic judicial investigations have been or are being conducted in all five Member States and there have been ECtHR cases regarding all but the UK, they have all been beset by obstacles to accountability. The response of the EU institutions is also analysed. While it is acknowledged that the European Commission has taken tentative steps to encouraging accountability (notably in sending letters to Member States in 2013 to request information on investigations underway), it is found that neither the Commission nor the Council have properly followed up on the European Parliament’s recommendations.

After providing a detailed analysis of the recent ECtHR judgments in the Al Nashiri and Abu Zubaydah cases (section 4) and detailing the rule of law benchmarks against which the effectiveness of national investigations can be tested, the study then measures the national political inquiries and judicial investigations and finds them wanting, either because of a lack of independence or because national security or state secrets have been invoked to prevent disclosure of the facts (section 5).

Finally, the study examines what has prevented EU institutions from taking effective action in response to the CIA programme (section 6). It finds a general lack of political will exacerbated by an absence of a clear enforcement mechanism to ensure compliance with the rule of law as laid down in Article 2 TEU, meaning that the important step taken by the Commission to send letters to Member States is bereft of a clear legal framework.

In light of the above considerations, the Study formulates the following policy recommendations to the European Parliament:

Recommendation 1: The Parliament, particularly the LIBE Committee, should establish regular structured dialogue with relevant counterparts in the U.S. Congress and Senate, which would provide a new framework for sharing information and cooperating more closely on interrelated inquiries in the expanding policy field of Justice and Home Affairs.

Recommendation 2: The Parliament should use the recent LIBE Committee decision to draw up a Legislative Own-Initiative Report on an EU mechanism on democracy, the rule of law and fundamental rights to develop and bring further legal certainty to the activation phases preceding the use of Article 7 TEU. Parliament should also insist that the Commission periodically evaluate Member States’ compliance with fundamental rights and the rule of law under a new ‘Copenhagen Mechanism’ to feed into a new EU Policy Cycle on fundamental rights and rule of law in the Union.

Recommendation 3: The Parliament should adopt a Professional Code for the transnational management and accountability of data in the EU. The Code would outline where ‘national security’ and ‘state secrets’ cannot be invoked (i.e. define what national security is not). It would additionally lay down clear rules aimed at preventing the use and processing of information originating from torture or any related human rights violations.

Recommendation 4: The Parliament should demand that the Commission properly follow up on its resolutions and recommendations.

Recommendation 5: The Parliament should call on the President of the European Council to issue an official statement on the rendition programme to the Plenary, stating clearly the degree of Member States’ complicity and detailing obstacles to proper accountability and justice for the victims.

Recommendation 6: The Parliament should call for effective judicial investigations into the Feinstein Report’s findings that the CIA paid large sums of money to Member States for their complicity in the rendition programme, which amount to allegations of corruption.

The EU-US Umbrella agreement on Data Protection just presented to the European Parliament. All people apparently happy, but….

ORIGINAL PUBLISHED BY EU-LOGOS

by Paola Tavola (EU LOGOS Trainee)

“For the first time ever, the EU citizens will be able to know, by looking at one single set of rules, which minimum rights and protection they are entitled to, with regards to data share with the US in the law enforcement sector”. These are the words of P. Michou, chief negotiator in charge of the negotiation process of the so called EU-US “Umbrella Agreement”, who gave a public overview on the lately finalized transatlantic data protection framework in the field of law enforcement cooperation. The speech, delivered during the last meeting of the LIBE committee of the European Parliament, has met a warm welcome by the MEPs. Great congratulations have been expressed by all the political groups, for the work done by the negotiating team of the Commission that, from its side, has thanked the LIBE committee for its strong support and pressures. As Mrs. Michou said, they “helped us to be stronger in our negotiations”. Negotiations that were dealt with a partner that is far from being an easy one. The words of Michou, however, have not completely reassured all the MEPs, who have called for a legal opinion on the text of the agreement to be delivered by the legal department of the European Parliament. Legal certainties about the potential benefits or detrimental effects that this agreement could have on the existing EU data protection rules, as well as on past and future agreements, have been asked by the majority of the deputies, as a necessary precondition for the vote.

Historical context

An EU-US agreement in the field of protection of personal data was already called by the European Parliament in the year 2009. At that time, in a resolution on the state of transatlantic relation, the Parliament underlined the necessity of a “proper legal framework, ensuring adequate protection of civil liberties, including the right to privacy”, to be agreed on the base of a binding international agreement. The Commission then, on the invitation of the European Council, proposed a draft mandate for starting the negotiations with the United States, on a high standard system of data protection. The final mandate, being adopted by the Council in December 2010, opened the negotiation procedure among the two partners, that formally started on March 2011.

The negotiations have been though, mainly because of a great cultural difference existing among the two partners in terms of data protection, but after four years of work, the agreement has been initialed in Luxembourg, last September 8th. The final text, that can be signed only with the authorization of the Council and the consent of the Parliament, represents a huge step forward: “if we look back to some years ago, it was clear that some of the issues that have been now achieved in the text, couldn’t even have been theoretically possible”, Jan Philippe Albrecht (Greens/EFA) said, by opening the debate after Mrs. Michou speech.

The european Commissioner for Justice, Consumers and Gender Equality, Věra Juorová, by declaring full satisfaction for the conclusion of the discussions, affirmed: “robust cooperation between the EU and the US to fight crime and terrorism is crucial to keep Europeans safe. But all exchanges of personal data, such as criminal records, names or address, need to be governed by strong data protection rules. This is what the Umbrella Agreement will ensure.”

Terrorism or organized crime are phenomena that definitely constitute serious threats to security. However, leaving aside the narrow concept of security, as many theories and authors consider nowadays, a threat to security can be identified as any threat to the “cherished values” of our society: thus also to those values such as the right of privacy and the data protection.

The issue concerns how security and law enforcement are able to positively and constructively interact with new technology, but also to clash with it.

On one side, the information and data sharing is now a fundamental and crucial aspect of policy and judicial inter-state cooperation, since major threats and criminal phenomena have assumed a transnational connotation. On the other side however, it is necessary to ensure the protection and the fair and limited treatment of information, that is transferred as part of the transatlantic cooperation in criminal matters, in order to avoid abuses and the setting up of mass surveillance systems.

The two transatlantic partner, have already settled a substantial framework of data transfer rules. In 2010 they signed an agreement on the processing and transfer of financial messaging data from the EU to the US, for the purposes of the Terrorist Finance Tracking Program (TFTP); while in 2012 they concluded a bilateral agreement for the exchange of PNR (Passenger Name Records) data.

“Data protection is a fundamental right of particular importance in the digital age. In addition to swiftly finalizing the legislative work on common data protection rules within the European Union, we also need to uphold this right in our external relations.” This principle was included by Jean-Claude Juncker in the political priorities of the European Commission agenda, presented in July 2014.

A look inside the “Umbrella Agreement” Continue reading “The EU-US Umbrella agreement on Data Protection just presented to the European Parliament. All people apparently happy, but….”

An updated version (2014) of the Handbook on European law relating to asylum, borders and immigration just published..

(EXCERPTS OF THE HANDBOOK INTRODUCTION)

A first version of the handbook on the European law relating to asylum, borders and immigration is co-authored by the European Agency for Fundamental Rights (FRA) and by by the European Court of Human Rights was published (in four languages) in June 2013. This second edition incorporates the changes to the EU asylum acquis published in the summer of 2013. Future updates of this handbook will become available on the FRA webpage at: http://fra.europa.eu/en/theme/asylum-migration-borders and on the European Court of Human Rights (ECtHR) webpage at: www.echr.coe.int under “Publications”.

This handbook provides an overview of the law applicable to asylum, border man-agement and immigration in relation to European Union (EU) law and the European Convention on Human Rights (ECHR). It looks at the situation of those foreigners whom the EU usually refers to as third-country nationals, although such distinction is not relevant for cited ECHR law.

The handbook does not cover the rights of EU citizens, or those of citizens of Iceland, Liechtenstein, Norway and Switzerland who, under EU law, can enter the territory of the EU freely and move freely within it. Reference to such categories of citizens will be made only where necessary in order to understand the situation of family members who are third-country nationals.

There are, under EU law, some 20 different categories of third-country nationals, each with different rights that vary according to the links they have with EU Member States or that result from their need for special protection.

For some, such as asylum seekers, EU law provides a comprehensive set of rules, whereas for others, such as students, it only regulates some aspects while leaving other rights to EU Member States’ discretion. In general, third-country nationals who are allowed to settle in the EU are typically granted more comprehensive rights than those who stay only temporarily. (…)

This handbook is designed to assist legal practitioners who are not specialised in the field of asylum, borders and immigration law; it is intended for lawyers, judges, prosecutors, border guards, immigration officials and others working with national authorities, as well as non-governmental organisations (NGOs) and other bodies that may be confronted with legal questions relating to these subjects.

It is a first point of reference on both EU and ECHR law related to these subject areas, and explains how each issue is regulated under EU law as well as under the ECHR, the European Social Charter (ESC) and other instruments of the Council of Europe. Each chapter first presents a single table of the applicable legal provisions under the two separate European legal systems. Then the relevant laws of these two European orders are presented one after the other as they may apply to each topic. This allows the reader to see where the two legal systems converge and where they differ.

Practitioners in non-EU states that are member states of the Council of Europe and thereby parties to the ECHR can access the information relevant to their own country by going straight to the ECHR sections.

Practitioners in EU Member States will need to use both sections as those states are bound by both legal orders. For those who need more information on a particular issue, a list of references to more specialised material can be found in the ‘Further reading’ section of the handbook.

ECHR law is presented through short references to selected European Court of Human Rights (ECtHR) cases related to the handbook topic being covered. These have been chosen from the large number of ECtHR judgments and decisions on migration issues that exist.

EU law is found in legislative measures that have been adopted, in relevant provisions of the Treaties and in particular in the Charter of Fundamental Rights of the European Union, as interpreted in the case law of the Court of Justice of the European Union (CJEU, otherwise referred to, until 2009, as the European Court of Justice (ECJ)).

The case law described or cited in this handbook provides examples of an important body of both ECtHR and CJEU case law. The guidelines at the end of this handbook are intended to assist the reader in searching for case law online.

Not all EU Member States are bound by all the different pieces of EU legislation in the field of asylum, border management and immigration. Annex 1 on the ‘Applicability of EU regulations and directives cited in this handbook’ provides an overview of which states are bound by which provisions.

It also shows that Denmark, Ireland and the United Kingdom have most frequently opted out of the instruments listed in this handbook. Many EU instruments concerning borders, including the Schengen acquis – meaning all EU law adopted in this field – and certain other EU law instruments, also apply to some non-EU Member States, namely Iceland, Liechtenstein, Norway and/or Switzerland.

While all Council of Europe member states are party to the ECHR, not all of them have ratified or acceded to all of the ECHR Protocols or are State Party to the other Council of Europe conventions mentioned in this handbook. Annex 2 provides an overview of the applicability of selected Council of Europe instruments, including the relevant Protocols to the ECHR. Substantial differences also exist among the states which are party to the ESC. States joining the ESC system are allowed to decide whether to sign up to individual articles, although subject to certain minimum requirements. Annex 3 provides an overview of the acceptance of ESC provisions.

EU Anti-Money Laundering legal framework: the race has started again…

by Dalila DELORENZI (FREE Group Trainee)

After two years, the revision of the new EU Anti-Money Laundering (AML) framework has finally come to an end. The 20^th May the European Parliament at its second reading has adopted the Fourth Directive AML (Directive (EU) 2015/849) along with the new Regulation on information on the payer accompanying transfers of funds (Regulation (EU) 2015/847).

The revision was triggered by the necessity to adapt the legal framework to counter new threats of money laundering and terrorist financing and to reflect recent changes due to revised Financial Actiont Task Force (FATF) Recommendations. In the following lines the new legal framework is presented by including some crucial measures which could represent a real step-up in the fight against money laundering, financing terrorism and tax evasion.

Introduction of an European register of beneficial ownership

The creation of an European register of beneficial ownership has been one of the sticking point and the reason why the text has attracted much more political attention than the latest directives and the negotiations have taken much longer than it was expected.

1.1 Definition of beneficial ownership and the problems caused by “phantom firms”

A beneficial owner is a natural person – a real, live human being and not another company or trust – who stands behind a company (or trust) as the ultimate owner and controller, directly or indirectly exercising substantial control over the company or receiving substantial economic benefits (such as receipt of income) from the company. If the true owner’s name is disguised, we deal with “anonymous companies”. In a majority of countries, keeping unknown the true owner’s name is perfectly legal and there is typically no requirement to disclose that the names listed are merely front-people.

Such anonymous companies can be created by using “nominees”, people who front the company in place of the true owner, or by incorporating one or more of the companies in a country which does not make details of the beneficial owners publicly available. Also called “phantom firms”, they exist only on paper, with no real employees or office.

Now, it’s certainly true that such entities can also have legitimate uses, but the untraceable company can also be a vehicle of choice for crimes such as money laundering, tax evaders and financier of terrorism.

1.2 The role of anonymous companies in money laundering

Although there are countless ways to launder money, money laundering can be broken down into three stages:

Placement: the initial entry of illicit money into the financial system. This might be done by breaking up large amounts of cash into less conspicuous smaller sums that are then deposited directly into a bank account.
Layering: the second step consists in the process of separating the funds from their source. This purpose is often followed by using anonymous shell companies: for instance, wiring money to account owned by anonymous shell company.
Integration: money re-enter the legitimate economy. For instance, by investing the funds into real estate and luxury assets.
That being said, it is clear that these secretive “shell” companies and trusts play a central role in laundering and channelling funds, concealing behind a veil of secrecy the identity of corrupt individuals and irresponsible businesses involved in activities, including tax evasion, terrorist financing, and the trafficking of drugs and people. More precisely, it is impossible for law enforcement officials go back to the real individuals ultimately responsible for the company’s actions and to track the origin of illicit funds.
1.3 The importance of central registers

Continue reading “EU Anti-Money Laundering legal framework: the race has started again…”

La politique européenne d’asile : Strange fruit ? (III, fin)

ORIGINAL PUBLISHED ON CDRE 13 SEPTEMBRE 2015

par Henri Labayle

III – Sortie de crise ?

Le discours de Jean Claude Juncker sur l’état de l’Union, le 9 septembre, a eu le mérite courageux d’investir le terrain dégagé par la République fédérale d’Allemagne, suivie par la France. De haute tenue et sans donner de leçon à quiconque, le président de la Commission a rappelé à chacun dans l’Union son passé autant que son héritage pour relancer l’adoption de son programme législatif.

Si la réglementation d’un programme de relocalisation de réfugiés revue à la hausse a focalisé l’attention parce qu’elle place chacun devant ses responsabilités, les autres éléments de son discours méritent l’attention et l’on y reviendra ultérieurement ici.

1. La confirmation d’un mécanisme de relocalisation d’urgence

A l’évidence et au vu des évènements en cours à la fin de l’été, le thème de la relocalisation des personnes pénétrées dans l’Union demeurait prioritaire, à la fois pour purger le dossier ouvert en juillet mais aussi pour faire face à l’avenir.

Répondre dans l’urgence à une situation humanitaire devenue intenable au centre et au sud de l’Union européenne était un impératif, infligeant la preuve de la quasi-impossibilité de s’opposer démocratiquement de façon policière à une telle vague.

Si l’itinéraire de la proposition de la Commission visant à soulager l’Italie et la Grèce n’a pas été de tout repos et si le président de la Commission a justement été déçu du sort fait à son initiative, le thème de la délocalisation a eu, au moins, le mérite d’ouvrir un double débat, celui de l’intangibilité du système de Dublin et celui des « quotas » de demandeurs d’asile.

L’idée de « quotas » de demandeurs d’asile a fait difficilement son chemin, suscitant soit une opposition de principe à l’idée, comme pour les autorités françaises, soit un refus de toute contrainte pour une part non négligeable d’Etats, notamment à l’Est.

Il est vrai qu’une autre possibilité existait. Elle était passée sous silence, au point de laisser croire à un ancien Président de la République qu’il était possible de créer un statut de « réfugié de guerre », donnant ainsi au ministre de l’Intérieur et au premier ministre l’occasion politicienne de prétendre que cela était impossible, en raison du « caractère indivisible » du droit d’asile. Cette triple ignorance de la directive 2001/55 du 20 juillet 2001, transposée en 2003, aurait pu être évitée par une simple lecture de son intitulé : effectivement, elle est « relative à des normes minimales pour l’octroi d’une protection temporaire en cas d’afflux massif de personnes déplacées et à des mesures tendant à assurer un équilibre entre les efforts consentis par les États membres pour accueillir ces personnes et supporter les conséquences de cet accueil ». C’est dire qu’elle pouvait s’appliquer ici.

Inspirée par la crise des Balkans en 1992 qui vit près de 200 000 personnes se réfugier en Allemagne, elle fut utilisée vis-à-vis des 100 000 kosovars qu’elle protégea. En l’espèce, l’intérêt d’y avoir recours pouvait ne pas être négligeable, avec en particulier celui d’affirmer aux opinions publiques réticentes que cette protection était « temporaire », de 1 à 3 ans, même si les droits conférés à ses bénéficiaires sont inférieurs à ceux du statut normal de l’asile et s’il était délicat au sein du mouvement actuel de distinguer le cas syrien des autres nationalités couvertes par la relocalisation.

De fait, on peut penser que la difficulté de convaincre les Etats membres autant que leur refus de constater publiquement la disparité de leurs réponses à l’égard des réfugiés syriens ainsi que l’absence de mécanisme de solidarité à proprement parler expliquent la préférence de la Commission pour une autre voie.

Déposée le 27 mai 2015 dans les conditions déjà décrites par ailleurs, la proposition de décision du Conseil COM (2015) 286 et ses annexes ont pris la forme d’une proposition de décision approuvée par une résolution des représentants des gouvernements des Etats membres. Cette mesure constitue une dérogation temporaire à l’article 13 §1 du règlement n° 604/2013, selon lequel l’Italie  et la Grèce auraient autrement été responsables de l’examen d’une demande de protection internationale. C’est son second intérêt.

L’incapacité du système de Dublin à répondre à une vague de demandeurs de cette importance posait incontestablement une question de principe, celle de la survie d’une règle qui veut que le pays de premier accueil soit responsable du demandeur de protection. De façon structurelle et ancienne, la Grèce s’est avérée incapable d’assumer cette responsabilité depuis longtemps, au point d’en être stigmatisée par la CEDH. En vain. De façon conjoncturelle mais répétée, du printemps arabe aux différents drames de Lampedusa, l’Italie ne s’est pas davantage acquittée de ses obligations. Dès lors que la pression s’est faite irrépressible, la Hongrie et ses voisins ont fait la preuve des mêmes carences.

Puisque les Etats de l’Union de la « ligne de front » n’étaient plus en capacité de faire fonctionner les règles de Dublin, il fallait en tirer les conséquences et le refus des autres Etats de considérer les choses en face n’était plus tenable, en fait comme en droit.

En fait, l’Allemagne comme l’Autriche ou d’autres ont tiré le constat de l’impuissance commune, concrètement, en ouvrant leurs frontières aux demandeurs. Mais il ne faut pas se méprendre, cette compréhension n’est pas une négation de Dublin : la clause de souveraineté de Dublin autorise tout Etat membre à se comporter ainsi et rien dans le droit des réfugiés n’autorise un demandeur à choisir librement sa destination. Preuve en est donnée par la décision allemande de rétablir, le 13 septembre, des contrôles à ses frontières.

En droit donc, l’ensemble des mécanismes d’accueil enclenchés depuis juillet, relocalisation comme réinstallation, se présentent comme étant en conformité avec le régime de Dublin, la dérogation qu’ils proposent étant motivée par l’urgence de la situation. Le tout est accompagné, et l’on y reviendra plus tard, d’une proposition de modification du règlement Dublin COM (2015) 450 établissant un mécanisme permanent de relocalisation en cas de crise.

2. Le contenu du mécanisme de relocalisation d’urgence

Continue reading “La politique européenne d’asile : Strange fruit ? (III, fin)”

Passenger Name Records, data mining & data protection: the need for strong safeguards

EXCERPTS FROM EXPERTS’ OPINION SUBMITTED TO THE COUNCIL OF EUROPE (PUBLISHED ON THE STATEWATCH SITE)

by Douwe KORFF and Marie GEORGES (FREE-Group Members)

Introduction

Much has been said and written about Passenger Name Records (PNR) in the last decade and a half. When we were asked to write a short report for the Consultative Committee about PNR, “in the wider contexts”, we therefore thought we could confine ourselves to a relatively straightforward overview of the literature and arguments.

However, the task turned out to be more complex than anticipated. In particular, the context has changed as a result of the Snowden revelations. Much of what was said and written about PNR before his exposés had looked at the issues narrowly, as only related to the “identification” of “known or [clearly ‘identified’] suspected terrorists” (and perhaps other major international criminals). However, the most recent details of what US and European authorities are doing, or plan to do, with PNR data show that they are part of the global surveillance operations we now know about.

More specifically, it became clear to us that there is a (partly deliberate?) semantic confusion about this “identification”; that the whole surveillance schemes are not only to do with finding previously-identified individuals, but also (and perhaps even mainly) with “mining” the vast amounts of disparate data to create “profiles” that are used to single out from the vast data stores people “identified” as statistically more likely to be (or even to become?) a terrorist (or other serious criminal), or to be “involved” in some way in terrorism or major crime. That is a different kind of “identification” from the previous one, as we discuss in this report.

We show this relatively recent (although predicted) development with reference to the most recent developments in the USA, which we believe provide the model for what is being planned (or perhaps already begun to be implemented) also in Europe. In the USA, PNR data are now expressly permitted to be added to and combined with other data, to create the kinds of profiles just mentioned – and our analysis of Article 4 of the proposed EU PNR Directive shows that, on a close reading, exactly the same will be allowed in the EU if the proposal is adopted.

Snowden has revealed much. But it is clear that his knowledge about what the “intelligence” agencies of the USA and the UK (and their allies) are really up to was and is still limited. He clearly had an astonishing amount of access to the data collection side of their operations, especially in relation to Internet and e-communications data (much more than any sensible secret service should ever have allowed a relatively junior contractor, although we must all be grateful for that “error”). However, it would appear that he had and has very little knowledge of what was and is being done with the vast data collections he exposed.

Yet it is obvious (indeed, even from the information about PNR use that we describe) that these are used not only to “identify” known terrorists or people identified as suspects in the traditional sense, but that these data mountains are also being “mined” to label people as “suspected terrorist” on the basis of profiles and algorithms. We believe that that in fact is the more insidious aspect of the operations.

This is why this report has become much longer than we had planned, and why it focusses on this wider issue rather than on the narrower concerns about PNR data expressed in most previous reports and studies.

The report is structured as follows. After preliminary remarks about the main topic of the report, PNR data (and related data) (further specified in the Attachment), Part I discusses the wider contexts within which we have analyzed the use of PNR data. We look at both the widest context: the change, over the last fifteen years or so, from reactive to “proactive” and “preventive” law enforcement, and the blurring of the lines between law enforcement and “national security” activities (and between the agencies involved), in particular in relation to terrorism (section I.i); and at the historical (immediately post-“9/11”) and more recent developments relating to the use of PNR data in data mining/profiling operations the USA, in the “CAPPS” and (now) the “Secure Flight” programmes (section I.ii).

In section I.iii, we discuss the limitations and dangers inherent in such data mining and “profiling”.

Only then do we turn to PNR and Europe by describing, in Part II. both the links between the EU and the US systems (section II.1), and then the question of “strategic surveillance” in Europe (II.ii).

In Part III, we discuss the law, i.e., the general ECHR standards (I); the ECHR standards applied to surveillance in practice (II, with a chart with an overview of the ECtHR considerations); other summaries of the law by the Venice Commission and the FRA (III); and further relevant case-law (IV).

In Part IV, we first apply the standards to EU-third country PNR agreements (IV.i), with reference to the by-passing of the existing agreements by the USA (IV.ii) and to the spreading of demands for PNR to other countries (IV.iii). We then look at the human rights and data protection-legal issues raised by the proposal for an EU PNR scheme. We conclude that part with a summary of the four core issues identified: purpose-specification and –limitation; the problem with remedies; “respect for human identity”; and the question of whether the processing we identify as our main concern – “dynamic”-algorithm-based data mining and profiling – actually works.

Part V contains a Summary of our findings; our Conclusions (with our overall conclusions set out in a box on p. 109); and tentative, draft Recommendations. (…)

Conclusions Continue reading “Passenger Name Records, data mining & data protection: the need for strong safeguards”