Privacy and Data Protection Implications of the Civil Use of Drones

IN DEPTH ANALYSIS FOR THE EP CIVIL LIBERTIES COMMITTEE (LIBE)

by Ottavio MARZOCCHI  (Policy Department  C: Citizens’ Rights and  Constitutional  Affairs European  Parliament )

EXECUTIVE SUMMARY

Drones (also called RPAS, Remotely Piloted Aircraft Systems, or UAV, unmanned aerial vehicles)  are  aircraft   without  a  human  pilot on board,  which are  guided  by a  remote pilot.
Drones have been developed for military use but are now increasingly used for civil purposes. Currently drones are employed for critical infrastructure and civil protection, disaster management and search and rescue, environmental protection, law enforcement and surveillance, journalism, commercial activities and leisure, while it is foreseen that in the future they will also be employed for other missions, such as agriculture, energy, transport  of goods  and  cargo  – and  even  of people.

States plan to increase their use of drones, while industry, small and medium enterprises and private companies have a growing interest in the manufacturing, selling and use of drones to monitor their activities or provide goods and services to clients. Being currently available on the market at affordable prices, their use by private individuals has  increased   exponentially.

The current and prospective development of drones has a series of positive impacts, notably for employment, SMEs and industrial development, and has a potential to generate growth and jobs. Drones can carry out operations in emergency situations, where human intervention is either impossible or difficult (drones could help save lives in operations of humanitarian relief, search and rescue at sea, when nuclear accidents or natural  disasters  occur,  etc).
As with any technology, there are also risks to be taken into serious account by stakeholders, regulators, institutions and citizens in order to prevent, minimize and counter the potential negative impacts of some applications of drone technology. This is especially the case in the absence of proper regulation or/and when drones are used in illegal,  unsafe or irresponsible  ways.

In terms of risks for privacy and data protection, drones normally carry video-cameras to allow pilots to fly them. These images can be easily recorded and stored, and are often uploaded onto the internet. The privacy of private life and property can be interfered with and violated when drones capture images of people in their houses or gardens. A series of other applications and payloads can also be installed on drones, allowing the gathering and processing of personal data and seriously interfering with and potentially violating citizens’ rights to privacy and data  protection1.

In terms of security and safety, drones pose a series of considerable and serious risks. As reported by the media, drones have been spotted over airports or close to them, disrupting or/and threatening civil aviation; have crashed on the ground; have been flown over critical infrastructure, embassies or tourist attractions; have injured people. The prospective increase in the number of drones flying at different heights (including in the space currently reserved for civil aviation), in different directions (drones normally change    direction    multiple    times,    on    the    basis    of    pilots’    orders)    and    areas,    with    different weights and speeds, over people and private properties, poses serious challenges. The technological environment to ensure the secure and safe integration of drones in the civil aviation system does not yet seem ripe, as communications can be easily lost or hijacked, the detect and avoid systems are not by default installed on drones and systems to block their access into no-fly zones (geo-fencing) are not in place. Responsibility and liability for drones’ use is not yet guaranteed, as identification of the owners or pilots is not required in most EU MS, making transparency or law enforcement action almost impossible.

Potentially, the positive applications of drones (e.g. for fire-fighting; or nuclear plan inspection) can be nullified by negative applications (e.g. private drones flying around and impeding quick fire-fighter intervention, as happened in Norway; or private drones flying over the nuclear power plant, or even crashing on it). These elements show that drones pose a series of challenges and concrete risks for safety, security and the fundamental rights of persons, which are to be addressed seriously.

The exponential development and spread of drones challenges policy makers to regulate them and their use by balancing the will to support drones’ positive potential for the economy while preventing, minimizing and countering the negative impacts and the risks illustrated above. A series of initiatives at international, European and national level are currently underway to respond to this challenge.

The European Commission has worked in recent years to promote RPAS integration into the European civil aviation airspace (“non-segregated air traffic management environments”). The next steps in the process will be the development of safety rules by EASA during 2015. Based on this, the Commission will issue a package containing a revision of the basic European Civil Aviation Safety Regulation (currently under impact assessment) possibly in 2015 to allow the integration of drones from 2016 onwards.

The Commission has identified priority areas where the EU could play a leading or coordinating role, notably by developing a regulatory framework to guarantee safety; fostering enabling technologies; security; protecting citizens’ fundamental rights (privacy and data protection); guaranteeing third party liability and insurance; supporting market development and emergence and promoting the European RPAS industry and its competitiveness. EASA and the Council, as well as MS regulations, seem to go broadly in the same direction.

This research finds that:

  • In order to ensure that the EU can regulate drones regardless of their weight, it is necessary to modify EC Regulation 216/2008 and notably its Annex 2, which currently limits the scope of EU action to RPAS weighting more than 150 kg. Once this has been done, the current regulations and laws adopted at national level will have to be modified on the basis of the future EU regulatory regime, which might be based on a new “proportionate to the risk” approach;

. Notwithstanding the fact that interferences to privacy and data protection can be particularly serious when drones are used to collect personal data for law enforcement purposes and surveillance activities, EU data protection law does not currently cover this area (except when such data is exchanged amongst Member States). Activities by private individuals are excluded from the application of the DP Directive due to the “household” exception, but it seems likely that the capturing and processing of personal data carried out by drones in public spaces could be subject to EU data protection law, following the ECJ jurisprudence on CCTV. In these areas, it is primarily for Member States to ensure that privacy and data protection guarantees apply; looking forward, the approval of the Data Protection Regulation and Directive will bring a positive contribution in terms of impact assessments, privacy by design and privacy  by default,  as  these  will  become mandatory;

Citizens’ right to security and safety of citizens does not seem to be fully guaranteed across the EU and by all MS in relation to drones and their use, while enabling technologies are still in development; law enforcement action is virtually impossible as rules on identification of drones and of their operations, responsibility and liability are not  yet  in  place everywhere;

The whole “drones’ chain” should be more closely examined in terms of current and future EU and/or MS regulation needed to minimize or counter risks for citizens and to their rights, from manufacturing and trade (production, selling, buying, internal and international trade, notice for buyers on risks and hazards and applicable rules or legislation for flying drones), to safety (airworthiness, pilot licences, operation authorisation, identification and monitoring of drones and of their flights, establishment of no-fly zones such as critical infrastructures, airports, cities and villages, gatherings, rules that should be followed when operating a drone, for instance visual line of sight, private properties, etc), privacy and data protection rules, as well as laws related to criminal behaviour, intellectual property, aviation, environmental law that are to be respected by drones, security (regulations and measures to ensure that law enforcement action against illegal and unsafe use of drones is possible, responsibility and liability for damage to persons or property as a result of an incident caused by an RPA).

The debate on the future regulatory regime for drones, which has been mainly carried out up to now between industry, stakeholders, technical regulators and working groups (be it at the national, European and international level), should involve more closely both citizens and legislators. Consultations on future options should be carried out, so to take into account citizens’ views and concerns, while legislators should be the ones to take decisions on regulation, given the risks posed by drones. This is the only way to ensure that “public acceptance” of, or “societal concerns” in relation to, drones are addressed and resolved, though the open and democratic debate and  scrutiny.

In order to achieve these objectives at the EU level and ensure a more transparent and democratic debate on the future policy on drones, the EP could ask the Commission report in detail and in straightforward terms, for instance in its upcoming impact assessment, about which actions it plans to undertake in the “drones’ chain” to ensure that the objectives of safety, security, respect of fundamental rights, namely privacy and data protection, environment, responsibility and liability, law enforcement action, insurance, identification and transparency, technological development, can be achieved, with recommendations for MS and/or EU action, and possible options. A description of the regulatory approaches in MS should also be provided, so to allow a comparison and to identify best practices. It should also report about the past, present and future use of EU funds for drones development, and on how funds for civilian uses and military/defence uses of drones interact. A yearly reporting mechanism would also be useful, and could also address the causes and possible remedies to deal with drones’ incidents.

1 For instance: high power zoom, facial recognition, behaviour profiling, movement detection, number plate recognition, thermal sensors, night vision, radar, see-through imaging, Wi-fi sensors, microphones and audio-recording systems, biometric sensors to process biometric data, GPS systems processing the location of the persons filmed, systems to read IP addresses and track RFID devices, systems to intercept electronic communications.

CONTINUE READING THE FULL REPORT HERE
 

US CONGRESSIONAL RESEARCH SERVICE: Overview of Constitutional Challenges to NSA Collection Activities

FULL REPORT ACCESSIBLE HERE (May 21, 2015)

by Edward C. Liu Legislative Attorney, Andrew Nolan Legislative Attorney and  Richard M. Thompson II Legislative Attorney

Summary

Beginning in summer 2013, media reports of foreign intelligence activities conducted by the National Security Agency (NSA) have been widely published. The reports have focused on two main NSA collection activities approved by the Foreign Intelligence Surveillance Court (FISC) established under the Foreign Intelligence Surveillance Act (FISA) of 1978. The first is the bulk collection of telephony metadata for domestic and international telephone calls. The second involves the interception of Internet-based communications and is targeted at foreigners who are not within the United States, but may also inadvertently acquire the communications of U.S. persons. As public awareness of these programs grew, questions about the constitutionality of these programs were increasingly raised by Members of Congress and others. This report provides a brief overview of these two programs and the various constitutional challenges that have arisen in judicial forums with respect to each.

A handful of federal courts have addressed the Fourth Amendment issues raised by the NSA telephony metadata program. FISC opinions declassified in the wake of the public’s awareness of the NSA telephony metadata program have found that the program does not violate the Fourth Amendment. Similarly, in ACLU v. Clapper, the federal District Court for the Southern District of New York held that a constitutional challenge to the telephony metadata program was not likely to be successful on the merits. On appeal, the United States Court of Appeals for the Second Circuit refrained from reaching the merits of this Fourth Amendment challenge, but instead resolved the case on statutory grounds, holding that the metadata program exceeded statutory authorization under Section 215 of the PATRIOT Act. However, the panel did engage in a general discussion about the Fourth Amendment principles implicated by this program, including the effect of modern technology on American’s expectations of privacy. Both the district courts for the Southern District of California and the District of Idaho have found the bulk metadata program constitutional under existing Supreme Court precedent. In Klayman v. Obama, the federal District Court for the District of Columbia held that there is a significant likelihood that a challenge to the constitutionality of the NSA telephony metadata program would be successful.

Constitutional challenges to the NSA’s acquisition of Internet communications of overseas targets under FISA have arisen in a number of different contexts. First, such challenges have arisen in both the FISC and the Foreign Intelligence Surveillance Court of Review as part of those courts’ roles in approving the parameters of these collection activities. Secondly, constitutional challenges have been brought in traditional federal courts as civil actions by plaintiffs asserting an injury or in criminal proceedings by defendants who have been notified that evidence against them was obtained or derived from collection under Section 702. While the FISA courts have at times curbed the government’s ability to engage in surveillance activity to ensure compliance with the Fourth Amendment, the one federal court to address the issue has upheld the program against constitutional challenge.

CONTINUE READING HERE

 

 

VERFASSUNGSBLOG : Europe’s Justice Deficit

SEE ORIGINAL CONTRIBUTIONS HERE

The EU affects the lives of many people in ways they perceive as profoundly unjust. Lives are dramatically affected by the policies of austerity, widely understood to be EU-imposed. With the Court of Justice appearing to stand for its own authority and EU autonomy at any cost; with migrants attempting to reach fortress Europe and drowning en masse as the EU cuts back its rescue services; and with economic inequalities in the Member States reaching new heights, could it be that there is a justice deficit in Europe, exacerbated by the European Union? There is an urgent need to address the question of justice as an EU objective openly and without reservation, and not to permit nationalists and Eurosceptics to monopolize this debate. On the occasion of the newly launched book “Europe’s Justice Deficit?”, co-edited by EU constitutional law scholars Dimitry Kochenov, Gráinne de Búrca and Andrew Williams, we put this question up for debate.

Read MORE

JUMP BEFORE YOU’RE PUSHED: THE CJEU RULES ON THE VOLUNTARY DEPARTURE OF IRREGULAR MIGRANTS

ORIGINAL PUBLISHED ON EU LAW ANALYSIS

by  Steve Peers

For the first time, the CJEU ruled yesterday (in its judgment in Zh and O) on the provisions of the EU’s Returns Directive (the main set of rules governing the expulsion of irregular non-EU migrants) concerning ‘voluntary departure’. The word ‘voluntary’ is a euphemism here, of course:  there’s still a legal obligation for the migrant to leave, underpinned by the threat of force. But nevertheless it still makes a big difference to the people concerned whether they have a chance to leave the country under their own steam. If they aren’t given that chance, they are likely to be woken up in their homes in the middle of the night, arrested, detained in jail, and restrained on their journey to their country of origin or transit by an armed officer. Some are injured or die during this process. So it’s far better to jump than to be pushed.

But when do irregular migrants have the choice to do so? The Returns Directive makes it the normal rule to give them a period for voluntary departure, for a period of between seven and thirty days.  This time must be extended if necessary in individual cases, for instance whether there are children in school. But there are exceptions: Member States may decide not to grant this period, or to curtain it to less than seven days, in three cases: where there’s a ‘risk of absconding’; where ‘an application for a legal stay has been dismissed as manifestly unfounded or fraudulent’; and if the person concerned ‘poses a risk to public policy, public security or national security’.

If one of these exceptions apply, the removal must then be carried out by national officials, and the Directive in principle requires the migrant to be issued with an entry ban. (It’s still an option for a Member State to issue an entry ban in cases of voluntary departure). Migrants who have the chance of voluntary departure are entitled to family unity, emergency health care and education in the meantime, and it’s implicit that they would not normally be detained.

The Zh and O judgment concerns the third of the exceptions from the rule of giving a period for voluntary departure: the exception for ‘public policy’, et al. Last year’s judgment in Mahdi, discussed here, touched on the first exception (the ‘risk of absconding’), in a different context (the grounds for detention). Zh and O was about two separate cases, and the Dutch courts asked three questions to clarify the meaning of the public policy exception.

Judgment

The national court wanted to know whether the ‘public policy’ exception had the same meaning as the similar provisions in the EU’s citizens’ Directive, and also the EU Directives on family reunion and long-term resident non-EU citizens. First of all, the CJEU said that the exception had to be interpreted ‘strictly’. It confirmed that the three exceptions to the rule of voluntary departure were the ‘only’ ones allowed. A Member State has to ‘prove’ that there is a risk to public policy. Secondly, the voluntary departure rule aimed, among other things, to protect the ‘fundamental rights’ of the persons concerned during the expulsion process.

So while Member States ‘retain the freedom’ to decide on the concept of public policy, they did not have full latitude to determine the concept without any control by the Court. Here the CJEU referred ‘by analogy’ to case law on the EU citizens’ Directive. So the exception had to be applied on a ‘case-by-case basis’, to decide if the ‘personal conduct’ of the migrant ‘poses a genuine and present risk to public policy’. This meant the suspicion of committing a criminal act, or even a criminal conviction, could not by itself justify the conclusion that a ‘public policy’ risk exists.

On the other hand, the ‘public policy’ exception could still apply where an appeal against a criminal conviction had not yet been decided, or where there was no conviction, as long as ‘other factors’ justified the use of that exception. What are those other factors? The Court referred to the ‘nature and seriousness’ of the act and ‘the time which has elapsed since it was committed’. So the national court had to consider that in one case, the migrant was actually not trying to stay in the Netherlands without authorisation, but was on his way out (travelling to Canada) when he was stopped. In the other case, the migrant had been accused of domestic abuse, but it was relevant that there was nothing to substantiate that accusation.

Finally, the Court ruled that there did not have to be a separate assessment of the question of limiting voluntary departure; that issue could be considered when making the initial return decision. The Court reiterated its prior judgment in Boudjlida (discussedhere), when it ruled that the migrant must have the opportunity to be heard on the question of whether voluntary departure ought to be granted.

COE Human Rights Commissioneer : Reinforcing democratic oversight of security services cannot be further delayed

Strasbourg, 5 June 2015 – “The current systems of oversight of national security services in Europe remain largely ineffective. Revelations over the last years about security operations which have violated human rights should have prompted reforms in this field, but progress has been disappointingly slow. European countries must now ensure more democratic and effective oversight of what their security services do and avoid future operations leading to new human rights violations,” said today Nils Muižnieks, Commissioner for Human Rights, while presenting a report on this topic.

The report intends to provide guidance to strengthen human rights protection in the field of security services. It sets forth a number of measures necessary for making national oversight systems more effective and the security services accountable and fully compliant with human rights standards.  “Security service activities impact a variety of human rights, including the right to life, to personal liberty and security, and the prohibition of torture or inhuman, cruel and degrading treatment. They also impinge on the right to privacy and family life, as well as the rights to freedom of expression, association and assembly, and fair trial. It is therefore crucial that security services uphold the rule of law and human rights in undertaking their tasks.”

Council of Europe member states have taken diverse approaches to oversight, which include parliamentary committees, independent oversight bodies, institutions with broader jurisdictions such as ombudspersons, data commissioners and judicial bodies. However, none abides fully to internationally established norms. Drawing upon international and European standards and national practices, the paper sets out the most significant objectives and overriding principles that can enable more effective oversight of security services. “It is necessary to keep oversight democratic, primarily through the involvement of parliaments. It is also crucial to ensure prior authorisation of the most intrusive measures, including surveillance, and to establish a body able to issue legally binding decisions over complaints by individuals affected by security activities, as well as to access all intelligence-related information,” said the Commissioner.

“Security services exist to protect our democracies. Their work is fundamental to ensure that we all can live in security. This paper intends to show how their activities can be best sustained by policies which ensure their lawfulness and accountability. Ensuring that security agencies operate under independent scrutiny and judicial review does not reduce their effectiveness. On the contrary, governments would increase their credibility among the public and weaken support for anti-democratic causes if they show as much resolve in safeguarding human rights as in fighting terrorism.”

The executive summary and the Commissioner’s recommendations are also available in French and German. Translations into Turkish and Russian are under way.

To read more about the Commissioner’s work on counter-terrorism and human rights, please visit this page.

Press contact in the Commissioner’s Office:
Stefano Montanari, + 33 (0)6 61 14 70 37; stefano.montanari@coe.int
www.commissioner.coe.int; Twitter: @CommissionerHR; Facebook; youtube
 
The Commissioner for Human Rights is an independent, non-judicial institution within the Council of Europe, mandated to promote awareness of, and respect for, human rights in the 47 member states of the Organisation. Elected by the Parliamentary Assembly of the Council of Europe, the present Commissioner, Mr Nils Muižnieks, took up his function on 1 April 2012

INTEGRATION REQUIREMENTS FOR THIRD-COUNTRY NATIONALS: THE FIRST CJEU RULING

ORIGINAL PUBISHED ON EU LAW ANALYSIS

by Steve Peers

When can a Member State require immigrants to undertake integration courses? The Court of Justice dealt squarely with this issue for the first time in today’s judgment in P and S, which concerned the application of the EU’s Directive on the long-term residence of non-EU citizens. (The UK, Ireland and Denmark have an opt-out from this law).

The judgment has a broader relevance, since the EU Directive on family reunion for non-EU citizens also provides for Member States to adopt integration conditions. On the other hand, EU free movement law does not provide for Member States to impose such conditions on EU citizens or their family members. As for Turkish nationals, the EU-Turkey association agreement does not provide for such a condition either, but Member States may impose one subject to a standstill rule in most cases (see last year’s Dogan judgment, discussed here).

Today’s judgment turns on the wording of the long-term residence Directive, which states that Member States ‘may require third-country nationals to comply with integration conditions, in accordance with national law’. The case concerned non-EU citizens who already had long-term resident status under the Directive, but Dutch law still requires them to take civic integration courses and penalises them with a fine every time they fail. A later change to Dutch law requires non-EU citizens to pass these courses before they get long-term residence status, but that later version of the law was not directly at issue in this case.

Judgment

According to the Court, the requirement to take integration courses does not as such infringe the Directive, first and foremost because the Directive clearly permits an integration condition to be imposed before obtaining long-term resident status. Next, the Court ruled that the requirement did not breach the equal treatment rule set out in the Directive, since Dutch nationals could be presumed to have knowledge of Dutch society and the Dutch language, whereas non-EU citizens could not.

However, that was not the end of the Court’s analysis. It then focussed on whether the national rules undercut the effectiveness of the Directive. The Directive had as its main aim the integration of non-EU citizens, and the Court stated that learning the national language and about the host State could facilitate communication with Dutch citizens, and ‘encourages interaction and the development of social relations’. Acquiring a knowledge of Dutch also ‘makes it less difficult’ to find work and take up training courses. The integration requirement therefore contributed to the aims of the Directive.

The Court went on to say that there were some limits upon what Member States can do, as regards ‘the level of knowledge required to pass the civic integration examination’, ‘accessibility of the courses and the material  necessary to prepare’ for the exams, the level of registration fees and ‘specific individual circumstances, such as age, illiteracy or level of education’. But the Court seemed most concerned about the amount of the fines, which were quite high and would be imposed for every failure, or even where the non-EU citizen had not sat the exam within the required time. The fines were also imposed on top of the high fees to sit the exam. So in principle this aspect of the system infringed EU law, although it was left to the national court to apply the Court’s ruling in practice. Finally, the Court stated that it was irrelevant whether the persons concerned already had long-term resident status, since (in this case) it was not a condition for getting or retaining that status.

Comments

The Court’s ruling makes clear that Member States can in principle impose integration requirements for long-term residence status, subject to the principle of effectiveness. The main feature of that principle in this case was the fees for failing (or not sitting) the exam, in conjunction with the fees for sitting the exam. Obviously the Dutch government is now obliged to lower those fees, and other Member States’ rules could be challenged on the same basis. The ruling is obviously particularly relevant to less wealthy migrants who would struggle to pay the fines and test fees several times over.

Although the Court did not rule in any detail on the other limits which EU law imposes upon national integration requirements, such limits certainly exist, as regards the level of knowledge needed to pass, the accessibility of tests and materials, and ‘specific individual circumstances’. It is not clear from the judgment exactly how Member States are obliged to take account of such circumstances – whether by means of a complete exemption from the test or a different version of it. But it should be noted that the list of specific circumstances mentioned by the Court is not exhaustive (‘such as’).

While the judgment clearly implies that Member States may even withhold long-term residence status if an integration test is not passed, the Court did not rule on that issue as such. So it remains open to argue that there may be stricter limits or other factors to consider when Member States impose an integration condition to acquire that status.

Nor did the Court rule on whether the failure to meet an integration condition could be a ground to lose long-term resident status. The Directive does not list this as one of the possible grounds for loss of that status, and it should follow from the objective of the Directive that the list of grounds which could lead to such a loss of status is exhaustive. This also follows from the structure of the Directive: if failure of an integration test could lead to loss of status, why did the drafters of the Directive only mention integration tests in the clause dealing with acquisition of that status?

Today’s judgment is only the first in a line of cases upcoming concerning integration conditions (the next batch of cases concern the parallel clause in the family reunion Directive). As a starting point, the Court has struck a good balance between ensuring that immigrants fit into society and the need to prevent integration tests forming a disguised means of excluding migrants from ever really fitting in despite their genuine efforts.

THE FRENCH “WAR ON TERROR” IN THE POST-CHARLIE HEBDO ERA

ORIGINAL PUBLISHED ON EUCRIM EDITED BY THE MAX PLANCK INSTITUTE AND THE EUROPEAN CRIMINAL LAW ASSOCIATION’S FORUM (*)

by Vasiliki Chalkiadaki

I. Introduction

France’s history of terrorism is neither new nor exclusively Islamist-related. At the end of the 1970s, France experienced a wave of terrorist activity both from left-revolutionary groups, such as the Action Directe,1 and from nationalist-separatist groups, especially those active in Brittany, Corsica, and the Basque Country.2 By the early 1980s, however, France had become a target of Islamist terrorist groups and has remained so ever since, as the gunmen attack on the Paris headquarters of the satirical magazine Charlie Hebdo on 7 January 2015 demonstrated.3

The history of contemporary French counterterrorism legislation dates back to 1986, with the law on counterterrorism of 9 September 1986. Before the latter, France dealt with terrorist attacks by means of special laws on state security that had been enacted during the Algerian wars (1954–1962), which provided for an intensive limitation of individual rights and even for a special court to deal with the relevant offences (Cour de Surete de l’Etat, “Court of State Security”)4 that was abolished only in 1982. Therefore, until 1986, no specific counterterrorism legislation existed.

Before 1986, terrorist acts were characterized as “serious violent acts threatening the integrity and the security of the state” and treated accordingly.5

This paper presents the impact that the latest terrorist attack (hereafter: the Charlie attack) has had so far on France’s counterterrorism legislation (part III). After a brief historical overview of current legislative measures (part II), the following aspects are examined as being the effects of the attack:

  • the enactment of a series of provisions, mainly in the Code of Internal Security (Code de securite interieure, hereafter: Cod. Sec. Int.);
  • the exponentially increasing number of prosecutions on the basis of already existing substantive criminal law provisions (especially the glorification of terrorism and the preparation of terrorist acts);
  • the planning of new measures and the drafting of the relevant provisions regarding the financing of terrorism to reinforce the already existing framework on terrorist financing.

  • II. Historical overview Continue reading “THE FRENCH “WAR ON TERROR” IN THE POST-CHARLIE HEBDO ERA”

The US legal system on data protection in the field of law enforcement. Safeguards, rights and remedies for EU citizens

EXECUTIVE SUMMARY OF STUDY FOR THE EUROPEAN PARLIAMENT LIBE COMMITTEE PUBLISHED HERE

by Francesca BIGNAMI (*)

In US law, there are a number of different legal sources that govern data protection in the field of federal law enforcement. This study first considers the two most important sources of data protection law^the Fourth Amendment to the US Constitution and the Privacy Act of 1974. It then turns to the most significant methods of information collection that are available for ordinary criminal investigations and national security investigations and the data protection guarantees set down under the laws authorizing and regulating such information collection.

The Fourth Amendment prohibits “unreasonable searches and seizures” by the government. Reasonableness is established if the search or seizure is conducted pursuant to a valid warrant, that is, a judicial order based on a showing of probable cause and on a particular description of the property to be searched and the items to be seized. Reasonableness can also be established if one of the exceptions to the warrant requirements exists. In the data protection context, however, the application of the Fourth Amendment is relatively limited because of the third-party records doctrine which holds that individuals do not have an expectation of privacy in personal data that they voluntarily turn over to third parties like financial institutions and communications providers. With regard to EU citizens, the Supreme Court has held that foreign citizens resident abroad are not covered by the Fourth Amendment.

Among U.S. laws, the Privacy Act of 1974 is the closest analogue to a European data protection law in that it seeks to regulate comprehensively personal data processing, albeit only with respect to federal government departments and agencies. It regulates the collection, use, and disclosure of all types of personal information, by all types of federal agencies, including law enforcement agencies. At a general level, the Privacy Act contains most of the elements of the EU right to personal data protection. However, it only protects US citizens and permanent residents, not EU citizens.

Furthermore, there are a number of exemptions available specifically for law enforcement agencies. As a result, the benefits of the proposed legislation on judicial redress for EU citizens are unclear. The proposed legislation contemplates three types of law suits, two of which are designed to protect the right of access to and correction of personal data, and one of which enables individuals to obtain compensation for unlawful disclosures of personal data. Since law enforcement agencies commonly exempt their data bases from the access requirements of the Privacy Act, the right of action for intentional or willful disclosures that cause actual damage is the only one that would be available on a general basis.

In investigations involving ordinary crime, there are at least three different methods of personal data collection available to law enforcement officials: (1) use of private sources like commercial data brokers; (2) court and administrative subpoenas; (3) electronic surveillance and access to electronic communications based on a court order under the Electronic Communications Privacy Act. These information-gathering methods afford the same level of data protection for US and EU citizens.

With respect to EU data protection law, however, some of these methods contain relatively few data protection guarantees.

In the case of private sources of personal data, this is attributable to the absence of a comprehensive data protection scheme in the private sector and the vast quantities of personal information freely available to market actors and, consequently, also to law enforcement officials. With respect to the subpoena power and access to communications metadata and subscriber records (under the Stored Communications Act and the Pen Register Act), the lack of significant data protection guarantees is associated with the standard of “relevance” to any type of criminal investigation and the permissive application of that standard by the courts. The law and jurisprudence of “relevance,” in turn, is driven by the failure of US law to recognize a robust privacy interest in the personal data held by corporate entities and other third parties.

In investigations involving national security threats, which can involve both an intelligence and a law enforcement component, there are a number of additional means available to the government: (1) a special type of administrative subpoena known as a “national security letter”; (2) surveillance authorized by the Foreign Intelligence Surveillance Act (FISA); (3) any other form of intelligence gathering authorized by Executive Order 12,333 (and not covered by FISA). The information gathered through such methods can be shared with criminal prosecutors if relevant for law enforcement purposes.

Foreign intelligence gathering, both inside and outside the United States, follows a two-track scheme, one for US persons and another for non-US persons. With the exception of FISA electronic and physical surveillance orders, the data protection guarantees afforded to non-US persons are minimal. The stated intent of Presidential Policy Directive 28 is to provide for stronger personal data protection for non-US persons, but it is difficult to come to any conclusions at this point in time on what effect it will have.

More generally, even with respect to US persons, personal data protection under foreign intelligence law raises a couple of questions.

The first concerns the point in time when the right to privacy is burdened by government action. The US government has suggested that in the case of bulk collection of personal data, harm to the privacy interest only occurs after the personal data is used to search, or results from a search of, the information included in the data base.

This position stands in marked contrast with EU law, where it is well established that bulk collection, even before the personal data is accessed, is a serious interference with the right to personal data protection because of the number of people and the amount of personal data involved.

The second question concerns the conditions under which personal data can be shared between intelligence and law enforcement officials. In the realm of data processing by law enforcement and intelligence agencies, the European courts have emphasized that intrusive surveillance can only be conducted to combat serious threats that are carefully defined in law. They have also held that the information that results from such surveillance can only be used to combat those serious threats, whether to take national security measures or to prosecute the associated criminal offenses. In US law, by contrast, the law allows for intelligence to be transferred to the police and criminal prosecutors for any type of law enforcement purpose.

Continue reading here 

(*) Prof. at George Washington University Law School, Washington, DC, USA

Summer School on The European Area of Criminal Justice (Brussels, 29 June – 3 July 2015)

NB: This Summer School is particularly designed for practitioners in the field of police cooperation and judicial cooperation in criminal matters, EU or national civil servants, as well as researchers and students interested in EU “Freedom, Security and Justice” policies.

Programme (See updated version here)

The 12th edition of the Summer School “The EU Area of Criminal Justice” will take place in Brussels from 29 June – 3  July  2015.

The objective of the Summer School is to provide participants with an extensive knowledge of EU criminal law. The classes are both theoretical and practical. They are conducted by academics, national experts or European officials who deal every day with the European criminal area.

The Summer School is specially designed for practitioners in the field of police and judicial cooperation in criminal matters, EU or national civil servants as well as researchers and students interested in the EU area of freedom, security and justice.

Concerning the programme: the Summer School takes place over a week, lectures are in English, participants receive a certificate of attendance, the final examination entitles participants to receive 3 ECTS and lawyers to gain 37 points from the OBFG (Ordre des Barreaux Francophones et Germanophone de Belgique).

The Summer School covers essentially 5 topics :

  • subject I (day 1): general introduction (historical evolution, institutional issues – Schengen included, judicial control – EU accession to ECHR included);
  • subject II (day 2): cooperation between national authorities in criminal cases, covering both police cooperation and judicial co-operation. The latter will address the evolution from classic judicial cooperation (Mutual Legal Assistance instruments) to mutual recognition instruments, with special attention to the  European Arrest Warrant;
  • subject III (day 3): approximation of criminal law, in theory and practice. Thus, following a class on the approximation of substantive criminal law, the example of financial crimes will be addressed. Similarly, the theoretical course on approximation of procedural law will be complemented with the study of the Directive on the right of access to a lawyer;
  • subject IV (day 4): current and future actors of the European criminal area, particularly Eurojust, Europol and the EPPO.
  • subject V (day 5): data protection and external dimension of the EU area of criminal justice. The Summer School will end with a negotiation exercise.

Special events during the Summer School:

  • Mid-week conference : “Foreign fighters – a criminal law revolution?” 

The conference will be chaired by Hans G. Nilsson (General Secretariat of the EU Council) and will count on speeches from illustrious practitioner and professors. For details, please download the programme on the right.

The Summer School is organised by the Institute for European Studies of the Free University of Brussels (IEE-ULB) in collaboration with the European Criminal Law Academic Network (ECLAN).

THE NEW EU MIGRATION AGENDA TAKES SHAPE: ANALYSIS OF THE FIRST NEW MEASURES

ORIGINAL PUBLISHED ON MAY 28 ON  EU LAW ANALYSIS

by Steve Peers

This week the European Commission took its first steps towards implementing its new EU Migration Agenda (previously discussed here). A number of the items in the agenda have already been addressed (for instance, the military mission against smugglers on the Libyan coast, as discussed here). Others will be addressed later: a broader reform of legal migration law and changes to the rules on asylum procedures and the ‘Dublin’ rules on responsibility for asylum-seekers.

The first batch of measures contained five different elements. First of all, the Commission launched a public consultation on the reform of the existing EU law providing for a ‘Blue Card’ for the admission of highly-skilled non-EU migrants. I have commented previouslyhere on the implementation of this law and the reforms to it which should be adopted.

Secondly, the Commission released an Action Plan against migrant smuggling. This mainly elaborates upon several ideas mentioned already in the main agenda. This includes: a revision of EU anti-smuggling law, planned for 2016, to increase smugglers’ penalties and clarify humanitarian exceptions from the rules; possible new rules on immigration liaison officers in 2016; a Handbook on expulsion in 2015; a possible revision of the rules on trafficking victims, in 2016, to include ‘victims’ of smuggling; a revision of the legislation on Frontex (the EU border agency), to give it more powers relating to expulsion; changes to the rules on the Schengen Information System in 2015-16, so that all Schengen Member States’ entry bans are applicable across the Schengen area; a handbook on prevention of migrant smuggling in 2017; readmission agreements with sub-Saharan countries; and stronger enforcement of the rules prohibiting employment of irregular migrants. Most of these measures concern all irregular migrants, not just those who were smuggled to the EU.

Thirdly, the Commission adopted a Recommendation on the resettlement of refugeesdirectly from outside the EU to EU Member States. The text of this measure has not yet appeared, and so I can’t comment on it in detail. Obviously though, as a Recommendation it is non-binding, and as an act of the Commission, it does not need the approval of the Council or the European Parliament. According to the new Immigration Agenda, there will be EU funds attached to each resettled refugee, so Member States are encouraged to resettle people. It is a useful measure to ensure that a bigger number of persons are rescued without having to risk their lives or pay smugglers to cross the Mediterranean, although the overall numbers are likely to be modest.  In the event that Member States do not make use of the Recommendation to resettle refugees, the Migration Agenda promises a proposal for a binding measure, although it might be hard to find sufficient support in Council for its adoption.

Fourthly, the Commission issued guidance on the fingerprinting of asylum-seekers, as provided for in the EU’s Eurodac legislation, which sets up a database of such fingerprints in order to apply the ‘Dublin’ rules more effectively. In the Commission’s view, any irregular border-crosser who refuses to give fingerprints ought to be detained, expelled and subjected to an entry ban, in accordance with EU asylum law and the Returns Directive. Alternatively, Member States could force them to take fingerprints, with apossible exception for pregnant women and minors. Frankly, the correct application of the EU’s Dublin system is not worth the health of life of a single unborn child.

Moreover, the Commission appears to be confused about the details of the relevant legislation. It would be necessary to prove that refusal to take fingerprints ‘avoids or hampers the preparation of return or the removal process’ to justify detention under theReturns Directive; but the purpose of the fingerprinting is mainly to apply the Dublin asylum rules, not to ‘prepare the return and/or carry out the removal process’, which is the legal basis for detention of irregular migrants under the Returns Directive. Furthermore, the rules on entry bans in that Directive make no reference to the issue of fingerprinting. As for asylum-seekers, the paper is correct to say that they can be detained in order to ‘verify their identity and/or nationality’ in the EU’s Reception ConditionsDirective. However, for asylum-seekers who have been fingerprinted already by a Member State and then apply for asylum in a second Member State, the Commission fails to mention that the Dublin rules apply. They permit detention only where there is a ‘significant risk of absconding’, which does not automatically follow from a refusal to be fingerprinted.

Fifthly, the Commission proposed a Decision on relocation of asylum-seekers between Member States. This is the only one of this week’s proposals which would (if adopted) be legally binding. Like most Commission proposals, this needs a qualified majority of Member States to support it in the Council; unlike most EU law, the European Parliament need only be consulted. It seems from press reports that there will be a ‘blocking minority’ of Member States preventing its adoption, unless some of them change their position. It’s also possible that it will be agreed, but with major changes. But for now, let’s look at what the proposal would do if adopted.

The main thrust of the proposal is to derogate from the usual ‘Dublin’ rules as regards Italy and Greece, and distribute about 40% of the asylum-seekers which would normally be the responsibility of those Member States under the Dublin rules to other Member States. Due to opt-outs, the other Member States will not include Denmark or the UK, although it seems possible that Ireland will opt in. The proposal also will not apply to the non-Member States bound by the Dublin rules (Norway, Switzerland, Iceland and Liechtenstein). It would effectively be a regime within a regime, with only 25 or 26 of the 32 Dublin States applying it.

The relocated asylum-seekers will be split 60/40 between Italy and Greece, and will be allocated to other Member States on the basis of the criteria set out in the Annexes to the proposal. Relocation will be selective, applying only to those nationalities whose applications have over a 75% success rate in applications for international protection. It’s clear from the proposal that the Commission believes that only Syrians and Eritreans will qualify. The Member State of relocation will be responsible for considering the application, and asylum-seekers and refugees will not be able to move between Member States, in accordance with the normal Dublin rules. (After five years’ residence, refugees can move between Member States, according to the EU’s long-term residence Directive).

Besides the nationality criterion, who will be relocated? Asylum-seekers must be fingerprinted in order to qualify. The selection of asylum-seekers will be made by Italy and Greece, who must give ‘priority’ to those who are considered ‘vulnerable’ as defined by the EU reception conditions Directive. This refers to a long list of people:

‘such as minors, unaccompanied minors, disabled people, elderly people, pregnant women, single parents with minor children, victims of human trafficking, persons with serious illnesses, persons with mental disorders and persons who have been subjected to torture, rape or other serious forms of psychological, physical or sexual violence, such as victims of female genital mutilation’

Implicitly, the other Member States must accept the asylum-seekers nominated by Italy and Greece, except that they can refuse relocation if it’s ‘likely that there are national security or public order concerns’.

What about the asylum-seekers themselves? There is no requirement that they consent to their relocation or have the power to request it. The proposed Decision only requires Italy and Greece to inform and notify the asylum-seekers about the relocation, and the Commission suggests that they could only appeal against the decision if there are major human rights problems in the country to which they would be relocated. So neither the relocation itself, nor the choice of Member State that a person will be relocated to, is voluntary. This is problematic, since forcing asylum-seekers to a country that they don’t want to be in is one of the key problems facing the Dublin system already.

Of course, it’s possible that like children left in an orphanage who weren’t picked by new parents, there will be rather more asylum-seekers disappointed that they were notselected for relocation.  Do they have the right to a legal challenge? Arguably yes, to the extent that Italy and Greece select people who are not vulnerable for relocation, in light of their legal obligation to select vulnerable persons as a priority.

Asylum-seekers do have the right to insist that their core family members (spouse or partner, unmarried minor children, or parents of minors) who are already on EU territory come with them to the relocated Member State. It’s not clear if Member States could count the transfer of family members towards their overall quota. If the asylum-seekers obtain refugee status in the State of relocation, they could also apply for family reunion under the EU’s family reunion Directive.

Similarly, it’s not clear if Member States can count towards their overall quota asylum-seekers who would normally be the responsibility of Italy and Greece, but who have already found their way on to another Member State’s territory. This might be termed relocation sur place. According to the rules in the Decision, this would in any event depend upon the willingness of Italy and Greece to designate such asylum-seekers for relocation. And as the Commission notes, persons who would already be the responsibility of Greece cannot be sent back there anyway due to the collapse of the asylum system in Greece, according to the CJEU ruling in NS (the position regarding Italy is more qualified: see thediscussion of last year’s Tarakhel judgment). Of course, it is possible that the relocation of significant numbers of asylum-seekers away from Greece will contribute to solving the systemic problems with that country’s asylum system in the foreseeable future.

Overall, if the Council is willing to agree to the proposed Decision, it is likely to make a significant contribution to solving the problems with the asylum systems of some Member States, although only the more significant review of the Dublin rules promised for 2016 (or a profound improvement in the situation of countries of origin or transit) could provide a long-term solution. It is very striking that while this proposal effectively admits that the Dublin system is profoundly dysfunctional, the separate set of fingerprinting guidelines issued on the same day adopts a tone of head-banging savagery to try and get that system to work.

A final question arising is the impact of the proposed asylum measures on the UK. While the UK has an opt out, some suggest that all asylum-seekers who reach the EU could ultimately obtain EU citizenship and then move to the UK. However, the proposed Decision only relocates asylum-seekers who have already reached the EU, rather than increase the total number of asylum-seekers. Furthermore, a recent fact check suggests that only a modest number of non-EU citizens get Italian nationality each year, and that Italy only grants refugee status to a handful of people. Indeed, the only prominent Italian citizen with an African background currently in the UK is Mario Balotelli – but I don’t want to intrude into the private grief of Liverpool football fans.