Tag: good administration

The new proposal on the security of EU informations: transforming the EU “Bubble” in an EU “Fortress” ? (2)

Notwithstanding all the shortcomings of the Commission’s legislative proposal, the challenge for the European Parliament (EP) and for the Council is now to bring some order to the information management inside the EU. This is particularly important given that the EU’s digital agenda provides the opportunity, as part of an increasingly-integrated public administration, to establish a virtual common working space, to categorise information to be shared, to establish different level of access and diffusion with the external world, within the EU institutions or to be exchanged with the member states.

However, to do so by respecting the principles of transparency, proportionality, efficiency and accountability requires the EP and the Council to share the same political vision. Notwithstanding the repeated public mantra invoking a more democratic and transparent EU, there is no way this requirement can be taken for granted. Suffice to recall that 23 years after the Regulation on access to documents came into force the Parliament, Council and Commission have not yet been able (or willing?) to establish a common platform displaying day by day the EU legislative process, and this is clearly not solely due to technical reasons.

The problem being political more than technical it should now be seen if the EP and the Council could find an interinstitutional agreement on such a complex issue in the next six months, given the political pressure of the end of the legislature. The Commission may have authored the proposal but, as co-legislators, the EP and Council bear all responsibility for its final content before EU citizens and before the Court of Justice.

This EP-Council legislative co-responsibility has been clearly framed at primary law level by the Treaty on European Union, according to which “The European Parliament shall, jointly with the Council, exercise legislative and budgetary functions,” (Article 14(1)) and: “The Council shall, jointly with the European Parliament, exercise legislative and budgetary functions” (Article 16(1)).

Revising and strengthening the Regulation on access to documents

The first issue on the agenda in negotiations on the security of information proposal should be how to strengthen, at the highest level, the aspects dealing with transparency and open administration, bearing in mind the different legislative “cultures” of the EP and the Council. This could be done by amending explicitly, and publicly, the Regulation on access to documents that the Commission is proposing to revise by stealth, through the information security proposal.

The first thing to do is to add to the legislative proposal a complementary legal basis of Article 15 TFEU, according to which the EP and the Council shall define “General principles and limits on grounds of public or private interest” governing the right of access to EU documents. Thereafter articles. 4, 9 and 12 of that Regulation should be amended by taking in account (at last!) the new constitutional situation arising from the entry into force of the Lisbon treaty and of the relevant CJEU jurisprudence in this domain.

The first set of amendments should enforce at secondary law level the fundamental notion of legislative transparency and its impact on legislative preparatory documents and debates.

It is worth recalling that the principle of legislative transparency (which is ignored by the information security proposal), has, since Lisbon, been imposed at primary law level by Article 15(2) TFEU, according to which: “The European Parliament shall meet in public, as shall the Council when considering and voting on a draft legislative act.” Regardless of the different legislative “culture” of the Council, the authors of the Lisbon Treaty also imposed specific obligations of legislative transparency even at the level of the definition of its meeting agendas with (Article 16(8) of the TEU).

With all these provisions, the EU legislative function becomes inherently intertwined with the obligation of transparency (as it should be in a democratic entity). This is consistent with the choice of the authors of the Lisbon Treaty, of modelling the EU legal order upon the constitutional principle of the separation of powers, adding to the administration and the judiciary (provided for by the previous rules in Article 17 and Article 19 TEU) the EU legislative power (Articles 14 and 16 TEU). Thus, the legislative function has become an institutional, democratic and autonomous prerogative of the European Union, directly governed by several principles and rules of EU primary law. Under this constitutional framework, being transparent when acting as legislator has become a self-standing obligation upon the institutions, the scope of which does not depend on the aleatory condition of whether or not an individual has requested access to a legislative preparatory document.

In a way, since Lisbon, the institutions’ obligation to be transparent when acting as co-legislator is a different, even if parallel, regime to the pre-Lisbon access to documents regime. Moreover, if legislative preparatory documents are already public, why should citizens ask for them?

The idea that legislative procedures should be more transparent than non-legislative procedures was already present in the 2001 access to documents Regulation, thanks to specific EP amendments to the original Commission proposal. But, at the time, the very notion of legislative activity was substantially different from the one framed by the Lisbon Treaty. Transposing into secondary law the principle of legislative transparency as required by Article 15(2) TFEU is a long overdue obligation.

This can be easily done through two simple amendments to the Regulation on access to documents.

The first should change title of Article 4, which should become “Exceptions applicable to non-legislative documents.” It is worth recalling that in December 2011 the European Parliament voted, as co-legislator, for just such an amendment. This would have strengthened the principle of legislative transparency, but the EP amendment was not taken on board by the Council. Twelve years later and some months before the European elections it would be timely to convince the Council to stick to its obligation of legislative transparency

The second should amend Article 12(2) so that it reads: “2. In particular, legislative preparatory documents shall be made directly accessible.” This amendment is consistent with the previous one. There should no longer be any reference to Article 4 exceptions, nor to Article 9 on classified information – this has a special regime, as is discussed below.

Strengthening the efficiency of the non-legislative decision making process by amending the text of art.4 of Regulation 1049/01  

The non-legislative decision making process is dealt with in recital 11 and Article 4 of the access to documents Regulation and it already foresees several general exceptions to protect the internal debates in a given institution, agency or body in cases where a document’s disclosure would undermine the protection of one of the protected interests.

Since the adoption of Regulation 1049/01 the Court of justice has already framed more strictly the conditions under which these exceptions should be interpreted.

To quote a recent judgement of CJEU (points 67-70 of Ruling T-163/21, emphasis added) :

“..Since such exceptions derogate from the principle that the public should have the widest possible access to the documents, they must be interpreted and applied strictly… Where an EU institution, body, office or agency to which a request for access to a document has been made decides to refuse to grant that request on the basis of one of the exceptions laid down in Article 4 of Regulation No 1049/2001, it must, in principle, explain how access to that document could specifically and actually undermine the interest protected by that exception, and the risk of that undermining must be reasonably foreseeable and not purely hypothetical

According to the case-law, the decision-making process is ‘seriously’ undermined, within the meaning of the first subparagraph of Article 4(3) of Regulation No 1049/2001 where, inter alia, the disclosure of the documents in question has a substantial impact on the decision-making process. The assessment of that serious nature depends on all of the circumstances of the case including, inter alia, the negative effects on the decision-making process relied on by the institution as regards disclosure of the documents in question…”

The simplest solution would be to stick to the CJEU jurisprudence and amend Article 4 as follows (the proposed amendments are in bold):

Article 4 Exceptions applicable to non-legislative documents

1. The institutions shall refuse access to a document where disclosure would undermine the protection of:

(a) the public interest as regards:

– public security,
– defence and military matters,
– international relations,
– the financial, monetary or economic policy of the Community or a Member State;

(b) privacy and the integrity of the individual, in particular in accordance with Community legislation regarding the protection of personal data.

2. The institutions shall refuse access to a document where disclosure would undermine the protection of:

– commercial interests of a natural or legal person, including intellectual property,
– court proceedings and legal advice,
– the purpose of inspections, investigations and audits,

unless there is an overriding public interest in disclosure.

The EU Institution, Agency or body must, in principle, explain how access to a requested document could specifically and actually undermine the interest protected by the exception at stake, and the risk of that undermining must be reasonably foreseeable and not purely hypothetical.

3. Access to a document, drawn up by an institution for internal use or received by an institution, which relates to a matter where the decision has not been taken by the institution, shall be refused if disclosure of the document would seriously undermine the institution’s decision-making process, unless there is an overriding public interest in disclosure.

4. Access to a document containing opinions for internal use as part of deliberations and preliminary consultations within the institution concerned shall be refused even after the decision has been taken if disclosure of the document would seriously undermine the institution’s decision-making process, unless there is an overriding public interest in disclosure.

The decision-making process is ‘seriously’ undermined, within the meaning of the first subparagraph of Article 4(3) of Regulation No 1049/2001 where, inter alia, the disclosure of the documents in question has a substantial impact on the decision-making process. The assessment of that serious nature depends on all of the circumstances of the case including, inter alia, the negative effects on the decision-making process relied on by the institution as regards disclosure of the documents in question.

4. As regards third-party documents, the institution shall consult the third party with a view to assessing whether an exception in paragraph 1 or 2 is applicable, unless it is clear that the document shall or shall not be disclosed.

5. A Member State may request the institution not to disclose a document originating from that Member State without its prior agreement.

6. If only parts of the requested document are covered by any of the exceptions, the remaining parts of the document shall be released.

7. The exceptions as laid down in paragraphs 1 to 3 shall only apply for the period during which protection is justified on the basis of the content of the document. The exceptions may apply for a maximum period of 30 years. In the case of documents covered by the exceptions relating to privacy or commercial interests and in the case of sensitive documents, the exceptions may, if necessary, continue to apply after this period.”

One fundamental aspect ignored in the Commission’s proposal is a minimal framework for implementing art.13.2 TEU according to which “The institutions shall practice mutual sincere cooperation.” at least in the most common and frequent cases of procedures associating several agencies or, even, EU institutions.

A sensible solution would be to define a first list of these procedures, describe in advance the possible workflow and, without prejudice to the “nuclear option” of launching judicial procedures before the CJEU in case of conflicts of interpretation or failure to act, to define a “mediation mechanism” preventing or solving the conflicts in a transparent and friendly way.

This issue should be further examined by the co-legislator. At first sight, in the case of EU Agencies the role of Mediator may be played by the European Commission and in the case of the EU institutions it may be the case of the EU Ombudsman.

In case of unsuccessful mediation the way to the CJEU will still be possible.

The new proposal on the security of EU informations: transforming the EU “Bubble” in an EU “Fortress” ? (1)

by Emilio DE CAPITANI

The Civil Liberties Committee (LIBE) of the European Parliament is currently working on a legislative proposal (2022/0084(COD)) dealing with information security in the institutions, bodies, offices and agencies of the Union. At first sight the 76 pages long text looks “technical”, but looking closer it is clear that it may have a huge impact, not only from an organizational point of view, but also in a more political perspective. If adopted as it stands it may even pave the way for the transformation of the “EU Bubble” in a sort of (Administrative) Fortress and substitute the principle of “Transparency by design” with the principle of “confidentiality by design”.

In principle the objective, as announced in the title of the proposal, is legitimate: granting a comparable level of protection in all the EU institutions, agencies and bodies, for information and documents, which, according to the law, should be protected. To do so a wide interinstitutional coordination group is proposed, as well as a network of security officials in all the EU entities and a securitized  informatic network (TEMPEST) is foreseen.

So far so good, and if the content of the proposal was limited to these organizational aspects it could, even, be an example of administrative cooperation which may be consistent with the chosen legal basis for this Regulation eg art.298 of the TFEU.

What is worrying is the fact that, in parallel with the definition of the physical security of EU information, this proposal on one side redefines the conditions of treatment, access and sharing of all kinds of information/document treated by the EU Institutions, Agencies and bodies and, on the other side does not frame adequately the conditions of interinstitutional / interagency cooperation.

On the first aspect the new proposal, unlike what is declared by the EU Commission, completely overlaps and modify Regulation 1049/01 on access to public documents but following a completely different logic. If the principle of Regulation 1049/01 is to frame the right to know of EU Citizens by granting that everything is public unless a specific exception is applicable, the logic of the new Commission proposal, which mirror the logic of the current Council internal security rules, is that almost all internal documents should be protected and shared only with people with a recognized “need to know” unless the document is marked as “public”.

By replacing the “right to know” foreseen at the Treaty with the a “need to know” mechanism the proposed Regulation turn upside down the EU transparency principle as defined by art.1 of  the TUE according to which “..decisions are taken as openly as possible and as closely as possible to the citizen” and by art.15.1 of the TFEU which states that “In order to promote good governance and ensure the participation of civil society, the Union’s institutions, bodies, offices and agencies shall conduct their work as openly as possible.” Last but not least the new proposed framework goes against the notion of openness echoed in art 298 TFEU which requires that the EU administration should not only be Independent and efficient but also “Open”. Recognizing, as the new proposal does, to each EU institution agency and body the possibility to “protect” its internal information/documents by invoking the very fuzzy notion of “harm” as described in the proposal (“to the legitimate public and private interests, measured as a combination of the likelihood of threats occurring and their impact”…) the new draft Regulation threatens in a fundamental way the right to access to legislative and non legislative information as required by art.15 of the TFEU and by Regulation 1049/01.

To put it short: with this new envisaged legal regime the Commission (by the endorsing at legislative level the Council internal security rules) is proposing to the EP to go back to the pre-Maastricht era when it was up to the EU institutions to decide if giving access to their internal documents. But since Amsterdam (with the art.255 of the TCE) and, even more, since Lisbon, this practice is no more compatible within an EU which is bound by the rule of law and where there should not be space for dark zones. It is therefore quite surprising that until now the EP has not proposed to the legislative proposal substantial amendments which may adequately preserve the Transparency principle in the EU institutional framework.  

On the second aspect this proposal is also failing short from implementing the principle of an independent and efficient administration as required by art.298 TFEU because by transforming each EU Institution agency and body in a sort of  sandbox it will make extremely difficult implementing the principle of sincere cooperation foreseen by art 13.2 of the TUE. In an European Union where in most cases interagency and interinstitutional cooperation is essential to achieve the missions foreseen by the Treaties it is highly problematic insisting on each EU entity independence without foreseeing by law mechanism of  a structured interinstitutional and interagency cooperation (outside the enhanced cooperation on protecting each other secrets).

Not providing legal procedures for arbitration and conflict prevention this proposal paves the way to a permanent  conflictual administrative framework. Referring to the fact that the Court of Justice may solve possible problems of interpretation of a badly designed legislation or solve potential cases of failure to act by all these EU entities is a very bad approach for a legislator which is deemed to be guided by the principle of granting legal certainty to EU Citizens and to the EU administration. Furthermore it is quite bizarre that the European Ombudsman has not been associated or consulted on the proposal at stake.

(to be continued)