Friday, 17 September 2021

On Flights, Rock Concerts and the Needle in a Haystack A report from the Court of Justice of the European Union’s oral hearing on the PNR directive


 



 

Christian Thönnes, research assistant at the Department of Public Law of the Max Planck Institute for the Study of Crime, Security and Law in Freiburg.

Christian Thönnes ist wissenschaftlicher Mitarbeiter in der Abteilung Öffentliches Recht des Freiburger Max-Planck-Instituts zur Erforschung von Kriminalität, Sicherheit und Recht.

 

13 July 2021 was a potentially fateful day for the balance of privacy and security in the European Union. The Court of Justice of the European Union (CJEU) held an oral hearing in its preliminary ruling procedure C-817/19. Following a legal challenge undertaken by the Belgian NGO Ligue des Droits Humains, the Constitutional Court of Belgium had submitted ten preliminary questions to the CJEU (arrêt n°135/2019 du 17 octobre 2019). These questions concern the interpretation of Directive (EU) 2016/681 of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime (in short: PNR Directive) and its compatibility with EU primary law. The hearing did offer important insights into the court’s thinking. Especially judge-rapporteur Mr. von Danwitz asked the EU Commission many critical questions which do not appear to portend good news for proponents of this unprecedented surveillance measure. After having worked on a similar case for the Berlin-based strategic litigation NGO Gesellschaft für Freiheitsrechte, I attended the oral hearing. I am providing this entry as a brief summary and analysis.

 

This report hopefully encapsulates the high stakes of the case in question: The PNR preliminary ruling procedure could result in a landmark decision, laying the doctrinal groundwork not only generally for the mass retention of travel data in the name of defending security, but more specifically for the deployment of self-learning algorithms in order to pre-emptively detect presumptively suspicious movement patterns. As such, the CJEU has to deal with one of the first EU-wide, large-scale use cases of predictive policing. If the court were to essentially approve of this paradigm shift, a radical expansion of technology-driven surveillance to all sorts of ordinary human behavior, regardless of individual prior suspicion or imminent threat, could ensue. In its national transposition law, the Belgian parliament, for instance, decided to expand the PNR’s scope of application beyond only aviation to international trains, busses and ferries (Doc. parl., Chambre, 20152016, DOC 54-2069/001, p.7). 

 

The PNR Directive: An unprecedented tool of technology-driven mass surveillance

 

The PNR Directives obliges EU Member States to require air carriers to transmit a set of data for each passenger to national security authorities, so-called “Passenger Information Units”. PNR (passenger name record) datasets contain unverified information provided by passengers to the airlines or to a travel agency in order to facilitate the processing of each flight. The exact content of these PNR datasets depends on the commercial needs of each airline. All necessary data categories to be transmitted are defined in the PNR Directive’s Annex I. They encompass clearly-defined data items, for example, date of birth, details of accompanying persons, travel itineraries, or baggage information, but also loosely-defined items such as “general remarks” made by the aviation staff.

 

After their reception by the PIUs, PNR datasets are then automatically compared against databases “relevant for the purposes of preventing, detecting, investigating and prosecuting terrorist offences and serious crime” (Art. 6 § 3 letter a), as well as against “pre-determined criteria” (Art. 6 § 3 letter b). The latter are used “to identify ‘unknown’ suspects” (EU Commission PNR Directive Proposal, SEC(2011) 132, p. 12). What exactly these pre-determined criteria are, is not really defined in the PNR Directive’s text. Art. 6 § 4 only lays out that they ought to be “targeted, proportionate and specific”, as well as not based on “a person's race or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health, sexual life or sexual orientation”. Their general purpose, however, is to extrapolate suspicious patterns passengers’ flight behaviors. Research (Korff, Passenger Name Records,data mining & data protection:the need for strong safeguards, p. 4; Rademacher, Predictive Policing im deutschen Polizeirecht, AöR 2017, 366, 410-415; Sommerer, Personenbezogenes Predictive Policing, S. 96-98), policy papers and the GFF generally discuss “pre-determined criteria” as a likely product of self-learning algorithms

 

According to Art. 6 § 5, once a “hit” occurs – meaning an automatically generated match between a PNR dataset and either a database or pre-determined criteria – it is “reviewed by non-automated means”. Verified hits can then be transmitted to other national competent law enforcement authorities on a “case-by-case basis” (Art. 6 § 6), or to other Member States (Art. 9) or, under additional conditions, to third countries (Art. 11). These authorities can then decide to take further action under their respective national law. The PNR Directive itself only requires the collection of PNR data for all flights entering and exiting the EU but recognizes Member States’faculty to extend its scope to intra-EU flights. Almost all Member States proceeded to do just that. PNR data are stored for six months in raw form and, after that, for another four-and-a-half years in a (reversibly) pseudonymized form (Art. 12).

 

EU Member States scramble to defend the PNR Directive’s proportionality

 

As always, the hearing opened with opening statements by the parties, Member States and EU institutions. This turned out to be a rather one-sided affair, given the fact the plaintiff’s representative faced a united front of eleven delegations from Member States and EU institutions, all in favor of the PNR Directive. They all defended against the charge that the PNR Directive was a disproportionate affair mainly by providing anecdotal evidence of its usefulness and by characterizing the relevant interferences with fundamental rights as not particularly severe.

 

First of all, many Member States pointed to the CJEU’s recent Opinion 1/15 of 26 July 2017 on the Draft PNR Draft agreement between Canada and the European Union. In that opinion, they argued, the CJEU had not generally prohibited the mass retention of PNR data; neither did it, in principle, object to a five-year retention period. And, they asked, were PNR data not much safer within the realms of the PNR Directive than in Canada, they suggested, as data stored on European servers remain protected by the GDPR and other legal regimes? Member States’ representatives failed to mention, however, that the CJEU considered the Draft PNR Agreement to be incompatible with Articles 7, 8 , 21 and Article 52 § 1 CFR. It did so due to the Draft Agreement’s lack of clear and precise criteria, substantive and procedural, for the automated processing of PNR data. It also criticized the lack of a required link, such as new circumstances of threat, between the Agreement’s stated objective (averting terrorist threats) and the prolonged retention and processing of PNR data (n° 232). As pointed out above, the PNR Directive perpetuates this dissatisfying state of vagueness (see its Art. 6 § 4) and even extends it beyond the Draft Agreement’s scope of serious cross-border crimes to any crime of some (but not necessarily exceeding) gravity, such as fraud (Annex II, Number 7) or the facilitation of unauthorised entry and residence (Number 11).

 

Second, Member States pointed to evidence of the PNR Directive’s effectiveness in combatting crime. The Belgian government, for example, mentioned the interception of human trafficking victims on Belgian airports. The French government lauded the PNR Directive for enabling it to stop and arrest a person running an illegal prostitution ring who was en route to Bangkok, accompanied by several minors. The Polish government talked about detecting illegal imports of cigarettes from Poland to Germany, and about Ukrainian nationals attempting to use flights for illegal immigration. It was striking, however, that all this evidence remained purely anecdotal. Just like the EU Commission in its Evaluation Report, Member States never provided any detailed statistical evidence on the PNR Directive’s contribution to the prevention, detection, investigation or prosecution of terrorism or serious crime. It also remained unclear, throughout the hearing, whether and, if so, how many of the cases provided by Member States could have been detected by previously existing data processing methods.

 

Third, most Member States contended that the PNR Directive did not result in a particularly severe interference with the right to respect for private and family life (Article 7 CFR), and the right to the protection of personal data (Article 8 CFR). The PNR Directive, they opined, prohibited the processing of sensitive personal data (see Article 13 § 4 and Recital 37). Some Member States, like Germany, Ireland, Spain, and Cyprus, leaned into that claim by forcefully asserting that all pre-determined criteria in use were assembled by humans, not by self-learning algorithms. Their opening statements were characterized by emphatic renouncements of such algorithms as processing tools. The Dutch government even went so far as to claim that the PNR Directive prohibited the use of artificial intelligence or self-learning algorithms for the creation of pre-determined criteria. This assertion, however, appears rather implausible at the least. In academic literature, the PNR Directive was seen as a blueprint for the use of self-learning algorithms (see references above). The Directive contains no explicit prohibition of artificial intelligence. The European Parliamentary Research Service mentions the PNR Directive in its report on the use of “Artificial Intelligence at EU borders” (pages 18-19). Artificial intelligence only works when fed with gigantic amounts of data. That is why Article 6 § 2 letter c of the PNR Directive allows “analysing PNR data for the purpose of updating or creating new criteria to be used in the assessments carried out“ [through pre-determined criteria].

 

Judge von Danwitz’ questions

 

Much more interesting than the (quite repetitive) jubilant opening statements was the oral hearing’s second part: questions by the court. The majority of this part was characterized by an exchange between judge-rapporteur Professor von Danwitz and the EU Commission’s representative. Judge von Danwitz structured his questioning into four topics: The statistical reliability (or fallibility) of the PNR system (1), the severity of fundamental rights interferences produced by the PNR Directive (2), discriminatory effects of the PNR system (3), and the overall proportionality of the system (4).

 

(1) Judge von Danwitz began by referencing concerningly high false-positive rates mentioned in the Member States’ respective statements. In its Evaluation Report, the EU Commission writes on page 28 that, in 2019, “0.59% of all passengers whose data have been collected have been identified through automated processing as requiring further examination”. Only 0.11% of all data, however, were verified by humans and then transferred to law enforcement authorities. This suggests, as Judge von Danwitz emphasized, a false-positive rate of more than 81 %. Moreover, it remains uncertain whether the remaining 19 % of datasets were legitimately process, thus making a definitive assessment of the full false-positive rate impossible.  Referencing the COVID pandemic in questioning the PNR system’s suitability for its intended purpose, Judge von Danwitz quipped: “If a PCR test operated with a sensitivity of 19%, I doubt it would be welcomed with open arms” (The original words were spoken in French. Translations are my own). While these numbers may intuitively feel small, consider this: When the German transposition law was adopted, the German government expected roughly 170 million yearly affected flight passengers (Gesetzesbegründung, BT-Drs. 18/11501, S. 23). This would mean that, in Germany alone, 187,000 people could be subjected to false automated suspicion every year.

 

In fact, these EU numbers are no anomaly. Similar false-positive rates have been reported by Member States: In a GFF case before the Administrative Court of Wiesbaden (docket number 6 K 806/19.WI), the Bundeskriminalamt, which functions as the German PIU, reported that 31,617,068 processed PNR datasets yielded 237,643 automatic matches. After human review, only 910 matches remained, resulting in a false-positive rate of 99.6%. Out of these 910 matches, 396 investigations went dry because the affected flight passengers were not identical with the actual wanted persons –leading to even more serious false suspicions. This rate, mind you, only pertains to database matches – one is left to imagine the error rate of the much more volatile matching procedure against pre-determined criteria.

 

As Judge von Danwitz pointed out, there is a statistical reason for such high rates: Base rate fallacy. Base rate fallacy denotes the phenomenon that when you are looking for very rare incidents in very large datasets, even extremely sophisticated detection tools will likely yield more false-positives than true-positives. Out of all EU flight passengers, extremely few will be actual terrorists or serious offenders – European law enforcement is looking for the proverbial needle in a haystack. Adding more hay to the stack will not allow them to find more needles – needles remain just as rare and elusive.

 

Confronted with this criticism, the EU Commission pointed to the legislator’s limited responsibility for mathematical limits: "There are mathematical limits and errors, but the legislator is not required to conduct mathematical demonstrations.".

 

(2) Judge von Danwitz then proceeded to refute the Member States’ and EU institutions’ claim that, since the PNR Directive does not result in the processing of particularly sensitive data, it does not constitute particularly severe interferences with Articles 7 and 8 CFR. In so doing, he drew an explicit comparison with telecommunications data which were the subject of Digital Rights Ireland, another landmark CJEU decision on mass data retention. While acknowledging that telecommunications data may per se contain more sensitive information than passenger data, he pointed out that, when determining the severity of interferences, one must also take into account the scale and method of processing: Firstly, while Directive 2006/24/EC intended that the majority of telecommunications data be accessible but remain unscrutinized, the PNR Directive provides for the automated analysis of every single PNR dataset. Secondly, Judge von Danwitz emphasized that the deployment of data mining through self-learning algorithms intensified the severity of the interference (thus also casting aside the renouncements put forth by many Member States).

 

The EU Commission agreed with Judge von Danwitz’ analysis in principle (“Oui, certainement, la gravité de l’ingérence est déterminée dans la manière où le Data Mining se fait.") but contended that there were different degrees of Data Mining ("Il y a Data Mining et Data Mining."). They claimed that the safeguards included in the PNR Directive rendered the Data Mining at hand rather minor.

 

(3) Judge von Danwitz then turned to the lack of clear criteria for the individual review of automated matches by non-automated means, as per Article 6 § 5. He pointed out that this vagueness opened room for discrimination. When the EU Commission responded that discrimination was prohibited under Article 6 § 4, Judge von Danwiz replied that indirect discriminations certainly remained possible – which the EU Commission admitted (“un risque de discrimination indirecte existe toujours"). Judge von Danwitz then asked why the EU legislator did not include more provisions in the text in order to mitigate the risk of indirect discrimination – given the extremely high false-positive rate of over 80 %. The EU Commission responded that there were limits to the specificity that can reasonably be expected from any legislator (“tout législateur a des limites lorsque l’on doit réglementer une activité minutieuse et détaillée"). Responding to this, the European Data Protection Supervisor proposed a reversal of the burden of proof as a possible solution, but this was rejected by the EU Commission because, according to them, that would presuppose that “everyone is automatically a victim”. 

 

(4) Judge von Danwitz’ fourth line of questioning turned on the overall proportionality of the PNR system. His questions mainly focused on the (lack of a) link between the occasion for mass data retention – taking a flight – and the PNR Directive’s stated purpose – combatting terrorist offences and serious crime. The lack of clear criteria buttressing this link was one of the CJEU’s main sources of concern in its Opinion 1/15 (see n°217). The EU Commission responded that criminals specifically use the convenience of international air travel to orchestrate their crimes. Judge von Danwitz proceeded by pointing out that the notion that locations and behaviors suitable for crime should be subjected to mass surveillance was stretchable to an almost unlimited extent. “Why not rock concerts?”, he asked. “Why not museum visits?”. Surprisingly, the EU Commission basically agreed with him, saying that yes indeed, rock concerts could be prone to drug-related offenses (“I don’t have any police experience, but I could imagine that there could be much drug-related crime occurring at rock concerts.”).

 

Lingering doubts regarding the PNR system’s proportionality

 

By no means can this report paint a full picture of what was said during the oral hearing or what is to be considered when assessing the mass surveillance of flight passengers. For example, other questions raised by the Advocate General Pitruzzella concerned the vagueness around which databases would be “relevant” and could therefore be used for comparison (von Danwitz asked whether Facebook databases could be used), whether the unanimous extension of the PNR Directive’s scope to intra-EU flights was warranted or excessive, and whether the five-year-retention period was disproportionate. Advocate General Pitruzzella also inquired about external oversight of pre-determined criteria and whether false-positives were systematically used in order to improve algorithms (to which some Member States replied in the affirmative).

 

In my opinion though, the hearing shone a light on the PNR Directive’s manifold constitutional weaknesses. The EU Commission and Member States did not succeed in dispelling my lingering doubts about its underdeterminacy, its questionable suitability and effectiveness, its unchecked potential to produce large-scale discrimination. But chief among these weaknesses is the Directive’s sheer excessiveness: It is just disproportionate to take ordinary human behavior and use it as an opportunity to unleash an unprecedented degree of technology-fueled surveillance upon hundreds of millions of European flight passengers and to sift through mountains of useless, potentially discriminatory data, just to – maybe, kind of – detect a handful of criminals.

 

Photo credit: Juke Schweizer, via Wikimedia Commons

Monday, 16 August 2021

A Curia Mundi? The CJEU’s Judgment in Case C‑872/19 P Venezuela v Council




 Eva Kassoti* and Alina Carrozzini**

 

*Senior Researcher, CLEER academic co-ordinator, T.M.C. Asser Institute. E-mail: E.Kassoti@asser.nl

 

**MPhil/PhD Candidate, Dickson Poon School of Law, King’s College London. Email: alina.carrozzini@kcl.ac.uk

 

In its judgment of 22 June 2021 the Grand Chamber of the Court of Justice ruled that Venezuela has legal standing to challenge a series of EU restrictive measures provided that the rest of the conditions of Art. 263 (4) TFEU are fulfilled (for an earlier analysis on the judgment see here and here). The ruling is an important development: (a) in the context of challenges to restrictive measures before EU courts; (b) more broadly, in the context of EU procedural law since it settles the question of whether third States have legal standing to challenge acts before EU courts; and c) in the context of judicial review of international sanctions imposed against Venezuela (in December 2018 Venezuela launched a WTO complaint against similar US economic sanctions – which is still pending).

 

The case at hand is an appeal against the General Court’s judgment of 20 September 2019. The General Court held that Venezuela was not directly concerned by those measures, and thus, that it lacked standing under Art. 263(4) TFEU – without however addressing the question of whether Venezuela is a legal person within the meaning of the same provision.  By way of contrast, the Grand Chamber of the Court of Justice followed the Opinion of AG Hogan (for analysis, see here) – and concluded that Venezuela is a legal person within the meaning of Art. 263(4) TFEU and that it is directly concerned by the restrictive measures. On this basis, the Court of Justice referred the case back to the General Court for judgment on the merits.

 

The aim of this blogpost is: a) to briefly sketch out the Court’s line of argumentation and conclusions on (arguably) the most important aspect of the judgment, namely that of the legal personhood of third States within the meaning of Art. 263(4) TFEU; and b) to provide some remarks regarding the broader implications of the judgment.

 

Summary of the CJEU’s position regarding the legal personhood of third States within the meaning of Art. 263(4) TFEU

 

From the outset, the Court noted that the concept of a ‘legal person’ for the purposes of Art. 263(4) TFEU is an autonomous concept of EU law and that, therefore, in interpreting this provision not only the text, but also the context and its purpose must be taken into account (para. 42). Following a textual approach, the Court stressed that the wording of the provision suggests that no category of ‘legal persons’ is to be in principle excluded from bringing proceedings before EU courts (para. 43). On this basis, it was argued that the relevant concept should not be interpreted strictly (para. 44). In this respect, the Court recalled that, in accordance with its previous case-law on the matter, different types of entities such as local or regional entities (e.g. Nederlandse Antillen v Council); public entities (e.g. Deutsche Bahn and Others v Commission); or even organisations with no legal personality that have been subjected to restrictive measures (e.g. PKK and KNK v Council) may bring proceedings under Art. 263(4) TFEU (paras. 45-47).

 

Turning to a contextual and teleological interpretation of the provision, the Court considered that Art. 263(4) TFEU should be interpreted in the light of the EU’s values and principles governing its external action. According to the Court, the principle of effective judicial protection is an integral part of the rule of law. In turn, the rule of law constitutes one of the founding values of the Union as well as a guiding principle of its external action (Art. 21 TEU) including the CFSP (Art. 23 TEU) (paras. 48-49). On this basis, the Court concluded that interpreting Art. 263(4) TFEU “in the light of the principles of effective judicial review and the rule of law militates in favour of finding that a third State should have standing to bring proceedings, as a legal person,” – provided that the rest of the conditions set out therein are fulfilled (para. 50). The Court swiftly dismissed the argument to the effect that allowing third States standing before EU courts to challenge EU acts would risk compromising the reciprocity between the EU and third States – as there is no guarantee that the EU would be able to challenge similar national measures adopted by those States. According to the Court, the obligation of the EU to ensure respect for the rule of law cannot be made contingent on reciprocity (paras. 51-52). In this light, the Court concluded that Venezuela, as a State with international legal personhood must be regarded as a legal person within the meaning of Art. 263(4) TFEU.

 

Remarks on the Venezuela Judgment

 

The judgment is of particular importance since it finally settles the important procedural question of whether third States have legal standing to bring actions for annulment against restrictive measures. Although the General Court has accepted this possibility in the past, the context in which those rulings were made was not that of restrictive measures as is the present one (Cambodia and CRF v Commission, para. 51; Poland v Commission, paras. 51,52; Switzerland v Commission, para. 22). In the context of restrictive measures, the judgment attests to the growing willingness of the Court to allow the judicial review of those measures before EU courts. This line of case-law confirms that the Union’s commitment to the rule of law and to effective judicial protection extends to the CFSP (H v Council, para. 41; Bank Refah Kargaran v Council, para. 35). The ruling could have broader implications for the future of EU sanctions. First, it could pave the way for subsequent actions for damages brought by third States before EU courts. Secondly, it could have a chilling effect on the Council’s readiness to adopt restrictive measures in the future.

 

The Court did not address the argument on the basis of reciprocity in extenso. However, this argument was relied upon by the parties to the appeal and it is worth addressing in some detail. This argument assumes that the relationship between the EU and third States, in this particular context, is governed by international law (paras. 29, 30). One of the basic principles of international law is the principle of reciprocity; hence, to allow third States to bring an action before EU courts against an EU act – without first ascertaining that the EU also has reciprocal access to the courts of the third State - would undermine this principle (para. 30). However, the very premise of this argument is flawed since the question at bar is not governed by international law. It is, indeed, true that reciprocity is a basic principle of international law and also a structural principle of EU external relations law.

 

However, as AG Bot noted in Opinion 1/17 on CETA (para. 77), this principle pertains to the EU’s external treaty relations. Importantly, the question at bar does not relate to an international agreement concluded between a third State and the EU; rather, it concerns the issue of whether one State allows another State to bring suit before its domestic courts. This issue is not governed by public international law; as discussed earlier, comity is a domestic law doctrine under which deference is afforded to foreign states to bring suits before domestic courts as plaintiffs. Thus, the principle of reciprocity is not applicable in this context. The relevant jurisprudence of US courts shows that there are further reasons that militate against the extension of the principle of comity to the question of standing of third States to sue (Banco National de Cuba v Sabbatino judgment by the US Supreme Court, p. 376). First, refusal to allow suit on grounds of reciprocity would, in essence, preclude the judicial review of an act affecting the interests of a third State – thereby, making it impossible for a court to examine whether the dispute has been fairly resolved. Secondly, making standing contingent upon reciprocity would necessarily involve investigating the precise legal status of the EU before foreign courts – a task that would involve making difficult determinations about the formal structure of foreign judicial legal systems.

 

In a similar vein, the Court did not address the Commission’s argument to the effect that the definition of a ‘legal person’ within the meaning of Art. 263(4) TFEU and, hence, the question of third States’ access to EU courts depends on the nature of the acts carried out by that State (para. 37). The Commission relied on the distinction between acts carried out in a private capacity (acta jure gestionis) and acts carried out in the exercise of State sovereignty (acta jure imperii) and argued that, according to international law, a State cannot be subjected to the jurisdiction of another State in relation to acts carried out in a sovereign capacity – a corollary to the principle of sovereign equality of States (para. 37). It is worthwhile addressing this point briefly. This argument is erroneous to the extent that it is premised on the idea that the question at bar touches upon the issue of State immunity under public international law. More specifically, the distinction between acta jure gestionis and acta jure imperii is a distinction made for the purpose of delimiting the scope and limits of a State’s immunity from suit under public international law (ICJ, Jurisdictional Immunities of the State, para. 60). However, State immunity is an international law doctrine according to which a State cannot be sued before the courts of another sovereign State without its consent. As such, it does not imply that third States are barred themselves from appearing as claimants before foreign courts – as Art. 8 of the 2004 UN Convention on Jurisdictional Immunities of States and their Property makes abundantly clear, an issue which is a matter of domestic law.

 

Ultimately, the judgment is important for the EU’s external posture. By directly linking the question of access of third states to EU courts with the principles of effective judicial protection and the rule of law the judgment consolidates the image of the EU as a confident global actor with a distinct commitment to upholding its foundational values in shaping its relations with the outside world.

 

Barnard & Peers: chapter 24

Photo credit: JunCTionS, via Wikimedia Commons 






Tuesday, 10 August 2021

Copyright and the Internet: Poland v Parliament and Council (Case C-401/19), Opinion of the Advocate General, 15 July 2021


 


Lorna Woods, Professor of Internet Law, University of Essex

 

Introduction

 

The development of ‘web 2.0’, especially social media, has meant that many people are able to post content to potentially large audiences.  The amount of content, however, and how to manage conflicting rights between different users has led to debate about the role of the platforms in helping remedy the problems that the platforms facilitate (that come along with the benefits the platforms enable).  One particular issue is the acceptability of the use of filtering technologies, especially from the perspective of the freedom of expression of the user of the work.  It has come before the courts before, when the courts – in the context of copyright claims - had expressed concerns about those techniques.  Given the quantity of material uploaded, however, it is hard to envisage that in person ex post review of content would be possible, let alone effective.  The problem of copyright enforcement remains – and the ‘value gap’ created by mass unauthorised use of protected works. Platforms have had little incentive to prevent the problem from arising – indeed it could be said the platforms benefitted (through advertising revenue) from the existence of this content. The ex post system – whereby copyright holders notify and the platform removes content to maintain its immunity under Article 14 e-Commerce Directive – has not been seen as effective by rights-holders.

 

This problem had led to the overhaul of the copyright regime and the enactment of the Copyright Directive in the Digital Single Market (Directive 2019/790), a proposal that during the legislative process was subject to extensive lobbying.  The result is a directive which aims to reduce the ‘value gap’ and to rebalance matters more in favour of the creators of content with the introduction of a new press publisher’s right (Article 15) and, notably, Article 17 which covers use of protected content by online content-sharing service providers.  Article 17, however, was contentious, leading to this challenge by Poland, and the recent Advocate-General’s opinion. While it is important in understanding the scope of Article 17 itself, we might also ask whether the reasoning here might have broader implications.

 

Provisions in Issue

 

Article 17 changes (or clarifies) the position under copyright that the platforms caught by the definitions in the directive will automatically be considered to be carrying out 'acts of communication to the public or making available to the public' when they give the public access to copyright-protected content uploaded by users, and therefore require authorisation from the relevant content owners. Article 17(3) displaces Article 14 e-Commerce Directive, which provides conditional immunity from penalties to neutral hosts. Article 17(3) provides that, if there are no relevant licensing arrangements in place, the platforms will only be able to maintain immunity if they satisfy the terms of Article 17(4). Article 17(4) introduces 4 cumulative conditions (arranged across 3 subparagraphs) – that the platform has:

 

(a) made best efforts to obtain an authorisation, and

 

(b) made, in accordance with high industry standards of professional diligence, best efforts to ensure the unavailability of specific works and other subject matter for which the right-holders have provided the service providers with the relevant and necessary information; and in any event

 

(c) acted expeditiously, upon receiving a sufficiently substantiated notice from the right-holders, to disable access to, or to remove from their websites, the notified works or other subject matter, and made best efforts to prevent their future uploads in accordance with point (b).

 

While the first part of Article 17(4)(c) is similar to the conditions in Article 14 e-Commerce Directive, the other three elements are new.  Without dealing with any questions around the definitions of the platforms falling within this obligation, a number of questions arise: does Article 17(4) effectively require upload filters (and will they lead to overblocking); what are best efforts, especially in relation to the monitoring which is implied; and does Article 17(4) effectively require ‘general monitoring’ (despite the clarification in Article 17(8) that it should not lead to general monitoring).

 

Article 17(7) might be seen as an effort at counter-balance: it provides

 

The cooperation between online content-sharing service providers and right-holders shall not result in the prevention of the availability of works or other subject matter uploaded by users, which do not infringe copyright and related rights, including where such works or other subject matter are covered by an exception or limitation.

 

Significantly, the directive expressly lists the exceptions for quotation, criticism, review and for caricature, parody or pastiche.  There are also obligations (in Article 17(9)) relating to redress and complaints mechanisms, which some sections of industry have claimed are onerous.  Some of the vagueness around requirements might be dealt with by Commission guidance aimed at aiding coherent implementation of the directive; while this is now available, at the time the case was lodged it was not.

 

The Legal Challenge

 

The Issue

 

Poland issued a judicial review action, seeking annulment of the provision (either just Article 17(4)(b) and (c) or Article 17 in its entirety) on the basis of its incompatibility with freedom of expression as guaranteed by the Charter (Article 11 EUCFR), either by destroying the essence of the right or by constituting a disproportionate interference with that right.

 

The Nature of the Obligation

 

A preliminary issue concerned is the nature of the obligation imposed by Article 17(4) and whether it requires for preventive monitoring purposes the use of upload filters. While this is not explicitly required, the Advocate General took the view that, in many circumstances, the use of those tools are required [para 62]. Further, industry standards will have an impact on the decision as to what best practice is [para 65-6]. So, while the recitals provided considerations to assess what suitable methods would look like (see recital 66), this did not affect the assessment that the reality was the upload filters of some description would be used.

 

The Impact on Freedom of Expression

 

Applicability of the Right

 

One precondition for the applicability of fundamental rights is that the actions under challenge could be imputed to the State; here, the actions of the platforms are in issue (and their right to run a business under Article 16 EUCFR). The Advocate General drew a distinction between the circumstances where a platform had real choice and the circumstances here. The provision might formally give operators a choice: do this and get exemption from liability, or choose not to do that and face exposure to liability. The Advocate General emphasised that the assessment as to compliance with Article 11 should take account of what is happening in practice; the reality is that ‘the conditions for exemption laid down in the contested provisions will, in practice, constitute genuine obligations for those providers’ [para 86, emphasis in original].

 

Limitations – Lawfulness

 

The conditions for limiting Article 11 EUCFR are found in Article 52(1) EUCFR. The requirement there that the restriction be ‘provided for by law’ was to be understood in the light of the jurisprudence on lawfulness for the purpose of Article 10(2) ECHR (citing some CJEU decisions on data protection and the right to a private life in support). Lawfulness requires not just a basis in law, clearly satisfied here, but must be accessible and foreseeable. The first aspect is clearly satisfied. As regards the second, the Advocate General noted that the case law allows the legislature ‘without undermining the requirement of “foreseeability” [to] choose to endow the texts it adopts with a certain flexibility rather than absolute certainty’ [para 95, citing the Grand Chamber judgment in Delfi v Estonia, discussed here]. Nonetheless, the case-law on lawfulness also requires safeguards against arbitrary or abusive interference with rights. This issue the Advocate General linked to proportionality.

 

Limitations – the Essence of the Right

 

The requirement to respect the essence of the right provides a limit on the discretion of the legislature to weigh up competing interests and come to a fair balance. It is ‘an “untouchable core” which must remain free from any interference’ [para 99]. According to the Advocate General, an ‘obligation preventively to monitor, in general, the content of users of their services in search of any kind of illegal, or even simply undesirable information’ constitutes such an interference [para 104]. Article 15 e-Commerce Directive is ‘a general principle of law governing the Internet’ [para 106, emphasis in original and referring to Scarlet Extended and SABAM], and binds the EU legislature. Importantly, this principle does not prohibit all forms of monitoring; the jurisprudence of the CJEU has already distinguished monitoring which occurs in specific cases, and a similar position can be seen in the case-law of the ECtHR (Delfi). Tracing the development of the CJEU’s reasoning over time from the early cases of L’Oreal, Scarlet Extended and SABAM, through McFadden to Glawischnig-Piesczek (discussed here), the Advocate General opined that Article 17 is a specific monitoring obligation [para 110]; it focuses on specific items of content and the fact that a platform would have to search all content to find it does not equate to a general obligation.

 

Limitations – Proportionality

 

After reviewing the first two aspects of proportionality (appropriate and necessary), the Advocate General moved to discuss the heart of the matter:  proportionality strictu sensu and the balance achieved between the conflicting rights.  The Advocate General accepted that it was permissible for the EU legislature to change the balance it had adopted in Article 14 e-Commerce Directive for that in the new Copyright in the Digital Market Directive taking into account the different context, and the broad discretion the institutions have in the complex area. The Advocate General identified the following factors: the extent of the economic harm caused due to the scale of uploading; the ineffectiveness of the notice and take down system; the difficulties in prosecuting those responsible and the fact that the obligations concern specific service providers [para 137].

 

The next issue whether platforms would take ‘the easy way out’ and over-block just to be on the safe side in terms of their own exposure to liability. The Advocate-General excluded this possibility in his interpretation of the ‘best efforts’ obligation. So, the obligation to take users’ rights into account ex ante and not just ex post supports the proportionality of the measure; the redress rights and the out-of-court redress mechanism are supplementary safeguards. Service providers may not use any filtering technology but must instead consider the collateral effect of blocking when implementing measures. Systems which block based on just content and not taking into account the legitimate uses would fall foul of the position in Scarlet Extended and SABAM.

 

This was followed by a consideration of Glawischnig-Piesczek. In the light of the CJEU’s emphasis  on the platform in that case not having to make an independent decision as to the acceptability of content to take down (and to stay down), the Advocate General suggested that platforms cannot be expected to make independent assessments of the legality of content. He concluded:

 

to minimise the risk of ‘over-blocking’ and, therefore, ensure complaince with the right to freedom of expression, an intermediary provider may, in my view, only be required to filter and block information which has first been established by a court as being illegal or, otherwise, information the unlawfulness of which is obvious from the outset, that is to say, it is manifest, without, inter alia, the need for contextualisation [para 198].

 

Referring back to his own opinion in YouTube and Cyando, ‘an intermediary provider cannot be required to undertake general filtering of the information it stores in order to seek any infringement’ [200, emphasis in original].

 

The Advocate General concluded that Article 17 contained sufficient safeguards. Article 17(7), which states that measures taken ‘shall not result in the prevention of the availability of works or other subject matter uploaded by users, which do not infringe copyright and related rights’ means that wide blocking is not permitted and that in ambiguous cases, priority should be given to freedom of expression [para 207] and that ‘“false positives” of blocking legal content, were more serious than “false negatives”, which would mean letting some illegal content through’ [para 207]. Rights-holders can still request infringing content be taken down [para 218]. Having said that, a nil error rate for false positives is not required, though the error rate should be as low as possible and those techniques that result in a significant false positive rate being precluded. Article 17(10), which providers for stakeholder cooperation, is in the view of the Advocate-General the place to determine the practical implementation of these requirements [213].

 

Comment

The Opinion constitutes the attempts of the Advocate-General to steer a course through the radically different interpretations of Article 17, a fact which perhaps reflects the provision’s contentious nature.  The outcome of the case will be significant beyond the enforcement of copyright, as similar mechanisms might be required under other legislation: TERREG (Regulation 2021/784 on  addressing  the  dissemination  of  terrorist  content  online) for example, envisages hosting service providers putting in place ‘specific measures’ (recitals 22-23, Article 5(2)) that include the possibility of ‘technical means’ to address dissemination of terrorism content online.  The highlight news is, of course, that the Advocate-General did not find Article 17 to be contrary to Article 11 EUCFR though what that means for the obligations under Article 17 is potentially complex. Before discussing that issue, a number of other points can be noted.

 

The first point is the complex context for assessing fundamental rights. As the Advocate General noted, the platforms are private actors; it is not as simple as a user saying ‘because of freedom of expression I can upload what I like on this platform’.  There are two points.  The first is whether the platforms’ choices can be attributed to the Member States? This is relevant because the rights are not addressed to private actors (Article 51 EUCFR; this is also true under the ECHR).  This is an issue on which there has not – in the context of the EUCFR – been much case law to date.  The responsibility of the State, however, subsequently forms a significant element of the Advocate general’s approach to Article 17 and its safeguards: attributing the interference to the State means that the framework for analysis is that of the state’s negative obligations, rather than introducing questions of positive obligations.

 

At this early stage in his Opinion, however, the Advocate General was content to flag up the relevance of the rights. He referred to the jurisprudence of the ECHR to support his position:

 

-          Appleby, which concerned the access of peaceful protesters to a privately-owned shopping centre. There, the ECtHR held that they had no right under Article 10; they could make their views known in other venues.  This is a case about positive obligations.

 

-          Tierfabriken, concerning the refusal of the Commercial Television Company to allow the broadcast of an animal rights advert because it breached the company’s terms of business and the terms of national law. In the view of the regulatory authorities, the company was free to purchase its ads wherever it chose. The Court held that, irrespective of the formal status of the actors, the State was implicated because the company had relied on the prohibition of political advertising contained in the regulatory regime when making its decision. Domestic law “therefore made lawful the treatment of which the applicant association complained” [para 47]. 

 

Neither case seems to be making precisely the argument that the Advocate General made – that the platforms had no choice. Nonetheless, the point seems fair. The implications of this point should be considered; does this mean that whenever platforms make a decision based on elements of their terms of service that reflect national law that freedom of expression is implicated?  Beyond this point, it seems clear that platforms may set their own terms of service to reflect their business choices and that (subject to concerns about individuals losing all possibility of communicating) there would be no freedom of expression based complaint related to the enforcement of those terms. Further, it seems that were the State to try to interfere with the platforms’ choices in this regard, that interference would need to recognise Article 16 EUCFR or even Article 11.

 

The Advocate-General considered the lawfulness requirement in Article 52(1), something that the Court does not always do (assuming it is satisfied). As well as the formal required of being based in law, the lawfulness test has qualitative requirements. In carrying out his analysis, the Advocate-General treated questions about the safeguards against abuse which are part of the lawfulness test as part of questions of proportionality. In this, he followed the approach of the ECtHR under Article 8 ECHR (right to a private life) in the surveillance cases.  This approach has been criticised in that context as blurring two different questions aimed at two separate concerns and in so doing lowering the threshold of protection.  The approach has not so far been adopted in relation to freedom of expression even by the Strasbourg court and so is novel here.  The issue of safeguards in this Opinion is central, as we shall see below.

 

Another novelty is the discussion of the ‘essence of the right’, which has not received that much attention. The Advocate General helpfully started with a clear statement as to what the requirement is – an untouchable core – where the usual balancing of rights cannot take place.  Given the complex array of potentially conflicting rights in play in this context, that principle could be important. Once again, the Advocate General drew on the surveillance case law, perhaps because it is the only place where there is much discussion of the point. In the context of surveillance, the Court has held that general monitoring of content would damage the essence of the right, but that the general retention of metadata did not (though it might still be hard to justify). On one level the prohibition on general monitoring covers the same ground as the prohibition on mass content interception under Article 7 EUCFR (and Article 8 ECHR) – though Article 7 operates in the context of private communications rather than content that could well be made publicly, effectively broadcast. What is arguably a similar boundary was drawn here: general monitoring would undermine the core of the right but specific monitoring, as a form of prior restraint, would not.  In this, the Advocate General pointed out that although prior restraints are very intrusive of freedom of expression and tightly controlled under the Strasbourg jurisprudence, they are not automatically impermissible.  Significantly, the Advocate-General claimed that the prohibition on general monitoring is a general principle of Internet law – though it is far from clear what weight the status as ‘general principle’ has in this specific context. Is a general principle of Internet law different from a general principle within EU law more generally? Of course, this discussion is based on the assumption that filtering for specific content is somehow different from looking at everything and also leaves the question of how broad the category of content searched for can be before it ceases to be ‘specific’.

 

What then of the Advocate-General’s approach to Article 17?  From his analysis of the freedom of expression framework, the scope of the obligation is important with determining its acceptability. Clearly, the discussion of general versus specific monitoring is one aspect of this, but the safeguards required to legitimate an interference with freedom of expression also protect in the Advocate-General’s view against over-blocking. The inventive interpretation of the platforms’ ‘best efforts’ is central to this approach. Essentially, this interpretation narrows the scope of when and what is permissible; automated techniques can be used when they are functionally able to do the job.  On one viewpoint this is good; preventing platforms from over-reliance on possibly not very good technologies to the detriment of their users (and potentially exhibiting bias in that process too). It is a way of balancing the reality of scale with the concerns of over-blocking and could be seen as a clever way of reconciling conflicting demands. 

 

Does this interpretation, however, suggest, that the balance of Article 17 is still heavily shifted towards ex post moderation and take down systems because effectively the conditions that the Advocate General has set on the use of technology mean that there is no technology that can be used (and little incentive to develop it) or can only be used in a very limited way?  Where we are balancing copyright and business rights against freedom of expression, this shift towards a less effective content control system might not seem so bad (even if it flies in the face of the stated concerns driving the legislation), but would the same analysis be deployed in relation to child sexual exploitation and abuse material? The difficulty here is that the Advocate General’s framework for analysis is content blind. While it is based on the text of Article 17(7) and could therefore be understood as relevant just to this directive, his interpretation of that provision is given impetus by his introduction of the requirement for safeguards derived from freedom of expression. This would then have a wider application. The Advocate General here explicitly prioritises freedom of expression over another Charter right (Article 17 EUCFR) and there does not seem to be an obvious place within the safeguards framing where issues around the importance of speech or importance of other rights can easily be taken into account.

 

One final point to note is, of course, that this is an Opinion and not binding. The Advocate General referred to his reasoning in YouTube and Cyando. The Court decided that case without reference to his reasoning. It remains to be seen how much it will influence the Court here – or in relation to discussions around other legislation which envisage proactive technical measures.

 

Photo credit: via wikicommons media





Sunday, 1 August 2021

Is the ECJ revisiting the European ‘fifth amendment’? The CJEU rules on the right to silence

 



                                   

Inês Pereira de Sousa, Lecturer and PhD candidate at Porto Faculty of Law, Universidade Católica Portuguesa; Researcher at CEID – Católica Research Centre for the Future of Law; Member of ANESC – Academic Network on the European Social Charter and Social Rights; Member of EUCRIM –European Criminal Law Associations’ Forum - isousa@porto.ucp.pt

 

On 2 February 2021, the Court of Justice had the opportunity to reanalyse the right to remain silent and the right to avoid self-incrimination in a preliminary ruling from the Italian Constitutional Court.

In Case C-481/19,  DB v Commissione Nazionale per le Società e la Borsa (Consob), Consob had imposed (in 2012) on DB, a natural person, financial penalties for two administrative offences of insider trading in 2009, plus another financial penalty for the fact that DB had asked several times for the postponement of his hearing and, when finally heard, had declined to cooperate and to answer the questions of the national authority, an administrative offence which is contained in Article 187 of the Italian Decreto legislativo n. 58 (Legislative Decree No. 58). In addition, Consob also imposed the ancillary penalty of temporary loss of fit and proper person status for a period of 18 months and ordered confiscation of assets of equivalent value to the profit or the means employed to obtain it under Articles 187quater(1) and 187sexies of the such national law.

The Italian law in question, the Decreto Legislative n. 58, consolidates all provisions in the field of financial intermediation and includes the transposition of the Directive 2003/6/EC on insider dealing and market manipulation, which was repealed by Regulation (EU) No 596/2014 on market abuse.

DB brought an appeal against those penalties before the Corte d’appello di Roma (Court of Appeal of Rome), which was dismissed. Faced with this decision, he lodged an appeal before the Corte Suprema di Cassazione (Supreme Court of Cassation), which referred two interlocutory questions of constitutionality to the Corte Costituzionale (Constitutional Court). The Corte Costituzionale then decided to stay the proceedings and to ask the Court of Justice whether Article 14(3) of Directive 2003/6, in so far as it continues to apply ratione temporis, and Article 30(1)(b) of Regulation No 596/2014, in the light of Articles 47 and 48 of the Charter of Fundamental Rights of the European Union (Charter) and the European Court of Human Rights (ECtHR) case-law, should be interpreted as permitting Member States to refrain from penalising individuals who refuse to answer questions by the competent authorities and which might establish their liability for an offence punishable by administrative sanctions of a ‘punitive’ nature.

In fact, Articles 47 and 48 of the Charter enshrine the right to a fair trial and the presumption of innocence, which are also guaranteed in Article 6 of the European Convention of Human Rights (ECHR). Although the European Union has not acceded to the ECHR yet, it should be recalled that Article 6(3) TEU confirms that fundamental rights recognized by the ECHR constitute general principles of EU law, and Article 52(3) of the Charter provides that the rights contained in the Charter which correspond to rights guaranteed by the ECHR are to have the same meaning and scope as those laid down by the ECHR ((the so-called homogeneity clause).

Both the right to remain silent and to avoid self-incrimination, whose ponderation was at the heart of the questions referred for a preliminary ruling in the DB v Consob case, arise from Article 6 (right to a fair trial) ECHR and Articles 47 (right to an effective remedy and to a fair trial) and 48 (presumption of innocence and right of defence) of the Charter.   

Historically, the protection against self-incrimination is linked to human dignity. It was developed as a protection for individuals to avoid torture aimed at extracting a criminal confession, and to prevent the cruelty of being faced with only three options (the ‘trilemma’): (1)  to be sanctioned for refusing to cooperate; (2) to provide the authorities with incriminating information; (3) or to lie and risk prosecution for perjury. However, this privilege is not exclusively for natural persons, nor is it limited to criminal offences.

In fact, such right has been developed thanks to both CJEU and ECtHR case-law. In the Engel and others v Netherlands judgment, the ECtHR extended the scope of this right to administrative decisions which could imply sanctions. According to the ECtHR, the right not to be obliged to produce evidence against oneself includes the right to remain silent and not to answer any question, even factual ones. In other words, the ECtHR has excluded the admissibility of answers obtained from the accused through compulsory questioning during a non-judicial investigation as evidence, including answers to purely factual questions (see, e.g., ECtHR, Funke v France; ECtHR, John Murray v United Kingdom; and ECtHR, Saunders v United Kingdom).

In the EU legal context, one of the areas that involves these administrative decisions is competition law. In this field, the undertakings must cooperate by answering questions and providing documents; yet they cannot be forced to confess their participation in the infringements.

The first significant case in this matter, in the EU, was Orkem (judgment of 18 October 1989, Case C-374/87), in which the ECJ recognized that the duty to provide information related to the subject of the inquiry was not absolute and undertakings could refuse to answer certain questions that could involve the provision of self-incriminating information. In this case, the undertaking was a legal person, and the Court excluded the answers to purely factual questions from the protection against self-incrimination.

In DB v Consob, on the one hand, the ECJ was faced with a right to remain silent by an individual, and, on the other hand, it was necessary to establish the conditions under which such right must be respected in the case of proceedings potentially leading to administrative sanctions of a criminal nature.

 Regarding the fact that the person who did not cooperate with the national authority was an individual, the Italian Government argued that the case-law on the legal person’s right to avoid self-incrimination could be applied by analogy when establishing the scope of the right of natural persons to remain silent in administrative procedures for detecting market abuse. From the Opinion of Advocate-General Pikamäe, delivered on 27 October 2020, it results that the scope of natural persons’ right to remain silent does not seem to have been considered by the Court until that moment. In the judgment, the ECJ considered that it was not possible to apply the Orkem formula by analogy when determining the scope of individuals’ right to silence because that jurisprudence concerns procedures against undertakings and associations of undertakings.

As for the second issue, the jurisprudence has been stating that if the administrative procedure in question is likely to lead to a penalty falling within the ‘criminal sphere’, the full range of guarantees under the criminal head of Article 6 ECHR applies, including the right to silence. CJEU case-law highlights three criteria for verifying a sanction’s criminal nature: the legal classification of the offence under national law; the intrinsic nature of the offence; and the degree of severity of the penalty that the person concerned is likely to incur in (Case C-537/16, Garlsson Real Estate and Others).

In DB v Consob, another important question was presented to the ECJ. Once again, in the Advocate-General’s words, until that moment, neither the Court, nor EU legislature had addressed the question of whether, regarding the case-law of the ECtHR concerning Article 6 ECHR, and Articles 47 and 48 of the Charter, required such right to be recognized in administrative proceedings which could lead to the imposition of ‘punitive’ penalties. Consequently, it was necessary to clarify whether those provisions allowed not sanctioning persons refusing to answer questions which might establish their liability for an offence punishable by criminal penalties, or by administrative penalties of a punitive nature.

The Court addressed the question objectively, recognizing that, even if the penalties imposed on DB were not criminal in nature, the right to silence could also stem from the fact that, in accordance with national legislation, the evidence obtained in those proceedings may be used in criminal proceedings against that person to establish that a criminal offence was committed. Accordingly, in judgment DB v Consob, it was established that authorities should respect the privilege against self-incrimination in two different cases: in administrative proceedings that may lead to the imposition of administrative sanctions of a criminal nature; and in administrative proceedings that may not lead to the imposition of sanctions of a criminal nature, if the evidence produced in this proceeding may be used in criminal proceedings against that person in order to establish that a criminal offence was committed.

Finally, the Court concluded that Article 14(3) of Directive 2003/6, and Article 30(1)(b) of Regulation No 596/2014, read in the light of Articles 47 and 48 of the Charter, must be interpreted as allowing Member States not to penalise natural persons who refuse to provide the competent authority with answers capable of establishing either their liability for an offence that is punishable by administrative sanctions of a criminal nature, or their criminal liability.

It is thus clear that the ECJ refused to transfer to individuals its more restrictive position towards legal entities developed in the field of competition law, which leads us to the distinctive treatment of natural and legal persons in what concerns the right to avoid self-incrimination. Furthermore, could the DB v Consob judgment be understood as a broader interpretation of punitive proceedings against legal entities?

Regarding the distinctive treatment, it should be recalled that the extension of fundamental rights to legal persons follows a general criterion based on the nature of the right. For this reason, most arguments of legal scholars in favour of the exclusion of legal persons from the scope of the right to avoid self-incrimination or to justify a different protection in terms of such privilege, are related to its nature as a purely personal privilege, based on human dignity and autonomy. Moreover, Directive 2016/343, on the strengthening of certain aspects of the presumption of innocence and of the right to be present at trial in criminal proceedings, excludes legal persons from its scope (in its Recitals 13 to 15), making it clear that the protection that results from the presumption of innocence is not applicable to legal persons in the same way as it is to natural persons.

Nevertheless, some arguments could justify the extension of this protection to legal persons, such as the close link to the right to a fair trial, the need to limit the Commission and national authorities’ powers of investigation, and to harmonize ECtHR and CJEU’s application of the right to a fair trial.

Undoubtedly, it is necessary to balance the right of defence and the public interest and, while recognizing that human dignity justifies a different treatment of individuals, it can be observed that, in recent years, the application of fundamental rights, ‘whose nature is more individual, to legal persons has expanded. Therefore, the question remains – should legal entities have the right to remain silent against the provision of any evidence that may constitute an admission of guilt?

CJEU case-law has been confirming that the scope of legal persons’ privilege against self-incrimination is restricted to questions that require the provision of self-incriminatory information, and it does not cover answers to questions relating to facts, unless their purpose is to obtain an admission from the undertaking concerned. This position has been confirmed in more recent cases such as Buzzi Unicem v Commission (Case C-267/14 P), HeidelbergCement v. Commission (Case C-247/14 P) and Qualcomm and Qualcomm Europe v Commission (Case C‑466/19 P).

As a matter of fact, this interpretation obliges undertakings to answer purely factual questions and to comply with requests for the production of documents already in existence, and CJEU has already declared that these obligations do not breach the rights of the defence and the right to fair trial (see Case T‑446/05, Amann & Söhne and Cousin Filterie v Commission).

This understanding leads to a (very) slight distinction between factual and non-factual questions. Answers to factual questions can also encompass self-incriminating information, and the characterization of a question as factual or non-factual can be the result of an incorrect assessment on the part of national courts or the CJEU, which clearly happened in many CJEU judgments, such as Buzzi Unicem.

In this particular case, one of the Commission’s questions required the undertakings to comment on the level of its profit margins. Although the answer to that question was equivalent to an infringement admission, the General Court did not censured the Commission’s questionnaire and dismissed the action, arguing that “the applicant was entitled, at a later stage of the administrative procedure or in the course of an appeal against the Commission’s final decision, to put forward an alternative interpretation of its answer to that question” (Case T-297/11, Buzzi Unicem). This justification caused perplexity: the undertakings’ possibility to challenge the self-incriminatory nature of question, if and when the Commission adopted a decision imposing a fine upon it, does not mean that the Court cannot censure the violation of rights. Accordingly, the Advocate-General Wahl considered that the General Court made an incorrect interpretation and breached the undertaking’s privilege against self-incrimination. However, the ECJ did not address the incorrect classification of the question as purely factual and avoided to take a stance about scope of the right to avoid self-incrimination (Case C-267/14 P, Buzzi Unicem).

It appears from CJEU case-law that this delimitation between factual and non-factual questions is constant, and that the recognition of an absolute right to silence to legal persons, covering each and every question, would constitute an unjustified obstacle to ensuring compliance with competition rules.

The different protection for individuals and legal persons was once again confirmed in DB v Consob. It is worth recalling that this differentiation is not always as unequivocal as EU jurisprudence states. Under EU competition law, the concept of undertaking covers any entity engaged in an economic activity, regardless of its legal status and the way in which it is financed (see, e.g., Case C-41/90, Klaus Höfner and Fritz Elser v Macrotron GmbH). Thus, single traders and professionals exercising their profession alone and unincorporated can be considered undertakings. EU caselaw has also specified that the concept of undertaking must be understood as designating an economic unit, even if it consists of several persons, whether natural or legal (see Case C217/05 Confederación Española de Empresarios de Estaciones de Servicio and Case T325/01, Daimler Chrysler v Commission). In this situation, the undertaking is an individual and it seems that the different treatment is not justified.

Notwithstanding this strict interpretation of the Court regarding the protection of legal persons and its refusal to apply this position in DB v Consob, I believe the intention of the Court was not to change its point of view regarding legal persons, but to clarify that individuals are entitled to a different treatment, a more protective treatment that allows them not to provide any self-incriminatory information and to be silent in any proceedings that could result in a sanction of criminal nature or evidence of criminal responsibility.

The judgment in DB v Consob established decisive aspect of the scope of individuals’ right to silence, and concluded that Articles 47 and 48 of the Charter require such right to be recognized in administrative proceedings that may lead to the imposition of administrative sanctions of a criminal nature, as well as in other administrative proceedings where the evidence produced may be used against that person in criminal proceedings to establish criminal liability.

This case has (involuntarily) left a small window open for relaunching the debate on the protection of individuals and legal entities to avoid self-incrimination in punitive proceedings. However, contrary to some legal scholars’ expectations, I dare to state that no room for manoeuvre has been created in this judgment for revisiting legal persons’ privilege against self-incrimination.

Barnard & Peers: chapter 10, chapter 24

Photo credit: Jastrow, via Wikimedia Commons