Thursday, 18 October 2018

Human rights v the European Arrest Warrant? The legality of surrender detention after 90 days

Joske Graat, PhD student, Utrecht University

The Amsterdam District Court, which has the exclusive jurisdiction in the Netherlands to decide on incoming European Arrest Warrants (EAW), currently finds itself stuck between national rules and EU law obligations on detention and provisional release.  According to the Dutch Surrender Act (SA), the requested person needs to be (provisionally) released 90 days after the receipt of the EAW if the court has not delivered a decision by then. In 2015, the Court of Justice of the European Union (CJEU) decided in Lanigan (discussed here) that the Framework Decision on the European Arrest Warrant (FDEAW) does not require the release of the requested person after 90 days as national courts need to be able to ensure that the substantive conditions for surrender are at all times guaranteed. Consequently, extending the detention beyond this term is allowed in compliance with national rules. This is, however, exactly where the trouble starts in the Netherlands, since article 22(4) SA does not allow for such an extension. As a result, the strict obligation under national law to release the requested person might clash with the EU obligation to ensure the effectiveness of the surrender procedure.

We will see that the solution of the Amsterdam District Court to this problem, which is to interpret Dutch legislation in the light of the FDEAW, is itself problematic. In my opinion, the interpretation of the relevant provisions interferes with the legal certainty of the requested person and constitutes a contra legem interpretation. The legal certainty concerns have in fact resulted in a preliminary question to the CJEU, but it is questionable whether any answer would solve the problem at hand or would further complicate matters. (The CJEU has fast-tracked the case, and an Advocate-General’s opinion is due on November 6th) Hence, I would argue that it is time for the Dutch legislator to step in.

The issue of clashing national and European obligations regarding detention has become increasingly urgent as it becomes – as a result of other EU law obligations - ever more difficult to reach a decision on an EAW within 90 days. These obligations include the duty to refer preliminary questions and the obligation established in Aranyosi & Căldăraru (discussed here) to ask the issuing state for information contradicting a possible violation of article 4 Charter of Fundamental Rights of the European Union (CFR). Fulfilling these obligations often prolongs surrender proceedings and could result in the release of requested persons, even if the risk of absconding is real.  In the latter case, the order to release would violate the general obligation in Article 17 FDEAW to ensure that the substantive conditions for surrender remain guaranteed.

As I stated before, the Amsterdam District Court tried to find a way out in seeking to interpret Dutch legislation in conformity with the FDEAW. It ruled that Article 22 SA not only contains the power to extend the decision term after 90-days, but also includes the competence to suspend the 90-day term before it has lapsed. In case of the latter, the 90-day term is barred and thus the requested person might de facto be detained for more than 90 days. This possible effect of the new interpretation of Article 22 SA has been criticized in the light of the right to liberty in article 5 European Convention on Human Rights (ECHR) and 6 CFR.

A complaint was filed before the European Court of Human Rights (ECtHR), questioning whether the interpretation of Article 22 SA violates the requirement of a clear legal basis for detention in article 5(1)(f) ECHR. Remarkably, the Dutch government contended that this requirement has indeed been violated and has offered compensation for the unlawful detention. Unfortunately, though, the ECtHR therefore, struck the case, which was not decided on the merits. Meanwhile the Amsterdam District Court itself has recently requested a preliminary ruling on whether legal certainty as protected by Article 6 CFR is violated by the current interpretation of Article 22 SA.

In my opinion, this interpretation of Article 22 SA is not only an unjustified interference with the principle of legal certainty; it is also a contra legem interpretation. To start with the former. It is true that the current case law of the CJEU interprets legal certainty as a restriction to the duty of conform interpretation (sometimes called ‘indirect effect’) in a narrow manner. Legal certainty bars conform interpretation when this would result in determining or aggravating criminal liability on the basis of the FDEAW alone. In this sense, legal certainty is obviously no barrier to the current interpretation of Article 22 SA.

However, the general scope of the principle of legal certainty is not restricted to establishing or aggravating criminal liability. The principle is also part of Article 5 ECHR and 6 CFR which demand that the procedure for detention pending extradition is sufficiently accessible, precise and foreseeable to prevent arbitrary interferences with the right to liberty. Even though the broad concept of ‘the law’ in Article 5 ECHR, which includes both formal statutes and case law, allows the interpretation of a written rule in jurisprudence, the ECtHR has decided in past cases that a violation of Article 5 ECHR may occur when the national authorities do not interpret or apply the rules on extradition detention in a uniform manner. These cases concerned diverging opinions of national judicial authorities regarding the application of time limits and the use of a particular national provision as a legal basis for detention. The situation at hand is slightly different, since it concerns a difference in opinion between the court and the Dutch legislator, who stated explicitly that the requested person should be released after 90 days. However, I would argue that a similar risk of arbitrariness and threat to legal certainty exists in this situation. Can we really speak of a sufficiently foreseeable and accessible procedure for surrender detention when the judiciary and the legislator disagree on the interpretation of Article 22 SA?

In case the CJEU were to find the interpretation of Article 22 SA compatible with legal certainty, it should still be considered contra legem. This restriction to the duty of conform interpretation is often connected to the legal certainty principle but constitutes essentially a different test. In my opinion, the current interpretation of Article 22 SA contradicts the wording of the provision. The text as well as the intention of the legislator are crystal clear. Release after 90 days means release after 90 days. In addition, suspending a decision means in common parlance ‘halting or stopping’ an ongoing term which has not yet lapsed, whereas extending means ‘adding’ time to a term which has already lapsed. Hence the wording and meaning of Article 22 SA simply does not allow the interpretation as it follows from the case law of the Amsterdam District Court.

Lastly, we should also view the consequences of a rejection of the current interpretation of Article 22 SA. Is the Amsterdam District Court provided with the means to solve the remaining clash between its duties when an interpretation of the Dutch rule in conformity with the FDEAW is impossible? The answer is – at least for now - that it is not. This could change if the CJEU in the future decides that the primacy rule also applies to former third-pillar framework decisions. This question has equally been put before the CJEU by the Amsterdam District Court, but has remained yet unanswered (the case is still pending).

Application of the primacy rule would bring along its own problems however. It would resolve the clash between EU obligations and national law but might at the same time harm the legal certainty of the requested person. After all, it will depend on the concrete circumstances of each case whether the decision-term will be suspended or not and, therefore, whether Article 22 SA will be applied or not. If this effect would be corrected by a legal certainty exception to the primacy rule, legal certainty may be ensured, but the clash between EU law and national law would continue to exist.

The devilish dilemma for the Amsterdam District Court may thus not easily be solved by the CJEU. It is indeed difficult to see how any decision of the CJEU would not further complicate matters rather than solve them. Most likely the CJEU will not be able to provide the Amsterdam District Court with a way out of its impasse while at the same time protecting legal certainty. This brings another state authority in the picture: the Dutch legislator. This authority could in fact quite easily solve the problem. A simple adaption of Article 22(4) SA changing it into a discretionary competence instead of an obligation would suffice. In other words, it is time for the national legislator to come to the rescue of the Amsterdam District Court.

This blog is based on a publication in Strafblad in May 2018.
J.J.M. Graat, ‘Een dilemma voor de Overleveringskamer’, Strafblad 2018(2) 20.

Barnard & Peers: chapter 25
JHA4: chapter II:3
Photo credit: The Panopticon Chronicles

Saturday, 13 October 2018

The compatibility of Ireland’s Public Health (Alcohol) Bill with EU law

Dr. Ollie Bartlett, Maynooth University

This month the Irish Public Health (Alcohol) Bill completed its passage through the houses of the Oireachtas, after two years and nine months of debate. The Bill introduces five main interventions: minimum pricing of alcoholic beverages; stricter labelling of alcoholic beverages; restrictions on alcohol advertising; the structural separation of alcoholic beverages from other products in retail outlets; and restrictions on the sale and supply of alcoholic beverages. Its purpose is to combat alcohol related harm in Ireland, which has reached worryingly high levels.

Health Minister Simon Harris has been obliged to defend various aspects of the Bill in the Irish press, and has described the eventual passage of the legislation as ‘groundbreaking’. This short contribution will focus on assertions that certain parts of the legislation are not compatible with European Union law. Such assertions (usually made by those with vested interests in the alcohol trade) attempt to deploy a vision of the EU internal market as a guarantor of commercial freedoms, in order to intimidate national governments into watering down public health protections. This contribution will address the inaccuracy of these assertions in relation to the Irish Public Health (Alcohol) Bill. In doing so it will identify how governments might also misinterpret European public health law and policy, and how this can lead to regulatory failure.

Opponents could argue, and have argued, that any substantive aspect of the Bill will be liable to unduly restrict trade in alcoholic beverages, and should therefore be seen as an unjustified breach of Article 34 TFEU, which prohibits measures having equivalent effect to a quantitative restriction upon trade in goods. However, Article 36 TFEU (which provides for exceptions to Article 34), together with consistent CJEU case law (for example, Aragonesa,  Bacardi France, Ahokainen and Leppik, Rosengren and Scotch Whisky Association) indicate that, provided an alcohol control measure is proportionate, it can be adopted despite the fact that it places a restriction on trade.

All five interventions in the Bill can be justified as proportionate. Minimum pricing rules can be compatible with EU law as the Scotch Whisky judgement suggested in the context of Scottish minimum unit pricing (MUP). Context is key for MUP, and Irish MUP will not automatically be legal as a result of this decision, but under the terms of the decision, and given the extensive and clear impact assessment conducted by the Irish government, as well as the already very high tax rates on alcohol in Ireland, it should not be difficult to demonstrate that MUP is an appropriate and necessary measure in this jurisdiction too.

There was a last minute and intense debate on the inclusion of cancer warnings on alcoholic beverage labels. This proposal has perhaps been the most harshly criticised, as trade restrictive, stigmatising for Irish products and detrimental to the operation of the internal market. Mandatory health warnings on alcoholic beverages have not been directly addressed by the CJEU. Having said this, labelling and information provision have regularly been viewed by the CJEU as a proportionate form of public health intervention (for example, Van der Veldt, Commission v Germany, Neptune Distribution), and indeed the CJEU has stated that ‘labelling is one of the means that least restricts the free movement of products within the [EU]’. Furthermore, it can be argued that given the remarks made by the CJEU on the carcinogenic nature of tobacco in the Philip Morris case, and the strong evidence on the carcinogenic nature of alcohol (the third leading risk factor for disease and death in Europe behind smoking and high blood pressure), it is not unreasonable that the decision to warn of the risk of alcohol related cancer on warning labels, using a method of intervention that does not impair the substance of intellectual property or business rights, would be seen as proportionate. Cancer warning labels might stretch the limits of what is necessary to achieve the objectives of public health protection, but they arguably do not - given the existence of evidence on positive effects and Member States’ commitment at WHO level to consider stronger alcohol labelling requirements - go beyond these limits.

Arguments that such labelling requirements would put Ireland at an economic disadvantage are less forceful when one considers that nine other countries around the world have introduced stricter alcohol labelling proposals. Arguments that Irish products will be stigmatised are misguided given that the rule applies to the sale of products in Ireland, not Irish exports. Lastly, arguments that stricter labelling requirements will have severe operational consequences for industries are something of a hyperbolic smokescreen, considering that there are currently no common rules on alcohol labelling due to the exemption of alcohol from food labelling regulations, the industry themselves have specifically rejected the opportunity to create a harmonised alcohol labelling scheme within the EU, and there is already diversity in EU countries’ labelling requirements, including

Targeted advertising restrictions have also been upheld as proportionate by the CJEU. The restrictions proposed by the Bill do not amount to a total prohibition on the advertising of alcohol, and indeed that is not their intention. Consistent CJEU case law has demonstrated that if advertising interventions are limited and targeted in scope, then they will be proportionate. Retail restrictions that serve public health purposes will likely fall within the exception to Article 34 TFEU that was created by the Keck decision – any non-discriminatory ‘selling arrangement’ will fall outside the scope of Article 34 TFEU altogether. Indeed, recent tobacco case law indicates that the CJEU will classify public health interventions concerning the retail of unhealthy products as selling arrangements, and do not appear especially motivated to interfere in the Member States’ legislative choices in this regard. The same argument applies to the restrictions on sale and supply of alcohol, which primarily concern price promotions, for example buy one get one free offers. Such restrictions would likely fall within the scope of a selling arrangement, and would therefore also fall outside the scope of Article 34.

Thus, is relatively clear that four of the five interventions included in the Bill are compatible with EU internal market law. Furthermore, a coherent argument can be made that the Bill’s labelling provisions will also be compatible with internal market law. EU law supports the Irish government’s prerogative to adopt such measures, and indeed in the comments issued by the Commission on the Bill, concerns were raised regarding the labelling provisions, but they were not criticised as opponents of the Bill have asserted. Rather, the Commission used the comments to reassert Ireland’s right to adopt proportionate public health measures.

Assertions regarding the incompatibility of the Bill with EU law fail to take account of the fact that the internal market is founded and has been developed upon the understanding that the responsibility of governments to protect their populations from various threats will often conflict with the commitment to protect free trade. The European Union Treaties explicitly provide that Member States can limit economic freedoms in a proportionate manner where a pressing social concern warrants intervention, and the CJEU has reinforced this time and again in the alcohol context. Moreover, both the right to health and the right to conduct a business are equally protected as a matter of EU fundamental rights law, and the CJEU has held that the right to health will outweigh the commercial rights of certain industries that contribute to public health epidemics.

Those that criticise the Public Health (Alcohol) Bill wrongly assume that the internal market requires Member States to prioritise the rights and interests of business, and to deal with social issues in a way that best suits the business community. This is not the case – the internal market guarantees free movement, but does not guarantee businesses a trump card to play when they feel their interests are being infringed. Far from preventing the Member States from protecting their populations, EU law protects the Member States’ right and responsibility to do so in a proportionate manner - even if this would lead to a certain amount of disruption to the status quo of transnational trade.  

Even Member States sometimes misinterpret the cues given by EU public health law and policy, and this can lead to instances of regulatory failure – where mutual inaction by two regulatory actors results in an issue not being addressed. For example, one of the most salient debates on the Public Health (Alcohol) Bill concerns the minimum unit pricing provisions, and their implementation. Simon Harris has until very recently repeatedly insisted that the MUP provisions enacted in the Bill would not be implemented until similar provisions were brought into effect in Northern Ireland, based upon the belief that Irish public health policy should not produce negative effects for the transnational trade in alcoholic beverages in border counties. The special nature of the Irish border and the desire of the Irish government to make public health policy on an all-island basis may make political sense, but as a matter of law the CJEU has repeatedly held that ‘the fact that one Member State imposes less strict rules than another Member State does not mean that the latter’s rules are disproportionate’.

EU law does not require Ireland to ensure that its policy choices are consistent with the policy choices in other Member States, and does not require that, once a barrier to trade has been justified, it is not implemented on account of possible trade distorting effects. The Irish government should bear in mind that internal market law permits each Member State to protect its own population in whatever way it sees fit, irrespective of choices made by other Member States, as long the barriers to trade it erects are proportionate. Simon Harris’ recent softening of his previous stance, through statements that Ireland cannot wait ‘forever’ to implement MUP, is therefore to be welcomed.

However, some elements of the Bill have not escaped the trap of regulatory failure. While the provisions on alcohol advertising are already commendably strong, they could have been even stronger. Amendments were proposed in the final rounds of Dáil debate that would have increased the protection the legislation offered to children against online alcohol advertising. This would have given effect to a considerable body of evidence that suggests that children are vulnerable to digital and other non-traditional forms of alcohol advertising, which are hardly regulated at all by any Member State. However, Simon Harris rejected these amendments. Despite fully agreeing with their sentiments, the health minister rejected them on the basis that tackling online advertising is a task best suited for EU level action, and that Ireland should therefore not act until the EU has acted. Unfortunately this logic does not take account of the fact that the EU have already recently refused to increase the stringency of online alcohol advertising regulation. The Audiovisual Media Services Directive reforms leave EU provisions governing cross-border alcohol advertising unchanged, and even relax some of the rules on the provision of advertising services, to the detriment of children’s health protection. The Commission has repeatedly insisted that it will not propose harmonising legislation to regulate cross-border alcohol trade.

In order for this to ever happen, Member States must commit to regulating the alcohol industry in their own territories. The conferral of competence upon the EU to regulate the internal market depends on the existence of barriers to trade, which can only exist if Member States have enacted sufficiently diverse regulations. Currently, regulation of online alcohol advertising is consistent across Member States in its virtual non-existence. The existence of at least some variation in national regulation would certainly put greater pressure on the Commission to adopt common rules, and would add some weight to the Member States’ political call for a European Union alcohol strategy. Thus, the Irish government’s position that Member States should wait for the EU to act has unfortunately led to a regulatory failure on an important public health issue.

In summary, the Public Health (Alcohol) Bill is a bold piece of legislation that seeks to act on the substantial evidence base on alcohol related harm in Ireland. It is within the discretion of the Irish government to adopt, and contains interventions which make justified restrictions to free movement. Assertions that parts of it are not compliant with EU law fail to take account of the fact that EU internal market law preserves the right of the Member States to protect their populations as much as it protects the freedoms of traders. Misinterpretations of this prerogative, or of the reality of EU level public health policy, can potentially lead to inaction and regulatory failure. The Irish government has taken an important step towards reducing the burden of alcohol related harm in Europe, and other Member State governments should be encouraged to follow.

Barnard & Peers: chapter 12, chapter 21
Photo credit:

Monday, 8 October 2018

The next phase of the European Border and Coast Guard: towards operational effectiveness

Mariana Gkliati, PhD researcher at Leiden University working on the accountability of Frontex for human rights violations during its operations

Two years after the establishment, in record time, of the European Border and Coast Guard (EBCG), the Commission’s new proposed Regulation opens the way for a standing corps of 10,000 border guards, with its own equipment and greater executive powers.

The proposal was presented during the State of the Union Address on 12 September 2018. President Jean-Claude Juncker, in his speech before the European Parliament, announced the adoption of 18 concrete initiatives, among which migration and borders reform occupied a central spot. Apart from the strengthening of the EBCG, these proposals include a reinforced role for the European Asylum Agency, EASO, a stricter EU returns policy, as well as measures for safe and legal pathways for regular migration to Europe.

The intentions of the Commission were expressed by Commissioner Avramopoulos himself in quite straight lines: ‘more Europe where more Europe is needed’.

Frontex is perhaps the most vivid representation of this message. The agency has been vested with new powers and competences almost every two years since its establishment in 2004, while its operational capacity has been growing steadily, with a spike in both personnel and budget after 2015.

Budget and Personnel

*(I produced this table with information collected mainly from annual reports, partly with the help of student assistant, Nilson Milheiro Anselmo)

This gradual approach was a necessary reconciliation between the Commission’s original vision of fully-integrated border management led by a fully-fledged corps of border guards on the one hand, and the sovereignty concerns of member states on the other.

In 2016 the member states felt that the time was ripe to accept a name that symbolically limits the absolute sovereign control over their borders bringing them closer to a fully integrated scheme of border management, and the European Border and Coast Guard (EBCG) was established. It was apparent already then that this was not a completely new EU agency but rather ‘Frontex reloaded’ with ever more powers and competences and a generous budget.

Already two years later, the EBCG is moving to the next phase, and the word that best describes that phase is ‘effectiveness’. The Commission aims for a strengthened and fully equipped European Border and Coast Guard that is effective and efficient enough to address the ‘capability-expectations gap’ that has resulted from the agency’s dependence on the member states for contributions in border guards and equipment.

This is where President Juncker drew the line between the past and the future of integrated border management: ‘Temporary solidarity is not good enough’ he stated. ‘We need lasting solidarity – today and forever more’.

Main changes

The effectiveness goal is to be achieved mainly with a increased operational capacity in terms of staff and equipment, expanded operational competences, and a sharp budgetary increase.

Standing corps of 10,000 border guards

Perhaps the most monumental change brought by the new Regulation is the establishment of a ‘standing corps of 10,000 operational EU staff with executive power and their own equipment’.

In order to address the vital operational issue of availability of human resources, the EBCG Regulation set in 2016 an absolute minimum of 1,500 seconded border guards and other experts that should be available at any time in order to ensure the effectiveness of the agency on short notice. This comes in addition to the European Return Intervention teams, currently involving 550 return experts. In fact, Frontex had more than 1,700 officers deployed at the EU borders in 2018 assisting with functions such as surveillance, registration, document checks, fingerprinting and security checks. The agency’s own staff has also been growing steadily, as shown in the table below. The agency started with 70 employees in 2006, while there were almost 500 people working in Warsaw in 2017. In the first months of 2018 the agency requited another 162 new staff, which means that one in three working in Warsaw were hired in 2018 alone. The goal is that by 2020 the agency will have 1,500 own staff, which will grow to 3,000 by 2027.

Today’s availability is still not adequate to fill the operational needs of the agency in a predictable and expeditious manner, as it has to rely for its work mainly on border guards provided by the member states on a voluntary basis. The standing corps of 10,000 will constitute a ‘reliable intervention force’ of agency staff and seconded or deployed officers, i.e. border guards and return experts.

The intention is the gradual proportional increase of the agency’s own staff and long-term deployments. The number of short-term deployments will gradually decrease in favor of statutory Agency staff  and staff seconded by member states for long-term duration, as shown in the scheme below.

The foundations for this amendment have already been set over the years, and member states are even more likely to support it because of the envisaged financial support system that will allow member states to replace the deployed personnel and maintain the capacity of their national border authorities. Furthermore, the costs of their salary and overall deployment will be covered by the agency.

Executive powers

The standing corps will have executive powers similar to the border guards and return specialists of the member states. They will be able to authorise or refuse entry at border crossing points, stamp travel documents, patrol borders, and intercept persons crossing irregularly. In addition, they will perform identity checks using the False and Authentic Documents Online system, which the agency will take over from the Council General Secretariat. Finally, the power to carry weapons will extend from the deployed national border guards to all members of the standing corps including agency staff.

Own Equipment

Another step closer to improving the stability, flexibility and autonomy of the agency is the acquisition by the agency of its own equipment. ‘We need more planes, more vessels, more vehicles’, stated President Juncker.

At first, such equipment was made available by the member states on an ad hoc basis, but in 2007, Frontex created the Centralised Record of Available Technical Equipment (CRATE), to which states contribute on a voluntary basis, in accordance with the needs specified by the agency. CRATE was replaced in 2016 by the Technical Equipment Pool, which serves as a record of all technical equipment available to the agency, whether that is owned by a member state or the agency or co-owned by both. However, while the contributions on paper seem to almost fully cover the agency’s needs, the actual availability of the pledged assets by the member states is more problematic, especially during the busier summer months.

Therefore there is a growing emphasis on developing the agency’s own capabilities. As of 2017, Frontex had €10 million per year in its disposal (EUR 40 million in total for 2017-2020) to acquire its own equipment, while co-ownership with a member state, renting, leasing, and long-term deployments were identified as additional options in the EBCG Regulation in 2016.

The agency has already started acquiring smaller pieces of equipment and running relevant leasing and rental projects, while now the goal is to move to larger items, such as vessels and planes. The Commission has now earmarked €2.2 billion of the EU budget for 2021-2027 to allow Frontex to acquire, but also to maintain and operate the necessary air, maritime and land assets.


The budget allocated for Frontex notes a sharp increase. An additional €2.3 billion is proposed for 2019-2020, which is followed by €11.3 billion proposed for the 2021-2027 period. This increase is in conformity with the general direction of the last years, especially since 2015, as shown in the Table. However, the allocated budget has always counted millions rather than billions. The highest allocation until now was in 2017 with €302 million.

Power to Intervene

The ‘right to intervene’ was one of the most controversial aspects of the 2016 EBCG Regulation. According to this right, the agency may launch an emergency intervention, even without the consent of the member state, if the latter does not take the measures identified by the agency in the vulnerability assessment, if the member state is faced with a crisis at its borders. If the member state does not cooperate with the implementation of the suggested measures, it’s threatened with the reintroduction of internal border checks.

Precisely because of the sensitive nature of the issue, the initial proposal was watered-down in 2016. While initially the agency could intervene on its own, in the final compromise the measures proposed by the agency can be implemented by the Council upon the proposal of the Commission.

The 2018 proposal moves one step closer to the initial conception, with the right to intervene being left to the Commission excluding the participation of the Council.


Returns have been the fastest growing activity of the agency. Frontex acquired further competences in 2016, mainly including organising and coordinating joint return operations. This resulted to 14,884 persons being  returned in 2017. Returns reached 8,966 from January to August 2018. However, the agency could not enter into the merits of return decisions or provide supporting information.

With the 2018 proposal the agency may now prepare return decisions itself and provide its own return escorts. It may also assist in the acquisition of travel documents, the identification of irregular migrants, and in the development of national return management systems. The central tasks of hosting an operation remain with the member state.

Finally, Frontex will be able to assist non-EU states with their return activities elsewhere, which include mixed return operations with the participation of member states.

Third Countries

Apart from assisting non-EU countries in their own return activities, the cooperation with third countries is strengthened even further. The option to launch an operation in a third neighboring country was introduced in 2016. The new proposal allows a border control operation to be launched in any third country not limited to neighboring countries.

Further, the establishment of ‘disembarkation centres’ on third countries is proposed for migrants intercepted at high sea. The concept of regional disembarkation is developed in contact with UNHCR and the IOM. Notably, Libya has for the moment turned down the idea.

Controlled Centres

Frontex will participate in the deployment of migration management support teams in hotspots and controlled centres. Such centres, to be set up by member states on a voluntary basis, will act as a cetralised location for EU migration management activities and aim to facilitate and accelerate the processing of asylum claims and  the execution of return decisions. All necessary steps should be concluded within a maximum of eight weeks.

Frontex will work there hand in hand with EASO, which also receives an enhanced mandate, assisting in the identification of beneficiaries of international protection and in returns, while EASO will support in the processing of asylum applications.

Supranationalisation and accountability

Even though the enhancement of the powers and competences of Frontex seems to come as a response to ad hoc incentives, such as the ‘migration crisis’ in 2016 or the need for greater effectiveness today, these changes are in fact far from incidental. They reflect the Commission’s longer-term vision for progressive integration that will result in a European Border Guard vested with full operational powers, effectively replacing the national border authorities.

In this respect the Commission proceeds to progressively ask for the increase of the number of available border guards and budget, but it also pushes for amendments that failed to pass the trilateral dialogues already in 2016, such as the right to intervene without the consent of the member state. This is a big leap towards supranationalisation that member states have so far been unwilling to take.

Greater autonomy and control over the operation, however, also moves Frontex closer to the realm of accountability. With growing executive powers and operational mandate, and direct control over the deployed personnel and equipment comes an even greater need for accountability.

This is especially so given the new mandate of the agency, for instance in the area of returns, where Frontex will have the power to prepare return decisions. The Commission emphasizes that the final decision remains upon the member state. However, the complaints concerning EASO, and the beyond its mandate influence on the asylum decision-making process in Greek hotspots, sets a disturbing precedence that should not be underestimated in the case of the EBCG.

Frontex operations are particularly sensitive to human rights violations, and with the individual complaints mechanism, established in 2016, falling remarkably short of the standards of an effective remedy, accountability for Frontex still remains an open end.

Barnard & Peers: chapter 26
JHA4: chapter I:3
Photo credit: European Parliament

Thursday, 4 October 2018

Mobile phone theft and EU eprivacy law: the CJEU clarifies police powers

Lorna Woods, Professor of Internet Law, University of Essex


This week’s CJEU judgment in Case C-207/16 Ministerio Fiscal is part of the jurisprudence on the ePrivacy Directive, specifically Article 15 which broadly allows Member States to permit intrusions into the confidentiality of communications for certain specified reasons.  Article 15 is part of the legal framework for the mass retention of communications data from Digital Rights Ireland (Case C-293/12 and 594/12), EU:C:2014:238) (“DRI”) on and in which the Court has affirmed that retention schemes could be justified only in the case of “serious crime” (Tele2/Watson (Joined Cases C-203/15 and C-698/15), ECLI:EU:C:2016:970).  This left the question of what “serious crime” might be, and whether there would be EU law standards circumscribing the scope of this term. It is this question that the reference here seeks to address, though it should be noted that the facts in issue were very different from those in the earlier cases.


The reference arose in the context of a police investigation relating to the theft of a wallet and a mobile phone.  The police wished to identify the new phone number associated with the stolen phone, as well as the details of persons associated with that new number.  However, Spanish law required that – to access such information – the police must be investigating a serious crime and the domestic courts here found that the facts giving rise to the investigation did not constitute a serious crime according to Spanish law. The reference to “serious crime” can be found in the Court’s case law in DRI, which – considering the right to private life and to data protection in Article 7 and 8 of the EU Charter of Fundamental Rights, set that as a minimum threshold for the retention of communications data en masse by telecommunications operators.

The national court referred a question on the meaning of Article 15(1) of the ePrivacy Directive (Directive 2002/58/EC, as amended) in the light of this jurisprudence.  Article 15 allows Member States to restrict some of the rights granted by the ePrivacy Directive in the interests of, inter alia, the prevention, investigation, detection and prosecution of criminal offences.  The national court asked whether the use of length of sentence available for a crime can be used to determine whether ‘it is also necessary to identify in the criminal conduct particular levels of harm to individual and/or legally protected interests’?  If length of sentence period alone suffices, is there a minimum in order to comply with the requirements of DRI?


The first issue before the Court was that of its jurisdiction to hear the question. Both the Spanish and UK governments argued that the Court did not have jurisdiction because criminal law is excluded from the scope of the Data Protection Directive (Art 3(2)) and the ePrivacy Directive (Art 1(3)).  The Court referred, however, to its previous judgments in this field, to hold that legislative measures derogating from the rights in the ePrivacy Directive based on Article 15 still come within its scope even if the measures pursue objectives which overlap substantially with the fields excluded from the ePrivacy Directive by Article 1(3). [para 34]  It concluded, relying on Tele 2/Watson, that the scope of the ePrivacy Directive:

extends not only to a legislative measure that requires providers of electronic communications services to retain traffic and location data, but also to a legislative measure relating to the access of the national authorities to the data retained by those providers [para 35].

The Court also dismissed other submissions on admissibility made by the Spanish government, re-iterating its long-standing position that ‘where the questions put by national courts concern the interpretation of a provision of EU law, the Court is, in principle, bound to give a ruling’ [para 45].

The Court considered the two questions referred by the Spanish court together. The Court specified that the question in issue did not relate to the compliance of the communications service providers with the law but ‘whether, and to what extent, the objective pursued by the legislation .. is capable of justifying the access of the public authorities, such as the police, to the data…’ [para 49]. The Court reiterated the approach taken by its Advocate-General to hold that there would be an interference through such access, even if such interference was not serious, nor the data accessed sensitive.

The Court noted that the list of objectives for the purpose of Article 15 ePrivacy Directive is exhaustive and that the authorities’ need for access must genuinely correspond to one of those objectives.  Article 15 does not, however, limit access to the fight against serious crime – it refers to criminal offences generally. The reference to “serious” comes from the Court’s case law where it was dealing with situations involving a serious interference with the right to private life.

By contract, when the interference that such access entails is not serious, that access is capable of being justified by the objective of preventing, investigating, detecting and prosecuting ‘criminal offences’ generally [para 57].

The Court then redefined the object of its considerations to the question of whether the interference in this case was ‘serious’.  Since the data sought related only to a short period of time and could not be cross referenced with other data, precise conclusions regarding the private lives of the persons in issue could not be drawn. Therefore there was not a serious interference with the individuals’ right to private life.


This judgment could be described as tactical.  The Court has re-iterated that it does have jurisdiction in these areas covered by Article 15. Although earlier jurisprudence on the ePrivacy Directive distinguished between the commercial operators’ obligation to retain data (falling within the internal market) and access by the police to those data, the Court did not limit its power of review in Tele2/Watson along those lines, and it followed that Tele2/Watson approach here.  Access to the data by state authorities requires processing by the telecommunications operators (see para 37). 

At the same time the Court stepped away from the difficult question, through its reformulation of what the referring court asked.  In so doing, it avoided the issue not just of what “serious crime” is, but that of whether “serious crime” is an autonomous EU concept.  In this the Court followed its Advocate General (Opinion 3 May 2018, ECLI:EU:C:2018:300) who went as far as to argue that “criminal law” should not be an autonomous concept of EU law.  While it avoided this question, and indirectly answered the question as to whether access to communications data for anything less than serious crime is permissible under EU law, it has not helped the Spanish court which is faced with a national law that specifically refers to a threshold of seriousness. Moreover, in emphasising its proportionality argument to suggest that the access for less serious crimes could be permissible, there is a danger that this may be read as saying that national laws should so allow access – an interpretation which would oversteps the bounds of its competence just as much as defining “serious crime” would.

The judgment re-iterates that Articles 7 and 8 of the Charter are engaged whether or not the interference is deemed serious or not; equally, the ruling recognises that there may be different levels of intrusion that need greater or lesser justifications.  Here the data sought was limited in type, and related to a limited period of time. The question of what is intrusive, especially in the context of the use of predictive analytics, has not yet been fully answered. 

The Court’s emphasis on its previous caselaw, notably Tele2/Watson as well as DRI, may be seen as trying to build a consistent approach within this case law and also reaffirming the principles laid down in those cases.  This judgment can then be seen as a re-affirmation of the approach in Tele2/Watson, which might be significant in the light of pending references seeking to ask the court to resile from its position there, notably the questions referred by the IPT in the Privacy International litigation (Case C-623/17, pending) regarding the scope of exclusive Member State competence as regards national security.

One final point is about the implications of the Court’s ruling on recent English caselaw – the Court of Appeal in Watson ([2018] EWCA Civ 70) and the Divisional Court in Liberty ([2018] EWHC 975 (Admin)).  In Liberty, the Government argued, successfully, that a category of communications data in the Investigatory Powers Act, “entity data”, did not fall within the ePrivacy Directive and therefore the ruling in Tele2/Watson as it was neither "traffic data" or "location data" within Article 2.  The Court declared the matter acte clair and refused to make a reference to the Court of Justice (Liberty, paras 154-55).  Yet, the very data that the Spanish authorities were seeking in the case before the Court of Justice were those that would identify the users of a phone, not the details of those users’ communications. The Spanish Government put forward a similar argument, but the Court declared this to be “irrelevant” [para 40]. Expressly following its Advocate General, the Court held that the ePrivacy Directive “governs all processing of personal data in connection with the provision of electronic communications services” [para 41].  This holding throws some doubt on the Divisional court’s view both as to the scope of the ePrivacy Directive and certainly the fact that the interpretation of the directive is acte clair.

Barnard & Peers: chapter 9
JHA4: chapter II:7

Photo credit: PixelVulture

Friday, 21 September 2018

Crushing terrorism online – or curtailing free speech? The proposed EU Regulation on online terrorist content

Professor Lorna Woods, University of Essex

On 12th September 2018, the Commission published a proposal for a regulation (COM(2018) 640 final) aiming to require Member States to require certain internet intermediaries to take proactive if not pre-emptive action against terrorist content on line as well as to ensure that state actors have the necessary capacity to take action against such illegal content. It is described as “[a] contribution from the European Commission to the Leaders’ meeting in Salzburg on 19-20 September 2018”. The proposal is a development from existing voluntary frameworks and partnerships, for example the EU Internet Forum, and the non-binding Commission Recommendation on measures to effectively tackle illegal content online ((C(2018)1177 final), 1st March 2018) and its earlier Communication on tackling illegal content online (COM(2017) 555 final). In moving from non-binding to legislative form, the Commission is stepping up action against such content; this move may also be seen as part of a general tightening of requirements for Internet intermediaries which can also be seen in the video-sharing platform provisions in the revised Audiovisual Media Services Directive and in the proposals regarding copyright. Since the proposal has an “internal market” legal base, it would apply to all Member States.

The Proposal

Article 1 of the proposed Regulation sets out its subject matter, including its geographic scope.  The scope of the proposed regulation is directed to certain service providers, “hosting service provider” in respect of specified content “illegal terrorist content”.  Terms are defined in Article 2. Article 2(1) defines “hosting service provider” (HSP) as “a provider of information society services consisting in the storage of information provided by and at the request of the content provider and in making the information stored available to third parties”. The definition of illegal terrorist content found in Article 2(5) is one (or more) of the following types of information:

(a) inciting or advocating, including by glorifying, the commission of terrorist offences, thereby causing a danger that such acts be committed;
(b) encouraging the contribution to terrorist offences;
(c) promoting the activities of a terrorist group, in particular by encouraging the participation in or support to a terrorist group within the meaning of Article 2(3) of Directive (EU) 2017/541
(d) instructing on methods or techniques for the purpose of committing terrorist offences.

The format does not matter: thus terrorist content can be found in text, images, sound recordings and videos.

Article 3 specifies the obligations of the HSPs. In addition to a specific obligation to prohibit terrorist content in their terms and conditions, HSPs are obliged to take appropriate, reasonable and   proportionate actions against terrorist content, though those actions must take into account fundamental rights, specifically freedom of expression.

Article 4 introduces the idea of a removal order, and requires that the competent authorities of the Member States are empowered to issue such orders; requirements relating to removal orders are set out in Article 4(3).  It does not seem that the issuing of such orders require judicial authorization, though the Regulation does envisage mechanisms for HSPs or the “content provider” to ask for reasons; HSPs may also notify issuing authorities when the HSP views the order as defective (on the basis set out in Article 4(8)), or to notify the issuing authority of force majeure. Article 4(2) states:

Hosting service providers shall remove terrorist content or disable access to it within one hour from receipt of the removal order.

The regulation also envisages referral orders; these do not necessitate the removal of content, nor – unlike the position for removal orders – does it specify deadlines for action. On receipt of a referral order, a HSP should assess the notified content for compatibility with its own terms and conditions. It is obliged to have in place a system for carrying out such assessments. There is also an obligation in Article 6 for HSPs in appropriate circumstances to take (unspecified) effective and proportionate proactive measures and must report upon these measures. Article 6 also envisages the possibility that competent authorities may – in certain circumstances – require a hosting service provider to take specified action.

Article 7 requires hosting service providers to preserve data for certain periods.  The hosting service provider is also required to provide transparency reports as well as to operate within certain safeguards specified in Section III, including transparency reporting, human oversight of decisions, complaints mechanisms and information to content providers – these are important safeguards to ensure that content is not removed erronously.  Section IV deals with cooperation between the relevant authorities and with the HSPs.  Cooperation with European bodies (e.g. Europol) is also envisaged.  As part of this, HSPs are to establish points of contact.

The Regulation catches services based in the EU but also those outside it which provide services in the EU (with jurisdiction in relation to Article 6 (proactive measures), 18 (penalties) and 21 (monitoring) going to the Member State in which the provider has its main establishment) and should designate a legal representative. The Member State in which the representative is based has jurisdiction (for the purposes of Articles 6, 18 and 21). Failure so to designate means that all Member States would have jurisdiction.  Note that as the legal form of the proposal is a Regulation, national implementing measures would not be required more generally.

Member States are required to designate competent authorities for the purposes of the regulation, and also to ensure that penalties are available in relation to specified articles such penalties to be effective, proportionate and dissuasive.  The Regulation also envisages a monitoring programme in respect of action taken by the authorities and the HSPs.  Member States are to ensure that their competent authorities have the necessary capacity to tackle terrorist content online.

Preliminary Comments

The proposal is in addition to the Terrorism Directive, the implementation date for which is September 2018.  That directive includes provisions requiring the blocking and removal of content; is the assumption that – even before they are require legally to be in place – these provisions are being seen as ineffective.

This is also another example of what seems to be a change in attitude towards intermediaries, particularly those platforms that host third party content.  Rather than the approach from the early 2000s – exemplified in the e-Commerce Directive safe harbour provisions – that these providers are and to some extent should be expected to be content-neutral, it now seems that they are being treated as a policy tool for reaching content viewed as problematic.  From the definition in the Regulation, it seems that some of the HSPs could have – provided they were neutral -fallen within the terms of Article 14 e-Commerce Directive: they are information society service providers that provide hosting services.  The main body of the proposed regulation does not deal with the priority of the respective laws but in terms of the impact on HSPs, the recitals claim

“any measures taken by the hosting service provider in compliance with this Regulation, including any proactive measures, should not in themselves lead to that service provider losing the benefit of the liability exemption provided for in that provision.  This Regulation leaves unaffected the powers of national authorities and courts to establish liability of hosting service providers in specific cases where the conditions under Article 14 of Directive 2000/31/EC for liability exemption are not met”.

This reading in of what is effectively a good Samaritan saving clause follows the approach that the Commission had taken with regard to its recommendation – albeit in that instance without any judicial or legislative backing.  Here it seems that the recitals of one instrument (the Regulation) are being deployed to interpret another (the e-Commerce Directive). 

The recitals here also specify that although Article 3 puts HSPs under a duty of care to take proactive measures, this should not constitute ‘general monitoring’; such general monitoring is precluded according to Article 15 e-Commerce Directive. How this boundary is to be drawn remains to be seen. Especially as the regulation envisages prevention of uploads as well as swift take-downs. Further, recital 19 also recognises that

“[c]onsidering the particularly grave risks associated with the dissemination of terrorist content, the decisions adopted by the competent authorities on the basis of this Regulation could derogate from the approach established in Article 15(1) of Directive 2000/31/EC, as regards certain specific, targeted measures, the adoption of which is necessary for overriding public security reasons”.

This is a new departure in the interpretation of Article 15 e-Commerce Directive.

The Commission press release suggests the following could be caught: social media platforms, video streaming services, video, image and audio sharing services, file sharing and other cloud services, websites where users can make comments or post reviews. There is a limitation in that the content hosted should be made available to third parties. Does this mean that if no one other than the content provider can access the content, the provider is not an HSP?  This boundary might prove difficult in practice.  The test does not seem to be one of public display so services where users who are content providers can choose to let others have access (even without the knowledge of the host) might fall within the definition. What would be the position of a webmail service where a user shared his or her credentials so that others within that closed circle could access the information? Note that the Commission is also envisaging services whose primary purpose is not hosting but which allows user generated content– e.g. a news website or even Amazon – also fall within the definition. 

The scope of HSP is broad and may to some extent overlap with that of video-sharing platforms or even audiovisual media service providers for the purposes of the Audiovisual Media Services Directive (AVMSD).  Priorities and conflicts will need to be ironed out in that respect. The second element of this broadness is that the HSP provisions are not just applying to the big companies, the ones to some extent already cooperating with the Commission, but also to small companies. In the view of the Commission terrorist content may be spread just as much by small platforms as large.  Similar to the approach in the AVMSD, the Commission claims that the regulatory burden will be proportionate as the proportionality with mean the level of risk as well as the economic capabilities would be taken into account. 

In line with the approach in other recent legislation (e.g. GDPR, video-sharing platforms provisions in AVMSD) the proposal has an extraterritorial dimension. HSPs would be caught if they provide a service in the EU.  The recitals clarify that “the mere accessibility of a service provider’s website or of an email address and of other contact details in one or more Member States taken in isolation should not be a sufficient condition for the application of this Regulation” [rec 10]; instead a substantial connection is required [rec 11]. Whether this will have a black out effect similar to the GDPR remains to be seen; it may depend on whether the operator is aware enough of the law; how central the hosting element is and how large a part of its operations the EU market is.

While criminal law, in principle, is a matter for Member States, the definition of terrorist content relies on a European definition – though whether this definition is ideal is questionable.  For companies that operate across borders, this is presumably something of a relief (and as noted above, the proposal is based on Article 114 TFEU, the internal market harmonisation power).  The Commission also envisages this a mechanisms limiting the possible scope of the obligations – only material that falls within the EU definition falls within the scope of this obligation – thereby minimising impact on freedom of expression (Proposal p. 8).  Whether national standards will consequently be precluded is a different question.  Note that the provisions in the AVMSD that focus on video sharing platforms were originally envisaged as maximum harmonisation but, as a result of amendments from the Council, retuned to minimum harmonisation (the Council amendments also introduced provisions on terrorist content into the AVMSD based on the same definition).

The removal notice is a novelty aimed at addressing differential approaches in the Member States in this regard (an on-going problem within the safe harbour provisions of the e-Commerce Directive), but also to ensure that such take down requests are enforceable.  Note, however, that it is up to each Member State to specify the competent authorities, which may give rise to differences between the Member States, perhaps also indicating differences in approach.  The startling point is probably the very short timescale: 1 hour (a complete contrast to the timing for example specified in the UK’s Terrorism Act 2006).  The removal notices have been a source of concern.  This is not very long which will mean that - especially with non-domestic providers and taking into account time differences - HSPs will need to think how to man such a requirement (unless the HSPs plan to automate their responses to notices), especially if the HSP hopes to challenge ‘unsatisfactory’ notices (Art 4(8)). 

Given the size of the penalties in view, industry commentators have suggested that all reported content will be taken down.  This is certainly would be a concern in relation to situations where the HSPs had to identify terrorist content (ie ascertain not just that it was in a certain location but also that it met the legal criteria) themselves.  Is it not the case that this criticism is fully appropriate here.  Here, HSPs are not having to decide whether or not the relevant content is terrorist or not- the notice will make that choice for them.  Further, the notice is made not by private companies with a profit agenda but instead by public authorities (presumably) orientated to the public good and with some experience in the topic as well as in legal safeguards.  Furthermore, the authority must include reasons. Indeed, the Commission is of the view that referrals are limited to the competent authorities which will have to explain their decisions ensures the proportionality of such notices (Proposal p. 8). Nonetheless, a one hour time frame is a very short period of time.

Another ambiguity arises in the context of referral notices. It seems that the objective here is to put the existing voluntary arrangements on a statutory footing but with no obligation on the HSP to take the content down within a specified period. Rather the HSP is to assess whether the content referred is compatible with the HSPs terms of service (not whether the content is illegal terrorist content).  Note this is a different from the situation where the HSP discovers the content itself and there has been no official view as to whether the content falls within the definition of terrorist content or not. This seems rather devoid of purpose: relevant authorities have either decided that the content is a problem (in which case the removal notice seems preferable as the decision is made by competent authorities not private companies) or the notice refers to content which is not quite bad enough to fall with the content prohibited by the regulation but the relevant authorities would still like it down, with the responsibility for that decision being pushed on to the HSP. Such an approach seems undesirable.

Article 6 requires HSPs to take effective proactive measures.  These are not specified in the Regulation, and may therefore allow the HSPs some leeway to take measures that seem appropriate in the light of each HSP’s own service and priorities, though it seems here that there may also be concerns about the HSPs’ interpretation of relevant terrorist content.  It is perhaps here that criticisms about the privatisation of the fight against terror comes to the fore.  Note, however that Article 6(4) allows a designated authority to impose measures specified by the authority on the HSP.  Given that this is dealt with at the national level, some fragmentation across the EU may arise; there seems to be no cooperation mechanism or EU coordination of responses under Article 6(4).

There is also the question of freedom of expression. Clearly state mandated removal of content should be limited, but it is the intention that HSPs have no freedom to remove objectionable content for other reasons. At some points, the recitals suggest precisely this: “hosting service providers should act with due diligence and implement safeguards, including notably human oversight and verifications, where appropriate, to avoid any unintended and erroneous decision leading to removal of content that is not terrorist content” [rec 17]. Presumably the intention is that HSPs should take steps to avoid mistakenly considering content to be terrorist.  They clearly are under obligations to take other forms of content down, e.g. child pornography and hate speech. 

More questionable is the position with regard other types of content: the controversial and the objectionable, for example.  As private entities human rights obligations do not bite on them in the same way as they do with regards to States, so there may be questions about the extent to which a content provider can claim freedom of expression against an unwilling HSP (e.g. for Mastodon, the different instances have different community standards set up by that community - should those communities not be entitled to enforce those standards (providing that they are not themselves illegal)?).  There may moreover be differences between the various Member States as to how such human rights have horizontal effect and the deference given to contractual autonomy.  With regard to the video sharing platforms, it seems that room is given to the platforms to enforce higher standards if they so choose; there is not such explicit provision here.

A final point to note is the size of the penalties that are proposed.  The proposal implicitly distinguished between one-off failings and a ‘systematic failure to comply with obligations’.  In the latter cases, penalties of up to 4% of global turnover- in this there are similarities to the scale of penalties under the GDPR.  This seems to be developing into a standard approach in this sector.

Barnard & Peers: chapter 25, chapter 9
JHA4: chapter II:5
Photo credit: Europol