Sunday, 5 December 2021

The external representation of the European Union in the International Maritime Organization: A Question of Labelling rather than of EU Competence

 



Cathleen Berg, doctoral student, University of Bayreuth

On 25 November 2021, Advocate General (‘AG’) Szpunar delivered his Opinion in an action for annulment brought by the Commission against the Council (Case C-161/20). The Opinion exemplifies the conflict of interests between the European Union (‘EU’) and the Member States when it comes to exercising their external competences within the framework of an international organisation in which the EU can participate neither as a member nor as an observer. If the Court of Justice follows AG Szpunar’s reasoning, the present Case will have the potential to change the assessment as to who (the Commission or the Member States) represents the Union interest in committees of the International Maritime Organization (‘IMO’). Moreover, it will presumably reinforce the Commission’s ambition to strive for a change of the IMO legal framework in order to allow the EU to become a member or at least an observer.

Background

The issue raised by the Commission concerns the power to submit proposals to a committee of an international organisation in which the EU can participate neither as a member nor as an observer. The EU cannot become an IMO member because, according to the IMO Convention, membership is open to States only. Usually, if the EU cannot exercise its external competence because the international organisation does not allow it to become a member or an observer, the Member States exercise the EU competence acting jointly in the EU interest (para 64 of the Opinion; cf. also Opinion 2/91). In particular, Member States must refrain from submitting a national proposal to an international committee when the proposal could affect common rules (see Case C-45/07).

Due to some Member States’ opposition to grant the European Community the status as IMO observer, only the European Commission became an IMO observer in 1974 when it concluded a Cooperation Agreement with the IMO (cf. Article 66 of the IMO Convention). As observer, the Commission has the right to participate in the work of the IMO and its committees. However, unlike the Member States which enjoy full IMO membership, the Commission has no right to vote. Yet, this does not prevent the Commission from acting as the Union representative with reference to the sixth sentence of Article 17(1) TEU, which reads: ‘With the exception of the common foreign and security policy, and other cases provided for in the Treaties, it [the Commission] shall ensure the Union's external representation.’ Therefore, the Commission consistently strives to coordinate the Member States’ positions when EU external competence is involved and to ensure that the common position is presented in IMO committees on the EU’s behalf. However, Member States in practice occasionally depart from the common position.

The Commission’s action: The Commission wants the EU interest to be included and the Member States to be excluded

In the present case, the Marine Environment Protection Committee (‘MEPC’) of the IMO instructed the Intersessional Working Group on Reduction of GHG Emissions from Ships in 2019 to develop life cycle greenhouse gas (‘GHG’)/carbon intensity guidelines for all relevant types of fuels. In the same year, the Intersessional Working Group ‘invited interested Member States and international organizations to cooperate and submit proposals for draft guidelines on life cycle GHG/carbon intensity for all relevant types of fuels’ (para 29). The submissions were supposed to function as an inspiration for future guidelines on life cycle GHG/carbon intensity which the MEPC considered as a preparation for an implementation programme for effective uptake of alternative low-carbon and zero-carbon fuels. In response to the invitation, the Permanent Representatives Committee (Coreper) endorsed, on 5 February 2020, a submission on behalf of the Member States and the European Commission. This submission was transmitted to the Intersessional Working Group by the Presidency of the Council shortly after. In doing so, Coreper did not follow a suggestion by the Commission to submit a proposal for guidelines ‘by the Commission on behalf of the European Union’, thereby leaving the Member States out. In particular, the Commission considered that the area addressed by the proposal was covered to a large extent by common rules of the EU and that the EU, therefore, had the exclusive external competence under Article 3(2) TFEU (‘ERTA doctrine’). According to the Commission, a proposal ‘on behalf of the Member States’ could not sufficiently demonstrate that the Member States act in the Union interest.

In Case C-161/20, the Commission challenged the Council decision endorsing the submission on two grounds. First, the Commission argued that the proposal was submitted in breach of the EU exclusive competence under Article 3(2) TFEU and that, therefore, the proposal should have been issued ‘by the European Commission on behalf of the European Union‘. The Council contended that EU exclusive competence only covered a part of the submission, while the remainder fell under shared competence of the EU and the Member States. Second, the Commission alleged a breach of its institutional prerogatives under Article 17(1) TEU insofar as the Council decision entrusted the Presidency of the Council with transmitting the proposal.

A triviality? By no means! Although the submission did not constitute a binding decision establishing the positions to be adopted on the Union's behalf within the meaning of Article 218(9) TFEU, the present case concerns the fundamental issue of the discrepancies between the international legal order and the European Union legal order. In his Opinion, AG Szpunar, first, addressed the alleged infringement of Article 17(1) TEU, before turning to the question of the nature of EU competence regarding the proposal.

Infringement of Article 17(1) TEU: EU interest vs. obligation to exercise EU external competence in observance of international law

The particularities of the external representation of the Union interest in the IMO arise from the twofold status of the Commission. On the one hand, the sixth sentence of Article 17(1) TEU, as such, only refers to the prerogatives of the Commission acting as an EU organ. On the other hand, the Commission has the status as IMO observer, however, without being considered to act as the representative of the EU.

AG Szpunar tried to resolve the discrepancy between, on the one hand, the IMO rules, preventing the EU from directly participating in the IMO, and on the other hand, the internal rules in the Treaties on the division of external powers and their exercise, by referring to the case-law of the Court of Justice, according to which the Union must exercise its powers in observance of international law (para 64; see Antarctica Cases). The AG examined whether the disputed submission could have been transmitted as a Union act in line with the IMO rules, the Union being represented by the Commission (para 72 et seq). However, the AG denied the admissibility of such course of action by strictly limiting the right to participate in the IMO to the Commission as observer. In particular, he rejected the Commission’s argument that it can be inferred from the Lisbon Treaty, which provided for the substitution of the European Community by the EU, that the Commission’s status as observer means that the Commission acts as an organ of the EU and that, therefore, proposals in the name of the Commission can be considered as proposals of the EU (para 74 et seq). According to the AG, the invitation from the Intersessional Working Group to submit proposals did not extend to international organisations without any rights in the IMO. In fact, the invitation required the power to participate effectively in the Working Group, which the EU lacks (para 78).

Having denied the possibility of submitting the proposal on behalf of the EU, the wording of Article 17(1) TEU suggests that it is not applicable in the case that the EU cannot act on its own behalf (para 81 et seq). AG Szpunar pointed out that there is a significant difference between, on the one hand, the Member States acting in the Union interest, but in their own name, and, on the other hand, the Member States acting as representatives of the EU (cf. Article 7 of the Vienna Convention on the Law of Treaties) (para 84). When the Member States act in their own name, they are free to choose whom they want to entrust with transmitting the proposal (in the present case, the Presidency of the Council and not the Commission) (para 85).

Nevertheless, the AG added that the Member States were obliged under the principle of sincere cooperation (see Article 4(3) TEU) and the principle of acting in good faith to inform the third parties involved that the Member States act in the Union interest (para 88). This follows from the fact that the Member States do not act ‘fully autonomous[ly]’ when they act in the Union interest (para 88). However, the obligation to act in the Union interest does not go as far as to oblige the Member States to include ‘on behalf of the EU’ in the heading of the submission as the external partners could reject such a submission (para 89). It is sufficient that the external partners can infer from the context that the Member States act in the Union interest (para 90).

The AG’s reasoning resembles the findings of the Court in the Antarctica Cases where the Court held that the EU did not enjoy a fully autonomous status in the Antarctic Treaty and that, therefore, it had to involve the Member States in submitting a proposal in the framework of the Canberra Convention. Yet, in contrast to the Antarctica Cases, AG Szpunar sought to restrict the scope of Member States’ action and not the exercise of EU external competence. The Court’s reasoning in the Antarctica Cases seems to evolve more and more into a generally applicable standard which does not seem to be restricted to specific cases with specific contexts (as was hoped for by many scholars). Arguably, it is also not restricted to favouring the Member States, but can also be applied in favour of the EU (cf. recently Opinion 1/19, where the risk of incurring international responsibility did not preclude the Union from exercising its competence without the consent of all Member States). The present case is based on the conflict between, on the one hand, the protection of the EU interest and, on the other hand, the obligation to exercise the EU external competences in observance of international law. Both principles govern the exercise of the EU external competences. The AG favoured the observance of international law over the protection of the EU interest (cf. para 92). Observing international law meant, therefore, that the proposal could not be submitted on behalf of the EU.

The (im)possibility to act on behalf of the EU does not depend on the nature of EU competence

The AG suggested that determining whether the EU competence was exclusive or shared with the Member States was not important to decide whether the proposal could have been submitted by the EU itself (paras 50, 97). Therefore, it is not a question of competence to determine whether a proposal can be submitted on behalf of the EU. It is rather a question of labelling a submission to the Intersessional Working Group the right way as to reconcile the IMO rules and the rules of the Treaties. AG Szpunar denied an ‘ERTA effect’, anyway, as there was no risk of common rules being affected by the mere prospect that future guidelines could inspire the EU to amend the common rules (para 153 et seq). Neither did he assume an exclusive competence under the second part of Article 3(2) TFEU (para 158 et seq). Consequently, he rejected the Commission’s plea alleging breach of exclusive EU competence under Article 3(2) TFEU.

The AG’s conclusion: Rather let the Member States represent the EU interest than the Commission?

The AG implied that the Union has only shared competence in the area covered by the disputed submission, without explicitly stating the legal basis for this competence (para 164). In line with settled case-law, he concluded that the Union can exercise the shared competence alone (para 164; see C-600/14). However, and this seems rather puzzling, he explained that ‘the Commission’s weaker status compared to that of the EU Member States in the IMO constitutes an argument in favour of the participation of the Member States in the exercise of the Union’s external competence.’ (para 164). He explicitly referred to the Antarctica Cases where the Court held that the Union could not submit a proposal in the framework of the Canberra Convention without the Member States due to special obligations and responsibilities of some Member States as parties to the Antarctic Treaty. However, comparing the status of the Member States in the IMO with their status in the Antarctic Treaty seems questionable. In the Antarctica Cases, the EU had acceded to the Canberra Convention whereas it cannot become an IMO member. Furthermore, it could be argued that the Commission as such has no right to vote in the IMO and that, therefore, it is not able to exercise the EU competence alone in the IMO in the first place.

AG Szpunar’s Opinion has surely dashed the Commission’s hopes of driving the Member States out of the representation of the Union interest in the IMO. In fact, the Commission’s status in the IMO appears to be even weaker than before. It is, therefore, for the Court to decide on who will represent the EU interest in the IMO in the future.

Barnard & Peers: chapter 24

Photo credit: Tagishsimon, via Wikicommons

Consumer law and the GDPR: Case C-319/20 Facebook Ireland - Opinion of the Advocate General


 


 

Lorna Woods, Professor of Internet Law, University of Essex

 

Facts

 

The Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband e.V. (Federation of German Consumer Organisations) sought to bring an action before the German courts arguing that Facebook, in the context of making free, third party games available on its platform, contravened data protection rules by not giving adequate information about the data collected and this also constituted a violation of rules on unfair competition and on consumer protection. It brought this action before the Bundesgerischtshof, which court had doubts as to whether the federation had standing given the entry into force of the GDPR. It referred questions on this issue to the CJEU.

 

As the Advocate General phrased the question, the issue was whether Article 80(2) GDPR

 

precludes consumer protection associations from retaining, following the entry into force of that regulation, the standing to bring proceedings that national law confers on them in order to obtain injunctions against conduct that constitutes both an infringement of the rights conferred by that regulation and an infringement of the rules designed to protect consumer rights and to combat unfair commercial practices [para 4]

 

In Germany, the standing of the federation would not have been in doubt prior to the introduction of the GDPR; the question is whether it has been altered by the GDPR and, specifically, whether the GDPR exhaustively provides for the mechanisms by which its provisions are enforced so that it precludes national legislation which allows consumer protection bodies to bring actions against those allegedly responsible for an infringement of personal data, relying on other causes of action.

 

Opinion

 

The Advocate General’s opinion commenced by noting that, since the Federation had not been mandated by a data subject to bring the action, the relevant provision was Article 80(2) GDPR. The Court has considered a similar question in relation to the data Protection Directive in Fashion ID. It found that Articles 22-24 of the Data Protection Directive “must be interpreted as not precluding national legislation which allows consumer-protection associations to bring … legal proceedings against a person allegedly responsible for an infringement of the protection of personal data” [para 63 Fashion ID, cited para 44]. The Directive neither required Member States to give such organisations standing to bring a data protection action, but nor did it expressly preclude it. Indeed, the provision of such a possibility contributed to the objectives of the Data Protection Directive.  So, the question is – has anything changed?

 

The Advocate General considered the characteristics of the GDPR. The fact that it is in the form of a regulation (by contrast to the previous directive) suggests a tendency towards full harmonisation rather than the minimum standards found in the Data Protection Directive. However, as the Advocate General pointed out, “[t]he truth is more complex” [para 51]. He pointed to the legal base for the GDPR: Art 16 TFEU which

 

“precludes the view that in adopting [the GDPR] the European Union would have pre-empted all the ramifications which the protection of personal data may have in other areas relating, in particular, to employment law, competition law or even consumer law, by depriving Member States of the possibility of adopting specific rules in those areas ….” [para 51]

 

Data protection has a cross-sectoral impact but the harmonisation does not cover all of these areas. Moreover, the intensity of the harmonisation is not uniform across the GDPR. The use of a regulation does not necessarily mean that Member States have no scope for action [para 53].

 

Against this background we seen that Article 80(2) is “optional” – it uses the word ‘may’ [para 54]. Interpreting the scope of Article 80(2) the Advocate General considered that the entities listed there could not be limited  to those entities whose sole and exclusive object is data protection, but “extends to all entities which pursue an objective in the public interest that is connected with the protection of personal data” [para 61]. He also argued that other aspects of Article 80(2) should not be interpreted restrictively, so that the entity should not be required to show specific existing cases of persons affected by the processing.

 

Rather, all that is required is an allegation of an infringement of the provisions designed to protect individual rights. The objective of the provision is to give the bodies the ability to have a competent body check whether the rights-granting provisions of the GDPR are being complied with; the emphasis is on the protection of the collective interests of consumers. This viewpoint is supported also by the approach in Directive 2020/1828 on consumer injunctions (see especially recital 15). This is the position in this case, in which the federation seeks an injunction against Facebook Ireland [para 70].

 

More generally, he argued that

 

“[i]t would be contrary to the objective of ensuring a high level of protection of personal data if the Member States were precluded from putting in place actions which, while pursuing an objective of protecting consumers, also help to achieve the objective of protecting personal data” [para 75].

 

The defence of collective interests of consumers is, in the view of the Advocate general, particularly suited to the establishment of a high level of data protection and a narrow interpretation of Article 80(2) would interfere with the preventative function of actions brought by such bodies. An injunction, as in issue here, contributes to the effective protection of rights.

 

While the laws pertaining to data protection and consumer law have developed separately, there are interactions between the two areas; a similar point can be made in relation also to competition law: the same conduct can simultaneously be covered by all three regimes. While consumers are different from data subjects, these also overlap. This leads to ‘complementarity and convergence’ between these different areas of law and these may mutually strengthen protection.

 

In sum, Article 80(2) did not preclude legislation that allowed these entities to bring an action in the interest of enforcement of data protection rights.

 

Comment

 

The end point in this, especially given Fashion ID, is not so surprising, though we will – of course – need to wait for the Court’s judgment on this. It is noticeable that the Advocate General goes to some lengths to emphasise that although the GDPR is a regulation, it is not closed, and especially not where the higher levels of protection for data are concerned.  The implication of the Advocate General’s reasoning is of course that each clause will need to be considered on its own terms, but always in the light of the objectives of the GDPR and the need to ensure a high level of protection. Here, the impact of the regulation’s legal base should be noted; the reference to high levels of protection is not just verbiage but has been used as a motivating force in the reasoning of the Advocate General.

 

Another point of interest is the recognition of the interplay between the different types of law: data protection, consumer and even competition law. The Advocate General has used this interplay to strengthen protection, rather than assigning types of law to silos, and potentially thereby undermining protection. The approach of the Advocate General seems right – as he notes, the same conduct may fall within each of these rules. There is overlap, but it raises the question more broadly of the need for cooperation between at least the regulators in each of the fields.  This approach is also noteworthy as it illustrates support for attempts to deal – using a range of different legal mechanisms -with problems relating to the super-dominant ICT business built on user data. This is particularly significant given the perceived weakness in effective data protection regulation in some Member States.

 

Photo credit: Johnscotaus, via Wikimedia Commons



Tuesday, 30 November 2021

The proposed EU regulation of political advertising


 

 Lorna Woods, Professor of Internet Law, University of Essex

 

As envisaged by the European Democracy Action Plan (EDAP), the European Commission has published a proposal for a Regulation on the Transparency and Targeting of Political Advertising (COM (2021) 731 final).  It contains two main sets of rules:

 

  • rules on transparency of political ads; and
  • rules on targeting and amplification of adverts based on use of personal data.

 

It applies to broadly two sets of actors:

  • those who are responsible for the ad campaign
  • those who publish, broadcast or otherwise make available the adverts.

 

While the proposal sits against the EDAP as well as the 2018 election package, it links specifically with two measures:

  • the General Data Protection Regulation (GDPR); and
  • the Digital Services Act (DSA).

 

The first chapter deals with the scope of the Regulation and includes definitions. Notably, Article 2(2) specifies that ‘political advertising’ means

 

the preparation, placement, promotion, publication or dissemination, by any means, of a message:

(a)        by, for or on behalf of a political actor, unless it is of a purely private or a purely commercial nature; or

(b)        which is liable to influence the outcome of an election or referendum, a legislative or regulatory process or voting behaviour.

 

In this, the definition is including the process of advertising in scope, though individual adverts will be caught as well.

 

Chapter II of the proposed regulation contains the provisions relating to transparency. Article 4 starts with a general principle:

 

Political advertising services shall be provided in a transparent manner in accordance with the obligations laid down in Articles 5 to 11 and 14 of this Regulation.

 

‘Political advertising service’ is defined (Art 2(5)) – essentially a service consisting of the provision of political ads (with the exception of online intermediary service within the meaning of the DSA). Recital 26 states that ‘providers of political advertising services should be understood as comprising providers involved in the preparation, placement, promotion, publication and dissemination of political advertising’ – and reflects the approach in Article 2(2). It would seem that Article 4 bites on all these actors. 

 

The specific obligations regarding transparency are:

 

  • identification of political advertising services (Art 5);
  • record keeping regarding (for five years) of the ad or campaign to which the services are connected; the services provided; the amounts received and the identity of the sponsor with its contact details and this information is to be transmitted to the ‘political advertising publisher’ (Art 6);
  • transparency requirements for each ad, including a transparency notice (and there are discrete obligations on ‘political advertising publishers’ to check this information is present and complete) (Art 7);
  • inclusion of data on benefits received for these services in annual financial statements (Art 8);
  • the making available by publishers of mechanisms to enable individuals to notify advertising publishers of advertisements which do not comply (Art 9);
  • transmission on their request to national authorities of the information in Articles 6-8 (Art 10); and
  • the transmission of the information in Article 6 to ‘interested entities’ where ‘interested entities’ means: vetted researchers (within the DSA’s meaning); members of a civil society organisation whose statutory objectives are to protect and promote the public interest; political actors as authorised under national law; or national or international electoral observers.

 

Chapter III focusses on the targeting and amplification of political advertising.  Article 2(8) provides a definition of ‘targeting or amplification techniques’ as

 

‘techniques that are used either to address a tailored political advertisement only to a specific person or group of persons or to increase the circulation, reach or visibility of a political advertisement’.

 

Targeting or amplification techniques that rely on the processing of special categories of personal data (with Article 9(1) GDPR) are (with limited exceptions) prohibited (Art 12(1)). For other types of targeting or amplification techniques additional requirements are introduced (Article 12(3)):

 

  • the adoption of an internal policy
  • the keeping of records on use, mechanisms used, techniques and parameters used and the source of the personal data used
  • provision of information to allow the individual to understand the logic involved and the main parameters concerns (as detailed in Annex II).

 

Chapter IV deals with supervision and enforcement. Article 14 requires service providers that do not have an establishment in the EU (but which are caught by the regulation) to appoint a legal representative. Member States are required to introduce effective yet proportionate fines - though what this means is left up to the individual Member States.

 

The regulation envisages that existing supervisory authorities shall have responsibility for supervision of the obligations, with responsibility being split between the data protection supervisory authorities under the GDPR and the authorities to be designated under the DSA. There are some provisions for coordination. This is, however, potentially a weak point unless the different supervisory authorities find a way to work together.

 

Some initial points to note. Once again, the Commission is opting for a Regulation, seeking to reduce fragmentation among Member States. The explanatory memorandum – in justifying the choice of Article 114 TFEU (concerning internal market regulation) as legal base – highlights the fact that the fragmentation is not just between approaches between Member States but also between technologies and types of actor. The scope of the regulation is thus broad both as regard to the definition of political advertising’s content but also the application to its creation and distribution.

 

The definition of advertising is worthy of some attention. Note that, unlike the definition of advertising elsewhere which links to the intention to sell goods or services, they keys factors are who is speaking – a political actor - or what the likely impact is on an election. Note – these are alternatives, not cumulative conditions. In this it is very different from the sort of definitions urged by the European Association of Communications Agencies, which referred to an American definition from the “Self-Regulatory Principles  of Transparency &  Accountability to Political Advertising” of the US-based Digital Advertising Alliance (DAA) which defines political advertising as: “… paid-for communications that unmistakably urge the election or defeat of one or more clearly identified candidate(s) for a federal or statewide election” (emphasis added).

 

The definition of political actors includes not just those who might come to mind on a common sense approach to the matter (see Art 2(4)(a)-(f)) but also ‘a political campaign organisation...established to achieve a specific outcome in an election or referendum’ ((g)) and ‘any natural or legal person representing or acting on behalf of an of the persons or organisations in points (a) to (g)’. There are, of course, questions about how we understand when someone acts on behalf on a political actor.  Note also that political actors may speak about other topics, but that speech is excluded only when they speak purely in a private capacity or purely for commercial purposes. 

 

The second category seems to be intended to tackle issue-based ads. It could include organic content.  While the definition of a political advertising service might imply service for remuneration (see recital 29), the definition of the type of content contained in political advertising itself does not include any element of remuneration.  Having said that, the transparency obligations only apply to ‘political advertising service’, and while that might include those which create content they seem only to come within the scope of that definition if there is remuneration.

 

Google notes in its response that this may be very broad; and also flags the possibility of different services taking different approaches to who is in scope and how they determine the answer to this question (and whether this is done automatically or by human supervision).  There are certainly resource questions here which are not dealt with by the proposal.

 

The definition of ‘political advertising service’ is broad and makes clear that obligations arise across the distribution chain.  This ‘pass through’ element is recognised in the obligations imposed as part of the transparency obligations. For example, Article 6(3) obliges providers of political advertising services to give political advertising publishers the information necessary to carry out their obligations (see conversely Art 7(3)).  This implies that the imposition of contractual obligations along the value chain will form part of this regime, but how those further down the value chain are in a position to verify what they are told is accurate or not is another question entirely. This might be particularly problematic where the content producer lies outwith the EU, especially where that advertising service provider makes no attempt at compliance; what are “reasonable efforts” in these circumstances?  In terms of these obligations, it is clear that the publisher – as the end point to the audience – fulfils a particular role and has specific obligations as a result to ensure that the labelling happens and that there is a mechanism for complaints. Further, the publisher needs to ensure that the labelling stays attached, so that when that content is shared by third parties, it is still apparent that it is an ad.

 

At this point it is worth noting that while these obligations seem to fit the online information sharing environment, the definition of ‘political advertising publisher’ is not limited to VLOPs within the DSA – or even to online platforms. The definition (Art 2(11)) is as follows:

 

‘a natural or legal person that broadcasts, makes available through an interface or otherwise brings to the public domain political advertising through any medium’.

 

Presumably this includes the traditional media (and bill boards).

 

While the proposal envisages that – as part of the transparency obligations – services providers should provide links to ad repositories, this only applies where relevant. This link back to the Digital Services Act which, as drafted, only imposed ad repository obligations on very large online platforms (VLOPs). Some therefore feel that this is a missed opportunity to mandate ad libraries generally, especially given the high threshold for VLOPs. Note the new proposal strengthen the rules in the DSA as regards political ads by making the period of retention 5 years, not 1 year. Beyond this we might question how effective transparency labels might be – especially given the history of bad behaviour by at least some actors in this industry. It remains unclear what – or how – the oversight regime for this would work so get an overall picture of what is going on. If part of the problem is that by targeting political actors can send different and potentially inconsistent messages to different groups of people, then telling a recipient that he or she has received an ad doesn’t necessarily solve that problem. It assumes that the user will go to the ad library and do a compare and contrast exercise, which is unlikely. It also overlooks those services which are not required to have an ad library. Further, it is not clear whether these obligations will operate in real-time. A number of actors -including ERGA (the European Regulators' Group for Audiovisual media) – have proposed the requirement for real-time, comprehensive ad libraries for political ads.

 

The proposal on not using certain data for political advertising is weak. This is partly because compliance with data protection and digital services is not good in general (as the range of challenges coming through the system demonstrates), but also because of the exceptions based on the GDPR provisions. Specifically, targeting could be allowed in the context of legitimate activities of foundations, associations or not-for-profit bodies with a political, philosophical, religious or trade union aim, when it targets their own members.  There are questions here about the scope of this exception, which might also arise in the context of the GDPR but is particularly salient here. While, on the one hand these seems reasonable (subject to how they are interpreted- as ever), Recital 47 of the proposed regulation suggests that “[a]dditional restrictions compared to Regulation (EU) 2016/679 [GDPR] and Regulation (EU) 2018/1725 [on EU bodies and data protection] should be provided” – yet it seems that there are no such additional restrictions. A stronger option would have been to prohibit the use of certain sorts of data absolutely (even when it is inferred) or to prohibit profiling at all.  The European Data Protection Board (EDPB) proposed ‘a phase-out leading to a prohibition of targeted advertising on the basis of pervasive tracking’, and that in relation to ads more generally.  Note also that transparency may work for the initial choice of the ad sponsors, but may be much more problematic when we consider amplification by platforms – tools which are notoriously opaque but very impactful. This increases the importance of controls on use of data.

 

While the proposal is a start, there are clearly questions and gaps. Nonetheless, as the European Broadcasting Union (EBU) notes, this is an opportunity to improve the political advertising environment, especially the online context which currently seems to fall outside existing regimes.  The imposition of similar rules to elections across Member States will presumably be a relief to cross-border service providers. Given the lobbying around the DSA (and DMA, ie the Digital Markets Act), we can expect to see lobbying here, and some of the questions that have been the subject of intense debate – notably the proposed ban on behavioural advertising – may well be the subject of yet further discussion.

 

Photo credit: GilPe, via Wikimedia commons

Wednesday, 24 November 2021

Data Retention: AG opinions on the latest CJEU cases on national laws




 

Lorna Woods, Professor of Internet Law, University of Essex

 

Introduction

 

Advocate General Campos Sanchez-Bordana has handed down his opinions in three more cases (SpaceNet and Telekom Deutschland (Joined Cases C-793/19 and C-794/19), GD v Commissioner of the Garda Síochána (Case C-140/20) and VD and SR (Joined Cases C-339/20 and C-397/20)) which concern the retention of communications data, and constitute the latest instalment of a saga that started – ineffectually as far as rights-based arguments are concerned – in the unsuccessful Irish challenge to the Treaty base chosen for the Data Retention Directive (Directive 2006/24/EC) (Ireland v European Parliament and Council (Case C-301/06)). 

 

The Data Retention Directive, which provided for communications data retention, effectively within the scope of the exceptions found in Article 15 of the e-Privacy Directive (Directive 2002/58/EC) to the principle of communications confidentiality, was struck down in Digital Rights Ireland (Joined Cases C-293/12 and C-594/12) (discussed here).  Building on the principles there, a series of cases developed the constraints on what was permitted by Article 15 e-Privacy Directive, notably: Tele2 Sverige and Watson (Joined cases C-203/15 and C-698/15) (discussed here and here), La Quadrature du Net and Others (Joined cases C-511/18, C-512/18 and C-520/18) and Privacy International (Case C-623/17) (discussed here). Points of detail have been added in Ministerio Fiscal (Case C-207/16) (discussed here) and HK v Prokuratuur (Case C-746/18).  The principles underpin the data transfer cases: Schrems I and Schrems II. As well as recommending that the Court continue with its approach, maintaining the gap between it and the European Court of Human Rights, the Opinion of the Advocate General indicated a certain irritation with the national courts unwilling to apply clear principles and necessitating more Grand Chamber rulings on this topic.  In other words, not much is new here, but rather a re-iteration of the principles and distinctions on which this juriprudence has been built.

 

The Cases

 

SpaceNet and Telekom Deutschland concern the German legislation requiring internet service providers to retain communications data. Reflecting to some degree the concerns highlighted in the CJEU’s previous jurisprudence, the German law had excluded the communications data of certain help lines from the regime, the data collected was retained for a comparatively short period, and there were safeguards against misuse of the retained data. SpaceNet and Telekom Deutschland had each challenged this law on the basis of the CJEU’s jurisprudence.

 

GD v Commissioner of the Garda Síochána arises from a murder case, the prosecution of which was based on communications data retained and accessed via legislation that provided for mass retention of data. The defendant challenged the admissibility of this data arguing it was contrary to EU law requirements.

 

Joined cases VD and SR also concern criminal prosecution for financial offences, based on communications data. This time the data retention was based on national law implementing Directive 2003/6/EC, as well as Regulation 596/2014, rather than concerning the e-Privacy Directive. These rules allowed access to existing communications data held by telecommunications operators. The reference raised the question of these rules’ compliance with the fundamental rights of Article 7 and 8 EU Charter, as interpreted by the case law on the e-Privacy Directive.

 

In each case, the Advocate General suggested that the Court hold that the national laws were incompatible with Charter rights, re-iterating that the relevant provisions

‘must be interpreted as precluding national legislation which obliges providers of publicly available electronic communications services to retain traffic and location data of end users of those services on a precautionary, general and indiscriminate basis for purposes other than that of safeguarding national security in the face of a serious threat that is shown to be genuine and present or foreseeable’ (Spacenet, para 84)

 

In all three opinions, he re-stated the conditions found in La Quadrature du Net, para 128. This principle was specifically applied to investigations into insider dealing or market abuse (ie not national security) in VD and SR (para 97). In GD it added that access to such data legitimately retained must be subject to prior independent authorisation, and that the temporal effect of the ruling could not be limited (so that the ruling had prospective effect only) (GD, para 82 – see to similar effect VD and SR, para 97). The Advocate General also noted that there was a distinction between the approach of the CJEU and the European Court of Human Rights, but that the jurisprudence of that Court provided a base level and the requirements of the Charter could be higher than those of the Convention.

 

Comment

 

The jurisprudence has built on a series of, generally binary, distinctions, the most basic of which is that between EU and national competence, given that Article 4(2) TEU requires the EU to respect Member States’ essential state functions, including maintaining law and order. It specifically states:

 

“national security remains the sole responsibility of each Member State”.

 

Many Member States use data retention and the analysis of data as part of their fight against terrorism and in support of national security. On this basis it has been argued that national laws providing for such schemes fall outside the competence of the EU, and in SpaceNet a number of governments intervened to make the same argument again.  This argument in the words of the Advocate General has been “emphatically rejected” (SpaceNet, para 32), citing La Quadrature du Net, though this position is more clearly seen in Privacy International and had already been established in Tele2 Sverige and Watson (and could be seen as implicit in the distinctions employed in Ireland v European Parliament and Council). While Article 4 TEU does exclude national security from the scope of EU law, it is to be narrowly understood - applicable to the activities of intelligence agencies for the purposes of safeguarding national security. This seems to be a well-established principle and unlikely to be disturbed now, no matter the representations of the Member States.

 

Another longstanding distinction made in the case law is between content of communications and communications data (meta data), including traffic data (which seemingly also includes the subscriber name and the IMEI address of the mobile device according to Ministerio Fiscal, paras 40-42) and location data.  Mass acquisition of the content of communications goes to the essence of the right and cannot be justified. The Court has accepted that the acquisition of communications data in principle could be justified, as can be seen in Tele2 Sverge and Watson, Privacy International and La Quadrature du Net, suggesting that the intrusion cause by mass acquisition of communications data is less intrusive than knowledge of content. Whether – given the harm attributed to this collection: the possibility of creating detailed profiles on individuals – this is wholly true is debatable.  Note, however, that the Court has accepted that some sorts of data may be seen as less sensitive – notably identity and IP addresses in the context of criminal investigations.


 

The Court suggested in Ministerio Fiscal that the intrusion was less (perhaps to enable itself to justify taking a different approach from Tele2 Sverige and Watson), though it was unclear as to whether this was to do with the type of data in issue or because of the limited amount of data involved (and its severability from other data). In its ruling, the Court confirmed that access to retained data which reveals the date, time, duration and recipients of the communications, or the locations where the communications took place, must be regarded as a serious interference since that data allows precise conclusions to be drawn about the private lives of the persons concerned (para 60), suggesting it is what you can do with the data that is important rather than the amount of data.  The Court has suggested in other contexts that certain types of data are less important: see the data involved in PNR cases (Opinion 1/15, especially para 151, discussed here). In the current opinions, the Advocate General reiterated the position in La Quadrature du Net as regards IP addresses and identity (Spacenet, paras 81-82; VD and SR, para 80) but did not elaborate further.  The question about small sets of eg location data remains open. 

 

This possibility of profiling and its impact on users has led the Court to develop stringent conditions for the collection of data which are based on two interlinking sets of distinctions: that between general and targeted measures, and between national security and the fight against crime (with a sub-division between serious and other sorts of crime).  For all three cases, the Advocate General re-iterated the general principles established by the case law to date- though it is worth noting that he relied for preference on La Quadrature du Net (as a judgment which synthesised or summarised preceding case law), rather than other landmark cases – notably Tele2 Sverige and Watson – perhaps because (in the eyes of some) La Quadrature du Net allowed some State measures that would not seem on first glance to fall within Tele 2 Sverige and Watson – and which the Advocate General described as “supplementary qualifications” (GD, para 4). So, “general and indiscriminate retention of traffic and location data can be justified only by the objective of safeguarding national security”, which is distinct and more serious or important than the other objectives listed in Article 15 e-Privacy Directive (GD, para 36, Spacenet, para 37, VD and SR, para 75, each citing La Quadrature du Net). In sum, provided all the other conditions are satisfied, national security threats justify indiscriminate data retention, whereas serious crimes only suffice to legitimise targeted data retention.

 

Of course, this begs the question of what falls within national security for the purposes of Article 15 and what constitutes serious crime. According to Ministero Fiscal, the boundary between crime and serious crime falls to be determined by the Member States. While respecting national procedural autonomy, this might be open to manipulation or interpreted broadly (as the special, expansive definition of serious crime in the Investigatory Powers Act – when the UK was still a member of the EU – suggests). The Court in La Quadrature du Net suggested that national security

 

“encompasses the prevention and  punishment of activities capable of seriously destabilizing the fundamental constitutional, political, economic or social structures of a country and, in particular, of directly threatening society, the population or the State itself” (para 135). 

 

In VD and SR the Advocate General emphasised that the two types of measures – those aimed at safeguarding national security and those which are aimed at combatting crime – cannot have the same scope as otherwise the distinctions in La Quadrature du Net (with regard to the possibility of indiscriminate surveillance) would have no purpose and the fundamental rights protections would likely be undermined – and this is true no matter how serious the crime (VD and SR, paras 83-86).

 

As regards targeting, the Court has suggested that this need not be at the level of the individual but could relate to localities or to groups – suggestions which may raise all manner of social, political as well as technical questions (and see here, Interpol’s distinctions). As the Advocate General pointed out, it is not the responsibility of the CJEU to draft compliant regimes; this is the responsibility of the Member States.

 

La Quadrature du Net imposed conditions on national security and generalised surveillance, as well as on targeted surveillance for serious crime. In Privacy International, the CJEU restated its position that national legislation must develop objective criteria for both the acquisition of a particular dataset from a service provider and its actual use by the relevant authorities (see paras 78-81). Moreover, it seems that these conditions apply not just to traffic and location data, but also provisions regarding the preventive retention of IP addresses, subscriber information and other measures aimed at combatting serious crime. But, there are questions about the extent to which various sorts of safeguards may compensate for other weaknesses in the system (and this same question can be seen in respect of the European Court of Human Right’s jurisprudence where it blends lawfulness with safeguards and safeguards with proportionality, effectively reducing the scrutiny over acquisition in favour of control over use – an approach which does not deal with the chilling effect of Government access to and storage of data). The Advocate General here rejects this blurring of safeguards over access with control over acquisition and retention:

 

“for the Court, ‘the retention of traffic and location data constitutes, in itself … an interference with the fundamental rights to respect for private life and the protection of personal data’. In this regard ‘access to such data is a separate interference’ with those fundamental fights, irrespective of the subsequent use made of it.

 

For the present purposes it is therefore irrelevant that the data protection arrangements for retained data provided for in the German legislation (a) provide effective safeguards to protect those data; (b) place rigorous and effective limits on access conditions, restricting the circle of people who can access the data; and (c) allow the retained data to be used solely for the purposes of investigating serious offences and preventing specific risks to life or a person’s freedom or to the security of the state.

 

The truly decisive element is that, … , the retention obligation at issue is not in itself subject to any specific conditions.” (paras 74-76)

 

Limited retention periods constitute another such safeguard; as the German Government argued in Spacenet, it means that less detailed profiles might be drawn – and in this seems similar to the approach of the Advocate General in HK v Prokuratuur (para 82). While the Court agreed that the period of data retention was a relevant factor in determining the severity of the intrusion, however, it took the view that traffic and location data are generally sensitive because they allow for far-reaching conclusions about private life and that therefore should only be permitted in relation to serious crime (and presumably the protection of national security).  The Advocate General noted in Spacenet that a limited retention period cannot justify a general retention requirement (in relation to crime) (para 66). Moreover, the time period must be considered alongside the quantity of data retained and the techniques available for analysis (Spacenet, para 70).

 

While acquisition, storage and access of data constitute different infringements (and real-time access may give rise to different levels of intrusion from analysis of historic data), there are questions about the links between them. If retention may be justified only for serious crime, presumably access is likewise limited (the Court did not discuss this point in Ministerio Fiscal). This link was discussed in VD and SR. The legislation permitted access to existing records, but did not provide a basis for storage in the first instance. While the French Government argued that the market manipulation legislation implicitly allowed for data retention, the Advocate General argued that these existing records “can only be ‘lawfully existing records’, that is to say those compiled in accordance with Directive 2002/58” (VD and SR, para 62, emphasis in original).

This makes clear that matters pertaining to communications confidentiality are not easily to be displaced. In any event, even if such ‘implicit authorisation’ were to be accepted, “such retention would be subject to the same conditions as would necessarily apply if it were based on any other EU legislative provision”. That is, all EU legislation must comply with the requirements of the EU Charter and the Court’s interpretation of the requirements of Article 7 and 8, arising in the context of the e-Privacy Directive, do not apply to Article 7 and 8 only in the context of that directive but more generally. This recognition is important given the increasing acquisition of data by the private sector and its sharing with the public sector with the aim of delivery of public services of all kinds. For this reason, the requirement of approval of access requests by an independent body (seen also in GD in the context of the e-Privacy Directive) also arose in relation to the insider dealing and market manipulation legislation (para 95).  We might see in this the beginnings of a general approach to constraining state surveillance activities; it will be interesting to see the extent to which the Court pulls through concerns about profiling from this group of cases through to, for example, PNR.  There is a new reference pending challenging the broad nature of PNR data collected in Directive 2016/681/EU (Ligue des droits humans (Case C-817/19) – the hearing for this case is discussed here). The next question is where the boundary is between concerns about profiling in the context of national security and combatting crime, and profiling to support data-driven public service delivery more generally. This distinction does not yet seem to have been considered.

 

Barnard & Peers: chapter 9

JHA4: chapter II:7

Photo credit: EFF-Graphics, via Wikicommons

Wednesday, 17 November 2021

The CJEU Gets Brexit Done: New Judgment on Extradition from Ireland to the UK after Brexit

 



 

Professor Steve Peers, University of Essex

 

The CJEU this week delivered its first judgment on the impact of Brexit (as far as the EU side is concerned) since the UK has left the EU – swiftly following last week’s Advocate General’s opinion (which I discussed here; I’ve adapted some of that blog post in this one) in response to fast tracked questions referred from the Irish Supreme Court (on appeal from the Irish High Court’s judgment).

 

Background

The Court’s judgment concerns extradition from Ireland to the UK under both the withdrawal agreement and the EU/UK Trade and Cooperation Agreement (TCA). The former treaty provides that the internal EU legal framework for simplified extradition – the European Arrest Warrant (EAW) law – still applied between the UK and EU during the transition period set out in that agreement, which lasted from 1 February 2020 to the end of that year. (As an exception, three Member States refused to hand over their own citizens, but Ireland was not one of them). 

After that point, the separation provisions of the withdrawal agreement applied: the EAW law still applies if a fugitive was arrested on the basis of that law before the end of the transition period. If the EAW was issued before that date, but the fugitive was not arrested in time on the basis of the EAW law, the subsequent TCA provides that its extradition rules – which are similar, but not identical, to the EAW law – apply. (The TCA rules also apply to extradition requests first sent after the transition period ended, and the judgment in this case is also relevant by analogy to those requests too).  

The case is about two fugitives arrested in Ireland on the basis of British EAWs, who challenged their extradition to the UK. Both EAWs were issued during the transition period, but one EAW led to an arrest before the end of that period, hence the separation provisions kicked in, and the EAW law applies fully to the case. In the other case, the arrest took place after the end of this period, and so the TCA rules apply. The fugitive in the former case was already convicted and sentenced to eight years in prison, whereas the fugitive in the latter case was subject to a pending prosecution for fourteen alleged criminal offences.

Both two fugitives argued that they could not be subject to these rules in the two treaties, because even though Ireland agreed to both treaties in the EU Council, that country did not exercise a formal opt in as set out in the Justice and Home Affairs protocol relating to Ireland (and previously also applying to the UK) attached to the EU Treaties. If they had been successful, their challenge would have complicated not only extradition but other forms of criminal law cooperation between Ireland and the UK set out in the withdrawal agreement and TCA, in both directions (ie Irish requests to the UK too). It could also have impacted on criminal law cooperation between the UK and Denmark, which has a similar (but not identical) opt in protocol. (Criminal law cooperation would not entirely have ended, however, because there are other international treaties that would have applied as a default, although they do not simplify cooperation as much as the treaties with the EU do).


Judgment of the Court

The judgment first examines the scope of Article 50 TEU, noting that it has the twin objectives of ‘first, enshrining the sovereign right of a Member State to withdraw from the European Union and, secondly, establishing a procedure to enable such a withdrawal to take place in an orderly fashion’ (referring to the Wightman judgment, discussed here). The Court continued:

50      It is in order to be able to attain that objective effectively that Article 50(2) TEU confers on the European Union alone competence to negotiate and conclude an agreement laying down the detailed rules for withdrawal, since that agreement is intended to regulate, in all the areas covered by the Treaties, all questions relating to the separation between the European Union and the State withdrawing from it.

51      It was therefore pursuant to that competence that the European Union was able to negotiate and conclude the Withdrawal Agreement, which provides, inter alia, in relations with the United Kingdom, for the continued application of a significant part of the EU acquis, in order to reduce uncertainty and, to the extent possible, minimise disruption caused by the fact that, on the date of withdrawal, the Treaties cease to apply to the departing State, as is apparent from point 4 of the guidelines adopted by the European Council at its special meeting of 29 April 2017 following the United Kingdom’s notification under Article 50 TEU.

The Court also noted that there may be a contradiction between the procedure for the EU Council to conclude an international treaty in other circumstances – which may entail a unanimous vote – and a withdrawal agreement, where Article 50 TEU provides for a qualified majority vote. In the Court’s view, it followed that:

54      Since the withdrawal agreement is intended to cover all of the fields and issues referred to in paragraph 50 above, and since it is not possible to add to Article 50(2) TEU legal bases laying down procedures which are incompatible with the procedure laid down in paragraphs 2 and 4 of that article (see, to that effect, judgment of 2 September 2021, Commission v Council (Agreement with Armenia), C‑180/20, EU:C:2021:658, paragraph 34 and the case-law cited), it must be concluded that only Article 50 TEU, as an autonomous legal basis independent of any other legal basis set out in the treaties, can ensure that all of the fields falling within the scope of those treaties are treated consistently in the Withdrawal Agreement, thus enabling the withdrawal to take place in an orderly manner.

Furthermore, there would be ‘uncertainty’ because Ireland, having agreed to participate in the EAW system with the UK, ‘would be treated as if it had never participated in it’. This outcome ‘would be difficult to reconcile with the objective of reducing uncertainty and limiting disruption so as to enable an orderly withdrawal’.

As for the TCA, which was concluded on the basis of Article 217 TFEU (the power for the EU to conclude association agreements), the Court recalled its case law that Article 217 ‘empowers the European Union to guarantee commitments towards third countries in all the fields covered by the TFEU’. It followed that:

58      Agreements concluded on the basis of that provision may therefore contain rules concerning all the fields falling within the competence of the European Union. Given that, under Article 4(2)(j) TFEU, the European Union has shared competence as regards Title V of Part Three of the TFEU [ie EU competence as regards justice and home affairs], measures falling within that area of competence may be included in an association agreement based on Article 217 TFEU, such as the TCA.

Did the inclusion of extradition issues within the TCA require an additional legal basis relating to criminal law cooperation, besides that of an association agreement? While the case law states that the competence over association agreements can be used ‘only on condition that that measure relates to a specific area of EU competence and is also founded on the legal basis corresponding to that area’, that case law ‘concerned not the conclusion of an association agreement but the adoption of a decision on the position to be taken, on behalf of the European Union, within a body set up by such an agreement’; in such circumstances, where a decision could be adopted ‘by qualified majority without the participation of the European Parliament… the addition of a specific legal basis was necessary in order to ensure that any more stringent procedural requirements specific to the area concerned would not be circumvented’. This is distinct from an association agreement as such:

62      By contrast, since the conclusion of an agreement such as the TCA does not relate to a single specific area of action but, on the contrary, a wide range of areas of EU competence with a view to achieving an Association between the European Union and a third State, and the conclusion of such an agreement requires, in any event – in accordance with point (a)(i) of the second subparagraph of Article 218(6) TFEU and the first sentence of the second subparagraph of Article 218(8) TFEU – a unanimous vote and the consent of the European Parliament, there is no risk, as regards the conclusion of such an agreement, of more stringent procedural requirements being circumvented.

Nor did the prior case law on using multiple legal bases where a measure pursues multiple objectives apply, in the Court’s view. The Court recalled its case law taking a broad view of the scope of the EU’s development policy powers, and extended that approach to cover association agreements:

65      Those considerations also apply mutatis mutandis to association agreements whose objectives are designed in a broad manner, in the sense that the measures required in order to pursue those objectives concern a wide range of areas of EU competence.

66      That is precisely the case with regard to the TCA, since, as the Council submitted in its observations, in order to ensure an appropriate balance of rights and obligations between the parties to the agreement and to secure the unity of the 27 Member States, that agreement had to have a sufficiently wide scope.

67      Accordingly, in view of the wide scope of the TCA, the context of its adoption and the unequivocal declarations made by all the institutions and Member States involved throughout the negotiations on the withdrawal of the United Kingdom from the European Union, the inclusion in that agreement, alongside rules and measures falling within many other areas of EU law, of provisions falling within Title V of Part Three of the TFEU forms part of the general objective of that agreement, which is to establish the basis for a broad relationship between the Parties, within an area of prosperity and good neighbourliness characterised by close and peaceful relations based on cooperation, respectful of the Parties’ autonomy and sovereignty.

68      The surrender mechanism established by the TCA contributes to the pursuit of that objective, the Parties having indicated, in recital 23 thereof, that their cooperation relating to, inter alia, the investigation, detection and prosecution of criminal offences and the execution of criminal penalties would enable the security of the United Kingdom and the European Union to be strengthened. It follows that the TCA cannot be regarded as pursuing a number of objectives or as having several components, within the meaning of the case-law referred to in paragraph 63 above.

 

Comments

First of all, the Court’s approach to the scope of Article 50 is a logical application of its prior ruling that the purpose of Article 50 is partly to provide for an ‘orderly withdrawal’, as the Treaties cease to apply to the withdrawing State (note that the cessation of the Treaties to that country is not just an assertion in European Council guidelines, as the Court seems to imply, but is set out in Article 50 itself). This logically entails that the withdrawal agreement has a broad scope, covering ‘all the areas covered by the Treaties’ – because the withdrawal may raise issues as regards ending membership in any of those areas. The judgment implicitly confirms competence to conclude the transition period (‘the continued application of a significant part of the EU acquis’), also referring to ‘all questions relating to the separation’, in the context of ‘reduc[ing] uncertainty and, to the extent possible, minimis[ing] disruption’ (emphasis added). 

Although there is no reference to the potentially permanent system set up by the Northern Ireland protocol – which goes beyond purely transitional or ‘winding up’ rules – the Court’s judgment does point toward that direction, notably the reference to applying some EU law and to ‘all questions’ concerning withdrawal.

Secondly, as for association agreements such as the TCA, the judgment builds upon prior case law, and reflects the requirement for unanimity of Member States in the Council to conclude them – which is an even stronger guarantee for Member States than as regards development policy treaties (which can be concluded by a qualified majority in the Council). It appears, however, that the specific provisions in an association agreement should be linked to the objective of that particular agreement – although note that the Court’s description of the broad general objective of the TCA is not a frolic by the judges, but comes from the purpose of the treaty as agreed by the parties (see Article 1 of the TCA), which was quoted earlier in the judgment.

Finally, it is notable that while the Court confirms that the withdrawal agreement had to be concluded by the EU without participation of the Member States (para 50: ‘Article 50(2) TEU confers on the European Union alone competence to…’ – emphasis added), the Court does not comment on the fact that – unusually for association agreements – the TCA was also concluded by the EU without the Member States also becoming parties alongside it. However, the overall tenor of the judgment seems favourable to the EU only being a party to this agreement too (see the Council legal service opinion on this point). Given the Court’s explicit reference to the shared competence of the EU over justice and home affairs, it might reasonably be inferred from this judgment that, as the Council legal service argued, the EU alone may conclude association agreements when they include provisions on shared competence – or the Council may instead to conclude them alongside the Member States in such cases. 

Of course, the EU and the UK continue to argue about the interpretation, application and revision of the Northern Ireland protocol to the withdrawal agreement. Nevertheless, the Court’s firm conclusion that the EU had extensive powers to conclude the two key treaties relating to Brexit should address most or all complications that some had argued limited the powers of the EU to conclude those treaties. In that sense, at least as far as the EU is concerned, the Court of Justice has Got Brexit Done.

 

 

Barnard & Peers: chapter 26

JHA4: chapter II:2, chapter II:3

Photo credit: Jimmy Harris, via Wikimedia commons