Thursday 23 October 2014

"Lay all your hate on me"

Steve Peers 

As a response to 'UKIP Calypso', here's my lyrics to 'Lay all your hate on me'. I won't be singing it myself (believe me, you don't want that), but surely it's enough to bring Abba out of retirement?  

I wasn't racist before we met
Now every migrant I see is a potential threat
And I'm a bigot, it isn't nice
You've heard me saying that smoking was my only vice
But now it isn't true
Now I hate the whole EU
And all I've learned has overturned
I beg of you...
Don't go wasting your racism
Lay all your hate on me

It was like training a lazy slut
To clean behind the fridge and get off off her feminist butt
I still don't know what you've done with me
A British voter should never fall so easily
I feel a lot of fear
When Nigel bends my ear
I’m terrified, there’s gays outside
I beg you dear...

Don't go wasting your racism
Lay all your hate on me
Don't go sharing your sexism
Lay all your hate on me

I voted Tory in the past
Finally they’re copying UKIP at long last
I used to think the EU was sensible
It makes the truth even more incomprehensible
It’s all the fault of the EU
And Romanians frighten you
And all I've learned has overturned
What can I do...

Don't go wasting homophobia
Lay all your hate on me
Don't go sharing your racism
Lay all your hate on me

All smoke and no fire in the EU strategy towards the eradication of trafficking in human beings


Dr Matilde Ventrella, Senior Lecturer in Law, University of Wolverhampton (UK)

 1.       Introduction
On October 17th, the European Commission published the mid-term Report on the implementation of the EU strategy towards the eradication of trafficking in human beings (THB) and a Communication on the application of Directive 2004/81 on the residence permit issued to third country nationals who are victims of human trafficking or the subject of an action to facilitate illegal immigration and who cooperate with competent authorities.  In this analysis, I will first examine the mid-term report, I will then examine the Communication on the application of Directive 2004/81 and I will draw my final considerations.

2.       The mid-term report on the implementation of the EU strategy towards the eradication of trafficking in human beings

The Report focuses on the policies and laws that the EU is implementing and on the progress made from 2012 to the third quarter of 2014. 
The Commission’s report states that the first step to take in order to address THB is implementing Directive 2011/36/EU on the criminal law aspects of the issue. This Directive, for the first time, recognises THB as a gender specific phenomenon and that women and men are often victimised for different purposes (paragraph 3).  The Directive requires Member States to investigate and prosecute perpetrators (Article 9) and to give adequate protection to victims.   The mid-term Report emphasises that 25 Member States have communicated the transposition of the Directive in full and it states that Member States shall take full responsibility to eradicate this serious criminal activity.  Their priority should be identifying victims and giving them adequate protection.  The Commission has clearly explained how victims should be identified by publishing the “Guidelines for the Identification of Victims of THB”.  The Guidelines stated that the early identification of victims is crucial as it enables investigative and police authorities to better investigate THB and prosecute the perpetrators.  For this purpose, consular services and border guards should offer regular training to their officers to enable them to identify victims and potential victims.  The Guidelines also stressed that consular services and border guards should consider cooperation agreements to facilitate the identification of victims.  The Guidelines emphasised that cooperation should be developed with organisations such as Non-Governmental Organisations and special attention should be given to child victims of THB. 

Also, the mid-term Report explained that adequate protection to victims could be given by demand reduction and awareness-raising programmes.  Particular attention should be focused on combating violence against women and gender inequalities as these are root causes of THB.  The Commission has launched a study on the gender dimension of THB which should be published in the second half of 2015.
Since THB is a serious form of organised crime, the Commission called for cooperation and partnership between EU Member States.  The Commission encouraged ‘Member States’ operation in the field of internal security’, the support from Europol to Member States’ action and the adoption of ‘annual operational action plans on each priority area identified by the Council’.  The Council has identified THB as one of the priority of the EU Serious and Organised Crime Policy Cycle.

The report also pays particular attention to civil society.  In the Commission’s view, it is essential to involve civil society and for this purpose, it launched in 2013 the EU Civil Society Platform against THB in Member States and selected non-EU countries.  The Civil Society Partnership meets every 2 years, bringing together over 100 civil society organisations specialised in THB in Member States and four non Member States (Albania, Morocco, Turkey and Ukraine). 
Finally, the Commission called for more cooperation between EU Member States and non-European countries in order to identify all forms of THB.  The Commission referred to an action oriented paper (AOP) adopted by the Council in 2009.  The AOP emphasised the importance of dialogue with third countries to fight against THB and it supported ‘international effort in this field advocating at various UN fora the prevention of THB, THB victim protection and assistance’... ‘international cooperation and coordination on THB’.  The AOP also highlighted that EU agencies such as Eurojust, Europol, Frontex and FRA should be consulted when the EU takes action to cooperate with non-EU countries to fight against THB.  

The Justice and Home Affairs (JHA) agencies (CEPOL, Eurojust, Europol, the European Asylum Support office (EASO), the European Institute for Gender Equality (EIGE), FRA and Frontex) have annexed to the Commission mid-term Report, a joint action report carried out in between October 2012 and September 2014.  The Annex stated that these agencies should work together ‘in a more coherent and comprehensive manner, taking synergies and avoiding duplication of effort’.  However, the Annex did not explain clearly how they have to undertake their tasks.  The Report explained that JHA agencies shall have the aim of dismantling criminal groups in cooperation but there is not any concrete proposal.  In other terms, the Annex simply explained that all the JHA agencies have done, was organising meetings, trainings and conferences but no concrete actions against criminal organisations have been undertaken.
 JHA agencies were established for different purposes.  Consequently, I believe their tasks should be clearly differentiated.   Example: the European Asylum Support office (EASO) should not have the same tasks as Europol because the EASO was set up to improve the implementation of a Common European Asylum System, whilst Europol was established to support Member States’ investigation of cross-border crime.  The Annex did not explain how these agencies should fulfil their objectives and how they should ensure coordination while avoiding overlapping.    I believe that the JHA agencies should have pushed for reforms.  The Annex should have explained whether it is desirable to reform Europol’s scope, in order to strengthen cooperation with non European countries as THB is a cross-border crime committed in the EU and outside the EU.  It has been reported that migrants smuggled by sea are exposed to THB during their trips and when they reach their countries of destination.  This is because they cannot repay the price of their journey.  Therefore, they are threatened by their smugglers and eventually they become victims of THB (see reports by the UN, the IOM and the Global Initiative).  Furthermore, recent research undertaken by Italian journalists has found out that people smuggled by sea are often victims of traffic of organs since, when they cannot repay the price for their journey, they are left with no choice than selling their kidneys and corneas to smugglers.  What role should JHA agencies play in detecting these dangerous criminals within and outside the EU?  The Commission’s mid-term Report and the JHA agencies’ Annex, are full of good intentions and fine words but they are inconclusive, as there are no concrete proposals.
The extent of THB remains unknown, in particular the number of victims of smuggling who eventually become victims of THB and traffic of organs.  However, the Commission mid-term report published, for the first time, statistical data on victims and traffickers for the years 2010 to 2012.  These data are based on the Statistical Working Paper published by Eurostat.  The working paper provided data based on the total of victims or ‘presumed victims’ identified by the Member States.  Presumed victims are those people who have met the criteria to be identified as victims on the basis of Directive 2011/36/EU but who have not been formally identified by relevant authorities or who have refused to be identified as such.  According to the data, it is estimated that over the years 2010-2012, 30.146 victims or presumed victims were registered in the 28 Member States.  80% of registered victims were female, 45% of victims were of the age of 25 or older, 36% of registered victims were aged 18-24 years old, 17% of victims were in between 12-17 years old and 2% of all victims accounted children aged 0-11 years old.  However, THB concerning EU citizens prevails in the statistics and only victims from five non EU countries were identified (Nigeria, China, Brazil, Russia and Algeria).  Victims who are hiding within Member States or who have been smuggled by sea and eventually have become victims of THB, have not been identified.  The number of these people remains unknown.  The Commission’s report stated that it is a priority to identify victims but only by reinforcing investigations within the EU and outside the EU, victims can be seriously identified.  Understanding the links of criminals can facilitate the identification of victims coming from many African countries.  Nevertheless, no steps have been taken in this direction. 

3.       Analysis of the Communication from the Commission on the application of Directive 2004/81

The Commission analysed how Directive 2004/81 has been implemented by Member States.  The Directive states that victims of THB and victims of smuggling of migrants may be granted a residence permit if they decide to cooperate with law enforcement authorities to contribute to detect criminals.    However, in the case of smuggling, EU Member States retain the discretion to apply the Directive.   The issue of a residence permit is limited to cases where the victims are willing to cooperate with police. However, Member States have the option to grant a residence permit to all victims, even if they are not willing to cooperate. The lack of an obligation to grant a residence permit in cases of non-cooperation is inconsistent with Directive 2011/36, which requires Member States to give THB victims support and assistance even if they are not cooperating with the police.
The Commission stated that it is very important to identify victims ’for the effective application of the Directive’ and inform them of their rights ‘to initiate a recovery process and to reflect  before deciding whether to cooperate with the authorities’.   However,  the Commission has reported that, in the legislation of Member States, it is unclear whether the information is provided to officially identify victims or also to presumed victims.  I think presumed victims should be given the information as it could be a way to give them the opportunity to escape from the traffickers and start a programme of recovery.  
The Commission has also reported that Member States are issuing low numbers of residence permits in exchange for cooperation and, only in exceptional circumstances, the residence permit is issued beyond the willingness of victims to cooperate.   When I interviewed police officers and members of the civil society in Rimini (Italy), I found out that THB can be seriously defeated if victims and presumed victims are granted an unconditional residence permit.  This is because such a residence permit is reassuring and it puts victims and presumed victims in the position to report the criminals without any constraints.  In addition, an unconditional residence permit will interrupt the vicious circle victims become trapped in, when the investigations are concluded and their residence permit expires.  They become vulnerable and again easy targets for traffickers.  Conversely, victims with an unconditional residence permit will integrate in the new society and will not be vulnerable to trafficking anymore.  By adopting this method, police authorities in Rimini have defeated THB and police authorities in Siracusa (Italy) have detected some criminal organisations smuggling people from Egypt to Italy. Police authorities in Siracusa explained that the whole phenomenon of smuggling of migrants by sea cannot be defeated by isolated actions of national police as it requires investigations outside the EU and they would welcome more involvement of JHA agencies.
 The Commission is very concerned about the rare use of the issue of an unconditional residence permit and intends to engage in bilateral exchanges with Member States in order to improve the correct application of the Directive.  It also intends to implement the Task Force Mediterranean established in 2013 with the aim to prevent the death of migrants at sea.  This is very welcome as it seems that finally, the strong connections between THB and smuggling of migrants by sea have been fully recognised.  However, even the Communication on the Task Force Mediterranean is disappointing because it is not clear what concrete action and external cooperation agencies such as Europol and Eurojust can take in the fight against these two crimes.  It promoted cooperation with third countries and a global approach on immigration but no reforms have been proposed. 

4.       Conclusions  

The Commission reports have depicted a situation within Member States which will not contribute to defeat or at least reduce THB.  Furthermore, in the Communication on Directive 2004/81, the Commission has reported how Member States are neglecting to issue residence permit to victims of THB.  The Commission has shown its intention to ensure the situation improves and one hopes progress will be made in the issue of residence permits.
It is also believed that agencies such as Europol should be given relevant investigative powers within the EU and outside the EU.   I am aware that a reform as such requires the consent of Member States as it can be adopted on the basis of Article 87 of the Treaty on the Functioning of the European Union (TFEU).  However, Member States only seem focused on protecting their borders as if the fight against THB would not contribute to protect their borders by reducing irregular migration!  Italy has communicated that the Mare Nostrum Operation will be suspended and other Member States are not making efforts to prevent this suspension by cooperating with Italian authorities in rescuing and hosting migrants at sea.  Not only there is no willingness to cooperate in investigations and grant residence permits to victims, but Member States do not even want to rescue migrants at sea from drowning.  If this situation will continue, victims of THB will increase as will the number of victims of the connected crime of smuggling of migrants by sea.

 Barnard & Peers: chapter 26

Wednesday 22 October 2014

New EU human rights reporting requirements for companies: One step beyond the current UK rules

Anil Yilmaz (Lecturer in Law, University of Brighton) and Rachel Chambers (PhD candidate, University of Essex)  


Among the core objectives of the EU set out in Article 3(3) of the Treaty on the European Union is the creation of an internal market and sustainable development of Europe “based on balanced economic growth and price stability, a highly competitive social market economy, aiming at full employment and social progress, and a high level of protection and improvement of the quality of the environment.” The Single Market Act 2011 fleshed out the features of a “highly competitive social market economy” and provided that it called for new business models where environmental and social concerns “take precedence over the exclusive objective of financial profit.” In this respect, the Act outlined the allocation of tasks for achieving this goal between itself and the industry. While the European asset management industry was asked to use their leverage to promote socially and environmentally responsible businesses, the EU would take action, inter alia, to ensure a level playing field by introducing new rules on environmental and social reporting. Stemming from the Act was also the adoption of the Commission’s 2011-2014 Corporate Social Responsibility Strategy, which reaffirmed the objective of establishing EU rules on social and environmental reporting.  Although CSR has been on the EU agenda for a decade, the 2011-2014 Strategy put forward a more rigorous definition of CSR and demanded better alignment with global approaches to CSR, including implementation of the UN Guiding Principles (UNGPs).  Within the Strategy, the Commission announced its intention to build on the existing reporting requirements for companies.

Prior to the adoption of the recent amendments to Directive 2013/34/EU on company reporting, EU law made the following requirement on companies, not necessarily including small and medium‐sized enterprises (SMEs): “To the extent necessary for an understanding of the company’s development, performance or position, the analysis [in the annual review] shall include both financial and, where appropriate, nonfinancial key performance indicators relevant to the particular business, including information relating to environmental and employee matters.” In November 2010, the European Commission had launched an online public consultation to gather views on the disclosure of non-financial information by enterprises. The consultation had sought both to expand the subjects of such disclosure and to make the requirements more effective.

In January 2013, following the adoption of the 2011-2014 CSR Strategy, the European Parliament adopted two resolutions reiterating the importance of company transparency on environmental and social matters and calling for specific measures to combat misleading and false information regarding commitments to CSR and relating to the environmental and social impact of products and services.   The resolutions expressly acknowledged the role of the UNGPs in improving standards of corporate practice. The European Commission went one step further in its proposal of 16 April 2013, by suggesting an amendment to existing accounting legislation to improve the transparency of certain large companies on social and environmental issues, in particular with regard to human rights impacts.  The European Parliament and the Council reached an agreement on 26 February 2014; the European Parliament adopted the amendments to Annual Financial Statements Directive 2013/34/EU on 15 April 2014; this was adopted by the Council of the European Union on 29 September 2014.

The Reforms

The amendments introduce compulsory reporting of non-financial information by certain large undertakings. Under the new Article 19a certain large undertakings governed by the law of a member state are required to include a non-financial statement in their annual management report, ‘to the extent necessary for an understanding of the undertaking’s development, performance and position and of the impact of its activity.’ Recital 14 determines the personal scope of the reporting requirement based on the number of employees, balance-sheet total and the net turnover. ‘Certain large undertakings’ within the meaning of Article 19a are public-interest entities which have 500+ employees (in the case of a group of companies with the parent governed by a member state law, number of employees will be calculated on a consolidated basis). Public interest entities are defined in Article 2(1) of the Directive as including listed companies, credit institutions, insurance companies and any other entity designated by member states as a public interest entity due to the nature or size of their business.  The press release announcing the adoption of the Directive by the Council says that some 6,000 public interest entities in the EU will fall under its scope.

 Non-financial information encompasses “as a minimum, environmental, social and employee matters, respect for human rights, anti-corruption and bribery matters”.  The statement will contain a brief description of the company’s business model, a description of the company policy in those areas and its outcome, main risks faced by the company, including those arising from its business relationships, and how these are managed and the due diligence processes it employs to identify, prevent and mitigate adverse impact. Companies can avoid reporting on one or more of these issues if they do not pursue policies on those issues and provide a ‘clear and reasoned’ explanation of this choice. There is an additional exemption from reporting in exceptional cases where disclosure of such information would seriously harm the commercial position of the company and non-disclosure does not prevent a fair assessment of company’s impact and risk.

Recitals provide some examples of what should be included in the report for each item and refer to a selection of national and international frameworks for further guidance that companies can rely on. In the meantime, the Commission will prepare general and sectoral non-binding guidelines for non-financial reporting.  Member states will have two years to incorporate the new provisions into domestic law, which will be applicable in 2017.  In terms of enforcement of these obligations, Recital 10 requires member states to establish effective national procedures to ensure compliance with non-financial reporting requirements. Finally, it is up to the member state implementing the directive to require independent verification of the non-financial information contained in the report.


The adoption of this Directive was hard fought for, and can be seen as a major achievement –both in terms of the content of the reforms but also the symbolic step which their adoption represents.   These are a broad set of reporting requirements, wider than comparable UK law as they include anti-bribery and corruption as well as environmental, social and employee matters and human rights.  By requiring reporting “of the impact of [a company’s] activities” and of the “principal risks related to those matters linked to the undertaking's operations” these provisions focus effort on what is important – reporting the actual human rights risks/impacts to/on society of a company’s operations and prioritising the most severe risks.  This compares favourably to UK non-financial reporting which, as explained below, is focused essentially on providing information to shareholders on which they can assess the financial performance of the company.  The requirement for group reporting of these issues in consolidated statements will allow stakeholders to be informed about the impacts of subsidiaries as well as their parent companies. Business partners are also covered but reporting on risks from supply chains and business relationships is only required “if relevant and proportionate”. The inclusion of risk management processes such as due diligence is useful when trying to understand how companies are tackling the issues which they face in this realm.

However, there are a number of shortcomings in the new Directive.  It does not cover many companies: the original Commission proposal was for it to apply to around 18,000 companies – listed and non-listed – that were of a certain financial size and had 500 employees or more.  As stated above, the adopted proposal only covers around 6,000 “public interest” companies.  The failure to include listed SMEs (although member states can choose to include them) is particularly difficult to understand given that these companies already have to file annual reports, and that despite their size, these companies can have significant human rights impacts.  The methods for enforcement of the obligations and independent verification of the reports are left to member state discretion, which can create inconsistencies in the application of these rules, and ultimately a lack of “teeth” if companies fail to comply.

Does it improve existing UK requirements?
The new UK requirement to compile a strategic report which must, to the extent necessary for an understanding of the development, performance or position of the company’s business, include, amongst other requirements, information about social, community and human rights issues came into force in October 2013.  The inclusion of a test of materiality in the statutory guidance on the new statutory regime was controversial.  Under the heading of “Materiality” the guidance recommends that companies include human rights-related information “if its omission from or misrepresentation in the strategic report might reasonably be expected to influence the economic decisions shareholders make on the basis of the annual report as a whole” – as noted above the new European requirement takes a different, and from a human rights protection point of view better, stance by looking at impact on society.

Enforcement of the UK law is weak, a situation which will not be changed by the new EU law. In the UK, the Conduct Committee of the Financial Reporting Council is responsible for monitoring the compliance of the strategic report with the Strategic Report Regulations. It may investigate cases where it appears that required information has not been provided, and has the power to apply to the court for a declaration that a strategic report does not comply with the requirements and for an order requiring the directors to prepare a revised strategic report.  The equivalent powers under the previous statutory regime were seldom used.  Since compliance with the new EU non-financial reporting requirements will be overseen by member state regulators, it is crucial that they have qualified staff with the appropriate human rights expertise to draw on when assessing whether the information required has been provided.
Barnard & Peers: chapter 9, chapter 14

Friday 17 October 2014

Cameron’s ‘emergency brake’: killing the free movement of persons, or saving it?


Steve Peers

Imagine that pro-Europeans in Britain had a time machine, but only enough power to use it once. Where (or rather, when) should they go? There’s only one possible answer: they should go back to 2004, and move heaven and earth to convince the British government of the day not to allow immediate free movement of workers from all of the new Member States about to join the European Union. For despite the economic benefits of this decision, it has been an unmitigated political disaster as regards public support for the UK’s EU membership (and, it should be added, for the UK Labour Party).
We don’t have a time machine – although I often wonder if Nigel Farage might have used one, to go back and somehow trick Tony Blair into making that fateful decision. Instead, we have to deal with a situation in which the free movement of people is being increasingly painted as a fundamental flaw with the EU, which the UK should either leave the EU to escape or demand to be renegotiated.

In his earlier discussion of his renegotiation strategy, such a major change in free movement of people was not foremost in David Cameron’s agenda. So, as I suggested at the time, it might be possible to address the UK’s renegotiation issues by a Decision of Heads of State and Government, as was the case for the Danish and Irish concerns about previous treaty amendments.

Now that significant change to the free movement rules is a ‘red line’ for the Conservative party in the renegotiations (if it is in a position to carry them out after next year’s general election), this would no longer be sufficient. So it’s time to take a fresh look at Cameron’s renegotiation positions, looking in turn at the free movement of people and the other issues he has raised. Then I will answer a critical political question:  should pro-Europeans support such changes?

Free movement of people
The basic rules on free movement of people appear both in the Treaties and in secondary legislation. Treaty provisions set out the basic right of EU citizens to move and reside freely, which is allied to a right of non-discrimination on grounds of nationality. There are also specific provisions on free movement of workers, the self-employed, service providers and recipients and (implicitly) students. In addition, there is secondary legislation, principally (but not only) the citizens’ Directive and the Regulation on social security coordination.

The legislation could be changed much more easily than the Treaties. In particular, it would need only a qualified majority vote in the Council and agreement in the European Parliament to change the legislation (the Commission would also have to be persuaded to propose the amendments).
However, there’s a limit to what legislative change could accomplish. For instance, some of the details of access to benefits could be changed in principle. But the underlying rule of the free movement of people is set out directly in the Treaties, which are directly effective and take priority over conflicting national law and conflicting EU secondary legislation. That means that EU legislative changes would be invalid if they restricted free movement rights too severely, or amounted to discrimination between EU citizens (for an example of a change to the social security rules which was struck down by the EU Court of Justice, see the Pinna case).
Some changes could come about by the Court’s own jurisprudence. Earlier this year, it gave a restricted reading of the free movement rights of convicted criminals. In November, it will deliver a potentially important ruling on EU citizens’ access to benefits. (I’ll blog later on both points). But again, this can’t affect the fundamental rules of free movement.

The citizens’ Directive and the Treaties allow for free movement to be restricted on grounds of public policy, public security and public health, but it’s clear from the Court’s case law (and the text of the Directive) that this can only apply in individual cases, and never on economic grounds.
So to overturn the core of free movement rights, the Treaty would have to be amended. This would entail ratification by all Member States of the treaty amendment (which would probably take the form of a protocol to the existing Treaties).

What could such a protocol include? There’s a wide range of options. It could simply establish a power to derogate from free movement rules, leaving the details to be agreed afterward. This would probably not be enough to satisfy the critics of free movement in the UK, who would question whether the limitations would ever actually be put in place.
It could, as Cameron has suggested, provide for an ‘emergency brake’ on the numbers of people. Some have compared this to the ‘emergency brakes’ already in the Treaty regarding the adoption of legislation in some areas, such as criminal law and social security. As a limitation on a substantive right, it should better be described as a safeguard clause. But let’s stick with Cameron’s phrase, to avoid any confusion.

There are prior examples of such clauses. One good example is the agreement between the EU and Norway, Iceland and Liechtenstein on the extension of the common market to those states – the European Economic Area (EEA) treaty.

That treaty allows safeguard measures to be taken unilaterally, if there are ‘serious economic, societal or environmental difficulties of a sectorial or a regional nature’ which are ‘liable to persist’. Those measures must be proportionate to the problem in question. A party which wants to invoke this clause must inform the other parties and consult with them, and wait one month after the notification before implementing them. The other parties can reciprocate with ‘proportionate rebalancing measures’. As far as I know, this clause has never been invoked.

Another example is the accession treaties with newer Member States. The  transitional clauses in these treaties permit the free movement of workers to be suspended during the transitional period of seven years after accession, if a Member State ‘undergoes or foresees disturbances on its labour market which could seriously threaten the standard of living or employment in a given region or occupation’. Its intention must be approved by the Commission, but any Member State could appeal the Commission’s decision to the Council, which can overturn it by qualified majority. This provision has been used by Spain.
The latter limitation is the best template for any new provisions, since it relates specifically to the free movement of workers. Of course, this begs the question as to whether any Treaty renegotiation should only permit limitations as regards workers, or other categories of persons as well. If the limits only apply to workers, what happens if a person enters as a student, and then gets a part-time job or drops out and seeks employment? Equally, how to count a family member of an EU citizen who was not economically active when he or she entered the country (or who was born there), but who looks for a job later on?  
There’s no need to follow the existing template exactly, of course. The notion that the Commission and/or Council is in charge of invoking the derogation might be a difficult ‘sell’ in the UK, for instance. Having said that, even if the Commission or Council has no role in approving the decision, the Commission would be able to challenge the use of the clause by means of an infringement action; equally the invocation of the safeguard could be challenged in the national courts.
Furthermore, other Member States might want the rules on invoking the derogation to be more precise, for instance referring to increased movement and/or rates of unemployment and lower rates of growth. There might be a rule on proportionality (as in the EEA provision). 
More radical suggestions are that Member States should be allowed to apply a points system for EU immigration, or apply immigration quotas (as suggested by Boris Johnson). Such approaches would entirely destroy the idea of free movement, and so are unlikely to be accepted by other Member States. After all, why should they sign up to a Treaty amendment which would effectively mean that (as far as free movement of people is concerned) the UK is not a member at all? What advantage does that have (for them) as compared to letting the UK leave the EU?
Other issues

David Cameron has also suggested changing the rules on ‘ever closer union’. There’s useful wording on this issue in the June European Council conclusions which could simply be inserted into the Treaties. As for equal treatment of non-eurozone States (another Cameron bugbear),the UK’s concerns on this front could also be addressed by amending the special Council voting rules, or by adapting the wording of the clauses governing the use of enhanced cooperation in the Treaties.
More generally, any Treaty amendments which the UK requests would raise questions of the quid pro quo that should be offered in return. Possibly, any use of the free movement derogation would trigger an obligation to make payments into the unemployment or welfare systems of other Member States, and the protection for non-eurozone States would have to be accompanied by treaty amendments permitting those States to go ahead more easily with further integration among themselves.

What should pro-Europeans do?
The initial reaction from pro-Europeans to any and all suggestions that free movement rules should be changed is to defend the status quo. In principle, this is understandable. Personally, I agree with the free movement of people: in the words of Rene Zellweger, the idea ‘had me at “hello”’. Objectively, there are sound economic reasons to support the concept.

However, as democrats we cannot simply ignore the widespread public concern about free movement. Pro-Europeans should therefore support some form of reform of the free movement rules – either the legislative amendments described above, or a limited possibility for an emergency brake.  Simply refusing to accept any change will allow the real enemies of free movement (and the EU more generally) to paint pro-Europeans as undemocratic elitists.
Some might argue that pro-Europeans should not in any way accept the arguments being made by Nigel Farage, given the racist and misogynistic attitudes of some members and supporters of the UK Independence party. But that’s not a reason to resist any reform of free movement law. Exactly the opposite: it’s the reason to embrace reform. A pro-European case can be made for limited legislative reform, or the imposition of a safeguard clause in exceptional circumstances, which keeps intact the core free movement rules. That way, pro-Europeans can still make the case for the value of these rules, while responding to public concern about those rules. A refusal to accept any reform increases the risk that there will soon be no free movement (and no EU membership) at all. Free movement of people, and the UK’s membership of the European Union, cannot be sustained without democratic consent.  

Barnard & Peers: chapter 2, chapter 13

Wednesday 15 October 2014

The proposed General Data Protection Regulation: suggested amendments to the definition of personal data

Douwe Korff, Professor of International Law
I.                    Background

In a recent judgment (discussed previously on this blog) the third chamber of the CJEU has ruled that the concept of "personal data" in the 1995 data protection (DP) directive is limited to data directly relating to a person, and does not include legal analyses in the file on the person, on which the state (NL) relied in taking its decisions in relation to that person (Joined Cases C-141/12 and C-372/12). I believe the Court’s restriction of the concept is wrong and contrary to the intended purpose of data protection; and should be corrected in the new General Data Protection Regulation.

First of all, the Court based itself on the, in my opinion erroneous, view that the 1995 EC DP Directive was solely aimed at protecting privacy. In particular, it felt that the right of data subjects to access to their personal data should not extend to a legal analysis of their case, contained in a file on them, because (in the Court’s view) such an analyses “is not in itself liable to be the subject of a check of its accuracy by [a data subject]”, and data subjects should not be able to use data protection to seek a rectification of such an analysis (cf. para. 44 of the judgment).

Secondly, the Court also relied on the fact that data of the kind at issue in the joined cases was administrative data held by a public authority and, drawing a parallel with EU regulations on privacy and access to documents, held that access to the legal analysis should be addressed under the latter rules rather than the former. This failed to take into account the fact that the EU rules referred to apply only to public (i.e., EU) bodies, whereas the 1995 DP Directive applies also, and in indeed especially, to private-sector bodies (in particular companies) that are not subject to public-sector rules on access to administrative data.

The Court’s judgment, in sum, seriously limits the concept of personal data and the right of access to one’s personal data, and thus seriously limits the application of the entire EU data protection regime. It leaves individuals with seriously less rights in respect of data on them (or relating to them, or used to take decisions on them, or that affect them) than was previously thought.

Specifically,the judgment runs directly counter to the authoritative 2007 Article 29 Working Party (WP) Opinion on the concept of personal data (Opinion 4/2007, WP136, of 20 June 2007). This first of all noted that the purpose of data protection is not limited to a narrow concept of privacy – as is indeed also clear from the fact that data protection is guaranteed in the Charter of Fundamental Rights (CFR) as a separate right, sui generis, from the right to private life/privacy (data protection is guaranteed in Article 8 CFR; Privacy in Article 7 CFR). Astonishingly, given that the WP29 is expressly charged with providing guidance on the interpretation and application of the 1995 DP Directive, the Court did not even mention either the Working Party or this specific opinion.

In the opinion, the Working Party discussed four elements of the definition, from which it deduces the appropriate criteria for determining whether data should be regarded as personal data within the meaning of the directive. They can be paraphrased as follows:

-                      The first element: “any information”:

The WP concludes that these words indicate that the concept of personal data should be interpreted broadly, and not limited to matters relating to a person’s private and family life stricto senso (as has wrongly been done in the UK under the Durant decision, and as appears to also underpin the Court’s judgment). It also covers information in any form, including documents, photographs, videos, audio and biometric data, body tissues and DNA.

-                      The second element: “relating to”:

In general terms, information can be considered to “relate” to an individual when it is about that individual. However, data about “things” can also be personal data, if the object in question is closely associated with a specific individual (e.g., mobile phone location data). This is of increasing importance in the era of the Internet of Things. Important in relation to the CJEU judgment, the WP29 adds the following consideration, with reference to an earlier opinion, on radio frequency identification (RFID) tags, WP105 of 19 January 2005 (original italics and bold; underlining added):

In the context of discussions on the data protection issues raised by RFID tags, the Working Party noted that "data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated."
[I]n order to consider that the data “relate” to an individual, a "content" element OR a "purpose" element OR a "result" element should be present.
The “content” element is present in those cases where - corresponding to the most obvious and common understanding in a society of the word "relate" - information is given about a particular person, regardless of any purpose on the side of the data controller or of a third party, or the impact of that information on the data subject.
Also a "purpose" element can be responsible for the fact that information "relates" to a certain person. That “purpose” element can be considered to exist when the data are used or are likely to be used, taking into account all the circumstances surrounding the precise case, with the purpose to evaluate, treat in a certain way or influence the status or behaviour of an individual.
A third kind of 'relating' to specific persons arises when a "result" element is present. Despite the absence of a "content" or "purpose" element, data can be considered to "relate" to an individual because their use is likely to have an impact on a certain person's rights and interests, taking into account all the circumstances surrounding the precise case. It should be noted that it is not necessary that the potential result be a major impact. It is sufficient if the individual may be treated differently from other persons as a result of the processing of such data.
These three elements (content, purpose, result) must be considered as alternative conditions, and not as cumulative ones. In particular, where the content element is present, there is no need for the other elements to be present to consider that the information relates to the individual. A corollary of this is that the same piece of information may relate to different individuals at the same time, depending on what element is present with regard to each one. The same information may relate to individual Titius because of the "content" element (the data is clearly about Titius), AND to Gaius because of the "purpose" element (it will be used in order to treat Gaius in a certain way) AND to Sempronius because of the "result" element (it is likely to have an impact on the rights and interests of Sempronius). This means also that it is not necessary that the data "focuses" on someone in order to consider that it relates to him. ...
The “legal analyses” that the CJEU ruled were not personal data are clearly covered by the above: they are the very basis on which the data subjects in questions (asylum seekers) were “treated” and “evaluated”. To apply the reasoning of the Working Party: they determine whether Titius should be treated the same way as Gaius or not; and they may also have an impact on the rights and interests of Sempronius.
This is also crucially important in relation to “profiles”. Under the judgment, states and companies could argue that individuals should also not have a right to challenge the accuracy of a profile, any more than the accuracy of a legal analysis; and that, indeed, they are not entitled to be provided on demand with the elements used in the creation of a profile. After all, a profile, by definition, is also based on an abstract analysis of facts and assumptions not specifically related to the data subject – although both are of course used in relation to the data subject, and determine the way he or she is treated.
In my opinion, the above is the most dangerous limitation flowing from the Court’s judgment.
-                      The third element: “identified or identifiable”:
Although this issue did not arise in the CJEU cases, it is still crucial, in particular in relation to the ever-increasing and ever-more-widely-available massive sets of “Big Data”. In the opinion of the WP, the core issue is whether a person is, or can be, singled out from the data, whether by name or not. A name sometimes suffices for this, but often not, while a photograph or an identity number often does allow such singling out even if no other details of the person are known. In relation to pseudonymised or supposedly anonymised data, the WP concluded (with reference to the recitals in the 1995 directive) that the central issue is whether the person can be identified (singled out), whether by the data controller or by any other person, “taking account of all the means likely reasonably to be used either by the controller or by any other person to identify that individual.
-                      The fourth element: “natural person”:
In principle, personal data are data relating to identified or identifiable living individuals. There are some issues relating to data on deceased persons and unborn children: these can often still (also) relate to living individuals, in the way discussed above, and would then still be personal data in relation to those latter individuals. Data on legal entities can sometimes also, similarly, relate to living individuals associated with those entities. Also, in some contexts some data protection rights are expressly extended to legal persons (companies etc.) per se, in particular under the so-called “e-Privacy Directive”. But that is a special case. This too, however, was not an issue relevant to the CJEU judgment.

Until the CJEU judgment, it could be assumed that as long as the General Data Protection Regulation used the same definition of personal data as the 1995 DP Directive, the above elements and criteria could simply be read into the new instrument.

However, the judgment could result in the definition in the GDPR being read in accordance with the Court’s restricted views, rather than in line with the WP29 guidance.

In my opinion, if the EU wishes to retain a strong European data protection framework, as is often asserted, it is essential that the GDPR expressly (if of course briefly) endorses the WP29 view of the issue, rather than the CJEU’s one.

Below, I suggest amendments to the definition of the concept of personal data in the GDPR that would achieve that (some further amendments should be made to the recitals).
II.                  Proposed amendments to the GDPR
As can be seen from the Annexes, with the different definitions of personal data and data subject in the Commission text of the GDPR and in the amended version of the Regulation adopted by the EP (and with the corresponding definitions in the current 1995 DP Directive), the definitions all say in essence that:

'personal data' means any information relating to a data subject (with ‘data subject’ then defined as “an identified or identifiable natural person”), or:
'personal data' means any information relating to an identified or identifiable natural person -
which comes to the same thing (and is in accordance with the current directive).

The EP text adds clarification on when a person can be regarded as “identifiable”, on the lines of the views of the Article 29 Working Party (drawing on a recital in the current directive); and more specific provisions on “pseudonymous data” and “encrypted data”.

However, neither text adds clarification on the question of when data can be said to “relate” to a (natural, living) persons – which is the issue so badly dealt with in the CJEU judgment.

I propose that the definition of “personal data” in the GDPR be expanded to expressly clarify the question of when data can be said to “relate” to a person, by drawing on the guidance of the Article 29 Working Party set out above; and by also expressly clarifying that “profiles” always “relate” to any person to whom they may be applied. Specifically, I propose that an additional paragraph be added to Article 2(2), spelling out that:

“data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person's rights and interests. Profiles resulting from ‘profiling’ as defined in [Article 20 in the Commission text/Article 4(3a) of the EP text] by their nature relate to any person to whom they may be applied.”

The Annexes indicate more specifically how such an amendment could be incorporated into the current (Commission and EP) texts of the Regulation.

Annex I


(Added or amended text in bold)

The proposed amendments if applied to the Commission text:

(1)        'data subject' means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;

(2)        'personal data' means any information relating to a data subject;

(2a)      data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person's rights and interests. Profiles resulting from ‘profiling’ as defined in Article 20 by their nature relate to any person to whom they may be applied.

The proposed amendments if applied to the EP text:

(2)        'personal data' means any information relating to an identified or identifiable natural person ('data subject');

(2a)      an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person;

(2b)     data relate to a person if they are about that person, or about an object linked to that person; or if the data are used or are likely to be used for the purpose of evaluating that person, or to treat that person in a certain way or influence the status or behaviour of that person; or if the use of the data is likely to have an impact on that person's rights and interests. Profiles resulting from ‘profiling’ as defined in paragraph (3a) by their nature relate to any person to whom they may be applied.

(2c) 'pseudonymous data' means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution;

(2d) ‘encrypted data’ means personal data, which through technological protection measures is rendered unintelligible to any person who is not authorised to access it;

NB: The actual Commission and EP texts are set out in Annex II

Annex II 

The definition of “personal data” in the original Commission text of the GDPR and in the amended version of the Regulation adopted by the European Parliament:

Text proposed by the Commission
For the purposes of this Regulation:
For the purposes of this Regulation:
(1) 'data subject' means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;

(2) 'personal data' means any information relating to a data subject;
(2) 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person;

(2a) 'pseudonymous data' means personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and subject to technical and organisational measures to ensure non-attribution;

(2b) ‘encrypted data’ means personal data, which through technological protection measures is rendered unintelligible to any person who is not authorised to access it;

Cf. the following definition in the current 1995 DP Directive:
(a) 'personal data 'shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;