Group items tagged

Mrs. Reding — who has irked U.S. authorities in the past by threatening companies like Google for overstepping E.U. privacy standards — suggested Mr. Holder’s responses could shape the outcome of important trans-Atlantic initiatives like trade talks. Europe has been a frequent critic of the United States in recent years for jeopardizing individual liberties by filtering vast volumes of information on European bank transfers and in airline passenger records to fight terror plots. Mrs. Reding’s letter is another sign that the growth of government surveillance that began under the Bush administration after Sept. 11, 2001, and has expanded under the Obama administration, continues to touch raw nerves far beyond the United States.

The revelations have prompted members of the European Parliament, a directly elected body of representatives from across the Union that meets in Brussels and Strasbourg, to demand that data protection be included in upcoming U.S.-European talks on a long sought trade pact. Any “trade pact will have to fully ensure the highest standards of data privacy for all citizens,” and an ongoing reform of Europe’s data protection law “must guarantee these standards for E.U. citizens when using U.S.-based Internet companies,” Hannes Swoboda, an Austrian member of the parliament who is president of the Socialists & Democrats group, said in a statement on Tuesday. “It is no good the E.U. having strict regulation on data protection if those standards are not guaranteed when using U.S.-based Internet companies,” he said.

The talks are expected to be conducted by Mrs. Reding's colleague, Karel De Gucht, the E.U. trade commissioner — but the Parliament would have a final say over any such deal under its right, in force since 2009, to veto treaties with third countries. In the strongest demonstration against U.S. policy, the Parliament in 2010 blocked an agreement allowing U.S. authorities access to European banking data from a cooperative responsible for routing trillions of dollars daily among banks, brokerage houses, stock exchanges and other institutions.

In a thinly veiled warning to Mr. Holder about the trade pact, Ms. Reding said relations between the United States and Europe could be undermined by concerns about privacy, which many in Europe regard as an inviolable right. In her letter, Mrs. Reding said she “is accountable before the European Parliament, which is likely to assess the overall trans-Atlantic relationship also in the light of your responses.” In nine detailed questions, Ms. Reding asked Mr. Holder how much data-sifting the United States is conducting, whether those activities target individuals, and whether the surveillance involves issues beyond national security. Mrs. Reding also pushed Mr. Holder to tell her “what avenues” are available to citizens of countries in the European Union to obtain information about whether their personal information has been examined under the Prism program and other programs, and whether Europeans have similar access to that information as Americans.

For Mrs. Reding, the chance to push back against Washington is a welcome opportunity. Two years ago, she was forced to soften her initial proposals for data privacy rules in order to accommodate U.S. intelligence gathering. That followed intense pressure on the European Commission, the E.U.’s governing body, from the Obama administration.

58      Directive 2006/24 affects, in a comprehensive manner, all persons using electronic communications services, but without the persons whose data are retained being, even indirectly, in a situation which is liable to give rise to criminal prosecutions. It therefore applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime. Furthermore, it does not provide for any exception, with the result that it applies even to persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy. 59      Moreover, whilst seeking to contribute to the fight against serious crime, Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences.

1        These requests for a preliminary ruling concern the validity of Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L 105, p. 54).

Digital Rights Ireland Ltd (C‑293/12)vMinister for Communications, Marine and Natural Resources,Minister for Justice, Equality and Law Reform,Commissioner of the Garda Síochána,Ireland,The Attorney General,intervener:Irish Human Rights Commission, andKärntner Landesregierung (C‑594/12),Michael Seitlinger,Christof Tschohl and others,

65      It follows from the above that Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter. It must therefore be held that Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary.66      Moreover, as far as concerns the rules relating to the security and protection of data retained by providers of publicly available electronic communications services or of public communications networks, it must be held that Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data. In the first place, Article 7 of Directive 2006/24 does not lay down rules which are specific and adapted to (i) the vast quantity of data whose retention is required by that directive, (ii) the sensitive nature of that data and (iii) the risk of unlawful access to that data, rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. Furthermore, a specific obligation on Member States to establish such rules has also not been laid down.

34      As a result, the obligation imposed by Articles 3 and 6 of Directive 2006/24 on providers of publicly available electronic communications services or of public communications networks to retain, for a certain period, data relating to a person’s private life and to his communications, such as those referred to in Article 5 of the directive, constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter. 35      Furthermore, the access of the competent national authorities to the data constitutes a further interference with that fundamental right (see, as regards Article 8 of the ECHR, Eur. Court H.R., Leander v. Sweden, 26 March 1987, § 48, Series A no 116; Rotaru v. Romania [GC], no. 28341/95, § 46, ECHR 2000-V; and Weber and Saravia v. Germany (dec.), no. 54934/00, § 79, ECHR 2006-XI). Accordingly, Articles 4 and 8 of Directive 2006/24 laying down rules relating to the access of the competent national authorities to the data also constitute an interference with the rights guaranteed by Article 7 of the Charter. 36      Likewise, Directive 2006/24 constitutes an interference with the fundamental right to the protection of personal data guaranteed by Article 8 of the Charter because it provides for the processing of personal data.

JUDGMENT OF THE COURT (Grand Chamber)8 April 2014 (*)(Electronic communications — Directive 2006/24/EC — Publicly available electronic communications services or public communications networks services — Retention of data generated or processed in connection with the provision of such services — Validity — Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union)In Joined Cases C‑293/12 and C‑594/12,

60      Secondly, not only is there a general absence of limits in Directive 2006/24 but Directive 2006/24 also fails to lay down any objective criterion by which to determine the limits of the access of the competent national authorities to the data and their subsequent use for the purposes of prevention, detection or criminal prosecutions concerning offences that, in view of the extent and seriousness of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter, may be considered to be sufficiently serious to justify such an interference. On the contrary, Directive 2006/24 simply refers, in Article 1(1), in a general manner to serious crime, as defined by each Member State in its national law.61      Furthermore, Directive 2006/24 does not contain substantive and procedural conditions relating to the access of the competent national authorities to the data and to their subsequent use. Article 4 of the directive, which governs the access of those authorities to the data retained, does not expressly provide that that access and the subsequent use of the data in question must be strictly restricted to the purpose of preventing and detecting precisely defined serious offences or of conducting criminal prosecutions relating thereto; it merely provides that each Member State is to define the procedures to be followed and the conditions to be fulfilled in order to gain access to the retained data in accordance with necessity and proportionality requirements.

55      The need for such safeguards is all the greater where, as laid down in Directive 2006/24, personal data are subjected to automatic processing and where there is a significant risk of unlawful access to those data (see, by analogy, as regards Article 8 of the ECHR, S. and Marper v. the United Kingdom, § 103, and M. K. v. France, 18 April 2013, no. 19522/09, § 35).56      As for the question of whether the interference caused by Directive 2006/24 is limited to what is strictly necessary, it should be observed that, in accordance with Article 3 read in conjunction with Article 5(1) of that directive, the directive requires the retention of all traffic data concerning fixed telephony, mobile telephony, Internet access, Internet e-mail and Internet telephony. It therefore applies to all means of electronic communication, the use of which is very widespread and of growing importance in people’s everyday lives. Furthermore, in accordance with Article 3 of Directive 2006/24, the directive covers all subscribers and registered users. It therefore entails an interference with the fundamental rights of practically the entire European population. 57      In this respect, it must be noted, first, that Directive 2006/24 covers, in a generalised manner, all persons and all means of electronic communication as well as all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.

62      In particular, Directive 2006/24 does not lay down any objective criterion by which the number of persons authorised to access and subsequently use the data retained is limited to what is strictly necessary in the light of the objective pursued. Above all, the access by the competent national authorities to the data retained is not made dependent on a prior review carried out by a court or by an independent administrative body whose decision seeks to limit access to the data and their use to what is strictly necessary for the purpose of attaining the objective pursued and which intervenes following a reasoned request of those authorities submitted within the framework of procedures of prevention, detection or criminal prosecutions. Nor does it lay down a specific obligation on Member States designed to establish such limits. 63      Thirdly, so far as concerns the data retention period, Article 6 of Directive 2006/24 requires that those data be retained for a period of at least six months, without any distinction being made between the categories of data set out in Article 5 of that directive on the basis of their possible usefulness for the purposes of the objective pursued or according to the persons concerned.64      Furthermore, that period is set at between a minimum of 6 months and a maximum of 24 months, but it is not stated that the determination of the period of retention must be based on objective criteria in order to ensure that it is limited to what is strictly necessary.

52      So far as concerns the right to respect for private life, the protection of that fundamental right requires, according to the Court’s settled case-law, in any event, that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary (Case C‑473/12 IPI EU:C:2013:715, paragraph 39 and the case-law cited).53      In that regard, it should be noted that the protection of personal data resulting from the explicit obligation laid down in Article 8(1) of the Charter is especially important for the right to respect for private life enshrined in Article 7 of the Charter.54      Consequently, the EU legislation in question must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards so that the persons whose data have been retained have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access and use of that data (see, by analogy, as regards Article 8 of the ECHR, Eur. Court H.R., Liberty and Others v. the United Kingdom, 1 July 2008, no. 58243/00, § 62 and 63; Rotaru v. Romania, § 57 to 59, and S. and Marper v. the United Kingdom, § 99).

26      In that regard, it should be observed that the data which providers of publicly available electronic communications services or of public communications networks must retain, pursuant to Articles 3 and 5 of Directive 2006/24, include data necessary to trace and identify the source of a communication and its destination, to identify the date, time, duration and type of a communication, to identify users’ communication equipment, and to identify the location of mobile communication equipment, data which consist, inter alia, of the name and address of the subscriber or registered user, the calling telephone number, the number called and an IP address for Internet services. Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. 27      Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.

32      By requiring the retention of the data listed in Article 5(1) of Directive 2006/24 and by allowing the competent national authorities to access those data, Directive 2006/24, as the Advocate General has pointed out, in particular, in paragraphs 39 and 40 of his Opinion, derogates from the system of protection of the right to privacy established by Directives 95/46 and 2002/58 with regard to the processing of personal data in the electronic communications sector, directives which provided for the confidentiality of communications and of traffic data as well as the obligation to erase or make those data anonymous where they are no longer needed for the purpose of the transmission of a communication, unless they are necessary for billing purposes and only for as long as so necessary.

On those grounds, the Court (Grand Chamber) hereby rules:Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is invalid.

Peter Micek, policy counsel at the campaign group Access, said: "In a sector that has historically been quiet about how it facilitates government access to user data, Vodafone has for the first time shone a bright light on the challenges of a global telecom giant, giving users a greater understanding of the demands governments make of telcos. Vodafone's report also highlights how few governments issue any transparency reports, with little to no information about the number of wiretaps, cell site tower dumps, and other invasive surveillance practices."

Snowden, the National Security Agency whistleblower, joined Google, Reddit, Mozilla and other tech firms and privacy groups on Thursday to call for a strengthening of privacy rights online in a "Reset the net" campaign.Twelve months after revelations about the scale of the US government's surveillance programs were first published in the Guardian and the Washington Post, Snowden said: "One year ago, we learned that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives – no matter how innocent or ordinary those lives might be. Today, we can begin the work of effectively shutting down the collection of our online communications, even if the US Congress fails to do the same."

According to the classified documents published by Snowden in June, the NSA collected data from services run by Apple, Google, Facebook and Microsoft. Facebook’s European headquarters are located in Ireland, where the corporate tax is among the lowest in the EU. However, the local privacy watchdog had refused to investigate the company’s links to PRISM, classifying the student complaint as “frivolous or vexatious”. This week, after a long campaign by Europe-v-Facebook funded by donations, the High Court has granted an application for judicial review of this decision. In other words, if ODPC still thinks it has no grounds for an investigation, it will have to defend this position in court. “The DPC simply wanted to get this hot potato off his table instead of doing his job. But when it comes to the fundamental rights of millions of users and the biggest surveillance scandal in years, he will have to take responsibility and do something about it,” said the leader of the student group Max Schrems. Schrems also said that in the event the case does go to court, he hopes for a ruling in the next six months.

The court said it had examined "allegations of the most serious kind involving murder, manslaughter, the wilful infliction of serious bodily injury, sexual indignities, cruel inhuman and degrading treatment and large scale violation of international humanitarian law".The judgment from Sir John Thomas, president of the Queen's Bench Division, and Mr Justice Silber, added that there was evidence to support claims that some of the abuse had been systemic, and questioned whether responsibility for poor training and a failure to investigate promptly lay with senior officers and figures in government

Other recommendations include the EU offering protection and rewards for whistleblowers, including “strong guarantees of immunity and asylum”. Such a move would be seen as a direct response to the plight of Edward Snowden, the former NSA analyst who leaked documents that revealed the extent of the NSA’s global internet surveillance programmes. The report also says that, “Encryption is futile to defend against NSA accessing data processed by US clouds,” and that there is “no technical solution to the problem”. It calls for the EU to press for changes to US law.

“It seems that the only solution which can be trusted to resolve the Prism affair must involve changes to the law of the US, and this should be the strategic objective of the EU,” it said. The report was produced for the European Parliament committee on civil liberties, justice and home affairs, and comes before the latest hearing of an inquiry into electronic mass surveillance of EU citizens, due to take place in Brussels on 24 September.

When Merkel meets Obama, “you can safely assume that this is an issue that the chancellor will bring up,” Merkel’s spokesman, Steffen Seibert, told reporters on Monday. Merkel grew up in the East German system, where the government collected vast amounts of information about its citizens.

On September 27th, France’s newspaper SouthWest featured an exclusive interview with Matthias Fekl, France’s Secretary of State for Foreign Trade, in which he said that “France is considering all options, including outright termination of negotiations” on the TTIP. He explained that, ever since the negotiations began in 2013, “These negotiations have been and are being conducted in a total lack of transparency,” and that France has, as of yet, received “no serious offer from the Americans.” The reasons for this stunning public rejection had probably already been accurately listed more than a year ago. After all, France has, throughout all of the negotiations, received “no serious offer from the Americans”; not now, and not back at the start of the negotiations in 2013. The U.S. has been steadfast. Jean Arthuis, a member of the European Parliament, and formerly France’s Minister of Economy and Finance, headlined in Le Figaro, on 10 April 2014, “7 good reasons to oppose the transatlantic treaty”. There is no indication that the situation has changed since then, as regards the basic demands that President Obama is making. Arthuis said at that time: First, I am opposed to private arbitration of disputes between States and businesses. [It would place corporate arbitrators above any nation’s laws and enable them to make unappealable decisions whenever a corporation sues a nation for alleged damages for alleged violations of its rights by that nation of the trade-treaty.] Such a procedure is strictly contrary to the idea that I have of the sovereignty of States. … Secondly, I am opposed to any questioning of the European system of appellations of origin. Tomorrow, according to the US proposal, there would be a non-binding register, and only for wines and spirits. Such a reform would kill many European local products, whose value is based on their certified origin.

Thirdly, I am opposed to the signing of an agreement with a power that legalizes widespread and systematic spying on my fellow European citizens and European businesses. Edward Snowden’s revelations are instructive in this regard. As long as the agreement does not protect the personal data of European and US citizens, it cannot be signed. Fourth, the United States proposes a transatlantic common financial space, but they adamantly refuse a common regulation of finance, and they refuse to abolish systematic discrimination by the US financial markets against European financial services. They want to have their cake and eat it too: I object to the idea of a common area without common rules, and I reject commercial discrimination. Fifth, I object to the questioning of European health protections. Washington must understand once and for all that notwithstanding its insistence, we do not want our plates or animals treated with growth hormones nor products derived from GMOs, or chemical decontamination of meat, or of genetically modified seeds or non-therapeutic antibiotics in animal feed. Sixth, I object to the signing of an agreement if it does not include the end of the US monetary dumping. Since the abolition of the gold convertibility of the dollar and the transition to the system of floating exchange rates, the dollar is both American national currency and the main unit for exchange reserves in the world. The Federal Reserve then continually practices monetary dumping, by influencing the amount of dollars available to facilitate exports from the United States. China proposes to eliminate this unfair advantage by making “special drawing rights” of the IMF the new global reference currency. But as things now stand, America’s monetary weapon has the same effect as customs duties against every other nation. [And he will not sign unless it’s removed.]

Seventh, beyond the audiovisual sector alone, which is the current standard of government that serves as a loincloth to its cowardice on all other European interests in these negotiations, I want all the cultural exceptions prohibited. In particular, it is unacceptable to allow the emerging digital services in Europe to be swept up by US giants such as Google, Amazon or Netflix. They’re giant absolute masters in tax optimization, which make Europe a “digital colony.” President Obama’s negotiator is his close personal friend, Michael Froman, a man who is even trying to force Europe to reduce its fuel standards against global warming and whose back-room actions run exactly contrary to Obama’s public rhetoric. Froman and Obama have been buddies since they worked together as editors on Harvard Law Review. He knows what Obama’s real goals are. Also: “Froman introduced Mr. Obama to Robert E. Rubin, the former Treasury secretary,” who had brought into the Clinton Administration Timothy Geithner and Larry Summers, and had championed (along with them) the ending of the regulations on banks that the previous Democratic President, Franklin Delano Roosevelt, had put into place. (President Bill Clinton signed that legislation just as he left office, and this enabled the long process to occur with MBS securities and with financial derivatives, which culminated with the 2008 crash, and this same legislation also enabled the mega-banks to get bailed out by U.S. taxpayers for their crash — on exactly the basis that FDR had outlawed.)

Froman has always been a pro-mega-corporate, pro-mega-bank champion, who favors only regulations which benefit America’s super-rich, no regulations which benefit the public. Froman’s introducing the Wall Street king Robert Rubin to the then-Senator Obama was crucial to Obama’s becoming enabled to win the U.S. Presidency; Robert Rubin’s contacts among the super-rich were essential in order for that — Obama’s getting a real chance to win the Presidency — to happen. It enabled Obama to compete effectively against Hillary Clinton. Otherwise, he wouldn’t have been able to do that. His winning Robert Rubin’s support was crucial to his becoming President. The chances, that President Obama will now be able to get the support from any entity but the U.S. Congress for his proposed TTIP treaty with Europe, are reducing by the day. Europe seems to be less corrupt than is the United States, after all. The only independent economic analysis that has been done of the proposed TTIP finds that the only beneficiaries from it will be large international corporations, especially ones that are based in the United States. Workers, consumers, and everybody else, will lose from it, if it passes into law. Apparently, enough European officials care about that, so as to be able to block the deal. Or else: Obama will cede on all seven of the grounds for Europe’s saying no. At this late date, that seems extremely unlikely.

As EU leaders arrived for the two-day summit there was near-universal condemnation of the alleged activities by the NSA, particularly the monitoring of Merkel's mobile phone, a sensitive issue for a woman who grew up in East Germany, living under the Stasi police force and its feared eavesdropping.

Some senior German officials, and the German president of the European Parliament, have called for talks between the EU and United States on a free-trade agreement, which began in July, to be suspended because of the spying allegations. Merkel, whose country is one of the world's leading exporters and stands to gain from any trade deal with Washington, said that was not the right path to take, saying the best way forward was to rebuild trust. The series of Snowden-based leaks over the past three months have left Washington at odds with a host of important allies, from Brazil to Saudi Arabia, and there are few signs that the revelations are going to dry up anytime soon.

As well as raising questions about the EU-US trade negotiations, the spying furor could also have an impact on data-privacy legislation working its way through the EU. The European Parliament has already opened an inquiry into the effect on Europe of U.S. intelligence activities revealed by former NSA contractor Edward Snowden. It has also led a push for tougher data protection rules and the suspension of a transatlantic data-sharing deal. The Parliament, with 766 members directly elected from the EU's 28 member states, voted this week in favor of an amended package of laws that would greatly strengthen EU data protection rules that date from 1995. The new rules would restrict how data collected in Europe by firms such as Google and Facebook is shared with non-EU countries, introduce the right of EU citizens to request that their digital traces be erased, and impose fines of 100 million euros ($138 million) or more on rule breakers.

The United States is concerned the regulations, if they enter into law, will raise the cost of handling data in Europe. Google, Yahoo!, Microsoft and others have lobbied hard against the proposals. Given the spying accusations, France and Germany - the two most influential countries in EU policy - may succeed in getting member states to push ahead on negotiations with the parliament to complete the new data regulations by 2015. For the United States, it could substantially change how data privacy rules are implemented globally.