The interrelation of ecology and conflict has been the object of extensive study by political scientists and economists. From the contribution of natural resource ‘scarcity’ to violent unrest and possibly armed conflict; to resource ‘abundance’ as an incentive for initiating and prolonging armed struggles; to dysfunctional resource management and environmental degradation as an obstacle to peacebuilding, this literature has exerted a huge influence upon academic discussions and legal/policy developments.
While international law is often invoked as the solution to the socio-environmental challenges faced by conflict-affected countries, its relationship with the ecology of war and peace remains undertheorized. Drawing upon environmental justice perspectives and other theoretical traditions, the book unpacks and problematizes some of the assumptions that underlie the legal field.
Through an analysis of the practice of international courts, the United Nations Security Council, and truth commissions, the book shows how international law silences and even normalizes forms of structural and slow environmental violence (notably, uneven access and distribution of natural resources; less visible forms of violence associated with the environmental aftermath of wars).
This, in turn, jeopardizes the prospects of creating more peaceful societies, while perpetuating deeply rooted inequalities. Ultimately, the book urges us to imagine entirely different legal notions of justice, peace, and security in times of ecological disruption.
By drawing upon extra-legal fields of inquiry (e.g., the literature on environmental security, the political economy of civil wars, the resource curse, and environmental peacebuilding), the book strives to refine extant understandings of how international law conceptualizes and regulates the ‘environment’ before, during, and after armed conflict.
By engaging with some of the international legal order’s most pressing concerns – rising intra-state violence, environmental degradation, resource depletion, and their interaction – the book opens intellectual spaces for rethinking current approaches to the ecological challenges of our hyperconnected world and their adverse impact on the most marginalized peoples. As such, it offers a critical companion work to related titles and, at the same time, pushes the research envelope further and in new directions.
E Cusato, The Ecology of War and Peace: Marginalising Slow and Structural Violence in International Law (CUP 2021)
The book will be of interest to academics and students across different disciplines, primarily international law, but also peace and conflict studies, political theory, and international relations. It will also prove useful as a reference for policymakers and practitioners working at the intersection of environmental issues, human rights, and peace and security within international organisations/tribunals, governmental departments, think thanks, and NGOs.
Dr. Eliana Cusato is currently on academic leave from the Essex Law School.
In that judgment, the GFCC for the first time declared a judgment of the Court of Justice of the European Union (CJEU) to be ultra vires. As the symposium in I•CON demonstrates, this decision has come in for sustained attack from many quarters, and defences of it are partial at best.
Most significantly, critics decry the PSPP judgment of the GFCC for giving succour to the authoritarian governments of particular Member States, most notably Hungary and Poland: if Germany can defy the primacy of EU law, then surely every other Member State can too?
In this context, Dr. Flynn analyses PSPP in the light of previous national court decisions (Italian, Danish, Czech, and Hungarian) that challenged the CJEU’s conception of the primacy of EU law, and argues that it cannot, on its own, be used to justify the imposition or adoption of an absolutist conception of the primacy of EU law.
Instead, we can reconceive national court objection to the CJEU’s conception of primacy as a form of ‘loyal opposition’, analogous to the political concept, where mere opposition to the tendencies and policies of the current government must not be regarded as being somehow disloyal or unspeakable.
The theory of constitutional pluralism, which conceptualises the relationship between EU constitutional law and that of the Member States as being heterarchical rather than hierarchical, must therefore not be regarded as being inherently dangerous, or as an expression of some kind of retrograde ‘sovereigntism’.
Rather, we must pay close attention to the reasoning and justification of any given instance of national disapplication of EU law. This is particularly so in the context of a Union that is showing itself increasingly ill-equipped to handle the rise of authoritarianism in the Member States: just as not all expressions of national constitutional primacy are wicked, not all expressions of Union primacy are good.
Dr. Flynn instead proposes a ‘legitimacy test’, whereby we can learn to distinguish principled, reasoned, ‘loyal’ opposition in the EU constitutional space from unprincipled, unreasoned, ‘disloyal’ constitutional backsliding.
The full citation of Dr. Flynn’s new article is: Tom Flynn, Constitutional pluralism and loyal opposition, International Journal of Constitutional Law, Volume 19, Issue 1, January 2021, Pages 241–268, https://doi.org/10.1093/icon/moab035.
In recent years cross-border exchange of electronic information has become increasingly important to enable criminal investigations and prosecutions. As I have discussed in depth in my study “Rethinking Criminal Justice in Cyberspace: The EU E-evidence framework as a new model of cross-border cooperation in criminal matters” the use of technology has transformed the nature of crime and evidence leading to ‘crime without borders’ and ‘globalisation of evidence’. An increasing number of criminal investigations rely on e-evidence and this goes beyond cyber-dependent and cyber-enabled crimes. From an evidential point of view, today almost every crime could have an e-evidence element as often offenders use technology, such as personal computers, notepads, and camera phones, where they leave traces of their criminal activity, communications or other pieces of information that can be used to determine their whereabouts, plans or connection to a particular criminal activity.
Crime today often has a cyber component and with it an increasingly prominent cross border dimension because electronic information to be used for investigative or evidentiary purposes is frequently stored outside of the investigating State. The borderless nature of cyberspace, the sophistication of the technologies and offenders’ modii operandi pose specific and novel challenges for crime investigation and prosecution that, in practice, may lead to impunity. In 2018 the European Commission found that in the EU “more than half of all investigations involve a cross-border request to access [electronic] evidence.” Yet, alarmingly, “almost two thirds of crimes involving cross-border access to e-evidence cannot be effectively investigated or prosecuted”. Challenges to accessibility relate inter alia to the volatility of e-information, availability and the location of data, as well as the legislative barriers and shortcomings that must be overcome to enhance cross-border access to electronic evidence and the effectiveness of public-private cooperation through facilitated information exchange.
Cross border access to e-information is currently conducted through traditional judicial cooperation channels and requests are often addressed to specific states which are hosts to many service providers (SP). In the EU these include Mutual Legal Assistance requests and European Investigation Orders according to Directive 2014/41/EU which provides for the acquisition, access and production of evidence in one Member State (MS) for criminal investigations and proceedings in another Member State. The nature of the existing judicial cooperation instruments, actors and procedures involved, and the ever-increasing number of requests have resulted in delays and inefficiencies, posing specific problems for investigations and prosecutions that are exacerbated by the volatility of electronic information.
In the EU, there is no harmonised framework for law enforcement cooperation with service providers. In recent years, Member States have increasingly relied on voluntary direct cooperation channels with service providers, applying different national tools, conditions and procedures. Service providers may accept direct requests from LEAs for non-content data as permitted by their applicable domestic law. However, the fragmented legal framework creates challenges for law enforcement, judicial authorities and service providers seeking to comply with legal requests, as they are increasingly faced with legal uncertainty and, potentially, conflicts of law.
Cross border access to electronic information requires legal instruments that are capable of efficiently supporting criminal investigations and prosecutions and that, at the same time, have in place adequate conditions and safeguards that ensure full compliance with fundamental rights and principles recognised in Article 6 of the Treaty on European Union, the EU Charter of Fundamental Rights and the European Convention on Human Rights, in particular the principles of necessity, legality and proportionality, due process, protection of privacy and personal data, confidentiality of communications, the right to an effective remedy and to a fair trial, the presumption of innocence and procedural rights of defence, as well as the right not to be tried or punished twice in criminal proceedings for the same criminal offence.
In order to achieve these objectives and overcome difficulties present in the existing mechanisms of cross-border cooperation, in April 2018 the EU Commission proposed an important legislative package referred to as “E-evidence”, aimed at facilitating the access to e- evidence by European law enforcement agencies (LEAs). The framework contains two legislative measures: a Regulation which provides two new mechanisms for LEA’s cross border access to e-evidence: European Production Order and European Preservation Order which are to be addressed directly by LEAs of the issuing MS to a service provider, and a Directive which requires every online service provider “established” in or that has “substantial connection” to at least one EU Member State to appoint a legal representative in the territory of an EU MS of choice as an addressee for the execution of the above Orders.
On 7 December 2018 the Council adopted its own draft (known as Council’s “general approach”) and after two years of delays caused partially from the EU parliamentary elections and the Covid-19 pandemic, on 11 December 2020 The EU Parliament adopted its position. On 10 February 2021 the ‘trilogue’ procedures amid the EU Parliament, the Council, and the Commission started in order to agree to a common text. In the study cited above, I have analysed in depth the key legal provisions contained in the Commission’s proposal, the Council’s draft and the report of the LIBE’s rapporteur Birgit Sippel, presented to the EU Parliament in 2020. Considering that the E-evidence framework is currently being negotiated, the study’s analysis and findings aim to contribute to achieving the best version of the forthcoming instruments.
The EU E-evidence framework is of particular importance in shaping the future of similar instruments and the terms of cooperation between countries all over the world. To a certain extent, it follows the US CLOUD Act 2018 that in itself marks a major change in how cross-border access to e-evidence may develop in the rest of the world. The EU E-evidence framework shall influence and at the same time needs to conform to a number of new agreements currently being negotiated. In 2019 the EU Commission received a negotiating mandate to achieve an agreement between the EU and US, as well as to shape the second amending protocol of the Cybercrime Convention (CCC). Both these instruments need be negotiated from the perspective of the forthcoming E-evidence framework, therefore it is important that the latter offers provisions that increase the efficiency of investigations and prosecutions by surpassing challenges in cross-border cooperation, while maintaining safeguards to fundamental rights of individuals.
The E-Evidence legislative package lays down the rules under which, in a criminal proceeding, a competent judicial authority in the European Union may directly order a service provider offering services in the Union to produce or preserve electronic information that may serve as evidence through a European Production or Preservation Order. This framework will be applicable in all cross-border cases where the service provider has its main establishment or is legally represented in another Member State. The framework aims to complement the existing EU law and to clarify the rules of the cooperation between law enforcement, judicial authorities and service providers in the field of electronic information. The new measures for cross border access to e-evidence will not supersede European Investigation Orders under Directive 2014/41/EU or Mutual Legal Assistance procedures to obtain electronic information. Member States’ authorities are expected to choose the tool most adapted to their situation. However, authorities of the Member States will be allowed to issue domestic orders with extraterritorial effects for the production or preservation of electronic information that could be requested on the basis of the e -evidence Framework.
Despite expected improvements in the efficiency of investigations and prosecutions by simplifying and speeding up the procedures, the necessity of having a new legal framework to organize cross-border access to electronic evidence has been questioned. The proposed e-evidence framework is perceived as adding another layer to the already complex tableau of existing, multiple channels for data access and transnational cooperation. While alternative approaches have been considered and could have been taken by the Commission, as I have argued in depth elsewhere, a specific framework dedicated to improving access to e-evidence is more suitable to help achieve that goal than amendments to existing procedures and instruments that are general in scope and do not provide for the specific e-information related challenges. Procedural improvements to existing cross border cooperation instruments are necessary, but not by themselves sufficient to overcome the present difficulties and inefficiencies. It is not possible to adequately respond to novel challenges with old mechanisms embedded in lengthy procedures and bureaucratic complexities. The answer is to provide adequate safeguards that protect fundamental rights and the interests of all stakeholders, suited to the new type of instruments created by the e-evidence framework, albeit not identical to the ones found in existing mechanisms of transnational cooperation.
The E-evidence model builds upon the existing models of cooperation yet is fundamentally different. The extraterritorial dimension of the framework affects the traditional concept of territorial sovereignty and jurisdiction. It departs from the traditional rule of international cooperation that cross-border access to electronic information requires consent of the state where the data is stored. Most importantly, jurisdiction is no longer linked to the location of data. According to the new approach, the jurisdiction of the EU and its MSs can be established over SPs offering their services in the Union and this requirement is met if the SP enables other persons in (at least) one MS to use its services and has a substantial connection to this MS. In this way the framework avoids the difficulties in establishing the place where the data is stored and the “loss of location” problem. E-evidence framework is a clear example of the development of the concept of territorial jurisdiction in criminal law and the evolvement of connecting factors that establish it, in line with the requirements of legal certainty.
The extraterritorial reach of judicial and state authorities’ decisions in the E-evidence framework introduces a new dimension in mutual recognition, beyond the traditional judicial cooperation in the EU in criminal matters, so far based on procedures involving two judicial authorities in the issuing and executing State respectively. This important aspect of the e-evidence framework entails a fundamentally different approach that demonstrates the (need for) development of the EU law traditional concepts in order to respond to the new challenges with adequate mechanisms. From the perspective of the proposed e-evidence framework, the scope of article 82 (1) TFEU requires further clarification from CJEU or an amendment (albeit difficult). Reliant on the principle of mutual trust, the debates surrounding the e-evidence framework reveal that in today’s European reality this principle is still an objective to be achieved. For as long as disparities in the standards and protections provided by MSs still exist, the way forward should include innovative mechanisms that allow for the control, improvement and maintenance of those standards within each MS as opposed to fostering lack of trust, prejudicial treatment and unjustifiable differentiation between MSs within the EU.
The e-evidence framework generally achieves what it sets out to do: i.e. to increase the effectiveness of cross-border access to e-evidence. The application of the same rules and procedures for access to all SPs will improve legal certainty and clarity both for SPs and LEAs which is currently lacking under the existing mechanisms of cooperation. In several aspects the framework serves as a model to be followed in the international arena. However, further improvements can be recommended:
There should be only an exceptional involvement of the enforcing MS as proposed by the Council, so that the framework does not replicate the existing judicial cooperation models.
The wording of Article 7a in the Council draft could be amended to allow for the enforcing MS to raise objections on behalf of any affected state.
Service Providers should maintain their reviewing powers of production and preservation orders, given the unique position they are in to understand the data. A productive dialogue and close cooperation between SPs and the issuing authorities should be promoted in the earliest stages.
The framework should specify the definition of e-evidence and should provide for its inadmissibility in cases of breaches of the requirements specified therein.
The data categories need to be better defined and brought in line with other EU and international legal instruments, as well as the jurisprudence of CJEU and ECtHR. The draft presented by EU Parliament is a positive step in that direction.
Judicial validation of orders issued by non-judicial authorities should be imperative for all types of data as a form of control and safeguard against abuse or overuse.
A classification of investigating authorities by means of a schedule in the proposed framework would help to better define the permitted activities within the scope of the Regulation.
A provision that clearly prohibits the production or use of e-evidence in cases contrary to the ne bis in idem principle should be included in the final draft.
The final instrument should adopt the approach proposed by the Commission regarding confidentiality and subject notification with an obligation for the issuing authority to inform the person whose content or transactional data are sought in all cases (even though delays should be permitted).
The right to exercise legal remedies should be extended to the enforcing MS and/or the MS of residence of the suspect.
There should be provisions that enable defendants or other parties in the criminal proceedings to access or request e-evidence. The accessibility of electronic data to the suspects / defendant’s lawyer should be ensured in order to assert their rights effectively.
If implemented, these recommendations would improve the e-evidence framework by ensuring a balance between effective criminal investigations/prosecutions and respect for fundamental rights. A balanced and principled approach should be at the core of any existing or forthcoming instruments concerning cross-border access to electronic information.
The Court of Justice today handed down the much anticipated ruling on the legality of standard contractual clauses (SCCs) as a mechanism to transfer personal data outside the European Union. It forms part of Schrems’ campaign to challenge the ‘surveillance capitalism’ model on which many online businesses operate: there are other challenges to the behavioural advertising model ongoing. While this case is clearly significant for SCCs and Facebook’s operations, there is a larger picture that involves the Court’s stance against mass (or undifferentiated) surveillance. This formed part of the background to Schrems I (Case C-362/14, discussed here), but has also been relevant in European jurisprudence on the retention of communications data. This then brings us to a third reason why this judgment may be significant. The UK, like the US, has a system for mass surveillance and once we come to the end of the year data controllers in the EU will need to think of the mechanisms to allow personal data to flow to the UK. The approach of the Court to mass surveillance in Schrems II is therefore an indicator of the approach to a similar question in relation to the UK in 2021.
Background
The General Data Protection Regulation provides that transfer of personal data may only take place on one of the bases set out in the GDPR. The destination state may, for example, have an ‘adequacy decision’ that means that the state in question ensures an adequate (roughly equivalent) level of protection to the ensured by the GDPR (Article 45 GDPR). The original adequacy agreement in relation to the United States (safe harbour) was struck down in Schrems I because it failed to ensure that there was adequate protection on a number of grounds, some of which related to the safe harbour system itself, but some of which related to the law in the US, specifically that which allowed mass surveillance. While the safe harbour was replaced by the Privacy Shield under Decision 2016/1250 on the Privacy Shield (Privacy Shield Decision) which improved some of the weaknesses as regards the operation of the mechanism itself, including the introduction of an ombusdman system, little if anything has changed in relation to surveillance.
Another mechanism for transfer of personal data outside the EU is that of SCCs, which are private agreements between the transferor (data controller) and transferee. Article 46(1) GDPR states that where there is no adequacy decision “a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available”. Article 46(2) GDPR lists possible mechanisms including standard data protection clauses. The Commission has produced a model form of these agreements in Commission Decision 2010/87 (SCC Decision).
Following the outcome of Schrems I, Schrems reformulated his complaint to the Irish Data Protection Commissioner (DPC) about data transfers arguing that the United States does not provide adequate protection as United States law requires Facebook Inc. to make the personal data transferred to it available to certain United States authorities, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) and the data is used in a manner incompatible with the right to private life, and that therefore future transfers by Facebook should be suspended. These transfers are currently carried out on the basis of SCCs as approved by the SCC Decision. The DPC took the view that this complaint called into question the validity of that decision as well as the Privacy Shield Decision, which moved the issue back into the courts. The Irish High Court referred the question to the Court of Justice and it is the outcome in this ruling that we see today.
The Judgment
The Advocate General in his Opinion (discussed here) suggested to the Court that the SCC Decision was valid; the problem was the context in which it operated. He took the view that the Privacy Shield’s validity should be considered separately. Crucially, he held that data controllers need to determine the adequacy of protection in the destination state. This in practice is difficult; while a data controller might have some control over what the recipient does with the data (how processed, data security etc), it would have little control over the general legal environment. In any event, data controllers would be required to make specific country assessments on this, which could be challenged by dissatisfied data subjects. The Court took a slightly different approach. It agreed with its Advocate General that the SCC Decision was valid, but it struck down the Privacy Shield.
The Court made a number of findings. The first relates to the scope of inquiry and to competence. Given that national security lies outside the GDPR (and outside EU competence), should questions about the processing of data for purposes of public security, defence and State security be outside the scope of the GDPR rules. Following its position in Schrems I, the Court (like its Advocate General) rejected this argument [para 83, 86, 88]: the transfers of personal data by an economic operators for commercial purposes, even if that personal data is then processed by the authorities of the destination state for national security reasons, remains within the GDPR framework. Exclusions from the regime should be interpreted narrowly (citing Jehovan todistajat (Case C-25/17), discussed here).
In determining the level of protection the GDPR requires, the Court re-iterated its stance from Schrems I and following the reasoning of its Advocate General in this case held that we are looking for a level of protection “essentially equivalent” to that in the EU- and bearing in mind that the GDPR is understood in the light of the EU Charter. So not only must the terms of the SCCs themselves be taken into account but also the general legal environment in the destination State. The Court summarised:
…. the assessment of the level of protection afforded in the context of such a transfer must, in particular, take into consideration both the contractual clauses agreed between the controller or processor established in the European Union and the recipient of the transfer established in the third country concerned and, as regards any access by the public authorities of that third country to the personal data transferred, the relevant aspects of the legal system of that third country, in particular those set out, in a non-exhaustive manner, in Article 45(2) of [the GDPR].
[Para 105]
The Court noted that the national supervisory authorities are responsible for monitoring compliance with EU rules, and may check compliance with the requirements of the GDPR (following on from the position under the DPD established in Schrems I), and the national regulatory authorities have significant investigative powers. Where the SCCs are not complied with – or cannot be complied with – the national regulatory authorities must suspend or prohibit transfers and the Commission’s competence to draft SCCs does not restrict the powers of national authorities to review compliance in any way. In this the Court’s approach is broadly similar to that of the Advocate General. As regards an adequacy decision, a valid adequacy decision is binding, until such time as it may be declared invalid; this does not stop individuals from being able to complain.
Applying the principles to the SCC Decision, the Court noted that the standards bind only the parties to the agreement. Consequently, although there are situations in which, depending on the law and practices in force in the third country concerned, the recipient of such a transfer is in a position to guarantee the necessary protection of the data solely on the basis of standard data protection clauses, there are others in which the content of those standard clauses might not constitute a sufficient means of ensuring, in practice, the effective protection of personal data transferred to the third country concerned [para 126].
Does this possibility mean that the SCC Decision is necessarily invalid? The Court held not. Unlike an adequacy agreement which necessarily relates to a particular place, the SCC decision does not. The SCCs therefore may require supplementing to deal with issues in individual cases. Moreover, the SCC Decision includes effective mechanisms that make it possible to ensure compliance with EU standards [para 137]. Specifically, the SCC Decision imposes an obligation on a data exporter and the recipient of the data to verify, prior to any transfer, whether that level of protection is respected in the third country concerned. The recipient of the data must inform the data controller of any inability to comply with the SCCs, at which point the data controller is obliged to suspend transfers and/or terminate the contract. The SCC Decision is therefore valid; the implications of this in practice for this case were not drawn out. The Court in the end held that:
… unless there is a valid European Commission adequacy decision, the competent supervisory authority is required to suspend or prohibit a transfer of data to a third country pursuant to standard data protection clauses adopted by the Commission, if, in the view of that supervisory authority and in the light of all the circumstances of that transfer, those clauses are not or cannot be complied with in that third country and the protection of the data transferred that is required by EU law, in particular by Articles 45 and 46 of that regulation and by the Charter of Fundamental Rights, cannot be ensured by other means, where the controller or a processor has not itself suspended or put an end to the transfer [operative ground 3].
The existence of an adequacy decision is then key. Turning to the Privacy Shield Decision, the Court set the same analytical framework, emphasising the GDPR is understood in the light of the Charter and the rights to private life, to data protection and to an effective remedy. In assessing the decision, the Court noted that it awards primacy to the requirements of US national security, public interest and law enforcement, which the Court interpreted as condoning interference with the fundamental rights of persons whose data are transferred. In the view of the Court, access and use of personal data by US authorities are not limited in a way that is essentially equivalent to EU law – the surveillance programmes are not limited to what is strictly necessary and are disproportionate. Further, data subjects are not granted rights to take action before the courts against US authorities. The Ombudsperson mechanism, introduced by the Privacy Shield Decision as an improvement on the position under safe harbour, is insufficient. The Court therefore declared the Privacy Shield invalid.
Comment
The most obvious consequence of this ruling is that of how data transfers to the US can continue? The Privacy Shield is no more, and its demise has consequences for the operations of SCCs in practice. Given the weaknesses in the general legal system from the perspective of the Court of Justice, weaknesses over which the data controller/exporter can have little control, how can the requirements to individually assess adequacy be satisfied? Are there, however, any other mechanism on which data transfers could be carried out?
In this context, we should note how the Court has interpreted the provisions of Chapter V to create a common baseline for standards, despite differences in wording between Arts 45 and 46 GDPR. Article 45 deals with adequacy decisions and it requires that there is “an adequate level of protection”; Article 45(2) then lists elements to be taken into account – notably respect for the rule of law and human rights and “relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law and the access of public authorities to personal data”. It was this provision that was interpreted in Schrems I to require a level of protection that is ‘essentially equivalent’. Article 46(1) – which is relevant to the other mechanisms by which transfers may take place, including agreements between public authorities and binding corporate rules as well as SCCs – says something different. Article 46(1) requires “appropriate safeguards” and “enforceable data subject rights and effective legal remedies for data subject”. This is then not necessarily the same – at least in terms of simple wording – as Article 45(1). The Court however has read Articles 46 and 45 together so as to ensure that, as required by Article 44, data subjects’ rights are not undermined. This brings the essential equivalence test across to Article 46 [see para 96] and not just SCCs, but all the other mechanisms for data transfer listed in Art 46(2). More specifically the factors to be taken into account when considering whether there are appropriate safeguards match the list set out in Article 45(2).
The Court also emphasised that the requirements of the GDPR must be understood in the light of the EU Charter as interpreted by the Court itself [para 100]. In this context, the backdrop of the Court’s approach to fundamental rights – specifically the right to private life in Art 7 EU Charter – is significant. The Court in a number of cases involving the bulk retention of communications and location data by telecommunications operators so that those data could be accessed by law enforcement and intelligence agencies found those requirements – because they applied in an undifferentiated manner irrespective of suspicion across the population – to be disproportionate (Digital Rights Ireland and Others, Cases C-293/12 and C-594/12; Tele2/Watson (Cases C-203/15 and C-698/15), discussed here and here). The Court has also criticised the use of passenger name records (PNR) data (Opinion 1/15 (EU-Canada PNR Agreement, discussed here)) and particular the use of automated processing. The Court in its review of the facts referred to a number of surveillance programmes and that the referring court had found that these were not ‘essentially equivalent’ to the standards guaranteed by Article 7 and 8 EU Charter. This would seemingly cause a problem not just for the adequacy agreement, but for an operator seeking to rely on SCCs – or on any other mechanism listed in Art 46(2).
This brings to the forefront Article 49 GDPR, referred to by the Court as filling any ‘vacuum’ that results from its judgment, which allows derogations for external transfers in specific situations, notably that the data subject has consented or that the transfer is necessary for the performance of a contract. While these might at first glance give some comfort to data controllers a couple of words of caution should be noted. First, these reflect the grounds for lawful processing and should be interpreted accordingly. Notably ‘explicit consent’ is a high bar – and all consent must be freely given, specific informed and unambiguous – and it should be linked to a specific processing purpose (on consent generally, see EDPB Guidelines). The ground that something is necessary for a contract does not cover all actions related to that contract – in general a rather narrow approach might be anticipated (see EDPB Guidance).
The final point relates to the UK. The UK perhaps infamously – also has an extensive surveillance regime which has been the subject of references to the Court of Justice (as well as a number of cases before the European Court of Human Rights). Crucially, the regime does have some oversight and there is an independent tribunal which has a relaxed approach to standing. Nonetheless, bulk collection of data is permissible under the Investigatory Powers Act, and it is an open question whether the Court of Justice would accept that this is necessary or proportionate, despite the changes brought in since the Tele2/Watson ruling on the communications data rules. Further, the UK has entered into some data sharing agreements with the US which have given rise to disquiet in some parts of the EU institutions. Whilst a member of the EU it benefitted in terms of data flows from not having to prove the adequacy of its safeguards. From 2021 that will change. In the light of the approach of the Court of Justice, which can be seen as reemphasising and embedding its stance on surveillance, obtaining an adequacy agreement may not be so easy for the UK and given the similarity in approach underpinning Articles 45 and 46 GDPR, other mechanisms for data flow may also run into problems if this is the case. For now, the jury is out.
This post originally appeared on the EU Law Analysis Blog and is reproduced here with permission and thanks.
Prof. Theodore Konstadinides and Dr. Anastasia Karatzia acted as the UK national rapporteurs for theFédération Internationale Pour Le Droit Européen (FIDE) Congress 2020, one of the most significant conferences on EU law which brings together academics, advocates, judges and representatives from the EU institutions.
The Congress is an occasion to exchange views and expertise on EU law. Prof. Konstadinides and Dr. Karatzia were selected as the national rapporteurs for one of the three topics of the conference: National Courts and the Enforcement of EU Law: The Pivotal Role of National Courts in the EU Legal Order.
In their report, the authors explore pertinent questions about the interaction between UK national courts and the Court of Justice of the European Union concerning issues such as the preliminary reference procedure, the principle of supremacy, presumption of mutual trust, and the judicial independence of national courts and tribunals.
The Congress Publications, which include Prof. Konstadinides’ and Dr. Karatzia’s report, were published in July 2020 and are available digitally as Open Access resource here.
The 5th of May 2020 will be remembered as a strange day for EU law and German constitutionalism. The German Constitutional Court upheld the constitutional complaints by several groups of individuals against the European Central Bank’s Public Sector Purchase Programme (PSPP). As explained in yesterday’s post by Thomas Horsley, the PSPP set up a framework that enabled the ECB to purchase government bonds or other marketable debt securities issued by the governments of Member States in the eurozone with a view to return to an appropriate level of inflation (below 2 per cent). The Constitutional Court found that the PSPP carried considerable impact on the fiscal framework in the Member States and the banking sector in general. As such, the Court concluded that both the German Government and Parliament violated the complainants’ rights under the Constitution by failing to monitor the European Central Bank’s (ECB) mandate, in particular as regards the adoption and implementation of the PSPP.
Most importantly perhaps, the Constitutional Court held that it was not bound by the preliminary ruling of the CJEU (Article 267 TFEU) on the same issue (in Weiss discussed below). Its reasoning was centred on the Luxembourg Court’s alleged failure to properly apply the proportionality principle under the Treaty (Article 5 (1) and (4) TEU). This failure was due to a lack of assessment of the possible economic policy implications of the purchase program of public debt and lack of consideration of the availability of less restrictive means. Consequently, the Constitutional Court held that the CJEU acted ultra vires.
Two immediate reactions to the judgment
The judgment reaches beyond the practical implications of policing the boundaries between monetary and economic policies. Its impact is twofold.
First, on an institutional level, questioning the monetary mandate of the European Central Bank (ECB) as a sui generis institution operating within the EU institutional system may destabilise the high degree of independence enjoyed by the ECB in the financial crisis related cases heard before the CJEU and national courts. As feared by Maduro, the ripple effect of the judgment may therefore reach beyond the credibility of the PSPP. It may further endanger the coming into fruition of similar ECB ventures such as its recent response to Covid-19 through its new Pandemic Emergency Purchase Programme (PEPP). New cases may emerge in Germany against this and future financial assistance decisions questioning the economic side effects of the ECB’s own programmes.
Second, constitutionally the judgment poses questions of an existential nature in the midst of the Covid-19 crisis concerning the balancing between the authority and primacy of EU law, and national competences and sovereignty beyond budget matters. It also questions the current stability of the preliminary reference procedure under Article 267 TFEU as the main communication channel fostering dialogue between the national and EU legal orders. This post will consider the judgment’s constitutional implications by criticising what the judgment means for the limits of the transfer of sovereign powers to the EU, and for judicial dialogue between national courts and the CJEU, but also between the three branches of government in Germany.
Constitutional confrontations prior to the PSPP judgment
While the judgment has attracted a great deal of attention in the blogosphere, little is mentioned of the fact that the PSPP judgment is not the first instance where the German Constitutional Court has challenged the validity of the decisions of the ECB. A few years back the same Court established that its powers of review may extend outside the context of Treaty revision or secondary law implementation qua an act of an EU institution, such as the ECB, that has its own legal personality and decision-making bodies. In the seminal Gauweiler judgment of 2015 (the first ever preliminary reference from the German Constitutional Court to the CJEU) the German Constitutional Court contested the validity of the Decision of the Governing Council of the ECB on features of the ECB’s government bond buying programme (Outright Monetary Transactions – OMT) arguing that it violates EU rules on monetary policy and the Protocol on the Statute of the European System of Central Banks and of the ECB. Its reasoning was purely constructed on legal grounds – i.e. whether the OMT programme marked an important shift in the delimitation of competence to the Member States’ detriment.
In its OMT judgment, the BVerfG placed the ECB’s Decision under the scrutiny of German constitutional law due to the fact that it operated without any express judicial or parliamentary approval. It was in this regard that its constitutional identity review power kicked in as a means to reinstate the default constitutional position that fiscal policy is only to be exercised according to the principles of representation and of distribution of powers. Equally, the Bundestag was responsible for the overall budgetary responsibility. As such, the Constitutional Court’s reasoning was predicated on the condition that the balance of competence would only be restored once the CJEU provided assurances that the OMT Programme merely consists of a supporting mechanism for the EU economic policies and not one concerning the stability of the EMU. Indeed, the CJEU provided such assurances and, despite its reservations, the Constitutional Court nodded to its satisfaction.
Shortly after Gauweiler, the German Constitutional Court made another request for a preliminary ruling in Weiss, this time on the validity of the ECB’s Decision on PSPP and its subsequent amendments as a means to maintain price stability. The applicants in Weiss asked similar questions to Gauweiler in relation to ECB’s monetary mandate and its potential ultra vires acts by venturing into economic policy reserved by the Member States. The CJEU rejected this claim and ruled in 2018 that the PSPP is a proportionate measure for mitigating the risks to the outlook on price developments and that it falls within the ambit of the ECB’s competences. It is worth mentioning that compared to OMT, the CJEU’s judgment in Weiss received little wider publicity, perhaps because one could almost predict another positive nod from the German Constitutional Court.
The constitutional dimension of the PSPP judgment
This brings us to the current judgment of the Constitutional Court of 5 May 2020 vis-a-vis the refusal of the German Constitutional Court to implement the above judgment of the CJEU. This refusal was based on the grounds that the CJEU manifestly failed to give consideration to the principle of proportionality which applies under the Treaty to the division of competences between the EU and national legal orders (Article 5 (1) and (4) TEU). The judgment is reminiscent of the scenario that the Constitutional Court has been rehearsing for years (since its Maastricht decision in 1993) in its collective mind: that when push comes to shove it will be competent to decide whether an act of EU secondary law is ultra vires. It is a scenario that we have been teaching our students with the caveat that this had never materialised in Germany. As mentioned elsewhere, our syllabi might have to be revised for next year, given that the judgment signals the first time that the BVerfG directly diverges from the ruling of the CJEU in a case that it has initiated through the preliminary reference procedure (Article 267 TFEU).
But the PSPP judgment goes beyond a declaration of ultra vires of EU secondary legislation. The Constitutional Court extends its ultra vires review to the interpretation of proportionality undertaken by the CJEU as exceeding its mandate as conferred by the Treaty (Article 19 (1) TEU). It confronts the CJEU as acting ultra vires because its standard of review is not conducive to restricting the scope of competences conferred by the Treaty upon the ECB. The Constitutional Court declares that it is the final arbiter and thus not bound by the CJEU’s judgment in Weiss because it does not agree with its reasoning which it describes as ‘simply not comprehensible’ (see for instance paras 116 and 153). By holding that the Weiss judgment exceeded the mandate conferred upon the CJEU, the Constitutional Court disregards the principle that rulings of the CJEU are binding on all national courts. The Constitutional Court also seems to take no notice of Article 344 TFEU which provides that ‘Member States undertake not to submit a dispute concerning the interpretation or application of the Treaties to any method of settlement other than those provided therein’. It both hinders any future communication between the two courts on the matter and oversteps the boundaries of its powers by acting ultra vires itself.
Yet, despite its bravado, the PSPP decision does not provide any assurances that the BVerfG has finally adopted a unified and coherent approach when it comes to exercising its power to impose constitutional locks upon EU competence. A careful review of the Constitutional Court’s previous record of decisions reveals that its constitutional review has been purely theoretical and consisted of a means of getting assurances from both the EU and domestic institutions that the balance of competence between the EU and the Member States has not been transgressed. We cannot, however, overlook the possibility that in the present case this may be a gamble too far for the credibility of the German Constitutional Court. If the Court, for instance, accepts the Bundesbank’s stronger justification for why the ECB program, and decisions implementing it, are proportional the PSPP judgment may be remembered as some of the most scathing satire to scrape across the Karlsruhe courtroom since the days of Lisbon Urteil. There, the Constitutional Court took it upon itself to scrutinise the exercise of EU competences through an intra vires identity review (even when the EU is acting within its bounds of competence) in order to preserve the inviolable core content of Germany’s constitutional identity.
Throughout Germany’s history of EU membership, the Constitutional Court’s ultra vires competence review has been constructed on a ‘so-long-as’ presumption of equivalence of constitutional standards which were never deemed to be deficient at the EU level by the judges of the Constitutional Court. The current decision, however, is different because the same judges placed an additional caveat on the judicial interpretation of EU law by the CJEU. They boldly declare that:
As long as the CJEU applies recognised methodological principles and the decision it renders is not objectively arbitrary from an objective perspective, the Federal Constitutional Court must respect the decision of the CJEU even when it adopts a view against which weighty arguments could be made (para. 112)
Hence there are two important dimensions of the case where the Constitutional Court interferes with the current EU rulebook. On the one hand, the Constitutional Court appears unequivocal about imposing external controls upon the ECB’s economic assessment, seeking more transparency and proportionality as to its measures. It throws the ball aggressively into the Bundesbank’s court hoping that it will bounce in the right direction and strike at the ECB’s headquarters. There is a silver lining to this dimension of the judgment given the growth of the ECB’s competence in recent years. However, the Court’s economic analysis is hardly so convincing as to make a bulletproof argument.
On the other hand, the PSPP judgment establishes an ultra vires test that is insensitive to the CJEU’s jurisdiction conferred under the Treaty. There is a surprise element here given that the CJEU has been consistent in its last two preliminary rulings about proportionality. Of course, one can argue that the CJEU’s proportionality control over the acts of the ECB has always been based on the wrong footing. But for the above reasons, unlike the Constitutional Court’s previous theoretical Kompetenz-Kompetenz challenges, the current decision seems to allow little scope for putting the reverse gear in place (unless the Court is prepared to accept any proportionality justification). But even if the judgment is about principle and the Court runs with just about any Bundesbank proportionality justification thrown at it, some damage is too severe to handle on its own without causing further harm to Germany’s EU membership.
By disregarding the CJEU’s exclusive powers of treaty interpretation the Constitutional Court endangers Germany’s duty of sincere cooperation (under Article 4(3) TEU) to the EU against the wishes of the other two branches of government. Even if the judgment is about principle, the price is too high to pay as an ultra vires act is not to be applied in Germany. This means effectively that the German Government is put on the spot and asked to choose between its EU membership obligations and its allegiance to the Constitution as interpreted by the Constitutional Court. At the same time, the judgment raises a question about the extent to which the duty of sincere cooperation under EU law applies in the internal tensions of a Member State.
While, therefore, protecting individual rights under the Constitution, the PSPP judgment questions the principle of separation of powers under the German Constitution and the unity between the three branches of government and people to respond to external pressure from the ECB. The judgment is, however, more than an attempt of the German Constitutional Court to revert to a long-standing statement of intention to review EU law and show its real teeth to the EU Institutions. As such we must be careful in attributing it a veneer of constitutional patriotism. By holding that both the German Government and Parliament violated the Constitution, judges turn in effect against all parties involved in the materialisation of the PSPP, albeit them sitting in Frankfurt, Luxembourg or in Berlin. One can hardly interpret as healthy national dialogue the 3-month ultimatum given by the Constitutional Court to the German Government and Parliament to secure a new evaluation of the PSSP from the Governing Council of the ECB that complies with the proportionality test set by the Court as regards its economic and fiscal policy implications. The ECB needs, in particular, to provide authorisation to the Bundesbank to send to the Constitutional Court all relevant documentation both published and unpublished providing the necessary proof that all possible consequences of the purchase program were considered. Failure to do so means that the Deutsche Bundesbank will have to withdraw from the implementation and enforcement of the PSPP.
Conclusion
While EU Institutions are far from being infallible and Member States can and should confront their counterparts in the EU, the current decision sets a dangerous course because it allows no room for internal dialogue to be fostered between the Constitutional Court, the Government, and Parliament so that a uniform national approach can be adopted against ECB policies, whether this means accepting them or challenging them before the CJEU as a Member State. The Constitutional Court’s judgment shall not therefore be only interpreted as an act of defiance against the EU but also as a decision that jeopardises the Constitutional Court’s own reputation (which, as explained yesterday, has been envied by last instance courts across Europe) and, depending on the EU’s reaction, Germany’s good record of membership in the EU.
The ECB’s and CJEU’s responses to the judgment, as well as the Commission’s issuing of a Press Release warning of the possibility of bringing infringement proceedings against Germany (if the Bundesbank fails to implement its obligations under the Eurosystem) are proof that the judgment is more than a storm in a teacup and that the current mutiny in Karlsruhe may have to be resolved by using formal EU dispute resolution mechanisms. Any fears that the PSPP judgment is emblematic of the wider rule of law crisis (in the form of defiance towards EU membership obligations) that has been brewing for the last half decade at the heart of the EU are indeed legitimate. Responding to such a crisis during an extraordinary period of disruption, ill health and economic hardship is perhaps the biggest challenge that the EU has been confronted with since its very inception. This is tenfold when faced with a founding Member State questioning, through its judiciary, the integrity of EU Institutions. Let us hope that both the EU institutions and the German Constitutional Court will measure the cost of this episode and common sense will prevail.
The author wishes to thank Mike Gordon and his colleagues Anastasia Karatzia and Nikos Vogiatzis for their useful suggestions. This post was originally published on the UKCLA Blog and is reproduced here with permission and thanks.
Dr Niall O’Connor, Lecturer in Law at the University of Essex, has authored an article exploring the significance, in the employment context, of freedom of contract as a fundamental right in article 16 of the EU Charter of Fundamental Rights (the Charter).
For the first half of its existence, few could have foreseen that article 16 would soon be at the centre of debates surrounding the precise place of business freedoms within EU employment law. This has changed following a number of controversial decisions in which the Court of Justice of the EU (CJEU) relied on article 16 to undermine the effectiveness of employee-protective legislation.
This article examines the nature of freedom of contract as both a fundamental right and a general principle of EU law and its effects in the employment context. Critical Legal Studies (CLS) is relied on to show that existing arguments as to the use of Article 16 as a radical tool in the employment context have been both exaggerated and underplayed.
Finally, the article explores potential counterweights to freedom of contract as a fundamental right, notably the right to work found in article 15 of the Charter.
The article was published as an Advance Article on 6 November 2019 in the Industrial Law Journal and is currently free to access here.
Article 50 of the Treaty on European Union can be divided into two parts. The first recognises the right of a member state to withdraw from the European Union. The second establishes the procedure that the withdrawing member state and the EU institutions have to follow to manage that withdrawal.
Article 50 says that the member state has to notify the European Council of its intention to withdraw from the European Union. However it does not say whether, once such notification has been made, such intention may be revoked and membership retained.
This was the issue under consideration in a case brought before the European Court of Justice. The court has now ruled that a withdrawing member state may revoke its intention to withdraw from the EU unilaterally.
The key word here is “unilaterally”. In this context, it means that the revocation decision is not subject to the unanimous consent of the European Council, the European institution representing the member states.
However, it’s important to note that the court added that the decision to revoke Article 50 must be “unequivocal and unconditional”. This means that the member state has to make it clear that it wishes to maintain its EU membership. This is not about extending the Article 50 process to extend the Brexit transition period beyond March 2019. That would still require agreement from the EU member states. Rather, a notification revoking Article 50 means not leaving the EU at all. In other words, it would stop Brexit.
Of equal importance is timing. The court said a member state can only revoke Article 50 while its withdrawal agreement with the EU, which sets outs the terms of departure, has not yet entered into force. If the withdrawal agreement has not been concluded, revocation may take place during the two-year period that starts when Article 50 is triggered, or even beyond the two-year period if the remaining member states decide to grant such an extension.
In Brexit terms, this means that the UK can revoke Article 50 unilaterally before its agreement enters into force or, if it does not enter in force, until March 29 2019. It can also revoke it after that date if the European Council agrees to extend the transition period of Article 50 beyond 29 March 2019.
A legal first
The ECJ case originally started in a Scottish court, which asked the Court of Justice to clarify the issue of revocation of the intention to withdraw from the EU. Given the misrepresentation given by Brexit supporters about the Court of Justice and their sudden hostility towards it, it’s important to remember that the Court of Justice interprets and applies EU law. It does not, nor can it, interpret or apply national law. This has always been the case since its establishment in 1952.
This was a challenging case because the the UK was the first country to ever trigger Article 50, so there was no legal precedent to rely on when making a decision. If the text of the law is silent, should it be implied that a particular conduct is allowed because it is not expressly prohibited, or should it be implied that it is not allowed because it is not expressly permitted?
In this typical interpretative dilemma, the court reasoned that if EU law recognises the sovereign choice of a member state to leave the EU, then revoking that intention should also be seen as a sovereign decision. It also noted that “given that a state cannot be forced to accede to the European Union against its will, neither can it be forced to withdraw from the European Union against its will”.
In this regard, the court noted that if a member state cannot unilaterally revoke its decision to leave the EU, then this would amount to allowing the expulsion of a member state. Indeed, the court noted that when drafting what eventually would become Article 50, a number of amendments to allow the EU to expel member states were rejected. This further supports the conclusion that a member state is entitled to reverse its decision unilaterally.
The ECJ ruling is not surprising. Legally speaking, it would have been much harder to justify the opposite conclusion. It is also in line with the Vienna Convention on the Law of Treaties, which allows revocation of a decision to withdraw from an international treaty.
The immediate implication is that the EU member states are not allowed to interfere with the United Kingdom’s future course of action, for example by setting new conditions for allowing the UK to remain in the EU. However, like many domestic and international rulings, it has an internal political implication: it adds a further option to the current ones on the table. The pressure taken off from the EU is now entirely on the UK.
A revocation decision would run counter to the outcome of the UK referendum. It would be unpalatable, unattractive, and risky, but so are the other choices. By approving the withdrawal agreement, the UK becomes a rule-taker with no voice. By rejecting the withdrawal agreement, it faces serious and radical economic disruption. Either way, the ultimate decision must be made through the British political system. The ECJ ruling is another stark reminder of this enormous responsibility.