Comment: EDRI on the New SWIFT Deal

European Digital Rights has a comment on the new SWIFT access deal signed earlier this week. It maintains that this deal has "no significant improvements from the Agreement rejected by the European Parliament in February 2010":

Unfortunately, the new adopted text still allows for bulk data transfers. The Parliament would have liked to replace bulk data with targeted searches carried out by an EU-based authority but according to MEP Birgit Sippel, "We cannot reduce the problem of bulk data for the moment as we do not have the technical
capability."

The retention period is still 5 years and there is no real system in place from the US on a binding legal redress. The US Privacy Act court clauses only apply to US citizens and legal residents. Therefore there is currently no right of judicial review for foreign citizens and residents (including EU) under the US law.

Another key critique to the current text is the role of Europol that should authorize the data transfer requests from the US. Besides the fact that Europol is not a judicial authority, as requested by the European Parliament in May 2010 Resolution, the incentive from this agency to limit the amount of data being transferred is extremely reduced due to the fact that they can actually request data searches from the US.

Detecter Deliverable: Unilateral Exceptions to International Law

Deliverable D06.1 was written by Mathias Vermeulen and Martin Scheinin as part of Work Package 04. You can read the whole thing here.

Executive Summary

This paper on unilateral exceptions to human rights and international law in the fight against terrorism prepares the ground for two further deliverables under the DETECTER project, namely a policy-oriented paper summarizing the results and applying them in respect of EU law and policies, and a study specifically addressing detection technologies. It is well known that many governments have resorted to a wide range of constructions to justify, under international law, their unilateral exceptions to human rights in the name of countering terrorism. This paper seeks to take stock of a whole range of arguments, doctrines or constructions that states may resort to when seeking to justify their unilateral exceptions to human rights norms in the fight against terrorism. Many of those constructions have a valid legal basis and a proper scope of application. However, they also have their limitations, to the effect that often they affect only a specific treaty, or the availability of a procedure, but do not affect the substantive obligations of the state in question under international law. In many cases this results from the overlap of treaty law and customary norms of international law. Some of the constructions are open to abuse, i.e. bad faith efforts to distort international law to the detriment of human rights. Because of the complexity of the combined effect of the various excuses and exceptions, there is a need for a holistic approach that seeks to address the combined effect of the various constructions of unilateral exception.

Some of the main conclusions of the paper are highlighted in this executive summary. To start with:

• None of the constructions discussed affects a state's obligations under peremptory norms of international law (jus cogens).
• Outside that realm of peremptory norms, some of the constructions discussed have an impact upon both treaty law and customary international law, hence affecting the substantive human rights obligations of a state. This would be the case for the lex specialis effect of international humanitarian law during armed conflict but only when lex specialis is properly construed as an interpretive effect upon the scope or content of a particular human right.
• Counter-terrorism measures may qualify as permissible limitations on human rights, again when properly construed. This conclusion calls for a rigorous test for permissible limitations, rather than an all-encompassing act of 'balancing'.
• Most constructions discussed in this paper pertain merely to human rights treaties and do not affect the state's obligations under customary international law. As there is a high degree of substantive overlap between human rights treaties and customary norms of international law, resorting to these excuses therefore usually only has procedural consequences. It does not affect the substantive obligations of the state under international law, but precludes the competence of an international (or regional) human rights court or treaty body to address the breach of international law through its regular monitoring mechanisms.
• The most relevant constructions of unilateral exceptions to human rights treaty obligations are the power of a state to declare a state of emergency and to derogate from some but not all of its human rights treaty obligations, reduction of the scope of a state's human rights obligations when it acts outside its own territory, the right to enter permissible reservations upon the signature or ratification of a treaty and, in some cases, withdrawal from a treaty.
• There is some state practice of declaring a state of emergency because of acts of or a threat of terrorism. When applied under the fairly strict requirements for derogation enshrined in the treaties in question and when subject to international monitoring through the procedures available under the treaties in question, derogation is a permissible and even recommended mechanism for reacting to situations of a genuine threat to the life of the nation.
• Although the European Court of Human Rights has in some cases implied that a state is not subject to exactly the same obligations when it is, through its agents, acting outside its own territory, caution is required when resorting to this excuse. Other human rights treaties and customary norms of human rights law may remain applicable, and even the position of the European Court of Human Rights appears to be shifting (or inconsistent).
• Somewhat surprisingly, states have not resorted to reservations under human rights treaties with express reference to terrorism. However, a very small number of existing reservations, including in respect of the right to a fair trial, may have a bearing upon the treatment of terrorism suspects.
• Some, primarily regional, human rights treaties would allow for a state's unilateral withdrawal from the treaty. In practice, the option of withdrawal has figured in the political discourse, for instance after a government has received a ruling by a regional human rights court but no state has actually resorted to withdrawal from human rights treaties as a response to terrorism.

Detecter Deliverable: Privacy, Secret Detention Centres and Overflights

Deliverable 16.1 was written by Geir Ulfstein as part of Work Package 08. You can read the whole thing here.

Executive Summary

1. Article 17 of the International Covenant on Civil and Political Rights (ICCPR) establishes the right to privacy. The implementation of this right is monitored by the Human Rights Committee. The Committee has emphasized that interference in the right to privacy must be foreseeable; mechanisms should be established to prevent abuse of collected information and to ensure review, supervision and redress; and vulnerable groups should be protected. The Committee has, however, not established clear guidance about which substantive measures would be considered a violation of the right of privacy.
2. News media and NGOs reported in 2005 about secret detention centres and overflights in Europe as part of US counter-terrorism strategy. Such activities gave rise to several human rights concerns. The Parliamentary Assembly of the Council of Europe initiated an inquiry into these matters. The Secretary General requested member states to provide relevant information. The European Commission for Democracy through Law (Venice Commission) prepared an opinion on the human rights aspects. Cooperation was also established with the European Parliament of the European Union. This cooperation uncovered suspicious patterns of military and civilian aircraft and indications of secret detention centres. They were also able to put political pressure on the respective international organs and on national governments. The Committee of Ministers of the Council of Europe, however, failed to follow up strongly, and the European Parliament deplored the lack of follow up by the Council of the European Union, and by member states.
3. Several UN organs have been involved in the issues of secret detention and overflights, including the Human Rights Committee, the Committee Against Torture, the Special Rapporteur on the promotion and protection of human rights while countering terrorism, the Special Rapporteur on torture and other cruel, inhuman or degrading treatment or punishment, the Working Group on Arbitrary Detention and the Working Group on Enforced or Involuntary Disappearances. The UN organs have generally been more reactive than what was the case of the European Parliament and the Parliamentary Assembly. But all the bodies have, within their mandates, addressed these matters. They have helped to uncover certain facts, but have not been able to establish ‘hard facts’ about the relevant activities. These bodies have, however, the benefit of being able to have a more continuous focus on such cases. Furthermore, they have a global focus, and may thus engage in activities beyond the European context.

News: Germany Expresses Concern over Apple's iPhone users Database

From Privacy Digest: The German minister of justice, Sabine Leutheusser-Schnarrenberger, has spoken out over Apple's compilation of data on iPhone users, requesting the company to provide state data protection officials with details of what information on German iPhone users was being gathered, how long it was being stored, and for what purpose.

The case is being cited as further proof of Germany's tough line on privacy after previous tensions with Google Street View this year. However, a speedy resolution seems likely:

Stefan Köpsell, an instructor in data protection at the Technical University in Dresden, said that Apple could probably settle the controversy surrounding the iPhone 4 by having German users give their consent prior to the data being forwarded.

“I think there is probably a fundamental conflict between some Internet business models and German privacy law,” Mr. Köpsell said. “But in general, evidence shows that most Germans are willing to participate if there’s a benefit.” For example, 60 percent of households in Germany use a retail bonus card called Payback, owned by Loyalty Partner of Munich, which gives them points that can be used toward future purchases. By participating, consumers have given the company the right to collect and market data on their purchasing habits, as well as target them with advertising. “I would think the same would be possible for Apple,” Mr. Köpsell said.

News: New US/EU Agreement on Transfer of SWIFT Banking Data

From European Voice: A new agreement to grant US Counter-Terrorism authorities access to European banking transaction data held in the SWIFT database:

Final agreement on the new wording was reached on Friday (25 January). After the draft agreement had been initialled by Malmström on 10 June, MEPs had demanded
changes to the text concerning the bulk transfer of data, the creation of an EU counterpart to the US Terrorist Finance Tracking Programme (TFTP), and EU oversight of TFTP data-processing on US soil.
The three largest political groups in the Parliament – the centre-right EPP, centre-left PES and liberal ALDE – are now in favour of the agreement. In February, the Parliament, using new powers under the EU's Treaty of Lisbon, had rejected an interim agreement on SWIFT transfers.

Over at the Legalift Mathias Vermeulen has a discussion of some of the new restrictions build in to the new agreement, such as a ban on the use of this information for data mining, the possibility of administrative redress for EU citizens and the involvement of Europol in verifying and approving US requests for data.

In its coverage the Register points out that the European Data Protection Supervisor continues to question the need for mass transaction and long term storage of this data, and has additionally called for more oversight.