DIRECTORATE GENERAL FOR INTERNAL POLICIES Justice, Freedom & Security National Programmes for Mass Surveillance in EU Member States and Compatibility with EU Law Presentation by Authors: Prof. Didier Bigo (CCLS, Sciences Po, Kings College) Dr. Sergio Carrera (CEPS) Mr. Nicholas Hernanz (CEPS) Dr. Julien Jeandesboz (CCLS, UvA) Ms. Joanna Parkin (CEPS) Dr. Francesco Ragazzi (CCLS, Leiden U. Sciences Po) Dr. Amandine Scherrer (CCLS) Policy Department C Responsible Administrator: Alessandro DAVOLI poldep-citizens@europarl.europa.eu Outline A. Overview of EU programmes B. Five features of an unprecedented scale of surveillance C. Legal Modalities of EU Action D. Policy Recommendations to the EP A. Overview of EU programmes Tapping of internet cables and private companies data A network of collaborating agencies with GCHQ at the centre Intelligence Agencies’ Budget Intelligence Agencies’ Manpower B. Five features of an unprecedented scale of surveillance 1. An unprecedented scale 2. A blurred line of legitimacy 3. Beyond a US vs EU problem: the question of oversight of intelligence 4. Beyond the states : the involvement of private actors 5. The erosion of core of democratic and free market principles C. Legal Modalities of EU Action Are Member States large scale surveillance programmes outside EU’s intervention? ‘Illegal’ or ‘A-Legal’ Three EU law modalities: First, national security in a democratic rule of law framework Second, insecurity of the Union and its citizens Third, EU home affairs agencies 1. National Security and Democratic Rule of Law MS Programmes incompatible with democratic rule of law Not ‘National security’ as framed by intelligence services, rather… ‘Democratic rule of law with fundamental rights’: First, ECHR standards: *in accordance to the law and necessary in a democratic society / *separation of powers and European supervision Second, EU Charter of Fundamental Rights part of national constitutions 2. Whose Security? Sincere Cooperation and Privacy The common internal security of the Union as a whole and sincere cooperation and trust (bypassing MLAA) Privacy and effective legal protection of data owners → Whose Ownership? Illegal access, collection and processing →Legal (un)clarity: Different legal frameworks: ‘privacy shopping’? →Legal loopholes: blurring external/internal interception communications and inadequate safeguards: Discrimination? 3. EU Home Affairs Agencies Europol and INTCEN gathering, exchanging and processing data from national ‘intelligence’ agencies No mechanism to verify data transferred to EU (sources and means) are trusted and in compliance with democratic rule of law – OVERSIGHT DEFICIT Who is responsible (Liability)? and what is police and what is intelligence? Recommendations to the EP A RED-LINE APPROACH 1. Professional Code and Guidelines for Transnational Management of Data / Red-Lines (Including ECHR standards) 2. European Privacy Cloud 3. Data Protection Draft Regulation (Article 43a) 4. EU Policy Infrastructure – Committee chaired by CounterTerrorism Coordinator, Common Model of EU Cooperation on Intelligence and Yellow/Red Card System Recommendations to the EP A RED-LINE APPROACH 5. EU Home Affairs Agencies – Points of intersection subject to democratic, legal and judicial controls AND Special (Permanent) Inter-Parliamentary Committee 6. EU level protection for whistle-blowers 7. Suspensions of existing EU-USA agreements and transatlantic bill or rights *More Research and Specific Inquiry on largescale surveillance in the EU