Tải bản đầy đủ - 0 (trang)
8 Security: An Area Where the EU and the Member States Have Significant Competence

8 Security: An Area Where the EU and the Member States Have Significant Competence

Tải bản đầy đủ - 0trang


6  Understanding the Scope and Limits of the EU Legislator’s Contribution…

ment) and Article 62 (relating to the free movement of services). In the case law of

the European Court of Justice, public security extends to both internal and external

security.124 Equally, EU directives for the harmonisation of the internal market contain provisions on possible derogations by Member States from the harmonisation

pursued by the directives for reasons of public security. Examples are Article 3(4)

of Directive 2000/31 on electronic commerce,125 which also mentions national security and defence, and Article 16(3) of Directive 2006/123 on services in the internal

market.126 In the area of data protection, Article 13 of Directive 95/46 contains wide

possibilities for Member States to restrict the scope of the obligations and rights laid

down in the directive, mainly for reasons of public security. The text of Article 13

additionally refers to national security, defence and the combat of crime.127

Whereas safeguarding public security was at first left to the Member States and

not considered to be a task of the European Union, this changed with the inclusion

in 1992 by the Maastricht Treaty, of an area of freedom, security and justice in the

Treaties. This area is established for the purpose of ensuring the safety and security

of the peoples,128 originally as a flanking measure of the free movement of p­ ersons.129

However, this limited rationale was gradually replaced by a wider assignment. As

the first multi-annual programme in the area of freedom, security and justice

(Tampere, 1999) specified: “People have the right to expect the Union to address the

threat to their freedom and legal rights posed by serious crime.”130

The Lisbon Treaty made a further step towards developing an area of freedom,

security and justice as one of the Union’s main building blocks. The pillar structure

of the European Union disappeared and the area has now been fully integrated into

the Treaty on the Functioning of the European Union and is no longer subject to

specific procedures.131 The area is meant to facilitate the free movement of persons,

while ensuring the safety and security of the peoples.132 In the TFEU, the task of

providing security is specified in Article 67(3): “The Union shall endeavour to

ensure a high level of security”.133

 Case C-285/98, Kreil, EU:C:2000:2, at 17.

 Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain

legal aspects of information society services, in particular electronic commerce, in the Internal

Market (‘Directive on electronic commerce’), OJ L 178/1.


 Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on

services in the internal market, OJ L/376/36.


 And a number of other grounds, not relevant in this context.


 See recitals of the TEU.


 Further read: Paul Craig and Grainne de Burca, EU Law, Text, Cases and Material (Fifth

Edition), Oxford University Press, 2011, pp. 926–931.


 European Council, Presidency Conclusions – Tampere, 15–16 October 1999, The Tampere

Milestones, No. 6.


 Despite the fact that there are significant exceptions to this rule.


 As laid down in the preamble of the TEU.


 Article 67(3) TFEU is included in Title V on the area of freedom, security and justice, and

encompasses, strictly speaking, the internal security of the EU. However, internal and external



6.8  Security: An Area Where the EU and the Member States Have Significant…


The task of providing security under EU law must not only respect the Charter of

Fundamental Rights of the European Union, but must also be exercised in respect of

national sovereignty. Providing security as a core task of the state means that in the

area of freedom, security and justice – an area of shared competence under Article

4 TFEU – only limited competences have been transferred to EU level, with the following nuance. First, Article 67(3) TFEU also refers to measures to prevent and

combat crime (and xenophobia and racism) which may be an indication of the competence being broader. Second, the qualification of the Union’s competences as

being either narrow or broad depends on the perspective that is adopted, for instance,

whether the EU competence on security is compared to the internal market competences or to the situation before the Lisbon Treaty entered into force. Not all authors

characterise the competences as narrow.134

The EU competences have a wide impact on data protection and they also interconnect with the competences of the Member States. The role of the European

Union focuses on the coordination and cooperation for reasons of security. This

includes the exchange of large amounts of personal data135 between police and

­judicial authorities on the national and EU levels.136 This exchange of information,

including personal data, is a significant manifestation of coordination and cooperation between the Union and its Member States. This is well illustrated by the multi-­

annual programmes in the area of freedom, security and justice. The Hague

programme of 2004137 aimed at improving the exchange of information under the

‘availability principle’, which was meant to govern law enforcement related data

exchange, whereas in the Stockholm programme of 2009138 the Information

Management Strategy for EU internal security was set out as one of the main


Beyond the internal EU instruments dealing with security and privacy much has

also been done to ensure protection of individuals in the European Union within the

international context, in particular where information was needed for the purpose of

security are closely connected. The wording “endeavour to ensure a high level of security” is also

included in Article 67(3) TFEU.


 E.g., Mitsilegas talks about broad Treaty powers, in Reports of the FIDE-Congress Tallinn 2012,

Tartu University Press: Volume 3: The Area of Freedom, Security and Justice, Including

Information Society Issues, at 22.


 See: Communication from the Commission to the European Parliament and the Council,

Overview of information management in the area of freedom, security and justice, COM(2010)

385 final. The area is extensively described by Franziska Boehm in Information Sharing and Data

Protection in the Area of Freedom, Security and Justice, Towards Harmonised Data Protection

Principles for Information Exchange at EU-level, Springer 2012.


 For instance involving Europol and Eurojust.


 Council, The Hague Programme: strengthening freedom, security and justice in the European

Union, OJ 2005, C 53/01, at 2.1. The ‘availability principle’ means that information available in

one Member State for police purposes should also be available for colleagues in another Member



 European Council, The Stockholm Programme – An open and secure Europe serving and protecting citizens, OJ 2010, C 115, at 4.2.


6  Understanding the Scope and Limits of the EU Legislator’s Contribution…

security in the United States or in connection with security issues shared between

the EU and its Member States and the US.139 The agreements on passenger name

records (PNR) and on the Terrorist Finance Tracking Programme (TFTP) are the

most obvious examples. Both agreements aim at balancing security and privacy.140

6.9  S

 ynergies with Public Interests Relating to the Internal

Market: The Economic Dimension of Privacy and Data


This section introduces synergies between the fundamental rights of privacy and

data protection, on the one hand, and one of the European Union’s objectives, establishing and ensuring the functioning of an internal market,141 on the other hand. The

relation between these fundamental rights and the interests of the internal market is

not by definition synergetic. Privacy is often perceived as having a negative impact

on economic innovation, or as conflicting with new technology. For example, the

PCAST Report, addressed to President Obama, puts the conflict between privacy

and new technology centre stage.142

The recognition under EU law of privacy and data protection as fundamental

rights, combined with the EU legislator’s mandate under Article 16(2) TFEU may

adversely affect innovation and competitiveness of industries. This is the logical

consequence of the role these fundamental rights play under EU law. Fundamental

rights must be respected and Article 52 Charter requires that limiting the exercise of

a fundamental right must be necessary and genuinely meet the objective of general


The Charter does not exclude a limitation of a fundamental right in the economic

interest. The Explanations to Article 52 Charter143 refer for instance to Article 3

TEU, which mentions economic growth and a highly competitive social market

economy as part of the internal market. However, allowing economic interests to


 Not exclusively, also other third countries require data on EU citizens. Examples are the

Agreement between Canada and the European Union on the transfer and processing of Passenger

Name Records, signed on 25 June 2014, and the Agreement between the European Union and

Australia on the processing and transfer of European Union-sourced passenger name record (PNR)

data by air carriers to the Australian customs service, OJ L 186/4.


 These agreements will be further discussed in Chap. 9, Sect. 9.13 of this book.


 Wording taken from Article 26 TFEU. Pursuant to Article 3(3) TEU, the Union shall establish

an internal market.


 Big Data and Privacy: A Technological Perspective. Executive Office of the President,

President’s Council of Advisors on Science and Technology (PCAST Report), May 2014.


 The Explanations to Article 52 contain references to general interests, which should probably be

considered exhaustive; Peers and Prechal in: “The EU Charter of Fundamental Rights, A

Commentary,” Edited by Steve Peers, Tamara Hervey, Jeff Kenner and Angela Ward, Hart

Publishing, Oxford, 2014, at 1475.

6.9  Synergies with Public Interests Relating to the Internal Market: The Economic…


limit a fundamental right is criticised144 and under Article 8 ECHR the limitation is

restricted to the economic well-being of a country as a whole, which does not

include the interests of companies.145 Where economic growth and a highly competitive social market economy are invoked as ground for a limitation of the rights

to privacy and data protection the threshold is high, also as a result of Article 52(3)

Charter, which specifies that the meaning and scope of fundamental rights shall be

the same as those laid down by the European Convention on Human Rights. More

generally, it would be difficult to accept limitations to fundamental rights representing essential values in a democratic society for purely economic objectives.

6.9.1  Not Conflicting, But Interfacing and Creating Synergies

Another perspective for looking at the interface between privacy and data protection

on the one hand and the internal market on the other hand is the – strong – economic

dimension of privacy and data protection. Delivering privacy and data protection

may be in the economic interest of a company, for instance where the respect of high

privacy and data protection standards is considered a competitive advantage. The

concept of Privacy by Design,146 which enables combining strong privacy with technological innovation, illustrates this. Moreover, the right to data protection, as laid

down in Directive 95/46 also has an economic objective.147

Article 3(3) TEU entrusts the European Union – as part of its responsibility for

the internal market – with the task of promoting scientific and technological advance.

In its Europe 2020 Strategy, the Commission gave an outline of how it proposed to

“turn the EU into a smart, sustainable and inclusive economy delivering high levels

of employment, productivity and social cohesion.” One priority is smart growth, the

development of an economy based on knowledge and innovation, which includes a

true single market for online content and services.148 The Digital Agenda for

Europe149 is a concretisation of this strategy. In an economy based on knowledge


 Paul Craig and Grainne de Búrca, EU Law, Text, Cases and Material (Fifth Edition), Oxford

University Press, 2011, at 397.


 Bernadette Rainey, Elizabeth Wicks, Clare Ovey, Jacobs, White and Ovey, The European

Convention on Human Rights (Sixth Edition), Oxford 2014, at 318–319.


 Included, under the heading of Data protection by design and by default, in Article 23 GDPR as

an obligation to implement the appropriate technological and organisational measures.


 The free flow of information in recital (3) of the Directive. See also Chap. 4, Sect. 4.3.


 Communication from the Commission, Europe 2020, A strategy for smart, sustainable and

inclusive growth, COM(2010) 2020, Executive summary. The priority to realise a digital single

market is specified by the European Council in October 2013, Conclusions of the European

Council 24–25 October 2013, available on: www.consilium.europa.eu/uedocs/cms_data/docs/

pressdata/en/ec/139197.pdf. The digital single market was planned to be completed in 2015 and be

targeted more towards developments in cloud computing, big data and open data.


 Communication from the Commission to the European Parliament, the Council, the European

Economic and Social Committee and the Committee of the Regions, A Digital Agenda for Europe,

COM(2010) 245 final.

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

8 Security: An Area Where the EU and the Member States Have Significant Competence

Tải bản đầy đủ ngay(0 tr)