Background to the complaint

1. Each month, the EU Intelligence and Situation Centre (IntCen), which is part of the European External Action Service (EEAS), prepares terrorist threat assessments. These assessments are provided, through secure means of communication, to a strictly limited group of intelligence and security authorities at Member State level and to a limited circle of high level civil servants and political figures in certain EU institutions. The assessments are classified as ‘EU confidential’[1].

2.  On 23 April 2018, the complainant, a European citizen working for a Member of the European Parliament, asked the EEAS to give him access to six of these threat assessments.

3. On 8 May 2018, the EEAS replied, refusing to give him the assessments. It argued that releasing the documents could undermine the protection of public security. In doing so, it invoked the related exception[2] provided for under EU rules on public access to documents (Regulation 1049/2001)[3].

4. The complainant then asked the EEAS to review its decision (by making a so-called ‘confirmatory application’). In doing so, he argued that the EEAS should reconsider whether the documents should still be classified as confidential and consider whether they could be partially disclosed.

5. On 8 June 2018, the EEAS replied confirming its decision to withhold the documents. In the reply, it stated that it had reviewed the documents. It repeated its view that releasing them could pose a threat to public security. In addition, it stated that releasing them would undermine international relations[4] and the decision-making processes within the EEAS[5].

6. Dissatisfied with the EEAS’s decision, the complainant turned to the Ombudsman.

The inquiry

7. In the course of the inquiry, the Ombudsman’s inquiry team carried out an inspection of the documents[6] and met with representatives of the EEAS to better understand the file and its context.

Arguments presented to the Ombudsman

8. The complainant argued that the EEAS was wrong to withhold the documents. In his view, it should have reconsidered whether the confidential classification still applied given the time that had elapsed since some of the assessments were drawn up.

9. He argued that, since summaries of the assessments are available in other EU documents that are not classified as ‘confidential’, but are merely classified as ‘restricted’[7], the EEAS should consider granting public access to “large parts” of the assessments.

10. In his comments on the report of the Ombudsman’s inspection, he further argued that the EEAS had not sufficiently explained its refusal to grant access.

11. During the inspection meeting, the EEAS informed the Ombudsman’s inquiry team that the documents are based on classified contributions from Member State intelligence and security services concerning terrorist threats. Given their content, they are classified as ‘EU confidential’. It also argued that the documents contain information that remains operational today. Thus, disclosing the documents could, it argued, harm public security.

12. The EEAS also argued that disclosing the documents could also lead to a “serious breach of trust” between IntCen and the national intelligence and security services that provided information to IntCen. Any loss of trust could lead national intelligence and security services to refuse to contribute to IntCen assessments in the future. As well as damaging public security, this would undermine the EEAS’s decision-making processes and international relations.

The Ombudsman's assessment

13. The threat posed by terrorism is extremely serious. Information gathering by national intelligence and security services, and the analysis of this information by the responsible authorities at national level and at EU level, are vital to protecting the public from this serious threat. The EEAS, through the work of IntCen, plays an important role in this by analysing information received from Member State authorities and communicating this analysis to those persons and entities, at Member State level and EU level, that have the security clearance and the need to see such analysis.

14.  It is vital to protect this information and analysis, and any data that might indicate, even indirectly, how intelligence and security services compile such information.

15. The inspection of the documents confirmed that the assessments do indeed contain extremely sensitive security and intelligence information, which remains operational. It is thus reasonably foreseeable that disclosing this information would represent a serious risk to the protection of public security.

16. The inspection meeting confirmed that even partial disclosure of the documents would reveal sensitive information.

17. It is also reasonable to conclude that disclosure would represent a risk to IntCen’s decision-making processes and international relations[8].

18. The complainant argues that the information in the assessments is also contained in other documents that are not classified as ‘EU confidential’. In this context, the complainant sent the Ombudsman a document marked ‘restricted’, which he argues is a “summary” of an IntCen assessment. The document, which was also made available to a limited number of MEPs, was marked ‘restricted’. While this is a lower level of classification than a document marked ‘EU Confidential’, it is a document was not intended to be made publicly-available. The Ombudsman notes that, in any case, the document does not contain information which is similar, in terms of its detailed content, or the way it is drafted, to the IntCen threat assessments. Therefore, the fact that the two documents have different confidentiality classifications is not inconsistent and is to be expected. The Ombudsman appreciates that the complainant is not in a position where he can make that comparison, but she is satisfied, on the basis of the inspection of the requested documents, that disclosing the contents would undermine the protection of the public interest as regards public security.

19. Based on the above, the Ombudsman finds that the EEAS was justified in refusing access to the requested documents and that there was no maladministration in how it handled the request.

Conclusion

Based on the inquiry, the Ombudsman closes this case with the following finding:

There was no maladministration by the European External Action Service in how it handled the request for public access to terrorism threat assessments.

The complainant and the EEAS will be informed of this decision.

 

Emily O'Reilly

European Ombudsman

Strasbourg, 14/09/2018

 

[1] The rules governing how the EEAS deals with EU classified information (EUCI) are set out in Decision of the High Representative of the Union for Foreign Affairs and Security Policy of 19 September 2017 on the security rules for the European External Action Service https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32018D0410(01). The EUCI classification ‘Confidentiel UE/EU confidential’ is applied to “information and material, the unauthorised disclosure of which could harm the essential interests of the European Union or of one or more of the Member States”.

[2] Article 4(1)(a) of Regulation 1049/2001.

[3] Regulation 1049/2001 of the European Parliament and of the Council on public access to EU institution documents.

[4] Article 4(1)(a) of Regulation 1049/2001.

[5] Article 4(3) of Regulation 1049/2001.

[6] The inspection meeting took place in accordance with the security rules of the EEAS referred to above. The meeting took place in a secured location in the EEAS. The documents were reviewed, in the presence of EEAS officials, by one senior member of the Ombudsman’s inquiry team only. Prior to the inspection, the Ombudsman forwarded to the EEAS the relevant high level security clearance (PSC) issued by the competent authority of the Ombudsman’s staff member’s Member State. No copies of the documents were made and no notes of their content were taken.

[7] The complainant referred to documents marked as LIMITE, which refers to documents from the Council of the European Union designated as being for restricted internal distribution and not for publication. Such documents can be released based on a public access to documents request, following a decision by Council http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%205847%202006%20INIT .

[8] EU case-law has established that there is wide discretion in determining what could amount to a foreseeable risk to international relations e.g. Case C-266/05 P, para 34.; Judgment of the Court (First Chamber) of 1 February 2007; Jose Maria Sison v Council of the European Union.