Presentation by the European Ombudsman, Emily O'Reilly - Decision of the European Ombudsman closing the inquiry into complaint 1148/2013/TN as regards Europol
Presentation by the European Ombudsman
Decision of the European Ombudsman closing the inquiry into complaint 1148/2013/TN as regards Europol
LIBE Committee, European Parliament
Brussels, Thursday 8 Jan 2015
Good morning Chairman, honourable Members, and can I firstly wish you all a happy new year.
Thank you for inviting me to address you on what I consider to be a very serious issue, and which arose during an inquiry concerning Europol, the European Union's law enforcement agency.
For the first time in its twenty year history, the European Ombudsman was denied its right under Statute to inspect an EU institution document, even under the guarantee of full confidentiality, as part of an inquiry.
This power to inspect documents is fundamental to the democratic scrutiny role of the Ombudsman and acts as a guarantor of certain fundamental rights to the EU citizen.
This inquiry concerned public access to a document held by Europol concerning its activities under the EU-US Terrorist Finance Tracking Program (TFTP) Agreement.
The TFTP Agreement, concluded with the US in 2010, provides that the EU may transmit financial messaging data of EU citizens to the US Treasury Department in order to track potential terrorist activity. The data is held and transferred by the Belgian based Society for Worldwide Interbank Financial Telecommunication, known as SWIFT. The transfer occurs only when Europol has validated the US request.
Europol’s role is to ensure that the transfer requests by the US comply with the agreement in terms of scope, proportionality, and necessity although it has no access to the data that is actually transferred.
In June 2013, we received a complaint from an EU citizen, acting on behalf of an MEP, concerning Europol's handling of her request for public access to the report by Europol's Joint Supervisory Body (JSB) on the implementation of the EU-US Agreement.
The document to which public access was requested is the second JSB inspection report of March 2012.
The JSB consists of representatives of the data protection authorities of the Member States. Its role is to ensure that the storage, processing and use of the data held by Europol do not violate fundamental EU rights. Europol refused public access to the JSB report, the applicant complained to my Office and we subsequently opened an inquiry.
As part of my inquiry, I instructed my officials to inspect the requested document in order to check that Europol correctly applied its own rules on access to documents. This is a normal procedure, which has operated without difficulty for twenty years.
It is very important to emphasise here that Europol has not contested the need for the Ombudsman to inspect the document. On the contrary, Europol cooperated fully with the Ombudsman's services by agreeing in advance the necessary strict security arrangements for a confidential inspection. My services and those of Europol had a very constructive relationship on this inquiry.
However, according to Europol, the "technical modalities" agreed between the Commission and the US under Article 4(9) of the TFTP Agreement required Europol to obtain the permission of the US authorities before allowing the Ombudsman, or any other entity, any access, including an Ombudsman confidential inspection, to the record. The US authorities have refused such permission to Europol.
The “technical modalities” is in one sense, a secondary agreement between the EU Commission and the US as to how the TFTP agreement would be implemented. Article 4 (9) of the main Agreement simply states that the “technical modalities necessary to support Europol’s verification powers” would be jointly coordinated between the EU and the US.
In practice these were eventually signed off on just three days before the agreement was implemented and were not seen by Parliament.
The relevant part of this secondary agreement states, “No information transmitted by the US Treasury department, including information regarding types or categories of messages, is permitted to be shared either with EU Member States or with other parties, without the express written authorisation of the US Treasury Department.”
The Director of Europol wrote to the US Department of the Treasury explaining the Ombudsman's role under Article 228 of the Treaty on the Functioning of the European Union, detailing the security arrangements which Europol proposed to put in place for the inspection, and asking permission to show the document to the Ombudsman. The US authorities refused this permission saying that the "need to know" requirement was not met.
As you may know, the European Parliament in 2008, with the consent of the Council, amended the Ombudsman statute to confer specific powers of inspection of classified documents, subject to agreement in advance with the institution concerned on the conditions for confidential treatment of the documents. As already mentioned, in the present case Europol and the Ombudsman had agreed the security arrangements that would apply to an inspection.
Indeed, such security arrangements to inspect confidential documents have also been agreed between my Office and the Council on several occasions.
So what is the current situation?
The "technical modalities", negotiated by the Commission with the US after the Parliament had approved the TFTP Agreement, allow the US authorities to be the arbiters of whether or not the Ombudsman may exercise her statutory, democratic power to inspect the document at issue. The US authorities have effectively decided that the Ombudsman should not be enabled to exercise that power in this case.
We have not inspected the document, and so can make no assessment as to whether it should or should not be released, or indeed whether parts of it should be released. It may well be the case that it contains sensitive data from the US and so should not be released - but we have no way of knowing without sight of the report.
It should be pointed out that this is a document from an EU institution, not one originating from a third party although it may contain information supplied by a third party. I should also point out that the purpose of the report, as I understand it, is to check that the TFTP Agreement, in so far as Europol’s role is concerned, fully respects the rights of EU citizens. Our inquiry has now been closed. We have been unable to exercise our democratic powers and to act in full compliance with our statutory and Treaty obligations.
The Commission did write to my Office last month on this issue, and I thank them for that correspondence. The Commission says that obtaining the consent of the data originator, in this case the US, before any classified information is further disseminated is one of the most important principles of data sharing in EU security frameworks. This is something I fully understand. However the issue here is not about further dissemination or giving public access, rather it is about the Ombudsman's power of inspection to ensure democratic oversight.
To conclude Chairman, I make four final points:
- Parliament may wish to consider whether it is acceptable for arrangements to be agreed with another government which have the effect of preventing the operation of an oversight mechanism, established under the EU Treaties, for the control of EU executive action.
- The "technical modalities" do however clearly state that they "may be subject to modifications, as necessary", which means that it is open to the Commission to seek to renegotiate them, without re-opening the Agreement itself.
- Parliament may also wish to consider whether any future negotiations on the TFTP Agreement, or any similar agreements, should result in the inclusion of a specific provision to ensure adequate scrutiny by the Ombudsman. It might also wish to examine the "technical modalities" to ensure that, in any such future Agreement, the authority to agree "technical modalities" is confined to purely technical and administrative arrangements, and that any arrangements which limit the exercise of existing statutory powers must have explicit agreement from the legislature.
- Finally, it seems worth pointing out that an MEP had to invoke the right of public access in this case. In some EU Member States, as well as in the United States, there are arrangements that allow the Legislature, through a specially constituted Committee, to obtain access to confidential information in order to be able to exercise proper democratic scrutiny of the Executive.
Thank you for your attention to this matter.