The US government and European Commission insist that the inclusion of a corporate sovereignty chapter in the TAFTA/TTIP treaty will not in any way diminish the ability of nations to pass laws as they wish. A fascinating case involving an investment in Romania shows why that’s just not true. It concerns a state aid scheme instituted by Romania to attract investments in the country, which offered tax breaks or refunds of customs duties on raw materials. The scheme was supposed to remain in place for 10 years. But as part of Romania’s accession to the EU, it was required to cancel this scheme, which was regarded by the European Commission as providing unfair state aid. So, obediently, Romania abolished the scheme in 2005, some years earlier than it had promised.
That didn’t go down too well with investors. Two of them were able to use the investor-state dispute settlement (ISDS) clauses of a bilateral treaty between Sweden and Romania to sue the latter. Here’s what happened next, as described in the European Commission’s press release:
An arbitral award of December 2013 found that by revoking an investment incentive scheme in 2005, four years prior to its scheduled expiry in 2009, Romania had infringed a bilateral investment treaty between Romania and Sweden. The arbitral tribunal ordered Romania to compensate the claimants, two investors with Swedish citizenship, for not having benefitted in full from the scheme.
Just part of the price of joining the European Union, you might think. But the European Commission is unhappy that compensation has been paid:
By paying the compensation awarded to the claimants, Romania actually grants them advantages equivalent to those provided for by the abolished aid scheme. The Commission has therefore concluded that this compensation amounts to incompatible state aid and has to be paid back by the beneficiaries.
That is, both the original state aid and the subsequent compensation for not providing that aid for the full term of the agreement are regarded as forbidden under EU law. So the European Commission is ordering Romania somehow to pull back from the Swedish investors the compensation awarded by the ISDS tribunal. Leaving aside the difficulty of doing so, even if Romania manages that, it will then be in breach of the corporate sovereignty tribunal ruling, which could leave it open to further legal action, and further awards against it. On the other hand, if it doesn’t rescind the compensation, it will be fined by the European Commission.
This provides a perfect demonstration of how corporate sovereignty provisions in treaties take away the ability of national governments to act freely. Moreover, in this particular case, whatever Romania chooses to do, its people will suffer financially.
Tag: EU
EU announces plans to banish geo-blocking, modernize copyright law
At the heart of the European Union lies the Single Market—the possibility for people to buy and sell goods and services anywhere in the EU. So it is ironic that the European sector least constrained by geography—the digital market—is also the least unified. To remedy that situation, the European Commission has announced its Digital Single Market Strategy, which addresses three main areas.
The first is “Better access for consumers and businesses to digital goods and services” and includes two of the thorniest issues: geo-blocking and copyright. As the EU’s strategy notes, “too many Europeans cannot use online services that are available in other EU countries, often without any justification; or they are re-routed to a local store with different prices. Such discrimination cannot exist in a Single Market.”
There is strong resistance to removing geo-blocking, particularly from copyright companies that have traditionally sold rights on a national basis and which therefore want geo-blocking to enforce that fragmentation. The Pirate Party Member of the European Parliament (MEP), Julia Reda, quoted a fellow MEP justifying geo-blocking as follows: “I can’t buy Finnish bread in any German supermarket or bakery. Far too few people here would buy it, so the market doesn’t offer it to me. And you don’t see me demanding that the European Commission bloody-well make that product available to me.”
The Orwellian Re-Branding of “Mass Surveillance” as Merely “Bulk Collection”
Just as the Bush administration and the U.S. media re-labelled “torture” with the Orwellian euphemism “enhanced interrogation techniques” to make it more palatable, the governments and media of the Five Eyes surveillance alliance are now attempting to re-brand “mass surveillance” as “bulk collection” in order to make it less menacing (and less illegal). In the past several weeks, this is the clearly coordinated theme that has arisen in the U.S., U.K., Canada, Australia and New Zealand as the last defense against the Snowden revelations, as those governments seek to further enhance their surveillance and detention powers under the guise of terrorism.
This manipulative language distortion can be seen perfectly in yesterday’s white-washing report of GCHQ mass surveillance from the servile rubber-stamp calling itself “The Intelligence and Security Committee of the UK Parliament (ISC)”(see this great Guardian editorial this morning on what a “slumbering” joke that “oversight” body is). As Committee Member MP Hazel Blears explained yesterday (photo above), the Parliamentary Committee officially invoked this euphemism to justify the collection of billions of electronic communications events every day.
The Committee actually acknowledged for the first time (which Snowden documents long ago proved) that GCHQ maintains what it calls “Bulk Personal Datasets” that contain “millions of records,” and even said about pro-privacy witnesses who testified before it: “we recognise their concerns as to the intrusive nature of bulk collection.” That is the very definition of “mass surveillance,” yet the Committee simply re-labelled it “bulk collection,” purported to distinguish it from “mass surveillance,” and thus insist that it was all perfectly legal.
Angry Austrian could turn Europe against the US – thanks to data
In a David versus Goliath battle, an Austrian law student may topple the biggest EU-US data sharing deal when he gets his day in court in a couple of weeks’ time.
Max Schrems, who set up the Europe v Facebook group, alleges that Facebook violated the so-called safe harbour agreement which protects EU citizens’ privacy by transferring personal user data to the US National Security Agency (NSA).
The European Court of Justice (ECJ) will hear details of the case on 24 March.
Schrems first appealed to the Irish Data Protection Commissioner to investigate his claims. He was refused on the grounds that Facebook was signed up to the safe harbour agreement and so could transfer data to the US with impunity.
Under European data protection law, companies can only transfer consumer data out of the EU to countries where there is an “adequate” level of privacy protection. As the US does not meet this adequacy standard, the European Commission and the US authorities came up with a workaround and, in 2000, set up the voluntary safe harbour framework whereby companies promise to protect European citizens’ data.
These promises are enforced by the US Federal Trade Commission – but since the Snowden revelations, there has been doubt these promises are worth the paper they’re written on.
Dutch Court Sets Aside National Data Retention Law
Back in January, we wrote about a legal challenge to the Netherlands’ data retention law by a group of civil rights organizations. This was because the Dutch government had decided to ignore the important ruling by Europe’s highest court, the Court of Justice of the EU (CJEU), that blanket data retention was “invalid.” Now, a court in The Hague has ruled the government was wrong to do so:
Dutch providers are no longer required to retain internet and phone traffic data. The telecommunications data retention law, that was fought in court by various privacy groups and small ISPs, is invalid.
That was ruled by the court of The Hague on Wednesday. The data retention law violated the Charter of Fundamental Rights of the European Union, specifically regarding the right to protection of private life and protection of personal data.
As that report from Nu.nl, translated by Matthijs R. Koot on his blog, makes clear, the court’s judgment affects all kinds of telecoms — both Internet and phone traffic data — and all communication providers. This is the judge’s reasoning:
The judge finds that the collected data are too easily accessible for crimes that are not serious. The plaintiffs stated that, technically, theft of a bicycle could lead to access to data, although the government stated this does not happen.
“Fact of the matter is that the possibility exists and that no safeguards exist to limit access to the data to what is strictly necessary to fight (only) serious crime”, according to the judge.
The court also finds it to be incorrect that no prior court approval is needed to access the data.
The judge’s ruling is only “provisonally enforeable”, and the Dutch government may appeal against it. But even if it does, it has a larger problem with its policy in this area. Although it claims a new data retention bill will be compatible with the CJEU ruling, the Netherlands’ Data Protection Authority has already said that it is still too intrusive for a number of reasons. Clearly, the European debate over what is a reasonable and proportionate level of data retention — if any — has a long way to go yet, both in the Netherlands and elsewhere.
Health Impact Assessment: TPP Poses Risks To Affordable Medicines, Tobacco Control And Nutrition Labeling
A report released today by a large team of academics and non-government health organisations reveals that the Trans-Pacific Partnership Agreement (TPP) poses risks to the health of Australians in areas such as provision of affordable medicines, tobacco and alcohol policies and nutrition labelling. Many public health organisations have been tracking the progress of the TPP negotiations over the past several years and have expressed concerns about the potential impacts and lack of transparency.
Spanish Court Limits Scope Of EU’s Right To Be Forgotten
EU’s ‘right to be forgotten’ is still relatively new — the original ruling was made less than a year ago. Since then, the EU courts and companies have been trying to work out what it means in practice, which has led to some broadening of its reach. But an interesting court ruling in Spain seems to limit its scope. It concerns the following case, reported here by Stanford’s Center for Internet and Society:
The claimant was a Spanish citizen who found that when typing his name on Google Search, the results included a link to a blog with information about a crime he had committed many years ago. While the official criminal records had already been cancelled, the information was thus still findable on the internet.
The Spanish Data Protection Authority (DPA) made two rulings. One was that Google should remove the information from its search engine, and the other was that Google should remove personally identifiable information from a blog hosted on its Blogger platform. When these decisions were reviewed by Spain’s National High Court, it confirmed the first ruling, and clarified that Google needed to remove the link to the criminal records information from its search results. However, it did not confirm the second ruling:
The National High Court reversed that and held that the responsible for the processing is not Google but the blog owner. It further held that the DPA cannot order Google to remove the content within a procedure for the protection of the data subject’s right to erasure and to object.
This is significant, because it says the “controller of the processing” — a key concept in EU data protection law — is the blog owner, not Google, and so the latter cannot be forced to take down a blog post. The Center for Internet and Society post notes:
Arguably, under the rationale that the platform is not the controller of the processing, other user generated content sites such as YouTube or social networking sites might also fall outside the scope of the right to be forgotten.
Well, not entirely outside the scope: presumably, search engines could still be required to remove links to user-generated content, but it would be the creator of that content that would be asked to remove it entirely, not the hosting company. Clearly, further cases will be needed to clarify how exactly this will work in Spain, and whether it applies anywhere else.
EU Commissioner Wants to Abolish Netflix-Style Geoblocking
Due to complicated licensing agreements Netflix is only available in a few dozen countries, all of which have a different content library.
The same is true for many other media services such as BBC iPlayer, Amazon Instant Video, and even YouTube.
These regional blockades are a thorn in the side of Andrus Ansip, Vice-President for the Digital Single Market in the European Commission. In a speech this week he explained why these roadblocks should be abolished.
“Far too often, consumers find themselves redirected to a national website, or blocked. I know this from my own experience. You probably do as well,” Ansip said.
“This is one of many barriers that needs to be removed so that everyone can enjoy the best Europe has to offer online. It is a serious and common barrier, as well as extremely frustrating,” he added.
European Lawmakers Demand Answers on Phone Key Theft
European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday.
The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys.
The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.”
“Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal.
Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
“If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday.
The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said.
Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request.
Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year.
The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.