11 January 2024
A letter signed by 21 organisations, including Statewatch, calls on the EU's new High Level Group on Access to Data for Effective Law Enforcement (HLG) to ensure its proceedings are transparent and that it facilitates the participation of independent civil society experts, instead of relying solely on the input of police, interior ministry and industry officials.
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
The HLG was set up last year, with the Swedish Council Presidency saying it was time to reassess "the balance to be struck between the right to privacy and the right to security."
The letter warns that the objective of the HLG to push for a "security by design" approach in all EU existing and future policies and legislation is in fact "an attempt to impose a law enforcement "access by design" obligation in the development of all privacy-enhancing technologies, which would result in a serious impediment to people’s exercise of their fundamental rights to privacy and data protection and to freedom of expression, information and association."
The letter was coordinated by European Digital Rights.
Full-text of the letter
Subject: Call to the High Level Group on Access to Data for Effective Law Enforcement for greater transparency and participation of all stakeholders
Dear Chairs of the High Level Group,
We, the undersigned digital rights and civil society organisations, emphasise the crucial importance of guaranteeing transparency, participation, inclusion and accountability, notably through the involvement of civil society in ongoing discussions held by the High-Level Group (HLG) on access to data for effective law enforcement.
The European Commission and the Council of the EU are bound by Article 11 of the Treaty on European Union to “give citizens and representative associations the opportunity to make known and publicly exchange their views in all areas of Union action” and to maintain “open, transparent and regular dialogue with representative associations and civil society”.i We therefore welcome the intention of the Commission, as described in the Commission Decision setting up the groupii, to “establish and operate a collaborative and inclusive platform for stakeholders from all relevant sectors, including (...) data protection and privacy, (...) non-governmental organisations [to] work towards commonly accepted solutions”.
However, in the context of these treaty obligations, the current working arrangements of the HLG raise multiple challenges for participation and inclusion.
In October 2023 several of our organisations proposed to contribute as civil society experts and participants to the upcoming activities and working sessions of the HLG given their expertise and long- term engagement with the subject matter. However, their requests were turned down and they were invited instead to submit written comments, which, if deemed relevant, could lead to a proper invitation at a later date.
In the meantime, we learnt that several industry players have been invited to the HLG meetings.iii This opaque and unequal participation process that may lead to an unbalanced representation of interests can hardly achieve one of the objectives of the HLG which is “to stimulate the interactive participation of all stakeholders and the sharing of different perspectives”.iv
We would like to stress that transparency, inclusion and accountability requires genuine opportunities for civil society to be informed about deliberations in the HLG and provide comments and advice, which the HLG can consider at all stages of its work. This dialogue is needed continuously throughout the process, and cannot be reduced to a one-time meeting where civil society presents its views separately from the main HLG process. It is critical that civil society can listen to Member States, and provide targeted advice on the specific discussions taking place.
In particular, we are deeply concerned that the very premise of the HLG objectives is to push for a “security by design” approach in all EU existing and future policies and legislation. We understand this framing as an attempt to impose a law enforcement “access by design” obligation in the development of all privacy-enhancing technologies, which would result in a serious impediment to people’s exercise of their fundamental rights to privacy and data protection and to freedom of expression, information and association. It could also have an unforeseen detrimental impact on the security of the critical
infrastructure that we all rely on when using electronic communications services and digital devices Hence it is all the more important to bring this debate into the public sphere.
Lastly, we would like to point out that, although the HLG is considered a sui generis group and not an official Commission expert group, there is a worrying lack of compliance with transparency requirements.
Article 11 of the Commission Decision states that an equivalent degree of transparency must be ensured to that applicable to Commission expert groups within the meaning of the Commission Decision C(2016) 3301.v Yet, the HLG and its working groups are not registered on the Register of Commission expert groups and other similar entities, despite what its own rules of procedure prescribe.vi
The rules of procedure further state that “DG HOME shall publish the agenda of the meetings of the group and other relevant background documents in due time ahead of the meeting, followed by timely publication of minutes.” None of the meeting minutes have yet been made available to the public. Exceptions should be individually justified and internally reviewed. All documents should be published proactively and by default. This would also prevent the administrative burden of granting access to documents (see this request for example).
We therefore call for a diligent approach to making all possible documents public and proactively engaging with civil society.
European Digital Rights (EDRi)
Alternatif Bilişim (AiA), Turkey
Asociația pentru Tehnologie și Internet, Romania
Chaos Computer Club, Germany
Citizen D / Državljan D, Slovenia
D3 – Defesa dos Direitos Digitais, Portugal
DFRI (Föreningen för Digitala Fri- och Rättigheter), Sweden
Deutsche Vereinigung für Datenschutz e.V. (DVD), Germany
Digital Rights Ireland, Ireland
Digital Society, Switzerland
Electronic Frontier Finland (Effi), Finland
Electronic Frontier Foundation (EFF)
Elektronisk Forpost Norge (EFN), Norway
Homo Digitalis, Greece
IT-Pol Denmark, Denmark
SUPERRR Lab, Germany
Vrijschrift.org, the Netherlands
The Swedish Presidency of the Council proposed to create a High-Level Expert group on data retention to strike a new "balance" between the right to privacy and the right to security, according to two documents published by Statewatch. Member state feedback has been enthusiastic. The aim is to change the rhetoric on surveillance to facilitate the adoption of new rules. The expert group format of discussion and the participation of civil society are still to be decided, with the Commission and the Council likely to co-chair.
The minutes of the recent EU-US Senior Officials Meeting on Justice and Home Affairs, held in Stockholm on 16 and 17 March, demonstrate cooperation on a vast range of topics - including a "proof of concept" of the "Enhanced Border Security Partnership" involving the transatlantic sharing of biometric data, the need to "reinforce law enforcement’s legitimacy to investigate" in debates around breaking telecoms encryption, and US "concerns on radicalisation among police forces."
The introduction of 5G telecommunications networks could render traditional “lawful interception” techniques used by the police obsolete, according to internal EU documents. Discussions on how to deal with the issue are ongoing – but are being kept behind closed doors. There is a need for a public discussion on this issue, as well as the closely-related topic of the surveillance potential of new technologies facilitated by 5G that threaten to introduce – in the words of a police think tank, no less – “major invasions of privacy and a fundamental, and at this stage unregulated, shift in the relationship between the police and the public.”
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.