Image: Rodion Kutsaiev, Unsplash
The HLG was set up last year, with the Swedish Council Presidency saying it was time to reassess “the balance to be struck between the right to privacy and the right to security.”
The letter warns that the objective of the HLG to push for a “security by design” approach in all EU existing and future policies and legislation is in fact “an attempt to impose a law enforcement “access by design” obligation in the development of all privacy-enhancing technologies, which would result in a serious impediment to people’s exercise of their fundamental rights to privacy and data protection and to freedom of expression, information and association.”
The letter was coordinated by European Digital Rights.
Full-text of the letter
10.1.24
Subject: Call to the High Level Group on Access to Data for Effective Law Enforcement for greater transparency and participation of all stakeholders
Dear Chairs of the High Level Group,
We, the undersigned digital rights and civil society organisations, emphasise the crucial importance of guaranteeing transparency, participation, inclusion and accountability, notably through the involvement of civil society in ongoing discussions held by the High-Level Group (HLG) on access to data for effective law enforcement.
The European Commission and the Council of the EU are bound by Article 11 of the Treaty on European Union to “give citizens and representative associations the opportunity to make known and publicly exchange their views in all areas of Union action” and to maintain “open, transparent and regular dialogue with representative associations and civil society”.i We therefore welcome the intention of the Commission, as described in the Commission Decision setting up the groupii, to “establish and operate a collaborative and inclusive platform for stakeholders from all relevant sectors, including (…) data protection and privacy, (…) non-governmental organisations [to] work towards commonly accepted solutions”.
However, in the context of these treaty obligations, the current working arrangements of the HLG raise multiple challenges for participation and inclusion.
In October 2023 several of our organisations proposed to contribute as civil society experts and participants to the upcoming activities and working sessions of the HLG given their expertise and long- term engagement with the subject matter. However, their requests were turned down and they were invited instead to submit written comments, which, if deemed relevant, could lead to a proper invitation at a later date.
In the meantime, we learnt that several industry players have been invited to the HLG meetings.iii This opaque and unequal participation process that may lead to an unbalanced representation of interests can hardly achieve one of the objectives of the HLG which is “to stimulate the interactive participation of all stakeholders and the sharing of different perspectives”.iv
We would like to stress that transparency, inclusion and accountability requires genuine opportunities for civil society to be informed about deliberations in the HLG and provide comments and advice, which the HLG can consider at all stages of its work. This dialogue is needed continuously throughout the process, and cannot be reduced to a one-time meeting where civil society presents its views separately from the main HLG process. It is critical that civil society can listen to Member States, and provide targeted advice on the specific discussions taking place.
In particular, we are deeply concerned that the very premise of the HLG objectives is to push for a “security by design” approach in all EU existing and future policies and legislation. We understand this framing as an attempt to impose a law enforcement “access by design” obligation in the development of all privacy-enhancing technologies, which would result in a serious impediment to people’s exercise of their fundamental rights to privacy and data protection and to freedom of expression, information and association. It could also have an unforeseen detrimental impact on the security of the critical
infrastructure that we all rely on when using electronic communications services and digital devices Hence it is all the more important to bring this debate into the public sphere.
Lastly, we would like to point out that, although the HLG is considered a sui generis group and not an official Commission expert group, there is a worrying lack of compliance with transparency requirements.
Article 11 of the Commission Decision states that an equivalent degree of transparency must be ensured to that applicable to Commission expert groups within the meaning of the Commission Decision C(2016) 3301.v Yet, the HLG and its working groups are not registered on the Register of Commission expert groups and other similar entities, despite what its own rules of procedure prescribe.vi
The rules of procedure further state that “DG HOME shall publish the agenda of the meetings of the group and other relevant background documents in due time ahead of the meeting, followed by timely publication of minutes.” None of the meeting minutes have yet been made available to the public. Exceptions should be individually justified and internally reviewed. All documents should be published proactively and by default. This would also prevent the administrative burden of granting access to documents (see this request for example).
We therefore call for a diligent approach to making all possible documents public and proactively engaging with civil society.
Sincerely,
European Digital Rights (EDRi)
ARTICLE 19
Alternatif Bilişim (AiA), Turkey
Asociația pentru Tehnologie și Internet, Romania
Chaos Computer Club, Germany
Citizen D / Državljan D, Slovenia
D3 – Defesa dos Direitos Digitais, Portugal
DFRI (Föreningen för Digitala Fri- och Rättigheter), Sweden
Deutsche Vereinigung für Datenschutz e.V. (DVD), Germany
Digital Rights Ireland, Ireland
Digital Society, Switzerland
Electronic Frontier Finland (Effi), Finland
Electronic Frontier Foundation (EFF)
Elektronisk Forpost Norge (EFN), Norway
Homo Digitalis, Greece
IT-Pol Denmark, Denmark
Mnemonic, Germany
Politiscope, Croatia
SUPERRR Lab, Germany
Statewatch, UK
Vrijschrift.org, the Netherlands
