Statewatch News Online: Commission working paper coe cybercrime

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.

COMMISSION OF THE EUROPEAN COMMUNITIES
Brussels, 19.02.2001
SEC(2001) 315

COMMISSION STAFF WORKING PAPER

COUNCIL OF EUROPE DRAFT CONVENTION ON CYBERCRIME -
ACCESSION OF THE EC AND DISCONNECTION CLAUSE

Summary

The purpose of this paper is to explain why the Commission services attach considerable importance to the inclusion of an accession clause for the European Community and a disconnection clause in the Council of Europe draft Convention on Cybercrime. The Commission services are seeking an EU Common Position in view of the further negotiation meetings.

In these negotiations, Member States should be asked to support the following amendments:

(a) agree that Article 37 of the draft Convention should include a new paragraph 3 which reads as follows:

"3. The European Community may also accede to the present Convention."

(b) agree that the draft Convention should include a disconnection clause along the following lines:

"In their mutual relations, Parties which are members of the European Union shall apply the rules of the European Community and the rules laid down or based on Title VI of the Treaty on European Union, and shall therefore not apply the provisions arising from this Convention except insofar as there are no such rules governing the particular subject concerned."

Background

This issue was discussed at the Substantive Criminal Law Working Party on 8 December which met to agree an informal EU co-ordinated position on several issues in the negotiations on the draft CoE Cybercrime Convention. There was no agreement on the disconnection or accession clauses, although the Commission was invited to make further proposals. At the Article 36 Committee meeting on 14 December, the Commission suggested that this issue should be considered at Coreper.

The Plenary Committee of the Council of Europe responsible for drawing up the draft Convention on Cybercrime (PCCY) met on 11-15 December. This was supposed to be the final formal meeting of the Committee tasked with drawing up the Convention. However, there will now be a further two meetings of experts in April / May 2001 under the auspices of a more senior committee within the Council of Europe, the European Committee on Crime Problems (CDPC). These two further meetings are needed to take account of the Parliamentary Assembly's comments, and to conclude other outstanding points such as data protection and racism and xenophobia. They will therefore provide a final opportunity to meet the Commission's concerns, which is why it is important to have an agreed position between the Member States on this issue as early as possible. The Convention will put to the Committee of Ministers following the approval of the CDPC in June 2001.

During the negotiations of the draft CoE Convention on Cybercrime, the Commission services have followed the negotiations as an observer. The Commission has tried to encourage a common approach from the EU and to ensure that the draft Convention is compatible with Community law. In particular, the Commission services have sought to ensure that an appropriate balance is reached between the interests of law enforcement, industry, privacy and data protection.

The Convention covers a wide range of areas of Internet-related crime. These include:

- offences covering illegal access, interception, data interference and system interference;

- creating offences of misusing devices such as hacking tools for the purpose of committing these offences;

- offences for computer-related fraud and forgery;

- offences related to child pornography;

- offences related to copyright;

- corporate liability (criminal, civil or administrative) for the above offences;

- criminal procedural law measures to investigate the offences established by the Convention and other offences committed on the Internet or involving evidence in electronic form. These include expedited preservation of data; expedited preservation and disclosure of traffic data; production orders; search and seizure of stored computer data; interception of content data; and real-time collection of traffic data;

- international co-operation measures to assist investigation of these offences such as extradition and mutual legal assistance (including new measures to ensure the rapid preservation of specified data held in another jurisdiction and which might otherwise be destroyed);

- a data protection article for information exchanged between judicial and police authorities under the Convention for the purpose of investigating these offences.

Accession of the European Community

The need for an accession clause

Although the Convention relates to criminal law, it does touch upon several areas which impact upon Community law, including both the Treaties and secondary legislation. However, the exercised Community competences in those areas are very limited. There is therefore no need at present for the Community to be a Party to the Convention.

Under the existing Treaties, Community law may provide for criminal sanctions where this is considered necessary in order to achieve a Community objective. An example is copyright where, as a result of exercising such potential competence, it is possible that the Community could in the future have exercised competence over matters covered by the CoE Cybercrime Convention. It is therefore feasible that, in the longer-term, the Community might wish to be a Party to the CoE Cybercrime Convention in this respect. Moreover, the Council of Europe already intends to start negotiations on a Protocol to the draft Convention. It is possible that this could include areas covering Community law

For these reasons, the inclusion of an accession clause in the Convention at this stage in the negotiations will avoid the need in the future to negotiate a separate Additional Protocol allowing Community accession in the event that this is necessary or desired.

There are precedents for such "forward-looking" EC participation clause: for example, ETS 164, Convention for the Protection of Human Rights and Dignity of the Human Being with Regard to the Application of Biology and Medicine (Convention on Human Rights and Biomedicine), of 4 April 1997, provided for original EC membership even though the EC role in matters falling within that Convention's scope is very limited (and was even more so before the Amsterdam Treaty was signed on 2 October 1997).

A clause on accession of the European Community to the Convention would not "trigger" EC competence (the concern of many Member States): it would assume it. It is also important to underline that actual accession of the EC to this convention will depend on a separate future Council decision.

Finally, it should be underlined that Member States will no longer be competent for the whole of the Convention if EC competence is exercised on certain matters covered by it in the future. This would cause a clear legal problem without an accession clause for the EC. This follows from the principles relating to external competence, as laid down by the Court of Justice about 30 years ago in the ERTA judgment (Commission v. Council, Case 22/70, judgment of 31 March 1971; confirmed in Opinion 1/76 of 26 April 1977).

The Court held that once the EC has exercised competence over a particular matter (or simultaneously with such exercise, as clarified in Opinion 1/76), the EC is also empowered to negotiate and conclude international agreements. As a result, Member States can no longer participate for that part:

"These Community powers exclude the possibility of concurrent powers on the part of Member States, since any steps taken outside the framework of the Community institutions would be incompatible with the unity of the Common Market and the uniform application of Community law." (para. 31 of the ERTA judgment)

There are some areas where the EC has already exercised its competence and with which the CoE Cybercrime Convention interacts and overlaps (for example, data protection and electronic commerce). At present, the extent of this competence does not prevent Member States from signing or ratifying the Convention. However, there is also "potential" competence, which has been given by the EC Treaty but has not yet been exercised by adoption of EC rules. In such cases, there is not yet an exclusive competence of the European Community to negotiate and conclude international agreements, though this could occur in the future.

New proposed text for an accession clause

The Commission services originally proposed that the draft Convention should include a simple statement that the "European Community may accede to the Convention". However, at the Substantive Criminal Law Working Party on 8 December, concern was expressed that this might imply that the European Community could have competence over all the matters covered by the Convention. It has been suggested that the approach adopted for the UN Convention of December 2000 on Transnational Organised Crime could be used. This requires a declaration explaining the extent of EC competence when the Community accedes. Nevertheless, it should be taken into account that this type of declaration has never been used nor required in Council of Europe conventions. Such a move should have considerable consequences in the future participation of the Community in Council of Europe conventions. The Commission services therefore consider that the common position of Member States should be based on the proposal that Article 37 (Accession to the Convention) of version 25 of the Council of Europe draft Convention on Cybercrime should include a new paragraph 3 as follows:

"3. The European Community may also accede to the present Convention."

Disconnection clause

The need for a disconnection clause

As described above, the Convention touches upon several areas of Community law. It is standard practice in many Council of Europe Conventions to include a disconnection clause for Community law. The disconnection clause is needed:

· to ensure legal security and clarity;
· to ensure the consistency of any national measures taken on the basis of the Convention with EC law , and to avoid the fragmentation of the Internal Market and the hampering of its development;
· to remind MS of the importance of taking EC law into consideration in the future implementing measures of the Cybercrime Convention (thus preventing possible conflicts);
· a general disconnection clause is more efficient than trying to identify, for each Convention aspect, possible inconsistencies with EC law. This in addition is a difficult exercise, given that the Convention provisions are general and that EC legislation may evolve. Because the Convention provisions are so general, incompatibility with EC law could arise from their implementation into domestic law. A disconnection clause is also helpful in reassuring all the interested parties that the Convention will not usurp existing Community law instruments.

Some delegations have argued that this issue is already covered in Article 39(2) of the draft Convention which reads as follows:

"If two or more Parties have already concluded an agreement or treaty on the matters dealt with in this Convention or otherwise have established their relations in this matter, or should they in future do so, they shall be entitled to apply that agreement or treaty or to regulate those relations accordingly, in lieu of the present Convention".

The Commission services do not believe this is sufficient. In particular, it is a discretionary provision since it uses "entitled" rather than the "shall" used in the Commission's proposal. Member States do not have any discretion whether to apply Community law. It is also not clear enough since it does not explicitly cover the European Community. Finally, although this approach was adopted in the closing stages of the negotiations on the 1999 Council of Europe Criminal Law Convention on Corruption, it should be underlined that this was not the outcome originally sought by the Commission services.

Proposed text for a disconnection clause

The Commission services have therefore suggested the following clause which is based on the standard clause in many previous Council of Europe Conventions:

"In their mutual relations, Parties which are members of the European Union shall apply the rules of the European Community and the rules laid down or based on Title VI of the Treaty on European Union, and shall therefore not apply the provisions arising from this Convention except insofar as there are no such rules governing the particular subject concerned."

In this instance, the Commission services have also suggested that the disconnection clause should be extended to take account of Title VI of the TEU, so as to secure that further developments (e.g. regarding judicial cooperation) within the Union would get primacy over the convention in the relations between Member States. The Commission services accept that the extension to Title VI is new and perhaps more controversial than the standard Community law disconnection clause. However, the Commission believes it would be helpful to extend the disconnection clause to make clear that instruments adopted under Title VI of the TEU should take precedence over the Council of Europe Convention in the event of any inconsistency in the application of the provisions between Member States of the European Union.



Statewatch News online

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error