ARTICLE 29 DATA PROTECTION WORKING PARTY
1SANK0H
1SANK0H
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
efers to an ‘EU individual’ without further defining who that is. The Working Party regrets<br />
this uncertainty and suggests to provide for clarification in the sense that all persons subject to<br />
EU law have the right to have her or his request to the Ombudsperson processed according to<br />
the conditions of the Memorandum. Additionally, the Commission and the U.S. should<br />
address the question to what extent the Privacy Shield will also apply to citizens / residents of<br />
the countries of the EEA and Switzerland, which in the past did enjoy coverage by the Safe<br />
Harbour scheme.<br />
Furthermore, the WP<strong>29</strong> notes some uncertainty as to the scope of application of the<br />
Ombudsperson mechanism. Whereas the Memorandum provides that the Ombudsperson is<br />
charged with processing requests relating to national security to data transmitted from the EU<br />
to the U.S. pursuant to all transfer tools available under EU law, it is equally made clear in the<br />
Memorandum that it sets forth a mechanism “regarding signal intelligence”. The latter term<br />
suggests that only such data transfers are covered where the data was collected by means of<br />
signal intelligence, which leads to the question whether data collected under FISA, e.g., is<br />
considered ‘signals intelligence’. That appears to be the case as regards Section 702, as<br />
explained in the representation by the ODNI, p. 10. 73 However, the WP<strong>29</strong> regrets that the use<br />
of the term ‘signal intelligence’ creates unnecessary uncertainty in this context.<br />
As another consequence, it is the understanding of the Working Party that the Ombudsperson<br />
mechanism does not cover requests related to access by law enforcement agencies. 74 If so, it<br />
would remain unclear whether requests from some agencies, notably the CIA, would be<br />
covered by the mechanism.<br />
3.5.3.5 ‘Standing’ and the procedure of the request<br />
To bring legal proceedings against surveillance measures by the U.S. Government before<br />
ordinary courts in the United States is very difficult. The Working Party is aware that the<br />
Supreme Court has denied standing in intelligence cases, where the applicant was not able to<br />
show individual “concrete, particularised, and actual or imminent or injury”. 75 In this regard<br />
the establishment of the Ombudsperson is an important step, as it adds an avenue to some<br />
form of legal redress which would otherwise not be existing. The Working Party therefore<br />
welcomes the clarification in section 3(c). Based on this section, a demonstration that the<br />
requestor’s data has in fact been accessed through signal intelligence activities is not needed<br />
in order to file a request under the new mechanism.<br />
The Working Party largely endorses the procedure for identification of the complainant under<br />
the Ombudsperson mechanism. It makes perfect sense to have the identification take place on<br />
EU territory, as is also the case for the access mechanism under the EU-U.S. TFTP2<br />
Agreement. However, the Working Party fails to understand why the verification in the EU<br />
should be carried out by the “Member States bodies competent for the oversight of national<br />
security services”. In the first place, it seems unlikely that following article 4(2) Treaty on the<br />
73 Privacy Shield Annex VI, p. 10<br />
74 Memorandum on the establishment of an Ombudsperson, p.1<br />
75 Clapper v. Amnesty International USA, 568 U.S. ___ (2013) II. p.10<br />
48