ARTICLE 29 DATA PROTECTION WORKING PARTY
1SANK0H
1SANK0H
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
oversight bodies which have been found compliant. In the surveillance context, those would<br />
be in particular the Investigatory Powers Tribunal (IPT) in the UK and the G10 Commission<br />
in Germany.<br />
Whether this is the case, needs to be additionally assessed by analysing the powers granted to<br />
the ‘independent’.<br />
3.5.3.7 Investigatory powers<br />
In the Kadi II case the CJEU ruled in regard to Article 47 Charter that “the person concerned<br />
must be able to ascertain the reasons upon which the decision taken in relation to him is<br />
based, either by regarding the decision itself or by requesting and obtaining disclosure of<br />
those reasons, without prejudice to the power of the court having jurisdiction to require the<br />
authority concerned to disclose that information, so as to make it possible for him to defend<br />
his rights in the best possible conditions”. 77 The Courts of the European Union are to ensure<br />
that that decision is taken on a sufficiently solid factual basis 78 . It states clearly that “the<br />
secrecy or confidentiality of […] information or evidence is no valid objection”, at least not<br />
before the Courts of the European Union 79 . Therefore the Working Party concludes that the<br />
Ombudsperson must be given information and evidence that support the reasons relied on for<br />
conducting a measure, to meet the requirements of the CJEU 80 .<br />
It is as yet unclear what the extent of the investigatory powers of the Ombudsperson would<br />
be. Both the Commission draft decision and the Annex III from the State Department are not<br />
abundantly clear on this issue. As far as the Working Party understands, the Ombudsperson<br />
should get sufficient information in order to be able to state if a data processing operation by<br />
the security services takes place in accordance with the law, and if not, to make sure that the<br />
non-compliant situation is remedied. Neither the letter from the State Department nor the<br />
Commission draft decision however specify if the Ombudsperson would have direct access to<br />
the data held on the individual in question and can thus carry out his/her own investigation, or<br />
if he/she can only rely upon the reports from other U.S. Government officials.<br />
3.5.3.8 Remedial powers<br />
It remains rather unclear from the Memorandum in what way the Ombudsperson can order<br />
non-compliance to be remedied. In combination with the lack of clarity concerning the<br />
investigatory powers, it moreover remains unclear to what extent the Ombudsperson as such<br />
will be effectively capable of ordering non-compliance to be remedied and what the result of<br />
such an exercise would be. Could this mean data that was obtained in a non-compliant way<br />
(i.e. illegally) can no longer be used in any procedure and should be deleted?<br />
77 Kadi II §100.<br />
78 Kadi II §119.<br />
79 Kadi II §125.<br />
80 Kadi II §122; although the authority concerned does not have to produce all information and evidence underlying the<br />
reasons for a measure.<br />
50