[Check Against Delivery]
Vice-President of the European Commission, EU Commissioner for Justice
Today's Justice Council – A Council of Progress
Justice Council press conference
Luxembourg, 6 June 2014
This Justice Council was about progress. Progress in building a real European area of Justice that works for businesses and citizens alike; progress on data protection, children's rights and cross-border insolvency.
On the data protection reform, we clearly moved from dormant to dynamic negotiations.
Thanks to the constructive spirit of Charalambos and the Greek Presidency in general today we agreed on two very important pillars of the data protection reform:
First, agreement on the rules that govern data transfers to third countries (the so-called "Chapter V" of the Regulation). The Regulation sets out three avenues which can be used to make legal data transfers. One, when the Commission has found that a third country is "adequate" in terms of data protection. This means that certain conditions – set out in the law – like for example having robust data protection legislation or a data protection authority in place, are met. Two, when appropriate safeguards exist, including for example binding corporate rules approved by data protection authorities. And three: in clearly defined specific situations which necessitate the transfer, for example a tax or competition investigation.
These three roads will lead the way to secure data transfers. In the light of all the surveillance revelations, this is an important signal.
Second, Ministers agreed on the territorial scope of the data protection regulation. In simple words: EU data protection law will apply to non-European companies if they do business on our territory - the European Single Market. This might strike you as self-evident. But let me tell you: far from it. It was one of the most contentious points when I presented the data protection reform in January 2012. And companies still today argue differently taking the matter to courts. I am glad that the European Court of Justice in its recent landmark ruling on the right to be forgotten brought some clarity confirming the Commission's view.
It is important to cement this principle once and for all into law – Article 3 of the Data Protection Regulation. It's in the interest of companies to have legal certainty rather than having to spend money in costly law suits only to arrive at the same result at the end.
We also discussed once more the one-stop shop principle according to which there should be one decision by one single data protection regulator when it comes to cross-border services involving data processing. This will cut red tape for companies and citizens and make sure data protection rules are applied consistently throughout the EU. Positions are coming closer to the model for such a system with the general understanding that there should be a "lead authority" which works closely with other concerned authorities, notably the local authority with which citizens lodge a complaint (to ensure "proximity").
In short: the data protection reform is on track. It is on the right track to ensure "the completion of the Digital Single Market by 2015" – as Heads of State and government agreed in October.
Let me briefly mention two other important agreements of today.
Better protection for children in criminal court proceedings
The Council agreed on rules that will better protect children in criminal court proceedings. This agreement comes in a record time: only six months after I presented the proposal!
Today, judicial systems in Europe are not always adapted to the needs of children – despite having more than 1 million children facing criminal justice proceedings every year.
As the most vulnerable in society they deserve special protection. During criminal proceedings they might be distressed because they might not understand what is happening or what they are accused of. That is why we must provide the highest possible safeguards for children in criminal proceedings.
That's what we are doing with this European law. It says that children should not be able to waive their right to be assisted by a lawyer, as there is a high risk that they would not understand the consequences. Children should not be questioned in public hearings; they should have the right to a medical examination and be separated from adult inmates if deprived of liberty. Children will also be able to benefit from other safeguards such as being informed about their rights, being assisted by their parents (or other appropriate persons).
This proposal puts the interests of the child first. It is part of our broader efforts to promote a child-friendly justice system.
Cross-border insolvency law
From justice for citizens, to justice for growth. The Council also agreed today on modernised rules for cross-border insolvency. It's important to give honest businesses in financial difficulties a second chance.
We all know that businesses are essential for prosperity and jobs, but setting one up – and keeping it going – can be tough. In 2012, I proposed to modernise the current EU rules on cross border insolvency to shift the focus away from liquidation and develop a new approach to help businesses overcome financial difficulties, whilst protecting creditors' right to get their money back. Europe needs a ‘rescue and recovery’ culture for viable businesses and individuals in financial difficulties.
Around 50% of companies survive less than five years, and around 200,000 firms go bankrupt in the EU each year. This means that some 600 companies in Europe go bust every day.
We need a legal framework that gives companies a second chance. That's exactly what the rules agreed upon today do: they make it easier to restructure a business, they also cover groups of companies – which in a cross-border environment is crucial – and they provide clear rules to determine jurisdiction.
After ministers today gave their green light, now we can start the final trilogue negotiations with the European Parliament on the last details so that companies can swiftly get benefit from these rules.
This was a Council full of decisions! A Council full of "crafting compromises". I should probably thank Hephaestus (the Greek God of the craftsmen) but instead I want to sincerely thank Charalambos for his hard and committed work which made files ripe for decisions today.
Questions and answers
You publicly thanked Snowden for advancing the data protection reform. Would the EU grant Mr Snowden asylum?
One year ago the Snowden revelations were a true wake-up call. In order to show that we do need laws and we do need rules that protect our business and citizens from undue snooping. The political asylum is purely a matter for the Member States.
What is the state of play of negotiations with the U.S. on data protection and how do things stand on Safe Harbour?
In December 2011 the Member States gave a mandate to the European Commission to negotiate an umbrella agreement on the matter of data protection. Since then we have negotiated, intensely, without tiring. And now we are in the final stages of these negotiations. I think that 95% of what could be agreed - has been. There are the last sticking 5%, which are not yet agreed, which concern the judicial redress. For example, when Americans come to Europe and they think the authorities have not handled their case correctly, they can go to a European court. However an EU citizen cannot do the same in the U.S. and go to an American court. There is no reciprocity; we do not have the basis for judicial redress. You cannot make an agreement if you do not have judicial redress. The U.S. has recognised the importance of this request on several occasions- but they need to have a law. I have not yet seen it. You might have seen that the major tech companies today, asked changes to be made in the USA Freedom Act in order to improve the privacy safeguards – now that could be an opportunity to put into such a reform our requests for reciprocity and judicial redress, which is exactly what I will discuss with Eric Holder on 25 June.
Safe Harbour state of play: Safe Harbour is not safe at all – that is why we have put 13 recommendations to our American counterparts – these are non-negotiable. Safe Harbour is a European Commission decision to implement, in order to make it easier for EU-U.S companies to exchange data. We are discussing these 13points; so far 12 have been answered in a positive way – the 13th point not yet. And for me it is very clear: I have made it clear to my counterparts that the 13th point must be clarified for the European Commission to finally say that Safe Harbour is "safe".
What exactly is the "sticking point" in the negotiations with the U.S. and will the Americans play for time with the European Commission's current mandate coming to an end? We have an institutional continuity. Just because there is a change in Commissioner doesn't mean there will be a change in policy. Everything a Commissioner does is backed by the College. On Safe Harbour, it is the primary responsibility of the Commission to operate on this point. I told you, out of 13 points, 12 have been agreed, the 13th on is the National security exception – for me it is an exception not a rule. We have a problem of definition here. It should be an exception not a hoover. This must be clarified before we can give our agreement to Safe Harbour – and if I say "we" I speak in the name of my institution.
On reports concerning Vodafone's revelations of data access requests:
What's the news? One year after the Snowden revelations, this shows again the scale of collection by Governments of data being held by private companies.
Without commenting on the specific Vodafone reports today, what I can say is that data access should always be framed by clear laws or judicial warrants. There should not be unregulated, direct and automatic mass access by law enforcement authorities to data of citizens held by private companies. Only where there is a clear suspicion. Not with a hoover but with tweezers.
The current situation is also bad for business. Companies need legal certainty and trust from their customers. They need to be able to promise their customers privacy. Data protection generates trust - it is thus a profitable business model.