Hostname: page-component-745bb68f8f-b95js Total loading time: 0 Render date: 2025-01-09T03:13:46.603Z Has data issue: false hasContentIssue false
  • English
  • Français

Making the Essence of Fundamental Rights Real: The Court of Justice of the European Union Clarifies the Structure of Fundamental Rights under the Charter

ECJ 6 October 2015, Case C-362/14, Maximillian Schrems v Data Protection Commissioner

Published online by Cambridge University Press:  28 July 2016

Tuomas Ojanen
Rights & Permissions [Opens in a new window]

Abstract

An abstract is not available for this content. As you have access to this content, full HTML content is provided on this page. A PDF of this content is also available in through the ‘Save PDF’ action button.

Keywords

data protectionprivacyEUUS
Type
Case Note
Information
European Constitutional Law Review , Volume 12 , Issue 2 , September 2016 , pp. 318 - 329
Copyright
Copyright © The Authors 2016 

Introduction

On 6 October 2015, the European Court of Justice (the Court) ruled that the European Commission’s US ‘Safe Harbour’ decision of 26 July 2000Footnote 1 is invalid.

The judgment was issued within the preliminary reference procedure under Article 267 TFEU in a case in which the High Court (Ireland) had asked the Court to ascertain whether the Commission decision had the effect of preventing a national supervisory authority from investigating a complaint alleging that the third country does not ensure an adequate level of protection and, where appropriate, from suspending the contested transfer of data. In addition, the Irish court had asked the Court to investigate the validity of the Safe Harbour Decision in light of Article 7 (the right to respect for private life and communications), Article 8 (the right protection of personal data) and Article 47 (the right to an effective remedy) of the Charter of Fundamental Rights of the European Union (the Charter).

The request for a preliminary ruling had been submitted in proceedings between Mr Schrems and the Irish Data Protection Commissioner concerning the latter’s refusal to investigate a complaint made by Mr Schrems regarding the fact that Facebook Ireland Ltd had kept its subscribers’ personal data on servers located in the United States. In essence, Mr Schrems had claimed that the US legal system failed to offer real protection of the data kept in the United States against electronic mass surveillance by the National Security Agency (NSA), as disclosed through the revelations by former CIA contractor Edward Snowden. In essence, therefore, Mr Schrems’ complaint was about transfers of personal data from Facebook Ireland to Facebook USA, as well as about a more general challenge against the level of protection ensured for such data under the safe harbour scheme.

It is noteworthy that the claims by Mr Schrems were largely endorsed by the Irish court. Especially, the domestic court found that the NSA and other United States security agencies were able to access personal data in the course of indiscriminate blanket surveillance and interception of such data, once data had been transferred to the United States. Hence, the Irish court took the view in its reference to the European Court of Justice that this kind of mass and undifferentiated accessing of personal data failed to satisfy the requirement of proportionality and, accordingly, was contrary to the Constitution of Ireland. As a matter of Irish law, therefore, the Commissioner would have been under a duty to examine the complaint by Mr Schrems.

However, as the Irish court considered the case to involve implementation of EU law within the meaning of Article 51(1) of the EU Charter of Fundamental Rights, it decided to request a preliminary ruling by the Court of Justice on the legality of the Commissioner’s decision, and the Safe Harbour decision in general, in the light of the Data Protection DirectiveFootnote 2 and Article 7, Article 8 and Article 47 of the Charter. The Data Protection Directive provides that personal data may be transferred to a third country only if that third country ensures an adequate level of protection of the data. Moreover, the Directive allows the Commission to find that a third country ensures an adequate level of protection by reason of its domestic law or its international commitments. Furthermore, the Directive requires member states to designate one or more public authorities responsible for monitoring the application within its territory of the national provisions adopted on the basis of the Directive.

The preliminary ruling of the European Court of Justice was twofold: On the one hand, the Court clarified the powers of the national supervisory authorities, where the Commission has adopted an adequacy decision, by ruling that the Safe Harbour decision does not prevent national supervisory authorities from examining the claim that the law and practices of the third country do not ensure an adequate level of protection. In reaching this conclusion, the Court drew heavily on the right to the protection of personal data under the Charter, including the obligations of the national supervisory authorities to monitor compliance with the EU rules concerning the protection of individuals with regard to the processing of personal data.

One the other hand, the Court declared the Safe Harbour decision to be invalid. According to the Court, the decision was not ‘limited to what is strictly necessary where it authorises, on a generalised basis, storage of all the personal data of all the persons whose data is transferred from the EU to the United States without any differentiation, limitation or exception being made in the light of the objective pursued and without an objective criterion being laid down for determining the limits of access of the public authorities to the data and of its subsequent use’. Moreover, the Court emphasised that legislation permitting ‘the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life…[under the Charter]’.Footnote 3 Likewise, the Court noted that the Decision failed to respect ‘the essence of the fundamental right to effective judicial protection, as enshrined in Article 47 of the Charter’.Footnote 4

The judgment in Schrems is by a Grand Chamber of the Court, an enlarged composition of fifteen judges reserved for high-profile cases. Therefore, the judgment should be seen as setting a significant precedent, especially insofar as the following two issues are concerned: first, the judgment works out the constitutional structure of fundamental rights under the Charter by confirming at a level of a concrete court case what the limitations clause of Article 52.1 of the Charter expressly provides: fundamental rights contain an essence or inviolable core that cannot be violated under any circumstances; second, Schrems clarifies the EU law approach to the issue of electronic mass surveillance in light of privacy and data protection rights, including the right to an effective remedy, under the Charter.

The reasoning of the Court in Schrems includes many references to its earlier landmark ruling in Digital Rights Ireland and Others Footnote 5 in which the Grand Chamber of the Court ruled that the Data Retention DirectiveFootnote 6 is invalid.Footnote 7 Up until Schrems, the Digital Rights Ireland ruling set out the foundations of the EU law approach regarding electronic mass surveillance, but Schrems now brings about significant additions in this regard. Thus, the Digital Rights Ireland and Schrems judgments must be read in tandem as precedents that provide a general framework for rights-based review of electronic surveillance in light of the Charter.

The following will provide a very focused case note of the Schrems judgment, as it will only be targeted to the second part of the judgment, in which the Court, while reviewing the validity of the Safe Harbour decision, made important observations on the constitutional structure of fundamental rights under the Charter. Conversely, the first major part of the judgment relating to the powers of national supervisory authorities when the European Commission has adopted an adequacy decision will fall outside the scope of the following analysis. Similarly, the outcome of the judgment regarding fundamental rights assessment of electronic surveillance,Footnote 8 and for that matter its implications on the EU and the US privacy laws or global business landscape, will receive no attention.Footnote 9

The essence of fundamental rights: no limitations, no balancing

For the purposes of this comment, the most remarkable part of the Court’s ruling in Schrems can be found in paragraphs 94 and 95 insofar as the constitutional structure of fundamental rights under the Charter is concerned. In paragraph 94, the Court’s analysis of the validity of the Safe Harbour decision in light of the right to privacy concluded with the following observation: ‘In particular, legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life, as guaranteed by Article 7 of the Charter’. In paragraph 95, the Court added: ‘Likewise, legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, does not respect the essence of the fundamental right to effective judicial protection, as enshrined in Article 47 of the Charter’.

What makes these judicial findings so remarkable? The central reason is that these observations by the Court apply, on the level of a concrete court case, the stipulation under Article 52.1 of the Charter that any interference with fundamental rights must ‘respect the essence of those rights’. More precisely, these statements show that, as legal norms, fundamental rights protected by the Charter should not only be treated as principles that may be balanced and weighed against other competing principles. In addition, these rights are capable of generating rules that should be applied in an either/or manner. Accordingly, they determine the outcome of the case, as well as bar any balancing or weighing, no matter how weighty or pressing the legitimate aims of any restriction are, or any other legal arguments made. In practice, therefore, the essence of the right to privacy may not be restricted or balanced even if e.g. important security concerns are at stake. The Schrems ruling makes real the idea of the essence of fundamental rights, as clearly as is possible by a judicial body, thereby enriching our understanding of the structure of fundamental rights under the Charter.Footnote 10

I hasten to add that the existence of the essence of fundamental rights (or constitutional rights or human rights, whichever terminology is used in a given legal order) is as such recognised in various domestic or European systems for the protection of fundamental and human rights.Footnote 11 However, the idea of the inviolable core or essence of rights is usually not expressly provided by the text of the constitutional or treaty provisions on rights. Instead, it has remained more a matter of construction by international treaty bodies and constitutional courts or other actors. For instance, the individual provisions of the ECHR contain no express reference to the idea of the essence of rights, but the case law of the European Court of Human Rights includes many references to the idea of the essence of the rights under the ECHR.Footnote 12 Similarly, while the International Covenant on Civil and Political Rights is silent on the essence of rights, the UN Human Rights Committee has mentioned the essence of human rights in its General Comment 27 by noting that ‘States should always be guided by the principle that the restrictions must not impair the essence of the right’.Footnote 13

However, what is a significant contribution by the EU Charter of Fundamental Rights to contemporary European and international fundamental and human rights law is that its Article 52.1 on the permissible limitations on fundamental rights explicitly recognises the existence of the essence of a fundamental right as follows:

(a)ny limitation on the exercise of the rights and freedoms laid down by the Charter must be provided for by law, respect their essence and, subject to the principle of proportionality, limitations may be made to those rights and freedoms only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others. [author’s emphasis]

The permissible limitations test under Article 52.1 of the Charter is largely a codification of the case law of the European Court of Justice. This is also so insofar as each fundamental right should be understood as containing an essence that cannot be impaired under any circumstances. Indeed, the European Court of Justice took this position at the outset when it started recognising fundamental rights to be enshrined in the general principles of (what was then) Community law and protected by the Court in the late 1960s. In the classic Nold case from the early 1970s, for instance, the Court already noted that fundamental ‘rights should, if necessary, be subject to certain limits justified by the overall objectives pursued by the Community, on condition that the substance of these rights is left untouched.’Footnote 14 Although the Court’s judgment in Nold generally refers to the ‘the constitutional laws of all the Member States’ as a source of inspiration, special relevance was probably assumed by the German Constitution, including the case law of the German Federal Constitutional Court, on the protection of the essence (‘Wesensgehalt’) of rights protected by the German Constitution.Footnote 15

On a closer analysis, Article 52.1 of the Charter includes the following distinct, yet inter-related conditions for the determination whether the interference with the rights guaranteed by the Charter is justified:

  1. (a) limitations must be provided by the law;Footnote 16

  2. (b) the essence of a fundamental right cannot be subject to limitations;

  3. (c) limitations must have a legitimate aim in that they correspond with the objectives of general interest recognised by the EU or the need to protect the rights and freedoms of others;

  4. (d) limitations ought to be necessary for genuinely reaching the legitimate aim;

  5. (e) limitations must conform to the principle of proportionality.

    Once read in conjunction with Article 52.3 of the Charter, affirming the status of the ECHR as the ‘minimum standard of protection’,Footnote 17 the permissible limitations test also includes the condition that:

  6. (f) Limitations must be consistent with the European Convention on Human Rights.Footnote 18

Each condition listed above has an autonomous function to fulfill. As these conditions are cumulative, one failure suffices to result in a conclusion that interference amounts to a violation of the Charter. Given all these characteristics, the permissible limitations test under the Charter is one of those concrete arrangements that generates both substantive as well as doctrinal coherence between the Charter and the ECHR and other human rights treaties, notably the International Covenant on Civil and Political Rights,Footnote 19 as well as the domestic systems for the protection of fundamental rights.

However, while the idea of the inviolable essence is as such often ‘inbuilt’ in modern fundamental and human rights law, and Article 52.1 of the Charter even contains explicit reference to it, the idea has often remained more a matter of doctrine than of real legal practice. Given the distinction between law in books and law in action, the de facto finding by the Court in Schrems, i.e. that the essence of the right to privacy and the rights to effective judicial protection was indeed violated and, a fortiori, the Safe Harbour Decision was invalidated, can really be considered a landmark ruling in class of its own. The significance of the judgment is accentuated by the fact that the European Court of Human Rights has not yet confirmed that a similar wide-ranging interference violates the essence of the right to private life under Article 8 ECHR.Footnote 20

Furthermore, the Court’s judgment in Schrems indicates that the triggering of the essence of fundamental rights at issue, i.e. the right to private life and the right to an effective remedy, by the Safe Harbour Decision really determined the outcome of the case, without there being ‘any need to examine the content of the safe harbour principles’, or address any other legal arguments made.Footnote 21 Hence, the Court even seems to acknowledge the idea that fundamental rights must be understood as having a ‘hard core’ that should remain outside the scope of application of the balancing test. In this regard, the Court’s position resembles that of the German Constitutional Court, which has noted that even ‘overwhelmingly important public interests cannot justify a limitation of the absolutely protected essential core of private life; balancing under the principle of proportionality is not in issue’.Footnote 22

The application of the essence test also sets Schrems apart from the Court’s earlier ruling in the Digital Rights Ireland case. In the latter ruling, the Court quite bluntly rejected the argument raised by the some of the parties that the Data Retention Directive violated the essence of the right to private life and the right to the protection of personal data by laconically stating that the directive did not ‘permit the acquisition of knowledge of the content of the electronic communications as such’.Footnote 23 The outcome of this finding was that the role of the proportionality of the interference by data retention became crucial in the Court’s assessment of the Data Retention Directive for its compatibility with privacy and data protection rights under the Charter.

What constitutes the essence of fundamental rights?

One of the most essential questions is now, of course, the scope of application of a rule-based approach, i.e. how to define the essence of a fundamental right? Clearly, this is a question that can ultimately be answered properly only by taking into account carefully the normative elements of each fundamental right and the characteristics of a particular case.

However, it can be said on a general level that, first, the essence of a fundamental right cannot usually be determined in light of its textual formulation in the Charter. Instead, the identification of the essence is a matter of contextual, moment-to-moment interpretation. Second, one and the same fundamental right, such as privacy, can give rise to more than just one legal norm that capable of functioning as a rule and, accordingly, can be understood as constituting the essence of a right. Third, not just absolute or non-derogable fundamental rights, such as the prohibition against torture, but also such fundamental rights that may be subject to permissible limitations under Article 52.1 of the Charter, can be understood as possessing the inviolable essence. The limitations clause of Article 52.1 of the Charter clearly shows that any interference of fundamental rights must ‘respect their essence’. Schrems has now redeemed that promise by Article 52.1 insofar as the right to privacy and the right to an effective remedy under Articles 7 and 47 of the Charter are concerned.

In light of Digital Rights Ireland and Schrems, as well as certain other case law by the European courts, it is possible to add, insofar as the right to privacy is concerned, that a ban on mass and indiscriminate access to the content of electronic communications, as well as biometric dataFootnote 24 can be understood as featuring as such an inviolable essence of privacy that operate as rules which, accordingly, bar any balancing or weighing within their scope of application. For the sake of avoiding misunderstandings, it should be emphasised that the access of public authorities to the content of electronic data as such does not trigger the essential core of privacy: it is only if there is indiscriminate blanket access by the public authorities to the content of electronic communications that a violation of the essence of the right to privacy can be found.

Regarding the right to an effective remedy under Article 47 of the Charter, in turn, Schrems shows that the essence of this right is violated if a legislative measure fails to ‘provide for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data’. This is because the first paragraph of Article 47, as seen in light of the Court’s earlier case law, requires ‘everyone whose rights and freedoms guaranteed by the law of the European Union are violated to have the right to an effective remedy before a tribunal in compliance with the conditions laid down in that article’. According to the Court, the ‘very existence of effective judicial review designed to ensure compliance with provisions of EU law is inherent in the existence of the rule of law’.Footnote 25

However, it is significant to add, regarding the right to privacy under Article 7 of the Charter, that Digital Rights Ireland and Schrems can be combined to maintain a distinction between the content of confidential communications and metadata (e.g. location data and traffic data), although it would be misleading to suggest that such a distinction is very strong in light of these two rulings. As already noted, the Court rejected the argument that data retention constitutes the violation of the essence of the fundamental rights to privacy and data protection. Even if ‘the retention of data required by Directive 2006/24 constitutes a particularly serious interference with those rights’, the Court took the view that it was not ‘such as to adversely affect the essence of those rights given that, as follows from Article 1(2) of the directive, the directive does not permit the acquisition of knowledge of the content of the electronic communications as such’.Footnote 26 The ‘hint’ in Digital Rights Ireland that the content of the electronic communications as such would only trigger the essence of the right to privacy under Article 7 of the Charter was fully exposed in Schrems where mere access by the public authorities, on a generalised basis, to the content of electronic communications was regarded as compromising the essence of the fundamental right to respect for private life under the Charter.

Thus, the Court’s reasoning in these two precedents suggests that the so-called metadata, such as traffic and location data, only come close to the essence of privacy under the Charter, yet fail to trigger that essence. While the Court’s ruling in Digital Rights Ireland went to some lengths to emphasise that metadata may also allow ‘very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained’,Footnote 27 the Court’s reliance on the distinction between ‘content’ and ‘metadata’ can be criticised as being orthodox, even obsolete. After all, the distinction between the content of the electronic communications and such metadata as traffic data and location data is very rapidly fading away in a modern network environment. A lot of information, including sensitive information, about an individual can very easily be revealed by monitoring the use of communications services through traffic data collection, storage and processing. As the saying goes, ‘we kill people based on metadata’.Footnote 28

Therefore, the interference with the right to privacy by the sweeping processing of metadata by public authorities for the purposes of surveillance cannot any longer be invariably seen as falling within such ‘peripheral areas’ of privacy where limitations would be permissible more easily than in the context of the content of electronic communications. Indeed, the more systematic and wide the collection, retention and analysis of metadata becomes, the closer it can be seen as moving towards the core area of privacy and data protection, with the outcome that at least the most massive, systematic forms of collection and analysis of metadata can be regarded as constituting an intrusion into the inviolable core of privacy.Footnote 29

Conclusion

Schrems turns into reality the idea that each fundamental right – and not just absolute or non-derogable rights but also those subject to permissible limitations – should be understood as including the inviolable essence that allows neither limitations nor balancing.Footnote 30 While this idea is as such acknowledged in various domestic or international jurisdictions of rights protection, it still makes a difference if a court de facto really applies this idea, instead of just generally referring to it , as a matter of judicial routine, as one of the starting points for the determination of the case. Especially since 9/11 it has been an arduous task to advocate such an understanding of fundamental rights and human rights, as the scale and nature of terrorism has been regarded as justifying even an abstract tradeoff between rights versus security in terms of ‘striking a new balance between liberty and security’.Footnote 31 However, one of the major lessons from Digital Rights Ireland and Schrems now is that any such trade-off in abstracto should be rejected. Instead, there should be a systematic and rigorous case-by-case assessment of fundamental rights intrusions in accordance with the permissible limitations test, including readiness to apply the ‘essence test’ if the intrusion in question by e.g. blanket and indiscriminate electronic surveillance triggers the essence of a right.Footnote 32

Some scholarly reactions after Schrems have been that the Court has elevated the right to privacy above all other fundamental rights under the Charter. For instance, it has been argued that privacy has now become ‘a super-fundamental right that reigns supreme above all other rights’.Footnote 33

However, it is submitted in conclusion that the implication by Schrems is not that the right to private life has now become more central to the protection of fundamental rights than the other fundamental rights under the Charter. Rather, Schrems ‘only’ de facto verifies what Article 52.1 of the Charter already expresses: any interference with fundamental rights, including privacy, must ‘respect their essence’. In this regard, Schrems may also revive the more theoretical discussion of the limits of rights and the guarantees of an essential core of rights: whether the essence of each right cannot be limited under any circumstance (the so-called absolute theory) or whether the essence of rights is the outcome of the balancing test (the so-called relative theory)?Footnote 34

In addition, the Court’s judgment in Schrems amounts to a further vindication of privacy as a fundamental right and human right alongside with its earlier ruling in Digital Rights Ireland. After all, the erosion of privacy in the fight against terrorism has been a matter of great concern in recent years, but Schrems is now the latest judicial wake-up call on the need to take privacy rights seriously while countering terrorism.Footnote 35

Footnotes

*

Professor of Constitutional Law, University of Helsinki, Director of the Research Consortium ‘Laws of Surveillance and Security’, funded by the Academy Finland. This case note is the product of that project.

References

1 Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the ‘safe harbour’ privacy principles and related frequently asked questions issued by the US Department of Commerce (OJ 2000 L 215, p. 7).

2 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ 1995 L 281, p. 31).

3 Case C-362/14 Maximillian Schrems v Data Protection Commissioner, at para. 94.

4 At para. 95.

5 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (‘Data Retention Directive’).

6 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ 2006 L105, p. 54.

7 The discussion of the Digital Rights Ireland judgment is wide in scope and rich in details. See e.g. Boehm, F. and Cole, M. D., Data retention after the Judgement of the Court of Justice of the European Union. Munster/Luxembourg, 30 June 2014, <www.janalbrecht.eu/fileadmin/material/Dokumente/Boehm_Cole_-_Data_Retention_Study_-_June_2014.pdf>>Google Scholar, visited 22 June 2016; Fabbrini, F., ‘Human Rights in the Digital Age: The European Court of Justice Ruling in the Data Retention Case and its Lessons for Privacy and Surveillance in the U.S.’, 28 Harvard Human Rights Journal (2015) p. 65-95 Google Scholar; Guild, E. and Carrera, S., ‘The Political and Judicial Life of Metadata: Digital Rights Ireland and the Trail of the Data Retention Directive’, CEPS Paper in Liberty and Security No. 65 (May 2014) [Policy Paper]Google Scholar; Linskey, O., ‘The Data Retention Directive is incompatible with the rights to privacy and data protection and is invalid in its entirety: digital rights Ireland. Joined Cases C-293 & 594/12, Digital Rights Ireland Ltd and Seitlinger and others, Judgment of the Court of Justice (Grand Chamber) of 8 April 2014’, 51(6) CMLR (2014)Google Scholar; Tracol, X., ‘Legislative genesis and judicial death of a directive: The European Court of Justice invalidated the data retention directive (2006/24/EC) thereby creating a sustained period of legal uncertainty about the validity of national laws which enacted it30(6) Computer Law & Security Review (2014) p. 736-746 CrossRefGoogle Scholar; and Ojanen, T., ‘Privacy Is More Than Just a Seven-Letter Word: The Court of Justice of the European Union Sets Constitutional Limits on Mass Surveillance. Court of Justice of the European Union, Decision of 8 April 2014 in Joined Cases C-293/12 and C-594/12, Digital Rights Ireland and Seitlinger and Others ’, 10 EuConst (2014) p. 528-541 Google Scholar.

8 See Ojanen, T., ‘Rights-Based Review of Electronic Surveillance after Digital Rights Ireland and Schrems in the European Union’, in F. Fabbrini and S. Schulhofer (eds.), Surveillance, Privacy and Transatlantic Relations (Hart forthcoming 2016)Google Scholar.

9 There is already a lively discussion and debate over these issues in e.g. Verfassungsblog, available at: <verfassungsblog.de/en/>, visited 22 June 2016.

10 The distinction between principles and rules builds upon the work of Robert Alexy. See Alexy, R., A Theory of Constitutional Rights (Oxford University Press 2002)Google Scholar. For a useful summary, including critique of Alexy’s model, see Scheinin, M., ‘Terrorism and the Pull of “Balancing” in the Name of Security’, EUI Working Paper 11/2009, p. 55-63 Google Scholar.

11 See Schyff, G. van der, ‘Cutting the Core of Conflicting Rights: the Question of Inalienable Cores in Comparative Perspective’, in E. Brems (ed.), Conflicts between Fundamental Rights (Intersentia 2008) p. 131-147 Google Scholar.

12 See e.g. Golder v the United Kingdom where the court acknowledged the very essence of Art. 5.4 ECHR in the context of the deprivation of a mentally disabled person’s liberty as follows: ‘…Mental illness may entail restricting or modifying the manner of exercise of such a right … but it cannot justify impairing the very essence of the right.’ ECtHR 21 February 1975, App. No. 4471/70, Golder v United Kingdom § 38. See also e.g. ECtHR 12 July 2001, App. No. 42527/98, Prince Hans-Adam II of Liechtenstein v Germany § 44; ECtHR 25 February 1982, App. No. 7511/76, Campbell and Cosans v United Kingdom § 41 and ECtHR 7 February 2006, App. No. 60856/00, Mürsel Eren v Turkey § 44.

13 UN Doc. CCPR/C/21/Rev.1/Add. 9, para. 13. See also Report to the Human Rights Council by the Special Rapporteur on human rights and counter-terrorism, A/HRC/13/37, para. 17.

14 ECJ 11 January 1977, Case C-4/73, Nold v Commission (1974) ECR 491, para. 14.

15 For an overview and critical discussion of the case law of the German Constitutional Court on the essential core, see Alexy, supra n. 10, p. 192-196.

16 According to the ECtHR, this condition ‘not only requires that the impugned measure should have some basis in domestic law, but also refers to the quality of the law in question, requiring that it should be accessible to the person concerned and foreseeable as to its effects’. ECtHR 4 May 2000, Case No. 28341/95, Rotaru v Romania § 52. For the requirements of foreseeability and precision, see e.g. ECtHR 2 July 1984, Case 8691/79, Malone v United Kingdom § 67 and Rotaru v Romania § 57. As the ECHR, as interpreted by the ECtHR, features as a minimum standard of protection within the EU legal order, these considerations on the ‘quality of the law’ are also relevant in the context of ‘provided by the law’ criterion under Art. 52.1 of the Charter.

17 Art. 52.3 of the Charter provides as follows: ’3. In so far as this Charter contains rights which correspond to rights guaranteed by the Convention for the Protection of Human Rights and Fundamental Freedoms, the meaning and scope of those rights shall be the same as those laid down by the said Convention. This provision shall not prevent Union law providing more extensive protection.’

18 Given that several provisions of the Charter are also based on the rights guaranteed in instruments adopted in the field of human rights within the United Nations, the International Labour Organization and the Council of Europe, there is a strong case for the interpretive principle of the Charter, including the permissible limitations test clause under Art. 52.1, that these provisions of the Charter must be interpreted by taking into account those instruments, including the interpretation given to them by their monitoring bodies. See EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union, p. 17-18.

19 For the permissible limitations test under the International Covenant on Civil and Political Rights, see Scheinin, M., The right to privacy. Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism (A/HRC/13/37, December 2009)Google Scholar para. 17.

20 Scheinin, M., ’The Essence of Privacy, and Varying Degrees of Intrusion’, Verfassungsblog, 7 October 2015, <verfassungsblog.de/en/the-essence-of-privacy-and-varying-degrees-of-intrusion/>>Google Scholar, visited 22 June 2016.

21 ECJ 6 October 2015, Case C-362/14, Maximillian Schrems v Data Protection Commissioner, para. 98.

22 Judgments of the German Federal Constitutional Court, BVerfGE 34, 238 (245). Citation is from Alexy, supra n. 10, p. 193-194.

23 ECJ 8 April 2014, Joined Cases C-293/12, C-594/12, Digital Rights Ireland and Seitlinger and Others, at para. 39.

24 See ECtHR 4 December 2008, Case Nos 30562/04 and 30566/04, S and Marper v United Kingdom § 102, ECHR 2008-V.

25 Supra, n. 21, para. 95.

26 Supra n. 23, para. 39.

27 Supra n. 23, para. 39.

28 The phrase is originally from General Michael Hayden, former director of the NSA and the CIA, and relates to the comment by SA General Counsel Stewart Baker that ‘metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.’ See Cole, D., ’We kill People Based on Metadata’ The New York Review of Books (10 May 2014), <www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/>>Google Scholar, visited 22 June 2016.

29 Statement by Martin Scheinin, LIBE Committee Inquiry on Electronic Mass Surveillance of EU Citizens, Hearing, European Parliament, 14 October 2013, p. 4.

30 Scheinin, M. and Vermeulen, M., ‘Unilateral Exceptions to International Law: Systematic Legal Analysis and Critique of Doctrines that Seek to Deny or Reduce the Applicability of Human Rights Norms in the Fight against Terrorism’, EUI Working Papers Law No. 2010/08, especially at pp. 49-50 Google Scholar

31 Posner, R. A., Not a Suicide Pact: The Constitution in a Time of National Emergency (Oxford University Press 2006)Google Scholar. See also Viscusi, W. Kip and Zeckhauser, R.J., ‘Recollection Bias and the Combat of Terrorism’, 34 Journal of Legal Studies (2005) p. 27 CrossRefGoogle Scholar.

32 See also Scheinin, M. and Sorell, T., Surveille Deliverable D4.10, Synthesis report from WP4, merging the ethics and law analysis and discussing their outcomes, 7 April 2015, at p. 8-9, <surveille.eui.eu/wp-content/uploads/sites/19/2015/04/D4.10-Synthesis-report-from-WP4.pdf>>Google Scholar, visited 22 June 2016.

33 See Sarmiento, D., Schrems, ’What, Delvigne and Celaj tell us about the state of fundamental rights in the EU’, Verfassungsblog, 16 October 2015, <verfassungsblog.de/what-schrems-delvigne-and-celaj-tell-us-about-the-state-of-fundamental-rights-in-the-eu/>>Google Scholar, visited 22 June 2016.

34 See Alexy, supra n. 10, p. 193-194. See also Klatt, M and Meister, M, The Constitutional Structure of Proportionality (Oxford 2012) p. 67-68 CrossRefGoogle Scholar.

35 See Scheinin, M., Report by the Special Rapporteur on the Promotion and Protection Human Rights and Fundamental Freedoms while Countering Terrorism, A/HRC/13/37, para. 17 (28 December 2009)Google Scholar.