Nearly a year has passed since we told that you’d be now complaining about the Terrorism Directive. On 16 February, Members of the European Parliament (MEPs) will vote on the draft Terrorism Directive. EU policy-makers have meaningfully addressed only very few of the concerns that EDRi and other NGOs have raised since the beginning of the EU legislative process.
We worked hard during the elaboration of the Terrorism Directive at the EU level: we defended digital rights since the very beginning, providing policy-makers with expert input; we joined forces with other digital rights organisations; and raised our voice against key proposals together with NGOs like Amnesty International, Human Rights Watch (HRW), the International Commission of Jurists (ICJ), the Open Society Foundations (OSF), the European Network Against Racism (ENAR) and the Fundamental Rights European Experts (FREE) Group (see our joint statements here and here). As a result of the hard work and numerous exchanges with policy-makers, not everything in the Directive is bad for digital rights.
Unfortunately, not as much as we would like. However, there are still some positives. Several provisions that we had advocated for are part of the final text, for example an assurance, in principle, of being able to express radical, polemic or controversial views. We managed to eliminate mandatory internet “blocking”, and some safeguards were introduced with regard to removing and blocking online content and limiting when the absurdly vague concept of “unduly compelling a government” can constitute a terrorist offence. We also killed some bad proposals that, for instance, tried to undermine encryption and the use of TOR.
From a digital rights perspective, there is a long list of bad elements that the European Commission, EU Member States* and the majority of the MEPs of the European Parliament’s Committee on Civil Liberties (LIBE) have introduced and/or kept in the draft Terrorism Directive, including the following:
- There are gaps in the harmonisation of the definition of terrorist offences. The Directive uses ambiguous and unclear wording, giving an unacceptably wide margin of manoeuvre to Member States. For example, the Directive criminalises “glorifying” terrorism without clearly defining it. This won’t prevent abuses experienced in countries like France (see examples in our analysis, p. 18).
- “The criminalisation of the attempt is also extended to all offences…with the exception of receiving training and facilitating travel abroad”. This creates risks for fundamental rights and legal certainty. In addition, the European Parliamentary Research Service has recognised that “establishing a ‘terrorist intention’ may prove a challenge.”
- The Directive’s scope touches on activities with little to no direct relationship to actual terrorist acts. For instance, hacking-related activities can be terrorist offences. Attempting or threatening to hack an information system can be punished as a terrorist offence in a Member State. Teaching somebody how to attack an information system (e.g. hacking) can be a terrorist offence. Seeking information on how to conduct an attack to an information system, can lead to a charge for committing a terrorist offence (see here, here & here). In addition, inciting somebody to teach how to hack an information system can be a criminal offence.
- Establishment of new offences, such as “receiving training for terrorism”, which includes consulting (non-defined) terrorist websites. Consulting (non-defined) terrorist websites can be a terrorist offence if the person is judged to have had a terrorism-related purpose and intention to commit a terrorist offence. However, the Directive says that criminal intent can be inferred from the type of materials and the frequency in which an individual consults websites, for example. On top of this, it will not be necessary for a terrorist offence to be committed or to “establish a link” to other offences in order to be punished. The Directive also says that inciting someone to consult “terrorist websites” can be punishable by Member States.
- Member States can impose criminal liability on companies failing to remove or block terrorist websites.
- The process for adopting the proposal avoided all of the elements of good law-making. It was made in December 2015 without meaningful consultation, public debate or even an impact assessment. To give an idea of the importance of impact assessments, we recall that the impact assessment for amending the Framework Decision 2002 looked at the available information and opted not to recommend the adoption of blocking measures because, among other dangers, it creates a risk of jeopardising investigations and prosecutions (cf. p. 41). The 2007 impact assessment also stated that “the adoption of blocking measures … can only be imposed by law, subject to the principle of proportionality, with respect to the legitimate aims pursued and to their necessity in a democratic society, excluding any form or arbitrariness or discriminatory or racist treatment.” (cf. p. 29). In the Terrorism Directive, blocking measures can be imposed by non-legislative action. In addition, it is not even clear whether regulating non-regulated “voluntary” measures by internet companies falls under the legal basis of the Directive.
To sum up, it took a year and two months to conclude a legislative instrument that endangers the protection of our rights and freedoms. This compares badly with the time that it took the EU to conclude an instrument to protect fundamental rights, such as the General Data Protection Regulation (five years, and two more years until it enters into force). Obvious, depressing, conclusions can be drawn about the priorities that drove different parts of the EU decision-making process in both cases.
Therefore, we urge the European Parliament to vote against this Directive or at least vote in favour of some of the amendments proposed to improve some of the elements listed above.
What can you do?
You can raise awareness and contact your MEPs prior to the debate on 15 February (starting around 3pm CET) and the vote on the Directive on 16 February (around 12pm CET). After the vote, it will be the turn of your Member State to implement the Directive and give meaning to the ambiguous provisions of the Directive. If the Terrorism Directive is adopted, civil society should look closely how their national parliaments will implement it, so it will not lead to abusive provisions. Ultimately, yet again, we will have to rely on the courts to be the guardians of our civil liberties.
If you have any questions, don’t hesitate to contact us!
* The United Kingdom, Denmark and Ireland decided not to be bound by this Directive.