It cannot be denied that another eventful year has passed in 2016 within the EU and the wider setting of happenings along the EU’s external borders, which have once again had a significant impact on the EU’s area of freedom, security and justice and have clearly indicated the need to allow for more coordinated and integrated action in facing the common issues and threats that afflict the Member States.

In the face of the fact that the Juncker Commission has endeavoured to propose only a limited number of new initiatives over the course of its mandate in less priority areas than in the past, as was also the case in 2016,Footnote 1 and, instead, focus more on making those initiatives that have been proposed and adopted in the past work properly, certain EU agendas and guidelines have become the guiding light as to what actions the EU should and is focussing on in the areas of freedom, security and justice. Also looking ahead to 2017,Footnote 2 action within the Commission’s Work Programme in the field is primarily limited to two broadly encompassing priorities, namely “An Area of Justice and Fundamental Rights based on Mutual Trust” and “Towards a New Policy on Migration”.Footnote 3

The “EU Justice Agenda for 2020”Footnote 4 together with the new “Strategic Guidelines for Legislative and Operational Planning for the coming years within the EU’s Area of Freedom, Security and Justice”Footnote 5 plan for further action in relation to the protection and promotion of fundamental rights; migration, asylum and borders; combating crime and terrorism, as well enhancing judicial cooperation and mutual trust.

Another major pillar stone of action in relation to EU action is the European Agenda on Security,Footnote 6 which was adopted in 2015, and broadly covers three priority areas of action: tackling terrorism and preventing radicalisation, disrupting organised crime and fighting cybercrime. These areas are all covered by the various contributions within this edition.

In relation to the EU area of freedom, security and justice, the European Commission can now initiate infringement proceedings in relation to legal acts on police and judicial cooperation in criminal matters. Within the context of the Commission wanting to make the already existing instruments work properly, instead of initiating new ones, this is particularly pertinent to the development of the area of mutual trust and recognition of judicial decisions.

The Member States have failed to partially or fully implement several instruments and this is why the Commission has now stated that it will take action to ensure compliance. One of these areas is that of mutual recognition of judgements and decisions in the area of detention, encompassing the three Framework Decisions that were meant to have been adopted by all Member States in 2011 in relation to the supervision of probation measures and alternative sanctions; alternatives to provisional detention; and judgements imposing custodial sentences or measures involving deprivation of liberty, dealing with the transfer of prisoners between Member States.Footnote 7 With the pace of their full implementation and use having picked up throughout the year, covering a wider scope of Member States, there is, however, still some way to go before full compliance in relation to the Framework Decisions throughout the Union, but more importantly their effective use, has been reached.

The great majority of standards within the EU in relation to detention and the conditions within prisons stems from the Council of Europe’s guidelines, namely the European Prison RulesFootnote 8 and the plethora of recommendations in relation to its provisions. Beyond the realm of the countries covered by the Council of Europe’s membership, the UN’s Standard Minimum Rules for the Treatment of Prisoners, adopted in 1955, have been the worldwide standard setter that should be adhered to. Little to no attention has been paid to them in recent time within the EU, as the European Prison Rules were seen as a more sophisticated instrument. However, this has now changed with their revision and adoption of the new Nelson Mandela Rules by the UN General Assembly on 17 December 2015.Footnote 9 The Mandela Rules set the bar higher in relation to certain standards when compared to the European Prison Rules, amongst others by being more gender-sensitive and by consolidating both elements of criminal justice and human rights within their provisions, as opposed to focussing only on prison administration. Andrea Huber delves into these differences in more detail in her article on the relevance of the Mandela Rules in Europe, comparing and contrasting them to the European Prison Rules. It can, in any case, be said that both sets of rules are of utmost relevance and importance to the EU Member States in relation to complying with their standards, as all of them are members of both the Council of Europe and the UN. An effective EU-wide application of both sets of rules should in turn lead to a more thorough mutual recognition of judgements and decisions in the area of detention and, therefore, correct application of the three relevant Framework Decisions.

Looking at another area within the area of freedom, security and justice, it has been become apparent that the EU has had to beef up its legislative framework in relation to economic and financial crime, closing gaps when dealing with cross-border (organised) crime and enhancing cross-border cooperation in confiscating and recovering criminal assets and preventing the laundering of money. A new Directive on the freezing and confiscation of instrumentalities and proceeds of crime in the EU was adopted in 2014,Footnote 10 with transposition to have been completed by October 2016 in all Member States. The great focus of the EU legislative tools in this area remains that of the harmonisation of confiscation mechanisms and measures, ensuring minimum sanctions, enhancing mutual recognition of freezing and confiscation orders, as well as promoting horizontal cooperation between Member States in relation to the process of asset recovery. Whereas the new Directive sets out to provide a model in relation to extended conviction-based confiscation, it disappoints in relation to non-conviction based confiscations. This is something that the Commission had set out to fully adopt within its provisions, but failed to do so due to the opposition of several Member States. The EU, therefore, remains divided between those Member States, such as Italy and the UK, that apply the principle of non-conviction based confiscations and those that don’t. The wheels have already been set in motion in relation to further strengthening the EU’s overall asset recovery strategy, amongst others by the European Agenda on Security, and further enhancing the cooperation between Member States, in order to ensure an effective and swifter mutual recognition of freezing and confiscation orders and, therefore, have a better common instrument in place when dealing with criminal assets. Michaël Fernandez-Bertier’s article on the confiscation and recovery of criminal property within the EU looks at the current situation, the challenges being faced, as well as the road ahead, placing the issues within the wider global context of the need to confiscate criminal property.

What must not be forgotten when looking at matters such as money laundering, confiscation, freezing and seizing of proceeds of crime is that of issues in relation to human rights, in particular when referring to the presumption of innocence, as well as the presumption of lawful acquirement of property and extended confiscation and freezing orders. An interesting analysis of this is made by Claudia Jderu in her contribution, which looks at human rights concerns from the point of view of Romanian legal provisions and judicial practice on money laundering, extended confiscation and freezing orders relating to money laundering. Offences of receipt and sale of stolen goods and offences of laundering are placed within the context of the test of foreseeability stipulated by Article 7 of the European Convention on Human Rights,Footnote 11 Article 6’s presumption of innocence, as well as the right to property stated by Article 1 of Protocol No. 1, as well as relevant European Court of Human Rights case law, in order to draw conclusions about the link to adhere to international anti-money laundering conventions and EU legislation in the field and that of upholding human rights.

When looking at another area of economic and financial crime within the EU, a major milestone was passed in 2016, with the coming into force of the Market Abuse Regulation,Footnote 12 which aims to “increase market integrity and investor protection, enhancing the attractiveness of securities markets for capital raising”Footnote 13 within the euro-zone. The new legislative framework extends to new markets and platforms, as well as new behaviours, regulating the conduct in relation to benchmarks, spot commodities, emissions allowances, and, in certain circumstances, emission allowance market participants. The application of criminal sanctions, however, will remain limited and the new framework adds to the technical complexities of the already challenging environment of insider dealing laws, making the likelihood of commencing a criminal case rather unattractive. In his article on the enforcement of criminal sanctions for market abuse, looking at practicalities, problem solving and pitfalls, David Kirk places the provisions of the new Market Abuse Regulation within the context of the problems faced by investigators and prosecutors in the UK when dealing with such crimes, the principle tools used be enforcers to detect and investigate market abuse, as well as the importance of deterring such abuse. The outcomes of the current legislative regime are also analysed, as are its limitations.

Cybercrime remains high on the EU’s agenda, as do the tools currently in place to counter this growing problem. Criminals, be they lone actors or operating within and organised criminal group, can trade and share information online, masking their identities and at the same time being able to communicate with co-conspirators and identify their victims. Laviero Buono highlights some of these issues in his contribution on fighting cybercrime. He looks at legal challenges and practical difficulties and the approaches taken by both the EU and some Member States in dealing with them, especially within the context of the 2013 EU Directive on attacks against information systems,Footnote 14 the European Agenda on Security, which allows for a better exchange of information and increased cooperation between Member States in this area, Europol’s European Cybercrime Centre’s (EC3) Internet Organised Crime Threat Assessment (IOCTA) 2015, as well as the main findings of national reports put together in relation to the seventh round of mutual evaluations carried out by the Council of the European Union. Certain cross-border issues still remain in how to best overcome obstacles when dealing with online criminal investigations, notably in relation to issues of competent jurisdiction and rules on access to internet-based evidence and information and it can also be seen that various Member States have differing national regimes, with some more advanced than other, when tackling cybercrime.

Going into further technical details on the matter of cybercrime, as well as data protection, Dr. Damir Kahvedžić looks at investigations of mobile phone devices and cloud services in the light of the EU Safe Harbour rulings in his article. Privacy and data security in relation to cloud services and mobile devices have made headline news on several occasions in recent times, not least because of the CJEU’s Schrems rulingFootnote 15 and the new EU-US data transfer agreement, Privacy Shield, which was hastily put in place after the CJEU declared the Safe Harbour agreement as invalid within the context of this ruling.Footnote 16 These followed after the EU voiced its concern about the privacy implications of cloud data and cross-border data transfers. As is pointed out in the article, the success of an investigation is highly dependent on the ability of the forensic investigator to gain access to the evidence stored in both mobile devices and the cloud, but that this can often be challenging to do so in light of privacy rulings. A link is made between the invalidation of the Safe Harbour agreement with the possibility of individual Member States’ data protection commissioners now being able to challenge the cross-border transfer of data, which makes for a challenging environment to work within.

The complex world of cybercrime naturally also affects the flow of illicit financial transactions. These financial flows have been coming to the attention of international and national law enforcement authorities to a much greater extent in recent times, ever since many of these transactions are taking place online. It is, therefore, important to make a link between traditional organised crime, online crime, as well as money laundering and connect them to the concept of illicit financial flows on the internet, especially across borders. Whilst criminals can make use of different techniques to make an illegal profit, be it via traditional or electronic means, the tools that information and communication technologies are offering for distancing criminal profits from its source will be the same for any ill-gotten money. With money laundering in cyberspace taking place beyond the tools that one generally suspects, such as online and mobile banking, electronic payment systems, digital currencies and online gambling and the evolvement of the likes of crypto-currencies, developed with the sole purpose of carrying out illicit transfers with a greater level of security and anonymity, authorities have been playing catch-up in trying to prevent, disrupt and investigate them. This has made it necessary to put a robust legal framework in place to counter it. Tatiana Tropina goes into further details on this issue within her contribution, shedding some light onto the rise and ever-growing nature of the digital underground economy, highlighting the nexus between technology and law in the process. As she rightly points out, technology has often overtaken the law and it is forgotten that technological developments assist illegal activities, because there are different legal frameworks in various countries and borders, which technology can easily bypass. Precisely these borders cannot by bypassed by national regulators or law enforcement agencies, which makes cross-border cooperation and joint investigations ever the more important, as well as a harmonisation of legal frameworks, proper regulation and a collaboration between industry and national authorities.

With the tragic events that have unfolded in various EU Member States in the most recent history in relation to terrorist attacks, much greater emphasis has shifted towards dealing with those home-grown terrorists that have either joined the ranks of the so-called Islamic State as foreign fighters and then returned to Europe to attempt or to actually cause havoc, as well as the tools used by these terrorist groups to recruit individuals and spread their propaganda online. As a part of this move to counter this growing phenomenon, Europol was tasked with the setting up of an Internet Referral Unit (EU IRU) to counter online terrorist propaganda. Even within the setting up and use of such measures, the EU has adhered to its stringent commitments to fundamental rights and data protection, which has not left Europol without its challenges in relation to the practical implementation of the EU IRU within such an environment. As Jan Ellermann points out in his article on tackling terrorism propaganda online in a data protection compliant manner, privacy and non-discrimination rights are core to the European legal framework and the question of the circumstances under which the surveillance and profiling of terrorism suspects become disproportionate in nature and problematic for democracy and the rule of law, possibly even leading to practical difficulties for law-enforcement agencies, is a real balancing act. As terrorist activities have moved online and the likes of social media tools like Twitter, Facebook and YouTube are used to spread their messages, with the intent of radicalising and recruiting, the EU legal framework had to play catch-up. The framework for this was laid down on 12 March 2015, when the EU Justice and Home Affairs Council agreed that Europol should develop an EU IRU in order to browse the internet for social media accounts promoting Islamist extremist terrorist propaganda, with the aim of having such accounts shut down by their providers. An explicit legal basis for the EU IRU is now also enshrined in the new Europol Regulation, which will come into force on 1 May 2017, as it contains a number of provisions making reference to its work.Footnote 17 This now puts it on a sound footing in relation to what it may and may not do in relation to the exchange of personal data, as well as further reinforcing Europol’s external data protection supervision by the Joint Supervisory Body, which comprises representatives from national data protection authorities from all EU Member States. With the new Europol Regulation coming into force next year, it is clear that the EU IRU will be operating within a more stringent legal framework, with accountability and supervisory mechanisms playing a key role in this respect. This should go some way in appeasing those that fear that it’s not possible for an enhanced EU response to the elevated terrorism threat landscape to operate within a data protection environment that also adheres to fundamental rights observance.

Finally, another area that has seen a lot of change and challenges to a robust and joint EU approach in recent times is the area of border management. With a growing influx of people crossing the EU’s external borders from non-EU countries, there has been a call for some time to move towards a fully-fledged EU integrated border management system. Coupled with the irregular migratory crisis that EU has been facing in the last few years, it became evident that the work and activities of Frontex had to be upgraded in order to better deal with and face these changing norms. What had been discussed for some time finally became reality with the adoption of the new Regulation on the European Border and Coast Guard, which came into force in October 2016.Footnote 18 With security having become a central driving factor in relation to EU border management, this has significantly influenced the widening of the scope of existing EU measures shaping a fully-fledged integrated border policy. The new Regulation not only sets this integrated approach into stone, it also adds the element of a multilevel national-European Border Guard, amends the Schengen Border Code and strengthens Frontex’ coordinating role in relation to national authorities dealing with border protection within the framework of the operation of hotspots, in search and rescue operations and the return of irregular migrants. Frontex now has the ability to organise and coordinate rapid border interventions and deploy European Border and Coast Guard Teams, either on its own initiative or on the request of a Member States, from its own pool of rapid-reaction forces and technical equipment, which it can now purchase itself. Staff or equipment shortage in such operations should now be a thing of the past. Emilio De Capitani and Francesca Ferraro take a critical approach in analysing the new Regulation and Frontex’ enhanced capabilities as the new European Border and Coast Guard, especially in relation to the notion that shared responsibility between Frontex, as an EU Agency, and the Member States has always been a point of contention since the early days of the Agency, as well as in relation to the fact that the control of the Schengen area’s external borders has become more intrinsically linked to the EU’s overall security policy.

As the provisions of the new Regulation begin to be fully implemented and enforced, it will remain to be seen whether the new regulatory framework will be adequate and flexible enough in facing the ever-changing nature and challenges of securing the EU’s external borders.