Some measures against terrorism become permanent in France

The President of the French Republic passed, last 30 October 2017, Law 2017-1510, to reinforce internal security and fight against terrorism. The norm took effect the following day, when it was published in the Official Journal. The immediate consequence was the conclusion of the state of emergency in which France had lived since 13 November 2015. The new law makes some measures applied during the state of emergency permanent and specifies others to reduce their effects on civil rights.

The most noteworthy measures are:

  • To establish perimeters of protection to give support to events or venues with a high level of exposure (sports, cultural events…).
  • To allow for the closure of places of worship that incite or advocate terrorism or incite hatred and discrimination.
  • To allow the administrative authority to implement controls and measures for individual monitoring of persons who may be a particularly serious threat.
  • To allow government delegates to order, with prior legal authorisation, the monitoring of places frequented by persons linked to terrorism.
  • To allow for administrative investigations to be carried out on civil servants at risk of being radicalised.
  • To carry out identity checks in border areas and at a perimeter of 10 Kms from airports and international railway stations.
  • To adapt French law to the Passenger Name Record (PNR)[1].
  • To extend the length and the perimeter of control of border areas.
  • To introduce a new system to monitor communications.
  • To create a new penal offence: parents who incite their children to commit terrorist acts or to travel abroad for this reason will incur a sentence of 15 years in prison and a fine of 225,000€. They may also lose parental power.

According to official sources of the French government, this legal reform is motivated by the necessity to adapt the legal corpus to fight effectively against terrorism within the framework of common law and end the state of emergency the country was exposed to. It is important to remember that the state of emergency in France was conceived as a way of addressing exceptional circumstances when need be; limiting the exercise of certain public freedoms like freedom of assembly and demonstration; finally, it gave the administration special powers over common law.

Links of interest:

[1] A record of the names of passengers who enter or leave French territory by sea or by air in order to allow for a better monitoring of risk-related movements.


Aquest apunt en català / Esta entrada en español / Post en français

The long-awaited public security law arrives in Italy

After over fifteen years of having contrasted the need to regulate in the area of public safety, last 20 February the Decree law num.14 was passed with urgent public security provisions. The new regulations apply to the whole country; indeed, it is passed as an instrument of cooperation between the state, regions and localities. It seems to organise a kind of governance of public security to ensure that different territorial levels have to abide by cooperation agreements in this area. It is based on the concept of a considerably wide scope of “public security”, which reflects contributions from the latest related literature, which insists on mainstreaming security.

The legal text defines urban security as a public resource which encompasses cohabitation and decorum in cities (art. 4). In order to maintain this resource, actions aimed at the reclassification of degraded areas must be undertaken, marginalising factors and social exclusion must be eliminated, crime must be prevented, social cohesion must be promoted and the law must be respected. The state, regions and municipalities must collaborate in this type of interventions in accordance with their competences.

After this definition, the legal area would be revolutionised,[1] most measures included in the text, as some critics have stated,[2] are traditional ones, of a sanctioning nature or of situational prevention. For example, the power of mayors is increased in order to limit the timetable  for the sale of alcoholic drinks (art. 8) or it establishes the distancing of railway lines, airports, shipping and public transport from people who disrupt them or who prevent others from using them (art. 9). This measure seems to have been imported from sports regulations, which already foresaw the possibility of stopping those who have behaved violently from entering stadiums.

If this behaviour was repeated, the questor, the provincial public security authority in Italy, can ban entry into such venues for a minimum of 1 year and a maximum of 5 years.

The text also foresees the possibility of prohibiting certain professional activities for people who have been found guilty of certain types of crime, such as drug trafficking. The prohibition may include a ban on entering places related with these activities and parking in the neighbourhood (art. 13).

There are also specific powers attributed to the prefectes, state representatives in the province, which may give priority to vacating occupied buildings if they believe that its occupation endangers public safety. In this case, they can request the effective intervention of the police to ensure that it is vacated (art.11).

Everything suggests that the Decree Law will be validated soon by Parliament (possibly when this text is published it will have been passed), because other factors could lead to the fall of the government, bearing in mind the complicated political situation at the moment in Italy. Whether the opposition will ask for a commitment to modify it in the future remains to be seen.

[1] This is not so in the regulatory area, as ex-minister Maroni had already defined the Decree of 5 August 2008 in a similar way, a practice questioned by the Constitutional Court.

[2] See, for example, the brief article of Gian Guido Nobili in the magazine Il Mulino.


Aquest apunt en català / Esta entrada en español / Post en français

New norms to regulate drones to guarantee safety and privacy in the European Union

Drones, small remote-controlled aircraft, can be used to take photographs from the air, film a football match from the air, spread herbicides and pesticides over crops and monitor forest fires. Despite their usefulness, they are also a risk to air safety and privacy.

The Transport Commission of the European Union gave its support to these new norms put forward by the European Commission to guarantee safety and privacy in the EU.

drone-407393_1920At present, drones weighing less than 150 kilos are regulated nationally. In the EU, the regulating framework is fragmented: different certificates and technical and safety standards, which cause a real headache for operators and transnational manufacturers. Members of the European Parliament want basic prerequisites which drones weighing less than 150 kilos have to comply with to be included in EU legislation to ensure coherence and clarity. Furthermore, they ask for an obligatory record of drones weighing more than 250 grams and demand that operators have the necessary skills to pilot a crewless plane in a public domain.

This way, most toy drones, which are currently the most commonplace, will not be affected by this prerequisite.

The present characteristics of the various national regulations concerning drones are the following:

  • Civil drones: different countries, different regulations. A drone is a crewless aircraft which is permitted as long as it is remote controlled, but it is still not authorised to operate if it is completely automated.
  • In most countries, crewless planes weighing over 20-25 kilos need special authorisation (record, flight permit, pilot’s licence and technical assessment).
  • Drones are regulated nationally if they weigh from 0 to 150 kilos, whereas if they are more than 150 kilos they are regulated by the European Union.
  • Small civil drones weighing less than 25 kilos are the most popular. In the European Union, during 2015 1.7 million were sold, 98% of which weighed less than 2 kilos.
  • At present there are over 3 millions drones in use -according to estimations made in several EU countries-, excluding “toys” and model aircraft.
  • The maximum flying capacity also differs depending on the country. The most restrictive is Belgium, with 90 metres. Spain is mid-table with a permitted height of 125 metres, and other countries like France and Italy permit a maximum of 150 metres.
  • Concerning the distance deemed to be safe as far as buildings, persons or vehicles is concerned,this is at least 50 metres.

Links of interest:


Aquest apunt en català / Esta entrada en español / Post en français

A step forward in the integration of local police forces in police statistics

On 18 July the decree to shape the Centre for the Elaboration of Police Data in the Basque Country , formally created by the Law 15/2012, of 28 June, for the organisation of the public security system in the Basque Country. The centre is defined as an administrative organ with competence for dealing with (gathering, storing, elaboration, classification and communication) data which is necessary for police agencies. The definition is very significant for a range of reasons.

28_udaltzaingoa01First of all, it aims to create a sole data base for both the Ertzaintza as well as Euskadi’s local police forces. The municipalities affected sign specific agreements with the Department of the Interior to give structure to the participation of local police forces, related to areas to be the focus of shared information, their characteristics and technical requirements necessary for the use of common data bases.

The Basque Country thereby joins the process initiated in Catalonia in 2002, which has meant that the immense majority of Catalonia’s local police forces (208 of 214) share the same data base with the Mossos d’Esquadra, with information of police interest. This process has also required signing ad hoc* agreements with each and every municipality to ensure the incorporation of its local police service.

Taking into account the development and dimensions that local police forces have had over recent decades, the inclusion of data relative to their activities is very relevant in a common instrument which facilitates an environment which is more in tune with the context of security. Police data shows one black spot because of the low level of complaints in reference to criminal activities for several reasons. If, furthermore, the data corresponding to police forces with the biggest presence within a territory are not added to police statistics, an important part of the information about police activity which may be of interest, for example, to resolve cases or generate intelligence, is lost.

Secondly, the Basque centre offers an interesting new concept: the organism is defined within the framework of the Department of the Interior (more specifically of the Deputy Council of Security), but beyond the structure of the police, which may create a small distance from the day-to-day organisation of the main police force (the Ertzaintza) and offers a more global idea as a data base for the whole police service in the Basque Country. The incorporation of a representative of the Ertzaintza, and another from local police forces, with a computer expert and another expert in fundamental rights, means that the Centre of Data Elaboration is a technical organ with plenty of autonomy in relation to the organisations which will provide it with data.

If this initiative is consolidated —we must think so—, other actors will have to take measures in the same direction, as, otherwise, comparing police statistics will become impossible, as in the rest of the country police data does not include local police records. This is the current situation when the Ministry of the Interior compares data with the Department of the Interior of the Generalitat, which respond to different realities and therefore create confusion. The Ministry only includes data from the Policia Nacional and the Guardia Civil, whereas the Department of the Interior, as well as the Mossos d’Esquadra’s data, also includes data from Catalonia’s local police forces, and obviously records higher crime rates.

* Refer to this example,agreement.


Aquest apunt en català / Esta entrada en español / Post en français

More security on the network and information systems in the European Union

Last 19 July, the Official Journal of the European Union (OJ) published the Directive (UE) 2016/1148 of the European Parliament and of the Council of 6 July, concerning measures for a high common level of security of network and information systems across the European Union.

25-ue_seguretatThe text includes 75 legal foundations, 27 articles and 3 annexes. Article 25 establishes that the member states must adopt and publish, by 9 May 2018 at the latest, the legal, regulative and administrative provisions to complement the directive’s requirements and apply the planned measures from 10 May of the same year.

According to article 1, measures to be applied to meet the objective of improving the workings of the internal market, within the framework of achieving a common high level on networks and information systems within the European Union, are the following:

  • Oblige all member states to adopt a national security strategy for the network and information systems.
  • Create a cooperation group to provide support and facilitate strategic cooperation and information exchange between the member states and develop trust and security among them.
  • Create a network of teams to respond to situations involving computer security (the CSIRTnetwork – Computer Security Incident Response Teams) to contribute to the development of trust and safety among member states and promote operational cooperation which is fast and efficient.
  • Set requirements concerning security and information for essential service operators1) and digital providers.
  • Set out obligations so that member states can appoint competent national authorities, single points of contact and CSIRT with functions related to network security and information systems.

1) Article 4.4 of the directive defines them as a public or private entity of energy subsectors (electricity, crude oil and gas); transport (air, rail, sea and river, and by road); banking; the infrastructure of financial markets; the healthcare sector; provision and distribution of drinking water, and digital infrastructure.


Aquest apunt en català / Esta entrada en español / Post en français

Measures to control the increase in crime and threats to air space using drones

17_dronesWhen in 2013 a drone landed on the stage during a talk by the German chancellor, Angela Merkel, the incident ended up being little more than an anecdote. But since then the number of such cases and crimes recorded using such devices has increased, many of which have received media attention: in 2014, a drone flew over seven French nuclear power plants; in April 2015, a drone landed in the office of the Japanese Prime Minister; in October 2015, a drone exploded near the Washington Monument, and last July, a Lufthansa plane with 108 passengers on board had to modify its route to avoid hitting a drone.

2015 was the year when statistics revealed a notable increase in the use of drones in many European countries and especially the United States, where 28 of a total of 241 reports were made related to drones which involved pilots having to make manoeuvres to avoid a crash.

The case of the UK illustrates this increase. The Thames Valley Police recorded an increase of 21 incidents in 2014 and of 80 in 2015; London’s Metropolitan Police, one more case in 2014 and 21 in 2015, and the Greater Manchester Police, the first 58 incidents in 2015. According to Scotland Yard, some of the drone-related crimes in the country include sexual crimes and transporting drugs to a prison.

This has led to several countries such as Spain, France, Germany and the UK itself, to intensify laws regulating the use of drones, controlling distances for safety purposes and controlling the permitted weight and altitude.

Other measures, in the case of the United States, have included an agreement signed in September 2015 by the Federal Aviation Administration (FAA) and the company California Analysis Center, Inc. (CACI) to develop technology which facilitates the monitoring of the connection between a drone and the person operating it. The very FAA says that it receives approximately 100 complaints monthly from pilots who see devoices flying near airports and in air space where the presence of drones is prohibited.

In an effort to foresee risks and combat possible incidents, the Netherlands police force has published a video with the collaboration of the company Guard From Above, in which birds of prey intercept drones, a procedure regarded as one of the possible mechanisms to control threats.

• For further information about the FAA agreement CACI you can consult the official statement.

• You can consult the 2005 Report of London’s Metropolitan Police related to drones.

• If you would like further information about the company which offers a training service for birds to be able to catch drones, Guard From Above, you can visit its webpage.


Aquest apunt en català / Esta entrada en español / Post en français

Critical infrastructures: basic guidelines, safety plans and specific protection plans


The normal working of essential services for the general population is based on a series of infrastructures administered both publicly and privately, the functioning of which does not allow for alternative solutions: the so-called critical infrastructures. For this reason, a homogeneous and global policy needs to be designed within organisations, specifically aimed at critical infrastructures, defining subsystems of security which will be introduced to protect them. The objective is to prevent their destruction, interruption and disruption, thereby avoiding any subsequent damage to the provision of essential services to the population.

Law 8/2011, 28 April, in accordance with which measures are established for the protection of critical infrastructure, aims to establish appropriate organisational strategies and structures which allow for the management and coordination of the workings of a range of organs of public administration in relation to the protection of critical infrastructure, once they are identified and confirmed. The collaboration and involvement of the organisms and companies (critical operators) of these infrastructures are also encouraged in order to optimise the level of protection in the face of these intentional attacks which may affect the provision of essential services. Royal decree 704/2011, 20 May, which approves the regulations corresponding to the protection of critical infrastructure, sets out this law.

Article 13 of the same Law 8/2011 specifies commitments for public and private critical operators, stressing the need to elaborate an operator security plan (PSO) and specific protection plans to be determined (PPE).

There are further details available in Resolution 8 September 2015 of the State Department of Security, in accordance with which new minimum components of the security plans of the operator and of plans of specific protection are passed.


Aquest apunt en català / Esta entrada en español / Post en français

The Spanish Agency for Data Protection informs of the progress made in relation to Google privacy policies

Agencia espanyola de protecció de dades

The Spanish Agency for Data Protection (AEPD) has recently taken part in a plenary meeting of European authorities for the protection of data (GT29). The group analyses, among other issues, the progress made in national procedures undertaken as part of the Google privacy policy of 2012. In December 2013, the AEPD declared the existence of three serious offences against data protection and fined the company involved 900,000 euros, and also demanded that it adopted the necessary measures to adapt its privacy policy to Spanish regulations.

The AEPD was able to confirm that the company had introduced important modifications involving providing users with information, consent and how to exercise their rights. Some of the measures applied to the company by the Spanish agency are the following:

  • A “Personal information and privacy” centre has been set up via the link “My account” for users of a Google account, which offers additional information and options for administering information gathered by Google.
  • A campaign has been launched to remind users on-line when he / she intends to use Google services that they must access privacy-related information and establish configuration parameters.
  • The user is able to selectively disconnect services which were previously activated necessarily and which contained data corresponding to the user’s activity, and there will be the possibility of eliminating such an account completely.
  • Limiting the use of several accounts by the same user is no longer applicable. The user can now have a number of these and avoid any leakage of data to the others.
  • The company has included a form for the application of “the right to forget”, a link available to contact the company and access the tools to be able to consult previous activities.

Google has committed itself to adopt a series of additional improvements specifically requested by the AEPD, such as increasing the list of services with privacy policies and expand on the privacy-reminder campaign so that it applies to other Google services and Android users.

Spanish Agency for Data Protection: Press release


Aquest apunt en català / Esta entrada en español Post en français