EU Policy Update - September 2020
In a nutshell: Three European Parliament committees adopted their own-initiative reports on the Digital Services Act. The European Parliament's Committee on Industry, Research and Energy (ITRE) published its Draft Report on the European strategy for data. The European Commission proposed a temporary e-Privacy Directive derogation to combat child sexual abuse, and published its first report on the status of the rule of law across the EU. The European Data Protection Board published guidelines on the concepts of “data controller” and “data processor”. The Advocate General (AG) of the European Court of Justice (CJEU) Szpunar issued a non-binding opinion in a case concerning hyperlinking.
EU Policy Update – Summer 2020
In a nutshell: Germany took over the presidency of the Council of the EU starting from 1 July. The European Commission published the EU Security Union Strategy and the EU strategy for a more effective fight against child sexual abuse. It is also planning to revise the intellectual property rights protection framework in the EU and is currently consulting the public on its eIDAS Regulation revision plans. The European Parliament’s Committees have finalised a few Opinions on the numerous own-initiative reports to give more context and drive the legislative debate on the Digital Services Act. The European Court of Justice ruled that intellectual property rightholders cannot require social platforms to give out IP addresses, and invalidated the EU-US Privacy Shield Decision in its ground-breaking ruling concerning Facebook. The Advocate General of the European Court of Justice issued an opinion in the case about platform liability for intellectual property rights infringements committed by end-users.
EU Policy Update - June 2020
In a nutshell: The European Commission has revealed more details about the planned reforms on the NIS Directive, the protection of critical infrastructure in the EU, Europol’s strengthened mandate, and the eIDAS Regulation. Additionally, the European Commission is consulting the public on the Digital Services Act and has published its evaluation report of the GDPR. Members of the Stakeholder Cybersecurity Certification Group have been selected. The Council of the EU published its conclusions on EU external action on preventing and countering terrorism and violent extremism. Members of the European Parliament filed amendments for the own-initiative reports on the Digital Services Act.
EU Policy Update - May 2020
In a nutshell: Ten EU Member States expressed their views on the upcoming Digital Services Act. The own-initiative Draft Report on the Digital Services Act by the European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO) received more than 900 amendments, together with another Draft Opinion from the Legal Affairs Committee. European Parliament’s think tanks published a series of studies on the current legislative framework around intermediary liability online, including further suggestions for the Digital Services Act. The European Data Protection Board published its annual report for 2019. The European Commission has coordinated a screening of fraudulent websites related to COVID-19, in cooperation with the EU consumer protection authorities.
EU Policy Update - April 2020
In a nutshell: Europol issued its report on cybercrime and the COVID-19 pandemic. The European Parliament has been busy with numerous committees advancing on their draft reports and opinions for the Digital Services Act. The European Court of Justice ruled that Amazon is not infringing trademark rights by storing infringing goods on behalf of a third-party seller. The Advocate-General of the European Court of Justice issued an opinion in the case of the enforcement of intellectual property rights against YouTube.
EU Policy Update - March 2020
In a nutshell: Before Brussels, along with its institutions, was locked down due to the COVID-19 pandemic, the European Commission managed to issue a few strategic documents on the industrial future (including digital) and the Single Market Enforcement Action Plan. The COVID-19 pandemic resulted in the delay of a number of priority files in the digital sphere, like the Digital Services Act, both on the side of the Commission, as well as the Parliament. Instead, policymakers seem to be pushing the boundaries of Europe's privacy and consumer protection legislation to respond to the pandemic. Meanwhile, the Commission is expected to continue to work on the NIS Directive revision as planned and to come up with a legislative proposal in Q4 2020.
EU Policy Update - February 2020
In a nutshell: The European Commission published its digital strategy, data strategy and White Paper on Artificial Intelligence, and plans to open a public consultation on priorities in cybersecurity certification. Digital Commissioner Breton voiced the need for a 'stay-down' duty, in addition to content takedowns by online intermediaries. Germany will focus on online hate speech during its presidency in the Council of the EU in the second half of 2020. The European Parliament is in a hurry to issue its three own-initiative reports on the Digital Services Act, with the Rapporteur for the Legal Affairs committee calling to re-focus the debate on a "follow the money" approach. The EDPB has provided guidance on the applicability of the GDPR to unfair algorithms.
EU Policy Update - January 2020
In a nutshell: Croatia took over the presidency in the Council of the EU from 1 January 2020. The European Commission's 2020 Work Programme identifies which legislative and policy initiatives the Commission plans to put forward in the course of 2020, including the new consumer agenda and the review of the NIS Directive. Commissioner Reynders urges the European Parliament to advance on e-Evidence. Three European Parliament committees received competence for own-initiative reports on the Digital Services Act. Europol released the EU Digital Evidence Situation Report. The European Court of Justice ruled on Airbnb being an "information society service". The ECJ Advocate-General stated that the ePrivacy Directive excludes the general and indiscriminate retention of personal data obligation.
EU Policy Update - Wrapping up 2019
In a nutshell: At the end of 2019, the EU has a new European Commission, including a Commissioner for the Internal Market with an ambitious portfolio overseeing digital files, defence and space. One of the hot topics under discussion for the current legislative term, with intensified debates expected in 2020, is the Digital Services Act. The European Commission is looking into whether the new legislation that will revise the online intermediary landscape should encompass the DNS level. The e-Evidence package is advancing through the European Parliament, with the rapporteur issuing a long-awaited Draft Report on the file. More than 800 amendments were issued by the responsible Parliamentary committee on the legislative proposal, indicating that discussions on the role and responsibilities of service providers when issuing and preserving electronic evidence to foreign law enforcement authorities are far from over. On the seemingly less controversial topic of cybersecurity, the Commission is looking for ideas of potential cybersecurity certification areas under the EU Cybersecurity Act and the envisaged schemes within. One potential contender for future coordinated EU standardisation work in the area of security is 5G, as assessed by the EU cybersecurity agency, ENISA. Meanwhile, Member States are no less occupied with the topic of security, especially in the context of so-called hybrid threats when it comes to the critical infrastructure. The Council of the EU asks the Commission to evaluate the need for a possible legislative revision of the existing legal framework on critical infrastructures (but not NIS).
EU Policy Update - October 2019
In a nutshell: The European Parliament is still working on its position on the e-Evidence package, while the upcoming Commissioner for Justice promises to prioritise EU internal discussions over the Transatlantic deal on the same matter. Europol issued its annual Internet Organised Crime Threat Assessment report. The European Commission found inconsistencies with identifying the “operators of essential services” under the NIS Directive, including the diverging methodology within the TLD sector. The European Parliament adopted a resolution on electoral interference and disinformation. Member States submitted their comments on the challenges with the GDPR implementation. The European Data Protection Board issued guidelines on Article 6 of the GDPR in the context of online services. The European Court of Justice issued its rulings in the case of Google and its obligation to respect the ‘right to be forgotten’, and in the case of Facebook which can be ordered to monitor and remove identical and ‘equivalent’ illegal content worldwide in order to comply with the national court order.