News

In a nutshell: Europol issued its report on cybercrime and the COVID-19 pandemic. The European Parliament has been busy with numerous committees advancing on their draft reports and opinions for the Digital Services Act. The European Court of Justice ruled that Amazon is not infringing trademark rights by storing infringing goods on behalf of a third-party seller. The Advocate-General of the European Court of Justice issued an opinion in the case of the enforcement of intellectual property rights against YouTube.

In a nutshell: Before Brussels, along with its institutions, was locked down due to the COVID-19 pandemic, the European Commission managed to issue a few strategic documents on the industrial future (including digital) and the Single Market Enforcement Action Plan. The COVID-19 pandemic resulted in the delay of a number of priority files in the digital sphere, like the Digital Services Act, both on the side of the Commission, as well as the Parliament. Instead, policymakers seem to be pushing the boundaries of Europe's privacy and consumer protection legislation to respond to the pandemic. Meanwhile, the Commission is expected to continue to work on the NIS Directive revision as planned and to come up with a legislative proposal in Q4 2020.

In a nutshell: The European Commission published its digital strategy, data strategy and White Paper on Artificial Intelligence, and plans to open a public consultation on priorities in cybersecurity certification. Digital Commissioner Breton voiced the need for a 'stay-down' duty, in addition to content takedowns by online intermediaries. Germany will focus on online hate speech during its presidency in the Council of the EU in the second half of 2020. The European Parliament is in a hurry to issue its three own-initiative reports on the Digital Services Act, with the Rapporteur for the Legal Affairs committee calling to re-focus the debate on a "follow the money" approach. The EDPB has provided guidance on the applicability of the GDPR to unfair algorithms.

In a nutshell: Croatia took over the presidency in the Council of the EU from 1 January 2020. The European Commission's 2020 Work Programme identifies which legislative and policy initiatives the Commission plans to put forward in the course of 2020, including the new consumer agenda and the review of the NIS Directive. Commissioner Reynders urges the European Parliament to advance on e-Evidence. Three European Parliament committees received competence for own-initiative reports on the Digital Services Act. Europol released the EU Digital Evidence Situation Report. The European Court of Justice ruled on Airbnb being an "information society service". The ECJ Advocate-General stated that the ePrivacy Directive excludes the general and indiscriminate retention of personal data obligation.

In a nutshell: At the end of 2019, the EU has a new European Commission, including a Commissioner for the Internal Market with an ambitious portfolio overseeing digital files, defence and space. One of the hot topics under discussion for the current legislative term, with intensified debates expected in 2020, is the Digital Services Act. The European Commission is looking into whether the new legislation that will revise the online intermediary landscape should encompass the DNS level. The e-Evidence package is advancing through the European Parliament, with the rapporteur issuing a long-awaited Draft Report on the file. More than 800 amendments were issued by the responsible Parliamentary committee on the legislative proposal, indicating that discussions on the role and responsibilities of service providers when issuing and preserving electronic evidence to foreign law enforcement authorities are far from over. On the seemingly less controversial topic of cybersecurity, the Commission is looking for ideas of potential cybersecurity certification areas under the EU Cybersecurity Act and the envisaged schemes within. One potential contender for future coordinated EU standardisation work in the area of security is 5G, as assessed by the EU cybersecurity agency, ENISA. Meanwhile, Member States are no less occupied with the topic of security, especially in the context of so-called hybrid threats when it comes to the critical infrastructure. The Council of the EU asks the Commission to evaluate the need for a possible legislative revision of the existing legal framework on critical infrastructures (but not NIS).

In a nutshell: The European Parliament is still working on its position on the e-Evidence package, while the upcoming Commissioner for Justice promises to prioritise EU internal discussions over the Transatlantic deal on the same matter. Europol issued its annual Internet Organised Crime Threat Assessment report. The European Commission found inconsistencies with identifying the “operators of essential services” under the NIS Directive, including the diverging methodology within the TLD sector. The European Parliament adopted a resolution on electoral interference and disinformation. Member States submitted their comments on the challenges with the GDPR implementation. The European Data Protection Board issued guidelines on Article 6 of the GDPR in the context of online services. The European Court of Justice issued its rulings in the case of Google and its obligation to respect the ‘right to be forgotten’, and in the case of Facebook which can be ordered to monitor and remove identical and ‘equivalent’ illegal content worldwide in order to comply with the national court order.

In a nutshell: The EU and the US began formal negotiations on an EU-US agreement on e-evidence. The European Parliament's Committee on Civil Liberties, Justice and Home Affairs voted for starting negotiations with the EU Council on the proposal for a Regulation on the prevention of terrorist content online. The new Executive Director of ENISA spoke about the future course of the EU cybersecurity agency, while Security Commissioner Julian King outlined plans for the future EU (cyber)security policy during the hearings with the European Parliament. President-elect of the European Commission Ursula von der Leyen presented her team in the European Commission that starts its work on 1 November.

In a nutshell: On 2 July, the 9th legislature of the European Parliament was officially constituted, with the new MEPs taking their seats. The European Parliament elected the President of the European Commission, who will lead the work of the Commission for the next five years starting from 1 November 2019. The European Data Protection Board, together with the European Data Protection Supervisor issued their joint assessment on the US CLOUD Act and its impact on the EU. The European Commission outlined its future plans for cybersecurity certification under the EU Cybersecurity Act that entered into force on 27 June 2019. The European Commission published its study on the legal framework of notice-and-action procedures within Member States that was conducted last year. A new study for the European Parliament on challenges between blockchain technologies and GDPR was published. The European Court of Justice delivered a judgment on the notion of joint controllership under EU data protection legislation.

In a nutshell: From 1 July, Finland took over the presidency in the EU Council. The strategic agenda for 2019-2024 was adopted at the EU Summit, while telecom ministers in the EU Council put forward their conclusions regarding the future of digital Europe. The European Court of Justice delivered rulings on the nature of services offered by Skype and Gmail, while the Advocate General issued their opinion in the case of Facebook and whether the removal of content online should apply globally.

In a nutshell: the EU has elected a new European Parliament. The EU Council has approved the European Commission's mandate to start negotiations for a transatlantic deal on e-Evidence and adopted a framework concerning restrictive measures against cyber-attacks threatening the EU. The European Commission has made policy recommendations regarding the Strategic Agenda for the following 5 years. ePrivacy negotiations revealed possible EU plans for data retention legislation.