EU Policy Update - July 2016 (II)
Will the EU see a new data retention law? The Commission’s plans for a new EU-wide data retention law will have been reinvigorated by the recent opinion of the ECJ’s Advocate General. The latter states that a general obligation to retain data may be compatible with EU law provided that strict safeguards are in place. Accordingly, the “bulk collection” of data would only be admissible in the fight against serious crime, when strictly necessary to do so and when limited to the strictly necessary. It will be up to national courts to decide if these requirements are met. However, one can assume that in order to avoid a fragmented approach across the EU, the Commission will want to put it under the umbrella of an EU directive.
EU Policy Update - July 2016
With the European Parliament entering its last meeting week, summer recess is creeping into the otherwise buzzing EU-quarters in Brussels – giving the (new) Slovakian EU Presidency a smooth start into its 6-month reign. The European Commission has closed a couple of public consultations and made sure to send out some “good vibes” before the break (e.g. finalising the EU-US Privacy Shield, announcing investment into cybersecurity). Legal cases are also part of this EU Update, with US internet companies going through gain and pain, and Facebook being party to the next landmark case potentially shaking not only transatlantic but also global data transfers of personal data.
EU Policy Update - June 2016
The European Commission continues pumping out proposals and new initiatives in a bid to get Europe up to digital speed standards. It’s not all that innovation-focused though: the ultimate aim seems to be to ensure that all the (‘new’) actors that keep shaking up the Internet “as we know it” do not escape legislation and take on their fair share of responsibility. Topics in this update: ICT standardisation, tackling hate speech, consumer & data protection, IPR, and encryption.
EU Policy Update - May 2016 (II)
Europol competences to fight terrorism strengthened – The European Parliament approved a regulation, which expands Europol’s powers to fight terrorism and cybercrime. Under the new rules, the Internal Referral Unit will be able to directly ask social media companies, such as Facebook and Twitter, to delete illegal online content or sites run by terrorists.
EU Policy Update - May 2016
New DSM announcements in May - After some delay, the Commission is set to publish on 25 May several proposals linked to its digital single market strategy (DSM), including geo-blocking, parcel delivery and Internet platforms. DSM measures of most relevance to ccTLD are: Internet platforms (with a potential review of the intermediary liability provisions), the copyright review (expected end of September, including enforcement rules), and a review of the e-Privacy directive (in December).
EU Policy Update - April 2016
EU Member States ill-prepared for cyber threats - This is the result of a recent ENISA study analysing the crisis management frameworks in the sectors of aviation, civil protection, border control, counter-terrorism and health and disease control. It is particularly important to focus not only on the mitigation of the effect of (a) cyber crisis, but also on the mitigation of the cyber incidents that caused it, the report states.
EU Policy Update - March 2016
Brussels attacks – Law enforcement and Justice Ministers target online communication: At an ad hoc meeting of the Justice and Home Affairs (JHA) Council, ministers stated the need to “secure and obtain more quickly and effectively digital evidence” and more “direct contacts” of law enforcement with service providers. One means of doing so could be the expansion of the e-Privacy Directive to Internet platforms and online communication apps. Yet, concrete measures are to be identified at the upcoming EU Council meeting in June. Also, they aim at developing “effective preventive measures” against radicalisation, including “countering the rhetoric of Daesh” in particular through communication strategies”. The Commission “will intensify work with IT companies, notably in the EU Internet Forum to counter terrorist propaganda” with the objective to create a code of conduct against hate speech online by June 2016 (see below).
EU Policy Update - February 2016
The “new” Safe Harbour – Shield without protection: On 2 February, the European Commission proudly announced an agreement on the new EU-US Privacy Shield. For now, it is a list of “assurances”, but no document has been seen.
EU Policy Update - January 2016
Safe Harbour: Negotiators are unlikely to meet the end-of-January deadline for a new agreement on data transfers from the EU to the US. “Even if some agreement was reached, it would be a political agreement”, EDPS Buttarelli said. Stumbling blocks include judicial redress, guarantees for data and security requests to be necessary and proportional, and a system to monitor and enforce rules for EU citizens in the US. The Article 29 Working Party, the grouping of European Data Protection Authorities (DPAs), which is set to meet on 2 February, is currently analysing how the annulation of safe harbour impacts also alternative mechanisms. They will be the one responsible for enforcement if talks fail and it remains to be seen if they agree to give negotiators more time. Eyes are also on the ongoing Microsoft case, where the company refused to follow a request by the US Department of Justice to hand over data stored in Ireland. In a letter dated 15 January, US-EU trade groups warned leaders about the risks of failing to reach an agreement.