News

CENTR has published its latest CENTRnews magazine (16th edition). This month features:

• ‘PirateBay: Swedish registry acquitted (for now)’ by Elisabeth Ekstrand, Head of Legal and Policy at IIS and CENTR Board Member
• Highlights of the CENTR Jamboree 2015
• EU Policy Update
• ccTLD news highlights and statistics

See all previous editions of the CENTRnews
 

The European Commission has commissioned a 140,000€ study to find out more about existing rules (or barriers) that require data to be stored locally in the EU and how they impact the “free flow of data within the EU”. The results can be expected at the end of next year.

 

In its conclusions, the Council welcomes the progress achieved so far and appreciates the efforts by volunteering stakeholders so far. It urges, however, that the transition take place in a timely and well prepared manner with a view to retaining "the Internet as a single, open, neutral, free, and un-fragmented network". At the same time, the Council notes that "any unjustified delay of this process could negatively impact internet governance debates worldwide" (see press release).

 

Last week, a Council of Europe Committee adopted a Declaration on “ICANN, human rights and the rule of law”. It refers in particular to the role and responsibilities of ICANN with regards to Internet Governance and its “mandate to manage the Internet’s global domain name and addressing system in the public interest”. What is more, it calls on its Member States to actively get involved in the GAC and ICANN in general, expressively with the objective to make ICANN commit to human rights “by means of an explicit policy statement”. Also note article 7 (below), which pertains in particular to the use of certain words or characters in domain names and name strings (as a means to express an opinion). ICANN, “when defining access to the use of top-level domains (TLDs)”, should ensure that “an appropriate balance is struck between economic interests and other objectives of common interest” (so as to respect the European Convention on Human Rights).
 

Each year, the European Commission issues a report on the state of affairs of the application of the Fundamental Rights Charter (2014 Report). The Council responded with draft conclusions highlighting, among others, issues related to security and the digital single market. It underlines that security and the respect for fundamental rights “are consistent and complementary policy objectives”. Member States need to “work together to ensure that all security measures comply with the principles of necessity, proportionality and legality, with appropriate safeguards to ensure accountability and judicial redress”. It stresses that the protection of personal data (Art. 8) “should be enhanced with the adoption of the data protection reform package”.

 

EU ministers gave Latvian Presidency a mandate to start trilogue discussions with the European Parliament and Commission this Monday 22 June. A first trilogue could already take place on 24 June before it moves over to the Luxembourgish Presidency. The aim is to wrap up by end of year. Major changes from the current legislation would include that companies processing personal data need to prove that data subjects have given explicit consent; multi-nationals would need to appoint a data protection officer. Non-compliance would lead to fines of up to 2% of annual worldwide turnover. Online service providers need to make it easier for customers to move their data to competitors; serious data breaches would need to be reported. Liability for data breaches and violations under the new scheme would be shared between data controllers (e.g. a bank) and data processors (e.g. a cloud provider). An indicative time table of the EPP Group can be found here. 

 

After Germany and The Netherlands, the Belgian Constitutional Court has declared the country’s data retention law illegal. The national law had been linked to the EU directive, which was struck down by the European Court of Justice last year. While NGOs, which - together with lawyers - had challenged the law, hail this as a victory of human rights, others consider this a serious step back in terms of legal certainty, law enforcement and efficient cooperation among stakeholders. Their reasoning is that the Belgian law was relatively well-balanced with regards to, for example, safeguards and retention periods, thereby limiting the number of requests for action. Considerable investments into infrastructure and security had already been made. Given current debates on terrorist threats, they argue, it is likely a new law might lose some of these features. Also, at this stage, it is unclear what will happen to the court cases, whose investigations are based on data obtained under the current law. 

 

Providers of critical infrastructure, such as energy providers, but also providers of telecommunication services, will need to implement minimum security standards and report security incidents to a central authority – otherwise they could face penalties of up to 100,000€. In addition, telecom providers need to warn their customers if they notice an abuse of their systems. According to the text, “critical infrastructure providers” largely correspond to those set out by the Commission’s NIS proposal. However, they will be further defined in a separate law in the coming months. It could therefore be assumed that during the ongoing NIS discussions, Germany will support harmonising requirements for certain providers of critical infrastructure while leaving it up to Member States to flesh out the criteria for additional ones. 

 

“How communities restore trust in the digital environment” – this will be the subject of a debate at the upcoming joint workshop of CENTR, LACTLD, AfTLD and APTLD at the IGF in Brazil in November 2015. Under the leadership of Giovanni Seppia and in cooperation with the ROs, CENTR submitted the proposal earlier this year. The MAG (Multistakeholder Advisory Group) confirmed its approval shortly before the Jamboree. Focusing on cybersecurity, the workshop will provide a forum to showcase examples that illustrate what the ccTLD and wider community has done to increase cybersecurity, expand and deepen the dialogue with local internet stakeholders and support the public good. Several ccTLDs as well as the Council of Europe have already confirmed their participation. Registries are invited to submit showcase examples in a CENTR survey, which will be sent out in the coming weeks. 

 

Telecoms package: A meeting of EU telecoms ministers on Friday on roaming charges and open internet (sometimes referred to as the “net neutrality debate”) proved disappointing to participants, as deadlock could not be broken. It is now open whether a 4th trilogue will take place under the Latvian Presidency. In the meantime, the European Parliament (EP) has sent its latest compromise proposal to the Council. The EP still insists on abolishing roaming altogether by 2016 while Member States take a more cautious approach fearing that telecoms providers would lose a substantial source of income to ensure innovation. The Council’s latest position still included the idea of a “basic roaming allowance” for customers travelling abroad and a complete ban of roaming only by June 2018. In addition, the EP and Member States are still far away from a common definition of net neutrality with the EP, seemingly internally split.

EuroDIG: A working group proposal on net neutrality failed to reach support among participants of the EuroDIG last week in Sophia. The most contentious issue proved to be “zero rating”, the practice of some mobile carriers to offer customers access to particular content or services at no additional cost. Whereas some saw this as a clear attack on net neutrality, others argued that European ISPs were expected to provide ever higher internet quality, but were not allowed to make money on it. However, the paper was finally rejected due to formalities, as most participants felt that they had learned about it too late. 

BEREC report: The Body of European Regulators for Electronic Communications (BEREC) adopted its report on how consumers value net neutrality in Croatia, the Czech Republic, Greece and Sweden.