Europe’s net neutrality rules are ready to be tested on the ground: BEREC, the body of European regulators for electronic communications, published guidelines for national regulators who will be responsible for overseeing the rules when applied by telecom providers. The latter will see their opportunities to diversify data speed offers reduced (but hold their tongues for now). In the meantime, (draft) documents keep leaking out of the Commission – copyright and the telecom review being first on the list. Official versions expected in Q4 include: Telecoms review (13/9), copyright (21/9), Cloud computing (October), Startup initiative (November), free flow of data (30/11), VAT for e-commerce and e-Privacy (December).
A glimpse at the upcoming EU copyright reform: Drafts of the copyright impact assessment (IA), communication and Directive have been leaked ahead of publication on 21 September. The copyright reform will cover a vast array of topics from online transmissions (regulation), access to audiovisual content, the use of protected works in teaching, text and data mining, the fair remuneration of authors, and the use of protected content by online services (directive; IPR potentially separately). These are services that distribute (store and give access to) content uploaded by end-users, social media, news aggregators, etc. According to the Commission, this often happens without ensuring that the right holders can control what happens with their content and/or receive a fair share of the revenues. Notwithstanding the possibility that the ECJ could bring clarity through a ruling on whether an uploaded content service is responsible for what happens on its platform and/or benefits from exceptions laid out in the e-commerce directive, the IA suggests the following: such services should be obliged “to seek, in good faith, to conclude agreements with rights holders and to put in place appropriate and proportionate content identification technologies”. Obviously, this bears that risk that also authorized content falls prey to “upload filtering”. A “link tax” does not seem off the table – though far from being called that way or anything related to ‘ancillary rights’ (related to laws in Germany and Spain, which are considered ineffective): a new right specific to news publishers would be introduced to help them negotiate better deals (license agreements) with online service providers. Meanwhile the shuffling of competences within the European Parliament is ongoing, with JURI likely to take over responsibility of the copyright dossier.
BEREC Guidelines on net neutrality: BEREC published Guidelines for national regulators (NR) on the implementation of European net neutrality rules (set out in the Telecoms Single Market Regulation EU 2015/2120). The guidelines do not create new rules (s.a. BEREC presentation). They will set the standard on how NRs oversee (and enforce) telecom companies. They are expected to provide a first annual report on the implementation by 30 June 2017. CENTR submitted a Board of Directors contribution on the need to mitigate (prevent rather than detect) the risks of IP spoofing through continuous security measures (“filters”). These concerns were responded to in an amendment that declared that such measures should be deemed “justified” by NRs.
Impact assessment on telecoms review: A recently leaked impact assessment on the telecoms review (framework for electronic communications) suggests that so-called OTT (over-the top players, i.e. providers of communication services over the internet) will become subject to the same levels of regulation as traditional telecom providers. This would include sector-specific obligations related to contractual rights, transparency, quality of service, contributions to universal service funds, access to “112” emergency services and caller location information (privacy requirements are covered by the e-privacy directive). So far, OTT are not subject to these requirements even though they cover similar communication needs of end-users (without providing conveyance of signals). This will require the Commission to come up with a new definition of “electronic communications services” (ECS) to prevent legal uncertainty (s.a. ECJ ruling in Case C-475/12). ECS cover services provided over networks, including telephone calls, messaging and Internet access services.
ETNO not happy with EU’s ePrivacy plans: The association of telecom operators claims that harmonised privacy and data protection rules are impossible to achieve as long as the (“horizontal”) GDPR and the (sector-specific) ePrivacy Directive co-exist. Telecom operators, the blogpost argues, would be covered by both, whereas others, like OTT, would only be covered by the GDPR. Apart from confusion, this would lead to legal uncertainty and an unlevel playing field. Areas of overlap include: security of processing, data breach notifications, location and traffic data, cookies, spam. The authors conclude that the ePrivacy directive “is outdated and no longer needed” and should be repealed.
Encrypted - decrypted? France’s interior minister Cazeneuve is on a mission to crack down on encryption – and he finds supporters. Together with his German counter-part he called upon (FR, DE) the Commission to pass new legislation on encryption - “not banning it”, but facilitating access to communication to law enforcement. In addition, host provider product liability (i.e. responsibility for uploaded content) should be introduced, and the powers of Europol expanded (especially of the Internet Referral Unit, IRU). The plan will be presented at the next informal Council meeting on 16 September. The statement with the UK confirmed an exchange of best practices in the field, but did not indicate whether the latter would join the franco-allemande initiative. However, France and the UK agreed to collaborate on security issues even after the Brexit.
Microsoft gains support in fight against US Justice Department over “gag orders”: Mozilla, Apple, Google, EFF and others back Microsoft in a lawsuit over informing its customers that the government is requesting their data. Legal experts argue that citizens are protected against “unreasonable searches” by the Fourth Amendment (betanews).
The real economic impact of cyber-incidents: This question is at the heart of ENISA’s review of several studies relating to the cost of incidents affecting critical information infrastructure. Despite the lack of comparability (e.g. impact per country vs. cost per incident, real costs vs. approximations), here are some conclusions: costs are highest in the finance, ICT (for both, mostly DoS/DDoS and malicious insiders) and energy sectors. Insider attacks are most costly. Losses can account for up to 1.6% of GDP per country, or between 425,000 to 20 million Euros per company per year.
Privacy Shield hits 100 companies mark: 103 companies have slipped under the new EU-US data transfer agreement since it entered into force on 1 August. About 200 applications are pending. For comparison, about 4,000 companies had signed up to the now invalidated Safe Harbour Agreement. Companies need to self-certify annually to the US Department of Commerce that they comply with the Shield’s requirements (privacy policy, recourse mechanism, verification mechanism, etc.) – otherwise they can be fined.
Hate speech 1: Facebook et al. failing to tackle online extremism: In a report, the UK Home Affairs Committee, stated that Facebook, Twitter and YouTube are “consciously failing” to combat the use of their sites to promote terrorism and killings. The companies stated that they manually searched for potentially extremism content and then made assessments on whether to take it down or suspend an account. Obviously, this is not enough in the eyes of the committee, which threatens to require obligatory cooperation with CTIRU (the UK’s counter terrorism internal referral unit), transparency on their counter-terrorist actions and the introduction of “trusted flagger” systems similar to YouTube’s.
Hate speech 2: US companies stepping up efforts: Aware that Microsoft hosted consumer services can be used to advocate hate speech, Microsoft announced a “new dedicated web form for reporting hate speech” and a web form for requests to consider and reinstate content. The company claims that is has never, “nor will we ever – permit content that promotes hatred” based on, e.g. age, gender, race, etc. – an ambitious goal. Microsoft is also a signatory of the Commission’s code of conduct against illegal hate speech. Twitter seems to be working on a keyword-based tool that allows users to filter the posts they see and thereby block harassing or offensive tweets. The tool would be similar to the comment moderation tool used by Facebook’s Instagram app for business users.
Further reading:
- New technologies will make society richer by cultivating trust (The Economist)
- Israeli firm accused of creating iPhone spyware (The Guardian)
- Judge dismisses suit against Twitter by families of ISIL victims (Politico)
- Events: FT-ETNO Summit 2016 (27/09/16, Brussels); ICT Proposers’ Day (H2020) (26-27/09/16, Bratislava)
