The European Commission continues pumping out proposals and new initiatives in a bid to get Europe up to digital speed standards. It’s not all that innovation-focused though: the ultimate aim seems to be to ensure that all the (‘new’) actors that keep shaking up the Internet “as we know it” do not escape legislation and take on their fair share of responsibility. Topics in this update: ICT standardisation, tackling hate speech, consumer & data protection, IPR, and encryption.
Betting on standards: One way to achieve the digitisation of European industry, according to the Commission, is to boost standard-setting in ICT, which should enhance interoperability across devices, operating systems, etc. Efforts will be concentrated on five priority areas identified by the Commission’s advisory expert group, the Multi-Stakeholder Platform (MSP, see members): 5G, IoT, Cybersecurity, Cloud and Big Data (see Rolling Plan 2016). Collaboration and investment is to be achieved through public private partnerships (e.g. on cybersecurity, Future Internet). The strategy is laid out in a Communication on ICT Standardisation (COM (2016) 176) published in April, which is part of an overall approach to the modernisation of EU standardisation policy (COM (2016) 358). The major component of the latter is the “Joint Initiative on Standardisation” (JIS), which will be formally launched on 13 June. It brings together European/national standardisation organisation, industry, trade unions, the Commission and Member States.
US Tech companies commit to tackling hate speech online – in Europe: The European Commission and four US Tech companies announced a code of conduct on hate speech online. This is the result of the clandestine work of the so-called “EU Internet Forum” that (officially) saw light in December 2015 (more info). The companies include Facebook, Twitter, YouTube and Microsoft (see blog post) whose (intermediary and social media) platforms have seen an increase in the spread of illegal hate speech. Through the code of conduct, companies commit to reviewing internal procedures, providing staff training, and removing or blocking illegal hate speech within 24 hours upon receipt of a “valid removal notification”. The code also includes identifying and promoting counter narratives. It is likely that the review of EU copyright rules will see more pressure on intermediaries with regards to liability for online content. (EC press release; Code of conduct).
IPR roadmap and inception impact assessment published: The Commission plans to modernise the enforcement framework of intellectual property rights (Directive 2004/48/EC, IPRED). A proposal can be expected in Q3 2016 (see roadmap) focussing on “commercial-scale infringements” and introducing the “follow the money approach”. It will link up to the copyright review (intermediaries and copyright-protected content) and clarifications of rules on activities of intermediaries related to tackling illegal content online (e-commerce directive). The IPRED review will address the right of information (requests of claimants), cross-border execution of injunctions, damages, legal costs, publication of judicial decisions, role of intermediaries (strengthening their involvement in preventing IPR infringements), specialised courts, and other issues (see inception impact assessment).
DG CNECT reshuffle (update): To better reflect its digital priorities, DG CNECT is undergoing some restructuring: Units related to e-government, eIDAS and e-infrastructure will move to Luxembourg and join DG Digit (s.a. leaked draft organisational structure). The Internet Governance task force will be integrated into Directorate E (Future Internet), unit E.3 (Next Generation Internet). Good news: Megan Richards will remain Principle Advisor to DG CNECT. Thibaut Kleiner will become deputy head of cabinet for Commissioner Oettinger. He previously headed the unit responsible for network technologies, including IoT.
Another Digital Single Market package released: In a bid to complete its ambitious list of digital single market related (DSM) measures, the Commission published another package separated into two parts: e-commerce and audio-visual rules & platforms. Some of the initiatives are likely to have a considerable impact on internet (infrastructure) actors. The revision of the consumer protection regulation will strengthen the role of national authorities, giving them the power to, e.g. immediately suspend, block or take down websites and domains. They can also require ISPs, registrars and registries to supply any information in any form if content is likely to cause harm. In a “problem-focused” approach, the Commission seeks to handle issues through sector-specific initiatives, e.g. hate speech or terrorist content in the audio-visual area (protection of minors). Whereas no “platform regulation” is foreseen, actors in this field are likely to be implied in these initiatives as well.
Digital expectations from the next EU Presidency: On 1 July, Slovakia will take over the rotating EU Presidency from the Netherlands. Its digital programme will be closely linked to the Commission’s DSM timeline. Among the main issues are: spectrum allocation (470-790 MHz), wholesale roaming prices, telecoms review, e-government, and obviously to obtain more details from the Commission on DSM initiatives, including digital platforms, free flow of data, ePrivacy and ICT standardisation.
ECJ Opinion considers dynamic IP addresses personal data: According to the General Advocate’s opinion, this is the case, e.g. when an ISP has supplementary detail by which (together with the dynamic IP address) the user is identifiable (Art. 2a of the Directive). Processing of such data would therefore be subject to the new data protection rules. The opinion relates to a law suit filed by Patrick Breyer (Pirate Party) against the German government for logging visits to government sites (Case C-582/14). The opinion is non-binding, yet it is common that the ECJ’s decision follows it. (Opinion; background info on EU Law Radar; more on Breyer's opinion)
EU & US sign “Umbrella Agreement” on data protection in law enforcement: Mind you, this is not the same as the “Privacy Shield” (see below), which puts obligations on US companies with regards to the processing of EU citizens’ data. The Umbrella Agreement (Council press release, text) facilitates the exchange of data in law enforcement cooperation (transfer and processing for the purpose of preventing, investigating, detecting or prosecuting criminal offences, including terrorism). At the same time, it enhances EU citizens’ data protection rights in that it ensures equal treatment with US citizens when it comes to judicial redress rights before US courts.
EU-US Privacy Shield under pressure: European stakeholders are not convinced of the data transfer agreement as it stands now. The European Data Protection Supervisor (EDPS) asks for “robust improvements” in order to make sure that the Shield withstands potential challenges by the European Court of Justice. In a resolution, the European Parliament, welcomes the negotiators’ efforts and improvements, but says that the current draft violates the EU Charter of Fundamental rights. The contentious issues remain the independence and powers of the ombudsman, the possibility of the US to access data transferred from the EU and to collect bulk data (i.e. mass surveillance) as well as the complexity of the redress mechanism. The US, however, is not ready to move on access and bulk collection that it considers matters of national security. During the same week, the Irish data protection commissioner said that the current practice of using model clauses (an alternative to the invalidated self-certification under Safe Harbour) would also violate the EU Charter, as citizens’ whose data was mishandled cannot seek redress. Next steps: The Article 31 committee is scheduled to meet on June 6 and 20 in a bid to find agreement. The final text could then be presented at the meeting of EU ministers on July 7 (further reading on EU/US approach to privacy).
Backdoors are not the ultimate solution – for now: ENISA and Europol have long been at odds over encryption. In a joint statement, they now agreed: “While this [mandatory backdoors] would give investigators lawful access in the event of serious crimes or terrorist threats, it would also increase the attack surface for malicious abuse, which, consequently, would have much wider implications for society.” The privacy-security balance will continue playing a role when their position is being refined, especially when it will come down to how law enforcement should technically intercept encryption.
Further reading
- Justice and Home Affairs Council to adopt conclusions on improving criminal justice in cyberspace and European judicial cybercrime network, via EU Council
- Draft BEREC Guidelines leaked: EU’s forthcoming Net Neutrality rules. Here’s the good, the bad and the ugly, via Netzpolitik
- UK at serious risk of over-blocking content online, human rights watchdog warns, via arstechnica
- Guide to the code of conduct on hate speech (see above), via EDRi
- IoT devices will dominate market by 2018, via Siliconrepublic
- German government agrees on law paving way for more public Wi-Fi, via Reuters and heise-online (DE only)
- United Internet steps up fight against spam, via heise-online (DE only)
- British Parliament releases report on draft Investigatory Powers Bill for intelligence services, via parliament.uk
