EU Policy Update - Summer 2018

EU Policy Updates 17-09-2018

In a nutshell: While summer months are typically calm on the policy front, the 2018 summer turned out to be a very interesting time for ccTLDs. The Parliament ITRE Committee’s report on the EU Cybersecurity Act got adopted by expanding its scope directly to the DNS. The Committee also came up with its draft position regarding the .eu regulation that is currently ongoing its revision. The content debate intensifies with copyright directive proposal moving to trilogue negotiations after the vote in the European Parliament, and the eagerly awaited proposal for tackling (read ‘blocking’) terrorist content online.

ITRE publishes its draft report on the .eu file

On 30 August, the European Parliament’s Committee on Industry, Research and Energy (ITRE) came out with its draft report on the .eu regulation. The draft text makes a stronger stance towards the importance of .eu to the European online identity and vocalises the need for a .eu registry to operate under public interest with increased standards towards transparency, fairness and accountability. In addition, the draft text attempts to grant more competence to a newly-proposed advisory body, a so-called Multistakeholder Council to advise the Commission on questions of blocking, revoking and suspending .eu domain names.


European Parliament expands the scope of the EU Cybsersecurity Act to ccTLDs

The EU Cybersecurity Act has currently entered the secret trilogue discussions between the European Parliament, the Council of the EU, and the European Commission to finalise its cybersecurity reform. The main purpose of the proposed EU Cybersecurity Act is to enhance cyber resilience by setting up an EU-wide certification framework for ICT products, services and processes. It would also upgrade the current EU agency for Network and Information Security (ENISA). The Cybersecurity Act gives ENISA new tasks in supporting Member States, EU institutions and other stakeholders on cyber issues. On 30 July 2018, the European Parliament (ITRE) published its main report on the file, directly inserting the reference to all top-level domains and strengthening the role of ENISA to participate in the policy-making that concerns ccTLDs, and operation of the DNS. In addition, according to the ITRE report, operators of essential services (including ccTLDs) are also subject to the newly-introduced certification scheme, however, this should be limited to the use of products and services that are crucial for their functioning. The Austrian presidency is considering the finalisation of the EU Cybersecurity Act as one of their priorities before the end of 2018.

Illegal content and intermediary liability

Upcoming legislation to tackle terrorist content online

On 12 September, the European Commission published its proposal for a legislation that would force online hosting platforms to take down terrorist content within one hour. The Security Commissioner Julian King has earlier commented on the file, justifying the need to address illegal content online by introducing a very tight deadline for removing “terrorist” content as referred to by law enforcement. The proposal for new legislation asks Member States to designate competent national authorities (in addition to Europol) that will be flagging unwanted content, and to oblige online platforms to swiftly react to such notices by removing the flagged content. In case it systematically ignores the take-down notices by these authorities, the online platform could face fines up to 4 percent of the company’s global turnover from the last business year. In addition, the proposal establishes a definition of terrorist content for preventative purposes. The European Commission seems to be interested in keeping the scope of a newly proposed legislation narrow to ensure the smooth(er) adoption of the proposal without much pushback from its co-legislators the European Parliament and the Council of the EU.

EU Code of Practice on Disinformation

On 17 July, following the communication of 28 April by the European Commission on “Tackling Online Disinformation”, the Multistakeholder Forum (consisting of representatives of online platforms, advertisers, media and civil society) published the Draft EU Code of Disinformation. By signing the Code and its Annex of best practices, the signatories agree to adhere to tackle disinformation online, including to have clear policies in place regarding the identity and the use of automated bots on their services. The proposal identifies as a possible industry “best practice” the creation of lists of "trusted flaggers" whose reports on certain topics should be assumed valid, and hence subject to less thorough checks by online platforms before removing flagged content (so-called “black- and white-listing”). The Code is expected to be finalised in September.

Copyright: Upload filters vote in the European Parliament

Following the rejection of the negotiation mandate of the European Parliament’s leading committee on the copyright file, the Committee on Legal Affairs (JURI) and the report prepared by the rapporteur MEP Axel Voss in July, the Copyright Directive proposal made it through another vote in the European Parliament amongst all 751 MEPs. European Parliament’s vote scheduled to 12 September confirmed the mandate as proposed by JURI. MEPs filed in the amendments focusing mainly on the two most contentious articles initially proposed by the European Commission: so-called neighbouring right for publishers (Article 11), and the upload filter forcing online platforms to monitor and take down content pre-emptively (Article 13). Axel Voss, who is leading the parliamentary efforts on the file, proposed amendments trying to accommodate the criticism which got his report rejected back in July, deleting the explicit reference to prevention of availability of copyrighted material online that essentially forces online intermediaries to actively filter its users’ activity. However, the proposed amendments still establish a different liability regime for online hosting service providers as enshrined in the e-Commerce Directive, potentially creating disparaging and conflicting rules for online intermediaries and their relationship to third-party content. Amendments proposed by Voss were largely supported by the vote in the European Parliament by 438 in favour, 226 against and 39 abstentions.

Law enforcement access

EESC issues opinion on e-Evidence

On 12 July, the European Economic and Social Committee (EESC) adopted its opinion on the proposed legislation to ensure better cooperation when processing cross-border requests to access electronic data necessary for investigating crimes – the so-called e-Evidence proposal. The file is currently being discussed in the LIBE Committee of the European Parliament, and at the Council of the EU. The proposal is targeted at granting law enforcement agencies direct cross-border access to data held by online service providers across the EU. The EESC expressed their concern over the Commission’s proposal that allows a prosecutor to issue an order for a subscriber and access data held by online service providers, and is advocating for extending the review by a judge to all orders concerning access to personal data.

LIBE adopts its report on the proposal for a directive combatting fraud and counterfeiting of non-cash means of payment

On 6 September, European Parliamentary Committee on Civil Liberties, Justice and Home Affairs (LIBE) adopted its position on the proposal for a directive combating fraud and counterfeiting of online payments. The Directive proposal criminalises such practice as phishing (i.e. “directing or redirecting payment service users to imitation websites”) and is expanding its scope to the use of cryptocurrencies and mobile payments. In its report, the LIBE Committee supported the Commission’s proposal to facilitate access to data held by operators of essential services, even if there is not enough clear evidence of a committed crime.

Outside of the EU bubble...

Council of Europe issues a recommendation to ensure children rights when establishing a ccTLD

When awarding a contract or license to an entity to become the registry for a country code top-level domain, the Council of Europe encourages states to include clear requirements to respect the best interests of children in its Recommendation on Guidelines to respect, protect and fulfil the rights of the child in the digital environment (4 July). In particular, the CoE recommends including a clear prohibition of the registration or use of any domain name which advertises or suggests that child sexual abuse material may be available, and to put in place concrete policies to prohibit registration of websites offering services for children by individuals who have been convicted of criminal offences concerning sexual abuse of children.

Spam decrease post-GDPR?

Recorded Future reports that despite many concerns over an uptick of spam after GDPR entering into force in May, in practice, the volume of spam has dropped. In addition, the level of new registrations in spam-heavy generic top-level domains (gTLDs) has also been on the decline since May, according to their report. Spamhaus, however, finds that slight variable in spam volumes are common and cannot be directly attributable to GDPR. According to Spamhaus, it is too early to make any convincing conclusions on GDPR effect on spam.

Published By Polina Malaja
Polina Malaja is the Policy Director at CENTR, leading its policy work and liaising with governments, institutions and other organisations in the internet ecosystem.