EU Tech Policy Brief: January 2018

This is the January issue of CDT’s monthly EU Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them.

Europe to Internet Platforms: Take Down More, Faster

From the beginning of 2018, European policy makers continued their crackdown on undesirable online speech. The European Commission demands that platforms filter, monitor, and remove content upfront; there is reportedly new legislation underway in France to combat ‘fake news’; and the implementation of the German social media law ‘NetzDG’ generated fresh controversies. We continue to reiterate the importance of avoiding restrictions on legitimate political speech, the need for enhanced transparency, and the need to ensure proper judicial oversight and remedies. This month the Commission also presented a third evaluation of its voluntary code of conduct on countering illegal hate speech online, showing that “IT companies removed on average 70% of illegal hate speech notified to them”; an increase from 59% in the second monitoring exercise in May 2017. As we previously stated, without transparency and judicial oversight it is impossible to say whether the content flagged and reviewed under the code is, in fact, illegal. The issue of online content that may be considered illegal, and finding the right company and public policies to manage these challenges, will no doubt be high on the agenda during the coming year, and we will be heavily engaged in that debate.

Copyright DSM: Bulgarian Presidency Adds New Complexity to the Debate

In December of last year, the Estonian Presidency called for political guidance from Member States on the most controversial elements of the copyright discussions: the press publishers’ right (Article 11) and the upload filter obligation (Article 13). This month, the incoming Bulgarian Presidency requested high-level guidance on these issues from Member State representatives. On Article 13, the Presidency sought political guidance on the notion of ‘communication to the public’, a concept that goes beyond the European Commission’s proposal itself. This would require a thorough Impact Assessment and public consultation before discussions go any further. Regarding the the choice between two policy options presented by the Estonian Presidency for Article 11, the Bulgarian Presidency posed further questions only around ‘Option A’, which essentially mirrors the Commission’s proposal. This may indicate the Presidency’s preference. We strongly support ‘Option B’, which proposes to improve the ability of press publishers to act against infringing uses of their publications by providing them with a presumption of representation in court.

ePrivacy: Need for More Focus on Information Security and Communications Confidentiality

A year ago, the European Commission published its ePrivacy Regulation (EPR) proposal, intended to replace the ePrivacy Directive. A year into the legislative process, Member States have made little progress. Our initial concerns with the proposal remain. We encourage legislators to ensure that the EPR safeguards communications confidentiality. They should do this by affirming the right of users and providers to use state-of-the art encryption, and providing legal bases for processing that are flexible enough to allow communications providers to manage security threats effects effectively. We suggest that legal bases should be as closely aligned with the GDPR as possible, allowing regulators to evaluate tracking practices and business models as they evolve, offline or online. There is no doubt that pervasive and opaque tracking by some actors in the ad tech industry is privacy-invasive and undermines trust in online services and applications. But, it is unlikely that overly detailed and prescriptive mandates on specific types of tracking in the web environment will prove an effective remedy. We prefer a technology-neutral, principles-based approach that can encompass technology and business model evolution. The incoming Bulgarian Presidency’s discussion paper, issued this month, demonstrates that Member States are far from reaching any consensus on these issues, as they continue to grasp for answers to fundamental questions, such as the proposal’s relation with the GDPR.

CDT Files Amicus Brief with U.S. Supreme Court in Microsoft-Ireland Warrant Case

This month, we joined with a range of trade associations and public interest groups in submitting an amicus brief to the U.S. Supreme Court in the Microsoft-Ireland warrant case. CDT has closely followed this case due to its implications for privacy worldwide. The brief primarily argues that warrants issued by U.S. courts cannot compel the disclosure of communications content stored outside the United States. Doing otherwise would not only invite foreign governments to demand the disclosure of data stored in the United States pursuant to their own legal process, but also damage the cloud computing industry by reducing trust.

MEPs Call on U.S. Congress to Pass Bill to Reinstate Net Neutrality

Following the Federal Communications Commission (FCC)’s vote in December to repeal net neutrality rules in the U.S., 149 Members of the European Parliament (MEPs) sent a letter to the U.S. Congress calling for the preservation of net neutrality. This initiative is led by MEP Marietje Schaake, who warns against the global impact of the FCC’s decision, arguing it represents a ‘threat to the open, free and fair internet’. We appreciate the Parliament’s initiative, as CDT has long supported rules that ensure an open internet, and will continue to advocate for the overturn of the FCC’s decision.

CPDP 2018: CDT Hosts Panel on Automated Decision-Making in Commercial Health

As is our custom, CDT supported the annual Computers, Privacy and Data Protection (CPDP) in Brussels. This year, the title of the conference was ‘The Internet of Bodies’. Our Privacy and Data director, Michelle De Mooy, organised a panel discussion on automated decision-making in commercial health, with MEP Michal Boni and an EDPS representative as panelists, amongst others. The panel discussed how health data is collected, shared, and used in commercial apps; what types of analytics models are used to generate recommendations for individuals; and how bias impacts different populations and developments in the market.