EU Tech Policy Brief: January 2019 Recap

This is the January 2019 recap issue of CDT’s monthly EU Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them.

Terrorist Content Regulation: Parliament Sets Off in the Right Direction

The European Parliament committees appointed to review the Commission’s proposal for a ‘Regulation on preventing the dissemination of terrorist content online’ have begun their work in earnest. Draft reports on the proposal have been published by lead MEPs from the Civil Liberties committee (LIBE), the Culture & Education committee (CULT), and the Internal Market committee (IMCO). We endorse in particular the IMCO and CULT opinions, which call for significant changes consistent with our initial analysis of the Commission’s proposal and our comments on the Council’s text. Among the core issues are: aligning the definition of ‘terrorist content’ with existing EU law; limiting the scope of providers covered; and ensuring that competent authorities are subject to judicial oversight. The most controversial issue is the notion of proactive measures. Mandating filtering technologies likely leads to an obligation to monitor in the meaning of the E-Commerce Directive.

DSM Copyright Directive: Negotiators Should Delete Articles 11 and 13

Negotiators from Parliament, Member States, and the Commission have yet to reach consensus on the most controversial parts of the proposed legislation. On 18 January, the Council of Ministers rejected the negotiating mandate proposed by the Romanian presidency. Member States once again failed to agree on Articles 11 (press publishers’ right) and 13 (upload filters). However, it now looks as if the French and German governments have ironed out remaining differences. They disagreed about whether small hosting providers should be exempted from obligations under Article 13. They have now agreed on what looks like a meaningless carveout, paving the way for final sign-off and closure of negotiations. If Council reaches agreement with Parliament, record labels will rejoice, but many rightsholder groups will not. In a recent letter, film industry associations and sports leagues expressed their strong objection to Article 13. In a recent letter, CDT and more than 80 other human rights, technology and digital rights groups called for the deletion of both Articles 11 and 13, for reasons we have stated repeatedly.

Disinformation: The European Commission Reviews Initial Results of Its Code of Practice

On 29 January, the European Commission announced the first results reported by companies that have signed up to the Code of Practice Against Disinformation. The Commission recognises efforts undertaken by the signatories, but also calls for more action. The Code of Practice includes several sensible measures, such as improving transparency of political advertising, disabling ad revenues for ‘bad actor’ sites that traffic in disinformation, ensuring the authenticity of user accounts, and improving tools for reporting of false news and disinformation. However, as we have cautioned before, efforts to tackle disinformation must be carefully targeted and scrupulously avoid political bias. This is not easy: research has demonstrated that when people are asked to report false news and disinformation, they tend to flag journalism that may be biased, partisan, superficial, or inaccurate. Here lies the risk of concept creep, resulting in material being restricted which is not, in fact, disinformation. This would be a very troubling outcome for open political debate in the runup to the European Parliament elections.

RTBF: CJEU AG Spuznar Disagrees with CNIL’s View On Worldwide Application

On 10 January, Advocate General Szpunar of the Court of Justice of the European Union (CJEU) released his non-binding opinion regarding the efforts by France’s data protection authority (CNIL) towards the broadest possible application of the ‘Right to Be Forgotten’ law. AG Szpunar is of the opinion that the delisting that search engines are required to do should be limited to the European Union. We welcome this opinion; it echoes our concerns that CNIL’s demand for global application would set a dangerous precedent for other regimes to impose their national speech restrictions on people in other countries.

French Data Protection Authority Issues First Fine Under the GDPR  

On 21 January, France’s data protection authority (CNIL) fined Alphabet’s Google 50 million euros for breaching the recently adopted General Data Protection Regulation (GDPR) over ad targeting and transparency requirements on its Android mobile operating system. “The amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent,” the CNIL said in a statement. This decision follows the complaints of two NGOs: None Of Your Business (noyb) and La Quadrature du Net (LQDN). A number of complaints against a range of digital platforms are underway and being reviewed by Data Protection Authorities.

CDT in Full Force @ CPDP 2019

This year, the theme of the Computers, Privacy and Data Protection (CPDP) conference in Brussels was ‘Data Protection & Democracy’, which captures CDT’s mission perfectly. Michelle Richardson, who directs CDT’s Privacy & Data Project, participated in a panel titled “Access, Move and Protect Data in the Age of AI“. CDT’s European Affairs Director, Jens-Henrik Jeppesen, participated in two panels: “Protecting EU 2019 Elections – A Joint Responsibility” and “From Research to Product Launch: Multistakeholder Perspectives on an Ethical and Privacy-By-Design Approach to Artificial Intelligence”.