EU Tech Policy Brief: September 2019 Recap

This is the September 2019 recap issue of CDT’s monthly EU Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them.

CJEU rules in landmark case on territorial reach of Right To Be Forgotten

The Court of Justice of the European Union (CJEU) ruled that search engines are not required to globally delist search results in ‘right to be forgotten’ cases. In this case, the French Data Protection Authority (CNIL) fined Google for only removing search results on European domains. CDT and other organisations filed an intervention in the case in 2016 before the French State Council, arguing that global delisting would cause unacceptable infringements of free expression rights. We were pleased that the CJEU agreed with this reasoning. However, the Court also stated that while global delisting is not mandated by law, it is also not excluded. Future cases with a different weighing of interests could lead to a different conclusion, and EU lawmakers might in the future pass legislation that would require global application. Still, while the last word has not been spoken on this important matter, the CJEU ruling is a welcome recognition of the free expression issues at stake.

Technology policy questions for candidates for the new European Commission

The European Parliament is conducting hearings to question candidates for the new European Commission. The hearings are an opportunity for Members of the European Parliament to ask candidates about their views on issues in their portfolios. Of particular interest are those candidates whose assigned areas of responsibility include digital policy and fundamental rights issues. They are: Vestager (Executive VP, Digital, Competition), Goulard (Internal Market), Johansson (Home Affairs), Jourova (Values, Transparency), and Reynders (Justice). CDT published a set of questions on key policy concerns relevant to our areas of interest. We suggest questions on online free expression and innovation in the Digital Services Act, on 5G, and on net neutrality, encryption, and data retention. Parliament’s decision on the College of Commissioners is expected in late October.

Digital Services Act: the European Parliament to draft own-initiative report

The Digital Services Act will be one of the most consequential digital policy initiatives the new European Commission is due to undertake. As we explain in our recent paper on principles for intermediary liability, it is critically important to get the upcoming reform of the E-Commerce Directive right. Limited liability for content hosting has been crucial for the growth of innovative online services, and for Europeans citizens’ free expression and access to information. It is therefore both understandable and positive that Members of the European Parliament say they plan to draft an own-initiative report ahead of a legislative proposal from the Commission. We are engaging with MEPs to brief them on the issues involved.

The European Parliament confirms rapporteurs on draft legislation on E-Privacy, Terrorist Content, and Electronic Evidence

Parliament has begun work on draft pieces of legislation that were not finalised in the previous Parliamentary term. Three of them are issues CDT has been working on actively. Ahead of the upcoming ‘trilogue’ negotiations on the draft Terrorist Content Online Regulation, MEP Patryk Jaki (ECR, PL) has been appointed rapporteur for the lead Civil Liberties Committee. On the draft legislation on cross-border access to e-evidence, Birgit Sippel (S&D, Germany) will continue as rapporteur. Equally, on the draft e-Privacy Regulation, Birgit Sippel maintains her position as a rapporteur of the file. On each issue, political groups have also appointed, in some cases reappointed, supporting ‘shadow’ rapporteurs. CDT looks forward to continuing our work with MEPs on these important issues. 

CDT comments on EDPB guidelines on the processing of personal data through video devices 

This month, CDT submitted comments on Draft Guidelines on the processing of personal data through video devices to the European Data Protection Board (EDPB). CDT agrees with the EDPB that video surveillance should remain the exception and not the rule. We welcome the proposal to encourage multi-level notifications, but argue that warnings should not replace affirmative consent. We also stress that data sets built with facial analysis algorithms should be developed in an ethical and transparent manner. Finally, we ask the EDPB to clarify how organisations can process video and image data for research purposes to improve facial recognition technologies and facial analysis algorithms.

CDT publishes report on transparency of Bulk Interception Practices of European Intelligence Agencies

On 13 September, CDT published a report on the bulk interception practices of intelligence agencies around the world, including in European countries. The focus of the report is to document that several European governments maintain high levels of transparency about their use of bulk interception practices. The report includes a high-level review of these practices in EU Member States such as the U.K., Sweden, Germany, the Netherlands, Finland, and France. The ultimate objective of the report is to counter the claim that similar levels of transparency in the United States would pose a serious risk to U.S. national security. CDT supports litigation to change U.S. government practice, which classifies information about its bulk interception practices as a state secret. 

Facebook published charter for its Independent Oversight Board 

On 17 September, Facebook published the charter that will govern the functioning of its Independent Oversight Board. The Oversight Board will be the first of its kind, and is an important initiative in social media content moderation and governance. After the Board was announced in November of last year, CDT took part in several workshops and meetings with other public interest groups and experts. Among other things, the charter describes how the members of the Board will be appointed, how the cases to be examined will be chosen, and how the Board will make decisions on those cases. The cases, which could be flagged by both Facebook and its users, will have to be significant and difficult. The possibility for users to appeal to the board for a decision could be available as early as the first half of 2020. 

IPR enforcement Case-Law Collection

The European Union Intellectual Property Office (EUIPO) published a new report, “IPR Enforcement Case-Law Collection – The liability and obligations of intermediary service providers in the European Union.” The collection focuses on the liability and obligations of intermediary service providers in the European Union, and gives an overview of relevant decisions of the Court of Justice of the European Union (CJEU) as well as of national courts in 14 selected EU Member States. The publication includes cases issued between 2016 and the beginning of 2019.