EU Tech Policy Brief: February 2017

This is February issue of CDT’s monthly EU Tech Policy Brief. It highlights some of the most pressing technology and Internet policy issues under debate in Europe, the US, and internationally, and gives CDT’s perspective on them.

President Trump’s Executive Order on Public Safety bodes ill for transatlantic relations on privacy and trade

US President Trump began his term in office with a multitude of actions and announcements that seem intended to make good on his campaign promises to upend and undermine long-standing US principles and policies on human rights, trade, and defence. One of these actions was an Executive Order on “Enhancing Public Safety in the Interior of the United States“. The order does not immediately impact the recent Privacy Shield framework, agreed between the EU and the US to replace the Safe Harbor. It also does not revoke privacy protections granted to European citizens under the Judicial Redress Act. But denying Privacy Act Protections to non-US persons is a reckless and unnecessary political signal. It undermines privacy, trade, and transatlantic relations, writes CDT President & CEO Nuala O’Connor. CDT also commented on the nomination of Neil Gorsuch to the Supreme Court, the nomination of Jeff Sessions as US Attorney General, and the White House’s failure to comply with standard government privacy practices.

European Commission issues progress report on strategy for improving criminal justice in cyberspace

As part of the European Agenda on Security, the European Commission committed to addressing the challenges law enforcement authorities face when obtaining digital evidence for cross-border criminal investigations. In December 2016, the Commission’s Directorate-General for Home Affairs (DG HOME) published a ‘Progress Report’ on Improving Criminal Justice in Cyberspace, which mainly reflects concerns of law enforcement agencies, and does not pay enough consideration to the importance of procedural and evidentiary standards as safeguards against unwarranted disclosure of data. But the report provides valuable data that can help progress towards solutions. The Commission should be commended for its open and consultative approach. CDT will work with the Commission and other stakeholders for solutions that enhance privacy, enable effective criminal investigations, and give service providers legal certainty. CDT has for some time argued that policy solutions are necessary in this field. A robust debate is taking place on options for US legislative reform.

European Commission proposes new legislation on electronic communications privacy

The European Commission’s ePrivacy Regulation (EPR), presented publicly on 17 January, will replace the ePrivacy Directive, which was updated with ‘cookie’ provisions in 2009. The EPR broadens the scope to cover a broad range of internet-based communications services and applications, even when the communications functionality is only an ancillary part of the service. At the centre of the debate will be the proposed rules on online tracking and monitoring for advertising purposes, and conditions for using location and traffic data to provide location-based services. Another strand of discussion will focus on the conditions for access to content and metadata for law enforcement and other public sector agencies. Data processing outside of the scope of the EPR will be regulated under the 2016 General Data Protection Regulation, and the Commission hopes to complete the EPR legislative process so it can enter into force when the GDPR does in May 2018.

European Commission Online Hate Speech Code of Conduct — progress report shows need for judicial oversight, transparency, and appeals

In May 2016, the Commission signed a Code of Conduct on Countering Illegal Hate Speech Online with major internet companies. The CoC obliges companies to review content flagged as illegal hate speech within 24 hours, and to take action under their terms of service and, ‘where necessary’, applicable law. At the time, CDT encouraged the Commission to ensure that courts and judges review decisions about illegality of content, that criteria for suppression be clear and transparent, and that remedies be available to challenge deletion. A progress report presented by the Commission in December 2016 was an occasion to repeat these recommendations. It seems that there is little consensus about what constitutes illegal hate speech. A selection of NGOs, funded by the Commission, flagged content they believed to be illegal, but only 28.2% of those notifications led to content removal. There were wide differences between NGOs’ ‘success rates’, and differences between Member States, which is not surprising in light of the differences in the underlying laws. Commissioner Jourová was quick to demand that companies take down more content — and more quickly. But on what basis she concluded that too little content was removed, we do not know. Unless the EC ensures judicial review and transparency, it is impossible to say whether the content flagged and reviewed under the code is, in fact, illegal.

Parliament and Council debate controversial proposals for upload filtering and new rights for publishers

The most problematic provisions of the proposed Directive on Copyright in the Digital Single Market are Article 13, which erodes the liability protections in the E-Commerce Directive, and Article 11, which gives news publishers ancillary rights for online use of content. This approach was tried and failed in Germany and Spain. The problems underlying the proposals are essentially business issues — revenue-sharing between different parts of the value chain — and should not be dealt with in copyright legislation. Imposing monitoring obligations and upload filtering has serious consequences for innovation and free expression on the internet. Publishers’ rights will likely have similar effects but will not help fund news organisations. Article 3 on text and data mining restricts the proposed text and data mining exception to non-commercial purposes, a narrow approach that excludes start-up companies and news media, among others. Member States and the European Parliament have begun their discussions, and CDT is engaging with both institutions on the proposed directive to obtain much-needed improvements.

European Parliament Culture & Education committee’s ongoing work on the proposed AVMS revision

The European Parliament is amending the legislative proposal to reform the EU Audiovisual Media Services (AVMS) Directive. The draft report led by the Culture and Education (CULT) committee in the European Parliament contains particularly problematic proposals that would impose an obligation on ‘video-sharing platforms’ to monitor uploaded content and prevent users from being exposed to certain types of undesired content. As is the case with the DSM Copyright Directive, this would violate intermediary liability protections in the E-Commerce Directive. CDT co-signed a letter with EuroISPA and EDRi to MEPs of the CULT committee on the issue.

CDT @ CPDP 2017: Artificial Intelligence, Fundamental Rights, the ‘Right to Obscurity’

This year, CDT was pleased to support the annual Computers, Privacy and Data Protection (CPDP) in Brussels. This year, the title of the conference was ‘The Age of Intelligent Machines‘. CDT’s Ali Lange participated in a panel on Algorithmic Decision Making, AI, and Fundamental Rights, presenting CDT’s work on ‘Digital Decisions‘, and discussed the ‘right to explainability’ at the Privacy Camp session. Jens-Henrik Jeppesen gave CDT’s perspective on the free expression implications of global implementation of the Right to be Forgotten at a panel on ‘The Right to Obscurity: Implementing the Google-Spain decision’.