European Policy, Government Surveillance, Privacy & Data
EU Tech Policy Brief: February 2023
Also authored by CDT Europe’s Vânia Reis and Rachele Ceraulo
This is the February 2023 issue of the Centre for Democracy & Technology Europe‘s monthly Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them. Our aim is to help shape policies that advance our rights in a digital world. Please do not hesitate to contact our team in Brussels: Iverna McGowan, Asha Allen, and Ophélie Stockhem.
CDT Launches New Report on Privacy Protection, Independent Researchers, and Access to Social Media Data in the U.S. and EU
On 25 January, CDT published a new report, “Defending Data: Privacy Protection, Independent Researchers, and Access to Social Media Data in the U.S. and EU”. Authored by Caitlin Vogus, Deputy Director of CDT’s Free Expression Project, the report analyses whether existing and proposed laws in the U.S. and EU that govern the disclosure of social media data to independent researchers risk opening the door for unjustified law enforcement access to users’ data.
Lawmakers on both sides of the Atlantic have passed, or are considering, legal mechanisms requiring social media companies to provide researchers with access to stored social media data. In the EU, the Digital Services Act (DSA) introduces a new transparency regime requiring providers of ’very large online platforms’ and ‘very large search engines’ to provide vetted researchers, including civil society organisations, with access to certain data. While allowing researchers access to this data is a critical step towards improving transparency and accountability in tech, and addressing human rights risks posed by the sector’s products and services, these laws could unintentionally become a vehicle for law enforcement authorities to illegitimately surveil social media users through increased data access.
The report lays out a set of recommendations for how U.S. and EU policymakers can address these issues. In the context of the DSA, while provisions requiring the disclosure of social media data to researchers are not likely to result in further legal requirements for disclosure of data to law enforcement, there remains a risk that law enforcement personnel may find it easier to access social media data from researchers in practice, regardless of legal protections. Therefore, the report advises policymakers charged with implementing Article 40 of the DSA — the provision that lays out requirements for disclosing social media data to researchers — to mandate that any data-sharing agreements not only prevent researchers from sharing data with third parties, but also obligate both platforms and researchers to be transparent about how they handle the personal data of subjects.
European Parliament Votes on Proposal for a Regulation on Political Advertising
On 2 February, the European Parliament voted — with a large majority — to adopt its position on the draft Regulation on the Transparency and Targeting of Political Advertising, paving the way for negotiations with the Council to begin. The Regulation forms part of the European Democracy Action Plan, and aims to increase transparency about and harmonisation of rules across the EU related to online and offline political advertising.
CDT Europe welcomes the significant steps the European Parliament has taken to bolster the draft legislation by ensuring adequate protection for political free expression and including measures to concretely combat data-driven voter manipulation. In a first reaction to the vote, CDT Europe’s Asha Allen said:
“We very much welcome this commitment by the European Parliament to ensure our democratic spaces, particularly online, are safer and more transparent. The opaque status quo of the online political advertising environment has contributed to increased polarisation and the undermining of information reliability. The Parliament has introduced important changes to address these issues, as well as essential additional safeguards to protect human rights and further limit the abusive uses of personal data. We hope that these vital elements are maintained in the negotiations, as these will be essential to protecting democracy; we stand ready to continue working with all institutional partners to achieve this aim.”
CDT Europe has long advocated for action from the European institutions to further protect our online civic and democratic spaces, whilst ensuring safeguards for political free expression, one the most protected forms of speech. It is important to provide users with the ability to freely access relevant information and better understand the content they are engaging with, whilst tackling the evident negative impacts surveillance-based and behaviourally targeted advertising has had on our societies.
CDT Warns Against Banning Encryption and Client-Side Scanning in New Report on Children’s-Rights Approach to Encryption
On 19 January, the Child Rights International Network (CRIN) and Defend Digital Me launched a report that lays out an approach to encryption that recognises and respects children’s rights, and was informed by CDT Europe’s Director Iverna McGowan’s expert contribution.
In the report, McGowan outlined ongoing attempts to undermine encryption through technical means, such as client-side scanning, and the risks that stem from legislative mandates for government access to encrypted communications, including in the context of the EU proposal on child sexual abuse (CSA) material. McGowan stressed the need to acknowledge the limits of automated technology in addressing CSA content, and the threats of empowering law enforcement entities with a mass surveillance mandate without the necessary checks and balances.
The report echoes CDT’s call for governments to rule out any generalised ban on encryption in the services children use, as it would leave them vulnerable to a wide range of exploitation and abuse. It also reiterates that the EU’s Proposal on CSA, and the requirements it sets out, do not fulfil the principles of legality, necessity, and proportionality under International Human Rights Law — as highlighted by both the UN Commissioner for Human Rights and the European Data Protection Supervisor.
Don’t forget to check out CDT’s publications for this month, and to sign up to receive the other CDT’s newsletters!