This is the July 2021 recap issue of the Centre for Democracy & Technology Europe‘s monthly Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them. Our aim is to help shape policies that advance our rights in a digital world. Please do not hesitate to contact our team in Brussels: Iverna McGowan and David Nosák.
CDT Europe Co-organises Public Webinar Focusing on Human Rights Due Diligence in the DSA
CDT Europe and the Global Network Initiative (GNI) hosted a public high-level panel, where leaders in the area of human rights, online speech, and business discussed the challenges and opportunities put forward by the proposed due diligence regime in the Digital Services Act (DSA).
The speakers were David Kaye, Chair of the GNI Board and former UN Special Rapporteur on Freedom of Expression; Peggy Hicks, Director of the Thematic Engagement, Special Procedures and Right to Development Division of the UN Human Rights Office (OHCHR); and Patrick Breyer, Member of the European Parliament and Rapporteur of the Civil Liberties Committee (LIBE) Opinion on the DSA. The panel sought concrete solutions to key questions on the potential similarities and differences in business and human rights due diligence for supply chains, versus due diligence for online speech, and what might be the best human rights due diligence model for the DSA.
The debate was livestreamed, and can be watched here.
CDT Europe’s Feedback on the European Commission’s AI Act
CDT Europe submitted its feedback to the European Commission on the Artificial Intelligence Act, proposed in April of this year. We welcome the EU AI Act and the high priority it aspires to give to protecting fundamental rights, and stress a number of points that should be improved. All AI systems should be subject to a human rights impact assessment and regulation proportionate to the risks identified in that assessment. A risk-based approach can be helpful in ensuring proportionate regulation, but in order to appropriately protect human rights, regulation must also integrate a rights-based approach.
Among other subjects, our submission touches on the topic of biometric surveillance by law enforcement in public and explains that the exceptions for its use included in the proposal involve some of the highest risks to human rights. In addition, although the proposal has ad hoc references to content moderation, CDT Europe misses a reference to how automated content analysis can be inaccurate and perpetuate discrimination.
Moreover, we regret that the proposal limits avenues for individual redress or access to remedy for harms caused by AI-based systems. Remedies are almost exclusively accorded to vendors of AI and professional users (including governments), and not individual users nor marginalised or at-risk groups. We believe that Article 2 of the Treaty on European Union should be added as an additional legal basis for the proposal, which could allow for a mandate for equality bodies, national human rights institutions, and ombudspersons to be integrated into the governance system the proposal lays out.
Finally, we regret that the proposal gives disproportionate power to private actors. It is unclear how the proposed standards could be enforceable, in particular with regard to individual or group complaints. The self-assessment and standardisation approach risks absolving public authorities from policymaking (and offloading it to privatised standards instead).
Group of NGOs Led by CDT Europe Opposes Calls to Regulate Encryption
CDT Europe led a group of 14 NGOs in reacting to a recent opinion piece by Catherine De Bolle, the executive director of Europol, and Cyrus R. Vance, Jr. district attorney of New York County, who made an extraordinary bid to undermine encryption.
The piece is unfortunately misleading in the claim that the authors support “strong encryption, just not unregulated encryption.” As any technologist or engineer will confirm, communications are either end-to-end encrypted, or they are not. ‘Regulated encryption’ is a euphemism for government back-doors to our communications; backdoors undermine the security of communications to leave open a vulnerability for attacks from malevolent actors.
There is no such thing as a backdoor only for the good guys, and even if there was, the recent Pegasus scandal is a reminder that not all governments are ‘good’ and that ‘good governments’ can act badly. Encryption helps prevent spies, criminals, and hostile governments from accessing and exploiting confidential communications. Equally, it protects the work of journalists and human rights defenders, as well as privacy and safety of vulnerable communities and the public in general.
CDT Europe Is Looking for a New Colleague to Support Its Advocacy and Communications Activities
CDT Europe is seeking an Advocacy & Communications Assistant to help support its work on protecting human rights and democracy in the digital age. This position offers an exciting opportunity to get involved in promoting human rights and democratic principles through advocacy and communications at the EU level, particularly around subject areas like the functioning of online platforms, artificial intelligence, electronic communications, and the internet as a whole.
The position will be based in CDT’s Europe Office in Brussels, Belgium. An ideal candidate will have a relevant degree and some work experience in the area of EU policy related to digital rights, as well as social media management skills. We are an equal-opportunity and inclusive employer, and believe that a diverse staff enables us to do better and more impactful work. Women, people of color, and members of low-income, disadvantaged, and LGBTQI communities are strongly encouraged to apply. Applications close on 16 August, 2021. Read the job advertisement for more details.
CDT Europe Director Warns Against Targeted Advertising in the Context of the DSA
In the context of the discussions about targeted advertising in the Digital Services Act (DSA) proposal, CDT Europe’s Director Iverna McGowan warned against the misuse of personal data for spreading disinformation and called for stronger enforcement of the General Data Protection Regulation (GDPR). McGowan also added that disinformation techniques driven by such misuse have unfortunately eroded the credibility of the media as a whole, and echoed the opinion of the European Data Protection Supervisor (EDPS), which calls for restricting the categories of data available for advertisers.
A coalition of Members of the European Parliament from the socialist, liberal, green, and leftist political groups suggested phasing out surveillance-driven advertising in the recently adopted opinion on the DSA by the Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE). While media representatives fear that this measure will undercut their business model and harm media pluralism, the politicians see targeted advertising as a systemic problem that needs a systemic change.
CDT Europe Reacts to the Adoption of the ePrivacy Derogation by the European Parliament
The European Parliament adopted the temporary ePrivacy derogation, which will legalise voluntary scanning of electronic communications by tech companies in search for child sexual abuse material (CSAM). In reaction, CDT Europe stated that some fundamental rights safeguards that appear in the report, such as the reference to the protection of end-to-end encryption or the reporting obligations for companies, were to be welcomed. However, the overall approach taken in this instrument is of concern.
Constant scanning of private communications breaches people’s privacy and may expose children to an even greater risk. Error-prone automated filters will mistakenly mark some content as illegal, which can be wrongly shared with law enforcement and put innocent citizens under false suspicion.
CDT Europe shares the EU legislators’ goal to protect children; child sexual abuse is a serious crime with extremely serious consequences for the victims. All forms of violence against children online and offline must be effectively eliminated. However, it should also be noted that many effective measures to achieve that goal may also be found outside of technology, ranging from public education and victim support to improved cross-border police cooperation.