This is the June 2019 recap issue of CDT’s monthly EU Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them.
Expert discussions on implementing Article 17 of the Copyright DSM Directive
On 13 June, the European Copyright Roundtable convened experts from academia, industry, and civil society to discuss the implementation and impact of Article 17 (formerly Article 13), which imposes new obligations on a broad category of online content hosts. Concerns raised covered over-blocking of online content, the redress mechanism, and the obligations to enter into licensing agreements with rights holders for copyrighted content and prevent uploading of content in the absence of agreements. There was broad agreement that it will be difficult to implement Art. 17 while also providing users the important right to appeal content takedown decisions, and to remedy when they win those appeals. Few users whose content is suppressed have time and resources to challenge content takedown or suppression decisions.
This was the most detailed discussion yet on Art. 17’s impact on the online media landscape, innovation, and users’ free expression and access to information. CDT will engage in further discussions to ensure Member State implementation of the Directive takes these priorities into account.
E-evidence: U.S.-EU and Council of Europe negotiation on cross-border access to data
On 6 June, the Council of Ministers mandated two things of the European Commission. The first was to negotiate an agreement with the United States facilitating access to electronic evidence. The second was to negotiate a second additional protocol to the Council of Europe Cybercrime Convention on behalf of Member States. Both instruments aim to facilitate law enforcement access to e-evidence for criminal investigations. They will complement proposed EU legislation on access to e-evidence currently being discussed by the institutions. On the latter, the Council also adopted its position on the European Production and Preservation Order certificates that will be used to issue requests for e-evidence in criminal matters. These changes complement its December 2018 position.
The Commission and its U.S. counterparts took note of both negotiation mandates at the 19 June EU-U.S. Justice and Home Affairs Ministerial meeting, and discussed steps taken by the U.S. authorities to open bilateral negotiations under the U.S. CLOUD Act. Regarding the European e-evidence legislation, Parliamentary debate is expected to restart after the summer recess. CDT will continue our work on these proposals to ensure they include the right privacy and procedural safeguards.
Ministers discuss ePrivacy Regulation and Data Retention
On 7 June, having once again failed to reach a common position on the proposed ePrivacy Regulation, Member State Ministers took note of a progress report of the Romanian Presidency. The report shows that a number of differences among national delegations still persist. The report refers to “concerns about the way the ePrivacy proposal would interact with new technologies,” including machine-to-machine communications, the Internet of Things, and artificial intelligence. Discussions also addressed how the ePrivacy Regulation would interact with existing and future data retention regimes. On the latter point, several Member States argue that new EU legislation is required to put in place uniform data retention schemes that comply with CJEU rulings on the matter. Commission staff is consulting with industry and civil society groups on this question. The incoming Commission leadership will decide whether to propose EU-level initiatives. Many Member States operate retention schemes that have not been adapted in light of the rulings.
European Commission reflects on a possible “Digital Services Act”
Several Member States have adopted or are considering new regulations for internet platforms that collide with the provisions of the E-Commerce Directive that limit liability for hosted content. Commission services are currently considering policy options for the new Commission leadership to update the Directive, for all digital services in the single market, notably online platforms. Among the Commission’s objectives would be to harmonize divergent rules for online services across the single market, address outdated rules and regulatory gaps, create incentives to tackle online harms and protect legal content, and provide public oversight. Furthermore, legislative reform could include new provisions on scope, intermediary liability, general monitoring, and automated filtering, regulating content moderation, rules for online advertising services. This policy debate is fundamentally important for the future online environment. CDT will be actively engaged in going forward to promote solutions that enable and protect online free expression, access to innovation, innovation, and entrepreneurship.
Debates on GDPR one year in
CDT participated in meetings with privacy professionals in Italy, focusing on their experience with the GDPR in the year since it went into effect. An important theme at the Internet Privacy Engineering Network workshop, organised in Rome by the European Data Protection Supervisor, was the principle of privacy by design. Companies are struggling to implement this principle, as there is uncertainty about what “state of the art” solutions in privacy by design are. Uncertainty on this issue will only grow: like technology, business models, and consumer expectations evolve, so will standards under the regulation. Discussions also pointed to companies that use leadership on privacy as a valuable selling point. In some cases, greater awareness of the value of data has led companies to offer users a reward for their consent.
The CJEU AG opinion on Austrian online defamation case
In an Austrian defamation case, Advocate General Szpunar’s opinion said that Facebook can be ordered to seek and identify all comments identical to defamatory ones found to be illegal, and equivalent comments that originate from the same user. The Advocate General also said that relevant EU law is silent on whether Facebook can be ordered to delete the comments at issue only in Austria, within the EU, or even worldwide. The opinion, while answering the questions posed by the referring Austrian court, also raises new questions: How should a social network assess the legality of the user’s equivalent posts? Should Facebook rely only on filters, or should it implement a human review? What should a reviewer’s background be? How far into the past and future should Facebook look for and remove posts? CDT will provide more analysis on these questions in the coming weeks.
CDT at RightsCon 2019
CDT was out in force at RightsCon in Tunis in June. RightsCon, organized by AccessNow, is a major annual event for the digital rights community. It attracts top-level advocates, human rights experts, government officials, and leaders from the technology industry. CDT representatives led and appeared at panels on topics such as law enforcement and the Internet of Things; the Budapest Convention on Cybercrime; the use of social media information in U.S. immigration adjudications; data laundering; remedies for algorithmic discrimination; and the threat of government agents impersonating journalists.