EU Tech Policy Brief: March 2024

This is the March 2024 issue of the Centre for Democracy & Technology Europe‘s monthly Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them. Our aim is to help shape policies that advance our rights in a digital world. Please do not hesitate to contact our team in Brussels: Asha Allen, Silvia Lorenzo Perez, Laura Lazaro Cabrera, and David Klotsonis.

CDT Europe Joins the DSA and Platform Regulation Conference in Amsterdam

On 17 February, the EU’s Digital Services Act (DSA) came into force in the EU, but there is more work to be done. New obligations and regulations now apply, which require taking steps towards ensuring transparency and effective monitoring of the law’s implementation and enforcement. This moment was, therefore, perfect for experts, EU policymakers, national regulators and civil society to come together to discuss those steps. 

To mark the occasion, the Institute for Information Law (IViR) and the DSA Observatory hosted a conference on the DSA and platform regulation in Amsterdam, where participants aimed to identify the DSA’s early successes and future challenges, in order to determine how the DSA might better regulate online platforms in the EU. Over two days, participants discussed key elements of the regulation from a human rights perspective. Topics covered included conceptualising and tackling systemic risks; exploring the most effective ways to make best use of the DSA’s research data access provisions; and the potential impact of the DSA beyond the EU’s borders. 

One topic of specific interest to CDT Europe was how to realise meaningful transparency by making the most out of newly available sources of data. Researchers at the conference highlighted that, although the DSA Transparency Database was recently set up, platforms have been uploading information in different ways, limiting the database’s current usefulness as a research tool. These insights fed into discussions on the Delegated Act on Data Access — secondary legislation that will outline the technical conditions for platforms to facilitate access to data — which will require a high level of specificity about how platforms share information, to ensure that researchers can access sufficient and readable data without unnecessary hurdles.

The collaborative exchanges at the conference definitively indicated that DSA stakeholders are ready to roll up their sleeves. Participants had a clear appetite to be meaningfully engaged in ongoing exchanges on how the DSA can best be implemented and monitored, as it moves into full enforcement.

European Court Passes Landmark Judgement in Podchasov v Russia

On 13th February, the European Court of Human Rights (ECtHR) issued a ground-breaking judgement in the case of Podchasov v Russia. The case concerned statutory requirements, imposed by Russia on the online messaging platform Telegram, to store all communications and content data and to submit that data to law enforcement authorities or security services. Telegram was also required to store and submit encryption keys and any other information necessary to decrypt communication data. 

The ECtHR categorically confirmed that solutions — like the Russian statutes — that weaken encryption, or create backdoors to facilitate access by law enforcement authorities to encrypted communication data in the context of criminal investigations, violate all users’ right to private life under Article 8 European Convention on Human Rights (ECHR). 

The Court took a strong stance in favour of encryption by recognising not only measures that break encryption, but also any measures that weaken the effectiveness and intended purpose of encryption (i.e., technical solutions like client-side scanning). With this judgement, the ECtHR confirmed that legislative proposals that advocate for solutions that weaken or break encryption impair the rights and freedoms of all users online, and not only the rights of those suspected of committing a crime. 

This judgement debunked the fallacy that “content moderation solutions” to gain access to encrypted content, such as those under consideration in the European Commission’s CSAM proposal, can be targeted and available only to the “good guys” for the purpose of crime prevention. In a blog post, CDT Europe provided a detailed analysis of the case.

Launch of the menAble Report on Understanding Online Gender-Based Violence

According to the World Health Organization, one in ten women have experienced some form of cyber violence since the age of 15. It’s clear that violence against women and girls — whether offline or online — is a serious human rights violation. That’s why CDT Europe supports the menABLE project, which aims to combat online gender-based violence (GBV) by fostering mutual awareness, tolerance, and respect. 

On 20 February, the co-organisers of the menABLE project held a launch event for their study, which outlines educational approaches to understanding and combating online GBV. CDT Europe supported the research project through expert interview and consultation, and CDT Europe’s Programme Director for Online Expression, Asha Allen, took part in the event as an expert panellist.

During a discussion focused on tackling gender-based violence online through integrated policies, Asha acknowledged that there has been a distinct shift in mindset amongst European lawmakers towards better understanding the proliferation and societal consequences of online GBV for young people, particularly those with ambitions to enter public life. This increased political willingness to tackle online GBV has led to legislative progress at the EU level, and with the new EU Directive on Violence against Women, there is now a concrete legislative framework in place. The Directive includes provisions to criminalise the most serious forms of online GBV. In addition, the Digital Services Act sets out obligations for the largest online platforms to mitigate the risk of other harmful forms of online GBV. 

CDT Europe is looking forward to seeing how the results of this study — which will provide useful recommendations for policymakers and educators as they go forward in tackling this pernicious form of misogyny — will be operationalised.  

You can rewatch the event in full on MenAble’s website. 

Long-Awaited Political Advertising Regulation Adopted by European Parliament

After months of delayed negotiations, which culminated in a political agreement at the end of 2023, the European Parliament approved the final EU Regulation on the Transparency and Targeting of Political Advertising, the last institutional step before the legislation enters into law across the EU. Having followed the file closely, CDT Europe joined our partners European Partnership for Democracy and Civil Liberties Union for Europe in a joint response to the adoption of the law. 

The letter outlines key recommendations for how lawmakers can still improve the law to ensure stronger safeguards for political expression and participation in elections. Though measures to tackle the most pervasive harms and the persistent misuses of personal data in the online political advertising ecosystem — like those seen in the Cambridge Analytica scandal — are welcomed, concerns remain on how the Regulation will work in practice. 

2024 is a crucial year for European democracy, with the world’s largest trans-national democratic election taking place in June. Whilst the provisions of this new law won’t take effect before the EU elections, its passage nevertheless sends a strong signal that the EU values transparent, open, and fair democratic processes. CDT Europe will be keeping a close eye on how the Political Advertising Regulation is rolled out, and will continue to advocate for avenues for civil society to inform effective, rights-protecting implementation and enforcement.