This year, three members of our Brussels office are attending RghtsCon in Toronto: Executive Director Joe McNamee, Senior Policy Adviser Maryant Fernández Pérez and Policy Intern Gemma Shields. The conference days are full of panels, meetings, informal get-togethers and fun activities. Here is our guide to the sessions moderated or attended by EDRi staff.
Wednesday 16 May
Do we need free speech legislation like we have privacy laws?
16:00 – 17:00 EDT, 203B with Maryant Fernández Pérez, Nate Cardozo, Paulina Gutiérrez, Moses Karanja, David Kaye, Stephen Turner and Lisa Vermeer.
Around the world, there is some degree of national legislation that circumscribes privacy rights in an environment where risks are obvious. In freedom of expression, the activities of intermediaries can also restrict our rights as citizens or consumers. National legislation that positively protects our free speech against arbitrary restrictions by online companies is broadly absent. Intermediary liability discussions are not new. We have been having similar agreements and disagreements without moving the discussion forward for decades. This session aims at discussing whether free speech legislation as a backstop to unending state demands for private regulation of our online activities would be a necessary and proportionate tool. If positive legislation is not the solution, what durable framework and other measures can protect freedom of expression online in the XXI century?
Thursday 17 May
Human Rights Requirements of Cross-Border Data Demands
12:00 – 13:15 EDT, 201A with Maryant Fernández Pérez, Greg Nojiem, Lucy Pardon, María Paz Canales, David Lieber, Rauno Merissari, Bernard Shen
Law enforcement investigations increasingly rely on data stored outside the jurisdiction of the country that is investigating a crime. The current system of law enforcement requests made under mutual legal assistance treaties (MLATs) has not been able to keep up with the growing quantity of these requests. Requests often are not processed on a timely basis, which can result in criminals evading prosecution and law enforcement’s inability to interdict some crimes. The need for this data has spurred some governments to demand that their users’ data be stored locally, and has spurred others to issue surveillance demands that purport to have extraterritorial effect. In response, at least three processes are underway to develop mechanisms that address the problem: (i) the E-Evidence initiative of the European Union; (ii) bi-lateral agreements – such as those envisioned in the U.S. CLOUD Act — to permit direct demands on communications service providers made by particular countries in which they have no physical presence; and (iii) a negotiated protocol to the Budapest Cybercrime Convention that would enable signatories to the protocol to make direct demands on providers in other signatory nations.
This round-table is designed to explore the human rights criteria that should be built into these new mechanisms. For example, must a signatory to the planned protocol to the Budapest convention have a legal system that requires judicial authorisation of data demands? Must a signatory to a bilateral agreement agree to give notice (or delayed notice) to the subject of its data demand? Is it realistic to expect that countries will change the processes by which they obtain access to Internet users’ data so the country can participate in one of these new mechanisms and get a speedy response?
10 days before the EU GDPR becomes applicable: are you ready?
12:00 – 13:15 EDT, 204C with Joe McNamee, Estelle Masse, Ann Cavoukian, Isabelle Falque-Pierrotin and Jeremy Rollison
On May 25, 2018, the EU General Data Protection Regulation will become applicable. This law sets new rules and obligations for companies collecting, using, selling, sharing and storing personal information from people leaving in the European Union. Almost 7 years after the launch of the negotiations on this law, several questions remains: are companies ready to comply with it? Are users aware of their rights and how to exercise it? How did EU state implement the law? Are data protection authorities ready and equipped to enforce the rules? This session will explore these issues in a dynamic format where the audience will be presented the reform and hear from a company, DPA and civil society about the opportunities and challenges brought by this law.
Can trade agreements such as CPTPP NAFTA and RCEP be used as a tool for advancing digital rights?
16:00 – 17:00 EDT, 204B with Maryant Fernández Pérez, Gisela Pérez de Acha, Sean Flynn, Deborah James, Cynthia Khoo, Jeremy Malcolm, Milton Mueller, Gus Rossi and Parminder Jeet Singh
While the worst of the IP chapter may be suspended in the Trans-Pacific Partnership (TPP), ongoing negotiations in trade agreements continue to put our digital rights at stake: the North American Free Trade Agreement (NAFTA), the Regional Comprehensive Economic Partnership (RCEP), and what remains of the TPP itself, now known as the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP). Across the board, digital rights advocates are concerned about the serious procedural shortcomings in trade agreements, such as lack of transparency and lack of meaningful consultation with civil society. Additionally, such agreements impact Internet policy in substantive ways, but do not accord with the established multistakeholder nature of Internet governance. However, differences of opinion have emerged as well. Some digital rights advocates see opportunity as well as threat, believing that trade agreements can be effective tools for advancing digital rights. For example, agreements might be used to persuade member countries to improve privacy protections and expand free expression rights or reduce online censorship. On the other hand, other experts among civil society have cautioned against this, noting that the particular model of trade agreements observed to date has increased inequality and given greater rights to big corporations at the expense of workers, consumers, and the environment. Thus, these agreements may be more susceptible to giving greater rights to monopolistic Internet giants at the expense of users in the digital context, such as our privacy and personal data rights, fair use rights, and the ability to innovate without permission.
This session will be a round-table debate among experts and advocates in digital rights and trade, representing different points of view concerning the general issue outlined above. Panellists will engage with each other and the audience to explore this central question: Can regional and international trade agreements be used to advance digital rights, and if so, how? The panel will focus, in particular, on the electronic commerce / digital trade and intellectual property chapters of key trade agreements currently undergoing negotiations, such as NAFTA, RCEP, and CPTPP. Specific provisions to be discussed include data localisation and free flow of data, and possible harmonisation of users’ rights through fair use in copyright. Interactivity is built into the session as audience questions will be taken over the course of the debate and integrated into panelists’ discussion throughout.
Avoiding a Race to the Bottom: Bringing Human Rights to Cross-Border Data Demands
17:15 – 18:15 EDT, 206D with Maryant Fernández Pérez, Fanny Hidvegi, Karen Audcent, Eduardo Ferreyra, Tamir Israel, Katitza Rodriguez and Jeremy Rollison
Law enforcement authorities across the world are continuously seeking to gain access to data in different jurisdictions, wherever the data is held. Currently, the primary international mechanism for facilitating governmental cross border data access is the Mutual Legal Assistance Treaty (MLAT) process, a series of treaties between two or more States that create a formal basis for cooperation between designated authorities of the signatories. However, MLATs have been criticised for being slow and inefficient. The MLAT regime includes steps to protect privacy and due process, but agencies have increasingly sought to bypass it, by either cross-border hacking, or leaning on large service providers in foreign jurisdictions to hand over data voluntarily. In particular, access to data collected, processed and stored by big U.S. Internet companies has become an increasing demand worldwide due to the prominence of U.S. internet companies. To fix the problems with MLATs, several government and regional proposals have emerged. This session will explore how MLAT reform can address many current problems, as well as map different approaches to this issue in different jurisdictions to try to bring human rights to cross-border data demands in line with the Necessary and Proportionality principles.
From the proposed CLOUD act that would empower the U.S. executive branch to enter into bilateral surveillance agreements with foreign nations, to the negotiations of a similar agreement between the United States and the United Kingdom; to proposals in the European Union and the Council of Europe that may facilitate direct cooperation on access to data between internet companies and governments. We’ll discuss these proposals to try to identify common policy and legal challenges, divergences and potential for cooperating in a joint future strategy: how can we ensure that these proposals will avoid a race to the bottom in the protection and defence of our rights and freedoms?
Friday 18 May
Can global digital rights survive Europe’s Copyright Directive?
12:00 – 13:15 EDT, 206D with Joe McNamee, Renata Avila, Burcu Kilic, Dinah PoKempner and Abby Vollmer
The European Union has a strong reputation for protection of privacy, free speech and the rule of law. Its rules on the liability of internet companies are among the best in the world and have been widely copied. Now, the proposed EU Copyright Directive seeks to create legal chaos by re-defining the EU’s liability rules, re-defining hosting services as publishers and demanding measures such as mandatory surveillance of all uploads and filtering of any content identified by rightsholders. Participants will learn about the current stage of the decision-making process in the EU, with reactions from speakers with diverse geographical and legal perspectives, as well as contributing their own perspectives.
Workers Data Rights – Making sure the human remains in human resources
14:30 – 15:45, 202B with Joe McNamee, John C. Havens, Christina Colclough, Abhishek Gupta, Burcu Kilic and Parminder Jeet Singh
Join this great interactive panel to discuss how to fill a regulatory gap with regards workers’ data rights. Across the world, corporations are increasingly gathering, storing and using internal as well as external data in their human resource management; for example in recruitment, promotion, disciplinary or layoff processes. Some experts even ask whether data is taking the human out of human resources? Whilst consumers in many countries are covered by data privacy and protection laws, a huge regulatory gap exists: namely on workers’ data rights and protection. This session will address this gap by discussing why this is an issue, what companies can and should do, and what solutions are available. For unions, filling this gap will be the next frontier for collective bargaining, industrial policies and global framework agreements in the digital economy.
Lightning Talks: Inventions, Innovations and Free Trade
WTO E-commerce agenda: What’s the deal? What’s on the plate? Are we ready?
16:00 – 16:15, 205A with Burcu Kilic and Maryant Fernandez Perez, (European Digital Rights (EDRi) and Public Citizen)
Since United States (US) President Trump took office, the US-centric free trade agreement model has been falling apart and global trade discussions have started to centralise around the World Trade Organisation (WTO). Big trade players are now targeting the WTO as a reliable vehicle to foster a global digital trade agenda that will affect our human rights online. E-commerce and, more broadly, digital trade have become a hot topic in the current agenda of the WTO.This lightning talk has three aims. First, we would like to show how important trade discussions are for the community. Second, we highlight the implications of some of the proposals for digital privacy, data protection, algorithms, encryption, competition or even cybersecurity. Third, we’ll show how to get involved in these discussions before it is too late. We have only two years to learn, understand, raise our voice and advocate for our rights. We need to be ready.