28 Oct 2016

We are looking for a Community Manager

By Kirsten Fiedler

European Digital Rights (EDRi) is a not-for-profit association of 31 digital rights organisations from across Europe. EDRi is the only European NGO specialising in the protection of digital rights. Our objectives are to promote, protect and uphold civil rights in the field of information and communication technology, such the rights to privacy, data protection and to freedom of expression.

We are looking for a Community Manager who will contribute to one of the organisation’s main goals which is to strengthen organisations defending digital civil rights in Europe and improving the cooperation between them.


You will be able to develop an activity which is not only new for EDRi’s network but also completely unchartered territory across Europe. You will get the opportunity to help build capacity of a movement, support EDRi’s members and observers become sustainable and to professionalise, in order to amplify their voice and impact.


  • Develop and implement an internal community-building strategy,
  • Map the activities by national advocates across Europe,
  • Analyse information produced by the network, of the channels and tools already in use,
  • Improve EDRi’s internal communication & cooperation (via an analysis of the network, members and current collaboration),
  • Build coalitions and communicate with EDRi’s members/observers, including visits of at least 4 EDRi members/year,
  • Identify potential candidates for EDRi membership and observership.

The successful candidate should possess the following:

  • Ability to connect and build relationships
  • Ability to empower and motivate
  • Experience in activism and building and supporting long term relationships
  • Outstanding networking skills and highly developed interpersonal skills.
  • A demonstrated interest in and enthusiasm for human rights and technology-related issues
  • Fluent English, other languages are a plus.

What we offer:

The role offers a challenging and diverse part-time role in a fast-growing NGO, with flexible work hours. The contract is limited to 22 months, however there is a possibility that the position is extended to full-time with a permanent contract. We offer the exciting opportunity to help defend the civil and human rights of people across Europe and beyond. Our team in Brussels is a blend of languages, cultures and professional backgrounds. A remuneration package will be offered and discussed at interview stage.

Location: Flexible, including regular travels to EDRi’s members. Preferably Brussels-based or within an easy distance from Brussels, but other options are also considered for good candidates.

Applications should be by email in the format of CV with a covering letter (only pdf files will be accepted) to: Michela Petruzzo, Senior Office Manager, via email: michela.petruzzo(at)edri.org – Closing date for applications is Friday 30 November 2016.


26 Oct 2016

#3 Freedom to make mistakes: How to defend yourself from abuses


This is the third blogpost of our series dedicated to privacy, security and freedoms. In the next weeks, we will explain how your freedoms are under threat, and what you can do to fight back.


Public availability of sensitive information: What is that and how it works?

In the online environment we constantly feed companies and institutions with our personal information. In most cases, we are not in control of the use of that information. The information we consciously provide can be combined with other pieces of information and create completely new information that we did not even know could be created. This can cause risks for our freedoms, also offline.

Nowadays a big part of our social interaction happens online, in social media like Facebook, Snapchat and Twitter. Apart from the information you post or send via these services, they can also collect other information from your devices, such as location data, battery levels, and the list of apps you have installed in your phone. By combining all this data, it is easy to connect this information to you even even if you used a pseudonym. Being anonymous online is far more difficult than it seems.

And the internet does not forget. Think about it: anything you post online now (or that you posted years ago!) could be later tracked back to you, by anyone who happens to get access to it. An old online communication that you thought was private could come up in a job interview, and affect your chances to get employed. The threats are even greater in countries where freedom of expression and freedom of assembly are not respected. In the worst cases, the information about you could be used to damage your financial or even personal security.

How to claim back your freedom

When you post something online, you need to be sure to use the best available tools to protect yourself from others snooping on your private life. One of the best ways to reduce risks is the use of encryption messaging apps and add-ons that can protect your privacy.

Install TOR and use it to browse the web anonymously and easily: TOR is used by activists and journalists all around the world. The technology is both easy to use and it is regularly updated by experts.

Install Signal. Recommended by whistleblower Edward Snowden as one of the best available apps, this application allows you to chat securely. All the communications are encrypted end-to-end by default, including group chats and attachments. This means that nobody but the person to whom you send the message will be able to read its contents. Sometimes it is a pain to change to a different technology. However, the more people that use Signal, the more people will use Signal! Privacy and security needs leaders to set an example… Try Signal, it’s as easy as any other instant message app! Ask the five people with whom you are in contact the most regularly to start using it, too, and you’ll be able to chat with them, with no risk to your privacy and security.

John is also dealing with the risks of re-identification in this video, prepared by our member Association for Technology and Internet (ApTI) – Romania:


What can politicians do to safeguard your freedoms online?

The rules on online privacy in the EU (ePrivacy Directive) will be soon updated. This law is dealing with privacy and confidentiality of communications for the entire EU, and it affects tracking and other issues related to your freedoms online. Are politicians ready to fight for your protection?

Read our previous blogposts here, and stay tuned to our next blogposts to know more about your freedoms online, and how they are threatened!

Read more:

Facebook researchers are trying to predict when you and your spouse will break up (28.10.2013)

Ever liked a film on Facebook? You’ve given the security services a key to your soul (13.01.2015)

In insurance Big Data could lower rates for optimistic tweeters (23.10.2016)

Quiz: Can we guess your age and income, based solely on the apps on your phone? (03.03.2016)


24 Oct 2016

Privacy Camp 2017: Call for submissions

By Kirsten Fiedler


Join us for the 5th annual Privacy Camp! Held every January just before the start of the CPDP conference, the camp brings together civil society, policy-makers and academia to discuss existing and looming problems for human rights in the digital environment. As every year, the event is co-organised by EDRi, Privacy Salon, USL-B and VUB-LSTS.

When: 24 January 2017, 9am – 5.30pm
Where: Université Saint-Louis, Boulevard du Jardin Botanique 43, 1000 Brussels, Rooms P60 and P61 (TBC)


Who controls (your) data, who controls the machines? These questions are at the very center of the debates surrounding the pending adoption of important EU-wide legislation, such as the review of the ePrivacy Directive, the smart borders package, the draft Regulation on dual-use goods and the latest filtering proposals in the draft copyright Directive.

We invite you to propose a panel for one of these two tracks:

Track 01 controlling data
Topics: #metadata #onlinetracking #export #surveillance #accountability #UploadFilters

Track 02 controlling machines
Topics: #IoT #InternetOfThings #algorithms #wearables #sharingeconomy #AI

Some things to keep in mind when submitting your proposal:

  • indicate a clear objective for your session: what would be a good outcome for you?
  • indicate other speakers that could participate in your panel (and invite them)
  • make it as participative as possible, think about how to include the audience as much as possible
  • send us a max 500 word description of your session.

How to submit:
1. Send your proposal to Imge: imge.ozcan (at) vub.ac.be before 23 November 2016.
2. After the deadline, we will review your submission and let you know by 6 December 2016.
3. The draft programme is scheduled to be announced in the first week of January 2017.

Please note that it is possible that we suggest to merge proposals if they are very similar.

24 Oct 2016

Civil society urges EU leaders to protect citizens’ data in trade agreements

By Heini Järvinen

European Digital Rights (EDRi), together with 20 civil rights organisations and individual signatories, sent a letter to the leaders of the European Union. In the letter, a broad coalition urges the European Commission and Member State representatives to resist pressure and come forward with proposals which will not sacrifice citizens’ fundamental rights.

EU leaders must protect individuals’ personal information and privacy. The best way to do this is by not including data flows in trade agreements,

said Maryant Fernández Pérez, Advocacy Manager of EDRi.

The European Union should defend its values and regain its leadership on this key issue,

she added.

The letter highlights the negative impacts that including clauses on processing and transfer of personal data in trade agreements like the Trade in Services Agreement (TiSA) could have. It explains how the problems could be solved and encourages EU leaders to adopt a positive, citizen-focused agenda, which will help rebuild trust in trade negotiations.

EDRi and its members have joined efforts with consumers organisations in this initiative. Another open letter, also co-signed by EDRi, was sent to Commission’s president Jean-Claude Juncker to underline that the EU should set a global example for a data protection-proof trade policy. Otherwise, as independent research has shown, trade agreements will never work for citizens. They will not just undermine fundamental rights, but also trust and vibrancy in the data economy.

Read more:

Open letter: Trade agreements, data flows, data protection and privacy

Corporate-sponsored privacy confusion in the EU on trade and data protection (12.10.2016)

Study: Trade and privacy – Difficult bedfellows? How to achieve data protection-proof free trade agreements

BEUC and EDRi urge the EU Commission not to undermine citizens’ privacy in trade agreements (13.06.2016)

EDRi analysis of Wikileaks’ TiSA leaks of 15 September and Greenpeace’s TiSA leaks of 20 September 2016

Why privacy safeguards in trade deals need urgent improvement


19 Oct 2016

ENDitorial: Commissioner defends nuclear attack on internet freedom

By Joe McNamee

The European Commission launched its proposal for a Copyright Directive in September 2016. The legislation includes new rules on filtering of uploads to the internet, text and data mining and the so-called “link tax”.


In response, on 9 September, the Copyright for Creativity Alliance (including EDRi) sent a letter to European Commission Vice-President Andrus Ansip about the copyright reform that was launched recently under his authority. On 12 October, the Commissioner responded.

In the letter, Ansip said:

One of the main goals of the Commission’s Digital Single Market Strategy is to achieve a wide availability of creative content across the EU.

The proposal suggests to create a power for copyright holders to prevent the upload of ANY content that contains some of their work – which includes the power to block availability of perfectly legal and democratically valuable quotation or parody. This quite obviously does not achieve a wide availability of creative content across the EU.

Worse still, going beyond any surveillance and censorship regime imposed anywhere else in the world, the Commission not alone proposes mass filtering and blocking of uploads to the internet in Europe. It also privatises this activity, putting the hands of bizarre “pluristakeholderism” – like multi-stakeholderism, but without internet users. This means that (big) rightsholders and internet companies will cooperate to decide what filtering is implemented and how.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

In the letter, Ansip said:

We acknowledge the positive effects of the limited liability regime established in the e-commerce Directive on innovative online services.

Under existing EU law (in the e-commerce Directive), internet companies are protected from liability for illegal or unauthorised activity of their customers. This is crucial to minimise incentives to monitor and censor internet users and to allow innovation to flourish. What he did in his proposal was to kill the limited liability regime in a kind of legislative “drive-by shooting”. It moves virtually all internet hosting providers outside the scope of the e-commerce Directive by saying that availability to the public is not a passive activity (as recognised by the e-commerce Directive and the Court of Justice of the EU). It does this with just one word – “thereby”:

“Where information society service providers store and provide access to the public to copyright protected works or other subject-matter uploaded by their users, thereby going beyond the mere provision of physical facilities.”

Having already killed the e-commerce Directive, it then drives a stake through its heart by saying that providing such a service is “performing an act of communication to the public”. This means that not alone is the pre-existing protection from liability removed, the hosting company becomes directly liable for any infringements carried out by its customers.

In the letter Ansip said:

Our goal is not to change this regime and not diminish innovation and user choice.

What he did in his proposal was to create a right of appeal for unfair deletion or blocking of user content. This is not a bad thing and this makes it clear that the Commission itself sees a risk of the legislation diminishing user choice. However, we know from experience that online companies rarely remove user content because it is “illegal”. They remove it because it is an alleged breach of their terms and conditions. There is no mechanism in EU or national law to force internet companies to host material they have decided was in breach of their terms of service. As a result, the “safeguard” that is proposed by the Commission will not be usable in practice. The Commission has recognised that it has created a problem and failed to deliver a solution.

Worryingly, the analysis in Commissioner Ansip’s letter is not just wrong. It is demonstrably, obviously and egregiously wrong.

Copyright for Creativity Alliance’s sent a letter to Andrus Ansip (09.09.2016)

Ansip’s reply to Copyright for Creativity Alliance’s letter (12.10.2016)

Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market (14.09.2016)

(Contribution by Joe McNamee, EDRi)



19 Oct 2016

Censorship in Italy: Child protection is the excuse again

By Guest author

One of the recurrent attempts to control the internet is the excuse of “child protection”. Italy has moved a step to this direction, and is going to release a new law against “cyberbullying” that confirms this new trend. This new project follows the same well-worn, failed approach.


The draft has been modified by the Chamber of Deputies of the Italian Parliament, and will be discussed in the following months in the Italian Senate which was the author of the first draft.

The text, as amended, contains many worrying points.

First, the scope of the legislation has been extensively broadened: all the possible crimes that can be conducted online are included. If the purpose of the new legislation is to fight cyberbullying, the logic behind including other crimes is difficult to understand.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

These inclusions will only create legal uncertainty. How will a certain conduct be criminalised, and based on which law? Is the purpose of this law to actually fight cyberbullying?

Secondly, what raises more doubts is the clause related to the instruments that would be used for the enforcement of this “protection” against cyberbullying.

On one hand, a board of “experts” will be created to find appropriate measures to combat cyberbullying. Leaving aside the scepticism deriving from previous experiences with “expert” groups, the criteria to select the board is far from clear. The expert group should be able to elaborate appropriate measures to fight cyberbullying in only 60 days.

On the other hand, thanks to this new provision anyone who will feel hurt, defamed, harassed, stalked or offended by certain content will be able to act directly. They can inform the platform where the content appears, and ask for its removal. At the same time, the same person will inform the Data Protection Authority (DPA), who will control the removal of the content, and act directly to assure it after 48 hours, if the platform does not act as requested.

This new activity is likely to increase enormously the already high number of requests that the DPA receives. However, it does not foresee any increase to the DPA’s budget.

This specific measure will have two consequences: unilateral and arbitrary censorship of content, and a huge power for and pressure on platforms to act without any form of neutral examination. The consequences are unpredictable.

According to experts and journalists, the new project, assuming it will be amended by the Senate, is the result of non-evidence based digital policies. The internet, at least in Italy is rarely considered from a positive perspective, at least by the texts like this one – for example as a place or an environment useful also to improve the lack of digital literacy. Using cyberbullying as an excuse to regulating the internet by censoring inconvenient content, and by delegating the responsibility to private companies is an enormous threat to our democracies. The Italian Senate needs to stand up for its citizens, and defend an internet where rule of law and fundamental freedoms are respected.

Italy on the verge of the stupidest censorship law in European history (18.09.2016) https://boingboing.net/2016/09/18/italy-on-the-verge-of-the-stup.html

Cyberbullies in the Parliament (only in Italian, 07.08.2016)

The fight against cyberbullies is something serious (only in Italian, 06.08.2016)

(Contribution by Alessandro Bruni, EDRi intern)



19 Oct 2016

Shadow regulations – unfair and undemocratic

By Guest author

Shadow Regulations are voluntary agreements between companies (sometimes described as codes, principles, standards, or guidelines) to regulate your use of the internet, often without your knowledge.


Shadow Regulation has become increasingly popular after the monumental failure of restrictive internet laws such as Anti-Counterfeiting Trade Agreement (ACTA), The Stop Online Piracy Act (SOPA) and PROTECT IP Act (PIPA). This is because Shadow Regulation can involve restrictions that are as effective as any law, but without the need for approval by a court or parliament. Indeed, sometimes Shadow Regulation is even initiated by government officials, who offer companies the Hobson’s choice of coming up with a “voluntary” solution, or submitting to government regulation.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

Shadow Regulation is used in many different contexts, including copyright enforcement, regulation of “hate speech”, and to restrict sales of lawful products, among others. What’s wrong with these agreements? The crux of the problem is that they can quietly reshape our internet without our knowledge or input. We weren’t consulted during their development, don’t know how they are being applied, and typically have little or no means of recourse when they are used to shut down our speech online.

This doesn’t mean that voluntary agreements with internet companies are always a bad thing. Such agreements can be a positive way to avoid heavy-handed and inflexible regulation, and there are ways of reaching such agreements in an inclusive, balanced, and accountable way.

But although voluntary agreements can be done right, more often Shadow Regulation is deliberately exclusive and opaque, resulting in private parties acting as the internet police to enforce content removal or the restriction of online behaviour, while elected governments avoid responsibility. That’s both unfair and undemocratic.

This article was originally published by EDRi member EFF on https://www.eff.org/issues/shadow-regulation.

Anti-Counterfeiting Trade Agreement

SOPA/PIPA: Internet Blacklist Legislation

Shadow Regulation: the Back-Room Threat to Digital Rights (29.09.2016)

Fair Processes, Better Outcomes (30.09.2016)

Free speech – only as strong as the weakest link

Beyond regulation: Reaching solutions that work for users

(Contribution by EDRi member EFF, international)



19 Oct 2016

Orange is the new blacklist

By Guest author

On Monday morning 17 October, Orange customers who tried to access Google.fr, fr.wikipedia.org and other sites found themselves being redirected to the site of the Interior Ministry explaining that those sites were blocked. The banned websites were accused of “provoking terrorist acts or publicly glorifying terrorist acts”.


Orange declared that the websites had been added to the terrorism blacklist due to “human error”.

Since the adoption of the law on terrorism in late 2014, and more precisely a decree of February 2015, the French police can order – without a court order or judicial control – the blocking of internet sites that support terrorist acts or groups.

This measure was widely criticised, in particular because it could lead to over-blocking cases, and because the definition of the “glorification of terrorism” is more than vague.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Some EU Member States are now seeking to export this concept to the European level. In the draft Anti-Terrorism Directive, the Council of the European Union introduced text to make the ”glorification and justification of terrorism” a crime, without providing a definition of what this might mean. This could lead to the Europeanisation of the collateral damage that is already happening in France, and which has just been proved to be, one more time, absurdly ineffective.

Google redirected to place Beauvau by Orange (only in French, 17.10.2016)

Google.fr blocked for glorifying terrorist acts because of Orange’s “human error” (only in French, 17.10.2016)

(Contribution by Guillermo Peris, EDRi intern)



19 Oct 2016

“Follow the money” on copyright infringements

By Joe McNamee

The European Commission is pushing forward energetically on privatised law enforcement projects for all manner of internet activities. This is the approach to terrorism, hate speech, copyright enforcement… whatever the question, the answer is that internet companies can solve the problem.


It is currently discussing “guiding principles” for withdrawal of services by advertising companies to penalise and prevent “commercial scale” infringements. Tellingly, the final paragraph of the “guiding principles” contains very similar wording to the ill-fated “Anti-Counterfeiting Trade Agreement” (ACTA) that was rejected in 2012.

Like ACTA, the “guiding principles” include illusory “safeguards”, such as references to non-existent legal terms like “fundamental principles” and “fair process” (not due process). Like ACTA, it refers to “commercial scale”, as if this was a safeguard. The European Commission itself has previously said that the term is too vague in existing law.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

The text also refers to a “right to access lawful content”, even though there is no such “right”. We have a right to freedom of movement (not a right to legal movement), we have a right to freedom of communication. The implication of the expression “right to access lawful content” is that everything we do or say should be assumed to be illegal until proven otherwise. This is profoundly objectionable.

The planned agreement has a “verification and compliance” process for when participating companies cooperate to destroy an online service by withdrawing advertising revenue. But what is this “verification and compliance” process actually verifying or complying with? This is not specified, presumably because it is not important for the Commission. How accessible will a process be, if a provider withdraws services on the basis of terms of service? On what basis would an injured party believe that their service will get a fair hearing from a large provider, possibly in another country? A credible and accessible complaint process and redress mechanism appears unlikely.

Paragraph 7 of the Commission’s document both says that the agreement “will establish key performance indicators (KPIs)” and that signatories to the agreement will set up a working group “on the KPIs”. Does this mean that a working group on KPIs will be set up after the KPIs have already been defined?

It has been shown again and again and again that rightsholders cannot be trusted in projects of this kind. The Commission is proposing a project where, as described above, the target is ill-defined, the safeguards are illusory, jurisdiction is unaddressed and the compatibility with primary EU law (Article 52 of the Charter of Fundamental Rights of the European Union in particular – in contravention to the most basic of the Commission’s roles) is ignored – the Commission has already taken the view that such “voluntary” agreements are beyond the reach of the Charter. Such proposal appears reckless at best and legally untenable at worst.

European Commission: Guiding principles: The Follow the Money Approach to IPR enforcement –
Stakeholders’ voluntary agreement on online advertising and IPR

European Commission – Roadmap: Proposal for a revision of the Directive on the enforcement of intellectual property rights (Directive 2004/48/EC)

Warner Bros: Our false DMCA takedowns are not a crime (15.11.2013)

Digital camera review taken down by a botched DMCA notice that makes claims of trademark infringement (21.03.2013)

Microsoft DMCA notice “mistakenly” targets BBC, Techcrunch, Wikipedia and U.S. Govt

(Contribution by Joe McNamee, EDRi)



17 Oct 2016

EDRi’s privacy for kids booklet: Your guide to the Digital Defenders


Today, we are publishing a booklet “Your guide to Digital Defenders vs. Data Intruders – Privacy for kids!“, to help young people between 10-14 years to protect their privacy.

The internet is an amazing opportunity for young people to learn, communicate and to explore new worlds. Our booklet will help them enjoy all the benefits of the internet while protecting their personal information.

said Kirsten Fiedler, Managing Director of European Digital Rights.

Children’s freedom to explore and develop should not be limited due to lack of awareness of privacy-protecting strategies. The booklet helps them make safer and more informed choices about what to share and how to share online. It includes chapters on what privacy actually is, how to use safer messaging systems and how to improve the security of smartphones.


The booklet is the outcome of an international project with contributions by EDRi’s network (Bits of Freedom, Open Rights Group, Chaos Computer Club, Digitale Gesellschaft, ApTI Romania, Mediamocracy and many more). In the parallel universe of the booklet, a team of superheroes (the Digital Defenders) fights a group of villains (the Intruders). They were created by German comic artist and illustrator Gregor Sedlag.

The original language is English, but we have started to coordinate translations to make it available in as many languages as possible. The booklet is available under a creative commons (CC-BY) licence and can be freely downloaded and re-distributed. Donations to cover printing costs as well as translations are accepted here. If you want to help with translations, or if you want to print it and distribute it at schools please contact us!



Read more:
Educate and empower children on online privacy