22 Feb 2017

Consultation on multilateral investment court misses the point

By Guest author

The European Commission has launched a consultation on establishing a multilateral investment court, which would serve as a permanent body to decide investment disputes. The court would replace controversial investor-to-state dispute settlement (ISDS) mechanisms in existing and future trade and investment treaties. It would interpret the substantive rules in these treaties, which provide a high level of legal protection for investors. This would leave states no or a very limited right to regulate, as regulation would always happen under the (real or perceived) threat of supranational litigation.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

The issue at hand is that the consultation has a narrow scope with no regard to social impacts, including fundamental rights. Therefore it is crucial to react. The deadline for submitting comments on the questionnaire on options for a multilateral reform of investment dispute resolution is 15 March 2017.

The multilateral investment court proposal is based on an Inception Impact Assessment which presents various scenarios. Its baseline scenario – what would happen without EU policy changes – is just one sentence long and doesn’t expect the court to have social (or environmental) impacts. The baseline scenario ignores existing impacts, a huge expansion, through new treaties, of covered foreign direct investment, and a greater scope, as EU trade and investment treaties bring EU decisions under the scope of investment mechanisms. A more comprehensive baseline scenario would address growing social impacts.

Compared to ISDS, a multilateral investment court would bring institutional improvements. Such improvements, however, do not solve systemic issues with specialised and supranational adjudications, which create a high risk of expansive interpretations of investors’ rights. Specialised courts tend to interpret expansively and the supranational level lacks effective instruments to correct expansive interpretations.

A multilateral investment court would shift the balance between investments on the one hand and democracy and fundamental rights on the other. This undermines our values, ability to reform, and ability to respond to crises.

Foreign investors would be able to use a multilateral investment court to challenge EU data protection enforcement measures. This could apply to, for instance, the suspension of cross-border data flows or fines imposed by supervisory authorities on data controllers and data processors under the General Data Protection Regulation (GDPR). A multilateral investment court would also impede reform of “intellectual property” rights.

The Commission’s consultation seems designed to keep social (and environmental) impacts out of the consultation’s results. In light of the need to protect fundamental rights, the EU cannot ignore, legitimise, or perpetuate increasing impacts. With a baseline scenario showing growing impacts on fundamental rights, the Commission should work out scenarios which will decrease them.

General Data Protection Regulation: Document pool

Questionnaire on options for a multilateral reform of investment dispute resolution

Multilateral investment court assessment obscures social and environmental impacts

Defend democracy: draft answers for new ISDS consultation

ENDitorial: EU Commission ISDS proposal – a threat to democracy

(Contribution by EDRi member Vrijschrift, The Netherlands)



22 Feb 2017

The UK Digital Economy Bill: Threat to free speech and privacy

By Guest author

The Digital Economy Bill is being debated by the House of Lords in the United Kingdom. This is a far-reaching bill that covers a range of digital issues, including better broadband coverage across the UK. However, from the digital rights point of view, there are three main areas of concern.

Age verification:
The bill includes proposals to force porn sites to verify the age of their users with no requirements to protect their privacy. During the debate on 6 February 2017, the UK government said no privacy safeguards were necessary. In order to force foreign websites to comply with the proposals, the government has proposed that a regulator could instruct Internet Service Providers (ISPs) to block websites that fail to provide age verification. This could mean that thousands of websites containing legal content could be censored. These proposals have implications for privacy and free speech rights in the UK and EDRi member Open Rights Group (ORG) is campaigning to amend the bill.

Data sharing:
There are worrying proposals to make it easier to share data not only across government departments, but also with private companies. ORG has been involved in government discussions about these measures but the concerns raised have not been addressed in the bill. The main concerns are that the bill lacks sufficient privacy safeguards, ministers have too much power without scrutiny, data on births, deaths, and marriages can be shared without any restrictions other than those found in pieces of other legislation, and the codes of practice are not legally binding.

There are proposals to increase the maximum prison sentences for online copyright infringement to ten years – to bring it in line with offline infringement. ORG is concerned that the definition of the infringement is too broad and will catch large numbers of internet users. ORG is trying to amend the bill to ensure that such severe sentences are given to only those guilty of serious commercial infringement.

ORG has made a submission explaining the huge threat to free speech and why these proposals should be dropped. They launched a spoof recruitment campaign for Internet Censors to help classify the web for age verification. Over 23 000 people have signed a petition for rejecting the proposals.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

ORG’s submission

Spoof recruitment campaign

Petition about the proposals

(Contribution by Pam Cowburn, EDRi member Open Rights Group, the United Kingdom)



22 Feb 2017

New legal framework for predictive policing in Denmark

By Guest author

After the terrorist attack in Copenhagen in February 2015, the Danish government presented an action plan to strengthen the data analysis capacity of the police and the Danish Security and Intelligence Service (PET). The action plan, called “A Strong Guard against Terror”, specifically mentions monitoring of social media posts in order to discover possible terrorist attacks being planned.

Social media monitoring will involve massive processing of personal data about citizens that are not suspected of a crime. Under Danish law, PET already has wide powers to collect personal data for the purpose of prevention and prosecution of terrorist offences. For the ordinary police, the Danish Data Protection Act based on the Data Protection Directive currently applies, except that the police is generally exempted from the provisions on data subject rights and profiling. Specific rules for processing of personal data by the police are typically laid down in administrative orders pursuant to the Data Protection Act. This includes the Danish system for Automatic Number Plate Recognition (ANPR).

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Together with the General Data Protection Regulation (GDPR), the European Union has recently adopted the Law Enforcement Data Protection (LEDP) Directive, which, when transposed into Danish national law, will apply to the ANPR system and other police data processing in connection with criminal investigations. Denmark must implement this directive by 1 May 2017 in order to secure an operational arrangement with Europol which Denmark would otherwise have to leave completely because of the Danish opt-out from the Justice and Home Affairs (JHA) area of the European Union.

In October 2016, the Danish newspaper Information reported that the Danish police and PET had purchased an intelligence-led policing platform from Palantir Technologies, a highly controversial company that specialises in big data analytics for private companies, military agencies, intelligence services and police authorities. Palantir was selected among three companies in a public tender. A summary of the requirements for the two intelligence systems (called PET-INTEL and POL-INTEL, respectively) is publicly available, and it mentions capabilities for accessing existing police and intelligence databases, information exchange with Europol, open source collection of new information, as well as algorithms for pattern recognition, hotspot analysis, and social network analysis. In short, the public tender document describes a system for predictive policing, which was subsequently confirmed by the Danish Minister of Justice when answering a written question from a Member of Parliament.

On 10 February 2017, the Danish Ministry of Justice presented a draft law for public consultation on amending the Police Act with new data analysis provisions. The main purpose of the draft law is to create a legal basis for processing personal data in the POL-INTEL system. The draft law uses the legal framework of the existing Data Protection Act as a reference, even though this act must be replaced by the Danish LEDP transposition before 1 May 2017. A complete LEDP implementation by 1 May 2017, which is a condition for continued Danish access to Europol databases, will require a lot of work by the Danish Parliament and the Legal Affairs Committee. It would seem prudent to complete the LEDP implementation first, but the Danish government ostensibly has different priorities.

The draft law provides a very general legal basis for combining existing police databases for information analysis in the POL-INTEL system, irrespective of the purpose limitations of these databases, and for collection and processing of information, including personal data, from open sources. The definition of open sources is very broad as it includes any information source which does not require a court order for evidence seizure or interception of electronic communications. The most obvious open data sources are information from the internet and surveillance in public spaces like ANPR, and perhaps facial recognition in the future. However, information that can be purchased from commercial vendors is also specifically mentioned as an open source. This means that the police can buy information on individual citizens from data brokers in Europe, or maybe even the United States, for predictive policing purposes in the POL-INTEL system.

The new powers are described in very broad terms, and according to the comments of the draft law, more specific provisions will be laid down in future administrative orders. Presumably, the administrative orders are also expected to provide the necessary data protection safeguards to ensure compliance with the LEDP Directive (when it applies in Denmark), and the rights to privacy and data protection under the Charter of Fundamental Rights of the European Union and the European Convention of Human Rights. One of the safeguards mentioned in the comments of the draft law is that access to POL-INTEL will be restricted to specially authorised police officers, and that the use of POL-INTEL will be limited to necessary data analysis purposes, some of which can only use aggregated or non-personally identifiable data as output. This does not change the fact that POL-INTEL will become a huge database with potentially massive amounts of personal data on individual citizens.

For open source collection, the comments of the draft law claim that no new legal basis for data collection is created by the proposal. This is confusing and in conflict with other parts of the comments of the draft law. However, it could be the case that the draft law only particularises a legal basis for mass or targeted data collection from open sources that either exists in the current legislation or will be provided for in future legislation or administrative orders within the general data protection framework for law enforcement. A legal basis for the Danish ANPR system was created in this way, so there are certain precedents.

The issue of data subject rights is not mentioned in the comments of the draft law. Under the current Danish legal framework for law enforcement data processing, there is a complete exemption from the information requirements and the data subject rights to access, rectification and erasure. The LEDP Directive does not allow for such a blanket limitation of all data subjects rights. Under the LEDP Directive, the specific limitations of data subject rights must constitute necessary and proportionate measures in a democratic society with due regard for the fundamental rights and legitimate interests of the persons concerned. It remains to be seen what implications this might have for the data processing in the POL-INTEL system and in particular right to access for citizens.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

EDRi-gram: Denmark about to implement a nationwide ANPR system (02.07.2014)

Declaration to minimise the negative effects of the Danish departure from Europol, following the referendum in Denmark on 3 December 2015 (15.12.2016)

Denmark buys surveillance system for millions from NSA vendor, Information (only in Danish, 28.10.2016)

Public tender summary for PET-INTEL and POL-INTEL (only in Danish, 16.09.2015)

Draft law on amending the Police Act with data analysis provisions (only in Danish, 10.02.2017)

(Contribution by Jesper Lund, EDRi member IT-Pol, Denmark)



22 Feb 2017

What does your browsing history say about you?

By Guest author

An average internet user visits dozens of websites and hundreds of web pages every day, most of which are kept in the history of our internet browsers. But what if someone took this massive database of visited web pages and cross-referenced them? A joint collaboration of Tactical Tech and SHARE Lab researchers focused on discovering intentions, desires, needs, and preferences of a person based on their browsing history.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Swiss journalist, called Mr J for the purposes of the research, visited the Tactical Tech office in Berlin in June 2015, and provided them with a sample of his web history, upon which this research was based. By analysing large sets of web addresses (so-called Uniform Resource Locators URLs), especially from popular services such as Google Maps, Google Search or YouTube, they were able to create a picture of Mr J’s everyday routine, including his interests and intentions, even apartments he rented via Airbnb while he was travelling abroad. Also, since Facebook has a “real-name policy”, it is quite easy to link a person’s web history to their profile, as well as create a social graph of their Facebook friends and connections, based on the Facebook URLs they visited.

As websites Mr J visits contain a lot of trackers, small bits of data used for collecting behavioural information of users, the experiment also showed which companies extract the most data on Mr J. Google, Facebook and Twitter were unsurprisingly among the companies with the largest number of trackers. It was also interesting to “read” sample web pages Mr J visited like a machine would do it. This is possible with Google’s Cloud Natural Language tool, which is attached to its deep learning platform and can be used to extract information about people, places, events, and much more, mentioned in text documents, news articles or blog posts. It recognised important events, names, and places based on keywords it picked up from web pages.

All these findings lead to the conclusion that if someone, such as private companies, the state, or law enforcement, were to employ these techniques on a large segment of the population and target people’s web history, it would be a frightening introduction to a project of “thought police”, arresting individuals suspected of committing a crime in the future.

SHARE Lab: Browsing Histories – Metadata Explorations

(Contribution by Bojan Perkov, EDRi observer SHARE Foundation, Serbia)



22 Feb 2017

Dutch House of Representatives passes dragnet surveillance bill

By Guest author

On 14 February 2017 the bill for the new Intelligence and Security Services Act was passed by the Dutch lower house. Despite being met with serious opposition from experts, regulators, civil society, political parties, and citizens, the revised bill passed virtually unchanged from the proposal submitted to the lower house. It’s beyond disappointing that a bill with such momentous consequences was rushed through the lower house with such relentless determination.

Political expediency, rather than sound legislation that would actually protect citizens, seems to have prevailed. After publishing the draft legislation online for consultation in July 2015, the cabinet took its time to revise the widely criticised draft legislation. However, when the revised bill was submitted to the lower house in late 2016, suddenly time was of the essence, and the legislative process needed to be hastily concluded before the elections in March 2017.

Despite being pressed for time, various opposition parties fought tooth and nail to amend the flawed bill. Unfortunately, most amendments failed, as coalition parties closed ranks around the Minister of the Interior.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

So what are the bill’s biggest flaws? 
Most importantly, the controversial new law will allow intelligence services to systematically conduct mass surveillance of the internet. The current legal framework allows security agencies to collect data in a targeted fashion. The new law will significantly broaden the agencies’ powers to include bulk data collection. This development clears the way for the interception of the communication of innocent citizens.

This law seriously undermines a core value of our free society, namely that citizens who are not suspected of wrongdoing, ought not to be monitored. Whether it concerns a WhatsApp-message or Skype-call, anything you do online might very well end up in the dragnet cast by the security agencies, provided that your communication falls within the scope of a vaguely defined “research assignment”.

It is a matter of importance that intelligence agencies collaborate with their foreign counterparts. For the sake of this cooperation, the exchange of data is paramount. Yet, under the passed bill, Dutch security agencies may also share collected data without having analysed it first. When handing over data to foreign governments without performing some form of data analysis prior to the exchange, it is impossible to know what potentially sensitive information is being thrust into the hands of foreign governments, and the consequences it might have for citizens. This is unacceptable.

With this bill, agencies are granted direct and fully automated access to databases of cooperating organisations without human interference. The intelligence agencies may, for instance, be permitted access to the databases operated by governmental institutions, such as the tax authorities, but also to the data of schools, civic organisations and businesses, such as banks. Hardly any measures are taken to ensure that this is done in a responsible manner. Intelligence agencies are allowed access to these databases without seeking prior permission from the minister or review by the new Review Committee on the Intelligence and Security Services (CTIVD).

Other contentious elements of the bill are the numerous open standards and the lack of further specification. First of all, the limitations of the powers will become clear only as we go along. Citizens are offered little clarity in this matter. The CTIVD has already stated that the law offers too little guidance for proper assessment. Furthermore, the extent of the encroachment on our public liberties will largely be determined by ongoing technological developments.

Despite its obvious shortcomings, the revised bill is, at some points, an important improvement of the current law, and of the proposal that was issued for public consultation in 2015. For instance, many of the agency’s powers will now require a sign-off from the Minister of the Interior and a review committee. Another positive note is the construction of a framework for online research conducted by the agencies.

It’s now the Senate’s turn to review the bill. If the parliamentary groups in the upper house follow the same approach as those in the lower house, the bill will be cleared with a comfortable majority.

EDRi member Bits of Freedom will approach senators and insist they carefully examine the proposal in light of the extensive criticism it inspired, and not pass the bill without calling for changes. Should the Senate vote in favour of the bill as it is, the possibility of a litigation at the European level cannot be ruled out.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

EDRi: Dutch Parliament: Safety net for democratic freedoms or sleepnet? (08.02.2017)

EDRi: Dutch dragnet surveillance bill leaked (04.05.2016)

(Contribution by David Korteweg, EDRi member Bits of Freedom; translation by Linsey Groot)



22 Feb 2017

Proposed Espionage Act threatens free speech in the UK

By Guest author

The UK’s Law Commission has announced proposals that could mean journalists and whistleblowers are treated as spies if they “handle” official data.

The ongoing open public consultation on the protection of official data, run by the Law Commission, suggests that the crime of espionage is changed so that it is “capable of being committed by someone who not only communicates information, but also by someone who obtains or gathers it”. There are also proposals to lift restrictions on who can be charged with espionage. This could mean journalists, NGOs and whistleblowers could be charged as spies. Anyone charged would not be able to claim a public interest defence and could be sentenced to up to 14 years in prison.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

The plans appear to be aimed at preventing future leaks like those of Snowden being published. If this proposal had been law in 2013, the Guardian editor Alan Rusbridger and other journalists who helped break the Snowden stories would undoubtedly have been charged with espionage. If the proposals become law, there will be huge implications for free speech and investigative journalism in the UK. It could also be used to justify similar laws in repressive regimes.

The Law Commission claims it consulted EDRi member Open Rights Group (ORG) about these plans, but this amounted to one single email and a phone call. Other NGOs have also complained about the lack of proper consultation. ORG will make a submission explaining the threats to free speech and why these proposals should be dropped.

Protection of Official Data – Current project status

14 years in prison for doing journalism?! – Sign the petition

Britain attempts to brand journalists as spies

(Contribution by Pam Cowburn, EDRi member Open Rights Group, the United Kingdom)



22 Feb 2017

Illegal surveillance against civil society continues in Macedonia

By Guest author

Macedonian civil society organisations advocating for human rights and democracy have come under increasing pressure by the authorities. They have previously been caught up in use of the state apparatus for massive illegal surveillance, including wiretapping of activists.

An  open letter signed by 127 civil society organisations was published on 9 February 2017. It appeals to all stakeholders to help “protect, maintain, and promote the civil society from all threats targeting this sector and to reject any and all ungrounded attacks and lies this sector has been exposed to”.

The activities undermining civil society are a culmination of the political crisis resulting from revelations of systemic corruption. As noted by the EU country report for 2016: “Democracy and rule of law have been constantly challenged, in particular due to state capture affecting the functioning of democratic institutions and key areas of society. The country suffers from a divisive political culture and a lack of capacity for compromise.”

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

After the parliamentary elections on 11 December 2016, the leader of the incumbent ruling party Internal Macedonian Revolutionary Organization – Democratic Party for Macedonian National Unity (VMRO-DPMNE) Nikola Gruevski openly peddled conspiracy theories of collusion between “foreign forces”, the opposition, and the civil society organisations, and announced a final showdown with the NGOs, promising to “cleanse” the civil sector (read more here, here and here).

In parallel with intensifying continuous defamation campaign against civil society organisations by pro-government media and surrogate groups, state institutions such as Public Revenue Service started selective inspections placing additional administrative burdens on the organisations. This increased the fears amongst activists because, in the course of 2016, their personal data and some financial data controlled by state institutions were illegally disclosed by pro-government media. Such confidential data were also distributed via flyers ahead of the elections, apparently in order to cause distrust against them as “foreign mercenaries”.

The 21 civil society organisations which were direct subjects to these inspections, including EDRi member Metamorphosis, all participated in a campaign entitled “We decide” that took place before the elections. The campaign included citizen education and awareness raising about the right to vote, the legal provisions against election fraud, and in particular addressed the issue of confidentiality of the vote. Due to fear of surveillance, a large percentage of Macedonian citizens think their ballot is not secret, and that political parties can find out how they’ve voted. One of the goals of the campaign was to encourage them to vote according to their own preferences, despite their fears.

On at least two occasions, pro-government media has published screenshots or copies of e-mails sent between some of these organisations. Such intimidation tactics suggest that malicious hacking or other forms of illegal surveillance are being used.

On 7 February 2017, the affected civil society organisations held a press conference stating that the allegations of wrongdoing are untrue and intended to intimidate and silence the civil society sector and independent media, and demanding retractions and apologies.

The authorities have not provided an official response to the publicly stated concerns of the civil society organisations.

Independent research indicates that Macedonia has been backsliding from democracy since 2008. It keeps getting lower ratings at international indices of democratic development. Freedom House’s Freedom in the World 2016 report designates the country as “partly free”, while its Freedom of the Press 2016 report listed Macedonia as “not free”. Only other European countries with similar rankings include Belarus, Russia, and Turkey. Reporters without Borders lowered Macedonia’s rank to 188th place in the 2016 World Press Freedom Index (down from 34th in 2009).

The country entered an open political crisis in February 2015 as the opposition disclosed evidence of mass surveillance and systemic corruption. In September 2015, as part of the urgent reforms enacted with mediation of the EU and NATO, a Special Prosecution Office (SPO) was established to investigate the criminal activity related to illegal surveillance.

In September 2016, after a video showing browsing through an SPO inbox was published on YouTube by an anonymous user, the SPO confirmed that their email had been subject to hacking in December 2015. No further information is available about whether the case was resolved.

According to the SPO statement from 18 November 2016, they have a reasonable suspicion that massive illegal interception of communications by the state services without a necessary court warrant has taken place since 2008, including during 2015 and 2016. The SPO gathered evidence indicating that ten high-ranking “suspects took advantage of their official position and authority to the detriment of the resources of the state by misusing the systems for interception of communications, thereby seriously violating the basic human right of the citizens who were wiretapped illegally.”

Confirming the conclusions of the report by Senior Expert Group, led by former EU Commission Director Reinhard Priebe from June 2015, the SPO gathered evidence suggesting that the massive illegal surveillance was conducted using the systems of the Administration for Security and Counterintelligence, a part of the Ministry of Interior. They noted the use of three different surveillance systems for warrantless wiretapping of thousands of phone numbers. Two of these systems were destroyed after the revelation of illegal wiretapping operations by the opposition in early 2015. The third one is still in use, without independent oversight. The SPO is conducting a separate investigation regarding the unlawful destruction of evidence.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

European Commission: The former Yugoslav Republic of Macedonia 2016 Report (09.11.2016)

SOS: An unregistered NGO, GONGO or PONGO? (15.02.2017)

“SOS” wants to harm civil society organizations with lies, slander and manipulation (07.02.2017)

“SOS” and its order-givers cannot silence the free-minded civil society (08.02.2017)

Recommendations of the Senior Experts’ Group on systemic Rule of Law issues relating to the communications interception revealed in Spring 2015 (08.06.2015)

In Sweeping Effort to Spy on Civil Society, Macedonia Broke Its Own Privacy Laws (17.07.2015)

Statement on Civil Society Situation in the Former Yugoslav Republic of Macedonia (07.02.2017)

(Contribution by Filip Stojanovski, EDRi member Metamorphosis, Macedonia)



16 Feb 2017

Recklessly unclear Terrorism Directive creates significant risks for citizens’ security


On 16 February 2017, the European Parliament voted in favour of the EU Directive on combating terrorism. Weak, unclear, ambiguous wording in the Directive presents dangers for the rule of law, the right to privacy and freedom of opinion and expression of people in the European Union.

Adopting a Directive that is unclear and wide open to abuse is little short of reckless. The Directive brings few obvious gains for security, but its ambiguity creates major risks for democratic freedoms,

said Maryant Fernández Pérez, Senior Policy Advisor at European Digital Rights (EDRi).

We will now have to wait over four years for the European Commission to assess whether the Directive and its implementation by Member States violate our fundamental rights and freedoms. This is unacceptable,

she added.

EDRi and other civil society organisations have worked hard with policy-makers to solve key issues. As a result, for example, the freedom to express radical, polemic or controversial views in the public debate on sensitive political matters is now part of the final text of the Directive. This, at least in principle, recognises human rights that have been affirmed by the European Court of Human Rights. However, the EU co-legislators decided to ignore a long list of dangerous provisions. For instance, the Directive criminalises “glorifying terrorism”, without defining what it means, thereby creating the risk of accidental or deliberate imposition of (or threat of) excessive punishment and censorship. In addition, the Directive criminalises consulting “terrorist websites”, which will create an obvious chilling effect as people avoid the risk of viewing anything that might be subsequently decided to be a “terrorist website”. Indeed, this week, the French Constitutional Court declared a similar provision unconstitutional.

Civil society has repeatedly warned policy-makers against the adoption of a seriously flawed Directive. According to the European Parliamentary Research Service, all stakeholders that have followed this legislative process have expressed serious concerns. Yet, the flaws have been ignored. What’s more, the final text also ignores valuable recommendations given by the European Economic and Social Committee on 17 March 2016.

We thank the MEPS who voted against the Directive, as they have understood that we cannot fight terrorism by weak, ambiguous legislation that will undermine the freedoms we are defending.

Background information:

The legislative process to adopt the Directive lacked in public participation and transparency. The European Parliament vote is the conclusion of a fast-tracked process, whose excessive haste can be seen in its weak drafting. Member States now have 18 months to implement the Directive, except for the United Kingdom, Ireland and Denmark, which decided not to be bound by it. The European Commission will have to conduct a report assessing the implications of the implementation of the Directive on human rights and the rule of law. However, we will have to wait a minimum of 54 months for this report to be delivered.

Read more:

The time has come to complain about the Terrorism Directive (15.02.2017)

Terrorism Directive: Document pool

European Union Directive on counterterrorism is seriously flawed (30.11.2016)


15 Feb 2017

Lead Parliamentarian for Culture Committee defends upload filtering

By Diego Naranjo

On 6 February 2017, the Parliamentarian in charge of the Copyright Directive for the European Parliament (EP) Committee for Culture and Education (CULT), Marc Joulaud, published his draft Opinion on the proposal for the Directive.

As we described in our previous blogposts (here, here and here) the European Commission’s proposal has not fulfilled hopes for a reform that could deliver a modern, harmonised European copyright framework. The proposal has been disappointing both for not introducing the much needed changes and scary for what it proposes, namely an upload filter for all types of content and the ancillary copyright that failed in two European countries already.

Our main concern relates to the upload filter proposed in Article 13. We analysed the article in detail and summarised the three main problems. The upload filter:

  1. requires internet companies to install filtering technology to prevent the upload of content that has been “identified by rightsholders”;
  2. seeks to make internet providers responsible for their users’ uploads;
  3. gives internet users no meaningful protection from unfair deletion of their creations, because of the bad wording of the proposal for user redress.

The CULT Draft Opinion fails to fix any of these issues: First, in the Amendment (AM) 28 (related to recital 38 of the proposed Directive) the draft Opinion broadens the scope from covering providers hosting a “large amount of works” to “user-generated content, copyright-protected works or other subject-matter actively uploaded or displayed by their users”. This adds nebulosity where previously there was fogginess.

In addition to suggesting an incomprehensible broadening of the already bewildering scope, it does not challenge the implications of the Commission’s proposal which, in essence, argues that, by providing web hosting services, companies “thereby” go beyond being web hosting services. This strange construction is key in the intended destruction of the liability regime for hosting services provided for in the e-Commerce Directive, while claiming in the text that this change is “without prejudice to the e-Commerce Directive”.

Then, changes proposed in recital 39 (AM 29) do not help to clarify the text by replacing “services” with “platforms”, despite Rapporteur Joulaud’s possibly good intention to restrict the wording. A good attempt to fix the proposal in the recitals is found in the next AM 30 (new recital 39a), where the Rapporteur acknowledges that “measures and technologies deployed by digital content platform providers in application of this Directive may occasionally have a negative or disproportionate effect on legitimate content that is uploaded or displayed by users, in particular where the concerned content is covered by an exception or limitation”. In order to counter-balance these real concerns about inevitable restrictions on citizens’ freedoms, the Rapporteur of the Draft Opinion proposes new wording to “strengthen” the redress mechanism in Article 13.2.

Oddly enough, the Rapporteur appoints the rightsholder (not the platform, nor the platform in cooperation with the relevant rightsholder nor, of course, not an independent authority) to be the judge that will “examine and process” the complaints by the user. The proposal also tries to prevent a situation whereby, while the dispute is being settled, a party makes a profit out of content which is not theirs. In order to do that, the proposal establishes that the alleged rightsholder will not be able to monetise the content which is being examined (by the rightsholder) until the complaint has been addressed. This is welcome, as it could help to speed up the process. However, putting the foxhunter in charge of the rules of the foxhunt lacks a degree for credibility. Although the proposed amendment establishes that the rightsholder should “justify” the decision, it is unclear how this “justification” can bring any more legal certainty than the wholly arbitrary proposal of the Commission. Finally, Rapporteur Joulaud adds a new paragraph on AM 76 to propose an alternative dispute resolution mechanism for rightsholders and “digital content platforms” involved, to which the individual user potentially affected by the decision is not consulted.

The text does contain, however, positive proposals such as the new exception for user-generated content (which, however, risks being filtered out as a result of Article 13) and a (sadly incomplete) attempt to include an exception on freedom of panorama (with, of course, this freedom being vulnerable to being negated by the restrictions in Article 13). We welcome that the Rapporteur has acknowledged the importance of these two issues. Now that they are included in the draft Opinion, there is at least the chance of a debate that could make these two proposals stronger and part of the final text from the European Parliament.

In a nutshell, Rapporteur Joulaud has tried unsuccessfully to improve the profoundly broken text of the European Commission but, as the old saying goes, “you can’t make a silk purse out of a pig’s ear”. His attempts to fix the worst parts of the proposal may well be well-intentioned, but unfortunately they do not achieve the goal of making the proposals acceptable, especially regarding to the wording in Article 13. Deletion is the only credible option for the upload filter proposal, just like the proposal for ancillary copyright. Some positive aspects can be found in the draft Opinion but both there and in the rest of the Directive we will need to see much more thorough work to make something good out of it.

Copyright reform: Document pool

The copyright reform (02.11.216): A guide for the perplexed

C4C: CULT Opinion on the Copyright in the Digital Single Market Directive: bad on filtering, press publishers’ rights and TDM, but putting users back in the picture! (13.02.2017)

Limiting the snippet levy to commercial use is tangling up an already muddy issue (10.02.2017)


15 Feb 2017

Citizens’ rights undermined by flawed CETA deal


On 15 February 2017, the European Parliament voted in favour of the Comprehensive Economic Trade Agreement (CETA). This concludes the process at the EU level. The EU Member States will now have to ratify the agreement, without having a right to make changes to the text. CETA creates significant risks for citizens’ fundamental rights, especially with regard to privacy and data protection.

CETA raises serious questions to the protection of our online rights and freedoms. These concerns have been sadly ignored. We now turn to the EU Member States to stand up for the interest of their citizens by rejecting CETA.

said Maryant Fernández Pérez, Senior Policy Advisor at European Digital Rights (EDRi).

The Parliament approved the agreement despite EDRi’s and other civil society organisations’ calls to improve the agreement text. We raised concerns about the lack of transparency in the negotiation process, weakened protection of the personal data and privacy of European citizens, the possibility of corporations to challenge government decisions under the so-called Investment Court System, and the inclusion of intellectual property rights (IPR) obligations without focusing on promoting access to knowledge.

Despite not being yet ratified by the EU Member States, CETA is expected to already be provisionally applied as of Spring 2017, with some exceptions, meaning that parts of it will start having a practical impact, for example on data protection. If Member States don’t stand up for citizens’ rights by rejecting the agreement, CETA could become a blueprint for other trade agreements and increase growing public mistrust in trade policy. It is the time to better design trade agreements, in order to maintain a high level of protection for the EU citizens. This is possible only with better transparency and inclusion of public interest organisations.

It is crucial for national and local NGOs to make their arguments heard in the ratification process of CETA in each of the EU Member States.

Read more:

Civil Society Letter asking MEPs to vote against CETA (13.02.2017)

Despite large opposition, CETA limps forward in the European Parliament (24.01.2017)

European and Canadian civil society groups call for rejection of CETA (28.11.2016)

CETA signature ignores Agreement’s flaws (30.10.2016)

CETA puts the protection of our privacy and personal data at risk (05.10.2016)

CETA’s cross-boder data flows will be provisionally applied (07.10.2016)

CETA will undermine EU Charter of Fundamental Rights (04.05.2016)