EDRi and members take EU decision-makers through 20 years of digital policy

A digital rights journey to kick off the new mandate

On 26 September 2024, EDRi and our members ARTICLE 19 and Access Now welcomed new and returning Members of the European Parliament (MEPs) and their teams to an exciting digital rights workshop to kick off the new mandate.

Co-sponsored by Alexandra Geese (the Greens/EFA), Leïla Chaibi (the Left), Alex Saliba (S&D) and Irena Joveva (Renew), this nonpartisan event was designed to inform, engage and inspire politicians and Parliament staff about the role of data, digital and human rights in EU laws and policies. During the session, we took participants through a whistle-stop tour through the last two decades of digital lawmaking in the European Parliament and beyond.

The EDRi network was founded during the fifth term of the European Parliament – half of the EP’s lifetime ago – putting us in a great place to share what we have seen and learned about digital policy over the years.

2024 has been a turbulent ‘mega election’ year which saw extreme-right groups making significant gains at EU level and in many national governments. So the need for civil society to solidify old bridges and build new ones with lawmakers from a wide range of political perspectives is more critical than ever. For the lawmakers, the experience and expertise of civil society groups can help them ensure that their work is inclusive, representative, critical and just.

MEPs Geese and Chaibi launched the event with inspiring reflections on the successes – as well as the gaps that remain – from the last five years of platform regulation from Ms. Geese, and the importance of protecting workers from algorithmic harm from Ms. Chaibi.

Pillar I: Core principles of the internet – and what went wrong

Eliška Pírková, Senior Policy Analyst and Global freedom of expression lead at Access Now, then led the first pillar of the workshop, presenting the core principles of the internet – and what went wrong. From the early 2000s eCommerce Directive and the (now defunct) ACTA negotiations later that decade, through to the missteps in the next decade’s Copyright Directive and Terrorist Content Online Regulation, Pírková emphasised how initial well-meaning experiments in platform accountability led to the proliferation of giant platforms, data harvesting and the rise of surveillance-based advertising.

Pírková then set the scene for the second thematic pillar of the workshop, focused on innovations in law and policy that changed the narrative on platform regulation and won a greater prominence for human rights. This included the second generation of platform rules, in particular the EU’s landmark Digital Services Act (DSA). Importantly, the DSA maintains a liability exemption, an important provision in preventing platforms from being able to conduct mass surveillance of their users, and greater accountability from platforms in how they protect people and their rights.

Pillar II: Innovations in law and policy

Colleagues Dr. Itxaso Domínguez, Policy Advisor at EDRi, and Mark Dempsey, Senior EU Advocacy Officer at ARTICLE 19, then picked up the mantle to continue the exploration of policy innovation. Domínguez spoke of how the EU’s flagship data legislation, the General Data Protection Regulation (GDPR), has set precedent around the world. However, with the inability of EU institutions to find agreement on the ePrivacy Regulation, people remain insufficiently protected from commercial surveillance. Domínguez also highlighted how gaps in the DSA show the need for holistic solutions to online safety challenges moving forward, and for legislation to address manipulative and addictive design (such as is expected in the upcoming Digital Fairness Act).

Dempsey then presented an overview of the Digital Markets Act (DMA) which, like the DSA, entered into full application in 2023. Focusing on gatekeeper platforms, Dempsey explained how the DMA is a step towards a fair, open and innovative digital environment for the EU. Key gaps remain, however, including avoidable implementation issues relating to non-compliance, gaps in enforcement expertise, and ‘malicious compliance’ (whereby companies seem to comply with the letter of the law, but in a way that undermines the point of the rules). Dempsey then finished with the Artificial Intelligence Act, adopted this year, which experimented with a novel product safety approach to regulating AI – although criticisms of this framework remain.

MEP Alex Saliba provided a response to the second pillar, emphasising the important work of the Parliament in the previous legislature to protect fundamental rights, and therefore the critical need for strong enforcement and oversight of laws like the GDPR, DSA, DMA and AI Act.

Pillar III: Policing and security in the digital age

The final thematic pillar, on policing and security in the digital age, was presented by Chloé Berthélémy, Senior Policy Advisor at EDRi and Caterina Rodelli, EU Policy Analyst at Access Now. Rodelli opened with a reminder of the need to drawing red lines against permanent mass surveillance infrastructures. Berthélémy complemented this with a history of data retention – a state obligation on telecommunications providers to retain (potentially all) metadata of users – which is particularly prescient given that a new data retention proposal is expected this mandate from the European Commission, with potentially severe consequences for human rights.

Berthélémy also warned about the European Media Freedom Act’s permissive framework for the use of spyware against journalists, and provided information on the Law Enforcement Directive, aka the GDPR for police. This was complemented by Rodelli’s presentation on how the aforementioned AI Act had failed to sufficiently protect rights in the policing and migration context in four key ways (limited prohibitions, missing high-risk systems, problematic exemptions for law enforcement/migration authorities, and a national security loophole). Rodelli also highlighted the EU Pact on Migration and Asylum, which increases the collection of biometric data and the use of automated profiling.

Finally, looking to the future, Berthélémy presented the mandate of Europol in the context of its 2022 reform, and the currently-being-negotiated regulation to expand Europol’s powers vis-a-vis the facilitation of migrant smuggling. Worryingly, the legislative proposal was put forward by the European Commission without an Impact Assessment – something that the new Parliament should refuse to accept, in accordance with the EU’s Better Regulation Toolkit.

The session concluded with a reminder that there can be no security without the protection of fundamental rights. This was followed by a warm thank you from EDRi’s head of policy, Ella Jakubowska, not only to our co-sponsor MEPs Ms. Geese, Ms. Chaibi, Mr. Saliba and Ms. Joveva, but also their staff, who organised and facilitated this event, marking the importance of close collaboration between the Parliament and civil society.