10 Oct 2018

EU Parliament’s anti-terrorism draft Report raises major concerns

By Maryant Fernández Pérez

In June 2018, Member of the European Parliament (MEP) Rapporteurs Monika Hohlmeier (EPP) and Helga Stevens (ECR) released their draft Report of the rather secret work carried out by the European Parliament’s Special Committee on Terrorism (TERR). The draft Report attracted more than 1500 amendments, which proves that political groups in the TERR Committee disagree on how to move forward on the EU counter-terrorism policies. While the recommendations of the final Report will not be binding, it sets a bad precedent for EU citizens prior to the elections, and its impact could be greater than that of most other political statements.

A draft Report that ignores the fundamental rights mandate of the TERR Committee

The TERR Committee had a mandate “to assess the impact of the EU anti-terrorism legislation and its implementation on fundamental rights”. The draft Report, however, does not deliver such assessment.

From a digital rights perspective, the draft Report contains numerous worrying recommendations, statements and approaches to counter-terrorism. It is problematic for several reasons. For example, it encourages the “next President of the Commission to maintain a self-standing portfolio for the Commissioner for Security Union” – a portfolio currently held by the UK Commissioner Sir Julian King, who has been pushing several worrisome proposals for fundamental rights in the digital environment, such as the new draft Terrorism Regulation. In addition, the text encourages privatised law enforcement; it promotes the expansion of illegal data retention; it encourages eroding encryption; it promotes the creation of an EU Big Brother database hidden behind “interoperability” proposals that the European Data Protection Supervisor has strongly criticised; it supports the flawed Commission proposals on cross-border access to data or “e-evidence” that have been criticised by most stakeholders and most recently by the European Data Protection Board; it encourages the extension of the Passenger Name Records (PNR) profiling, despite the 2017 Court of Justice of the European Union (CJEU) Opinion on this matter; it encourages and it even portrays a false image of fundamental rights, by for example saying that between security and the fundamental right to privacy, security should prevail.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

Luckily, there are 1519 amendments to change this draft Report. However, among the large number of amendments, there are some that, if adopted, would make the draft Report even worse. For example, there are amendments that ask for decryption or the implementation of encryption backdoors for “law enforcement”. Assuming that undermining security and privacy will help to uphold security while fighting terrorism is not rational.

Coincidental, problematic similarities

One of the interesting parts of the draft Report is that it contains many resemblances with the draft Regulation on preventing and tackling the dissemination of “terrorist content” online proposed by the Commission on 12 September 2018. Both texts specifically focus obliging internet service providers to remove terrorist content within a maximum one hour. Both texts limit transparency obligations to simply how many removals providers conducted and how quickly were these actions taken. While the Rapporteurs in TERR affirm that “the limit of voluntary action of companies has been reached”, the explanatory memorandum of the proposed Regulation states that “the voluntary arrangements have also shown their limitations”. Both texts put a light on the role of “smaller platforms” in this policy challenge as well as of “automated means”. Either the Rapporteurs had a crystal ball to know what the European Commission was about to say, this is a mere “coincidence”, or something else.

The fact that the TERR Committee draft’s “spontaneously” chose to propose similar wording to what the Commission proposed is important. It means that the two rapporteurs have led the European Parliament a long way towards adopting a position that fully aligns with the terms of the proposed Terrorist content Regulation before the vast majority of Parliamentarians were aware of what the Commission was about to propose as binding legislation. If deliberate, this would be a serious attack on institutional integrity of the European Parliament.

The TERR Report risks being a missed opportunity

Overall, the draft Report misses an important call for sober analysis of the current situation of counter-terrorism policies vis-à-vis fundamental rights and for evidence-based policy-making. A lot would have to change for the TERR Committee to have been proven useful and abide by the responsibilities conferred by the European Parliament in July 2017. The Committee is expected to consider compromise amendments on 15 October 2018 and have a vote on the draft Report and the tabled amendments on 12 November 2018. The whole Parliament would be asked to vote on it in December.

Draft report on findings and recommendations of the Special Committee on Terrorism (21.06.2018)

European Parliament – fighting terrorism with closed-door secrecy (07.02.2018)

(Contribution by Maryant Fernández Pérez, EDRi, and Chloé Berthelemy, EDRi intern)



21 Jun 2018

ENAR and EDRi join forces for diligent and restorative solutions to illegal content online

By Maryant Fernández Pérez

The European Network Against Racism (ENAR) and European Digital Rights (EDRi) joined forces to draw up some core principles in the fight against illegal content online. Our position paper springs both from the perspective of victims of racism and that of free speech and privacy protection.

The European Commission has so far not been successful in tackling illegal content in a way that provides a redress mechanism for victims. In fact, the European Commission has been way too long focused on a “public relations regime” on how quickly and how many online posts have been deleted, while not having a diligent approach for addressing the deeper problems behind the removed content. Indeed, the European Commission has been continuously promoting rather superficial “solutions” that are not dealing with the problems faced by victims of illegal activity in a meaningful way.

At the same time, the European Commission’s approach is undermining people’s rights to privacy and freedom of expression by urging and pressuring internet giants to take over privatised law enforcement functions. As a consequence, ENAR and EDRi have agreed a joint position paper following our commitment to ensure fundamental rights for all.

Our joint position paper relies on four basic principles:

1. No place for arbitrary restrictions – Any measure that is implemented must be predictable and subject to real accountability.

2. Diligent review processes – Any measure must be implemented on the basis of neutral assessment, rather than being left entirely to private parties, particularly as they may have significant conflicts of interest.

3. Learning lessons – Any measure implemented must be subject to thorough evidence-gathering and review processes.

4. Different solutions for different problems – No superficial measure in relation to incitement to violence or hatred should be implemented without clear obligations on all relevant stakeholders to play their role in dealing with the content in a comprehensive manner. Illegal racist content inciting to violence or discrimination should be referred to competent and properly resourced law enforcement authorities for adequate sanctions if they meet the criminal threshold. States must also ensure that laws on racism and incitement to violence are based on solid evidence and respect international human rights law.

This paper follows cooperation between the two organisations over the past few years to bring the digital rights community and the anti-racist movement together in a more comprehensive way. The common initiative comes at a time where the European Commission is consulting stakeholders and individuals to provide their opinion on how to tackle illegal content online by 25 June 2018. EDRi has developed an answering guide for individuals that consider that the European Union should take a diligent, long-term approach that protects for the victims of illegal content, such as racism online, and victims of free speech restrictions.

(Contribution by Maryant Fernández Pérez, EDRi Senior Policy Advisor)

Read more:

ENAR-EDRi Joint position paper: Tackling illegal content online – principles for efficient and restorative solutions (20.06.2018)

EDRi Answering guide to EU Commission’s “illegal” content “consultation” (13.06.2018)

Commission’s position on tackling illegal content online is contradictory and dangerous for free speech (28.09.2017)

EU Commission’s Recommendation: Let’s put internet giants in charge of censoring Europe (28.09.2017)

27 Apr 2018

15 organisations ask the European Parliament not to weaken net neutrality enforcement

By Maryant Fernández Pérez

On 27 April 2018, EDRi and 14 other organisations sent a letter to the European Parliament’s rapporteur on the European Electronic Communications Code (EECC), Ms. Pilar del Castillo. Ms. Del Castillo is the parliamentarian in overall charge of negotiating a political agreement on behalf of the European Parliament. We are concerned about how the current trilogue negotiations between the European Parliament, the European Commission, and the Council are going.

In the letter, we urge the European Parliament to defend its mandate and not to weaken the enforcement of EU net neutrality rules and reaffirm the role of national regulatory authorities and the Body of European Regulators for Electronic Communications (BEREC) in doing so in a coherent and coordinated manner.

You can read the letter here and below.

27 April 2018

Re: European Electronic Communications Code trilogue negotiations on Article 5

Dear Ms. Del Castillo,

We, the undersigned organisations, are writing to you to express our profound concern about the way that the currently proposed trilogue agreement on Article 5 of the Electronic Communications Code would weaken the role of independent telecommunications regulatory authorities in Europe.

In particular, we are alarmed that the European Parliament delegation appears not to be strongly defending the Parliament’s mandate. The Parliament’s position is quite clear that NRAs should be responsible for “ensuring compliance with rules related to open internet access in accordance with Regulation (EU) 2015/2120” and for “ensuring consumer protection and end-user rights in the electronic communications sector within the remit of their competences under the sectorial regulation, and cooperating with relevant competent authorities wherever applicable”. Any change to this approach can only serve to create legal uncertainty and the weakened enforcement of the Regulation previously approved by the Parliament.

It is entirely unacceptable for the Council to try to undermine an absolutely fundamental element of ensuring a competitive, innovative and open electronic communications market.

Caving in to the demands of the Council, driven by a very small number of Member States, will risk:

  • undermining the crucial independence of NRAs;
  • moving us towards a situation more similar to the United States, which facilitated short-sighted political decisions on net neutrality that undermined crucial independent, evidence- and expert- driven policies supporting the open Internet;
  • undermining coherent and coordinated enforcement of the rules outlined in Regulation (EU) 2015/2120.

According to Article 5(1) of Regulation (EU) 2015/2120, National Regulatory Authorities (NRAs) are the competent authorities to enforce open internet rules. Article 5(4) of this Regulation provides for the possibility for NRAs to conduct additional tasks. The European Electronic Communications Code must not – and cannot – contravene this Regulation, which is directly applicable. We urge the European Parliament to ensure that the European Electronic Communications Code clearly reaffirms the role of NRAs and BEREC in ensuring that the net neutrality rules are enforced efficiently and consistently.

We remain at your disposal for any further information.

We thank you for your time and consideration.

Kind regards,

European Digital Rights (EDRi), a coalition of 39 civil and human rights organisations
Access Now, International NGO, member of EDRi
AFUL, French speaking users of Libre and Free Software NGO
Alsace Réseau Neutre, French local non-profit Internet Access & Service Provider
Aquilenet, French local non-profit Internet Access & Service Provider
epicenter.works, member of EDRi
FAImaison, non-profit Internet Service & Access Provider based in Nantes, France
Fédération FDN, federation of local & non-profit ISPs
FFII France, a French NGO fighting against software patents
Franciliens.net, French local non-profit Internet Access & Service Provider
Frënn vun der Ënn, Luxembourg, NGO, defending privacy and human rights on the internet
Ilico, French local non-profit Internet Service Provider
Illyse, French local non-profit Internet Access Provider
La Quadrature du Net, French NGO defending rights and freedom on the Internet
Midway’s Network, French local non-profit internet service provider based in Belfort

(Contribution by Maryant Fernández Pérez, EDRi)


03 Apr 2018

Nearly 100 public interest organisations urge Council of Europe to ensure high transparency standards for cybercrime negotiations

By Maryant Fernández Pérez

(This blogpost is also available in French and Spanish)

Today, 3 April 2018 European Digital Rights (EDRi), along with 93 civil society organisations from across the globe, sent a letter to the Secretary General of the Council of Europe, Thorbjørn Jagland. The letter requests transparency and meaningful civil society participation in the Council of Europe’s negotiations of the draft Second Additional Protocol to the Convention on Cybercrime (also known as the “Budapest Convention”) —a new international text that will deal with cross-border access to data by law enforcement authorities. According to the Terms of Reference for the negotiations, it may include ways to improve Mutual Legal Assistance Treaties (MLATs) and allow “direct cooperation” between law enforcement authorities and companies to access people’s “subscriber information”, order “preservation” of data and to make “emergency requests”.

The upcoming Second Additional Protocol is currently being discussed at the Cybercrime Convention Committee (T-CY) of the Council of Europe, a committee that gathers the States Party to the Budapest Convention on Cybercrime and other observer and “ad hoc” countries and organisations. The T-CY aims to finalise the Second Additional Protocol by December 2019. While the Council of Europe has made clear its intention for “close interaction with civil society“, civil society groups are asking to be included throughout the entire process—not just during the Council of Europe’s Octopus Conferences.

Transparency and opportunities for input are needed continuously throughout the process. This ensures that civil society can listen to Member States, and provide targeted advice to the specific discussions taking place. Our opinions can build upon the richness of the discussion among States and experts, a discussion that civil society will miss if we are not invited to participate throughout the process.

— the letter reads

Current negotiations raise “multiple challenges for transparency, participation, inclusion and accountability,” despite the fact that the Council of Europe’s committees are traditionally very inclusive and transparent. We are requesting the T-CY to:

develop a detailed plan for online debriefing sessions after each drafting meeting, both plenary and drafting, and to invite civil society as experts in the meetings, as is customary in all other Council of Europe Committee sessions. With a diligent approach to making all possible documents public and proactively engaging with global civil society, the Council of Europe can both build on its exemplary approach to transparency and ensure that the outcome of this process is of the highest quality and achieves the widest possible support.

In light of the passing of the CLOUD Act in the United States that undermines the rights to privacy and other rights, the forthcoming proposal of the European Union on e-evidence, and other initiatives, it is vitally important that the T-CY listens to and engages with civil society proactively and in a timely manner. Civil society wants to engage in this process to ensure the new protocol will uphold the highest human rights standards.

The letter is available in English, French and Spanish.

The letter was coordinated by European Digital Rights (EDRi) and the Electronic Frontier Foundation (EFF) with the help of IFEX, Asociación por los Derechos Civiles (ADC), Derechos Digitales, and Association for Progressive Communications (APC).


19 Mar 2018

CLOUD Act: Civil society urges US Congress to consider global implications

By Maryant Fernández Pérez

On 19 March 2018, European Digital Rights (EDRi) co-signed a letter with three other civil society organisations, asking the US Congress to ensure that the “Clarifying Lawful Overseas Use of Data Act” (the US “CLOUD Act”) is not attached to the omnibus bill.

If the CLOUD Act is attached to the omnibus bill, it would mean it would be passed without discussion or modification of very problematic provisions that will impact individuals’ rights worldwide. The US legislator would give up its power to the executive branch of government. The CLOUD Act would authorise the US Government to unilaterally issue executive agreements with a “qualifying foreign government”, such as the European Union and/or its Member States, without “following each other’s privacy laws” and without review by Congress. This decision would have global implications that we urge the US Congress to consider:

First, executive decisions of this kind would facilitate law enforcement access to individuals’ data directly from companies. They, however, would seriously weaken and erode privacy and other rights of citizens around the world, including Europeans. For instance, under the CLOUD Act, a US police department could request access to “the contents of a wire or electronic communication and any record or other information” about a European citizen without necessarily following EU privacy laws. If the EU enters into an agreement with the US, European citizens would have to rely on the company subject to the data access request to challenge the order before a US court within 14 days following a complicated “comity” procedure whereby a US court would decide to modify or quash the legal process.

Second, as currently drafted, the US CLOUD Act has no review mechanism in the event of democratic backsliding in a third country. This means that, once a government has entered into an agreement with the US Government, it would be almost impossible for the US to revoke this status. In the letter, we point out US Congress about the procedures that the European Commission initiated against Hungary and Poland and ongoing legal proceedings due to rule of law and human rights violations, including threats to judicial independence and civil society organisations. It would be problematic for the US legislator to allow such agreements to be entered into, particularly without robust mechanisms for withdrawing from them.

Giant tech companies such as Microsoft have been lobbying for the CLOUD Act. However, the bill does not adequately protect individuals’ rights – including those of US persons. In addition, the bill ignores the current, long-established system for dealing with cross-border access to data requests, Mutual Legal Assistance Treaties (MLATs). MLATs are often misrepresented as never being suitable for dealing with electronic evidence. The reality is that significant improvements to MLAT procedures are possible and, indeed some have already been made – as evidenced by the recent major improvements in the efficiency of the US Department of Justice (DoJ). Thanks to the “MLAT Reform” programme, the US DoJ recently reduced the amount of pending cases by a third.

On 19-21 March 2018, the European Commissioner Věra Jourová will be in Washington to discuss the CLOUD Act and cross-border access to data in general. We hope she will raise concerns about the global implications of the CLOUD Act for people around the world.

You can read the letter here.



10 Jan 2018

2017: From EDRi to the world

By Maryant Fernández Pérez

2017 was a busy year for digital rights defenders. To advance our mission to defend and promote your rights to privacy, data protection, and freedom of information, expression and opinion, we worked hard to engage with European level decision-making, but also did our best to get out of the Brussels “EU bubble” and enhance digital rights across Europe and beyond. How?

1. Increasing our international outreach

In 2017, EDRi spoke in events in 15 countries. We gave numerous expert presentations in the European Parliament, the European Commission, the Council of Europe, national Permanent Representations to the European Union, the European Economic and Social Committee, and other key institutions. We also spoke about our work in many universities to explain the importance of digital rights. In addition, we wrote guest articles in various publications and were quoted in international news outlets.

Furthermore, we participated in key international events, including the Computers, Privacy and Data Protection International Conference (CPDP), the Internet Freedom Festival (IFF), Re:publica, RightsCon, the OSCE-Council of Europe’s Internet Freedom Conference, Council of Europe’s expert meetings on intermediaries, Copycamp, the United Nations Internet Governance Forum, and the Chaos Communication Congress.

We also co-organised several events with international reach , such as the Privacy Camp, the Civil Society Trade Lab, and the School of Rock(ing) Copyright in Slovenia, Hungary and Portugal.

In addition to the events, EDRi set up an Advisory Council to add expertise from international experts outside the EDRi network.

2. Maintaining and building new international alliances

The defence and promotion of digital rights cannot be achieved by only one single organisation. That is why in 2017 we led and participated in several formal and informal coalitions, including on data protection, e-Privacy, encryption, cross-border access to data, net neutrality (see here, here and here), telecoms, net competition, copyright reform (see here, here and here), free and open source software, and digital trade.

Moreover, we remained an active and proud member of the Trans Atlantic Consumer Dialogue (TACD). In 2017, EDRi also became a member of the Non Commercial Users Constituency (NCUC).

3. Strengthening the EDRi network globally

In 2017, we focused on invigorating our network. Without our 35 members and many other observer organisations and individuals, we could not have the reach and impact that EDRi has worldwide. After launching a Community network working group in 2016 and seeking internal and external input, we hired our amazing Community Manager, Guillermo Peris.

We organised four informal EDRi meet-ups on top of our annual General Assembly: one at Freedom Not Fear (Brussels); one in cooperation with Epicenter.works (Vienna); one at Re:publica (Berlin) and one at the United Nations Internet Governance Forum (Geneva). The purpose of these informal gatherings was to better connect, cooperate and share knowledge among the membership.

4. Thanks for supporting our work for digital rights

We want to thank all those supporting European Digital Rights (EDRi). May 2018 bring us many victories for the protection and defence of our privacy, personal data & freedom of opinion and expression online!

We are committed to defending digital rights in the best possible way. Do you have any suggestions to further improve in 2018? Please, contact us at brussels [at] edri.org.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

From EDRi to the world in 2016 (25.01.2017)

(Contribution by Maryant Fernández Pérez, EDRi)



16 Oct 2017

EU’s plans on encryption: What is needed?

By Maryant Fernández Pérez

On 18 October 2017, the European Commission is expected to publish a Communication on counter-terrorism, which will include some lines on encryption.

What is encryption? Why is it important?

When we send an encrypted message (or store an encrypted document), no one else but the intended recipient can read it using a unique key. So even if someone manages to intercept the message when it’s on its way to the recipient, they will not be able to read its contents without the key – they can only see something that looks like a random set of characters. Encryption ensures the confidentiality of our personal data and company secrets. This is not only essential for our democratic rights and freedoms, but it also promotes trust in our digital infrastructure and communications, which is vital for innovation and economic growth. For example, encryption is essential for securing online banking transactions, and protecting the confidentiality of sources in journalism.

Encryption workarounds needed?

The European Commission has come under pressure from some EU Member States to take actions to address the perceived problem of data not being available to law enforcement authorities, due to encryption. This issue is frequently hyped as a major problem, and certain politicians have suggested simplistic and counter-productive policies to weaken encryption as a “solution” to them.

There are several techniques that law enforcement authorities use to access encrypted data. One approach consists in obtaining the key to decrypt the data, for instance, through a physical search when the key is saved on a USB drive. The key can also be obtained from the user directly, for example via social engineering or legal obligation. Another approach is to access the decrypted data through bypassing the key by exploiting a flaw or weakness in the system or by installing software or spyware. However, the existence of workarounds does not mean that law enforcement should resort to them nor that they would be necessary or proportionate, or even compatible with human rights law.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

From a technical point of view, encryption cannot be weakened “just a little”, without potentially introducing additional vulnerabilities, even if unintentionally. When there is a vulnerability, anyone can take advantage of it, not just the police or intelligence services. Sooner or later, a secret vulnerability will be exploited by a malicious user, perhaps the same one it was meant to be safeguarding us from. Law enforcement aims are legitimate. However, as pointed out by the European Union Agency for Network and Information Security (ENISA), limiting the use of encryption will create vulnerabilities, lower trust in the economy and damage civil society and industry alike.

What should the European Union do?

A more balanced approach is needed, which avoids much of the rhetoric that is often heard in relation to encryption. Such an approach would recognise a variety of options for addressing this issue without compromising everybody’s security or violating human rights.

Saying “no” to backdoors is a step into the right direction, but not the end of the debate, as there are still many ways to weaken encryption. The answer to security problems like those created by terrorism cannot be the creation of security risks. On the contrary, the EU should focus on stimulating the development and the use of high-grade standards for encryption, and not in any way undermine the development, production or use of high-grade encryption.

We are concerned by the potential inclusion of certain aspects of the forthcoming Communication, such as the increase of capabilities of Europol and what this may entail, and references to removal of allegedly “terrorist” content without accountability in line with the Commission’s recent Communication on tackling illegal content online. We remain vigilant regarding the developments in the field of counter-terrorism.

Read more:

Encryption – debunking the myths (03.05.2017)

EDRi delivers paper on encryption workarounds and human rights (20.09.2017)

EDRi position paper on encryption (25.01.2016)

How the internet works (23.01.2012, available in six languages)


04 Oct 2017

ENDitorial: Tinder and me: My life, my business

By Maryant Fernández Pérez

Tinder is one of the many online dating companies of the Match Group. Launched in 2012, Tinder started being profitable as of 2015, greatly thanks to people’s personal data. On 3 March 2017, journalist Judith Duportail asked Tinder to send her all her personal data they had collected, including her “desirability score”, which is composed of the “swipe-left-swipe-right” ratio and many other pieces of data and mathematic formulae that Tinder does not disclose. Thanks to her determination and support from lawyer Ravi Naik, privacy expert Paul-Olivier Dehaye and the work of Norwegian consumers advocates, Judith reported on 27 September 2017 that she received 800 pages about her online dating-related behaviour.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

Tinder did not disclose how desirable the company considered Duportail to be, though, even if it had disclosed it to another journalist. The 800 pages contained information such as her Facebook “likes”, her Instagram pictures (even if she had deleted her account), her education, how many times she had connected to Tinder, when and where she entered into online conversations, and many more things. “I was amazed by how much information I was voluntarily disclosing”, Duportail stated.

800 pages of personal data – surprising?

As a Tinder user, you should know that you “agree” to Tinder’s terms of use, privacy policy and safety tips, as well as other terms disclosed if you purchase “additional features, products or services”. These include the following:

  • “You understand and agree that we may monitor or review any Content you post as part of a Service.”
  • “If you chat with other Tinder users, you provide us the content of your chats.”
  • “We do not promise, and you should not expect, that your personal information, chats, or other communications will always remain secure.”
  • “By creating an account, you grant to Tinder a worldwide, transferable, sub-licensable, royalty-free, right and license to host, store, use, copy, display, reproduce, adapt, edit, publish, modify and distribute information you authorize us to access from Facebook, as well as any information you post, upload, display or otherwise make available (collectively, ‘post’) on the Service or transmit to other users (collectively, ‘Content’).”
  • “You agree that we, our affiliates, and our third-party partners may place advertising on the Services.”
  • “If you’re using our app, we use mobile device IDs (the unique identifier assigned to a device by the manufacturer), or Advertising IDs (for iOS 6 and later), instead of cookies, to recognize you. We do this to store your preferences and track your use of our app. Unlike cookies, device IDs cannot be deleted, but Advertising IDs can be reset in “Settings” on your iPhone.”
  • “We do not recognize or respond to any [Do Not Track] signals, as the Internet industry works toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.”
  • “You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our Service.”

Tinder explains in its Privacy Policy – but not in the summarised version of the terms – that you have a right to access and correct your personal data. What is clear to the company is that you “voluntarily” provided your information (and that of others). Duportail received part of the information Tinder and its business partners hold, no doubt partly because she is a journalist. Her non-journalist friends have not experienced the same benevolence. Your personal data has an effect not only on your online dates, “but also what job offers you have access to on LinkedIn, how much you will pay for insuring your car, which ad you will see in the tube and if you can subscribe to a loan”, Paul-Olivier Dehaye highlights.

Worse still, even if you close your account or delete info, Tinder or its business partners do not necessarily delete it. And the worst, you’ve “agreed” to it: “If you close your account, we will retain certain data for analytical purposes and recordkeeping integrity, as well as to prevent fraud, enforce our Terms of Use, take actions we deem necessary to protect the integrity of our Service or our users, or take other actions otherwise permitted by law. In addition, if certain information has already been provided to third parties as described in this Privacy Policy, retention of that information will be subject to those third parties’ policies.”

You should be in control

Civil society organisations fight this kind of practices, to defend your rights and freedoms. For instance, the Norwegian Consumer Council successfully worked for Tinder to change its terms of service. On 9 May 2017, EDRi and its member Access Now raised awareness about period trackers, dating apps like Tinder or Grindr, sex extortion via webcams and the “internet of (sex) things” at the re:publica 17 conference. Ultimately, examples like Duportail’s shows the importance of having strong EU data protection and privacy rules. Under the General Data Protection Regulation, you have a right to access your personal data, and companies should provide privacy by default and design in their services. Now, we are working on the e-Privacy Regulation to ensure you have real consent instead of a tick on a box of something you never read, to prevent companies from tracking you unless you provide express and specific consent, among many other things.

Now that you know about this or have been reminded of this, spread the word! It does not matter whether you are on Tinder or not. This is about your online future.

I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets (26.09.2017)

Getting your data out of Tinder is really hard – but it shouldn’t be (27.09.2017)

Safer (digital) sex: pleasure is just a click away (09.05.2017)

Tinder bends for consumer pressure (30.03.2017)

(Contribution by Maryant Fernández Pérez, EDRi)



26 Sep 2017

Letter to the FCC: The world is for net neutrality

By Maryant Fernández Pérez

Today, 26 September 2017, European Digital Rights (EDRi) and over 200 other civil society organisations and businesses joined forces to send a letter to the head of the US Federal Communications Commission (FCC) with a clear message: the world is for net neutrality. In the letter, we express concerns about the negative impact the rollback of US Title II net neutrality rules can have on the world’s shared internet ecosystem.

This letter defends the internet as a global, open and non-discriminatory network. Saving net neutrality again will benefit creativity, innovation, net competition, and the economy. It will also foster our rights to free speech and access to knowledge.

You can read the letter here and below:

Dear FCC Chairman Ajit Pai,

We are companies and organisations headquartered outside the United States of America, and we are concerned about how the rollback of US Title II net neutrality rules could negatively impact the world’s shared Internet ecosystem.

The Internet has been such a social and economic success because permissionless any-to-any communication is at its core. Net neutrality allows online business or any societal movement equal access to a global audience – undermining this principle would create significant social and economic harms.

Access to the entire Internet is not only vital to American business and society, it is essential to businesses and people outside the United States. We also depend on a strong competitive framework and legal foundation to ensure that Internet service providers (ISPs) cannot create barriers to commerce and free speech by discriminating against websites, services, and apps, or by imposing new fees that harm businesses and consumers.

The open Internet makes it possible for all of us to bring our best business ideas to the world without interference or seeking permission from any gatekeeper first. This is possible because the principle of net neutrality ensures that everyone, no matter where they are located, has unimpeded access to Internet opportunities.

The FCC’s longstanding commitment to protect the open Internet is a central reason why the Internet remains an engine of entrepreneurship and economic growth both in the US and outside its borders. We are deeply concerned that the proposed regulatory changes to net neutrality will undermine free speech and competition on the Internet. Despite assurances to the contrary, the changes proposed by the FCC would remove the only existing legal foundation strong enough to ensure the United States will continue to honor the principle of net neutrality.

An FCC rollback of net neutrality provisions would grant US Internet service providers like AT&T, Comcast and Verizon new powers to control the Internet. Ultimately, these changes will allow US Internet access providers to demand payment from online services for the right to have privileged access to that provider’s customer base, creating a patchwork of new monopolies to replace the existing open market. This will fragment the market, destroy economies of scale, reduce incentives for innovation, undermine social movements and rip the soul out of the Internet.

We urge you to maintain strong net neutrality rules and focus on policies that encourage the deployment of new network infrastructure, and create greater choice and competition amongst Internet service providers.

Thank you for considering our views.

CC: Members of Congress


20 Sep 2017

Should video-sharing platforms be part of the AVMSD?

By Maryant Fernández Pérez

The Audiovisual Media Services Directive (AVMSD) is currently being reformed. After going through several legislative stages, the AVMSD is now being negotiated in trilogues, that is, informal, secret negotiations between the European Parliament (representing citizens) and the Council (representing EU Member States), facilitated by the European Commission (representing EU interests). As part of the negotiations, a key question will have to be addressed: should some or all video-sharing platforms be covered by the AVMSD and, if so, how?

On the one hand, there are demands for holding video-sharing platforms like YouTube responsible for content (including legal content) that is published on their sites or apps because of the impact online content has on the public debate and our democracies. On the other hand, these platforms are not producing or publishing content, but only hosting it. The AVMSD covering platforms that are so radically different from those that the Regulation was originally created to regulate – cross-border satellite TV services – would not make sense, as EDRi’s position paper, published on 14 September 2017, argues.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

Video-sharing platforms, and social media generally, are not traditional media. While their activities influence (and even manipulate) the population, regulating video-sharing platforms as traditional media is not the solution to undesired impacts on our societies. When two services – linear broadcasting of editorially-controlled content and non-linear hosting of content produced by others – are significantly different, achieving a level playing field through a “one-fits-all” approach is not always possible. The consequences of getting it wrong can have a damaging effect on freedom of expression, competition, the fight against illegal material online and the protection of children in the online environment. At the Council meeting, seven Member States made unusually impassioned pleas to reject the proposed approach, mainly on grounds of freedom of expression. For these reasons, the deletion of the provisions that extend the scope of the AVMSD would be the most rational option, as the EDRi’s position paper suggests.

Failing deletion, EDRi recommends to clarify the definition of what constitutes “video-sharing platforms” and “user-generated content”. In addition, EDRi’s position paper asks for more predictability when asking companies to take action, to avoid abuses, ensure predictability and defend freedom of expression. For instance, some proposals on the table in the trilogue negotiations ask video-sharing platforms to restrict incitement to hatred based on political opinions or “any other opinions”. Asking platforms to delete hate speech based on “any other opinions” is likely to lead to arbitrary restrictions, and affect how we express ourselves online. Another reason to be cautious is that certain provisions would ask these companies to have a “self-regulatory” role in the “moral” development of children. Do we really want companies to decide what is good for the “moral” development of our kids?

Fighting against illegal hate speech, terrorism and child abuse is very important. However, asking companies, to decide what should be acceptable or not in our society is worrisome. Numerous examples demonstrate that content is being restricted in video-sharing and social media platforms without accountability or real redress. Creating a situation where video-sharing platforms are forced to regulate more of our communications and give themselves more leeway to decide on what content we can access or not, despite what the law deems to be illegal, will not be beneficial for the EU.

EDRi position on AVMSD trilogue negotiations (14.09.2017)

ENDitorial: AVMSD – the “legislation without friends” Directive? (14.06.2017)

Audiovisual Media Services Directive reform: Document pool

(Contribution by Maryant Fernández Pérez, EDRi)