General Enforcement Data Protection Answering Guide: Your response could touch on a variety of different issues such as arbitrary interferences imposed by platforms that are relied upon for freedom of communication, such as social media and search engines. This can be

• on the basis of the preferences of the platform (such as restrictions on breastfeeding pictures on Facebook, the discontinuation of the Politwoops service on Twitter and Paypal's arbitrary removal of services based on its broad terms of service)
• on the basis of efforts to achieve public policy objectives (arbitrary deletion of content for copyright enforcement, for example
• on the basis of weak respect for data security and privacy (such as the problems generated by massive and unpredictable data collection and storage by online platforms)

General Enforcement Data Protection Answering Guide: The question of voluntary enforcement mechanisms (often incorrectly referred to as "self-regulation") and/or regulatory measures has been subject to debate, especially in the context of IPR infringement, terrorism, hate speech and child abuse. It is important to stress the need for predictability, a clear legal framework, respect for associated legal instruments (such as data protection) and review mechanisms as a method of ensuring effectiveness and proportionality of any voluntary measures.

Effective implementation of existing legislation (data protection and unfair contract terms, in particular) would already be a big step in the right direction. Governments should stop pressuring private companies into taking on policing and surveillance measures - such pressure is not in line with international law and runs a high risk of causing counterproductive effects for the policy objectives being addressed.

With regard to data protection, we need effective enforcement of general data protection law and a reform of the ePrivacy Directive that take account of technological developments and experience with the existing Directive.

As the question is so broad, all of the solutions suggested by the Commission are partly applicable,  so “a combination of the above” is the only logical answer.

General Answering Guide: The issue which is set as example (targeted advertising) is not comparable to, for example, a musical suggestion on YouTube based on your previous searches or to suggestions of similar destination in Booking.com. As a result, you need to specify which type of platform you are referring to in your response.

It is quite obvious that adapting information to the user is unavoidable to a greater or lesser extent on many, if not most platforms, rendering the question meaningless.  The only logical answer is, therefore, yes.

General Enforcement Data Protection Answering Guide: If you have read (even superficially) the use of terms of service of any platform, you will probably be aware that the length, vagueness and the complicated language used are barriers that you may wish to comment on. Your response could cover, for example, issues related to acceptable use policy, content deletion policy, "real name" policy, if any, liability for down-time of the service, etc. Points to consider in your response include:

• There is little commonality between many of the different services covered by the Commission's definition making it impossible to answer this question generically in a meaningful way. 
• On many social media platforms, acceptable use policy tends to be very vague, with the platform being the ultimate arbiter of what is permitted or not. 
• Terms with regard to personal data processing are generally written in a very unclear way, referring generically to very broad uses such as "research" or "targeted advertising”.

General Data Protection Answering Guide: You should include any good or bad examples that you have encountered, as well as your particular priorities. The examples we will mention are:

• Rules concerning content deletion should be clear and predictable and allow appropriate counter-notice options for individuals. This is important to avoid governments putting pressure on platforms to delete content that is either unwelcome or which may be illegal - thereby avoiding legal processes, undermining accountability and risking counter-productive effects.
• Good practice: Ebay's short version privacy policy and use of pictographs that make it easier to understand how the company uses personal data
• Bad practice: Google's “opt-out” of targeted advertising which does not offer an opt-out from the processing that leads to targeted advertising
• Bad practice: Excessive data collection and storage (see this French article for one example)

General Data Protection Answering Guide: The definition of "platforms" is too broad to give a generic answer to this question. If you have specific concerns regarding ratings, reviews, etc on a particular platform or type of platform, make sure you specify which type or types of platform and which type of reputation system you are addressing. You may wish to consider issues regarding the reliability and oversight of privacy seals.

General Data Protection Answering Guide: This question is about two fundamentally different issues. Under EU rules, personal data are "any information relating to an identified or identifiable natural  person" and are subject to a specific (general data protection Directive 1995/46/EC and e-privacy Directive 2002/58/ec) legal regime. Non-personal data are all other data, which are treated differently. As the two issues are entirely different, they shouldn't be addressed the same question. It is important to be careful to distinguish between which type of data you are referring to in each answer.

With regard to personal data, terms of service (ToS) rarely provide meaningful information that users can use to predict the behavior of platforms. In our responses to these questions we have provided concrete examples of how what is written in the ToS is abused by the different platforms for different purposes.

It is important to consider also that the use of data by different platforms is very different. Facebook's use of personal data is vastly different from, for example, the use of personal data by Netflix.

With regard to non-personal data, we are not aware of problems. We are also unaware of problems that can be or should be solved by changing contract law. Unless "non-personal data" is defined in an inappropriately narrow way, there is no obvious need to be more transparent regarding the collection of such data, unless other justifications for disclosure exist in particular cases, such as consumer protection or net neutrality.

With regard to personal data, it is difficult to find a privacy policy, particularly, but not only, in the context of social media or search, where the likely uses of the data are clearly explained. Facebook's use of its "right" to manipulate the mood of thousands of users in the name of the "research" it mentions in its terms of service is one of many examples of entirely unpredictable terms of service.

General Data Protection Answering Guide: Here again, it is important to point out that personal and non-personal data are fundamentally different, subject to different legal regimes and raising different public policy concerns.

With regard to personal data, terms of service/privacy policies are generally grossly untransparent. For example, they can include provisions that unspecified third parties can use tracking data for "analytics" (which is obviously not an end in itself) and behavioural advertising. Opt-outs, insofar as they exist, generally refer to the outputs (targeted advertising) and not the processing (such as profile building), which leads to those outputs. This means that the data is still being processed.

Unless "non-personal data" is defined in an inappropriately narrow way, this question is too broad to provide a meaningful answer.

We suggest you answer NO to this question, due to lack of  transparency in relation to personal data.

General Data Protection Answering Guide: Some good examples that might be worth mentioning include:

• The "Terms of Service; Didn't Read" project (tosdr.org), although spottily maintained due to resourcing limitations, is a community-driven project that aggregates, summarises and rates platforms' terms of service.
• Related to this, tosback.org (also not actively maintained) tracks changes to terms of service, and the Open Notice project (opennotice.org/) creates a standard specification is a common format for recording consent transactions, which include tracking consent to policies and agreements made in exchange for personal data in a human, machine-readable and legal format.

You may wish to consider calling on the European Commission to offer finanical support for such initiatives.

General Data Protection Answering Guide: It is not obvious why the Commission chose to ask this question, as it was already asked above. Issues that you may wish to raise include:

• lack of clarity of privacy policies
• lack of portability of data from one service to another
• lack of ability to download your personal data
• lack of opt-out possibilities from certain data processing.

Copyright Answering Guide: If you have ever taken a picture, written a text of your own or created music and posted it online, you are a copyright holder. As a result, it is correct to answer "yes" to this question, in order to be able to the questions that the Commission wishes to restrict to "rightsholders".

The purpose of the bias of the question is to allow industrial rightsholders to say that video-sharing sites “used” their content without authorisation. In reality, video-sharing sites don't use the content, the user who uploads content uses the content. Similarly, content aggregators, such as news aggregators improve access to content that is freely available online – even if “protected” from a copyright perspective.

In all of these cases, the answer should be “no” to all questions except the one on unfair licensing terms, on the basis that it is logically impossible to answer “no” to that question.

Furthermore, in most cases, there is no need, in the vast majority of cases, for video-sharing websites or content aggregators, to enter licensing arrangements.

Copyright Answering Guide: The only way to give any detailed comments to this extremely biased and one-sided string of questions is to answer ‘Yes’’ to one of them, which is utterly shameless.

This whole set of questions is biased at multiple levels.

It is only open to people that categorise themselves rightholders, which seems to be an effort to ensure that answers only come from big film and recording studios, publishers, etc. We encourage users to take a legalistic view here by considering that they are rightholders too, as they are creators on a daily basis: children draw, adults take pictures with their smartphones, write blog posts, etc. Each of these creations makes citizens rightholders and hence validates them answering this set of questions

A more objective approach would be to ask to all concerned parties - and not only “rightholders” - what are be the contractual barriers preventing the online distribution of content through platforms, rather than limiting the question to rightholders and asking about the ‘preparedness’ of a platform to accept (subjectively) ‘unfair’ terms. Moreover, it would be better to clearly differentiate between different types of platforms, as this question bundles collaborative platforms (where users upload content) and news aggregators (which gather content from online sources). Finally, in a context where issues of liability and sanctions are raised, it is unacceptable that the rights of the citizen to freedom of communication and privacy are not addressed in any meaningful way.

In addition, the consultation should not take the presumption of a mandatory licence as its starting point. The questions must give all stakeholders the opportunity to lay out whether a license is required in the first place. Use of copyright protected content takes place in a variety of ways and proper attention must also be paid to potentially applicable exceptions and limitations to copyright.

EDRi answered ‘Yes’ to the question ‘An online platform such as a video sharing website or a content aggregator is willing to enter into a licensing agreement on terms that I consider unfair.’, bearing in mind, for example, the case of scientific publishers. Publishers offer online platforms where researchers and writers can provide their content. Licensing is their preferred method of interaction, although one can hardly refer to ‘negotiations’. In the case of scientific publishing for example, it is a well-known fact that research results published in A-listed journals help secure future funding. This puts researchers in a weak negotiation position, wherein they have to sign away their rights to scientific publishers. The outcome: Universities’ spending (of public funds) on journal subscriptions keeps rising year after year to ensure access to their own research. Moreover, the licensing conditions offered often ignore limitations & exceptions granted by law, which results basically into contractual provisions bypassing legislation."

We suggest that you answer:
No
No
Yes
No
 

Copyright Answering Guide: In your answers, it is worth specifically pointing out the following:

• Content aggregators and video-sharing platforms are fundamentally different and putting them into the same question shows either a lack of understanding or worse.
• Video-sharing websites don't “use” the content that their users upload and it is misleading to suggest otherwise.
• It is absurd to imagine that any rightsholder (or platform) would not have encountered a situation where the opposite party in a licensing negotiation was willing to accept a deal that was unfair to them.
• If a platform is operating as a hosting service, then it is not CLAIMING to be covered by Article 14 of the E-Commerce Directive, it IS covered by Article 14 of the E-Commerce Directive.

Data Protection Copyright Answering Guide: Social media platforms, in particular, make a significant portion of their revenue from the supply of personal data from individual users. Consequently, if you use Facebook, Twitter or Google, you are a supplier.

The status of some platforms (especially social media) means that it is often impractical to choose a different service provider. In such circumstances, there is a particular need for balanced terms of service between the platform and the consumer (who is, for all practical purposes, also a supplier). Currently, there is considerable room for improvement of the situation.

We suggest you answer “yes, through a combination of the above”

Copyright Answering Guide: This question shows the confusion generated by the Commission's definition of platforms. If a platform connects two or more users in order to generate value for at least one of them, there can be three (or more) parties to any dispute. Referring to business-to-business disputes (i.e. two-party disputes) is out of line with the definition and also fails to consider that a non-business will also be impacted by any outcome. From a copyright perspective, this question relates to how dispute-resolution procedures, including those run or used by third parties may have an impact on the content which is present in different platforms. Our answer relates to the ability of right holders to unilaterally take down content, including content whose use is legal.

The only logical answer is “yes”

Copyright Answering Guide: When a rightsholder submits a takedown request, it is, by default, in dispute with the platform. US social media and search engines voluntarily impose the procedures foreseen by the US Digital Millenium Copyright Act. The widespread failings of these procedures (see here for a non-exhaustive catalogue) are well known. Furthermore, although not, strictly speaking, "suppliers", rightsholders who are part of YouTube's "contentID" scheme have the right to unilaterally solve any dispute regarding authorisation by deleting any content of which they claim ownership, even if such use is permitted by law under copyright exceptions and limitations. This unilateral ability to undermine the freedoms of users of platforms in this way does not reflect an adequate balance of rights nor, indeed, the right of legislators to protect access to culture by permitting such exceptions.

Good practice examples are hard to find. However, the easydns insistence of due process of law is a good practice. See http://www.theregister.co.uk/2013/10/11/london_cops_leads_global_push_to_make_pirates_vanish/

General Data Protection Answering Guide: Inter-operability of platforms would allow users to not be locked-in in certain platforms and would create a more diverse and innovative market.

Good practice includes Google's “download your data” page, Gmail's e-mail portability facility, Yahoo's previously offered e-mail portability, Twitter's ability to download your tweet archive and the previously-available Facebook function to download some data from your Facebook page.

It should be noted, again, that the range of platforms covered means that a "one-size-fits-all" answer is very difficult to provide. Changing from one video-on-demand platform to another will generally have far fewer barriers than switching from one social media platform to another (as, in the latter case, a user may have spent years building their profile).

As interoperability is often quite difficult, it seems appropriate to answer “yes” to this question.

General Data Protection Answering Guide: This question makes little sense as any data which is linked to your particular account/activity is personal data. It is not obvious what data could, practically or legally, be linked to you but not be personal data.

Furthermore, this question, in light of the aforementioned diversity of platforms, is difficult to answer. Although that portability could be needed for, for example, social networks, it would be less relevant in platforms like AirBnB or Booking.com.

Also, it is far from obvious what public policy problems exist on what types of platforms that motivated the Commission to ask this question. When you answer, remember to be clear about which type of platform you are referring to - you may believe that this requirement should be mandatory for some platforms but not others. It would also be important to point out what non-personal data you are referring to.

Insofar as data are generated by individuals, they should have maximum ability to use it. So, we suggest you answer “yes” to this question. However, the illogical way the question is phrased means that we have no examples to share.

Copyright Answering Guide: Certain rating schemes could help for certain uses of certain platforms, but rating schemes will not solve a great many of the problems experienced by users. For example, a ratings scheme might help to allow a user choose in a competitive market, but it will be of limited value in addressing problems on Facebook, for example, in the absence of portability and alternatives.

A rating scheme would also do little to prevent social media platforms from disabling API access or deleting content based on nebulous terms of service.

Enforcement Answering Guide: This section relates to how platforms can be found liable for the content hosted in their networks.  Many of the issues in this section relate to either biased or inaccurate questions which would not help to define the problems that platforms may pose.

There are certainly many cases where a mere notification of the possible illegality of content (or that the availability of content is unauthorised) has led to content wrongfully being taken offline. Therefore, it is certainly the case that the lack of clarity of what constitutes a valid “notice” is “not fit for purpose”. On the other hand,  there is certainly no negative impact on the “market playing field” - as internet companies generally have terms of service which allow them to unilaterally delete anything they want, while any kind of notice from anybody can constitute a valid legal notice.

Bearing in mind the Commission's apparent eagerness to make this situation even worse from a citizens' rights perspective by increasing liability, it is better to answer “no” to this question.

Enforcement Answering Guide: The question is posed in such a way which is both biased ("having in mind") and misleading ("content distribution"). Your response should clarify certain aspects of the bad wording of the question and the goals towards which the legislator should be acting to achieve specific goals.

In addition to the bias that you may wish to address in your response, questions to consider include:

• The reference to “content distribution” makes no sense in the context of a platform (as defined by the Commission itself). An online platform does not distribute content, users access the content and retrieve it, with the platform playing a passive role. Platforms are not broadcasters
• The reference to homogenous implementation is misleading. A purpose of a Directive is to allow consistent – not homogenous implementation. The Commission is arbitrarily creating a new standard by which the Directive is to be judged, for no obvious public policy reason.
• In order to comply with the primary of the European Union, the Directive should not have an effect on freedom of expression which contradicts Article 52 of the Charter of Fundamental Rights of the European Union. The current interpretation of the Directive already goes beyond these requirements (“may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others”). Any further tightening of the rules on intermediaries would therefore be a further breach of individuals' fundamental rights.
• The current framework creates more incentives to delete content than to leave content online.

We suggest you answer “yes” to this question.

Enforcement Answering Guide: In this question we find once again elements connected erroneously or cynically by the Commission as if there are identical ("linking services and search engines"). Therefore, it is necessary to explain differences as well as the problems related to regulation of "linking". Points to consider in your response are:

• The reference to “pure data storage” as a “new” service is particularly baffling. If it is “pure” data storage and not for sharing the content, then it does even not fall under the Commission's own excessively broad definition of “platform”, as it involves one only interacting with the hosting service.
• The Commission fails to provide an example, even hypothetical, as regards how a passive processing task undertaken by any type of platform that falls under its definition, might need imply liability or might need a specific regulatory intervention.
• The Commission fails to raise the serious problem of legal content being deleted by internet providers due to fear of liability.
• Search engines are not a new business model contrary to the rather baffling assertion of the Commission.
• There is no category of company called “linking service” and the Commission has not sought to explain what might be referring to, beyond putting them into the same category as search engines. It is profoundly unreasonable to hold anybody liable for content to which they link, because the do not control the linked-to content. Two examples illustrate this issue very well: the European Commission itself inadvertently linked to a pornography website and the UK Home Office inadvertently linked to a pornography website. Also, anybody who linked to the European Commission-funded CleanIT project now (as of December 2015) is now linking to a site which links to a pornography site.

Due to the European Commission's efforts to expand intermediary liability (as illustrated by the examples listed above), it would be wise to say “no” to this question.

General Enforcement Answering Guide: Different problems need to be addressed differently. In the case of notices of illegal content, providers have no option other than to delete everything that is subject to a notice, in order to avoid the risk of liability. This obviously leads to excessive enforcement by private actors. Users need to be given a way to complain when the legal content they uploaded is not taken down without their knowledge and without them being able to have an adequate remedy to the situation.

We believe that respondents to this consultation should demand that a counter-notice procedure should be required if this is at all possible. While one can envisage exceptions (such as grave affronts to human dignity or clear and imminent threats to human life) where the content could be disabled awaiting a possible counter-notice, in all other cases the user should be given the opportunity to launch a counter-notice.

It makes no sense to argue that potentially life-threatening terrorism-related material should be treated the same as, for example, a copyright infringement. We therefore suggest you say “yes” in response to this question. All types of illegal content should be treated differently.

Enforcement Answering Guide: Several examples above are, by definition, not illegal (unauthorised gambling and copyright infringements) - or not universally illegal illegal content (homophobic speech, racism and xenophobia or even, child pornography, if the state in question has availed of the flexibilities offered by the Council of Europe Magiccrime Convention).  As a result, one can envisage all of the types of content being subject to specific provisions.

Infringements of intellectual property rights need to be considered differently since the content is not per se illegal. The illegality is in making the content available to a new public and/or obtaining any economic benefit of the infringement, but the content (a TV show, for example) is legal. There are many examples where copyright enforcement measures have lead to disproportionate consequences for fundamental rights (for example: censorship). 

Furthermore, those types of content mentioned above which are related to free speech, the regulation of which might differ in different Member States, and in such situations a case by case approach is especially needed.

Generally, content providers, hosting services, and any other business offering content (or access to content) should not be empowered to enforce any laws without a specific mandate prescribed by a law. We have extensively written about this subject. 

It seems that for disputes between private parties, such as defamation and copyright, a notice-and-notice system would be more appropriate. In cases involving allegations of serious criminality, private companies should pass on the request to law enforcement, who should seek a court order if the matter is not urgent. For more details, see here.  

General Enforcement Answering Guide: The European Commission is trippng over its own inconsistency here – there is no “illegality of the content” in relation to, for example, copyright infringements.

Giving the content provider the opportunity to be heard in advance of the removal of content would alleviate, to some extent, the problem observed above. It is not currently in the hosting service provider's interest to examine a notification of illegal content closely. Indeed the only way in which the illegality can be authoritatively determined is by a court ruling—therefore, although requiring the content provider to be heard by the service provider is, at best, a partial solution. Ideally that hearing ought to be before a judicial authority.

In order to respect even basic precepts of the rule of law, the content provider should always have the opportunity to be heard, unless there is a pressing urgent reason for this not to happen.

We therefore suggest you answer “yes” to this question.

General Enforcement Answering Guide: The idea of having a permanent restriction take down would not allow for the case by case analysis needed. It would also  be The answer is yes. necessary to implement privacy invasive measures to keep these "take down and stay down" principles enforced. Notice and staydown also almost inevitably involves a degree of filtering/surveillance of the kind that was deemed to be illegal under the Charter in both the Scarlet/Sabam (C-70/10) and the Netlog/Sabam case (C-360/10). Implementing liability or other provisions that indirectly lead to intermediaries imposing such measures is as unacceptable (and as much of a breach of the European Charter of Fundamental Rights) as implementing such measures directly.

Context is very important. Content that may be illegal or infringing in one context may be innocuous in another. There is no substitute for removals to be treated on a case by case basis.

We therefore suggest you answer “no” to this question.

Enforcement Answering Guide: There is no reason why certain types of content should benefit from such a duty more than others. The European Commission, in a letter to Ms Charlotte Cederschiöld, was quite clear that the "duty of care" referred to in recital 48 was not an additional duty, but codification of the rules in Articles 12-15. Consequently, it is clear that recital 48 was not meant to create new duties and such a meaning may not be imputed to it.

With regard to codes of conduct, at the time Article 16 was originally drafted, in 1998, there were no codes of conduct in the area of voluntary enforcement within the context of Articles 12-15 of the Directive. Consequently, there is no basis to argue that this is the intended meaning of Article 16. This interpretation is backed up by the European Commission's press release on the adoption of the proposed Directive, which refers to codes of conduct only in implementation of the provisions.

In short, the Commission's description of both Recital 48 and Article 16 of the E-Commerce Directive is – whether accidentally or deliberately – a significant misrepresentation of the agreed meaning of that instrument.

The answer therefore must be “no”

Enforcement Answering Guide: The care that is described in the E-Commerce Directive is to respect obligations to act appropriately to receiving actual knowledge of the illegality of specific material. There is no experience to suggest that specific types of illegal content could be downgraded compared with others.

Enforcement Answering Guide: There are already specific rules in the E-Commerce Directive for different categories of intermediary. No further subdivisions are needed.

Enforcement Answering Guide: The actions required from intermediaries are those described in the Directive. There is already an imbalance whereby intermediaries are pushed to delete/restrict content, with no obligations to take steps to defend legal content. Any further actions would exacerbate this already unacceptable situation.

Enforcement Answering Guide: This question section of the questionnaire is about illegal content, or content that has been subject to a notice. Intermediaries' content restriction policies and practices are generally far broader. This question therefore covers two issues at the same time, without distinction. It is a basic foundation of the protection for free speech that restrictions must be predictable, so that individuals understand the rules. Furthermore, restrictions on free speech must be necessary and proportionate – without transparency, this cannot be verified.

Limiting obligations to a specific number would not allow neither for adequate transparency nor would it solve any problem for small internet companies..

One thousand per year is fewer than three per day – on what basis could it be argued that it would be a disproportionate burden for even the smallest company to log two notices per day?

Therefore the answer must be “yes”.

Enforcement Answering Guide: Whilst we would agree that intermediaries should deal appropriately with notices regarding content that they believe is illegal, in full respect of the rule of law, the sentence is phrased in such a way that it seems to wrongly assume that the content that is accused of being illegal automatically *is* illegal and ought to be removed.

This is not an issue for opinions, it is an issue for facts. Either there is evidence that there is a problem in this area or there is not. If there is a problem, is it of a level that a legal obligation needs to be introduced?

Furthermore, it would be reckless in the extreme, particularly with regard to issues which concern the safety of individuals, to treat notice and takedown as an isolated issue, rather than part of a complex ecosystem that intermediaries are ill-equipped to understand. We draw the Commission's attention, for example, to the Quillam Foundation study that warned of the risk of potential counterproductive effects (page 7 of this report, which also cites ‘Countering Online Radicalisation: A Strategy"  ICSR, page 15)

It is also unclear what is meant by 'facilitating contact' – presumably it means that internet companies should have a central point where notices are received.

In the absence of a defined problem, and due to the risk of counterproductive impacts, the answer, therefore, should be no.

Enforcement Answering Guide: Generally speaking, so called "voluntary measures" need to be addressed with extreme precaution in order not to promote the enforcement of the law by private actors.

Online platforms such as search engines or aggregations should not be required to monitor content submitted on their platforms. Even more importantly, they should not be made responsible for links to websites accused of hosting illegal content or of giving access to content made available without authorisation.

For further background, please see:

• https://edri.org/files/057862048281124912Submission_EDRi_NoticeAction.pdf
• https://netzpolitik.org/wp-upload/N_a_T_answers_digiges.pdf
• https://www.bof.nl/live/wp-content/uploads/040912-submissiontoformofconsultationeuropeancommission.pdf
• http://www.laquadrature.net/files/LQDN_Response_Notice_&_Action.pdf
• https://www.manilaprinciples.org

The latter summarises the key priorities as follows:

1. Intermediaries should be shielded from liability for third-party content
2. Content must not be required to be restricted without an order by a judicial authority
3. Requests for restrictions of content must be clear, be unambiguous, and follow due process
4. Laws and content restriction orders and practices must comply with the tests of necessity and proportionality
5. Laws and content restriction policies and practices must respect due process
6. Transparency and accountability must be built into laws and content restriction policies and practices

    

Data Protection Answering Guide: The question has no context, making it impossible to answer. Does the Commission already believe that the not-yet-adopted GDPR will fail in its goal of facilitating the free flow of personal data in the Union? If the GDPR is not a failure, what problems or legal environment does the Commission envisage to be a specific problem for non-personal data?

Or does the Commission believe that the distinction between personal and non-personal data that it proposed is, in fact, inadequate?

As the protection of personal data is subject to a specific legal framework and non-personal data is not, the only possible answer to his question is “yes”.

It appears that the European Commission wishes to adopt legislation on EU-wide contract law and is seeking to persuade people to answer “yes” to this question, in order to “prove” that there are problems regarding the handling of non-personal data.

Data Protection Answering Guide: Given the differences of data protection regimes around the world, the need to restrict location to certain locations which respect the EU data protection regime is a must. However, the Commission does not specify if it is referring to personal or non-personal data (or both) or data storage in Europe or outside Europe (or both), meaning the question has little meaning.

In line with EU primary and secondary law, personal data must be stored in the EU or under the rules for data export enshrined in data protection legislation.

Data Protection Answering Guide: The question covers both personal and non-personal data, which will prevent the Commission from being able to use the answers received in any meaningful way.

For personal data there is a EU framework which regulates it, safeguarding fundamental rights, while non-personal data is not regulated. 

The logic of the question is somewhat baffling. Access to personal data in the EU falls under the general data protection framework. It is not obvious what experiences regarding contract law might have inspired the Commission's question.

It is also not clear what "sufficient" access means, nor is the notion of "fair access", which uses the word "fair" in a different sense from that in existing European data protection law, which addresses correctly fairness from the perspective of the fundamental rights of the data subject.

It is also not clear what non-personal data generated or collected by platforms could the behind the question - databases of hotels? map data? domain name information?

Insofar as it might refer to personal data, it is worth considering the U.S. - EU Safe Harbor Framework (now invalidated) which was an unsafe system that allegedly tried to be a compromise between the comprehensive and stronger data protection legislative regime of the European Union, versus the self–regulatory model adopted by the U.S. which fails to meaningfully protect privacy.

Insofar as it might refer to copyright works (though, if so, the question is poorly worded), there are certainly barriers to the free flow of such works that the digital single market reforms are attempting to address, and in that context a particularly important measure will be the adoption of more uniform limitations and exceptions to copyright.

Insofar as the question seeks to create evidence for a “need” to harmonise EU contract law, we are not aware of such a need.

As the Commission chose not to ask a meaningful question, the only reasonable response is to say “no”.

Data Protection Answering Guide: Personal data has a EU framework which regulates it, safeguarding fundamental rights. Non-personal data is not regulated. Personal data is already regulated at European level, by general and e-communications specific legislation.

The Commission should have specified which non-personal data collected, stored, accessed and transferred by (which?) platforms are meant to be the subject of  this question.

Data Protection Answering Guide: The question presents a number of elements which impede meaningful answers being provided.

In particular, the Commission has not even identified the policy area it is addressing, the category of platform it is addressing, etc.

This renders it impossible to answer. We would stress, however that data such as location data is personal data unless meaningfully and definitively de-personalised (a goal which is very difficult to meaningfully achieve).

However, one of the following questions is whether there should be “an obligation to inform the user or operator of the device that generates the data”. If the data is identifiable to a device, then it falls under the definition of personal data and is not “non-personal data”. The data are therefore, not “”non personal”.

In line with the EDPS Opinion 07/2015, from a competitiveness, innovation and data protection perspective, giving exploitation rights to the individual would be a welcome step.

In order to provide a more effective response to security threats and increase transparency in an increasingly technological world, the use of free software and open data should be encouraged in both public and private environments.

The user and the owner of the device should be informed what kind of data gets generated and be able to download the raw data for themselves.

Where possible, users should always be able to exploit data that they create. However, only the first two options of the aspects in the next question should be chosen, to avoid generating new data protection problems.

Data Protection Answering Guide: The principles around access to personal data are long-established. Personal data is ANY information related to an identified or identifiable person.

Access: For transparency and in order to realise the right to rectification, appropriate access is clearly necessary.

Ownership: Even if a database may be the property of a processor or controller, full rights of access, rectification and deletion for the data subject are necessary in order to give protect the essence of data protection and privacy rights.

Use: Use of data, outside the scope of the exceptions in the GDPR, is permitted in accordance with the legal basis for the initial data collection. The e-Privacy Directive can not and should not attempt to change this. In line with the EDPS Opinion 07/2015, exploitation rights should be accorded to the individual where possible.

Data Protection Answering Guide: This question is inherently - and obviously - biased, as it assumes that any restriction, regardless of how proportionate, legitimate or effective it is in achieving a public policy goal, is automatically a "constraint" that needs to be eliminated. Data markets that rely on personal data, such as user profiling, are frequently disrespectful of individuals' fundamental rights and corrosive for trust and security.

The European Commission must remember that task at hand in the revision of ePrivacy Directive is NOT to encourage the development of particular markets, it is to give meaning to the general data protection regulation in the specific context of electronic communications.

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

Open Data Answering Guide: There has been use of private held data in many ocassions before which has been useful for public and private purposes. In our reply we provide some examples.

• Regarding  remedies for re-users, such as appeal to a higher administrative body or to a court are already in the PSI-Directive. However they are cost extra resources and time. A self-control mechanism within the public administration could be more efficient.
• Regarding licensing of Open Data, the use of Creative Commons Licenses CC0 or CC-BY-4.0 should be encouraged.
• Finally, there is the need to bring the PSI-Directive into accordance with the standard Open Data definition

Open Data Answering Guide: A lot of privately held data has been collected as part of publicly funded efforts in areas as ranging from medical research to heritage institutions. Publicly funded data should be publicly available, both for commercial and non-commercial purposes.

Open Data Answering Guide: A lot of privately held data has been collected as part of publicly funded efforts in areas as ranging from medical research to heritage institutions. Publicly funded data should be publicly available, both for commercial and non-commercial purposes.

Open Data Answering Guide: A lot of privately held data has been collected as part of publicly funded efforts in areas as ranging from medical research to heritage institutions. Publicly funded data should be publicly available, both for commercial and non-commercial purposes.

Open Data Answering Guide: Despite technological advances that allow massive ways to analyse data, there are many ways in which research is limited on purpose with technological measures. We therefore suggest answering “no”.

Open Data Answering Guide: Copyright rules create hurdles in this area.

Currently research activities are covered by the same exception as educational uses. Contrary to the educational exception, the exception for research is not restrictively adopted in national laws. However, the main problems with accessing and using scientific materials are mainly practical. The exception allows for their use for research purposes, but they are usually protected by restrictive licenses or DRM (Digital Rights Management) systems - or simply only published in hard copies and not accessible. For example, licenses require that works are made available using certain networks or software only. Text and data mining is often explicitly prohibited in licenses, or allowed only to a limited extent.

It should be clarified that TDM does not fall under copyright provisions. On top of this, a specific exception allowing the copying of content for the purpose of text and data mining is necessary. It should also be explicitly stated in the law that technical protection measures (TPMs) and contracts should not override such an exception, nor any other exception. Finally, such an exception should not distinguish between commercial and non-commercial purposes as, for research institutions, this would prevent knowledge transfer and such a differentiation would not be in the public interest.

Open Data Answering Guide: There is no reason to keep away from public access what has been produced with public funds.

Data Protection Answering Guide: The technology has developed much faster than legislation. Specifically in the case of the Internet of Things, the EU data protection regime has proven not to be ready for the intense way that ever-multiplying connected devices could work to gather and share personal data. The e-Privacy Directive should be updated with this priority in mind. The answer is therefore “yes”.

Data Protection Answering Guide: It seems unlikely that individuals' use are of such services is not affected “in any way” by the weakness and lack of implementation of the current data protection framework.

The answer is yes.

Data Protection Answering Guide: The technology has developed much faster than legislation. Specifically in the case of the Internet of Things, the EU data protection regime has proven not to be ready for the intense way that ever-multiplying connected devices could work to gather and share personal data. 

A meaningful – and well implemented – update of the e-Privacy Directive is clearly needed.

The answer is therfore "no".

Data Protection Answering Guide: The serious consequences for personal liberties and freedoms in cases of data breaches needs to be tied to a strict liability regime so dealing with data breaches becomes more expensive for companies than providing strong protection standards when dealing with personal data. For an example of data breaches only in November 2015, including Georgia data breach could affect 6.2 million voters’ personal information, see here. 

A strong data protection regime where significant sanctions are imposed to those companies that have not secured communications as well as quick responses in cases of data breaches need to be implemented.

The "internet of things" expand the risks to personal data and online security to an exponential extent. We have seen several massive data breaches recently (TalkTalk, Ashley Madison...) that prove that significant liability measures are needed to ensure that appropriate safeguards are in place.

Data Protection Answering Guide: The question borders on being a  truism, the legal framework for liability is bound to have an impact, either positive or negative. The impact is on the "confidence and trust". The answer can only be “yes” therefore.

Data Protection Answering Guide: At least with regard to the issue of data protection, this issue should be dealt with at an EU level.

The answer is therefore "yes".

Data Protection Answering Guide: Data vaults allow users to store the personal data they wish and to share only the necessary bits of personal information they need to do a specific transaction online. For example, if you need to have something deliver, you may provide access to the delivery address of your choice without having to fill in a form and without providing any more unnecessary data to the service provider.

Unfortunately, the Commission is not precise in what it means by “promote”, but we would lean towards say “yes” in response to the question.

Data Protection Answering Guide: Any such initiative which has strong data protection safeguards in place could be useful to diminish the amount of personal data shared by default when using different online services, as it was stated by the EDPS in its opinion on Big Data (page 13, bottom part).

We would therefore tend to say “yes”.

Data Protection Answering Guide: Cloud computing services, some of them outside the scope of the consultation, need to put in place the principles that are set in the EU data protection regime. Data protection by design and by default, for example, should be at the core of their service. Furthermore, their terms of service, which are often in obscure legalese terms and are subject to arbitrary change by the platform, need to be addressed in a  way that serves the information purposes for which they were drafted.

We therefore suggest that you answer “no”.

Data Protection Answering Guide: This question is difficult to answer because some relevant activities (the software being provided by the "cloud provider") for example, are not a two-sided markets and therefore fall outside the scope of the consultation.

• Cloud services need to show that data protection by design and by default is at the core of their service. Data needs to be strongly protected, not shared/processed unless it is done following the EU data protection regime. 
• The control on the use of the data hosted at cloud services needs to be given user, not in the cloud service provider. 
• Terms of service governing these services need to follow the EU data protection regime and they need to be written in an accessible form. 
• User-friendly technologies to enable fair and informed explicit consent for the lawful use of his personal data. Inflexible “all-or-nothing” contracts, where individuals have to agree to unnecessary and unclear data processing over which they have no control do not constitute a fair practice

Data Protection Answering Guide: The frequent obscurity of terms of service and lack of clarity regarding liability in case of data breaches means that we believe the answer to this question should be “no”.

General Answering Guide: Interoperability is a positive technological feature since it allows the creation of new services and the connection of existing ones by using commons standards. 

Interoperability lowers barriers to innovation, drives competition and consumer choice.

General Answering Guide: Interoperability is a positive technological feature since it allows the creation of new services and the connection of existing ones by using commons standards. 

Interoperability lowers barriers to innovation, drives competition and consumer choice.

General Answering Guide: Interoperability is a positive technological feature since it allows the creation of new services and the connection of existing ones by using commons standards. 

Interoperability lowers barriers to innovation, drives competition and consumer choice.

General Data Protection Answering Guide: Portability of data would certainly be a positive measure for many – but not all – of the services that could potentially be covered by the Commission's definition of “platform”.

Portability would be useful in order to create new markets where users could allow their data to be processed for new and innovative purposes. Portability would also serve to increase competition where the absence of this function acts as a barrier to switching. Consequently, there are economic, trust, investment, competition choice and innovation benefits in most cases.

General Data Protection Answering Guide: Portability of data would certainly be a positive measure for many – but not all – of the services that could potentially be covered by the Commission's definition of “platform”.

Portability would be useful in order to create new markets where users could allow their data to be processed for new and innovative purposes. Portability would also serve to increase competition where the absence of this function acts as a barrier to switching. Consequently, there are economic, trust, investment, competition choice and innovation benefits in most cases.

General Data Protection Answering Guide: Portability of data would certainly be a positive measure for many – but not all – of the services that could potentially be covered by the Commission's definition of “platform”.

Portability would be useful in order to create new markets where users could allow their data to be processed for new and innovative purposes. Portability would also serve to increase competition where the absence of this function acts as a barrier to switching. Consequently, there are economic, trust, investment, competition choice and innovation benefits in most cases.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

General Answering Guide: Model contracts could ensure that there is a harmonisation for these services across all countries. However, a close supervision by public authorities would be needed to ensure that all angles (data protection, consumer rights...) are covered and that the implementation of these contracts provide redress systems for citizens in case a violation occurs.