Survey name (ID): Platforms Consultation (346935)

 

Response ID 430
General Information
Please indicate your role for the purpose of this consultation: An association or trade organization representing civil society [4]
Please indicate your role for the purpose of this consultation: [Other]
Please indicate your country of residence: Belgium [2]
Please indicate your country of residence: [Other]
Please provide your contact information (name, address and e-mail address): European Digital Rights, brussels@edri.org
Is your organisation registered in the Transparency Register of the European Commission and the European Parliament? Yes [Y]
Please indicate your organisation's registration number in the Transparency Register: 16311905144-06
If you are an economic operator, please enter the NACE code, which best describes the economic activity you conduct. You can find here the NACE classification.
I object to the publication of my personal data: No [N]
Social and Economic Role of Online Platforms
"Online platform" refers to an undertaking operating in two (or multi)-sided markets, which uses the Internet to enable interactions between two or more distinct but interdependent groups of users so as to generate value for at least one of the groups. Certain platforms also qualify as Intermediary service providers.

Typical examples include general internet search engines (e.g. Google, Bing), specialised search tools (e.g. Google Shopping, Kelkoo, Twenga, Google Local, TripAdvisor, Yelp,), location-based business directories or some maps (e.g. Google or Bing Maps), news aggregators (e.g. Google News), online market places (e.g. Amazon, eBay, Allegro, Booking.com), audio-visual and music platforms (e.g. Deezer, Spotify, Netflix, Canal play, Apple TV), video sharing platforms (e.g. YouTube, Dailymotion), payment systems (e.g. PayPal, Apple Pay), social networks (e.g. Facebook, Linkedin, Twitter, Tuenti), app stores (e.g. Apple App Store, Google Play) or collaborative economy platforms (e.g. AirBnB, Uber, Taskrabbit, Bla-bla car). Internet access providers fall outside the scope of this definition.

Do you agree with the definition of "Online platform" as provided above?

General Answering Guide: The question mixes a very diverse range of platforms which are difficult to analyse as a single entity. Therefore, we suggest to raise this problem in your answer. In our opinion it is not useful to have AirBnB, Google News and YouTube categorised as being the same type of business, for the purposes of a wide-ranging consultation like this. We therefore suggest you answer NO.

No [N]
Please explain how you would change the definition: The definition fails, as it covers very different types of "platforms". We suggest 5 classifications of platforms (P) based on the relationship with consumer (C) or business (B) & based on the transactional nature of the relationship: - Transaction*-based platform to consumer (P2C) platforms, such as Netflix or Spotify (content licensed to platform by rightsholder)(transactions on both sides of platform) - Non-transaction-based P2C (Google news and other news aggregators, Yelp) (content freely available online, no P2B transaction)(no transaction on either side of platform) - No consumer value P2B services (promoted content on Twitter, etc)(transaction on business side of platform) - Transaction-based consumer/business to consumer (C2C & B2C) platform (Ebay, AirBnB (B2P & C2B transactions) - Non-transaction-based consumer to consumer (C2C) platform (UGC) *Transaction=Financial transaction. The business model may be based on harvesting/reuse of personal data (non-financial)

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[make information more accessible]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[make communication and interaction easier]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[increase choice of products and services]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[create more transparent prices and the possibility to compare offers]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[increase trust between peers by providing trust mechanisms (i.e. ratings, reviews, etc.)]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[lower prices for products and services]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[lower the cost of reaching customers for suppliers]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[help with matching supply and demand]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[create new markets or business opportunities]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[help in complying with obligations in cross-border sales]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[help to share resources and improve resource-allocation]
Yes [Y]

What do you consider to be the key advantages of using online platforms?

General Answering Guide: Due to the diversity of platforms, it is impossible to give a generic answer. The only logical option is to say yes to all of the options and then refer to the benefit/s of whatever platform/s you wish to address in the text box provided. A specific answer would make clear to the European Commission that different systems provide different advantages and allow it to gain insight from your response.

Online platforms:

[Other]
This depends on the type of platform - the main advantages of Netflix are entirely different from the main advantages of AirBnB. Generally, C2C non-financial-transaction-based platforms, such as social media services facilitate or amplify the exercise of users' freedom of expression and freedom of association. However, the bigger these companies become, the more power they acquire to restrict the freedoms that they facilitate. Close attention should be paid to any political strategies that are likely to have a negative impact on such freedoms.

Have you encountered, or are you aware of problems faced by consumers or suppliers when dealing with online platforms?

General Answering Guide: It is unlikely that anyone has had no problems (nor is aware of any problems) with any online platform, so the only logical answer is "yes". 

Yes [Y]

Please list the problems you encountered, or you are aware of, in the order of importance and provide additional explanation where possible:

General Enforcement Data Protection Answering Guide: Your response could touch on a variety of different issues such as arbitrary interferences imposed by platforms that are relied upon for freedom of communication, such as social media and search engines. This can be

  • on the basis of the preferences of the platform (such as restrictions on breastfeeding pictures on Facebook, the discontinuation of the Politwoops service on Twitter and Paypal's arbitrary removal of services based on its broad terms of service)
  • on the basis of efforts to achieve public policy objectives (arbitrary deletion of content for copyright enforcement, for example
  • on the basis of weak respect for data security and privacy (such as the problems generated by massive and unpredictable data collection and storage by online platforms)

Arbitrary interferences on the basis of the platform's preferences: While social media services facilitate or amplify users' freedom of expression and association, there are numerous examples of content being deleted in unpredictable and surprising ways, as a result of the choices of the platform. Examples of this are the problems faced by breastfeeding pages on Facebook and Instagram, problems caused by Facebook's "real-name" policy, Twitter's sudden change of policy on the "politwoops" service, Amazon's decision to revoke hosting services to Wikileaks, PayPal's frequent arbitrary removal of services on the basis of its very broad terms of service, etc. Arbitrary interferences as a law enforcement measure: - Frequently, users see their content deleted by the online platforms without their consent or request. Arbitrary/unpredictable enforcement of unclear terms of service or privatised law enforcement for any number of alleged public policy goals are significant problems that users face when using online platforms. The imposition of sanctions by intermediaries, outside the rule of law and without clear justification, undermines the presumption of innocence, the right to due process of law and, depending on the policing methods used, the right to privacy and freedom of communication. Such measures can also risk being either useless or counterproductive, so the public policy value is also very suspect, as it is generally carried out without any credible analysis of possible effectiveness or of possible counter-productive effects. Similarly, reviews to check ongoing effectiveness are very rare. For more information, please see https://edri.org/wp-content/uploads/2014/02/EDRi_HumanRights_and_PrivLaw_web.pdf. Policy-makers need to draw appropriate conclusions from their frequently repeated statements about the excessive power of (social media) platforms and their demands for increased arbitrary regulatory interference by these same platforms. Data security and privacy The unpredictable and frequently excessive processing of the personal data of users is also a major concern, both as a privacy and as a security concern. As the business model of many "free" platforms is the monetisation of personal data, we observe widespread data collection that fails to respect principles of data minimisation and purpose limitation, and that is built on terms of service that are drafted in ways meant to cover situations that even the platform itself has not thought of at the time of writing. Examples - Facebook's "mood experiment" (based on the user's agreement for their data to be used for "research"), Facebook's experimentation with increasing voter turn-out, Microsoft's decision that their webmail terms of service allowed them to read a user's e-mail, if necessary to protect Microsoft's interests, and Spotify's planned access to your microphone to cover the possiblity that they "may build voice controls into future versions of the product".

How could these problems be best addressed?

General Enforcement Data Protection Answering Guide: The question of voluntary enforcement mechanisms (often incorrectly referred to as "self-regulation") and/or regulatory measures has been subject to debate, especially in the context of IPR infringement, terrorism, hate speech and child abuse. It is important to stress the need for predictability, a clear legal framework, respect for associated legal instruments (such as data protection) and review mechanisms as a method of ensuring effectiveness and proportionality of any voluntary measures.

Effective implementation of existing legislation (data protection and unfair contract terms, in particular) would already be a big step in the right direction. Governments should stop pressuring private companies into taking on policing and surveillance measures - such pressure is not in line with international law and runs a high risk of causing counterproductive effects for the policy objectives being addressed.

With regard to data protection, we need effective enforcement of general data protection law and a reform of the ePrivacy Directive that take account of technological developments and experience with the existing Directive.

As the question is so broad, all of the solutions suggested by the Commission are partly applicable,  so “a combination of the above” is the only logical answer.

 

a combination of the above [4]
Transparency of Online Platforms

Do you think that online platforms should ensure, as regards their own activities and those of the traders that use them, more transparency in relation to:

a) information required by consumer law (e.g. the contact details of the supplier, the main characteristics of products, the total price including delivery charges, and consumers' rights, such as the right of withdrawal)?

I don't know [IDK]
b) information in response to a search query by the user, in particular if the displayed results are sponsored or not? Yes [Y]
c) information on who the actual supplier is, offering products or services on the platform? I don't know [IDK]
d) information to discourage misleading marketing by professional suppliers (traders), including fake reviews? I don't know [IDK]
Is there any additional information that, in your opinion, online platforms should be obliged to display? A link to their privacy policy A link to their terms of service

Have you experienced that information displayed by the platform (e.g. advertising) has been adapted to the interest or recognisable characteristics of the user?

General Answering Guide: The issue which is set as example (targeted advertising) is not comparable to, for example, a musical suggestion on YouTube based on your previous searches or to suggestions of similar destination in Booking.com. As a result, you need to specify which type of platform you are referring to in your response.

It is quite obvious that adapting information to the user is unavoidable to a greater or lesser extent on many, if not most platforms, rendering the question meaningless.  The only logical answer is, therefore, yes.

 

Yes [A1]

Do you find the information provided by online platforms on their terms of use sufficient and easy-to-understand?

General Enforcement Data Protection Answering Guide: If you have read (even superficially) the use of terms of service of any platform, you will probably be aware that the length, vagueness and the complicated language used are barriers that you may wish to comment on. Your response could cover, for example, issues related to acceptable use policy, content deletion policy, "real name" policy, if any, liability for down-time of the service, etc. Points to consider in your response include:

  • There is little commonality between many of the different services covered by the Commission's definition making it impossible to answer this question generically in a meaningful way. 
  • On many social media platforms, acceptable use policy tends to be very vague, with the platform being the ultimate arbiter of what is permitted or not. 
  • Terms with regard to personal data processing are generally written in a very unclear way, referring generically to very broad uses such as "research" or "targeted advertising”.
The only logical answer, therefore, is "no".
No [N]

What type of additional information and in what format would you find useful? Please briefly explain your response and share any best practice you are aware of.

General Data Protection Answering Guide: You should include any good or bad examples that you have encountered, as well as your particular priorities. The examples we will mention are:

  • Rules concerning content deletion should be clear and predictable and allow appropriate counter-notice options for individuals. This is important to avoid governments putting pressure on platforms to delete content that is either unwelcome or which may be illegal - thereby avoiding legal processes, undermining accountability and risking counter-productive effects.
  • Good practice: Ebay's short version privacy policy and use of pictographs that make it easier to understand how the company uses personal data
  • Bad practice: Google's “opt-out” of targeted advertising which does not offer an opt-out from the processing that leads to targeted advertising
  • Bad practice: Excessive data collection and storage (see this French article for one example)

 

Rules concerning content deletion should be clear and predictable and allow appropriate counter-notice options for individuals. This is important to avoid governments putting pressure on platforms to delete content that is either unwelcome or which they accuse of being illegal - thereby avoiding legal processes, undermining accountability and risking counter-productive effects. Good practice: Ebay's short version privacy policy offers users a quick and generally understandable overview of the company's personal data processing and makes a credible effort to use pictographs to help transparency. Bad practice: Google giving the option to opt-out of being shown targeted advertising, but not the data collection & profiling that is used to "target such advertising". The frequent "explanation" of cookies which describes only non-tracking cookies is also a widespread bad practice. Bad practice: Mass, unnecessary, unpredictable collection of unnecessary personal data. See (in relation to AirBnB) http://rue89.nouvelobs.com/2015/10/07/99-pages-a4-airbnb-deballe-tout-quil-sait-261533

Do you find reputation systems (e.g. ratings, reviews, certifications, trustmarks) and other trust mechanisms operated by online platforms are generally reliable?

General Data Protection Answering Guide: The definition of "platforms" is too broad to give a generic answer to this question. If you have specific concerns regarding ratings, reviews, etc on a particular platform or type of platform, make sure you specify which type or types of platform and which type of reputation system you are addressing. You may wish to consider issues regarding the reliability and oversight of privacy seals.

I don't know [IDK]
What are the main benefits and drawbacks of reputation systems and other trust mechanisms operated by online platforms? In response to the trustmarks question above, the range of vastly different companies covered by this consultation makes it impossible to answer.
Use of Information by Online Platforms

In your view, do online platforms provide sufficient and accessible information with regard to:

a) the personal and non-personal data they collect?

General Data Protection Answering Guide: This question is about two fundamentally different issues. Under EU rules, personal data are "any information relating to an identified or identifiable natural  person" and are subject to a specific (general data protection Directive 1995/46/EC and e-privacy Directive 2002/58/ec) legal regime. Non-personal data are all other data, which are treated differently. As the two issues are entirely different, they shouldn't be addressed the same question. It is important to be careful to distinguish between which type of data you are referring to in each answer.

With regard to personal data, terms of service (ToS) rarely provide meaningful information that users can use to predict the behavior of platforms. In our responses to these questions we have provided concrete examples of how what is written in the ToS is abused by the different platforms for different purposes.

It is important to consider also that the use of data by different platforms is very different. Facebook's use of personal data is vastly different from, for example, the use of personal data by Netflix.

With regard to non-personal data, we are not aware of problems. We are also unaware of problems that can be or should be solved by changing contract law. Unless "non-personal data" is defined in an inappropriately narrow way, there is no obvious need to be more transparent regarding the collection of such data, unless other justifications for disclosure exist in particular cases, such as consumer protection or net neutrality.

With regard to personal data, it is difficult to find a privacy policy, particularly, but not only, in the context of social media or search, where the likely uses of the data are clearly explained. Facebook's use of its "right" to manipulate the mood of thousands of users in the name of the "research" it mentions in its terms of service is one of many examples of entirely unpredictable terms of service.

We suggest you answer NO to this question, due to lack of  transparency in relation to personal data.

No [N]

b) what use is made of the personal and non-personal data collected, including trading of the data to other platforms and actors in the Internet economy?

General Data Protection Answering Guide: Here again, it is important to point out that personal and non-personal data are fundamentally different, subject to different legal regimes and raising different public policy concerns.

With regard to personal data, terms of service/privacy policies are generally grossly untransparent. For example, they can include provisions that unspecified third parties can use tracking data for "analytics" (which is obviously not an end in itself) and behavioural advertising. Opt-outs, insofar as they exist, generally refer to the outputs (targeted advertising) and not the processing (such as profile building), which leads to those outputs. This means that the data is still being processed.

Unless "non-personal data" is defined in an inappropriately narrow way, this question is too broad to provide a meaningful answer.

We suggest you answer NO to this question, due to lack of  transparency in relation to personal data.

 

No [N]
c) adapting prices, for instance dynamic pricing and conditions in function of data gathered on the buyer (both consumer and trader)? No [N]

Please explain your choice and share any best practices that you are aware of.

General Data Protection Answering Guide: Some good examples that might be worth mentioning include:

  • The "Terms of Service; Didn't Read" project (tosdr.org), although spottily maintained due to resourcing limitations, is a community-driven project that aggregates, summarises and rates platforms' terms of service.
  • Related to this, tosback.org (also not actively maintained) tracks changes to terms of service, and the Open Notice project (opennotice.org/) creates a standard specification is a common format for recording consent transactions, which include tracking consent to policies and agreements made in exchange for personal data in a human, machine-readable and legal format.

You may wish to consider calling on the European Commission to offer finanical support for such initiatives.

 

The "Terms of Service; Didn't Read" project (tosdr.org), although spottily maintained due to resourcing limitations, is a community-driven project that aggregates, summarises and rates platforms' terms of service. Related to this, tosback.org (also not actively maintained) tracks changes to terms of service, and the Open Notice project (opennotice.org/) creates a standard specification is a common format for recording consent transactions, which include tracking consent to policies and agreements made in exchange for personal data in a human, machine-readable and legal format. If the Commission is serious about addressing the widespread problems in this area, activities to support such projects should be envisaged. Of course, transparency does not turn good practice into bad practice, so such tools should be seen as complementary to other tools.

Please share your general comments or ideas regarding the use of information by online platforms:

General Data Protection Answering Guide: It is not obvious why the Commission chose to ask this question, as it was already asked above. Issues that you may wish to raise include:

  • lack of clarity of privacy policies
  • lack of portability of data from one service to another
  • lack of ability to download your personal data
  • lack of opt-out possibilities from certain data processing.

 

 

Privacy policies need to be much clearer. In particular, the specific purposes that the data are used for should not be clouded catch-all (and frequently inaccurate) terms like "to improve our service". Rules on data minimisation and purpose limitation need to be respected The right of access and deletion should be provided in a more user-friendly way. Data portability should be offered, if possible, and, at least, the right to download one's own data.
Relations between Platforms and Suppliers/Traders/Application Developers or Holders of Rights

Are you a holder of rights in digital content protected by copyright, which is used on an online platform?

Copyright Answering Guide: If you have ever taken a picture, written a text of your own or created music and posted it online, you are a copyright holder. As a result, it is correct to answer "yes" to this question, in order to be able to the questions that the Commission wishes to restrict to "rightsholders".

The purpose of the bias of the question is to allow industrial rightsholders to say that video-sharing sites “used” their content without authorisation. In reality, video-sharing sites don't use the content, the user who uploads content uses the content. Similarly, content aggregators, such as news aggregators improve access to content that is freely available online – even if “protected” from a copyright perspective.

In all of these cases, the answer should be “no” to all questions except the one on unfair licensing terms, on the basis that it is logically impossible to answer “no” to that question.

Furthermore, in most cases, there is no need, in the vast majority of cases, for video-sharing websites or content aggregators, to enter licensing arrangements.

 

Yes [Y]

As a holder of rights in digital content protected by copyright have you faced any of the following circumstances?

Copyright Answering Guide: The only way to give any detailed comments to this extremely biased and one-sided string of questions is to answer ‘Yes’’ to one of them, which is utterly shameless.

This whole set of questions is biased at multiple levels.

It is only open to people that categorise themselves rightholders, which seems to be an effort to ensure that answers only come from big film and recording studios, publishers, etc. We encourage users to take a legalistic view here by considering that they are rightholders too, as they are creators on a daily basis: children draw, adults take pictures with their smartphones, write blog posts, etc. Each of these creations makes citizens rightholders and hence validates them answering this set of questions

A more objective approach would be to ask to all concerned parties - and not only “rightholders” - what are be the contractual barriers preventing the online distribution of content through platforms, rather than limiting the question to rightholders and asking about the ‘preparedness’ of a platform to accept (subjectively) ‘unfair’ terms. Moreover, it would be better to clearly differentiate between different types of platforms, as this question bundles collaborative platforms (where users upload content) and news aggregators (which gather content from online sources). Finally, in a context where issues of liability and sanctions are raised, it is unacceptable that the rights of the citizen to freedom of communication and privacy are not addressed in any meaningful way.

In addition, the consultation should not take the presumption of a mandatory licence as its starting point. The questions must give all stakeholders the opportunity to lay out whether a license is required in the first place. Use of copyright protected content takes place in a variety of ways and proper attention must also be paid to potentially applicable exceptions and limitations to copyright.

EDRi answered ‘Yes’ to the question ‘An online platform such as a video sharing website or a content aggregator is willing to enter into a licensing agreement on terms that I consider unfair.’, bearing in mind, for example, the case of scientific publishers. Publishers offer online platforms where researchers and writers can provide their content. Licensing is their preferred method of interaction, although one can hardly refer to ‘negotiations’. In the case of scientific publishing for example, it is a well-known fact that research results published in A-listed journals help secure future funding. This puts researchers in a weak negotiation position, wherein they have to sign away their rights to scientific publishers. The outcome: Universities’ spending (of public funds) on journal subscriptions keeps rising year after year to ensure access to their own research. Moreover, the licensing conditions offered often ignore limitations & exceptions granted by law, which results basically into contractual provisions bypassing legislation."

We suggest that you answer:
No
No
Yes
No
 

An online platform such as a video sharing website or an online content aggregator uses my protected works online without having asked for my authorisation.

No [N]
An online platform such as a video sharing website or a content aggregator refuses to enter into or negotiate licensing agreements with me. No [N]
An online platform such as a video sharing website or a content aggregator is willing to enter into a licensing agreement on terms that I consider unfair. Yes [Y]
An online platform uses my protected works but claims it is a hosting provider under Article 14 of the E-Commerce Directive in order to refuse to negotiate a licence or to do so under their own terms. No [N]

As you answered Yes to some of the above questions, please explain your situation in more detail.

Copyright Answering Guide: In your answers, it is worth specifically pointing out the following:

  • Content aggregators and video-sharing platforms are fundamentally different and putting them into the same question shows either a lack of understanding or worse.
  • Video-sharing websites don't “use” the content that their users upload and it is misleading to suggest otherwise.
  • It is absurd to imagine that any rightsholder (or platform) would not have encountered a situation where the opposite party in a licensing negotiation was willing to accept a deal that was unfair to them.
  • If a platform is operating as a hosting service, then it is not CLAIMING to be covered by Article 14 of the E-Commerce Directive, it IS covered by Article 14 of the E-Commerce Directive.
The questions here mix very basic concepts in ways which undermine the credibility of any answers that will be received. Video-sharing websites and content aggregators are entirely different models and permissions will be entirely different. Video-sharing (user-generated content) sites do not "use" content, they host content and don't need permission. Insofar as a video website (Netflix, for example) is actively using copyrighted material, it would need to ask for permission. Content aggregation services no normally require authorisation and are normally beneficial to the rightsowner (as they drive traffic to sites). The Commission needed to be clear - in relation to these two different services, what types of activity and authorisation it was referring to. Video-sharing websites and content aggregators are businesses. Businesses negotiate to get the best available terms for themselves. It is therefore quite normal for businesses to be prepared to accept licensing arrangements that their negotiating partner would consider unfair. The real issue is market power/dominance, realistic alternatives, etc. Unfortunately, these points were not raised in the questions. Hosting providers, as defined by Article 14 of the E-Commerce Directive do not "use" protected works and, consequently, do not need a licence. The question should have defined what types of platform, under what conditions, negotiate licences "under their own terms" and why (state of the market, for example) this may be a problem.

Is there a room for improvement in the relation between platforms and suppliers using the services of platforms?

Data Protection Copyright Answering Guide: Social media platforms, in particular, make a significant portion of their revenue from the supply of personal data from individual users. Consequently, if you use Facebook, Twitter or Google, you are a supplier.

The status of some platforms (especially social media) means that it is often impractical to choose a different service provider. In such circumstances, there is a particular need for balanced terms of service between the platform and the consumer (who is, for all practical purposes, also a supplier). Currently, there is considerable room for improvement of the situation.

We suggest you answer “yes, through a combination of the above”

 

Yes, through the combination of the above [5]

Are you aware of any dispute resolution mechanisms operated by online platforms, or independent third parties on the business-to-business level mediating between platforms and their suppliers?

Copyright Answering Guide: This question shows the confusion generated by the Commission's definition of platforms. If a platform connects two or more users in order to generate value for at least one of them, there can be three (or more) parties to any dispute. Referring to business-to-business disputes (i.e. two-party disputes) is out of line with the definition and also fails to consider that a non-business will also be impacted by any outcome. From a copyright perspective, this question relates to how dispute-resolution procedures, including those run or used by third parties may have an impact on the content which is present in different platforms. Our answer relates to the ability of right holders to unilaterally take down content, including content whose use is legal.

The only logical answer is “yes”

 

Yes [Y]

Please share your experiences on the key elements of a well-functioning dispute resolution mechanism on platforms:

Copyright Answering Guide: When a rightsholder submits a takedown request, it is, by default, in dispute with the platform. US social media and search engines voluntarily impose the procedures foreseen by the US Digital Millenium Copyright Act. The widespread failings of these procedures (see here for a non-exhaustive catalogue) are well known. Furthermore, although not, strictly speaking, "suppliers", rightsholders who are part of YouTube's "contentID" scheme have the right to unilaterally solve any dispute regarding authorisation by deleting any content of which they claim ownership, even if such use is permitted by law under copyright exceptions and limitations. This unilateral ability to undermine the freedoms of users of platforms in this way does not reflect an adequate balance of rights nor, indeed, the right of legislators to protect access to culture by permitting such exceptions.

Good practice examples are hard to find. However, the easydns insistence of due process of law is a good practice. See http://www.theregister.co.uk/2013/10/11/london_cops_leads_global_push_to_make_pirates_vanish/

 

All of the US social media companies voluntarily implement the US DMCA on a global level, as a means of minimising disputes with copyright owners. This leads to legal content being deleted in Europe and is therefore problematic from a user - and from a democratic - perspective. As rightsholders are continually complaining about the alleged failure of companies like Google to take action, it appears to be unacceptable to rightholders also. US NGO Electronic Frontier Foundation has catalogued some of the problems with the DMCA here: https://www.eff.org/deeplinks/dmca We are not aware of any dispute resolution system in the social media context which is acceptable.
Constraints on the Ability of Consumers and Traders to Move From One Platform To Another

Do you see a need to strengthen the technical capacity of online platforms and address possible other constraints on switching freely and easily from one platform to another and move user data (e.g. emails, messages, search and order history, or customer reviews)?

General Data Protection Answering Guide: Inter-operability of platforms would allow users to not be locked-in in certain platforms and would create a more diverse and innovative market.

Good practice includes Google's “download your data” page, Gmail's e-mail portability facility, Yahoo's previously offered e-mail portability, Twitter's ability to download your tweet archive and the previously-available Facebook function to download some data from your Facebook page.

It should be noted, again, that the range of platforms covered means that a "one-size-fits-all" answer is very difficult to provide. Changing from one video-on-demand platform to another will generally have far fewer barriers than switching from one social media platform to another (as, in the latter case, a user may have spent years building their profile).

As interoperability is often quite difficult, it seems appropriate to answer “yes” to this question.

Yes [Y]
If you can, please provide the description of some best practices: [1][Name of the online platform]Google
If you can, please provide the description of some best practices: [1][Description of the best practice]Download your data
If you can, please provide the description of some best practices: [2][Name of the online platform]Twitter
If you can, please provide the description of some best practices: [2][Description of the best practice]Download archive
If you can, please provide the description of some best practices: [3][Name of the online platform]Facebook
If you can, please provide the description of some best practices: [3][Description of the best practice](no longer available) Download your data
If you can, please provide the description of some best practices: [4][Name of the online platform]Yahoo
If you can, please provide the description of some best practices: [4][Description of the best practice]Offered data portability for e-mail when privacy policy was updated
If you can, please provide the description of some best practices: [5][Name of the online platform]
If you can, please provide the description of some best practices: [5][Description of the best practice]

Should there be a mandatory requirement allowing non-personal data to be easily extracted and moved between comparable online services?

General Data Protection Answering Guide: This question makes little sense as any data which is linked to your particular account/activity is personal data. It is not obvious what data could, practically or legally, be linked to you but not be personal data.

Furthermore, this question, in light of the aforementioned diversity of platforms, is difficult to answer. Although that portability could be needed for, for example, social networks, it would be less relevant in platforms like AirBnB or Booking.com.

Also, it is far from obvious what public policy problems exist on what types of platforms that motivated the Commission to ask this question. When you answer, remember to be clear about which type of platform you are referring to - you may believe that this requirement should be mandatory for some platforms but not others. It would also be important to point out what non-personal data you are referring to.

Insofar as data are generated by individuals, they should have maximum ability to use it. So, we suggest you answer “yes” to this question. However, the illogical way the question is phrased means that we have no examples to share.

 

Yes [Y]
Please explain your choice and share any best practices that you are aware of. Insofar as specific data are linked to an individual, they are personal data. There are various examples of best practice in being able to download all relevant data. However, more incentives or obligations are needed in order, especially in the context of social media, to help overcome barriers to switching.
Please share your general comments or ideas regarding the ability of consumers and traders to move from one platform to another: The range of different online services makes a single answer to this question impossible. For many services, such as in the "sharing economy", such data portability appears to be of limited value in promoting competition and transparency. On the other hand, years of updating, messages, etc, would generate a huge barrier to switching and some tools - whether mandatory or not - would help choice and innovation in context of social media. There is a vast range of different types of non-personal data that is generated by the wide range of platforms that is the subject of this consultation. Some of this data would be proprietary, some would be potentially subject to protection under trade secrets, some of it would be potentially subject to intellectual property rights, etc.
Access to Data

As a trader or a consumer using the services of online platforms did you experience any of the following problems related to the access of data?

a) unexpectedly changing conditions of accessing the services of the platforms

Yes [Y]
b) unexpectedly changing conditions of accessing the Application Programming Interface of the platform Yes [Y]
c) unexpectedly changing conditions of accessing the data you shared with or stored on the platform Yes [Y]
d) discriminatory treatment in accessing data on the platform Yes [Y]

Would a rating scheme, issued by an independent agency on certain aspects of the platforms' activities, improve the situation?

Copyright Answering Guide: Certain rating schemes could help for certain uses of certain platforms, but rating schemes will not solve a great many of the problems experienced by users. For example, a ratings scheme might help to allow a user choose in a competitive market, but it will be of limited value in addressing problems on Facebook, for example, in the absence of portability and alternatives.

A rating scheme would also do little to prevent social media platforms from disabling API access or deleting content based on nebulous terms of service.

No [N]
Please share your general comments or ideas regarding access to data on online platforms: Certain rating schemes could help for certain uses of certain platforms, but rating schemes will not solve a great many of the problems experienced by users. For example, a ratings scheme might help to allow a user choose in a competitive market, but it will be of limited value in addressing problems on Facebook, for example, in the absence of portability and alternatives. A rating scheme would also do little to prevent social media platforms from disabling API access or deleting content based on nebulous terms of service. In the social media context, the big operators are generally unavoidable. Therefore, users can't give "free and fair" consent to a change of terms of service. Close attention needs to be paid to the extent to which any unilateral change would be in line with, for example, unfair contract terms or data protection legislation. Social media companies generally have unpredictable privacy and acceptable content policies. The latter frequently lead to content being arbitrarily deleted, with no recourse for the end-user.
Tackling Illegal Content Online and the Liability of Online Intemediaries
Please indicate your role in the context of this set of questions: Other [-oth-]
Please indicate your role in the context of this set of questions: [Other]Civil society organisation

Have you encountered situations suggesting that the liability regime introduced in Section IV of the E-commerce Directive (art. 12-15) has proven not fit for purpose or has negatively affected the market level playing field?

Enforcement Answering Guide: This section relates to how platforms can be found liable for the content hosted in their networks.  Many of the issues in this section relate to either biased or inaccurate questions which would not help to define the problems that platforms may pose.

There are certainly many cases where a mere notification of the possible illegality of content (or that the availability of content is unauthorised) has led to content wrongfully being taken offline. Therefore, it is certainly the case that the lack of clarity of what constitutes a valid “notice” is “not fit for purpose”. On the other hand,  there is certainly no negative impact on the “market playing field” - as internet companies generally have terms of service which allow them to unilaterally delete anything they want, while any kind of notice from anybody can constitute a valid legal notice.

Bearing in mind the Commission's apparent eagerness to make this situation even worse from a citizens' rights perspective by increasing liability, it is better to answer “no” to this question.

 

No [N]

Do you think that the concept of a "mere technical, automatic and passive nature" of information transmission by information society service providers provided under recital 42 of the ECD is sufficiently clear to be interpreted and applied in a homogeneous way, having in mind the growing involvement in content distribution by some online intermediaries, e.g.: video sharing websites?

Enforcement Answering Guide: The question is posed in such a way which is both biased ("having in mind") and misleading ("content distribution"). Your response should clarify certain aspects of the bad wording of the question and the goals towards which the legislator should be acting to achieve specific goals.

In addition to the bias that you may wish to address in your response, questions to consider include:

  • The reference to “content distribution” makes no sense in the context of a platform (as defined by the Commission itself). An online platform does not distribute content, users access the content and retrieve it, with the platform playing a passive role. Platforms are not broadcasters
  • The reference to homogenous implementation is misleading. A purpose of a Directive is to allow consistent – not homogenous implementation. The Commission is arbitrarily creating a new standard by which the Directive is to be judged, for no obvious public policy reason.
  • In order to comply with the primary of the European Union, the Directive should not have an effect on freedom of expression which contradicts Article 52 of the Charter of Fundamental Rights of the European Union. The current interpretation of the Directive already goes beyond these requirements (“may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others”). Any further tightening of the rules on intermediaries would therefore be a further breach of individuals' fundamental rights.
  • The current framework creates more incentives to delete content than to leave content online.

We suggest you answer “yes” to this question.

 

Yes [Y]
Please explain your answer: The question is posed in such a way which is both biased ("having in mind") and unclear ("content distribution"). Our response aims at clarifying certain aspects of the bad wording of the question and the goals towards which the legislator should be acting to achieve specific goals. -The reference to “content distribution” makes no sense in the context of a hosting provider. A sharing platform does not distribute content: users access the content and retrieve it, with the platform playing a passive role. Platforms are not broadcasters -The reference to homogeneous implementation is misleading. A purpose of a Directive is to allow consistent – not homogeneous implementation. The Commission is arbitrarily creating a new standard by which the Directive is to be judged, for no obvious public policy reason -In order to comply with the primary of the European Union, the Directive should not have an effect on freedom of expression which contradicts Article 52 of the Charter of Fundamental Rights. The current interpretation of the Directive already goes beyond these requirements (“necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others”). Any further tightening of the rules on intermediaries would therefore be a deepening of the imbalance visible in current arrangements. -The current framework creates more incentives to delete content than leave it online.

Mere conduit/caching/hosting describe the activities that are undertaken by a service provider. However, new business models and services have appeared since the adopting of the E-commerce Directive. For instance, some cloud service providers might also be covered under hosting services e.g. pure data storage. Other cloud-based services, as processing, might fall under a different category or not fit correctly into any of the existing ones. The same can apply to linking services and search engines, where there has been some diverging case-law at national level. Do you think that further categories of intermediary services should be established, besides mere conduit/caching/hosting and/or should the existing categories be clarified?

Enforcement Answering Guide: In this question we find once again elements connected erroneously or cynically by the Commission as if there are identical ("linking services and search engines"). Therefore, it is necessary to explain differences as well as the problems related to regulation of "linking". Points to consider in your response are:

  • The reference to “pure data storage” as a “new” service is particularly baffling. If it is “pure” data storage and not for sharing the content, then it does even not fall under the Commission's own excessively broad definition of “platform”, as it involves one only interacting with the hosting service.
  • The Commission fails to provide an example, even hypothetical, as regards how a passive processing task undertaken by any type of platform that falls under its definition, might need imply liability or might need a specific regulatory intervention.
  • The Commission fails to raise the serious problem of legal content being deleted by internet providers due to fear of liability.
  • Search engines are not a new business model contrary to the rather baffling assertion of the Commission.
  • There is no category of company called “linking service” and the Commission has not sought to explain what might be referring to, beyond putting them into the same category as search engines. It is profoundly unreasonable to hold anybody liable for content to which they link, because the do not control the linked-to content. Two examples illustrate this issue very well: the European Commission itself inadvertently linked to a pornography website and the UK Home Office inadvertently linked to a pornography website. Also, anybody who linked to the European Commission-funded CleanIT project now (as of December 2015) is now linking to a site which links to a pornography site.

Due to the European Commission's efforts to expand intermediary liability (as illustrated by the examples listed above), it would be wise to say “no” to this question.

No [N]

Do you consider that different categories of illegal content require different policy approaches as regards notice-and-action procedures, and in particular different requirements as regards the content of the notice?

General Enforcement Answering Guide: Different problems need to be addressed differently. In the case of notices of illegal content, providers have no option other than to delete everything that is subject to a notice, in order to avoid the risk of liability. This obviously leads to excessive enforcement by private actors. Users need to be given a way to complain when the legal content they uploaded is not taken down without their knowledge and without them being able to have an adequate remedy to the situation.

We believe that respondents to this consultation should demand that a counter-notice procedure should be required if this is at all possible. While one can envisage exceptions (such as grave affronts to human dignity or clear and imminent threats to human life) where the content could be disabled awaiting a possible counter-notice, in all other cases the user should be given the opportunity to launch a counter-notice.

It makes no sense to argue that potentially life-threatening terrorism-related material should be treated the same as, for example, a copyright infringement. We therefore suggest you say “yes” in response to this question. All types of illegal content should be treated differently.

 

Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Illegal offer of goods and services (e.g. illegal arms, fake medicines, dangerous products, unauthorised gambling services etc.)]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Illegal promotion of goods and services]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Content facilitating phishing, pharming or hacking]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Infringements of intellectual property rights (e.g. copyright and related rights, trademarks)]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Infringement of consumer protection rules, such as fraudulent or misleading offers]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Infringement of safety and security requirements]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Racist and xenophobic speech]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Homophobic and other kinds of hate speech]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Child abuse content]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Terrorism-related content (e.g. content inciting the commitment of terrorist offences and training material)]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Defamation]Yes [Y]
Do you think that any of the following categories of illegal content requires a specific approach? [Other]Any illegal content not mentioned above.

Please explain what approach you would see fit for the relevant category.

Enforcement Answering Guide: Several examples above are, by definition, not illegal (unauthorised gambling and copyright infringements) - or not universally illegal illegal content (homophobic speech, racism and xenophobia or even, child pornography, if the state in question has availed of the flexibilities offered by the Council of Europe Magiccrime Convention).  As a result, one can envisage all of the types of content being subject to specific provisions.

Infringements of intellectual property rights need to be considered differently since the content is not per se illegal. The illegality is in making the content available to a new public and/or obtaining any economic benefit of the infringement, but the content (a TV show, for example) is legal. There are many examples where copyright enforcement measures have lead to disproportionate consequences for fundamental rights (for example: censorship). 

Furthermore, those types of content mentioned above which are related to free speech, the regulation of which might differ in different Member States, and in such situations a case by case approach is especially needed.

Generally, content providers, hosting services, and any other business offering content (or access to content) should not be empowered to enforce any laws without a specific mandate prescribed by a law. We have extensively written about this subject

It seems that for disputes between private parties, such as defamation and copyright, a notice-and-notice system would be more appropriate. In cases involving allegations of serious criminality, private companies should pass on the request to law enforcement, who should seek a court order if the matter is not urgent. For more details, see here.  

 

Several examples above are, by definition, not - or not universally - illegal content. IPR infringements are not illegal content. The content remains the same whether its distribution is permitted or not. Some of the types of content listed above are more or less protected in different member states. It seems clear that, for disputes between private parties, such as defamation & copyright, a notice-and-notice system would be appropriate. In cases involving allegations of serious criminality, private companies should pass on the request to law enforcement, who should seek a court order if the matter isn't urgent. See https://www.article19.org/data/files/Intermediaries_ENGLISH.pdf. For urgent cases, specific procedures could be envisaged. We have extensively written about this subject: https://edri.org/wp-content/uploads/2014/02/EDRi_HumanRights_and_PrivLaw_web.pdf

Should the content providers be given the opportunity to give their views to the hosting service provider on the alleged illegality of the content?

General Enforcement Answering Guide: The European Commission is trippng over its own inconsistency here – there is no “illegality of the content” in relation to, for example, copyright infringements.

Giving the content provider the opportunity to be heard in advance of the removal of content would alleviate, to some extent, the problem observed above. It is not currently in the hosting service provider's interest to examine a notification of illegal content closely. Indeed the only way in which the illegality can be authoritatively determined is by a court ruling—therefore, although requiring the content provider to be heard by the service provider is, at best, a partial solution. Ideally that hearing ought to be before a judicial authority.

In order to respect even basic precepts of the rule of law, the content provider should always have the opportunity to be heard, unless there is a pressing urgent reason for this not to happen.

We therefore suggest you answer “yes” to this question.

 

Yes [Y]
Please explain your answer: Giving the content provider the opportunity to be heard in avance of the removal of content would alleviate, to some extent, the problem observed above that it is not currently in the hosting provider's interest to examine a notification of illegal content closely. Indeed, the only way in which the illegality can be authoritatively determined is by a court ruling - therefore, although requiring the content provider to be heard by the service provider is a partial solution, ideally the hearing should be before a judicial authority.
If you consider that this should only apply for some kinds of illegal content, please indicate which one(s):

Should action taken by hosting service providers remain effective over time ("take down and stay down" principle)?

General Enforcement Answering Guide: The idea of having a permanent restriction take down would not allow for the case by case analysis needed. It would also  be The answer is yes. necessary to implement privacy invasive measures to keep these "take down and stay down" principles enforced. Notice and staydown also almost inevitably involves a degree of filtering/surveillance of the kind that was deemed to be illegal under the Charter in both the Scarlet/Sabam (C-70/10) and the Netlog/Sabam case (C-360/10). Implementing liability or other provisions that indirectly lead to intermediaries imposing such measures is as unacceptable (and as much of a breach of the European Charter of Fundamental Rights) as implementing such measures directly.

Context is very important. Content that may be illegal or infringing in one context may be innocuous in another. There is no substitute for removals to be treated on a case by case basis.

We therefore suggest you answer “no” to this question.

 

No [N]
Please explain: Context is very important. Content that may be illegal or infringing in one context may be innocuous in another. There is no substitute for removals being treated on a case by case basis. Notice and staydown also almost inevitably involves a degree of filtering/surveillance of the kind that was deemed to be illegal under the CHarter in both the Scarlet/Sabam (C-70/10) and the Netlog/Sabam (C-360/10) cases. Implementing liability or other provisions that indirectly lead to intermediaries imposing such measures is as unacceptable as implementing such measures directly. Such obligations would also further deepen the existing imbalance in the way in which notices are handled.

On duties of care for online intermediaries:

Recital 48 of the Ecommerce Directive establishes that "[t]his Directive does not affect the possibility for Member States of requiring service providers, who host information provided by recipients of their service, to apply duties of care, which can reasonably be expected from them and which are specified by national law, in order to detect and prevent certain types of illegal activities". Moreover, Article 16 of the same Directive calls on Member States and the Commission to encourage the "drawing up of codes of conduct at Community level by trade, professional and consumer associations or organisations designed to contribute to the proper implementation of Articles 5 to 15". At the same time, however, Article 15 sets out a prohibition to impose "a general obligation to monitor".

(For online intermediaries): Have you put in place voluntary or proactive measures to remove certain categories of illegal content from your system?

Do you see a need to impose specific duties of care for certain categories of illegal content?

Enforcement Answering Guide: There is no reason why certain types of content should benefit from such a duty more than others. The European Commission, in a letter to Ms Charlotte Cederschiöld, was quite clear that the "duty of care" referred to in recital 48 was not an additional duty, but codification of the rules in Articles 12-15. Consequently, it is clear that recital 48 was not meant to create new duties and such a meaning may not be imputed to it.

With regard to codes of conduct, at the time Article 16 was originally drafted, in 1998, there were no codes of conduct in the area of voluntary enforcement within the context of Articles 12-15 of the Directive. Consequently, there is no basis to argue that this is the intended meaning of Article 16. This interpretation is backed up by the European Commission's press release on the adoption of the proposed Directive, which refers to codes of conduct only in implementation of the provisions.

In short, the Commission's description of both Recital 48 and Article 16 of the E-Commerce Directive is – whether accidentally or deliberately – a significant misrepresentation of the agreed meaning of that instrument.

The answer therefore must be “no”

 

No [N]

Please specify for which categories of content you would establish such an obligation.

Enforcement Answering Guide: The care that is described in the E-Commerce Directive is to respect obligations to act appropriately to receiving actual knowledge of the illegality of specific material. There is no experience to suggest that specific types of illegal content could be downgraded compared with others.

The European Commission, in a letter to Ms Charlotte Cederschioeld, was quite clear that the "duty of care" referred to in recital 48 was not an additional duty, but a codification of the rules in Articles 12-15. Consequently, it is clear that recital 48 was not meant to create new duties and such a meaning may not be imputed to it. With regard to codes of conduct, at the time Article 16 was originally drafted, there were few, if any, codes of conduct in the area of voluntary enforcement within the context of Articles 12-15 of the Directive. Consequently, there is no basis to argue that this was the intended meaning of Article 16. This interpretation is backed up by the European Commission's press release on the adoption of the proposed Directive, which refers to codes of conduct only in the implementation of other provisions.

Please specify for which categories of intermediary you would establish such an obligation.

Enforcement Answering Guide: There are already specific rules in the E-Commerce Directive for different categories of intermediary. No further subdivisions are needed.

There are already specific rules in the E-Commerce Directive for different categories of intermediary. No further subdivisions are needed.

Please specify what types of actions could be covered by such an obligation.

Enforcement Answering Guide: The actions required from intermediaries are those described in the Directive. There is already an imbalance whereby intermediaries are pushed to delete/restrict content, with no obligations to take steps to defend legal content. Any further actions would exacerbate this already unacceptable situation.

The actions required from intermediaries are those described in the Directive. There is already an imbalance whereby intermediaries are pushed to delete/restrict content, with no obligations to take steps to defend legal content. Any further actions would exacerbate this already unacceptable situation.

Do you see a need for more transparency on the intermediaries' content restriction policies and practices (including the number of notices received as well as their main content and the results of the actions taken following the notices)?

Enforcement Answering Guide: This question section of the questionnaire is about illegal content, or content that has been subject to a notice. Intermediaries' content restriction policies and practices are generally far broader. This question therefore covers two issues at the same time, without distinction. It is a basic foundation of the protection for free speech that restrictions must be predictable, so that individuals understand the rules. Furthermore, restrictions on free speech must be necessary and proportionate – without transparency, this cannot be verified.

Limiting obligations to a specific number would not allow neither for adequate transparency nor would it solve any problem for small internet companies..

One thousand per year is fewer than three per day – on what basis could it be argued that it would be a disproportionate burden for even the smallest company to log two notices per day?

Therefore the answer must be “yes”.

 

Yes [Y]
Should this obligation be limited to those hosting service providers, which receive a sizeable amount of notices per year (e.g. more than 1000)? No [N]

Do you think that online intermediaries should have a specific service to facilitate contact with national authorities for the fastest possible notice and removal of illegal contents that constitute a threat for e.g. public security or fight against terrorism?

Enforcement Answering Guide: Whilst we would agree that intermediaries should deal appropriately with notices regarding content that they believe is illegal, in full respect of the rule of law, the sentence is phrased in such a way that it seems to wrongly assume that the content that is accused of being illegal automatically *is* illegal and ought to be removed.

This is not an issue for opinions, it is an issue for facts. Either there is evidence that there is a problem in this area or there is not. If there is a problem, is it of a level that a legal obligation needs to be introduced?

Furthermore, it would be reckless in the extreme, particularly with regard to issues which concern the safety of individuals, to treat notice and takedown as an isolated issue, rather than part of a complex ecosystem that intermediaries are ill-equipped to understand. We draw the Commission's attention, for example, to the Quillam Foundation study that warned of the risk of potential counterproductive effects (page 7 of this report, which also cites ‘Countering Online Radicalisation: A Strategy"  ICSR, page 15)

It is also unclear what is meant by 'facilitating contact' – presumably it means that internet companies should have a central point where notices are received.

In the absence of a defined problem, and due to the risk of counterproductive impacts, the answer, therefore, should be no.

 

No [N]

Please share your general comments or ideas regarding the liability of online intermediaries and the topics addressed in this section of the questionnaire.

Enforcement Answering Guide: Generally speaking, so called "voluntary measures" need to be addressed with extreme precaution in order not to promote the enforcement of the law by private actors.

Online platforms such as search engines or aggregations should not be required to monitor content submitted on their platforms. Even more importantly, they should not be made responsible for links to websites accused of hosting illegal content or of giving access to content made available without authorisation.

For further background, please see:

The latter summarises the key priorities as follows:

  1. Intermediaries should be shielded from liability for third-party content
  2. Content must not be required to be restricted without an order by a judicial authority
  3. Requests for restrictions of content must be clear, be unambiguous, and follow due process
  4. Laws and content restriction orders and practices must comply with the tests of necessity and proportionality
  5. Laws and content restriction policies and practices must respect due process
  6. Transparency and accountability must be built into laws and content restriction policies and practices

     

 

Generally speaking, so called voluntary-measures need to be addressed with extreme caution, in order not to promote the arbitrary enforcment of law by private actors. See https://edri.org/wp-content/uploads/2014/02/EDRi_HumanRights_and_PrivLaw_web.pdf. Online platforms should as search enginers or aggregators should not be required to monitor content submitted on their platforms. More importantly, they should not be made responsible for blocking links to websites accused of hosting allegedly illegal content or giving access to content made available illegally. The Manila Principles on Intermediary Liability (https://manilaprinciples.org) were adopted by a group of civil society organisations in 2015 and set out a set of high level principles. In summary, these are: Intermediaries should be shielded from liability for third-party content Content must not be required to be restricted without an order by a judicial authority Requests for restrictions of content must be clear, be unambiguous, and follow due process Laws and content restriction orders and practices must comply with the tests of necessity and proportionality Laws and content restriction policies and practices must respect due process Transparency and accountability must be built into laws and content restriction policies and practices In addition, governments should not seek to circumvent international law or national constitutions by "informally" putting pressure of internet companies to delete content, thereby avoiding political accountability, legal obligations to ensure necessity and proportionality, review mechanisms, etc. For further information, please see: https://edri.org/files/057862048281124912Submission_EDRi_NoticeAction.pdf https://netzpolitik.org/wp-upload/N_a_T_answers_digiges.pdf https://www.bof.nl/live/wp-content/uploads/040912-submissiontoformofconsultationeuropeancommission.pdf http://www.laquadrature.net/files/LQDN_Response_Notice_&_Action.pdf
On Data Location Restrictions

In the context of the free flow of data in the Union, do you in practice take measures to make a clear distinction between personal and non-personal data?

Data Protection Answering Guide: The question has no context, making it impossible to answer. Does the Commission already believe that the not-yet-adopted GDPR will fail in its goal of facilitating the free flow of personal data in the Union? If the GDPR is not a failure, what problems or legal environment does the Commission envisage to be a specific problem for non-personal data?

Or does the Commission believe that the distinction between personal and non-personal data that it proposed is, in fact, inadequate?

As the protection of personal data is subject to a specific legal framework and non-personal data is not, the only possible answer to his question is “yes”.

It appears that the European Commission wishes to adopt legislation on EU-wide contract law and is seeking to persuade people to answer “yes” to this question, in order to “prove” that there are problems regarding the handling of non-personal data.

Not applicable is therefore the only available answer

Not applicable [NA]
Have restrictions on the location of data affected your strategy in doing business (e.g. limiting your choice regarding the use of certain digital technologies and services)? No [N]

Do you think that there are particular reasons in relation to which data location restrictions are or should be justifiable?

Data Protection Answering Guide: Given the differences of data protection regimes around the world, the need to restrict location to certain locations which respect the EU data protection regime is a must. However, the Commission does not specify if it is referring to personal or non-personal data (or both) or data storage in Europe or outside Europe (or both), meaning the question has little meaning.

In line with EU primary and secondary law, personal data must be stored in the EU or under the rules for data export enshrined in data protection legislation.

Clearly, personal data should not be stored in unsafe regimes, so the answer must be “yes” with “data protection” being given as one possible justification.

Yes [Y]
What kind(s) of ground(s) do you think are justifiable? [National security]
What kind(s) of ground(s) do you think are justifiable? [Public security]
What kind(s) of ground(s) do you think are justifiable? [Other]Data protection
On Data Access And Transfer

Do you think that the existing contract law framework and current contractual practices are fit for purpose to facilitate a free flow of data including sufficient and fair access to and use of data in the EU, while safeguarding fundamental interests of parties involved?

Data Protection Answering Guide: The question covers both personal and non-personal data, which will prevent the Commission from being able to use the answers received in any meaningful way.

For personal data there is a EU framework which regulates it, safeguarding fundamental rights, while non-personal data is not regulated. 

The logic of the question is somewhat baffling. Access to personal data in the EU falls under the general data protection framework. It is not obvious what experiences regarding contract law might have inspired the Commission's question.

It is also not clear what "sufficient" access means, nor is the notion of "fair access", which uses the word "fair" in a different sense from that in existing European data protection law, which addresses correctly fairness from the perspective of the fundamental rights of the data subject.

It is also not clear what non-personal data generated or collected by platforms could the behind the question - databases of hotels? map data? domain name information?

Insofar as it might refer to personal data, it is worth considering the U.S. - EU Safe Harbor Framework (now invalidated) which was an unsafe system that allegedly tried to be a compromise between the comprehensive and stronger data protection legislative regime of the European Union, versus the self–regulatory model adopted by the U.S. which fails to meaningfully protect privacy.

Insofar as it might refer to copyright works (though, if so, the question is poorly worded), there are certainly barriers to the free flow of such works that the digital single market reforms are attempting to address, and in that context a particularly important measure will be the adoption of more uniform limitations and exceptions to copyright.

Insofar as the question seeks to create evidence for a “need” to harmonise EU contract law, we are not aware of such a need.

As the Commission chose not to ask a meaningful question, the only reasonable response is to say “no”.

 

No [N]
Please explain your position: The logic of the question is somewhat baffling. Access to personal data in the EU falls under the general data protection framework. It is not obvious what experiences regarding contract law might have inspired the Commission's question. It is also not clear what "sufficient" access means, nor is the notion of "fair access", which uses the word "fair" in a different sense from that in existing European data protection law, which addresses correctly fairness from the perspective of the fundamental rights of the data subject. It is also not clear what non-personal data generated or collected by platforms could the behind the question - databases of hotels? map data? domain name information? Insofar as it might refer to copyright works (though, if so, the question is poorly worded), there are certainly barriers to the free flow of such works that the digital single market reforms are attempting to address, and in that context a particularly important measure will be the adoption of more uniform limitations and exceptions to copyright

In order to ensure the free flow of data within the European Union, in your opinion, regulating access to, transfer and the use of non-personal data at European level is:

Data Protection Answering Guide: Personal data has a EU framework which regulates it, safeguarding fundamental rights. Non-personal data is not regulated. Personal data is already regulated at European level, by general and e-communications specific legislation.

The Commission should have specified which non-personal data collected, stored, accessed and transferred by (which?) platforms are meant to be the subject of  this question.

As the Commission has not identified in its question any data which does need regulation, the only logical answer is “no”.

Not necessary [Unnec]

When non-personal data is generated by a device in an automated manner, do you think that it should be subject to specific measures (binding or non-binding) at EU level?

Data Protection Answering Guide: The question presents a number of elements which impede meaningful answers being provided.

In particular, the Commission has not even identified the policy area it is addressing, the category of platform it is addressing, etc.

This renders it impossible to answer. We would stress, however that data such as location data is personal data unless meaningfully and definitively de-personalised (a goal which is very difficult to meaningfully achieve).

However, one of the following questions is whether there should be “an obligation to inform the user or operator of the device that generates the data”. If the data is identifiable to a device, then it falls under the definition of personal data and is not “non-personal data”. The data are therefore, not “”non personal”.

In line with the EDPS Opinion 07/2015, from a competitiveness, innovation and data protection perspective, giving exploitation rights to the individual would be a welcome step.

In order to provide a more effective response to security threats and increase transparency in an increasingly technological world, the use of free software and open data should be encouraged in both public and private environments.

The user and the owner of the device should be informed what kind of data gets generated and be able to download the raw data for themselves.

Where possible, users should always be able to exploit data that they create. However, only the first two options of the aspects in the next question should be chosen, to avoid generating new data protection problems.

 

No [N]

Please share your general comments or ideas regarding data access, ownership and use.

Data Protection Answering Guide: The principles around access to personal data are long-established. Personal data is ANY information related to an identified or identifiable person.

Access: For transparency and in order to realise the right to rectification, appropriate access is clearly necessary.

Ownership: Even if a database may be the property of a processor or controller, full rights of access, rectification and deletion for the data subject are necessary in order to give protect the essence of data protection and privacy rights.

Use: Use of data, outside the scope of the exceptions in the GDPR, is permitted in accordance with the legal basis for the initial data collection. The e-Privacy Directive can not and should not attempt to change this. In line with the EDPS Opinion 07/2015, exploitation rights should be accorded to the individual where possible.

The principles around access to personal data are long-established. Personal data is ANY information related to an identified or identifiable person. Access: For transparency and in order to realise the right to rectification, appropriate access is clearly necessary. Ownership: Even if a database may be the proporty of a processer or controller, full rights of access, rectification and deletion for the data subject are necessary in order to give protect the essence of data protection and privacy rights. Use: Use of data, outside the scope of the exceptions in the GDPR, is permitted in accordance with the legal basis for the initial data collection. The e-Privacy Directive can not and should not attempt to change this.
On Data Markets

What regulatory constraints hold back the development of data markets in Europe and how could the EU encourage the development of such markets?

Data Protection Answering Guide: This question is inherently - and obviously - biased, as it assumes that any restriction, regardless of how proportionate, legitimate or effective it is in achieving a public policy goal, is automatically a "constraint" that needs to be eliminated. Data markets that rely on personal data, such as user profiling, are frequently disrespectful of individuals' fundamental rights and corrosive for trust and security.

The European Commission must remember that task at hand in the revision of ePrivacy Directive is NOT to encourage the development of particular markets, it is to give meaning to the general data protection regulation in the specific context of electronic communications.

This question is inherently - and obviously - biased, as it assumes that any restriction, regardless of how proportionate, legitimate or effective it is in achieving a public policy goal, is automatically a "constraint" that needs to be eliminated. Data markets that rely on personal data, such as user profiling, are frequently disrespectful of individuals' fundamental rights and corrosive for trust and security. The European Commission must remember that task at hand in the revision of ePrivacy Directive is NOT to encourage the development of particular markets, it is to give meaning to the general data protection regulation in the specific context of electronic communications.
On Access to Open Data

Do you think more could be done to open up public sector data for re-use in addition to the recently revised EU legislation (Directive 2013/37/EU)?

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

 

[Introducing the principle of 'open by default']
Yes [Y]

Do you think more could be done to open up public sector data for re-use in addition to the recently revised EU legislation (Directive 2013/37/EU)?

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

 

[Licensing of 'Open Data': help persons/ organisations wishing to re-use public sector information (e.g., Standard European License)]
Yes [Y]

Do you think more could be done to open up public sector data for re-use in addition to the recently revised EU legislation (Directive 2013/37/EU)?

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

 

[Further expanding the scope of the Directive (e.g. to include public service broadcasters, public undertakings)]
Yes [Y]

Do you think more could be done to open up public sector data for re-use in addition to the recently revised EU legislation (Directive 2013/37/EU)?

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

 

[Improving interoperability (e.g., common data formats)]
Yes [Y]

Do you think more could be done to open up public sector data for re-use in addition to the recently revised EU legislation (Directive 2013/37/EU)?

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

 

[Further limiting the possibility to charge for re-use of public sector information]
Yes [Y]

Do you think more could be done to open up public sector data for re-use in addition to the recently revised EU legislation (Directive 2013/37/EU)?

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

 

[Remedies available to potential re-users against unfavourable decisions]
Yes [Y]

Do you think more could be done to open up public sector data for re-use in addition to the recently revised EU legislation (Directive 2013/37/EU)?

Open Data Answering Guide: In light of the Commission's own findings that the Database Directive has not contributed to the Digital Economy and the use of database rights to prevent re-use of public sector data, repeal of the Database Directive should be on the table. The Directive has not been efficient and new legislation is needed to open up public sector data.

All of the suggested options should be considered.

 

[Other]

Do you think that there is a case for the opening up of data held by private entities to promote its re-use by public and/or private sector, while respecting the existing provisions on data protection?

Open Data Answering Guide: There has been use of private held data in many ocassions before which has been useful for public and private purposes. In our reply we provide some examples.

  • Regarding  remedies for re-users, such as appeal to a higher administrative body or to a court are already in the PSI-Directive. However they are cost extra resources and time. A self-control mechanism within the public administration could be more efficient.
  • Regarding licensing of Open Data, the use of Creative Commons Licenses CC0 or CC-BY-4.0 should be encouraged.
  • Finally, there is the need to bring the PSI-Directive into accordance with the standard Open Data definition
The answer should therefore be “yes”.
Yes [Y]

Under what conditions?

Open Data Answering Guide: A lot of privately held data has been collected as part of publicly funded efforts in areas as ranging from medical research to heritage institutions. Publicly funded data should be publicly available, both for commercial and non-commercial purposes.

[in case it is in the public interest]
Yes [Y]

Under what conditions?

Open Data Answering Guide: A lot of privately held data has been collected as part of publicly funded efforts in areas as ranging from medical research to heritage institutions. Publicly funded data should be publicly available, both for commercial and non-commercial purposes.

[for non-commercial purposes (e.g. research)]
Yes [Y]

Under what conditions?

Open Data Answering Guide: A lot of privately held data has been collected as part of publicly funded efforts in areas as ranging from medical research to heritage institutions. Publicly funded data should be publicly available, both for commercial and non-commercial purposes.

[Other]
A lot of privately held data has been collected as part of publicly funded efforts in areas as ranging from medical research to heritage institutions. Publicly funded data should be publicly available, both for commercial and non-commercial purposes.
On Access and Reuse of (Non-Personal) Scientific Data

Do you think that data generated by research is sufficiently, findable, accessible identifiable, and re-usable enough?

Open Data Answering Guide: Despite technological advances that allow massive ways to analyse data, there are many ways in which research is limited on purpose with technological measures. We therefore suggest answering “no”.

No [N]

Why not? What do you think could be done to make data generated by research more effectively re-usable?

Open Data Answering Guide: Copyright rules create hurdles in this area.

Currently research activities are covered by the same exception as educational uses. Contrary to the educational exception, the exception for research is not restrictively adopted in national laws. However, the main problems with accessing and using scientific materials are mainly practical. The exception allows for their use for research purposes, but they are usually protected by restrictive licenses or DRM (Digital Rights Management) systems - or simply only published in hard copies and not accessible. For example, licenses require that works are made available using certain networks or software only. Text and data mining is often explicitly prohibited in licenses, or allowed only to a limited extent.

It should be clarified that TDM does not fall under copyright provisions. On top of this, a specific exception allowing the copying of content for the purpose of text and data mining is necessary. It should also be explicitly stated in the law that technical protection measures (TPMs) and contracts should not override such an exception, nor any other exception. Finally, such an exception should not distinguish between commercial and non-commercial purposes as, for research institutions, this would prevent knowledge transfer and such a differentiation would not be in the public interest.

1. The research exception The main problems with accessing and using scientific materials are mainly practical. The exception for research is not restrictively adopted in national laws, and allows for their use for research purposes, but they are usually protected by restrictive licenses or DRM (Digital Rights Management) systems – or simply only published in hard copies and not accessible. For example, licences require that works are made available using certain networks or software only. 2. Text and data mining Text and data mining is often explicitly prohibited in licences, or allowed only to a limited extent. TDM should not fall under copyright provisions: a specific exception allowing the copying of content for the purpose of TDM is necessary. This exception should not distinguish between commercial and non-commercial purposes as, for research institutions, this would prevent knowledge transfer and such a differentiation would not be in the public interest. The law should also ensure that technical protection measures (TPMs) and contracts cannot override such an exception, nor any other exceptions, otherwise decisions made by legislators can be effectively nullified by market players. 3. Public funding and open data While the above applies to all data generated by research it is imperative that research data (and other research outputs) that have been generated with public funding are published as open data (i.e. under licensing conditions that allow re-use of the data by anyone for any purpose). The output of publicly funded research needs to be accessible and reusable by anyone without any restrictions.

Do you agree with a default policy which would make data generated by publicly funded research available through open access?

Open Data Answering Guide: There is no reason to keep away from public access what has been produced with public funds.

Yes [Y]
On Liability in Relation to the Free Flow of Data and the Internet of Things

As a provider/user of Internet of Things (IoT) and/or data driven services and connected tangible devices, have you ever encountered or do you anticipate problems stemming from either an unclear liability regime/non-existence of a clear-cut liability regime?

Data Protection Answering Guide: The technology has developed much faster than legislation. Specifically in the case of the Internet of Things, the EU data protection regime has proven not to be ready for the intense way that ever-multiplying connected devices could work to gather and share personal data. The e-Privacy Directive should be updated with this priority in mind. The answer is therefore “yes”.

Yes [Y]

If you did not find the legal framework satisfactory, does this affect in any way your use of these services and tangible goods or your trust in them?

Data Protection Answering Guide: It seems unlikely that individuals' use are of such services is not affected “in any way” by the weakness and lack of implementation of the current data protection framework.

The answer is yes.

 

Yes [Y]

Do you think that the existing legal framework (laws or guidelines or contractual practices) is fit for purpose in addressing liability issues of IoT or / and data-driven services and connected tangible goods?

Data Protection Answering Guide: The technology has developed much faster than legislation. Specifically in the case of the Internet of Things, the EU data protection regime has proven not to be ready for the intense way that ever-multiplying connected devices could work to gather and share personal data. 

A meaningful – and well implemented – update of the e-Privacy Directive is clearly needed.

The answer is therfore "no".

 

No [N]

Please explain what, in your view, should be the liability regime for these services and connected tangible goods to increase your trust and confidence in them?

Data Protection Answering Guide: The serious consequences for personal liberties and freedoms in cases of data breaches needs to be tied to a strict liability regime so dealing with data breaches becomes more expensive for companies than providing strong protection standards when dealing with personal data. For an example of data breaches only in November 2015, including Georgia data breach could affect 6.2 million voters’ personal information, see here

A strong data protection regime where significant sanctions are imposed to those companies that have not secured communications as well as quick responses in cases of data breaches need to be implemented.

The "internet of things" expand the risks to personal data and online security to an exponential extent. We have seen several massive data breaches recently (TalkTalk, Ashley Madison...) that prove that significant liability measures are needed to ensure that appropriate safeguards are in place.

The serious consequences for personal liberties and freedoms in cases of data breaches needs to be tied to a strict liability regime, in order that dealing with data breaches becomes more expensive for companies than providing strong protection standards. For an example of data breaches only in November 2015, including the Georgia data breach could affect 6.2 million voters’ personal information, see http://www.itgovernance.co.uk/blog/list-of-data-breaches-and-magic-attacks-in-november-2015 In addition to what we have said above, a strong data protection regime where significant sanctions are imposed to those companies that have not secured communications as well as quick responses in cases of data breaches need to be implemented. The "internet of things" expand the risks to personal data and online security to an exponential extent. We have seen several massive data breaches recently (TalkTalk, Ashley Madison...) that prove that significant liability measures are needed to ensure that appropriate safeguards are in place.

As a user of IoT and/or data driven services and connected tangible devices, does the present legal framework for liability of providers impact your confidence and trust in those services and connected tangible goods?

Data Protection Answering Guide: The question borders on being a  truism, the legal framework for liability is bound to have an impact, either positive or negative. The impact is on the "confidence and trust". The answer can only be “yes” therefore.

 

Yes [Y]

In order to ensure the roll-out of IoT and the free flow of data, should liability issues of these services and connected tangible goods be addressed at EU level?

Data Protection Answering Guide: At least with regard to the issue of data protection, this issue should be dealt with at an EU level.

The answer is therefore "yes".

Yes [Y]
On Open Service Platforms
What are in your opinion the socio-economic and innovation advantages of open versus closed service platforms and what regulatory or other policy initiatives do you propose to accelerate the emergence and take-up of open service platforms?
Personal Data Management Systems

Do you think that technical innovations, such as personal data spaces, should be promoted to improve transparency in compliance with the current and future EU data protection legal framework? Such innovations can take the form of 'personal data cloud spaces' or trusted frameworks and are often referred to as 'personal data banks/stores/vaults'?

Data Protection Answering Guide: Data vaults allow users to store the personal data they wish and to share only the necessary bits of personal information they need to do a specific transaction online. For example, if you need to have something deliver, you may provide access to the delivery address of your choice without having to fill in a form and without providing any more unnecessary data to the service provider.

Unfortunately, the Commission is not precise in what it means by “promote”, but we would lean towards say “yes” in response to the question.

Yes [Y]

Would you be in favour of supporting an initiative considering and promoting the development of personal data management systems at EU Level?

Data Protection Answering Guide: Any such initiative which has strong data protection safeguards in place could be useful to diminish the amount of personal data shared by default when using different online services, as it was stated by the EDPS in its opinion on Big Data (page 13, bottom part).

We would therefore tend to say “yes”.

 

Yes [Y]
European Cloud Initiative
What are the key elements for ensuring trust in the use of cloud computing services by European businesses and citizens? [Reducing regulatory differences between Member States]Yes [Y]
What are the key elements for ensuring trust in the use of cloud computing services by European businesses and citizens? [Standards, certification schemes, quality labels or seals]Yes [Y]
What are the key elements for ensuring trust in the use of cloud computing services by European businesses and citizens? [Use of the cloud by public institutions]Yes [Y]
What are the key elements for ensuring trust in the use of cloud computing services by European businesses and citizens? [Investment by the European private sector in secure, reliable and high-quality cloud infrastructures]Yes [Y]

As a (potential) user of cloud computing services, do you think cloud service providers are sufficiently transparent on the security and protection of users' data regarding the services they provide?

Data Protection Answering Guide: Cloud computing services, some of them outside the scope of the consultation, need to put in place the principles that are set in the EU data protection regime. Data protection by design and by default, for example, should be at the core of their service. Furthermore, their terms of service, which are often in obscure legalese terms and are subject to arbitrary change by the platform, need to be addressed in a  way that serves the information purposes for which they were drafted.

We therefore suggest that you answer “no”.

No [N]

What information relevant to the security and protection of users' data do you think cloud service providers should provide?

Data Protection Answering Guide: This question is difficult to answer because some relevant activities (the software being provided by the "cloud provider") for example, are not a two-sided markets and therefore fall outside the scope of the consultation.

  • Cloud services need to show that data protection by design and by default is at the core of their service. Data needs to be strongly protected, not shared/processed unless it is done following the EU data protection regime. 
  • The control on the use of the data hosted at cloud services needs to be given user, not in the cloud service provider. 
  • Terms of service governing these services need to follow the EU data protection regime and they need to be written in an accessible form. 
  • User-friendly technologies to enable fair and informed explicit consent for the lawful use of his personal data. Inflexible “all-or-nothing” contracts, where individuals have to agree to unnecessary and unclear data processing over which they have no control do not constitute a fair practice

This question is difficult to answer because some relevant activities (the software being provided by the "cloud provider") for example, are not a two-sided markets and therefore fall outside the scope of the consultation. - Cloud services need to show that data protection by design and by default is at the core of their service. Data needs to be strongly protected, not shared/processed unless it is done following the EU data protection regime. - The control on the use of the data hosted at cloud services needs to rest on the user, not in the cloud service provider. - Terms of service governing these services need to follow the EU data protection regime and they need to be written in an accessible form. - User-friendly technologies to enable fair and informed consent.

As a (potential) user of cloud computing services, do you agree that existing contractual practices ensure a fair and balanced allocation of legal and technical risks between cloud users and cloud service providers?

Data Protection Answering Guide: The frequent obscurity of terms of service and lack of clarity regarding liability in case of data breaches means that we believe the answer to this question should be “no”.

No [N]
Please explain Currently, many cloud services operate under terms of services which give companies unpredictable rights to use personal data in any form, including rights to delete comments or posts published by the user, keep messages that were "deleted" by the user, demand the the copyright of personal pictures and videos posted on social networks and other similar situations and "voluntarily" scan personal data, ostensibly for law-enforcement purposes. Furthermore, there is a increasing questionable policy trend in national governments and EU institutions to use terms of service to substitute the rule of law, usually under the excuse of its "effectiveness", "lack of bureaucracy" or promptness. Liability in cases of data breaches is also very unclear.

What would be the benefit of cloud computing services interacting with each other (ensuring interoperability)?

General Answering Guide: Interoperability is a positive technological feature since it allows the creation of new services and the connection of existing ones by using commons standards. 

Interoperability lowers barriers to innovation, drives competition and consumer choice.

 

[Economic benefits]
Yes [Y]

What would be the benefit of cloud computing services interacting with each other (ensuring interoperability)?

General Answering Guide: Interoperability is a positive technological feature since it allows the creation of new services and the connection of existing ones by using commons standards. 

Interoperability lowers barriers to innovation, drives competition and consumer choice.

 

[Improved trust]
Yes [Y]

What would be the benefit of cloud computing services interacting with each other (ensuring interoperability)?

General Answering Guide: Interoperability is a positive technological feature since it allows the creation of new services and the connection of existing ones by using commons standards. 

Interoperability lowers barriers to innovation, drives competition and consumer choice.

 

[Other]
Interoperability is always a positive technological feature since it allows the creation of new services and the connection of existing ones by using commons standards. Interoperability would facilitate transfering between services more easily. It would also stimulate innovation, competitiveness and ensure that citizens are treated really as the user of the service and not as the product of such service or platform, as it happens now.

What would be the benefit of guaranteeing the portability of data, including at European level, between different providers of cloud services?

General Data Protection Answering Guide: Portability of data would certainly be a positive measure for many – but not all – of the services that could potentially be covered by the Commission's definition of “platform”.

Portability would be useful in order to create new markets where users could allow their data to be processed for new and innovative purposes. Portability would also serve to increase competition where the absence of this function acts as a barrier to switching. Consequently, there are economic, trust, investment, competition choice and innovation benefits in most cases.

 

[Economic benefits]
Yes [Y]

What would be the benefit of guaranteeing the portability of data, including at European level, between different providers of cloud services?

General Data Protection Answering Guide: Portability of data would certainly be a positive measure for many – but not all – of the services that could potentially be covered by the Commission's definition of “platform”.

Portability would be useful in order to create new markets where users could allow their data to be processed for new and innovative purposes. Portability would also serve to increase competition where the absence of this function acts as a barrier to switching. Consequently, there are economic, trust, investment, competition choice and innovation benefits in most cases.

 

[Improved trust]

What would be the benefit of guaranteeing the portability of data, including at European level, between different providers of cloud services?

General Data Protection Answering Guide: Portability of data would certainly be a positive measure for many – but not all – of the services that could potentially be covered by the Commission's definition of “platform”.

Portability would be useful in order to create new markets where users could allow their data to be processed for new and innovative purposes. Portability would also serve to increase competition where the absence of this function acts as a barrier to switching. Consequently, there are economic, trust, investment, competition choice and innovation benefits in most cases.

 

[Other]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Difficulties with negotiating contractual terms and conditions for cloud services stemming from uneven bargaining power of the parties and/or undefined standards][Never (Y[es] or N[no])]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Difficulties with negotiating contractual terms and conditions for cloud services stemming from uneven bargaining power of the parties and/or undefined standards][Sometimes (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Difficulties with negotiating contractual terms and conditions for cloud services stemming from uneven bargaining power of the parties and/or undefined standards][Often (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Difficulties with negotiating contractual terms and conditions for cloud services stemming from uneven bargaining power of the parties and/or undefined standards][Always (Y / N)]
Y

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Difficulties with negotiating contractual terms and conditions for cloud services stemming from uneven bargaining power of the parties and/or undefined standards][Why?]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Limitations as regards the possibility to switch between different cloud service providers][Never (Y[es] or N[no])]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Limitations as regards the possibility to switch between different cloud service providers][Sometimes (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Limitations as regards the possibility to switch between different cloud service providers][Often (Y / N)]
Y

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Limitations as regards the possibility to switch between different cloud service providers][Always (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Limitations as regards the possibility to switch between different cloud service providers][Why?]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Possibility for the supplier to unilaterally modify the cloud service][Never (Y[es] or N[no])]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Possibility for the supplier to unilaterally modify the cloud service][Sometimes (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Possibility for the supplier to unilaterally modify the cloud service][Often (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Possibility for the supplier to unilaterally modify the cloud service][Always (Y / N)]
Y

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Possibility for the supplier to unilaterally modify the cloud service][Why?]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Far reaching limitations of the supplier's liability for malfunctioning cloud services (including depriving the user of key remedies)][Never (Y[es] or N[no])]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Far reaching limitations of the supplier's liability for malfunctioning cloud services (including depriving the user of key remedies)][Sometimes (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Far reaching limitations of the supplier's liability for malfunctioning cloud services (including depriving the user of key remedies)][Often (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Far reaching limitations of the supplier's liability for malfunctioning cloud services (including depriving the user of key remedies)][Always (Y / N)]
Y

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Far reaching limitations of the supplier's liability for malfunctioning cloud services (including depriving the user of key remedies)][Why?]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Other (please explain)][Never (Y[es] or N[no])]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Other (please explain)][Sometimes (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Other (please explain)][Often (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Other (please explain)][Always (Y / N)]

Have you encountered any of the following contractual practices in relation to cloud based services? In your view, to what extent could those practices hamper the uptake of cloud based services? Please explain your reasoning.

General Data Protection Answering Guide: Contracts: To our knowledge there is no cloud service, at least not on a consumer-facing level, which allows for any sort of negotiation regarding contractual terms and conditions. Terms and conditions are a rigid set of rules to which the user can either accept altogether or just forget about using that specific service. Free consent is impossible.

Switching: Although some email providers and most file and web hosting providers have allowed for ways to switch data from one service to another, this is not the case in relation to, for example, social network providers.

The question on modifying the cloud service is not clear.

Limitations of liability: Microsoft's services agreement has a limit of $10 for any damages in relation to services provided without financial transaction and the monthly services fee, in case of services provided for a financial fee (correct as of 18 November)

[Other (please explain)][Why?]

What are the main benefits of a specific European Open Science Cloud which would facilitate access and make publicly funded research data re-useable?

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

[Making science more reliable by better quality assurance of the data]

What are the main benefits of a specific European Open Science Cloud which would facilitate access and make publicly funded research data re-useable?

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

[Making science more efficient by better sharing of resources at national and international level]

What are the main benefits of a specific European Open Science Cloud which would facilitate access and make publicly funded research data re-useable?

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

[Making science more efficient by leading faster to scientific discoveries and insights]

What are the main benefits of a specific European Open Science Cloud which would facilitate access and make publicly funded research data re-useable?

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

[Creating economic benefits through better access to data by economic operators]

What are the main benefits of a specific European Open Science Cloud which would facilitate access and make publicly funded research data re-useable?

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

[Making science more responsive to quickly tackle societal challenges]

What are the main benefits of a specific European Open Science Cloud which would facilitate access and make publicly funded research data re-useable?

General Answering Guide: This is obviously a leading question, but insofar as a “European Open Science Cloud” were to facilitate access and make available publicly-funded research reuseable, then all of the envisaged outcomes are possible.

[Other]
The Commission has "helpfully" answered its own question. Apparently it would "facilitate access and make publicly funded research data re-useable". There is no logical reason why it could not achieve any of the other stated benefits.

Would model contracts for cloud service providers be a useful tool for building trust in cloud services?

General Answering Guide: Model contracts could ensure that there is a harmonisation for these services across all countries. However, a close supervision by public authorities would be needed to ensure that all angles (data protection, consumer rights...) are covered and that the implementation of these contracts provide redress systems for citizens in case a violation occurs.

Yes [Y]
Would your answer differ for consumer and commercial (i.e. business to business) cloud contracts? No [N]
What approach would you prefer? /
Please share your general comments or ideas regarding data, cloud computing and the topics addressed in this section of the questionnaire: