26 Sep 2018

Will the evaluation of the net neutrality rules be balanced?

By Bits of Freedom

In August 2018, EDRi, together with nine other NGOs, at the initiative of our Dutch Member Bits of Freedom, asked the European Commission if it is possible to do independent research on the implementation of EU rules on net neutrality without being independent. The letter followed the award of a research contract to a law firm involved in net neutrality litigation. The Commission claims there is nothing to worry about. On 18 September 2018, a letter to follow up on the request was sent to the Commission.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

(In)dependent researchers

The European Commission intends to issue an implementation report on the EU rules on net neutrality by April 2019. As previously reported in the EDRi-gram, the study on which the evaluation will rely on has been awarded to the law firm Bird & Bird, in consortium with the research and consultancy company Ecorys. In EU Member States like the Netherlands, Bird & Bird represents most major telecom operators on matters related to the telecommunications regulatory framework, including net neutrality. For example, Bird & Bird represents T-Mobile in the pending court case that EDRi member Bits of Freedom has initiated against the decision of the Dutch Regulatory Authority ACM not to take action against T-Mobile’s zero-rating offer.

In our open letter to the European Commission, we expressed our concerns about the study of the implementation of the net neutrality rules. Our letter focused on the possible conflicts of interest of the lawyers in charge of the study, as well as the risk of an unbalanced report.

European Commission: “Nothing to worry about”

The European Commission’s reply was surprisingly speedy and extensive. In its reaction, the Commission tried to convince us that all is well; there are all sorts of rules that the researchers are bound by and which should guarantee their independence and impartiality. For instance, the documents that are central to the study should be stored safely, the lawyers should be transparent about the court cases they’re involved in, and regulators should be able to check that “all the facts, cases and case law have been represented fully and correctly”.

Better to exclude risks in advance

We appreciate the letter by the Commission, but we think that they can do better. We have therefore sent a new letter to the European Commission in which we offer two solutions to prevent potential conflicts of interest in the future. First of all, we urge not to commission a study covering specific rules to a law firm like Bird & Bird, which is involved in a court case about those same rules, at the time of the study. The Commission seems to believe that this solution would limit them to only using researchers with solely theoretical knowledge. We think this an exaggeration as Europe can take pride of having a choice between a wide range of experts, including experts on net neutrality.

If this solution cannot be implemented, we suggested that the Commission should at least make sure that the lawyers who are involved in a particular study work be located in a different office than their colleagues working on an ongoing case that touches on the same subject. Regarding the study into the net neutrality rules, it just so happens that several of the lawyers involved in the study for the Commission, work from Bird & Bird’s offices in The Hague. This happens to be the same office where the lawyer who represents T-Mobile in the case on zero-rating.

Curious about the report

Even though our suggestions deal mainly with how to sensibly conduct research into the effects of European law, we are most of all curious about the study that will evaluate EU net neutrality rules. It is not completely clear when the Commission will publish the study, but we will examine it closely. There is one thing that should be obvious from the evaluation: the current rules do not protect citizens and businesses from harmful practices like zero rating.

This article is an adaptation of the article published by EDRi-member Bits of Freedom and translated from Dutch by Bits of Freedom volunteer Tim Rijk.

Can you do independent research without being independent? (29.08.2018)

Bits of Freedom: Open Letter to the European Commission on net neutrality study (29.08.2018)

Is the evaluation of the net neutrality rules balanced? The European Commission thinks so (20.09.2018)

Open Letter replying to the response of the European Commission on net neutrality study (18.09.2018)

Bits of Freedom’s court case about zero rating (06.08.2018)

(Contribution by Rejo Zenger, EDRi member Bits of Freedom, the Netherlands)



26 Sep 2018

ECtHR gives a half-hearted victory against UK mass surveillance

By Chloé Berthélémy

On 13 September 2018, the European Court of Human Rights (ECtHR) delivered its ruling on the case brought by EDRi members Privacy International, Open Rights Group and other NGOs against the United Kingdom. The Court found several violations of the European Convention on Human Rights in three UK mass surveillance programmes.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

The Court’s judgment is that is the “quality of law” criterion for such interferences was not respected and that the procedures were incapable of keeping the interference with fundamental rights to what was “necessary in a democratic society”. It also acknowledges the value of bulk interception of data as a means for national authorities to “achieve the legitimate aim of protecting national security”. Some analysis of the ruling seems to echo previous concerns that the European Court of Human Rights has a more permissive approach towards indiscriminate data storage compared with the Court of Justice of the European Union (CJEU).

One of the many Snowden’s legacies

The present case was brought before the Court after the disclosures by Edward Snowden of surveillance and intelligence sharing programmes operated by the intelligence services of the United States and the UK. A coalition of human rights and journalists associations including two EDRi members, Privacy International and Open Rights Group, challenged three secret surveillance regimes introduced by the UK’s Regulation of Investigatory Powers Act (RIPA) in 2000. The case was originally referred to the UK’s Investigatory Powers Tribunal (IPT), a specialised court which was set up by the RIPA as a remedy for victims of unlawful interception of their communications by security and intelligence agencies. The IPT only found technical breaches. An appeal was therefore filed in 2015 before the ECtHR to challenge its findings.

The Court examined the three types of surveillance regimes:

  1. the bulk interception of communications data;
  2. the intelligence sharing regime allowing the UK’s authorities to obtain data intercepted by foreign governments, for instance the US National Security Agency; and
  3. the acquisition of communications data from Communication Service Providers (CSPs), such as telecommunications operators.

What’s positive about the Court’s ruling?

The Court held that both the bulk interception regime and its provisions for obtaining communications data from CSPs violated Article 8 (right to privacy) and 10 (freedom of expression) of the European Convention on Human Rights. After intercepting communications traffic flowing through British cables, the intelligence services use search criteria and other selecting tools to filter the data and to examine the most relevant material. The Court found that there were not enough safeguards governing this selection process, pointing notably to the lack of independent oversight.

When assessing the UK’s mass interception regimes in light of Article 10, the Court considered that the absence of restrictions for intelligence services in the handling of intercepted and selected confidential journalistic material was a violation of the right to freedom of expression. Indeed, the Court further recognised that this unlimited power to search journalists’ communications, including with their sources, could have a “potential chilling effect…on the freedom of the press” (cf. paragraph 495). In addition, the Court considered that having access to journalist communications data and content under RIPA was not subject to prior review by an independent or judicial body, thus infringing Article 8 of the European Convention on Human Rights.

Another important contribution of the judgement to the general debate on data protection is also its treatment of metadata in comparison to the communications content. Metadata gather all the information around the communication except its content, that is to say the source (name, location, IP address), the destination, the date, the time and the type of communications (messaging service). The Court emphasises that collecting metadata is no less intrusive than collecting content data as it can well reveal a lot about a person’s life and infringe her/his right to privacy. As a result, metadata deserves an equivalent level of protection.

This conclusion was already reached by the CJEU in its Digital Rights Ireland and Tele 2-Watson cases, as metadata could reveal information “that is no less sensitive, having regard to the right to privacy, than the actual content of communications” (Paragraph 99, Tele2 ruling).

The conclusions of both courts will certainly help in future disputes over data collection, retention and access, such as for the current European Commission’s proposal on cross-border access to data. Where the two courts appear to diverge in opinion is the nature of the data collection – bulk or targeted – and its compatibility with fundamental rights.

Time to update the safeguarding criteria

Despite the positive aspects of the ruling, the Court describes the value of bulk interception, given the current threat level from global terrorism and serious crime. This was criticised by judges Koskelo and Turković in their partly concurring partly dissenting opinion recalling the “enormous risks of abuse” this type of surveillance involves. This position also departs from the CJEU ruling which stated that the data retention regime in question in the Tele2 ruling exceeded “the limits of what is strictly necessary”.

Worse still, the criteria that the ECtHR used to analyse the three UK surveillance regimes to ensure there are enough safeguards against abuse in place have been criticised for being outdated. These criteria, developed 12 years ago, are arguably outdated considering the emergence of new technologies and surveillance techniques. Pointing out to the shortcomings of the criteria, judges Koskelo and Turković question the reason why “prior independent control by a judicial authority should not be a necessary requirement in the system of safeguards” in the Court’s examination.

This is not the end of the story

The judgment is not final because the parties to the case can ask for a referral to the ECtHR Grand Chamber. In addition, the RIPA is actually no longer valid as it was replaced 2016 by the Investigatory Powers Act (IPA), meaning that the Court did not take into consideration the new legal text. In light of this judgment, the British government will have to revise the IPA, as the law substantially extended the intelligence services’ powers and their demands on service providers.

UK mass interception law violates human rights – but the fight against mass surveillance continues (13.09.2018)

Big Brother Watch v UK – implications for the Investigatory Powers Act? (13.09.2018) https://www.cyberleagle.com/2018/09/big-brother-watch-v-uk-implications-for.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Cyberleagle+%28Cyberleagle%29

Blanket data retention is illegal under EU law, court says (21.12.2017)

Analysis of the ECtHR judgment in Big Brother Watch: part 1 (16.09.2018) https://eulawanalysis.blogspot.com/2018/09/analysis-of-ecthr-judgment-in-big.html

Mass surveillance in the CJEU: forging a European consensus (07.2017)

(Contribution by Chloé Berthélémy, EDRi intern)



26 Sep 2018

Five reasons to be concerned about the Council ePrivacy draft

By IT-Pol

On 19 October 2017, the European Parliament’s LIBE Committee adopted its report on the ePrivacy Regulation. The amendments improve the original proposal by strengthening confidentiality requirements for electronic communication services, and include a ban on tracking walls, legally binding signals for giving or refusing consent to online tracking, and privacy by design requirements for web browsers and apps. Before trilogue negotiations can start, the Council of the European Union (the Member States’ governments) must adopt its “general approach”. The Council Presidency, currently held by Austria, is tasked with securing a compromise among the Member States. This article analyses the most recent draft text from the Austrian Council Presidency 12336/18.

Further processing of electronic communications metadata

The current ePrivacy Directive only allows processing of electronic communications metadata for specific purposes given in the Directive, such as billing. The draft Council ePrivacy text in Article 6(2a) introduces further processing for compatible purposes similar to Article 6(4) of the General Data Protection Regulation (GDPR). This further processing must be based on pseudonymous data, profiling individual users is not allowed, and the Data Protection Authority must be consulted.

Despite these safeguards, this new element represents a huge departure from the current ePrivacy Directive, since the electronic communications service provider will determine what constitutes a compatible purpose. The proposal comes very close to introducing “legitimate interest” loophole as a legal basis for processing sensitive electronic communications metadata. Formally, the further processing must be subject to the original legal basis, but what this means in the ePrivacy context is not entirely clear, since the main legal basis is a specific provision in the Regulation, such as processing for billing or calculating interconnection payments or maintaining or restoring the security of electronic communications networks.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

An example of further processing could be tracking mobile phone users for “smart city” applications such as traffic planning or monitoring travel patterns of tourists via their mobile phone. Even though the purpose of the processing must be obtaining aggregate information, and not targeting individual users, metadata will still be retained for the individual users in identifiable form in order to link existing data records with new data records (using a persistent pseudonymous identifier). Therefore, it becomes a form of voluntary data retention. The mandatory safeguard of pseudonymisation does not prevent the electronic communications service provider from subsequently identifying individual users if law enforcement authorities obtain a court order for access to retained data on individual users.

Communications data only protected in transit

Whereas the text adopted by the European Parliament specifically amends the Commission proposal to ensure that electronic communications data is protected under the ePrivacy Regulation after it has been received, the Council text clarifies that the protection only applies in transit. After the communication has been received by the end-user, the GDPR applies, which gives the service provider much greater flexibility in processing the electronic communication data for other purposes. For a number of modern electronic communications services, storage of electronic communication data on a central server (instead of on the end-user device) is an integral part of the service. An example is the transition from SMS (messages are stored on the phone) to modern messenger services such as WhatsApp or Facebook Messenger (stored on a central server). This makes it important that the protection under the ePrivacy Regulation applies to electronic communications data after it has been received. The Council text fails to address this urgent need.

Tracking walls

The European Parliament introduced a ban on tracking walls, that is the practice of denying users access to a website unless they consent to processing of personal data via cookies (typically tracking for targeted advertising) that is not necessary for providing the service requested.

The Council text goes in the opposite direction by specifically allowing tracking walls in Recital 20 for websites where the content is provided without a monetary payment if the website visitor is presented with an alternative option without this processing (tracking). This could be a subscription to an online news publication. The net effect of this is that personal data will become a commodity that can be traded for access to online news media or other online services. On the issue of tracking walls and coerced consent, the Council ePrivacy text may actually provide a lower level of protection than Article 7(4) of the GDPR, which specifically seeks to prevent that personal data can become the counter-performance for a contract. This is contrary to the stated aim of the ePrivacy Regulation.

Privacy settings and privacy by design

The Commission proposal requires web browsers to offer the option of preventing third parties from storing information in the browser (terminal equipment) or processing information already stored in the browser. An example of this could be an option to block third party cookies. The Council text proposes to delete Article 10 on privacy settings. The effect of this is that fewer users will become aware of privacy settings that protect them from leaking information about their online behaviour to third parties and that software may be placed on the market that does not even offer the user the possibility of blocking data leakage to third parties.

Data retention

Article 15(1) of the current ePrivacy Directive allows Member States to require data retention in national law. Under the case law of the Court of Justice of the European Union (CJEU) in Digital Rights Ireland (joined cases C-293/12 and C-594/12) and Tele2 (joined cases C-203/15 and C-698/15), this data retention must be targeted rather than general and undifferentiated (blanket data retention). In the Commission proposal for the ePrivacy Regulation, Article 11 on restrictions is very similar to Article 15(1) of the current Directive.

In the Council text, Article 2(2)(aa) excludes activities concerning national security and defence from the scope of the ePrivacy Regulation. This includes processing performed by electronic communications service providers when assisting competent authorities in relation to national security or defence, for example retaining metadata (or even communications content) that would otherwise be erased or not generated in the first place. The effect of this is that data retention for national security purposes would be entirely outside the scope of the ePrivacy Regulation and, potentially, the case law of the CJEU on data retention. This circumvents a key part of the Tele2 ruling where the CJEU notes (para 73) that the protection under the ePrivacy Directive would be deprived of its purpose if certain restrictions on the rights to confidentiality of communication and data protection are excluded from the scope of the Directive.

If data retention (or any other processing) for national security purposes is outside the scope of the ePrivacy Regulation, it is unclear whether such data retention is instead subject to the GDPR, and must satisfy the conditions of GDPR Article 23 (which is very similar to Article 11 of the proposed ePrivacy Regulation), or whether it is completely outside the scope of EU law. The Council text would therefore create substantial legal uncertainty for data retention in Member States’ national law, undoubtedly to the detriment of the fundamental rights of many European citizens.

Proposal for a Regulation concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC – Examination of the Presidency text (20.09.2018)

e-Privacy: What happened and what happens next (29.11.2017)

EU Member States fight to retain data retention in place despite CJEU rulings (02.05.2018)

EU Council considers undermining ePrivacy (25.07.2018)

Civil society letter to WP TELE on the ePrivacy Regulation (24.09.2018)

(Contribution by Jesper Lund, EDRi member IT-Pol, Denmark)



12 Sep 2018

How the online tracking industry “informs” policy makers

By Yannic Blaschke

Following the entry into force of the General Data Protection Regulation (GDPR), the online advertising industry’s lobbying efforts moved to undermining the ePrivacy Regulation proposal. The Regulation, building on the GDPR, is designed to provide more specific provisions related to privacy and confidentiality of communications in the context of e-communications.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

For example, the ePrivacy Regulation will regulate the way in which online tracking companies operate and how the privacy of individuals can be further protected. In this context, lobbying groups for the booming online stalking industry are doing everything they can to label the protection of citizen’s privacy rights as harmful for the digital economy. As recent evidence shows, these efforts do not even stop at providing European Union policy makers with information that appears designed to mislead.

In a Euractiv.com op-ed, Dr. Johnny Ryan (Chief Policy & Industry Relations Officer at Brave Software), explained that “research” circulated by lobby group IAB Europe was dubious, at best. The “research” misleadingly misrepresented the revenues collected by European publishers from behavioural advertising, by including the advertising revenues of Google and Facebook – two powerful members of IAB (Google is a direct member, Facebook is taking part through its subsidiary company Atlas) who, in relation to this activity, are clearly not “publishers” in the sense of traditional news outlets.

In this context, it is all the more misleading that the research report spread by the IAB in September 2017 crams tech-giants and media-outlets together into the category of ‘publishers’. In an earlier position paper, the IAB stated that the proposed ePrivacy regulation would “derail European digital media outlets by significantly undermining their ability to generate enough revenue to create and provide free online content and services”. However, as Dr. Ryan reports, only a fraction of the claimed 10,6 billion euro revenue that European publishers allegedly made with behavioural advertising in 2016 actually goes to journalists and creative content providers.

Actively confusing the revenue of these actual publishers with the vast sums harvested by Google and Facebook through stalking online browsing behaviour (and, we have since learned, staking people’s location offline also), appears more than a little cynical. It is also a critical omission of information that reflects badly on the IAB’s respect for its oath to provide complete and non-misleading information, which they made as part of their registration for the EU Transparency Register. While the main advocate for companies whose aim it is to monitor European citizens’ every step on the internet has proved a flexible attitude to factual reporting in the past, this incident reaches a new level of flexibility with the truth.

EU parliamentarians and EU Member States need to question the supposed ‘economic value’ of ubiquitous monitoring on their voters. All the more, the evidence should also serve as a warning to the Austrian Council Presidency, which has pledged to “ensure strong privacy protection in electronic communications while also taking into account development opportunities for innovative services”. As it has been demonstrated, the alleged ‘development opportunities’ of behavioural advertising in the EU are mainly to the benefit of advertising duopoly. Will the Austrian presidency live up to its motto of a “Europe that protects” by supporting a strong ePrivacy regime?

Read more:

ePrivacy: Over-regulation or opportunity? (07.09.2018)

EU Council considers undermining ePrivacy (25.07.2018)

Your ePrivacy is nobody else’s business (30.05.2018)

Five things the online tracking industry gets wrong (13.09.2017)

Massive lobby against personal communications security has started (27.07.2016)

(Contribution by Yanic Blaschke, EDRi intern)



12 Sep 2018

Big Brother Awards 2018 Italy

By Hermes Center

The 2018 Italian edition of the Big Brother Awards was held in Bologna on 8 June 2018, with the support of a grant from the European Digital Rights Fund. The award ceremony took place during the 23rd edition of the E-privacy conference.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

The winners of the Italian Big Brother Awards 2018

Technological Threat:

The award was shared among:
● Amazon AWS IoT Services
● Google Cloud IoT
● Particle Industries, Inc.

The above companies sell IoT (internet of things) development and management services to IoT device developers and sellers. By doing so they create “walled gardens” where adopters and their users are captive, and they become a hub of data transmission from all devices.

National threat: Italian Parliament.

With no discussion at all, the Parliament silently inserted mandatory 6-year storage of telecommunications data and extended provisions on internet traffic data storage into a law pertaining to elevator safety rules.

International Threat: and Lifelong Threat: (Surprise, surprise!) Facebook

The win comes thanks to the Cambridge Analytica affair. Skipping technicalities, here is an extract from the prize explanation:

Is this a credible representation of the original: The recent scandals have led its founder [Mark Zuckerberg] to show disarming honesty. In a public hearing in the US Congress he showed the true nature of Facebook, which is not a social one but “Senator, we run ads”.”

Privacy Hero: Altroconsumo
The Italian consumer advocacy organization Altroconsumo that started the first consumer class action
against Facebook, asking for compensation due to unauthorized use of their personal data.

The full video of the ceremony (in Italian) can be accessed on the e-privacy site or directly on this link.

Read more:

Big Brother Awards – tips and materials for organisers (02.05.2018)

(Contribution by Hermes Center, EDRi member, Italy)



12 Sep 2018

Media reforms in Macedonia delayed due to more pressing security issues

By Metamorphosis

Recent political developments have affected the implementation of the reforms in the area of freedom of expression in Macedonia. The focus of government institutions on overcoming political obstacles to joining NATO and the EU had put most other reforms on the backburner.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

The political tension in the Republic of Macedonia has increased in recent months ahead of the referendum, scheduled for 30 September 2018, which will enable the voters to express their opinion on the agreement signed with Greece in June in order to solve the long-standing name dispute. Fulfilment of the agreement includes change of the name of the country to Republic of North Macedonia, which is precondition for lifting the Greek veto that had been preventing Macedonia from joining NATO and the EU. Joining these alliances had been a long-term strategic goal of the country, in particular as a safeguard against internal and regional security threats.

Civil society organisations dealing with media had warned that changes to the electoral code made in July 2018, ahead of the crucial September referendum on NATO and EU accession, would re-introduce government-funded advertising in the media, which was abolished as one of the first steps of the overall long-term reform process.

In order to fulfil the conditions for accession to the European Union, Macedonia is required to continue the process of institutional changes, based on the Urgent Reform Priorities set by the EU in 2016. The URP include re-examining of the legal framework affecting freedom of expression. The four key urgent reform priorities area in the field of media and freedom of expression include:

1. Reform of the Public Broadcasting Service (PBS) in order to ensure its independence and increase the quality of its reporting and overall content production.
2. Establishing mechanisms for transparency and accountability with regard to government advertising.
3. Addressing the main obstacles which journalists face in obtaining access to public information.
4. Revising the legal and procedural rules related to defamation, and promotion of self-regulation and arbitration as alternative to court actions.

The pace of these reforms, which started in June 2017, when the new, pro-EU and pro-NATO government came into power, has been uneven and incomplete. According to the most recent periodical report by the Observatory of Media Reforms (OMR), a monitoring project by EDRi member Metamorphosis and partner civil society organisations PINA and Agora, most of the reforms had been only “partially fulfilled,” and some, like defamation legislation, has not been tackled at all.

Reform of the PBS at a standstill

The reform of the PBS is related to a wider reform of several so-called ‘media laws’ (Law on media, Law on audio and audiovisual media services, etc.) which also affect the composition and the mandate of governing bodies of the PBS and of regulatory institutions, in particular the Agency for Audio and Audiovisual Media Services. While the government has started the process of changing these laws, by the summer of 2018 it has come to a standstill due to complex set of influences.The government mainly has been pointing to filibustering by the parliamentary opposition as key obstacle, blaming the former ruling party for attempting to keep in office the members of governing bodies appointed by them. However, civil society has stressed the need to build public consensus on the final form of these laws in order to prevent setting legal loopholes which would enable the executive to exert undue power.

Meanwhile, the situation in the PBS Macedonian Radio and Television has been deteriorating, as it has been failing in its basic task to strengthen the cohesion of the society by providing unbiased information catering to the needs of all citizens, including various ethnic communities. Research by the OMR revealed severe lack of capacities, both financial and technical, including human resources.

Government advertising halted, then reintroduced with Electoral Code amendments

In August 2017, the government declared that it will cease commercial advertising in the media and that it would continue to communicate with the public through the PBS and its social media presences, including sponsored Facebook ads. While not providing explanations about several specific issues within this area, for the most part of its first year in power it indeed ceased the flow of public money into private media, which was a key source of media corruption during the previous decade.
Legislative changes to the Electoral Code related to the implementation of the referendum, passed through fast-track procedure in July 2018, include provisions that the State Election Commission (SEC) can impose fines on the media for ‘unbalanced reporting’ and allow use of taxpayers’ money by state bodies for media campaigns.

Fearing that new legislation can “legitimize political propaganda in the media paid for by taxpayers’ money” several civil society organizations—the Association of Journalists of Macedonia (AJM), the Independent Union of Journalists and Media Workers (SSNM), the Council on Media Ethics in Macedonia (CMEM), Macedonian Institute for Media (MIM) and the Institute of Communication Studies (IKS)—condemned the interpretation of the new legislation by the SEC.

These organisations also started advocacy efforts warning various stakeholders about the possible negative consequences, which had been supported by European Federation of Journalists, and alerted the Council of Europe. AJM “expressed great concern about the recent amendments to the Election Code for the legalization of political propaganda in the media with public money and the indirect regulation of the online media, which could have a negative effect on the freedom of the media.”

Delayed consultations on Freedom of Information Law and other laws stalled

In August 2017, the Macedonian government started “addressing the main obstacles which journalists face in obtaining public information” by declassifying a range of documents which had previously been classified within the state institutions. It also provided free access for journalists to public interest databases owned by two state institutions.

The journalist community also demanded amending the Law for Free Access to Information of Public Character, in particular in regards to shortening the response deadlines. While the government indeed started the process of legislative changes, including public consultations on this law from January 2018, its conclusion is still pending. As the draft law has not yet been proposed, the Observatory rated this priority “partially fulfilled.”

In addition, no revision of the regulations related to defamation has been launched, in particular with regard to the Law for Civic Responsibility for Libel and Insult, as well as related procedural rules, which need to be aligned with the practice of the European Court of Human Rights, and the recommendation of the Senior Experts’ Group on systemic Rule of Law issues led by former European Commissioner Reinhard Priebe. While it expressed strong political will to support the self-regulation mechanisms, the government had not adopted concrete measures to do so. The Observatory considered this priority “completely unfulfilled.”

Like with other reform processes that had been put on hold due to the most urgent priority in recent history of Republic of Macedonia, the changes of media legislature are expected to continue after the 30 September referendum.

Read more:

Observatory of Media Reforms – OMR (available in Macedonian and Albanian only)

Current Media Laws, on the website of the Agency for Audio and Audiovisual Media Services

Changes of media legislation in Macedonia are guided by the Urgent Reform Priorities

Urgent Reform Priorities

Experts and journalists target AAVMU bill once again (19.04.2018)

Final Agreement for the Settlement on the Name Issue (11.06.2018)

Manchevski: The opposition has been filibustering the media laws for four months (12.06.2018)

SEC has no right to impose media presentation for the referendum (07.08.2018)

Macedonia: Election Commission authorized to fine media for ‘Unbalanced Reporting’ (13.08.2018)

MTV is on life support, has weak video signal and the secondary audio programming is nowhere near implementation (30.11.2017)

(Contribution by EDRi member Matamorphosis, Macedonia)



12 Sep 2018

Press Release: EU Parliament flip-flops backwards on copyright


On 12 September 2018, the European Parliament (EP) adopted amendments to the European Commission’s draft EU Copyright Directive, as a result of the EP’s previous rejection of the Legal Affairs Committee’s proposals as basis for negotiations with the EU Council.

The Parliament’s today vote represents a backwards flip-flop to supporting measures which it had previously dismissed.

Negotiations will start between the Parliament and the EU Council: a proposal that coerces internet companies into monitoring, filtering and blocking our uploads versus one that more explicitly forces internet companies into monitoring, filtering and blocking our uploads. The result will be a cocktail of both poisons, to be put to a final vote just a few short months before the 2019 European Parliament elections.

– said Diego Naranjo, EDRi Senior Policy Analyst

The aftermath of a law that regulates all internet companies in Europe as if they were Google and Facebook is clear: an internet in Europe where only Google and Facebook can survive. If such policies are approved, the Copyright Directive reform will be an act of outstanding self-harm for both European citizens and European businesses.

EDRi will continue to follow closely with the file’s next steps and advocate for putting Europeans’ rights and freedoms at the forefront of the negotiations with EU’s Council on the Copyright Directive reform. Next step: the final vote on the agreement between the Council and Parliament – expected in January 2019.



Read more:

Copyright: Compulsory filtering instead of obligatory filtering – a compromise? [4.09.2018]

Press Release: EU Parliamentarians support an open, democratic debate on Copyright Directive [05.07.2018]

Moving Parliament’s copyright discussions into the public domain [27.06.2018]

Copyright reform: Document pool


12 Sep 2018

Joint Press Release: EU Terrorism Regulation – an EU election tactic


The European Commission’s apparently endless stream of “solutions” to stop the spread of online terrorist content has today been complemented by yet another measure, a draft Regulation.

Despite a pile of existing tools and expired implementation deadlines, the European Commission has hurriedly published, under the pressure of Germany and France, a new Regulation that addresses (yet again) deleting or disabling access to terrorist content by online companies. The alleged urgency and importance of this proposal need to be seen in the context of the upcoming European elections and terrorism as a leading election topic in recent years.

“Eight months away from the EU elections, it is regrettable that the Commission proposes (yet again) new legislation with minimal regard for effectiveness or for fundamental rights – the pillars of our democracy,”

said Maryant Fernández Pérez, Senior Policy Advisor at European Digital Rights (EDRi).

“The Commission has an obligation under the Terrorism Directive to assess its impact on human rights by 2021. Instead of analysing the impact of existing initiatives, the Commission has proposed yet more ill-defined measures,” she added.

The proposal contains three main measures to address alleged “terrorist” content.

  • First, it creates orders issued by (undefined) national authorities to remove or disable access to illegal terrorist content within an hour.
  • Second, competent authorities can choose to make referrals of terrorist-related potential breaches of companies’ terms of service that would be subject to the voluntary consideration of the companies themselves.
  • Third, it legislates on (undefined) proactive measures that can lead to an authority requesting a general monitoring obligation.

This means that for the first time, the Commission is proposing the possibility of an explicit derogation from Article 15 of the e-commerce Directive which prevents governments from requiring internet companies to monitor everything we say and publish online.

“The Commission’s proposal fails to provide any meaningful evidence on how this regulation will prevent the dissemination of alleged terrorist content online while it puts fundamental rights such as freedom of expression and privacy at risk”

said Fanny Hidvegi, European Policy Manager at Access Now.

“The EU Commission should not make the usual mistake of rushing legislation under the political pressure of Member States and the upcoming European elections.”, she added.

The proposed Regulation follows the release of a Communication on removal of online illegal content in 2017, a similar Recommendation  in March 2018, pressure on the Commission from Germany and France in April 2018 and the September 2018 deadline for the implementation of the Terrorism Directive that already covers blocking and removals of terrorist content.

Further, the proposed Regulation builds on the internationally criticised EU’s headlong rush to implement one-size-fits-all automated content filters to somehow solve diverse types of illegal content online. This is a topic that will not only, it appears, serve as a fruitful platform for European election candidates, but also as a normalisation discourse on the privatisation of law enforcement in the hands of internet giants.

European Digital Rights (EDRi) and Access Now will follow closely the development of the file in the upcoming period and work to create a sustainable approach to tackling the spread of online terrorist content that does not keep watering down people’s existing rights and freedoms.

Read more:

Proposal for a Regulation of the European Parliament and of the Council on preventing the dissemination of terrorist content online

LEAK: France & Germany demand more censorship from internet companies [07.06.2018]

Commission’s position on tackling illegal content online is contradictory and dangerous for free speech [28.09.2017]

EU Commission’s Recommendation: Let’s put internet giants in charge of censoring Europe [1.03.2018]

Terrorism Directive – Document Pool


11 Sep 2018

Anatomy of a Commission press campaign. Case study: Terrorist Content Regulation

By Joe McNamee

On 12 September, the European Commission will propose a new legislative tool: the Regulation on preventing dissemination of “terrorist content”. However, the Commission is politically very exposed due to its incoherent approach to illegal content online. In an attempt to mitigate a possible critical public opinion, the European Commission is trying to engage strategically with the press so that it only reports positively on the Commission’s spin.

The Commission launched a first press cycle in August, which is a quiet news month, where journalists have difficulty finding stories. It informally fed the story to the Financial Times, with no detail, about how it was going to “get tough” (again!) on internet companies. That caused a press cycle that reflected the Commission’s spin with no other information available from other sources.

Then, on 12 September, the Commission is expected to launch the proposal, using Commission President Juncker’s “state of the union” speech to distract the public attention from anything but the most superficial details. We expect the Commission to overwhelm journalists with publication of an unmanageable amount of documents:

  • the proposal, its explanatory memorandum and annex;
  • an impact assessment listing the various options that were nominally “reviewed” before the political choice to have a Regulation was chosen;
  • the outcome of the public consultation on illegal content online, divided between the various stakeholder groups and spin by the Commission;
  • and, of course, a press release about getting tough on internet companies and, yet again, about the Commission getting tough on terror.

Journalists will have no option but running a story that sets out only the Commission’s approach to the regulation. That’s the second press cycle. A third press cycle could be one where journalists would have the time to do a critical analysis of what is proposed. The problem is that European proposals do not get three press cycles.

After being told by French and German Interior Ministers to prepare an EU Regulation on preventing dissemination of “terrorist content”, the European Commission got to work over the summer this year. This is a political problem for the Commission because Commissioners took an oath not to receive such instruction. Worse still, the Commission has consistently failed to provide a comprehensive approach to tackling illegal content online based on evidence, not on political spin.

For example, we can highlight:

Worse still, the Regulation is the third instrument (not including the Terrorism Directive, which was due to be implemented by Member States by 8 September) launched in a vacuum of research in the past 12 months. Such evidence-free policy-making stands in glaring contradiction with the Commission’s “Better Regulation Agenda”.

So, how can the Commission get good publicity out of the new Regulation, while avoiding scrutiny of the apparent failure of the other conveyor belt of instruments it launched in recent years? Simple but rigorous press management is all that is needed, apparently.


11 Sep 2018

Deconstructing an MEP’s support for the Copyright Directive

By Joe McNamee

After the European Parliament voted against the negotiating mandate for the Copyright Directive, the assistant of a Member of the European Parliament,one of its supporters, wrote to a voter to explain why she supports the proposal.

Shortly before the UK leaves the European Union, she explains why she wants this legislation to be imposed on the countries that are staying. The e-mail provides interesting insights into why these bad policies are being supported, the main insight being that support is based on myths and fallacies.

The protection of individual user data and the freedom to access and share news and articles online are of paramount concern to Labour MEPs and they are committed to ensure that these freedoms are maintained and strengthened. Therefore, citizens’ concerns surrounding these issues will be at the forefront of Labour MEPs minds as the legislative proposals pass through the European Parliament.

The proposals have been discussed for two years and the MEP voted to end discussions in the European Parliament. She voted instead to start secretive closed-door meetings (“trilogues”) with the EU Member States. Once such confidential discussions end, the Parliament is always under severe pressure to accept the entire “compromise” deal. Even if (having voted for a negotiating mandate for a text that unquestionably would restrict the right to share news online), these issues were at the forefront of MEPs’ minds, there would be, in practice, nothing they could do to mitigate the damage done by the negotiating mandate.

In reforming EU copyright rules, the European Commission has aimed to make outdated rules suitable for the digital era, as they currently do not offer enough protection against piracy and the use of content without proper remuneration. At the same time, this will be balanced by offering citizens greater legal certainty when accessing content online.

Even if the European Commission “aimed” to update outdated rules, this does not mean that they succeeded, nor should the policies be unquestioningly supported. The job of the Parliament is not to blindly support the European Commission. The reference to “accessing” content is very telling – Article 13 is about using the internet to share, create and communicate – not “access” content, like one accesses TV stations. This is precisely why the Directive is not an “update”, but an attempt to wind back the clock to a viewer/producer model to a time before the open internet.

The “Press Publishers Right,” found in Article 11 of the current proposal would be an important step to protect our free and professional press, if adopted by the European Parliament, as it will ensure that they would receive proper remuneration for the online exploitation of their content.”

When this “right” was introduced in Spain, the biggest news aggregator (Google News) shut down, to the detriment of smaller news publishers.

When this “right” was introduced in Germany, the biggest news aggregator (Google News) was allowed not to pay, to the detriment of smaller news aggregators.

It is simply and demonstrably false to argue that this “would be an important” step in protecting the free and professional press, when experience shows that this is not true.

The proposals would give press publishers the same rights as individual journalists and photographers to license their content. Whilst examining this proposal, Labour MEPs have paid particular attention to ensure that no liability is attributed to individual users, but rather the service providers, such as social media platforms, who use content without a licence. Article 11 does not create a “link tax,” and using or sharing hyperlinks is explicitly excluded from the scope of the report.

No liability is attributed to individual users, because it is far easier to pursue a small number of social media companies than millions of individuals. By creating a new right for snippets of text, any quotation that is longer than short (whatever that means – the same quotation could be legal in one language and illegal in another), it becomes difficult to link because the link cannot be accompanied by a quotation indicating what can be found at that address. Worse still, any quotation that is longer than short would also fall under the filtering obligations in Article 13 of the Directive. So, any attempt to share quotations from news sources (unless from a state-sponsored propaganda outlet, for example) would be difficult, if not impossible. So much for supporting the “free and professional press”. RT if you agree…

Labour MEPs are also particularly conscious that whilst this right improves the position of press publishers, individual authors such as journalists should also benefit from the proposals and have therefore backed modifications to ensure that this is the case.

The implicit assertion that all journalists support this proposal is simply not correct.

Regarding the proposed Article 13, the aim is to provide legal clarity as to where the liability lies for copyrighted content uploaded on video platforms.

The aim is irrelevant, the actual text is all that is relevant. In any event, the assertion is factually untrue. Article 13 does not mention video platforms. The proposal covers all types of content (audio, text, image, etc) on all platforms covered by the unclear definition.

Under the Commission proposal, platforms such as YouTube and Daily Motion would be responsible for taking reasonable steps to ensure that any copyrighted content is either properly licensed or taken down.

The is the existing legal framework. The proposal is that upload filters (“content recognition technologies”) should be used to “prevent” content from being uploaded.

“This may necessitate the use of content recognition technologies, which are already used to ensure that inappropriate content such as hate speech or terrorist propaganda does not appear on video platforms and does not require any analysis of user data nor reveals the identity of the user.”

It is not possible to comply with the obligations in Article 13 without using upload filters. Therefore “it may necessitate” is misleading. It will necessitate upload filters – unquestionably

The reference to “already used” is misleading as upload filters are already used by the biggest providers, not by all providers. Just because Google does something – and lobbies for something – does not mean it is a good idea. It is interesting to note that the reference is to “inappropriate” (as defined by the platforms) and not “illegal” content, as defined by law.

“The content recognition technologies assess the content of the video alone, to ascertain whether or not it is, for instance, a popular music video which has not been licensed. In order to reassure individual users, the proposal envisages a complaints mechanism to ensure that users know why their content has constituted an infringement of copyright, and Labour MEPs support modifications to the proposal that would clarify that individual users will not be held liable for copyright infringement.”

Content recognition technologies would also be used to block quotations, parodies, memes, etc., not just if it was a complete music video. The proposal is that “identified” content be blocked, not only infringements.

Internet companies will only be obliged to implement a complaints mechanism if they remove content explicitly because of copyright law. If they say it is a “terms of service” violation, they could easy avoid the expense of implementing complaints. This is exactly what happens in relation to “hate speech” deleted under the European Commission’s hate speech code of conduct, for example.

Read more:

The EU gets another opportunity to improve copyright rules (25.07.2018)

EP Plenary on the Copyright Directive – Who voted what? (23.07.2018)

Press Release: EU Parliamentarians support an open, democratic debate on Copyright Directive (05.07.2018)

Copyright reform: Document pool