31 May 2017

ENDitorial: Consumer protection MEPs launch attack on consumers

By Joe McNamee

Documents leaked by Julia Reda, a Member the European Parliament (MEP) show that parliamentarians on the Committee on the Internal Market and Consumer Protection (IMCO), whose job it is to protect consumers and improve legal consistency in the EU, are planning an assault on citizens’ fundamental rights, legal coherence and even the ultimate authority of the Court of Justice of the European Union (CJEU) to interpret the EU law.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

The European People’s Party (EPP) parliamentarians in charge of the Copyright Directive in the Committees on Legal Affairs (JURI) and on Civil Liberties, Justice and Home Affairs (LIBE) are working hard to find meaningful compromises in addressing the most extreme parts of the European Commission’s proposal. However, this difficult work is being severely undermined by their colleagues in the IMCO Committee. According to the leaked documents, they proposed “compromise” amendments to the Copyright Directive. These amendments, supported by some parliamentarians from other political groups, attack:

a. Citizens’ fundamental rights

The proposed amendments would strip internet companies of their liability protections, forcing them to monitor, block, censor and delete uploads to the internet. European internet users would therefore face unpredictable restrictions on the legal content they upload or access on the internet, limiting their freedom of expression.

b. Legal coherence

If adopted, EU Member States would be required under EU law

  • NOT to impose general monitoring obligations on internet companies and
  • NOT to impose obligations to force internet companies to search for facts or circumstances indicating any illegal activities that might be happening on their networks, but, also
  • to impose a general monitoring obligation on internet companies to search through all uploads, to look for unauthorised material.

So, EU Member States would have a legal duty to impose general monitoring obligations AND a legal duty not to impose general monitoring obligations.

c. The authority of the CJEU

The CJEU was asked in the Netlog/Sabam case whether an obligation to filter all material on a social media platform is acceptable. In its decision, the Court declared that this is incompatible with the Charter of Fundamental Rights of the European Union.

The CJEU was asked in the Scarlet/Sabam case whether an obligation to filter all material in an internet access providers’ network is acceptable. The Court again declared that this is incompatible with the Charter of Fundamental Rights of the European Union.

The parliamentarians, using a loophole in the Court rulings suggested by the European Commission, are now proposing the filtering of all material uploaded to the internet in Europe, in exactly the way that the Court prohibited.

If you want to tell MEPs what you think, the list of members is here:

Or you can randomly choose an MEP to call about the issue here: https://savethememe.net/en

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

Killing parody, killing memes, killing the internet? (08.05.2017)

Copyright reform: Document pool

The Netlog and Scarlet/Sabam rulings & ACTA – what have we learned? (29.02.2012)

Scarlet v SABAM: a win for fundamental rights and Internet freedoms (30.11.2011)

(Contribution by Joe McNamee, EDRi)



31 May 2017

UK government pushes for companies to weaken encryption

By Guest author

The terrorist attack in Manchester on 22 May has led to a relaunch of the encryption debate in the UK.

In December 2016, the UK parliament passed the Investigatory Powers Act. This wide-ranging surveillance law gives government ministers the power to issue Technical Capability Notices (TCNs), which can force companies to modify their products.These powers could be directed at companies like WhatsApp to limit their encryption. The regulations would make the demands to attack end-to-end encryption a reality, explained Executive Director of EDRi member Open Rights Group (ORG) Jim Killock. For this power to take effect, the government needs to pass secondary legislation.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

In early May 2017, ORG leaked the government proposals, which had been sent to a few companies for a “targeted” consultation. These included details of how companies with 10 000 or more UK customers could be compelled to modify the security of their products and services to enable interception and metadata collection. While this power already existed under the Investigatory Powers Act, the regulation provides much more detail about what companies could be compelled to do if they are served with a TCN. Potentially, these notices could be used to oblige companies to introduce backdoors to end-to-end encryption, or put in place other security weaknesses, with little accountability. ORG believes that proposals which could affect everyone’s digital security should be open to public scrutiny. ORG and around 1 400 of its supporters made submissions to the consultation, which closed on 19 May.

After the suicide bombing at the Ariana Grande concert in Manchester, there have been news reports that the government will try to rush this secondary legislation through parliament after the general election in June.

The Conservative Party’s manifesto also includes proposals that would see increased regulation of the internet. Internet companies would be responsible for deciding whether user posted content is legal or not, and subsequently taking it down. This would inevitably lead to an increased number of takedowns as companies err on the side of caution and would have a serious impact on free speech.

Response to Consultation on Regulations of Technical Capability Notices

Selective, secret consultations have no place in open Government (05.05.2017)

Home Office consultation: Investigatory Powers (Technical Capability) Regulations 2017

UK government attacks encryption … again (05.04.2017)

UK’s mass surveillance law being rushed through legislative process (09.03.2017)

UK Draft Investigatory Powers Bill: Missed opportunity (18.11.2015)

UK: Report of the investigatory powers review (17.06.2015)

(Contribution by Pam Cowburn, EDRi member Open Rights Group, the United Kingdom)



31 May 2017

Irish police phone tapping undermines citizens’ rights

By Guest author

An Garda Síochána, the Irish police force has fallen, yet again, under public scrutiny for privacy violations of innocent citizens. An investigation by the Irish Independent newspaper has found that members of the public had their phones tapped without proper justification.

The widespread phone tapping was revealed after a senior officer tried to highlight his concerns about the legality of the covert surveillance. According to this account, he was put under pressure to listen in on private conversations of citizens without a necessary court order. When he raised the concerns about this activity with his superiors, the authorities sidelined him. He decided to take legal action, but the State avoided full extent of the phone tapping scandal being made public with agreeing to an out-of-court settlement.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

The practice of bypassing a strict protocol on listening in on private communications of citizens seems to be in place for at least a decade. The phones of innocent members of the public have been tapped because they were confused with criminals, and warrants for phone taps were being put in place where officers provided little or no documentation to support their justification. In one case, the motivation for the phone tap appeared to be political. The Garda management has now been forced to strengthen its controls in the light of the recent revelation.

The Irish police force already suffered from a terrible reputation with regard to respect of citizen’s rights. People have suffered the invasion of their privacy, not just by phone tapping, but also by long-term abuse of confidential information from the main police database system, known as PULSE. Leaks of private data and unjustified monitoring of citizens represent serious rights violations and undermine the trust in state authorities.

This latest scandal comes only a few months after a different Garda whistleblower was subjected to false child abuse allegations. A second Garda whistleblower has also complained about being subjected to similar unfounded accusations, claiming that “there is an ‘orchestrated system and culture’ among senior management of the force that dictates the treatment of whistleblowers”.

Exclusive: Inside the murky world of phone taps and Garda intelligence (29.05.2017)

Self-regulation: Irish police database – “some sort of social media” (10.04.2013)

(Contribution by Zarja Protner, EDRi intern)

31 May 2017

Romanian Parliament: EU Copyright reform does more harm than good

By Guest author

While the European Parliament is in the middle of its discussions about the European Commission’s proposal for a Directive on Copyright in the Digital Single Market, similar discussions are taking place in a number of Member State parliaments. The results of these conversations will influence the position that Member States take in the discussions in the Council of the European Union.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

A particularly interesting discussion has been unfolding over the past months in the Romanian Parliament, where, on 15 March, the IT&C Committee of the Chamber of Deputies organised a debate on the proposed Directive, in order to collect the views of different stakeholders. After the event, the Committee produced an opinion addressed to the European Affairs Committee of the Chamber of Deputies, which is the group responsible for drafting the final report of the Parliament on the package proposal. The members of the IT&C Committee unanimously voted against the European Commission’s Copyright proposal and advised to withdraw it in its entirety.

While this is not a heavyweight vote and as such not likely to be taken over as the Romanian Government’s position, it represents the first entirely negative advice issued by national policy makers in a Member State. It is therefore interesting to take a closer look at the arguments for rejection.

1. Fundamental problems in impact assessment and public consultations

The IT&C Committee’s report noted the insufficient impact assessment studies, which in their view do not provide adequate data for consolidating the European Commission’s proposal. It is also mentioned that although there have been public consultations, the results of these consultations was not taken into account for finalising the proposal, and the text does not correspond with points of view expressed by users.

2. Limitations on freedom of expression and privatisation of monitoring copyright enforcement

The report criticises Article 13 of the copyright proposal, highlighting the contradiction with EU law, namely the E-Commerce Directive. Additionally, the document reinforces the fact that content filtering techniques were declared by the European Court of Justice (decision C-360/10) to be in violation of the Charter of Fundamental Rights of the European Union.

At the same time, the report notes the high costs of implementing filtering techniques, and draws attention to the fact that it will severely affect digital start-ups. What’s more important, it states that filtering measures will not be able to recognise legal use of copyrighted works, which will lead to censoring of content such as parody and other activities permitted under exceptions to copyright.

3. The limited definition of the exceptions to copyright protection and limitations to innovation and market competition

The report states that the exception for using copyright protected works for educational purposes and the exception for text and data mining are too narrowly described in the copyright proposal. The education exception would only cover formal education establishments, and the text and data mining exception would only benefit non-profit research organisations. At the same time, the report notes that libraries are not considered as beneficiaries of these exceptions, even though it’s commonly known that there are libraries with research status.

4. Ancillary copyright

The IT&C Committee’s opinion on introducing new rights for publishers is that it might lead to legal uncertainty, and would impose additional costs for using excerpts or distributing links to digital content of press publications.

All the arguments presented during the public debate were incorporated into the IT&C Committee’s report. After the analysis, the unanimous conclusion of the report is that the copyright reform proposal will do more harm than good and will threaten the horizontal approach to online content liability by creating a special regime for copyright. It states that the copyright proposal will also limit users’ right to use protected works for legally recognised purposes such as education, citation, or parody.

The report argues that there is a sound basis for rejecting the copyright proposal as a whole if decision makers can leave aside political compromise and decide in the name and interests of all stakeholders, especially users.

In the meantime, the Chamber of Deputies of the Romanian Parliament adopted its report on the copyright reform maintaining most of the IT&C Committee’s recommendations. However, it should be noted that their report does not include any reference to Article 11 (the provision on ancillary copyright).

This article was originally published at http://www.communia-association.org/2017/05/24/romanian-parliament-european-commission-copyright-reform-harm-good/.

Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market (in Romanian)

Killing parody, killing memes, killing the internet? (08.05.2017)

Copyright reform: Document pool

ENDitorial: Transparency and law-making on EU copyright – mutually exclusive? (05.04.2017)

(Contribution by Valentina Pavel, EDRi member ApTI Romania)



31 May 2017

The EU must take action to protect whistleblowers

By Guest author

The right of citizens to report wrongdoing is a natural extension of the right of freedom of expression, and is linked to the principles of transparency and integrity.

– Transparency International

Chelsea Manning and Edward Snowden are some of the most famous whistleblowers, thanks to their huge impact on the protection of human rights. However, there are many other whistleblowers who do not enjoy the same media attention and support. These modern heroes face many challenges, only for having done their civic duty.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

In the European Union (EU) there is a chance to see whistleblower protections embedded into law. In order to assess the views of different stakeholders, the European Commission launched a public consultation, which closed on 29 May. Parts of the consultation were badly drafted, and the range of questions was unnecessarily wide to serve the goals of the consultation.

EDRi replied to the consultation asking for adequate protections, currently still missing in the EU. Among the reasons why a potential whistleblower does not blow the whistle, we highlighted the following:

  1. The uncertainty of the law. Whistleblowers need to know in advance which rights and protections they can benefit from. Clear protections are needed in law, in order for whistleblowers to be protected, when bringing problems to light.
  2. The burden of proof. The company or the public body to which the disclosures relate should bear the burden of proving the harm if they seek to assert that disclosures are not in the public interest, not the whistleblowers themselves.
  3. Insecurity and lack of anonymity precautions. If a whistleblower does not want to disclose her or his identity, anonymity should be preserved. Currently, many initiatives do not take into account technical precautions to allow this. When whistleblower channels are provided, appropriate technical means should be required to make them secure and private, thereby ensuring anonymity.
  4. Fear of a trial, including legal costs and criminal charges. The threat of legal consequences needs to be avoided. It is of utmost importance that whistleblowers are exempted from criminal, civil and administrative liability.
  5. Fear of retaliation. Whistleblowers can face personal threats and harm. Adequate support and protective mechanisms should be put in place to ensure their safety and well-being.
  6. Other costs. Adequate measures should be in place to deal with situations where whistleblowers lose their job or suffer financially or psychologically.

The EU needs to take action and propose legislative and practical solutions for whistleblowers. This is crucial for fostering transparent decision-making and governance, and our democratic society.

Public Consultation on Whistleblower Protection (03.03. 2017)

EDRi’s response to the Public Consultation on Whistleblower Protection (29.05.2017)

International principles for whistleblower legislation (05.11.2013)

Protecting whistleblowers – protecting democracy (25.01.2017)

(Contribution by Vincenzo Tiani, EDRi intern)



31 May 2017

ALTwitter: The treasure trove behind 140 characters

By Guest author

One of the main reasons why metadata is used broadly for surveillance and targeted advertisement is its extensive capability to capture more dimensions of useful information than the data itself. An ordinary internet user fails to see the mysterious nature of metadata because it is invisible to the naked eye. Law enforcement agencies and advertisers, on the other hand, use the invisibility of metadata to track, profile and target us.

The ALTwitter platform was initially intended to build Twitter-like profiles of the Members of European Parliament (MEPs) from their Twitter metadata. However, the insights aggregated from the metadata of all the MEPs can be even more interesting than their individual profiles. We can use these insights to explain how the advertising industry benefits from the unregulated metadata, and how the everyday internet users become the product for targeted ads.

The size of metadata is small compared to that of the data from which it originates. But the size doesn’t matter at all. Even though the dataset used for ALTwitter project contains only 617 participants (MEPs) and metadata from a total of approximately 10 000 tweets, this is sufficient to show the power of metadata. Based on the number of tweets, we can conclude, not so surprisingly, that the Member States with more MEPs (such as Germany, France, and Italy) generate the biggest number of tweets. The metadata also shows that the MEPs from Italy tweet the most.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

We have the limitation of just 140 characters for a tweet. The content of a tweet represents the data and everything else is the metadata – that includes time of the tweet, sources (hardware and software) used for tweeting, geolocation tags, and much more. These small chunks of information are actually more revealing than the data that we post on Twitter.

To simplify the explanation about the use of metadata, we focus on how people access Twitter. Grouping the users into “web” and “mobile” is one of the primary steps of targeted ads because the advertising strategy is completely different for mobile and web users. Even though 80% of tweets made by the population at large originate from a mobile device, our analysis showed the majority of MEPs’ tweets come from the web and not the mobile service. This shows a big difference between how regular citizens and European Parliamentarians use the service.

It is possible to estimate the financial status of the users based on what mobile devices they use. Since Apple devices are more expensive than Android and other devices, we could expect that people using Apple products are wealthier. In our case, this assumption could be inaccurate, because the MEPs are well paid, and most are paid the same amount. But there are more advanced indicators. Advertisers rely on consumer analysis, especially by conducting sentiment analysis to predict the financial market. This way the ads can be customised to increase the chances of a specific user to click on them. These indicators will be further used for credit scoring – statistical analysis performed by lenders and financial institutions to access a person’s credit worthiness and by that determining the insurance premiums.

People and companies use Twitter as an advertising forum to divert traffic to their websites, and as campaigning tool to reach out to a bigger audience. When installing the Twitter app, users have no choice other than to give Twitter access to information about what apps they have installed on their phones. Twitter then allows advertisers to target the users based on their installed app category, which gives an insight into different types of apps people use, as for example entertainment apps.

Metadata from large databases are often stored in the form of a specific structure so that it can be processed efficiently. It is easy for the advertisers to de-anonymise the metadata by determining its unique characteristics and matching it with other data. By comparing the devices and the number of tweets by an MEP and matching this with other available data, we can identify the MEPs uniquely.

Most of the apps allow the users to share something on Twitter via their in-app sharing features. This is also true for entertainment apps. There are many examples of interesting uniqueness that can be used to profile you and deliver custom-made ads. Here are a few we discovered, which helped us uniquely identify an MEP:

  • There is just one MEP who uses the Vine App, a camera app for making 6-second looping videos on an Android device.
  • There is just one MEP who uses a BlackBerry Phone, just one who owns a Sony Experia phone, and just one who uses a Samsung Tablet.
  • Only one MEP is using a Sports Tracker app.
  • Mobile gaming apps are not very popular among the MEPs, except for one who is using Temple Run and one whose metadata reveal the use of Banana Kong.

It is most likely that all the MEPs have one password for their individual official Twitter account, and they share it with their team. They do not use the multi-user login feature of Twitter, but share their passwords. So, it is possible that one of their interns or anyone else with the password used Temple Run or Banana Kong, and not the MEPs themselves – although Angelika Niebler, the Vice-Chair of the European Parliament Committee on Industry, Research and Energy (ITRE) has publicly “outed” herself as being a Banana Kong afficionado, with a personal best of 90 metres.

Last but not least, the advertisers can monetise one’s schedule or calendar by gathering the information from the metadata. As presented on the platform with individual metadata-based profiles of the MEPs, one can learn who is active and at what time, from their Twitter metadata. The advertisers can target the users at the time when they are the most active, to increase the chances of clicking a promotional ad on Twitter.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

ALTwitter #hakunametadata: Twitter metadata profiles of the Members of European Parliament

Hakuna Metadata – Let’s have some fun with Sid’s browsing history! (03.05.2017)

Hakuna Metadata – Exploring the browsing history (22.03.2017)

(Contribution by Siddharth Rao, Ford-Mozilla Open Web Fellow, EDRi, and  Zarja Protner, EDRi intern)



31 May 2017

Parliamentarians encourage online platforms to censor legal content

By Maryant Fernández Pérez

On 18 May 2017, the European Parliament Committee on Internal Market and Consumer Protection (IMCO) and the Committee on Industry, Research and Energy (ITRE) adopted a report on the Online Platforms and the Digital Single Market.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

What’s good in the Report?

The report contains some positive aspects. It asks for online platforms’ terms and conditions to be fair and presented in a user-friendly way, in order to increase trust. It also asks for the possibility for users to “withdraw their consent to individual provisions without forfeiting their complete access to a service”. This is important, as sometimes (pretty much always, in fact) services’ functionality is affected when users choose not to give an “all or nothing” consent. The Report acknowledges the safeguards contained in the E-Commerce Directive against a general obligation for online platforms to monitor users’ content and only act whenever they become aware of illegal content or activities. This is important in view of the continuous requests made in the EU to push online platforms to regulate content without any counterbalancing obligation to duly respect the rule of law and fundamental rights, including users’ freedom of expression and opinion online.

In line with a similar recent request from 24 Members of the European Parliament (MEPs), the report calls for further clarity and predictability about what these companies are supposed to do when dealing with online content. The report asks the European Commission for further guidance in the implementation of the intermediary liability and the take-down procedures. This is needed, as the Charter of Fundamental Rights of the European Union is not being duly respected with regard to the necessity, proportionality or predictability of restrictions of freedom of expression rights. Uncertainty drives platforms to excessive, disproportionate restrictions of users’ communications.

The report also addresses the trendy topic of “fake news”, even if it does not attempt to define what “fake news” refers to. However, we welcome the fact that the report stresses that “the free exchange of opinions is fundamental to democracy and that the right to privacy also appl[ies] in the social media sphere”. In addition, it “highlights the value of the free press in order to provide citizens with reliable information”.

What’s bad in the Report?

The report welcomes the problematic EU Code of Conduct on hate speech. This code does not ask the signatory companies, Youtube, Facebook, Twitter or Microsoft, to apply the law, but their terms of service. This is leading to a non-consistent application of the law within the EU and to the removal or restriction of perfectly legal content.

The report welcomes the ongoing work on the Audiovisual Media Services Directive (AVSMD), urging online platforms to “strengthen measures to tackle illegal and harmful content online”. This means that the report is in favour of private companies taking action against illegal, as well as legal content. Such measures are inappropriate in a rule of law system, as the EU is supposed to be. More precisely, it in fact overturns important principles of freedom of expression and European Court of Human Rights case law, for example that freedom of expression “is applicable not only to ‘information’ or ‘ideas’ that are favourably received or regarded as inoffensive or as a matter of indifference, but also to those that offend, shock or disturb the State or any sector of the population”. If our leaders in 1950, with the horrors of the Second World War fresh in their minds, were brave enough to adopt the European Convention on Human Rights, on which this case law is based, we deserve leaders in 2017 that can be equally brave.

So now what?

The next step is for the European Parliament to vote on the joint report of the two Committees. The vote is provisionally scheduled on 12 June at the time of writing. All MEPs can suggest modifications to the report. Non-legislative files are just political statements. This report – that will eventually become a European Parliament’s non-legislative resolution – will not be legally binding and therefore won’t create any legal obligations for online platforms. However, it can push certain agendas – for better or worse.

ENDitorial: Commissioners’ oath – a broken promise on fundamental rights (17 May 2017) https://edri.org/enditorial-commissioners-oath-a-broken-promise-on-fundamental-rights/

Audiovisual Media Services Directive reform: Document pool (15 May 2017)

MEPs want notice and action directive: Open letter sent to Commissioner Ansip (10 My 2017)

AVMS Directive: It isn’t censorship if the content is mostly legal, right? (27 April 2017)

New documents reveal the truth behind the Hate Speech Code (7 September 2016)

(Contribution by Maryant Fernández Pérez, EDRi, and Vincenzo Tiani, EDRi intern)



31 May 2017

EU Commission on FOI request: Incompetence or ill-intent?

By Kirsten Fiedler

In April 2017, we got a little curious about industry lobbying in Brussels surrounding the copyright reform. We therefore filed a freedom of information (FOI) request to access the correspondence that the Directorate-General for Communications Networks, Content and Technology (DG CNECT) of the European Commission received by rightsholders shortly before the reform proposal was finalised and published.

We had little idea that asking for “all correspondence (including emails) to officials in DG CNECT from the International Federation of the Phonographic Industry (IFPI) and the European Grouping of Societies of Authors and Composers (GESAC)” could have meant something else than “all correspondence (including emails) to officials in DG CNECT from the International Federation of the Phonographic Industry (IFPI) and the European Grouping of Societies of Authors and Composers (GESAC)”!

Assuming that the European Commission does not have something to hide and is therefore not simply obstructing our request in order to avoid being exposed during the Parliament’s discussions of the text, we were very surprised by the response we received.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

Apparently, the relatively simple language of our request was too complicated for the European institution that is in charge of drafting all of the EU’s legislation. We were surprised when – on the very last day of the period for responding to our demand – the EU Commission sent us a clarification request. Here is the exact wording of their letter to us:

“You request access to “documents which contain the following information for the period of 14 July until the publication of the draft Copyright Directive on 14 September 2016: all correspondence (including emails) to officials in DG CNECT from the International Federation of the Phonographic Industry (IFPI) and the European Grouping of Societies of Authors and Composers (GESAC).

We understand that your request covers all correspondence (including emails) from the International Federation of the Phonographic Industry (IFPI) and the European Grouping of Societies of Authors and Composers (GESAC) sent to officials in DG CNECT regarding the proposal for a directive on copyright in the Digital Single Market, for the period running from 14 July 2016 until 14 September 2016 (adoption of the proposal).

Could you please confirm us that our understanding is correct?” [emphasis added]

We have to admit that we had to read the EU Commission’s clarification, then read it a second time and again a third time. There are only two explanations for the Commission’s question. Either the Commission’s linguistic skills are such that it cannot understand a simple request, or this is an abusive effort to avoid respecting the Commission’s legal obligation to respond to freedom of information requests.

We confirmed that our request for “all correspondence (including emails) from the International Federation of the Phonographic Industry (IFPI) and the European Grouping of Societies of Authors and Composers (GESAC) sent to officials in DG CNECT regarding the proposal for a directive on copyright in the Digital Single Market, for the period running from 14 July 2016 until 14 September 2016 (adoption of the proposal)” indeed covers “all correspondence (including emails) from the International Federation of the Phonographic Industry (IFPI) and the European Grouping of Societies of Authors and Composers (GESAC) sent to officials in DG CNECT regarding the proposal for a directive on copyright in the Digital Single Market, for the period from 14 July 2016 until 14 September 2016 (adoption of the proposal)”.

This time, the EU Commission was substantially quicker to understand our request and able to acknowledge receipt of our clarification within only 15 minutes. However, the Commission, for no obvious reason, decided that this started a new deadline for it to respond – by 1 June 2017 – unless, of course, the Commission loses its linguistic capabilities again and a further delay is engineered.

[Update 1 June 2017] They did it! The Commission just announced the extension of the deadline for another 15 days…

ENDitorial: Transparency and law-making on EU copyright – mutually exclusive? (05.04.2017)

Artificial unintelligence – lobbyletter

(Contribution by Kirsten Fiedler, EDRi)



23 May 2017

EU action needed: German NetzDG draft threatens freedom of expression

By Maryant Fernández Pérez

On 22 May 2017 six civil society and industry associations sent an open letter to eight EU Commissioners asking to take action against the German bill on “Enforcement on Social Networks”, the “NetzDG”.

This bill asks social media companies to take down content, including perfectly legal material, that social media companies like Facebook can arbitrarily label as “hate speech”, “fake news”, “pornographic content”, among other categories. In addition, the draft law de facto imposes filtering of content, despite the fact that such technology cannot understand context and will, therefore, inevitably lead to still more legal content being deleted. The basic aim of the bill is, of course, well-intentioned. However, the way this bill is drafted appoints social media companies as arbiters of legality and “the truth”. Furthermore, this bill breaches EU law, which establishes that all restrictions to fundamental rights, including freedom of expression, must be provided for by law, necessary and proportionate (Article 52 of the Charter of Fundamental Rights of the European Union). In addition, EU law also prohibits imposing general monitoring obligations on companies. If adopted, this unprecedented law would serve as a bad example for other states, including countries with serious democratic deficits.

In its role as the “Guardian of the Treaties”, the European Commission has the duty to ensure the draft law is compatible with EU law, including the EU Charter of Fundamental Rights. The letter explains that this “would translate into at least responding to Germany with a detailed opinion expressing incompatibility with EU law under the ongoing notification process“. EU Commissioners took a “solemn oath” not to be influenced (“either to seek nor to take instructions from any Government or from any other institution”) by Member States in exercising their duties.

This letter adds to previous criticism expressed by EDRi and leading experts, such as Professor Wolfgang Schulz. The letter is still open for signatories in the coming days. You can read the letter below or here (PDF).

Dear President Juncker,
dear First Vice-President Timmermans,
dear High Representative Mogherini,
dear Vice-President Ansip,
dear Vice-President Katainen,
dear Commissioner Bieńkowska,
dear Commissioner Jourová,
dear Commissioner Oettinger,

The signatories to this letter represent civil and human rights organisations as well as industry bodies representing the Internet technology sector. We are writing to call on the Commission to ensure compliance of Germany’s draft Network Enforcement Law (as notified on 27 March 2017) with EU law, including the EU Charter of Fundamental Rights.

While no one would object to the aim of curbing illegal hate speech and other unlawful content online, the draft law would unquestionably undermine freedom of expression and information. In practice, a distinction between content that is ‘manifestly’ unlawful and not manifestly unlawful is only very difficult to make. The legality of individual statements must always be assessed in its specific context. This, coupled with very tight time limits (24 hours or 7 days) for takedowns and draconian sanctions, will strongly incentivise online companies to simply take reported content down, thereby chilling freedom of speech online.

Beyond that, the draft law also requires social networks to immediately remove or block any copies of the unlawful content that are located on the platform. This obligation would, in practice, necessitate content filters searching the whole platform to automatically take down content in a fully undifferentiated manner. Automatically identified content, which is used in a totally different context, e.g. a parody, would be taken down because filters are ‘blind’ to contextual circumstances. We would like to stress that these kind of content filters would be unprecedented in a free democracy — so far only a handful of countries with serious democratic deficits require similar systems.

With respect to the above, we also see grave conflicts with established EU law. In various cases the European Courts stressed that measures put in place to protect a public interest, including the protection of a fundamental right, must strike an appropriate balance with other fundamental rights. We do not see how a proposal that profoundly undermines freedom of expression would pass that test.

Furthermore, the law’s content filtering requirement runs counter to EU law that protects fundamental rights by prohibiting general monitoring obligations.

In addition, the draft law will also have negative economic implications for the EU. The German draft law is a national measure which will lead to far greater regulatory fragmentation and runs against the Commission’s policy agenda as well as the spirit of a Digital Single Market. That is particularly obvious with respect to the obligation to store removed content within the Federal Republic.

On the basis of our concerns, we call on the Commission to live up to its role of guardian of the Treaties and make sure national rules are compliant with EU law and case law. In concrete terms, this would translate into at least responding to Germany with a detailed opinion expressing incompatibility with EU law under the ongoing notification process.

We would like to thank you for your time and attention.

With kind regards,

James Waterworth, Vice-President, CCIA Europe
Siada El Ramly, Director General, EDiMA
Joe McNamee, Executive Director, EDRi
Fanny Hidvégi, European Policy Manager, Access Now
TJ McYntyre, Chair, Digital Rights Ireland
Jens-Henrik Jeppesen, Director, Center for Democracy and Technology


19 May 2017

Looking back on our 2016 victories


Technological advancements in the digital world create new opportunities but also new challenges for human rights. Especially in the past year, the fear of extremism on the one side and extreme measures on the other resulted in the desire for swift political action and made defending citizen’s rights and freedoms online a difficult task. In 2016, our European network faced demands for increased state surveillance and restrictions on the freedom of expression by private companies, and decreased protection of personal data and privacy. Our annual report 2016 (pdf) gives you an overview of EDRi’s campaigns across the European countries and our key actions at EU level.

Despite our struggles, our members, observers, national and international partners, supported by many individuals who contributed to our work, successfully protected digital rights in a number of areas.

We successfully advocated for a reform of privacy rules in electronic communications (ePrivacy) and played a key role in the civil society efforts that led to the adoption of the EU’s General Data Protection Regulation (GDPR) in April 2016.

We scored a big success in our top priority issue and secured net neutrality in Europe. This victory was the outcome of more than five years of hard work and the input from over half a million citizens responded to the net neutrality consultation in 2016.

We released influential analysis that contains implementation guidelines for the General Data Protection Regulation. We published two documents highlighting the numerous, unpredictable flexibilities in the legislation and how they should be implemented.

We published the “Digital Defenders”, a comic booklet to help kids make safer and more informed choices about what to share and how to share online. It turned out to be a huge success – the original English version of the booklet has been downloaded from our website over 25 000 times and published in Serbian, Turkish, German, Greek, Spanish and Italian, with other translations on the production line.

While we regret the adoption of an ambiguous Directive, we successfully requested the deletion of many harmful parts that were proposed in the course of the legislative discussions and the clarification of some of the ambiguous language.

Our criticism of the new so-called Privacy Shield was echoed by many experts in the European institutions and bodies (the European Parliament, the European Data Protection Supervisor, and the European Ombudsman) and led to mainly negative press coverage for the Commission and continued pressure for a more credible solution.

Read more in our Annual Report 2016!

Our finances can be found on pages 43-44.