31 Oct 2017

Surveillance laws fall far short of fundamental rights standards

By Anne-Morgane Devriendt

On 23 October, the European Union Agency for Fundamental Rights (FRA) published the second volume of its study on surveillance and its impact on fundamental rights. This study comes following the request of the European Parliament (EP) for information on the consequences of surveillance for fundamental rights. The Agency notes that “the mere existence of legislation allowing for surveillance constitutes an interference with the right to private life” even though it notes the role of surveillance measures in the fight against terrorism and new threats linked to new technologies.

The report completes and updates the first part that was published in 2015 that was dedicated to the EU Member States’ legal frameworks. However, since 2015 and the terrorist attacks that occurred on European soil, some countries have reformed their intelligence legislation to expand their surveillance practices. This new volume presents the current legislative frameworks and then focuses on the oversight bodies that can ensure surveillance bodies’ accountability, and remedies. It shows that even though surveillance has been developed in many countries since 2015, not enough has been done to protect fundamental rights.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

Regarding the legislative framework, all Member States have legislation on targeted surveillance and five of them also have legislation on mass surveillance – based on“national interest”. Yet, the report underlines the lack of a definition of “national interest”. While recent reforms have brought more transparency, in line with some demands from civil society, including by clarifying the powers granted to the intelligence bodies, the report points out that they still do not comply with the recommendations of the FRA for “clear, foreseeable and accessible” legislation.

Regarding oversight bodies, all Member States have diverse bodies assuming this activity, including expert bodies, national parliaments through parliamentary committees and Data Protection Authorities (DPAs), with various degrees of power and independence.

Finally, the report shows that the possibilities for effective remedies are limited and that not many citizens resort to them. Even though complaints through non-judicial bodies are limited, they are more accessible than judicial remedies, as they are faster, cheaper and their procedures are “less strict” than for judicial remedies. More generally, remedies are also limited by the laws restricting access to notifications and information. The report recommends that judicial and non-judicial remedies should be accessible to citizens by giving oversight bodies the power to process complaints (power to access the data collected by intelligence services, make decisions that are binding for intelligence services, etc.).

The FRA recommends that the legislation should be “clear, specific and comprehensive” and elaborated though large-scale, inclusive public debate and public consultations and stresses the need for strong and transparent safeguards for both targeted surveillance and broader surveillance. The report also underlines the importance of protecting whistleblowers. Regarding that last point, the EP has already taken steps to reinforce the protection of whistleblowers by adopting a resolution on 23 October.

There is already huge pressure, for example through the Council, to ignore, re-interpret or misrepresent the two European Court rulings on mass data retention

Surveillance by intelligence services: fundamental rights safeguards and remedies in the EU – Volume II: field perspectives and legal update (23.10.2017)
http://fra.europa.eu/en/publication/2017/surveillance-intelligence-socio-lega

Surveillance by intelligence services – Volume I: Member States’ legal frameworks (11.2015)
http://fra.europa.eu/en/publication/2015/surveillance-intelligence-services

Europe’s governments win the Big Brother Awards 2017 for opening the pandora’s box of surveillance (13.10.2017)
https://edri.org/state-hacking-big-brother-awards-belgium-2017/

(Contribution by Anne-Morgane Devriendt, EDRi intern)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
31 Oct 2017

The European Commission struggles to find a position on encryption

By Joe McNamee

On 18 October, the European Commission adopted some form of position on encryption, inexplicably embedded in its “anti-terrorism package”. Home affairs activity in relation to encryption is horizontal (covering all illegal activity) and not specifically related to terrorism. However, the Commission chose to include this topic in its anti-terrorism package. The decision to publish the Commission’s encryption policy in a terrorism initiative that covers a wide range of other issues (from air passenger profiling, to protecting public spaces to regulating explosive precursors) appears to be more of a political/public relations choice than a substantive decision.

Generally, the issue of encryption in the context of investigations is framed as an overall setback for law enforcement authorities, deliberately ignoring the fact that vastly more data (such as metadata of communications) is now available for law enforcement authorities as a result of electronic communications.

Cross-border access to data

The Commission builds on that confusion by presenting a planned initiative on cross-border access to electronic data (described as “electronic evidence”) inside its text on encryption. The Commission itself describes the data in the cross-border initiative as “possibly encrypted”. As a result, the Commission, in a text on encryption in a document about terrorism, is talking about possibly not encrypted data in relation to possibly not terrorist investigations.

Technical measures

The Commission then talks obliquely about “technical measures” for recovering some encrypted material. This would build on Europol’s existing, but not described, decryption capabilities. The “technical measures” could therefore mean anything, from state hacking to brute force attacks. It is unclear what the Commission means when it stated that it was not proposing measures that “could weaken encryption or could have an impact on a larger or indiscriminate number of people”.

Points of expertise

A network of national “points of expertise” would build on but not replace work being done in EU Member States. This would bring together national experts working on technical measures to address encrypted material, in the context of investigations.

“Toolbox of alternative investigation techniques”

The Commission proposes a “toolbox of alternative investigation techniques” which would be developed by the national “points of expertise”. This process is also to happen ostensibly without looking at measures that would weaken encryption or could have an impact on a larger or indiscriminate number of people, apparently in isolation from any such measure that would be developed by Member States.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Structured dialogues with industry

Even more coded is the reference to the “important role of service providers and other industry partners” to provide “solutions with encryption”. Those words have no obvious meaning – and possibly no meaning at all. Traditionally, “dialogue with industry” is a euphemism for coercion of industry to do things that industry would not otherwise have done. A non-committal reference to engaging with “civil society”, “where appropriate”, is made in the document. However, to our knowledge, no civil society was (so far) invited to the December 2017 EU Internet Forum.

Training programmes

The Commission also suggests to provide training programmes with the aim “for law enforcement and judicial authorities [to] ensure that responsible officers are better prepared to obtain necessary information encrypted by criminals”. The Commission does not explain why information encrypted by (potential) criminals is different from information encrypted by non-criminals. However, it does point out various options to provide training programmes such as the European Cybercrime Training and Education Group and the European Union Agency for Law Enforcement Training, as well as a funding option under the Internal Security Fund.

Continuous assessment of technical and legal aspects of the role of encryption

Finally, the Commission proposes an “observatory function” in cooperation with the European Cybercrime Centre at Europol, the European Judicial Cybercrime Centre and Eurojust.

Conclusion

The European Commission has consulted widely and has been more transparent than usual in its development of its current position. It also appears to resist some of the more outlandish and hysterical positions of certain European politicianslike the British government, in particular, that bounces around ideas of limiting or breaking encryption at apparently random intervals. However, the lack of clarity and overtly political elements of the text raise fears for the next steps in the Commission’s policy-making in relation to this important topic. We can only hope that the Commission will still consult civil society organisations, not just industry.

“Eleventh progress report towards an effective and genuine Security Union” (18.10.2017) https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/european-agenda-security/20171018_eleventh_progress_report_towards_an_effective_and_genuine_security_union_en.pdf

EU’s plans on encryption: What is needed? (16.10.2017)
https://edri.org/eus-plans-on-encryption-what-is-needed/

EDRi delivers paper on encryption workarounds and human rights (20.09.2017)
https://edri.org/edri-paper-encryption-workarounds/

EDRi position paper on encryption (25.01.2016)
https://www.edri.org/files/20160125-edri-crypto-position-paper.pdf

Encryption – debunking the myths (03.05.2017)
https://edri.org/encryption-debunking-myths/

(Contribution by Joe McNamee, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
31 Oct 2017

The European Parliament calls for protection of whistleblowers

By Ana Ollo

On 24 October, the European Parliament adopted a resolution calling on the European Commission to propose legislation protecting whistleblowers in the European Union (EU). The institution made a clear statement recognising the essential role that whistleblowers play in our society, as well as the need to protect them.

Whistleblowers fight for transparency, democracy and the rule of law, by reporting unlawful or improper conduct that undermine the public interest. They point out acts of corruption, criminal offences or conflicts of interest, which represent threats against our rights and freedoms.

Despite the importance of the role of whistleblowers in our society, they face various risks that can dissuade them from whistleblowing and from fulfilling our civic duty. The legislation of many EU Member States does not offer them protection nor the right to preserve their anonymity. In some cases, whistleblowers are subject to criminal or civil proceedings, or even face personal threats and harm. Consequently, EDRi has called several times for their effective protection, especially at the EU level, as did the Council of Europe, the Organisation for Economic Cooperation and Development (OECD) and Transparency International, among other organisations.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

It is in this context that the European Parliament adopted its resolution on legitimate measures to protect whistleblowers acting in the public interest when disclosing the confidential information of companies and public bodies. It calls on the European Commission to propose an EU Directive by the end of 2017. The text should grant a high level of protection to whistleblowers, as well as incentivise others to contribute to the fight for transparency and accountability.

The resolution contains a broad definition of “whistleblower”, referring to anybody who reports information in the public interest. It calls on the Commission to establish a system allowing them to expose wrongdoing either within the organisation or directly to the appropriate public authorities, non-governmental organisations or the media. Regarding the protection offered, the Parliament defends whistleblowers’ right to anonymity and believes that retaliation against them should be “penalised and sanctioned effectively”. Furthermore, in case of alleged retaliatory actions, it establishes that employers shall provide evidence that their actions are not related to the report made by the whistleblower. It also calls on Member States to establish independent bodies to advise potential whistleblowers on their legal situation, and suggests creating a similar body at the EU level.

This resolution represents a first step towards an effective protection of whistleblowers throughout the European Union.

European Parliament Resolution (2016/2224(INI)) on legitimate measures to protect whistleblowers acting in the public interest (24.10.2017)
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2017-0402

Council of Europe Recommendation CM/Rec(2014)7 to member States on the protection of whistleblowers (30.04.2014)
https://search.coe.int/cm/Pages/result_details.aspx?ObjectId=09000016805c5ea5

The EU must take action to protect whistleblowers” (31.05.2017)
https://edri.org/eu-must-take-action-protect-whistleblowers/

Protecting whistleblowers – protecting democracy (25.01.2017)
https://edri.org/protecting-whistleblowers-protecting-democracy/

Open letter to the to the Heads of State and Government of the European Union “The Trade Secrets Protection Directive Is Still Dangerous For Freedoms and Rights” (13.05.2016)
https://edri.org/files/trade_secrets_letter.pdf

(Contribution by Ana Ollo, EDRi intern)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
31 Oct 2017

Portugal bans use of DRM that limits access to public domain works

By Electronic Frontier Foundation

With the tendency of becoming too accustomed to bad news on copyright, it is refreshing to hear that Portugal has recently passed a law that helps to strike a fairer balance between users and copyright holders on digital rights management (DRM).

The law does not abolish legal protection for DRM altogether – unfortunately, that would not be possible for Portugal to do unilaterally, because it would be inconsistent with European Union law and with the World Intellectual Property Organisation (WIPO) Copyright Treaty to which the EU is a signatory. However, Law No. 36/2017 of 2 June, 2017, which entered into force on 3 June, 2017, does grant some important new exceptions to the law’s anti-circumvention provisions, which make it easier for users to exercise their rights to access content without being treated as criminals.

The amendments to Articles 217 and 221 of Portugal’s Code of Copyright and Related Rights do three things. First, they provide that the anti-circumvention ban does not apply to circumvention of DRM in order to enjoy the normal exercise of copyright limitations and exceptions that are provided by Portuguese law. Although Portugal does not have a generalised fair use exception, the more specific copyright exceptions in Articles 75(2), 81, 152(4) and 189(1) of its law do include some key fair uses; including reproduction for private use, for news reporting, by libraries and archives, in teaching and education, in quotation, for persons with disabilities, and for digitising orphan works. The circumvention of DRM in order to exercise these user rights is now legally protected.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Second and perhaps even more significantly, the law prohibits the application of DRM to certain categories of works in the first place. These are works in the public domain (including new editions of works already in the public domain), and to works published or financed by the government. This provision alone will be a boon for libraries, archives, and for those with disabilities, ensuring that they never again have to worry about being unable to access or preserve works that ought to be free for everyone to use. The application of DRM to such works will now be an offence under the law, and if DRM has been applied to such works nevertheless, it will be permitted for a user to circumvent it.

Third, the law also permits DRM to be circumvented where it was applied without the authorisation of the copyright holder. From now on, if a licensee of a copyright work wishes to apply DRM to it when it is distributed in a new format or over a new streaming service, the burden will be on them to ask the copyright owner’s permission first. If they do not do that, then it will not be an offence for its customers to bypass the DRM in order to obtain unimpeded access to the work, as its copyright owner may well have intended.

If there is a shortcoming to the law, it is that it doesn’t include any new exceptions to the ban on creating or distributing (or as lawmakers ludicrously call it, “trafficking in”) anti-circumvention devices. This means that although users are now authorised to bypass DRM in more cases than before, they’re on their own when it comes to accomplishing this. The amendments ought to have established clear exceptions authorising the development and distribution of circumvention tools that have lawful uses, rather than leaving users to gain access to such tools through legally murky channels.

Overall though, these amendments go to show just how much flexibility countries have to craft laws on DRM that strike a fairer balance between users and copyright holders – even if, like Portugal, those countries have international obligations that require them to have anti-circumvention laws. EDRi member Electronic Frontier Foundation (EFF) applauds Portugal for recognising the harmful effects that DRM has access to knowledge and information, and hopes that these amendments will provide a model for other countries wishing to make a similar stand for users’ rights.

Copyright reform: Document pool
https://edri.org/copyright-reform-document-pool/

Copyfail #9: Digital Rights Management (DRM): Restricting lending and borrowing books and music in digital format  (20.07.2016)
https://edri.org/copyfail-9/

(Contribution by Jeremy Malcolm, EDRi member Electronic Frontier Foundation (EFF), USA; Adaptation by Maren Schmid, EDRi intern)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner

close
26 Oct 2017

Leak: Three EU countries join forces for restrictions & copyright chaos

By Joe McNamee

Leaked documents concerning the Copyright Directive show that France, Spain and Portugal have joined forces in the Council of the European Union to attack the cornerstones of internet freedom in Europe.

The documents show that the three countries propose elevating fighting copyright violations to a special status – above combating terrorism, child abuse and serious online crime. This would put our fundamental rights on the line, and create legal chaos for service providers in Europe.

No more hosting services

Under existing rules, internet hosting companies are not liable for unauthorised content uploaded by their users, unless they fail to act quickly to remove that content, once they are informed about it. The proposal is to leave that law in place, but redefine the services provided by hosting providers so that pretty much nobody is covered by that legislation (the e-Commerce Directive).

How is this done?

Firstly, the leaked document says that any company that allows users to upload content  that could be copyrighted or subject to any property right (“other subject matter” such as, choreography, for example) is performing an act of “communication to the public”.

This means that the service provider is performing an activity that requires authorisation by rightsholders – unless at all times the provider can be sure that nothing that is, or could conceivably be, subject to a property right is being uploaded.

Specifically, the proposal is that companies “that store works or other subject-matter uploaded by their users and are actively involved in providing access to the public to such contents” should no longer be considered hosting companies, even if this is pretty much the definition of hosting. This means that hosting services (that optimise the content they store in any way) would need to carry out constant monitoring of everything that is uploaded to their services – and delete anything that might create a risk – as they will be directly liable for anything their users do.

Mandatory surveillance of all uploads

Having already made it virtually impossible to provide a hosting service without being licensed by all relevant collective rights management groups (film, audio, image, etc), the three countries go further: They demand that larger providers (those that store an undefined “significant” amount of material) should not only have to monitor everything that is being uploaded, but should also be required to “prevent the availability” of content that is identified by rightsholders (by using content identification and upload filtering). This would be flanked with an additional obligation to inform the multitude of rightsholders “on the functioning” of those measures.

Redress mechanisms?

A patently inadequate and complicated complaints mechanism is proposed in order to make the proposal seem balanced. Under this mechanism:

  • a user could complain to the provider who filtered out the content, who would process the complaint and;
  • pass it on to the rightsholder (who asked for the filtering to happen) who would process the complaint within a “reasonable” period of time and;
  • inform the provider, who would inform the user who may or may not be happy with the outcome, but has no more redress.
  • The rightsholders would have no liability for false claims of ownership.

It seems irrelevant to the French, Spanish and Portuguese that the European Court has ruled that it is unacceptable to impose a filtering obligation on providers if that filtering:

  • is of all electronic communications passing via its services; (as in this case)
  • applies indiscriminately to all its customers; (as proposed in this case)
  • is done as a preventive measure; (as proposed in this case)
  • is done exclusively at the provider’s expense; (as proposed in this case ) and
  • is done for an unlimited period; (as proposed in this case)

The Court also ruled against filtering by social media in the Netlog/Sabam case.

Another related leak from the Estonian Presidency reveals that it is letting the three countries set their agenda without interference. It seems that the Estonian Presidency is, again, choosing political expediency over the rights of European citizens and the free and open internet – and the Estonian ethos of a well-regulated, digital-friendly society. We have prepared a document to show how carefully the Estonian Presidency is following the three countries  that are proposing these extreme measures.

Duty of care

But France, Spain and Portugal’s approach to the Copyright Directive also risks creating chaos for another reason – clarity. The legal basis of the Directive in this case is to harmonise the EU single market. Once adopted, it has to be “transposed” into national law, leaving Member States considerable flexibility about how this is done. Directives need to be very clear to avoid divergent implementations in different Member States.

Directives consist of articles and explanatory “recitals”. The recitals proposed by the three countries are remarkable by any stretch of the imagination. The three countries propose enhancing this harmonisation by suggesting to the 27 Member States (and their 27 judicial systems)  that they can “expect” companies under their jurisdiction to enact an undefined “duty of care”. This would cover internet companies that are – and are not – communicating to the public and internet companies that are – or are not – covered by Article 14 (hosting services) of the E-Commerce Directive. The 27 Member States and their court systems, when implementing the Directive, would create and interpret the “expectation” of this “duty” that would encourage companies to implement undefined “appropriate and proportionate tools” to protect “works or other subject matter” when their services are “impacting” on the exploitation of copyrighted works.

These missing definitions and vague language (“significant”, “expect”, “duty”, “prevent”, “impacting”) would result in 27 different national laws (interpreted by 27 national court systems) in the EU on how this “duty of care” would be implemented. The only point of consistency would be that this would apply only to copyrighted content (and, of course, “other subject matter”). As a reminder: Content that is considered less important by the EU Council, like terrorism (nothing similar was approved in the terrorism Directive adopted earlier in 2017) or child exploitation (nothing similar was approved in the child exploitation Directive adopted in 2011) would not be subject to this unclear “duty” and existing rules would continue to apply.

This proposal is great news – but only for a few!

  • It is great news for service providers outside the EU that can take over the EU hosting market once EU companies are driven out;
  • and it is great news for repressive regimes that are already pointing to EU policy and practices to justify their internet crackdowns.

Yet, it is less good news for fundamental rights, privacy, freedom of expression, European companies, victims of repressive regimes, or the rule of law.

Leaked document: Amendment from ES, FR, PT to the recitals 37, 38, 39 and Article 13 on the value gap
http://statewatch.org/news/2017/oct/eu-copyright-dir-WK-10644-17.pdf

Comparison: Spain, Portugal and France’s demands – Estonian Presidency document
https://edri.org/files/copyright/20171026-comparedtexts.pdf

Leaked document: Presidency Flash – Copyright Working Party 17/18 October 2017
http://statewatch.org/news/2017/oct/eu-copyright-Pres-Council-Agenda-WK-11269-17.pdf

Copyright reform: Document pool
https://edri.org/copyright-reform-document-pool/

(Contribution by Joe McNamee, EDRi)

Twitter_tweet_and_follow_banner

close
25 Oct 2017

Tell the European Parliament to stand up for e-Privacy!

By Diego Naranjo

On 26 October, the European Parliament (EP) will decide on a key proposal to protect your privacy and security online. This step consists in confirming (or not) the Parliament’s mandate to negotiate the e-Privacy Regulation with the Council of the European Union.

This vote has been demanded as part of an effort to either water down or completely destroy the proposal. As a result, we (very exceptionally) support the mandate being granted.

Do you want to protect the privacy of millions of people in the next generations? Then take action now and contact the Members of the European Parliament (MEP) from your country in order to be able to make sure that the European Parliament approves the mandate. You can:

  1. Call your MEP using the free call system (developed by La Quadrature Du Net) and ask them to vote on Thursday 26 October to support the mandate for the e-Privacy trilogues.
  2. Tweet to the MEPs from your own country now (and also other MEPs, ideally in their own language). Use the hashtag #ePrivacy! You could tweet for example along the lines:

Dear <@MEP>, please vote for a mandate for the #ePrivacy #trilogues. Good for citizens, for trust, for innovation, for competition!

You can find below the list of MEPs’ Twitter handles for each Member State:

The Regulation applies to confidentiality of communications, online and offline tracking and device security. It has been the subject of a huge lobbying campaign by industry associations peddling a range of outlandish claims including that the Regulation would ban advertising and would even be responsible for “killing the internet” (seriously).

e-Privacy Directive: Frequently Asked Questions
https://edri.org/epd-faq/

e-Privacy Mythbusting (25.10.2017)
https://edri.org/files/eprivacy/ePrivacy_mythbusting.pdf

Quick guide on the proposal of an e-Privacy Regulation (09.03.2017)
https://edri.org/files/epd-revision/ePR_EDRi_quickguide_20170309.pdf

Last-ditch attack on e-Privacy Regulation in the European Parliament (24.10.2017)
https://edri.org/last-ditch-attack-on-e-privacy-regulation-in-the-european-parliament/

Dear MEPs: We need you to protect our privacy online! (05.10.2017)
https://edri.org/dear-meps-we-need-you-to-protect-our-privacy-online/

Twitter_tweet_and_follow_banner

close
25 Oct 2017

Join us at the 34C3 network assembly!

By Guillermo Peris

The 34th Chaos Communication Congress (34C3) will take place in Leipzig on 27-30 December 2017. This year, we will organise an assembly together with our friends at the Electronic Frontier Foundation (EFF), Privacy International, epicenter.works, Digitale Gesellschaft Switzerland, Forum InformatikerInnen für Frieden und gesellschaftliche
Verantwortung (FIfF), Fitug, Gesellschaft für Freiheitsrechte (GFF), Hermes Center, Vrijschrift and the Free Software Foundation Europe (FSFE).

This assembly will be the meeting point for every digital rights defender out there, a workshop space where you can participate in or organise sessions, where you can get to know the EDRi network and its allies and relax.

If you are planning to carry out a workshop at 34C3 and think it could fit in the EDRi space, we would love to know about it! It can be anything related to digital rights (privacy and data protection, copyright, net neutrality, surveillance, whistleblowing, transparency…) and from every perspective (technical, legal, sociological…).

Please send us your proposal by 19 November. We will get back to you by the end of November to let you know if your session can be organised in our assembly. [Update: The deadline has been extended to 26 November. ];

How do I do it?
Write an email to guillermo.peris[at]edri[dot]org with the following information for each proposed session:

  • session title
  • short description
  • language
  • session format
  • length
  • preferred session date and time – please indicate two options!
  • a short introduction of yourself and your organisation

Examples of formats:

  • conversation (share your experience and ideas and invite reflection)
  • workshop (a practical, hands-on oriented session)
  • training (teach something to the attendees)

Tips for planning your workshop:

  • Be inclusive and foster new connections between participants
  • Limit the duration of your session to maximum 1,5 hours
  • Invite different organisations or projects to collaborate on the session with you

34C3 Tickets: Status and Open Sale
https://events.ccc.de/2017/10/03/34c3-tickets-status-and-open-sale/

close
24 Oct 2017

Last-ditch attack on e-Privacy Regulation in the European Parliament

By Joe McNamee

The ECR, the right-wing, Eurosceptic political group in the European Parliament has joined forces with German Conservatives, Axel Voss and Monika Hohlmeier, as well as the Danish Liberal Morten Løkkegaard to try to overturn progress made on the e-Privacy Regulation.

The Regulation applies to confidentiality of communications, online and offline tracking and device security. It has been the subject of a huge lobbying campaign by industry associations peddling a range of outlandish claims including that the Regulation would ban advertising and would even be responsible for “killing the internet” (seriously).

As the myths and mythology that Members of the European Parliament (MEPs) are being confronted with every day are getting more and more ridiculous, on 24 October, we wrote to all 751 MEPs. However, to avoid the e-mail getting too long, we restricted ourselves to the six most outlandish myths:

  1. that e-Privacy bans online advertising (advertising existed before online surveillance)
  2. that e-Privacy is bad for democracy (tracking has manipulated elections)
  3. that e-Privacy is bad for media pluralism and quality of journalism (tracking is the business model of fake news)
  4. that e-Privacy prevents the fight against illegal content (the telecoms companies made this false argument about net neutrality. It wasn’t true and still isn’t)
  5. that e-Privacy helps Google and Facebook (no, seriously, the lobbyists are actually saying this)
  6. that we need a level playing field (actually that one is true, we need everyone to be regulated fairly)

You can read our letter here.

Tell your MEPs you want a strong e-Privacy Regulation – as agreed by the European Parliament Committee on Committee on Civil Liberties, Justice and Home Affairs (LIBE). Find your MEPs here.

Twitter_tweet_and_follow_banner

close
20 Oct 2017

See which MEPs voted in favour of e-Privacy – and which ones against it

By EDRi

On 19 October, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted on the proposed e-Privacy Regulation. With 31 votes the Committee voted in favour of measures defending privacy, security and competition for phone and internet services.

The 31 MEPs in favour of the e-Privacy Regulation belong to the Alliance of Liberals and Democrats for Europe group (ALDE), the Europe of Freedom and Direct Democracy (EFDD), the European United Left-Nordic Green Left (GUE/NGL), the Non-Inscrits (NI), the Progressive Alliance of Socialists and Democrats (S&D) and the Greens–European Free Alliance (Verts/ALE):

Name EU political group Country National party
Gérard Deprez ALDE Belgium Mouvement Réformateur (MR)
Nathalie Griesbeck ALDE France Mouvement démocrate (MoDem)
Sophia in ‘t Veld ALDE Netherlands Politieke Partij Democraten 66 (D66)
Kaja Kallas ALDE Estonia Eesti Reformierakond
Angelika Mlinar ALDE Austria NEOS – Das Neue Österreich und Liberales Forum
Ignazio Corrao EFDD Italy Movimento 5 Stelle (M5S)
Laura Ferrara EFDD Italy Movimento 5 Stelle (M5S)
Xabier Benito Ziluaga GUE/NGL Spain Podemos
Cornelia Ernst GUE/NGL Germany Die LINKE
Josu Juaristi Abaunz GUE/NGL Spain Euskal Herria Bildu (EH Bildu)
Dennis de Jong GUE/NGL Netherlands Socialistische Partij (SP)
Martin Sonneborn NI Germany Die PARTEI
Caterina Chinnici S&D Italy Partito Democratico (PD)
Ana Gomes S&D Portugal Partido Socialista (PS)
Sylvie Guillaume S&D France Parti socialiste (PS)
Sylvia-Yvonne Kaufmann S&D Germany Sozialdemokratische Partei Deutschlands (SPD)
Cécile Kashetu Kyenge S&D Italy Partito Democratico (PD)
Dietmar Köster S&D Germany Sozialdemokratische Partei Deutschlands (SPD)
Marju Lauristin S&D Estonia Sotsiaaldemokraatlik Erakond (SDE)
Juan Fernando López Aguilar S&D Spain Partido Socialista Obrero Español (PSOE)
Andrejs Mamikins S&D Latvia Sociāldemokrātiskā Partija “Saskaņa” (SDPS)
Claude Moraes S&D United Kingdom Labour Party
Péter Niedermüller S&D Hungary Demokratikus Koalíció (DK)
Kati Piri S&D Netherlands Partij van de Arbeid (PvdA)
Soraya Post S&D Sweden Feministiskt initiativ (FI)
Birgit Sippel S&D Germany Sozialdemokratische Partei Deutschlands (SPD)
Janusz Zemke S&D Poland Sojusz Lewicy Demokratycznej (SLD)
Jan Philipp Albrecht Verts/ALE Germany Bündnis 90/Die Grünen
Eva Joly Verts/ALE France Europe Écologie Les Verts (EELV)
Judith Sargentini Verts/ALE Netherlands GroenLinks
Bodil Valero Verts/ALE Sweden Miljöpartiet de gröna (MP)

 

The 24 MEPs against the e-Privacy Regulation belong to the European Conservatives and Reformists (ECR), the Europe of Freedom and Direct Democracy (EFDD), the Europe of Nations and Freedom (ENF) and the European People’s Party (PPI):

Name EU political group Country National party
Daniel Dalton ECR United Kingdom Conservative Party
Jussi Halla-aho ECR Finland Perussuomalaiset (PS)
Monica Macovei ECR Romania Independent
Helga Stevens ECR Belgium Nieuw-Vlaamse Alliantie (N-VA)
Gerard Batten EFDD United Kingdom UK Independence Party
Raymond Finch EFDD United Kingdom UK Independence Party
Harald Vilimsky ENF Austria Freiheitliche Partei Österreichs (FPÖ)
Auke Zijlstra ENF Netherlands Partij voor de Vrijheid (PVV)
Asim Ahmedov Ademov PPE Bulgaria ГЕРБ, Граждани за европейско развитие на България
Heinz K. Becker PPE Austria Österreichische Volkspartei (ÖVP)
Michał Boni PPE Poland Platforma Obywatelska (PO)
Anna Maria Corazza Bildt PPE Sweden Moderata samlingspartiet (M)
Rachida Dati PPE France Les Républicains (LR)
Monika Hohlmeier PPE Germany Christlich-Soziale Union in Bayern (CSU)
Lívia Járóka PPE Hungary Fidesz
Barbara Kudrycka PPE Poland Platforma Obywatelska (PO)
Roberta Metsola PPE Malta Partit Nazzjonalista (PN)
Alessandra Mussolini PPE Italy Forza Italia (FI)
József Nagy PPE Slovakia Most–Híd
Csaba Sógor PPE Romania Uniunea Democrată Maghiară din România
Jaromír Štětina PPE Czech Republic Tradice Odpovědnost Prosperita (TOP 9)
Traian Ungureanu PPE Romania Partidul Național Liberal (PNL)
Axel Voss PPE Germany Christlich Demokratische Union Deutschlands (CDU)
Tomáš Zdechovský PPE Czech Republic Křesťanská a demokratická unie – Československá strana lidová (KDU–ČSL)

 

One of the MEPs of the Committee was absent:

Name EU political group Country National party
Kristina Winberg EFDD Sweden Sverigedemokraterna (SD)

 

Euro-parliamentarians say a clear “no” to the anti-privacy lobby (19.10.2017)
https://edri.org/euro-parliamentarians-say-clear-no-anti-privacy-lobby/

e-Privacy Directive: Frequently Asked Questions
https://edri.org/epd-faq/

e-Privacy revision: Document pool
https://edri.org/eprivacy-directive-document-pool/

Quick guide on the proposal of an e-Privacy Regulation (09.03.2017)
https://edri.org/files/epd-revision/ePR_EDRi_quickguide_20170309.pdf

Dear MEPs: We need you to protect our privacy online! (05.10.2017)
https://edri.org/dear-meps-we-need-you-to-protect-our-privacy-online/

Twitter_tweet_and_follow_banner

close
20 Oct 2017

EDRi writes to EU Commissioner Gabriel about tackling illegal content online

By Ana Ollo

On 28 September 2017, the European Commission published a Communication on “Tackling Illegal Content Online: Towards an enhanced responsibility of online platforms”.

In order to be constructive and support the European Commission in developing a balanced, rights-friendly and harmonised approach to deal with illegal content online in the future, EDRi has written a letter to the Digital Economy Commissioner Mariya Gabriel. We propose the Commission to adopt at least three workstreams: a “fundamental rights framework”, “learning from experience”, and “effective and predictable frameworks for addressing illegal content”.

That Communication puts the emphasis on demanding that online platforms take more action to tackle illegal content online, by preventing, detecting, removing and disabling access to illegal content on a “voluntary” basis. While the Commission encouraged online platforms to adopt proactive measures and to use filtering technologies to that aim, little attention was paid to review mechanisms, counter-productive effects, mitigation or identification of problems, and legal predictability, among others.

The Commission’s Communication was widely criticised by EU policy-makers like Members of the European Parliament (MEPs) Marietje Schaake and Julia Reda, as well as European companies, EDRi, EDRi members, other civil society organisations, and academics. For example, Daphne Keller from Standford Law School expressed her concerns on filtering technologies, as well as on the risk of over-removal of content that can emerge from the compliance of online platforms with the Communication’s guidelines.

So, what is needed? Three workstreams that build a diligent, rights-based and comprehensive approach to this problem, creating methodologies to develop (1) an agreed understanding of the fundamental rights framework, (2) a structured approach to learning from experience and (3) a methodology for building effective policies in the future.

1. Fundamental rights framework

First, we recommend developing clear guidelines on government or European Commission compliance with the requirements of Article 52.1 of the Charter of Fundamental Rights of the European Union when they design, promote or participate in “voluntary” or mandatory measures that may restrict fundamental rights. Article 52.1 of the Charter establishes that any limitation on the exercise of fundamental rights needs to be provided for by law, and respect the principles of proportionality and necessity. Any regime for tackling illegal content on the internet needs to particularly ensure a robust protection for due process, safeguards against removal of legal content and provide an effective right to remedy.

2. Learning from experience

Secondly, we propose that the Commission conduct a neutral assessment of what has worked and hasn’t worked regarding the experience of EU and Member States initiatives to deal with illegal content online. This could cover a full range of impact assessments, including both on fundamental rights and on the public policy results of the measures that have been attempted.

3. Building a flexible, effective approach to illegal online content

Thirdly, we strongly encourage the Commission to develop an effective and flexible methodology for tackling different types and areas of illegal content online. This would ensure a diligent approach to fundamental rights, problem identification, review processes and contingencies. The methodology could include issues such as how the necessity, proportionality and predictability of the measures are guaranteed, risks for citizens, providers and governments and which review, redress and oversight mechanisms are available.

We hope that the letter can be a first step towards building a more effective approach, to protect the principles on which our democracies are based and to ensure a more effective, comprehensive approach to illegal online content.

Letter: A coherent and rights-based approach to dealing with illegal content (20.10.2017)
https://edri.org/files/letter_coherent_rightsbasedapproach_illegalcontent_20171020.pdf

Commission’s position on tackling illegal content online is contradictory and dangerous for free speech (28.09.2017)
https://edri.org/commissions-position-tackling-illegal-content-online-contradictory-dangerous-free-speech/

Twitter_tweet_and_follow_banner

close