10 Oct 2019

Open letter to EU Member States: Deliver ePrivacy now!


On 11 October 2019, EDRi, together with four other civil society organisations, sent an open letter to EU Member States, to urge to conclude the negotiations on the ePrivacy Regulation. The letter highlights the urgent need for a strong ePrivacy Regulation in order to tackle the problems created by the commercial surveillance business models, and expresses the deep concerns by the fact that the Member States, represented in the Council of the European Union, still have not made decisive progress, more than two and a half years since the Commission presented the proposal.

You can read the letter here (pdf) and below:

Open letter to EU Member States

Dear Minister,

We, the undersigned organisations, urge you to swiftly reach an agreement in the Council of the European Union on the draft ePrivacy Regulation.

We are deeply concerned by the fact that, more than two and a half years since the Commission presented the proposal, the Council still has not made decisive progress. Meanwhile, one after another, privacy scandals are hitting the front pages, from issues around the exploitation of data in the political context, such as “Cambridge Analytica”, to the sharing of sensitive health data. In 2019, for example, an EDRi/CookieBot report demonstrated how EU governments unknowingly allow the ad tech industry to monitor citizens across public sector websites.1 An investigation by Privacy International revealed how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results to third parties.2

A strong ePrivacy Regulation is necessary to tackle the problems created by the commercial surveillance business models. Those business models, which are built on tracking and cashing in on people’s most intimate moments, have taken over the internet and create incentives to promote disinformation, manipulation and illegal content.

What Europe gains with a strong ePrivacy Regulation

The reform of the current ePrivacy Directive is essential to strengthen – not weaken – individuals’ fundamental rights to privacy and confidentiality of communications.3 It is necessary to make current rules fit for the digital age.4 In addition, a strong and clear ePrivacy Regulation would push Europe’s global leadership in the creation of a healthy digital environment, providing strong protections for citizens, their fundamental rights and our societal values. All this is key for the EU to regain its digital sovereignty, one of the goals set out by Commission President-elect Ursula von der Leyen in her political guidelines.5

Far from being an obstacle to the development of new technologies and services, the ePrivacy Regulation is necessary to ensure a level playing field and legal certainty for market operators.6 It is an opportunity for businesses7 to innovate and invest in new, privacy-friendly, business models.

What Europe loses without a strong ePrivacy Regulation

Without the ePrivacy Regulation, Europe will continue living with an outdated Directive which is not being properly enforced8 and the completion of our legal framework initiated with the General Data Protection Regulation (GDPR) will not be achieved. Without a strong Regulation, surveillance-driven business models will be able to cement their dominant positions9 and continue posing serious risks to our democratic processes.10 11 The EU also risks losing the position as global standard-setter and digital champion that it earned though the adoption of the GDPR.

As a result, people’s trust in internet services will continue to fall. According to the Special Eurobarometer Survey of June 2019 the majority of users believe that they only have partial control over the information they provide online, with 62% of them being concerned about it.

The ePrivacy Regulation is urgently needed

We expect the EU to protect people’s fundamental rights and interests against practices that undermine the security and confidentiality of their online communications and intrude in their private lives.

As you meet today to discuss the next steps of the reform, we urge you to finally reach an agreement to conclude the negotiations and deliver an upgraded and improved ePrivacy Regulation for individuals and businesses. We stand ready to support your work.

Yours sincerely,

The European Consumer Organisation (BEUC)
European Digital Rights (EDRi)
Privacy International
Open Society European Policy Institute (OSEPI)

1 https://www.cookiebot.com/media/1121/cookiebot-report-2019-medium-size.pdf
7 https://www.beuc.eu/publications/beuc-x-2018-108-eprivacy-reform-joint-letter-consumer-organisations-ngos-internet_companies.pdf

Read more:

Open letter to EU Member States on ePrivacy (11.10.2019)

Right a wrong: ePrivacy now! (09.10.2019)

Civil society calls Council to adopt ePrivacy now (05.12.2018)

ePrivacy reform: Open letter to EU member states (27.03.2018)

09 Oct 2019

Right a wrong: ePrivacy now!

By Ella Jakubowska

When the European Commission proposed to replace the outdated and improperly enforced 2002 ePrivacy Directive with a new ePrivacy Regulation in January 2017, it marked a cautiously hopeful moment for digital rights advocates across Europe. With the backdrop of the General Data Protection Regulation (GDPR), adopted in May 2018, Europe took a giant leap ahead for the protection of personal data. Yet by failing to adopt the only piece of legislation protecting the right to privacy and to the confidentiality of communications, the Council of the European Union seems to have prioritised private interests over the fundamental rights, securities and freedoms of citizens that would be protected by a strong ePrivacy Regulation.

This is not an abstract problem; commercial surveillance models – where businesses exploit user data as a key part of their business activity – pose a serious threat to our freedom to express ourselves without fear. This model relies on profiling, essentially putting people into the boxes in which the platforms believe they belong – which is a very slippery slope towards discrimination. And when children increasingly make up a large proportion of internet users, the risks become even more stark: their online actions could impact their access to opportunities in the future. Furthermore, these models are set up to profit from the mass sharing of content, and so platforms are perversely incentivised to promote sensationalist posts that could harm democracy (for example political disinformation).

The rise of highly personalised adverts (”microtargeting”) means that online platforms increasingly control and limit the parameters of the world that you see online, based on their biased and potentially discriminatory assumptions about who you are. And as for that online quiz about depression that you took? Well, that might not be as private as you thought.

It is high time that the Council of the European Union takes note of the risks to citizens caused by the current black hole where ePrivacy legislation should be. Amongst the doom and gloom, there are reasons to be optimistic. If delivered in its strongest form, an improved ePrivacy Regulation helps to complement the GDPR; will ensure compliance with essential principles such as privacy by design and by default; will tackle the perversive model of online tracking and the disinformation it creates; and it will give power back to citizens over their private life and interests. We urge the Council to swiftly update and adopt a strong, citizen-centered ePrivacy Regulation.

e-Privacy revision: Document pool: Document pool

ePrivacy: Private data retention through the back door (22.05.2019)

Captured states – e-Privacy Regulation victim of a “lobby onslaught” (23.05.2019)

NGOs urge Austrian Council Presidency to finalise e-Privacy reform (07.11.2018)

e-Privacy: What happened and what happens next (29.11.2017)

(Contribution by Ella Jakubowska, EDRi intern)

09 Oct 2019

Why weak encryption is everybody’s problem

By Ella Jakubowska

Representatives of the UK Home Department, US Attorney General, US Homeland Security and Australian Home Affairs have joined forces to issue an open letter to Mark Zuckerberg. In their letter of 4 October, they urge Facebook to halt plans for end-to-end (aka strong) encryption across Facebook’s messaging platforms, unless such plans include “a means for lawful access to the content of communications”. In other words, the signatories are requesting what security experts call a “backdoor” for law enforcement to circumvent legitimate encryption methods in order to access private communications.

The myth of weak encryption as safe

Whilst the US, UK and Australia are adamant that their position enhances the safety of citizens, there are many reasons to be skeptical of this. The open letter uses emotive language to emphasise the risk of “child sexual exploitation, terrorism and extortion” that the signatories claim is associated with strong encryption, but fails to give a balanced assessment which includes the risks to privacy, democracy and most business transactions of weak encryption. By positioning weak encryption as a “safety” measure, the US, UK and Australia imply (or even explicitly state) that supporters of strong encryption are supporting crime.

Government-led attacks on everybody’s digital safety aren’t new. Since the 1990s, the US has tried to prevent the export of strong encryption and—when that failed—worked on forcing software companies to build backdoors for the government. Those attempts were called the first “Cryptowars”.

In reality, however, arguing that encryption mostly helps criminals is like saying that vehicles should be banned and all knives blunt because both have been used by criminals and terrorists. Such reasoning ignores that in the huge majority of cases strong encryption greatly enhances people’s safety. From enabling secure online banking, to keeping citizens’ messages private, internet users and companies rely on strong encryption every single day. It is the foundation of trusted, secure digital infrastructure. Weak encryption, on the other hand, is like locking the front door of your home, only to leave the back one open. Police may be able to enter more easily – but so too can criminals.

Strong encryption is vital for protecting civil rights

The position outlined by the US, UK and Australia is fundamentally misleading. Undermining encryption harms innocent citizens. Encryption already protects some of the most vulnerable people worldwide – journalists, environmental activists, human rights defenders, and many more. State interception of private communications is frequently not benign: government hacking can and does lead to egregious violations of fundamental rights.

For many digital rights groups, this debate is the ultimate groundhog day, and valuable effort is expended year after year on challenging the false dichotomy of “privacy versus security”. Even the European Commission has struggled to sort fact from fear-mongering.

However, it is worth remembering that Facebook’s announcement to encrypt some user content is so far just that: an announcement. The advertisement company’s approach to privacy is a supreme example of surveillance capitalism: protecting some users when it is favourable for their PR, and exploiting user data when there is a financial incentive to do so. To best protect citizens’ rights, we need a concerted effort between policy-makers and civil society to enact laws and build better technology so that neither our governments nor social media platforms can exploit us and our personal data.

The bottom line

Facebook must refuse to build anything that could constitute a backdoor into their messaging platforms. Otherwise, Facebook is handing the US, UK and Australian governments a surveillance-shaped skeleton key that puts Facebook users at risk worldwide. And once that door is unlocked, there will be no way to control who will enter.

EDRi Position paper on encryption: High-grade encryption is essential for our economy and our democratic freedoms (25.01.2015)

Encryption – debunking the myths (03.05.2017)

Encryption Workarounds: a digital rights perspective (12.09.2017)

(Contribution by Ella Jakubowska, EDRi intern)

22 May 2019

ePrivacy: Private data retention through the back door

By Digitalcourage

Blanket data retention has been prohibited in several court decisions by the European Court of Justice (ECJ) and the German Federal Constitutional Court (BVerfG). In spite of this, some of the EU Member States want to reintroduce it for the use by law enforcement authorities – through a back door in the ePrivacy Regulation.

The ePrivacy Regulation

The ePrivacy Regulation, which is currently under negotiation, is aimed at ensuring privacy and confidentiality of communications in the electronic communications, by complementing and particularising the matters covered in the General Data Protection Regulation (GDPR). Confidentiality of communications is currently covered by the ePrivacy Directive dating back to 2002. A review of this piece of legislation is long overdue, but Member States keep delaying the process and therefore not updating necessary protections for online privacy in the EU.

Ever since 2017, the EU Ministers of Justice and Interior have been “deliberating” the Tele2 verdict by the European Court of Justice. The Court had declared the blanket retention of telecommunications metadata inadmissible. Yet the EU Member States are unwilling to accept this ruling. During an informal discussion in Valetta on 26 and 27 January 2017, the Justice and Interior Ministers expressed their wish for “a common reflection process at EU level on data retention in light of the recent judgments of the Court of Justice of the European Union” (Ref. EU Council 6713/17) to implement EU-wide data retention. This process was set in motion in March 2019 by the Presidency of the Council of the European Union. A sub-group of the Council’s Working Party on Information Exchange and Data Protection (DAPIX) was put in charge. From the very beginning, this reflection process has mainly served the purpose of finding opportunities to implement yet another instance of data retention on the EU level. This has been proven by documents published by EDRi member Statewatch.

Instead of complying with the clear rulings by the European Court of Justice (Tele 2 and Digital Rights Ireland), the responsible ministers are doing everything they can to “resurrect” data retention, potentially using ePrivacy as a basis for a new era of data retention. In a working document (WK 11127/17), the Presidency of the EU Council in 2017 concluded in addition to a specific data retention legislation it would be desirable to also collect citizens’ communications data (metadata) in ePrivacy to avoid so companies can use it for commercial purposes. The logic behind being, probably, to circumvent CJEU case law by not imposing an obligation on companies but having the data available when law enforcement needs it thanks to ePrivacy.

Private data retention

In plain words, this means: If the courts will not allow mass data retention, service providers will simply be given incentives to do so by their own choice. That is why the ePrivacy Regulation is being watered down by Member States in order to give the service providers manifold permissions to store data for a wide variety of reasons (see Article 6 of the draft ePrivacy Regulation). Those responsible are relying on the assumption that the providers’ appetite for data will be sufficient even without an explicit obligation to retain data.

The immediate problem with this type of private data retention is the fact that it weakens the protection of all users’ personal data against data hungry corporations whose main interest is making profit. What’s even worse is that, once again, a governmental function is being outsourced to private corporations. These corporations are not subject to democratic scrutiny, and they are given ever more power over the countries concerned.

In Germany, the hurdles for criminal investigators to get access to data are already very low. The e-mail provider Posteo, for example, had to pay a fine because they were unable to provide the criminal investigators the IP addresses from which a certain e-mail account had been accessed. Posteo simply hadn’t stored those data; they were erased as soon as they were received. The Court declared the fine to be justified. This decision could easily lead to a situation where private companies prefer to err on the side of caution and store even more data, just to avoid such fines.

The draft ePrivacy Regulation as proposed by the European Commission in 2017 placed relatively strict duties on service providers regarding data protection. For example, they were obliged to either erase or anonymise all data that was no longer needed. This is diametrically opposed to the goal of private data retention, and the DAPIX task force noticed it, too. As the Presidency of the EU Council statedservice providers will be given the freedom to use and store data in order to prevent “fraudulent use or abuse”. And these data could then be picked up by law enforcement doing criminal investigation.

No data retention through the back door!

EDRi member Digitalcourage wanted to know how the German government argued with respect to the data retention issue, and submitted a request for the disclosure of documents related to it. Unfortunately, the request was largely denied by the Council of the European Union, long after the legal deadline was missed. The secretariat declared that a disclosure would be a threat to public safety – the risk to the relationship of trust between the Member States and Eurojust, the EU agency dealing with judicial co-operation in criminal matters among agencies of the Member States, would be too severe. Furthermore, such a disclosure would threaten ongoing criminal investigation or judicial procedures. No further details were given. Digitalcourage lodged an appeal against this dismissal, but in addition to being asked for patience, they haven’t received an answer from the European Commission. Several requests pursuant to the Freedom of Information Act have also been submitted to German ministries.

It is unbelievable to imagine policy makers contemplating existing and potential new surveillance laws that would clearly be illegal. However, this is exacly what the DAPIX task force is doing, and they are doing it behind closed doors. The changes they propose can be found in the current draft ePrivacy Regulation. Digitalcourage will continue to request documents from the EU and the German government. As soon as the trilogue negotiations between EU Council, Commission and Parliament begin, the concerns will be voiced our concerns and a demand: No data retention through the back door!

This article was first published at https://digitalcourage.de/blog/2019/eprivacy-private-data-retention-through-the-back-door


ePrivacy: Private data retention through the back door (in German, 18.04.2019)

(Contribution by EDRi member Digitalcourage, Germany)

19 Feb 2019

EDRi’s Press Review 2018


During the past year, our work to defend citizens’ rights and freedoms online has gained an impressive visibility – we counted more than three hundred mentions! – in European and international media. Below, you can find our press review 2018.


01/01 EU i linedans mellem desinformation og censur (Mandag Morgen)
10/01 Does Software Piracy Hurt Sales? The $431,000 Buried EU Study Says ‘No’ (PC Steps)
16/01 O francês Macron poderá vencer a guerra contra as fake news? (Veja)
19/01 El RGDP: nueva normativa europea a partir de 2018 (1&1Digital Guide )
20/01 GDPR: Harmonization or Fragmentation? Applicable Law Problems in EU Data Protection Law (Berkley Technology Law Journal)
22/01 Šmírování zuby nehty (České noviny)
22/01 Kampf gegen Hate SpeechDie EU setzt weiterhin auf Freiwilligkeit (Deutschlandfunk)
23/01 Youtube scannt “hunderte Jahre” Videomaterial am Tag (Süddeutsche Zeitung)
31/01 Net neutrality in Europe: will the US case change the way our telecom suppliers provide internet services? (EU Logos)


03/02 Neutralité du net : “Certains voudraient faire d’internet un nouveau minitel” (Sciences et Avenir)
09/02 Commission lobbies for police access to website owners list (Euractiv)
12/02 Logan Paul: Following the YouTube controversy, should social media have the same regulations as journalism? (Independent)
13/02 EU-Kommission will Plattformen die Löschung von illegalen Inhalten ohne Netz und doppeltem Boden empfehlen (Netzpolitik.org)
13/02 Tutto quello che Tinder sa di te. Da leggere prima di San Valentino (Cyber Security)
13/02 Bruxelles passe à la vitesse supérieure contre les contenus illégaux en ligne (document) (Contexte)
14/02 Auf Facebook kommt in Europa eine Lawine an Verfahren zu (Radio fm4)
14/02 Germany: Flawed Social Media Law (No Comment Diary)
14/02 EU adds pressure on online platforms with plan for fast removal of terrorist content (EURACTIV)
14/02 L’UE durcit le ton sur les contenus à caractère terroriste en ligne (EURACTIV.fr)
14/02 Germany: Flawed Social Media Law (World Justice News)
14/02 Dating online, Garante Ue Buttarelli ‘L’uso dei nostri dati non è chiaro’ (Privacy Italia)
15/02 Netizen Report: In Leaked Docs, European Commission Says Internet Companies Should Self-Regulate on Harmful Speech (Slate)
15/02 Commission suggestions for speeding up removal of illegal online content in keeping with the voluntary approach (Agence Europe)
15/02 Europa will mehr löschen lassen (Spiegel)
15/02 EU-Kommission: Nutzer können gegen Facebook & Co in ihrem Herkunftsland klagen (HeiseOnline)
15/02 Leak: Online-Plattformen sollen illegale Inhalte innerhalb einer Stunde löschen (EurActive)
16/02 Tweets of the Week: Dutch minister resigns, Boris Johnson’s credibility, and Bad Valentines (EURACTIV)
16/02 De la neutralité du net à celle des terminaux (Le Monde)
18/02 «Echaríamos a todo gobierno que nos pidiera los datos que le damos a Facebook» (El Correo)
18/02 Terror als Vorwand der EU-Kommission für Copyrightfilter (Radio fm4)
17/02 Netzpolitischer Wochenrückblick KW7: Daten minimieren mal anders (Netzpolitik)
19/02 Keine Ent­schä­d­i­gungs­re­ge­lung für Ato­m­aus­s­tieg / BVerwG prüft Fahr­ver­bote / Deniz Yücel frei (Legal Tribune Online)
20/15 Rapport Netizen: Selon un document fuité de la Commission européenne, les entreprises de technologie devraient s’auto-réguler sur les discours offensants (Global Voices)
22/02 Une messagerie sécurisée, privée et chiffrée ? Voici Mailfence ! (GeekHebdo)
23/02 Explained: what the EU’s major new data protection rules mean for you (EuroNews)
23/02 The Rise of the Namibian Surveillance State: Part 2 (The Namibian)


01/03 EU Commission’s Recommendation: Let’s put internet giants in charge of censoring Europe (EUbusiness.com)
01/03 EU gives Facebook and Google three months to tackle extremist content (The Guardian)
01/03 EU piles pressure on internet giants to remove extremist content (The Jerusalem Post)
02/03 /EU Tells Internet Firms to Delete Terrorist Content Within One Hour (PCMag)
07/03 General Data Protection Regulation: new laws from 2018 (1&1 Digital Guide)
08/03 Es duro ver a España en la misma lista que Turquía al hablar de respeto los derechos digitales y la privacidad (Publication)
08/03 Council of Europe takes world-leading step towards protecting online rights (EUbusiness.com)
08/03 EU ‘Recommends’ 1 Hour Takedown on Terrorist Content (Find VPN)
09/03 #failoftheweek: Es lebe das Flugtaxi / Die neuesten Tricks der Tracker / Dillon zu Gast im Studio / Interview mit den Young Fathers / Auf ARD-Alpha startet “Respekt” (1:05:30) (Radio Bayern 2)
15/03 EU Pushes More Censorship… To “Protect” You (Zero Hedge)
13/03 ‘Insidious’ and ‘Dangerous’: Digital Privacy Groups Issue Urgent Warning Over CLOUD Act (Common Dreams)
20/30 CLOUD Act Could Repeal Fourth Amendment Rights by March 23 (Trillions)
22/03 Interview: The ethics of big data, Facebook & Cambridge Analytica (WikiTribune)
23/03 Facebook under scrutiny in the the U.S. and the UK over Cambridge Analytica scandal, users in Iran blocked from Apple’s App Store, U.S. Congress urged to consider “implications” of CLOUD Act (Ranking Digital Rights)
26/03 Rushed US Cloud Act triggers EU backlash (EU Observer)
28/03 CLOUD Act puts Fourth Amendment at Risk (Liberty Nation)
30/03 Upload Filter: Das Ende des freien Internets? (Undogmatisch.net)
31/03 Europe is dealing with Facebook in a way the U.S. hasn’t (NY Daily News)


02/04 GOOGLE E FACEBOOK: espionagem no tempo de internet – Por Estevam Dedalus (Polêmica Paraíba)
02/04 Google och Facebook lägger miljoner på att påverka EU-politikerna (Expressen)
03/04 Contra el filtrado de contenido en Internet y el impuesto a la cita: paremos la #CensorshipMachine (Publico)
03/04 Retro: Ústavní soud zrušil protiústavní šmírovací zákon (Almanach)
04/04 Around 100 organisations urge Council of Europe to show greater transparency in negotiations on cybercrime (Agance Europe)
04/04 “Not Transparent”: NGOs Hit Out at Cybercrime Convention Talks (Computer Business Review)
05/04 Cos’è la General Data Protection Regulation (GDPR), la nuova legge UE per la privacy (EuroNews)
06/04 Forze dell’ordine e Ministeri italiani in balia dell’antivirus… di Mosca (EuroNews)
07/04 Russia e Cina monopolizzano la sicurezza informatica europea (Gli Occhi Della Guerra)
09/04 EU: Více cenzury pro vaše „dobro“ (Tadesco)
09/04 Websites Worry EU May Seek Heavy Copyright Monitoring (Big Law Business)
10/04 Gafa : «Les géants du Net ont compris qu’il faut composer avec l’UE» (La Croix)
11/04 Contra el filtrado de contenido en internet (Avanguardia)
12/04 L’activisme digital alça la veu contra la directiva europea que vol protegir els drets d’autoria a Internet (Directa)
12/04 Internet Censorship – Guess What’s Coming Next? (True Publica)
16/04 EU to give judges power to seize terror suspect emails and texts (Financial Times)
17/04 Proposal Gives EU Judges Power To Demand Data Across Borders (Silicon UK)
17/04 Brussel wil bedrijven buiten EU dwingen data te overhandigen (NU.nl)
17/04 Η Κομισιόν θα αναγκάσει τους τεχνολογικούς κολοσσούς να παραδίδουν άμεσα τα ηλεκτρονικά μηνύματα υπόπτων τρομοκρατίας (Lifo)
17/04 Europa dwingt techbedrijven data van terreurverdachten vrij te geven (Demorgen)
17/04 Europa dwingt techbedrijven data van terreurverdachten vrij te geven (HLN)
17/04 EU to force tech firms to hand over terror suspects’ messages (The Guardian)
17/04 Tech companies to be forced to give police overseas data under EU proposal (Reuters)
17/04 EU proposes ‘revolutionary’ fast-track system for police data access (EURActive)
17/04 The EU may order tech firms to hand over terror suspects’ data inside 6 hours (Technology review)
17/04 Europese Commissie wil dat techbedrijven data sneller gaan overhandigen (Dutch IT Channel)
17/04 EU “e-evidence” proposals turn service providers into judicial authorities (EU Business)
17/04 Kritik mot EU-förslag om utlämning av data (Ny Teknik)
17/04 Kritik mot EU-förslag om utlämning av data (Sydvenskan)
17/04 EU kräver snabbare hjälp från Facebook och Apple (BreakIt)
17/04 EU vil tvinge techgiganter til at udlevere data hurtigt (Berlingske Business)
17/04 Perusahaan Teknologi Wajib Serahkan Data Pengguna ke Otoritas UE (Kabar24)
18/04 EU proposal to force tech firms to give overseas data to police (EJ Insight)
18/04 Title (Publication)
18/04 EU plans to increase access to electronic evidance in court cases (EU Policies)
18/04 Tech titans could be forced to give police overseas data under new proposal (ARN)
18/04 L’UE s’achemine vers l’obligation de partage de données avec la police (EurActive)
18/04 EU: Mere censur for at “beskytte” (Dokument)
18/04 EU wil bedrijven buiten Europa gaan dwingen data te overhandigen (Numrush)
18/04 Unia chce dać policji łatwiejszy dostęp do naszych danych online (Onet Wiadomości)
18/04 Proposals on electronic evidence perceived as hasty response to US CLOUD Act (Agance Europe)
19/04 Szykują się pierwsze skargi na podstawie RODO (Gazeta Prawna)
23/04 Tarifários zero rating em Portugal criticados por organizações internacionais (SapoTek)
23/04 “Portugal tem as piores violações da neutralidade da internet” (Pais ao Minuto)
23/04 Associações europeias pedem à Anacom medidas para “internet livre e aberta” (Expresso)
23/04 Associações europeias pedem à Anacom medidas para “Internet livre e aberta” (Diario de Noticias)
Associações europeias pedem à Anacom medidas para “Internet livre e aberta”
(Dinheiro Vivo)
23/04 Organizações de diversos países pedem à ANACOM que defenda a neutralidade da Internet (Ardina)
23/04 Perusahaan Teknologi Harus Serahkan Data Luar Negeri di bawah Proposal U (Saru Harapan)
24/04 Portuguese NGOs urge Anacom to block zero-rating offers (Telecom Paper)
24/04 Organizações internacionais pedem à ANACOM o fim do zero-rating (Aberto até de Madrugada)
24/04 Facebook is about to get hit with regulation, just not from the U.S. (The Informer)
25/04 Männer in der digitalen Welt (Volksblat)
25/04 Net neutrality death delayed (Capacity Media)
26/04 Tech Companies to Be Forced to Give Police Overseas Data under EU Proposal (OMG News)
26/04 Over 145 organisations representing a broad spectrum of stakeholders join forces to call upon the EU Member State Ambassadors to continue technical discussions on the copyright reform and to not grant the Bulgarian Council Presidency a mandate to negotiate with the European Parliament (CopyBuzz)
26/04 EU pritišće Facebook i Google da pojačaju borbu protiv lažnih vijesti (Lider)
26/04 EU piles pressure on social media over fake news (Reuters)
26/04 EU-Kommissar für Sicherheitsunion fordert Klarnamen-Registrierung im Internet (NetzPolitik)
26/04 EU tells platforms to sort fake news by October or face new law (EU Observer)
26/04 “Fake news” strategy needs to be based on real evidence, not assumptions (EU Business)
26/04 Organizações de diversos países pedem à Anacom que defenda a neutralidade da Internet (Ardina)
26/04 EU jača pritisak na društvene mreže zbog širenja lažnih vijesti (AlJazeera Balkans)
26/04 EU tells social media giants to combat fake news or face new regulations (BrinkWire)
26/04 EU jača pritisak na društvene mreže zbog širenja lažnih vijesti (Publication)
26/04 EU piles strain on social media over faux information (Mining for news)
26/04 Europska komisija sastavlja Kodeks za sprječavanje širenja lažnih vijesti (Index.hr)
26/04 EU piles pressure on social media over fake news (UsamaTech)
26/04 EU Piles Pressure on Social Media Over Fake News (America News Portal)
27/04 EU piles pressure on social media over fake news (CGTN)
27/04 EU Piles Pressure on Tech Giants Like Facebook, Google Over Fake News (News18)
27/04 EU Piles Pressure on Social Media Over Fake News (NewsRains)
27/04 EU Piles Pressure on Tech Giants Like Facebook, Google Over Fake News (Newsnow)
27/04 Letzte Ausfahrt: Gesetzgeberische Maßnahmen (MDR.de)
27/04 Unión Europea no sede terreno ante noticias falsas (El Tiempo)
29/04 EU tells social media giants to combat fake news or face new regulations (ProNews)
30/04 Burgerrechtenbeweging bezorgd om e-privacywetten (Computable)


02/05 Why Europe’s privacy clampdown may not solve Facebook’s data scandal woes (Foxnews)
02/05 “Rights offline are valid online, laws offline are valid online”, says global Internet expert at World Press Freedom Day launch (DemerareWaves)
02/05 France, Spain, Italy and Portugal go beyond maximalist on © (CopyBuzz)
07/05 EU-Staaten arbeiten an neuen Ansätzen zur Vorratsdatenspeicherung (Heise Online)
08/05 Nowy model pozyskiwania danych cyfrowych w sprawach karnych (Publication)
10/05 Conoces tus derechos digitales (ElMundo)
15/05 EDRi calls on Parliament’s political groups to ban micro-targeting in their election campaigns (Agance Europe)
15/05 Offener Brief: Europäische Parteien sollen auf Microtargeting verzichten (Netzpolitik)
15/05 Title (DKE Chicago)
18/05 Netzpolitischer Wochenrückblick KW 20: Bayern kriegt Polizeigesetz, Berlin informiert über Funkzellenabfrage (Netzpolitik)
22/05 What Europe needs to ask Mark Zuckerberg (Politico)
22/05 Perusahaan-Perusahaan Teknologi Wajib Berbagi Data (NNews.id)
22/05 GDPR: How Europe’s new Internet rules could change your life (alJazeera)
22/05 Facebook CEO Mark Zuckerberg begins European leg of apology tour (Los Angeles Times)
23/05 Facebook’s Zuckerberg in Europe as tough data rules take effect (rfi)
23/05 European Union’s General Data Protection Regulation and Lessons for U.S. Privacy Policy (Competitive Enterprise Institute)
23/05 Cos’è la General Data Protection Regulation (GDPR), la nuova legge UE per la privacy (EuroNews)
24/05 Ons vier jaar durende gevecht voor de bescherming van jouw gegevens (HQ-Niews)
24/05 Com ens protegeix el nou reglament europeu de protecció de dades? (VilaWeb)
25/05 RODO: koniec z traktowaniem nas jak towar (Portal Pomorza)
25/05 Czy RODO oznacza koniec traktowania nas jak towarów? (DII)
25/05 Today, a new E.U. law transforms privacy rights for everyone. Without Edward Snowden, it might never have happened. (The Washington Post)
25/05 GDPR: European tech firms struggle with new data protection law (AlJazeera)
25/05 POLITICO Brussels Influence, presented by The GSMA: Facebook hearing mess — EU election countdown — In-house agencies (Politico)
25/05 Unión Europea implementa fuertes medidas de protección de privacidad en internet (LeRed21)
31/05 The latest EDRi-gram (Wired)
31/05 Proposed EU Copyright Law Could Drastically Change Internet Sharing and Publishing (ECW)
31/05 Industry groups amp up lobby campaign to topple ePrivacy bill (EurActive)


01/06 GDPR a EDSM: Od svobodného internetu na hlídaný EUnet? (PCtunning)
03/06 European Digital Rights Activists Warns About EU Censorship Machine (FreezeNet)
04/06 EU-US work on police access to data hits roadblocks (PoliticoPRO)
05/06 Compte rendu de la conférence du 24 mai 2018 – Conversations européennes #3 – Réguler l’internet, un enjeu politique européen (EU Logos)
08/06 EU GDPR Comes Into Force, But Reaction Is Divided (FreezeNet)
11/06 Internet se může zcela změnit. Kontroverzní zákon je o krok blíž (Svobodni Svet)
DD/MM Title (Publication)
06/06 Dok se mi “zabavljamo” GDPR-om, EU uvodi “porez na linkove” i filtriranje naših sadržajae (Netokracija)
11/06 Kodi CLAMPDOWN: New piracy laws could change the face of illegal streaming FOREVER (Express)
12/06 Will EU copyright law ‘carpet bomb’ the digital world? (New Internationalist)
13/06 Will US net neutrality repeal be felt around the world? (WikiTribune)
14/06 What’s really behind the EU law that would ‘ban memes’ – and how to stop it before June 20 (TheNextWeb)
15/06 What’s in actuality within the help of the EU law that can perchance “ban memes” – and cease it before June 20 (Multinews)
14/06 L’Internet libre et ouvert est en danger : vous pouvez arrêter ce désastre (Linuxfr)
15/06 Europe’s Proposed “E-Evidence” Package Draws Fire (FreezeNet)
20/06 EU birokrati izglasali cenzuru interneta i zabranu memea, što sada? (Index)
20/06 EU takes first step in passing controversial copyright law that could ‘censor the internet’ (The Verge)
20/06 EU Copyright Reform Proposal Clears Lead Legislative Committee, To Cheers And Jeers (Intellectual Property Watch)
20/06 New EU Rules Could Ban Memes and Destroy the Internet as We Know It (AntiMedian)
20/06 EU Committee Approves Copyright Directive (Computer Business Review)
20/06 Internet Pioneers Warn New EU Rules Would Turn Web Into “Tool for Automated Surveillance and Control” (Common Dreams)
20/06 Joe McNamee: «Cette directive renforce la domination des géants du web» (Le Soir)
20/06 MEPs ignore expert advice and vote for mass internet censorship (EU Observer)
20/06 Europe takes another step towards copyright pre-filters for user generated content (TechCrunch)
20/06 Europe Slams the Door on Free Speech and Passes Article 13 (Freezenet)
20/06 EU-Urheberrecht: Weichenstellung für Upload-Filter und Presse-Leistungsschutzrecht (iRight info)
20/06 Europe takes another step towards copyright pre-filters for user generated content (Blogramo)
20/06 Europe Slams the Door on Free Speech and Passes Article 13 (FreezeNet)
20/06 Europe takes another step towards copyright pre-filters for user generated content (TopTechz)
20/06 Europe takes another step towards copyright pre-filters for user generated content – TechCrunch (Tech News)
20/06 Copyright: la commissione giuridica del Parlamento europeo ha votato per la censura di massa su Internet (Virtual Blog News)
20/06 La red se moviliza contra la propuesta europea de copyright que pretende convertir a las empresas en policías de contenidos (Publico)
20/06 Pioneros de Internet advierten que las nuevas normas de la UE convertirán la web en una “herramienta para la vigilancia y el control automatizados” (Steemit)
20/06 Europe takes another step towards copyright pre-filters for user generated content (Tech News Park)
20/06 Europe takes another step towards copyright pre-filters for user generated content – TechCrunch (Tech Snaq)
20/06 https://www.curtisryals.com/2018/06/20/eu-parliamentary-committee-votes-to-put-american-internet-giants-in-charge-of-what-speech-is-allowed-online/ (Curtis Ryals Reports)
20/06 EU Parliamentary Committee Votes To Put American Internet Giants In Charge Of What Speech Is Allowed Online (Give info)
20/06 https://netzpolitik.org/2018/schlag-gegen-die-netzfreiheit-eu-abgeordnete-treffen-vorentscheid-fuer-uploadfilter-und-leistungsschutzrecht/ (NetzPolitik)
21/06 Como uma nova legislação europeia de direitos autorais pode arruinar a internet como a conhecemos (Gizmodo Brasil)
21/06 Internet Pioneers Warn New EU Rules Would Turn Web Into “Tool for Automated Surveillance and Control” – Jessica Corbett (Wall Street Window)
21/06 Europe takes another step towards copyright pre-filters for user generated content – TechCrunch (Tech News)
21/06 European Parliament’s Legal Affairs Committee Goves green Light to Harmful Link Tax and Pervasive Platform Censorship (Censored Today)
21/06 Филтри и данък върху линковете – какво означават те за нас? (Conservative)
21/06 Пагубни решения за свободното разпространение на информация (Terminal3)
22/06 #LaRéplique – L’approbation par le parlement européen de la directive Copyright suscite des inquiétudes (EurActive Blogs)
22/06 Schlag gegen die Netzfreiheit:EU-Abgeordnete treffen Vorentscheid für Uploadfilter und Leistungsschutzrecht
(Demokratisch Links)
24/06 “Copyright protection in the EU”: the new reform can affect not only the media platforms (Habrahabr)
24/06 The new reform can affect not only the media platforms / IT-GRAD / Habr company blog (TechOrt)
24/06 Die große Filterphobie (Taz)
24/06 European Parliament’s Legal Affairs Committee Gives Green Light to Damaging Link Tax and Pervasive Platform Censorship (SCAm Channel)
25/06 Zivilgesellschaft: EU-Kommission muss gegen Vorratsdatenspeicherung vorgehen (Heise Online)
25/06 La commission des affaires juridiques du Parlement européen a voté pour les robots-censeurs de l’article 13 : quelle sera la suite ? (My tiny Tool)
26/06 La direttiva europea sul copyright minaccia internet? (World News netwoek Italy)
28/06 The latest EDRi-gram (Wired)
29/06 Segons European Digital Rights (EDRi) Espanya destaca “vergonyosament” en llibertat d’expressió (Català Digital )
29/06 EU-Copyright-Eklat: Dorothee Bär und Netzpolitiker gegen Upload-Filter (Heise Online)
29/06 Otra ONG de defensa de los derechos civiles pide derogar la ‘ley mordaza’ (El Nacional)
28/06 Directive Copyright : le vote du Parlement européen fixé au 5 juillet (Numerama)
28/06 La direttiva dell’UE sul copyright: una minaccia per la rete? (Buongiorno Slovachia)
29/06 Otra ONG de defensa de los derechos civiles pide derogar la ‘ley mordaza’ (Niews Reporter)
30/06 Europe takes another step towards copyright pre-filters for user generated content (TYoungSystems)


02/07 Interview zur DSGVO: Mit so krassen Reaktionen wurde wirklich nicht gerechnet (TreffPunktEuropa)
02/07 MEPs’ email says Article 13 “will not filter the internet”; JURI MEP’s tweet says it will (CopyBuzz)
02/07 https://unita.news/2018/07/02/i-danni-che-la-direttiva-sul-copyright-fara-alle-nostre-liberta-e-cosa-possiamo-fare-per-contrastarla/ (Unità News)
03/07 Italian Wikipedia ‘goes dark’ in protest over proposed EU copyright laws (NewsTalk)
03/07 Title (Heise Online)
03/07 EDRI Publishes Legal Analysis of Upload Filter Legislation, Article 13 (FreezeNet)
03/07 Copyright Filter: EU Rapporteur Voss accuses opponents of “Fake News” before (Techwarf)
03/07 Folgenschwere Abstimmung: EU-Parlament entscheidet über Zukunft des Urheberrechts (NetzPolitik)
04/07 Copyright: Wikipedia dopo Italia, al buio anche Spagna, Lettonia ed Estonia (Radio Roseto)
04/07 Όταν το όραμα γίνεται ψευδαίσθηση: Η Πρόταση Οδηγίας για τα δικαιώματα πνευματικής ιδιοκτησίας στην ψηφιακή ενιαία αγορά (Lawpost)
04/07 Es geht um Fairness – nicht um Zensur (Frankfurter Allgemeine Zeitung)
04/07 Folgenschwere Abstimmung: EU-Parlament entscheidet über Zukunft des Urheberrechts (Kein Feiwild)
05/07 European MEPs Saves the Internet and Rejects Article 11 and Article 13 (FreezeNet)
05/07 Im nächsten Kampf um die Netzfreiheit (Sichtplaz)
05/07 Im nächsten Kampf um die Netzfreiheit (Sichtplaz)
05/07 Chi vuole e chi no la direttiva europea sul copyright (Wired)
05/07 Direttiva Ue sui diritti d’autore, quali conseguenze sull’informazione digitale (Due Righe)
05/07 “Todesdrohungen”: Klagen über Lobbying überschatten EU-Copyright-Entscheid (Heise Online)
05/07 Im nächsten Kampf um die Netzfreiheit (Sichtplaz)
05/07 Article 13 rejected by MEPs: What you need to know about the law that could have killed internet culture (alphr)
05/07 European Parliament Rejects Starting Negotiations On Copyright Reform Proposal (Intelectual Property Watch)
05/07 EU Parliamentarians support an open and democratic debate around the Copyright Directive (EUbusiness)
06/07 European Union rejects controversial copyright reforms (PCfind)
06/07 Europe takes another step towards copyright pre-filters for user generated content (VivalTopFeeds)
06/07 EU-Urheberrechtsreform: Das sind die Reaktionen auf die Entscheidung des Europäischen Parlaments (Cancom)
06/07 Alleged “meme ban” stalls in Europe; internet celebrates with memes (Salon)
06/07 Reform des Urheberrechts – Zwischen Todesdrohungen und Begeisterung – Reaktionen auf EU-Entscheid (Gamestar)
10/07 MEPs send copyright reform proposal back for rethink (EUbusiness)
11/07 Council of Europe cooperation against cybercrime — human rights Octopus or fishy deals? (FinTechLog)
14/07 Privacy Rights Organization Zwiebelfreunde Raided by German Police (FreezeNet)
16/07 Ceta, si crede ancora che porterà guadagni miracolosi. Ma i numeri dicono altro (Il Fatto Quotidiano)
16/07 Get to Know Berlin’s Hottest Female Entrepreneurs for 2018 (The Culture Trip)
18/07 What will it take to #savetheinternet in Europe? The view from Romania (Globam Voices)
23/07 Schutz gegen Tracking unerwünscht: Österreich verschiebt ePrivacy-Reform auf den St. Nimmerleinstag (Netzpolitik)
24/07 YouTube patzt beim Löschen von Terrorvideos (Heise Online)
27/07 Digitaler Binnenmarkt – here we come? (UdL Digital)
31/07 EFF Pioneer Awards 2018 an Netzaktivisten Joe McNamee, Fair-Use-Kämpferin Stephanie Lenz und Forscherin Sarah T. Roberts (Netzpolitik)
31/07 Cosa bisogna fare per #salvareinternet in Europa? Punti di vista dalla Romania (Global Voices)


14/08 How to file a copyright infringement complaint on YouTube (Pleaders)
15/08 3 ways to ensure the internet’s future is creative, collaborative, and fair (BigThink)
19/08 El Internet Freedom Festival 2019 buscará consolidar València como la “capital mundial de los derechos digitales” (EuropaPress)
20/08 Internet Freedom Festival torna per a consolidar València com a “capital mundial dels drets digitals” (Valencia Extra)
21/08 EU aiming at early removal of extremist content (China Daily)
21/08 EU to force removal of extremist content (Ecns.cn)
23/08 #SaveYourInternet: Europljani izlaze na ulice 26. kolovoza, pridružite se i vi! (Netokracija)
30/08 I’m back in Europe just in time for the latest EDRi-gram (Wired)


03/09 Curtain up for the next round (Web Schauder)
03/09 La guerra del copyright vuelve a la Eurocámara sin consenso a la vista (El Diario)
04/09 How the EU will force all artists to use Youtube, forever (BoingBoing)
04/09 Tech Firms Brace for Salvo of European Privacy Rules (National Jpurnal)
05/09 La UE abre la puerta a garantizar el anonimato de los alertadores de corrupción (La Vanguardia)
05/09 New European Copyright Proposal Blasted As Internet Threat (Freezenet)
05/09 Lobbyismus per Mail-Lawine (Frankfurter Allgemeine)
05/09 How the EU will drive all artists to make use of Youtube, endlessly (WakaJobs)
06/09 YouTube Chief Says Article 13 “Undermines Creative Economy” (TorrentFreak)
0709 YouTube’s CBO speaks out against Article 13 of EU’s controversial copyright law (PacktHub)
07/09 YouTube Chief Says Article 13 “Undermines Creative Economy” (Dimitrology)
11/09 The continental rift: Two pieces of EU legislative reform that could have ‘substantial effect’ on freedom of expression rights for media and public alike (Press Gazette)
12/09 Here Comes Another EU Law Threatening Google and Facebook With Enormous Fines (Fortune)
12/09 European Parliament Approves Negotiating Stance On Copyright Reform (Intelectual Property Watch)
12/09 EU lawmakers back controversial copyright reforms (EuroNews)
12/09 Juncker goes to war against disinformation and online terrorist content (EurActive)
12/09 EU Parliament flip-flops backwards on copyrigh (EUBussines)
12/09 Here Comes Another EU Law Threatening Google and Facebook With Enormous Fines (Yahoo)
12/09 EU-Kommission will Terrorismus mit Upload-Filtern und automatischen Systemen bekämpfen (Netzpolitik)
12/09 Tout comprendre sur la directive européenne sur le droit d’auteur (Konbini)
12/09 EU-Parlament stimmte für Uploadfilter und Linksteuer (Der Standard)
12/09 La riforma sul Copyright è passata (StartUp Italia)
12/09 Perché l’approvazione della riforma del copyright non è un buona notizia (Wired Italia)
12/09 La Comisión Europea quiere que las webs borren los comentarios relacionados con terrorismo en menos de una hora (El Diario)
12/09 União Europeia dá sinal verde para nova lei de direitos autorais que pode arruinar a web (Gizmodo)
12/09 European Parliament Approves Catastrophic Copyright Bill That Threatens the Internet (Gizmodo)
12/09 Here Comes Another EU Law Threatening Google and Facebook With Enormous Fines (Yahoo News)
12/09 Today, the EU will vote on the future of the internet (again) (The Verge)
12/09 Internetbedrijven riskeren miljardenboete bij te laat verwijderen terreurpropaganda (RTL Z)
12/09 EU Government Rejects Internet Rights and Passes Copyright Laws (FreezeNet)
12/09 Google: Nytt direktiv kan strypa de kreativa (Svenska Dagbladet)
13/09 https://www.gizmodo.com.au/2018/09/european-parliament-approves-catastrophic-copyright-bill-that-threatens-the-internet/ (Gizmodo)
13/09 Il Parlamento europeo minaccia Internet con una catastrofica legge sul copyright (Il Corriere Nazionale)
13/09 New Copyright Powers, New “Terrorist Content” Regulations: A Grim Day For Digital Rights in Europe (IT Security News)
13/09 EU Introduces New Law Forcing Tech Firms to Censor Unwanted Speech in 24 Hours (Breibart)
13/09 Ξετυλίγοντας το κουβάρι: Μεταρρύθμιση στο Δίκαιο της Πνευματικής Ιδιοκτησίας (The Press project)
13/09 Title (MaeketWatch)
13/09 EU Copyright Reform Meets Resistance From Stakeholders, Some Governments (ip-watch.org)
13/09 EU Introduces New Law Forcing Tech Firms to Censor Unwanted Speech in 24 Hours (Breitbart)
15/10 Facebook-Datenleck: Drei Fehler, 30 Millionen erbeutete Profile (Netzpolitik.org)
16/09 Security and migration proposals dominate Juncker`s `State of the Union` announcements (NoRacism.net)
17/09 Europe Doubles Down, Now Demands 1 Hour Removal of Terrorism (FreezeNet)
18/09 Ξετυλίγοντας το κουβάρι: Μεταρρύθμιση στο Δίκαιο της Πνευματικής Ιδιοκτησίας (Ipyxida)


01/10 Tu DNI electrónico por fin servirá de algo en la Unión Europea, aunque surgen dudas sobre la privacidad (Genbeta)
03/10 Öffentliches Geld? Öffentliches Gut! (Netzpolitik)
05/10 Los trabajadores tendrán desconexión digital en 2019 (ibercampus.es)
06/10 YouTube chief warns EU Copyright Directive could ‘undermine’ the creative economy (IPP Pro)
12/10 > The European Commission’s E-evidence Proposal: Toward an EU-wide Obligation for Service Providers to Cooperate with Law Enforcement? (European Law Blog)
15/10 Wie Europa den Schutz gegen Tracking im Netz aufs Abstellgleis manövriert (netzpolitik.org)
19/10 Civil society warns Commission about a binding solution to online misinformation (Agence Europe)
25/10 The EU call it copyright, but it is massive Internet censorship and must be stopped (Open Democracy)
30/10 Nicht nur die üblichen Verdächtigen: Breites Bündnis fordert von Altmaier Einsatz für Anti-Tracking-Gesetz [Update] (netzpolitik.org)


01/11 European NGOs Launch GDPR Campaign (Michigan Standard)
13/11 EU DPAs Receive Thousands of Complaints Under the GDPR (Lexology)
14/11 Censure antiterroriste : Macron se soumet aux géants du Web pour instaurer une surveillance généralisée (ewb.one)
16/11 RGPD: l’autorité belge de protection des données a du mal à tenir le rythme (Le Soir)
22/11#SaveYourInternet : l’Union Européenne va-t-elle tuer la création artistique sur le web ? (Moustique)
23/11Is The Internet Under Threat? Interview With #SaveYourInternet Member On EU’s Copyright Directive (Forbes)


05/12 E-Evidence: A threat to people’s fundamental rights? (Euractiv)
05/12 Alertan de que Europa frena su propuesta de privacidad ‘online’ mientras avanza hacia un mayor control policial de las redes (Publico)
06/12 EU-Staaten stimmen für Upload-Filter im Kampf gegen Terrorpropaganda (Heise Online)
06/12 Civil society invites Council to review its copy of proposal for a Regulation on electronic evidence (Agence Europe)
07/12 Los Estados paralizan el plan de la UE para vetar las cookies abusivas y blindar los metadatos (El diario)
07/12 e-Evidence: EU-Staaten beschließen umstrittenen Entwurf zu elektronischen Beweismitteln (Netzpolitik)
12/12 Alerta por el JEFTA, el controvertido tratado entre la UE y Japón aprobado este miércoles (Cuarto Poder)
14/12 The UN airs ‘serious concerns’ about an EU bid to control ‘terrorist content’ online (The Canary)
17/12 French privacy watchdog tells Whatsapp to stop sharing data with Facebook (RFI)
19/12 E-Privacy: Österreich legte neue EU-Datenschutzregeln auf Eis (Der Standard)
20/12 Europe and USA Face Off on Data Protection Rules (Courthouse News Service)
22/12 What does the repeal of net neutrality mean for development? (Devex)
30/12 Réseaux sociaux, données personnelles, algorithmes… comment inventer un futur numérique plus radieux ? (Le Monde)

EDRi’s Press Review 2017

EDRi’s Press Review 2016

EDRi’s Press Review 2015

EDRi’s Press Review 2014


05 Dec 2018

Civil society calls Council to adopt ePrivacy now


EDRi has joined a letter of 30 representatives from civil society and online industry, to the Ministers in the Telecoms Council, to express the wide support for the ePrivacy Regulation. The letter describes the clear and urgent need to strengthen privacy and security of electronic communications in the online environment, especially in the wake of repeated scandals and practices that undermine citizens’ right to privacy and the trust on online services.

The support from privacy-friendly businesses such as Qwant, Startpage, Startmail, TeamDrive, Tresorit, Tutanota, ValidSoft or WeTransfer show the positive implications that ePrivacy will have for a dynamic and innovative European internet industry. The collaboration between organisations defending citizens’ rights and industry representatives underlines that both EU citizens and privacy-friendly business models have much to gain from a strong ePrivacy Regulation.

EDRi full-heartedly supports the call of the coalition to the Council of Minister’s to finally move the ePrivacy discussion forward, so that a compromise with the European Parliament can be found before the elections in May 2019. If this is achieved, European citizens will benefit from a strong privacy regime and a less intrusive, more dynamic and more innovative EU data economy.

You can find the letter here.

Open letter to EU member states from consumer groups, NGOs and industry representatives in support of the ePrivacy Regulation (03.12.2018)

ePrivacy review: document pool

Council continues limbo dance with the ePrivacy standards (24.10.2018)



07 Nov 2018

NGOs urge Austrian Council Presidency to finalise e-Privacy reform

By Epicenter.works

EDRi member epicenter.works, together with 20 NGOs, is urging the Austrian Presidency of the Council of the European Union to take action towards ensuring the finalisation of the e-Privacy reform. The group, counting the biggest civil society organisations in Austria such as Amnesty International and two labour unions, demands in an open letter sent on 6 November 2018 an end to the apparently never-ending deliberations between the EU member states.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

It is today 666 days since the European Commission launched its proposal. The e-Privacy regulation is an essential aspect for the future of Europe’s digital strategy and a necessity for the protection of modern democracies from ubiquitous surveillance networks. Echoing European citizens rightful demands for protections of their online privacy, the organisations ask the Austrian Presidency to lead the way into a new privacy era by concluding the e-Privacy dossier by 2019.

The letter comes in a context in which a parliamentary inquiry from the Austrian Social Democratic party tries to shed light on the lobby connections of the Austrian government regarding the hampering of secure communications for its citizens. Right now, the Austrian government’s position is closely aligned with the interests of internet giants like Facebook and Google, big telecom companies and the advertisement industry.

The Austrian government has recently fast-tracked negotiations on the controversial e-evidence proposal, which would weaken the rule of law and foster further surveillance of citizens’ online behaviour. This is a stark contrast to the meager effort Austrian representatives put into negotiations around legislative proposals that aim to protect the fundamental right to privacy – a topic missing from the Austrian Council Presidency agenda.

In order to ensure that e-Privacy laws will not be used as excuse for the establishment of new repressive instruments, epicenter.works demands a clear commitment to the prohibition of data retention. Data retention has been found unconstitutional in different European countries, while epicenter.works was plaintiff in the 2014 proceedings of the European Court of Justice (ECJ) annulling the data retention directive. A circumvention of the ECJ’s ban through the e-Privacy regulation could expose EU citizens to indiscriminate mass-surveillance and severely undermine trust in EU institutions.

Open Letter sent to Austrian Government (in German only, 06.11.2018)

Parliamentary inquiry from the Austrian Social Democratic Party (in German only, 29.10.2018)

Council continues limbo dance with the ePrivacy standards (24.10.2018)

ePrivacy: Public benefit or private surveillance? (24.10.2018)

ECJ: Data retention directive contravenes European law (09.04.2014)

(Contribution by Thomas Lohninger, EDRi member epicenter.works)



24 Oct 2018

Council continues limbo dance with the ePrivacy standards

By Yannic Blaschke

It’s been six-hundred-fifty-two days since the European Commission launched its proposal for an ePrivacy Regulation. The European Parliament took a strong stance towards the proposal when it adopted its position a year ago, but the Council of the European Union is still only taking baby steps towards finding its position.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

In their latest proposal, the Austrian Presidency of the Council continues, unfortunately, the trend of presenting the Council with suggestions that lower privacy protections that were proposed by the Commission and strengthened by the Parliament. In the latest working document that was published on 19 October 2018, it becomes apparent that we are far from having reached the bottom of what the Council sees as acceptable in treating our personal data as a commodity.

Probably the gravest change of the text is to allow the storing of tracking technologies on the individual’s computer without consent for websites that partly or wholly finance themselves through advertisement, provided they have informed the user of the existence and use of such processing and the user “has accepted this use” (Recital 21). The “acceptance” of such identifiers by the user as suggested is far from being the informed consent that the General Data Protection Regulation (GDPR) established as a standard in the EU. The Austrian Presidency text will put cookies which are necessary for a regular use (such as language preferences and contents of a shopping basket) on the same level as the very invasive tracking technologies which are being pushed by the Google/Facebook duopoly in the current commercial surveillance framework. This opens the Pandora’s box for more and more sharing, merging and reselling citizen’s data in huge online commercial surveillance networks, and micro-targeting them with commercial and political manipulation, without the knowledge of the person whose private information is being shared to a large number of unknown third parties.

One of the great added values of the ePrivacy Regulation (which was originally intended to enter into force at the same point in time as the GDPR) is that it’s supposed to raise the bar for companies and other actors who want to track citizens’ behaviour on the internet by placing tracking technologies on the users’ computers. Currently, such an accumulation of potentially highly sensitive data about an individual mostly happens without real knowledge of individuals, often through coerced (not freely given) consent, and the data is shared and resold extensively within opaque advertising networks and data-broker services. In a strong and future-proof ePrivacy Regulation, the collection and processing of such behavioural data thus needs to be tightly regulated and must be based on an informed consent of the individual – an approach that becomes now more and more jeopardised as the Council seems to become increasingly favourable to tracking technologies.

The detrimental change of Recital 21 is only one of the bad ideas through which the Austrian Presidency seeks to strike a consensus: In addition, there is for instance the undermining of the protection of “compatible further processing” (which is itself already a bad idea introduced by the Council) in Article 6 2aa (c), or the watering down of the requirements for regulatory authorities in Article 18, which causes significant friction with the GDPR. With one disappointing “compromise” after another, the ePrivacy Regulation becomes increasingly endangered of falling short on its ambition to end unwanted stalking of individuals on the internet.

EDRi will continue to observe the developments of the legislation closely and calls everyone in favour of a solid EU privacy regime that protects citizens’ rights and competition to voice their demands to their member states.

Five Reasons to be concerned about the Council ePrivacy draft (26.09.2018)

EU Council considers undermining ePrivacy (25.07.2018)

Your ePrivacy is nobody else’s business (30.05.2018)

e-Privacy revision: Document pool (10.01.2017)

(Contribution by Yannic Blaschke, EDRi intern)



24 Oct 2018

ePrivacy: Public benefit or private surveillance?

By Yannic Blaschke

92 weeks after the proposal was published, the EU is still waiting for an ePrivacy Regulation. The Regulation is supposed to replace the current ePrivacy Directive, aligning it with the General Data Protection Regulation (GDPR).

While the GDPR regulates the ways in which personal data is processed in general, the ePrivacy Regulation specifically regulates the protection of privacy and confidentiality of electronic communications. The data in question not only includes the content and the “metadata” (data on when, where and to whom a person communicated) of communications, but also other identifiers such as “cookies” that are stored on users’ computers. To make the legislation fit for its purpose in regard to technological developments, the European Commission (EC) proposal addresses some of the major changes in communications of the last decade, including the use of so-called “over the top” services, such as WhatsApp and Viber.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

The Regulation is currently facing heavy resistance from certain sectors of the publishing and behavioural advertising industry. After an improved text was adopted by the European Parliament (EP), it is now being delayed at the Council of the European Union level, where EU Member States are negotiating the text.

One of the major obstacles in the negotiations is the question to what extent providers such as telecommunication companies can use metadata for other purposes than the original service. Some private companies – the same ones that questioned the need of consent from users in the GDPR – now re-wrapped their argument saying that an “overreliance” on consent would substantially hamper future technologies. Over-reliance on anything is not good, by definition, as is under-reliance, but such sophistry is a mainstay of lobby language.

However, this lobby attack omits reference to the fact that compatible further processing would not lead only to benign applications in the public interest: Since the proposal does not limit further processing to statistical or research purposes, it could just as well be used for commercial purposes such as commercial or political manipulation. But even with regard to the potentially more benevolent applications of AI, it should be kept in mind that automated data processing has in some cases shown to be highly detrimental to parts of society, especially vulnerable groups. This should not be ignored when evaluating the safety and privacy of aggregate data. For instance, while using location data for “smart cities” can make sense in some narrowly-defined circumstances when it is used for traffic control or natural disaster management, it gains a much more chilling undertone when it leads for instance to racial discrimination in company delivery services or law enforcement activities. It is easily imaginable that metadata, one of the most revealing and easiest to process forms of personal data, could be used for equally crude or misaligned applications, yielding highly negative outcomes for vulnerable groups. Moreover, where aggregate, pseudonymised data produces adverse outcomes for an individual, not even a rectification or deletion of the person’s data will lead to an improvement, as long as the accumulated data of similar individuals is still available.

Another pitfall of the supposedly private, ostensibly pseudonymised way of processing is that even if individual users are not targeted, companies may need to maintain the metadata of citizens in identifiable form to link existing data sets with new ones. This could essentially lead to a form of voluntary data retention, which might soon attract the interest of public security actors rapaciously seeking new data sources and new powers. If such access was granted, individuals would essentially be identifiable. Even retaining “only” aggregate data for certain societal groups or minorities might often already be enough to spark discriminatory treatment.

Although the Austrian Presidency of the Council of the European Union did include in their most recent draft compromise some noteworthy safeguards for compatible further processing, most notably the necessity to consult the national Supervisory Authority or to conduct a data protection impact assessment, the current proposal does not adequately empower individuals. Given that the interpretation of what is a “compatible” further processing may vary significantly among Member States (which would lead to years of litigation), it should be up to citizens to decide (and for the industry to prove) which forms of metadata processing are safe, fair and beneficial in society.

Five Reasons to be concerned about the Council ePrivacy draft (26.09.2018)

EU Council considers undermining ePrivacy (25.07.2018)

Your ePrivacy is nobody else’s business (30.05.2018)

e-Privacy revision: Document pool (10.01.2017)

(Contribution by Yannic Blaschke, EDRi intern)



26 Sep 2018

Five reasons to be concerned about the Council ePrivacy draft

By IT-Pol

On 19 October 2017, the European Parliament’s LIBE Committee adopted its report on the ePrivacy Regulation. The amendments improve the original proposal by strengthening confidentiality requirements for electronic communication services, and include a ban on tracking walls, legally binding signals for giving or refusing consent to online tracking, and privacy by design requirements for web browsers and apps. Before trilogue negotiations can start, the Council of the European Union (the Member States’ governments) must adopt its “general approach”. The Council Presidency, currently held by Austria, is tasked with securing a compromise among the Member States. This article analyses the most recent draft text from the Austrian Council Presidency 12336/18.

Further processing of electronic communications metadata

The current ePrivacy Directive only allows processing of electronic communications metadata for specific purposes given in the Directive, such as billing. The draft Council ePrivacy text in Article 6(2a) introduces further processing for compatible purposes similar to Article 6(4) of the General Data Protection Regulation (GDPR). This further processing must be based on pseudonymous data, profiling individual users is not allowed, and the Data Protection Authority must be consulted.

Despite these safeguards, this new element represents a huge departure from the current ePrivacy Directive, since the electronic communications service provider will determine what constitutes a compatible purpose. The proposal comes very close to introducing “legitimate interest” loophole as a legal basis for processing sensitive electronic communications metadata. Formally, the further processing must be subject to the original legal basis, but what this means in the ePrivacy context is not entirely clear, since the main legal basis is a specific provision in the Regulation, such as processing for billing or calculating interconnection payments or maintaining or restoring the security of electronic communications networks.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

An example of further processing could be tracking mobile phone users for “smart city” applications such as traffic planning or monitoring travel patterns of tourists via their mobile phone. Even though the purpose of the processing must be obtaining aggregate information, and not targeting individual users, metadata will still be retained for the individual users in identifiable form in order to link existing data records with new data records (using a persistent pseudonymous identifier). Therefore, it becomes a form of voluntary data retention. The mandatory safeguard of pseudonymisation does not prevent the electronic communications service provider from subsequently identifying individual users if law enforcement authorities obtain a court order for access to retained data on individual users.

Communications data only protected in transit

Whereas the text adopted by the European Parliament specifically amends the Commission proposal to ensure that electronic communications data is protected under the ePrivacy Regulation after it has been received, the Council text clarifies that the protection only applies in transit. After the communication has been received by the end-user, the GDPR applies, which gives the service provider much greater flexibility in processing the electronic communication data for other purposes. For a number of modern electronic communications services, storage of electronic communication data on a central server (instead of on the end-user device) is an integral part of the service. An example is the transition from SMS (messages are stored on the phone) to modern messenger services such as WhatsApp or Facebook Messenger (stored on a central server). This makes it important that the protection under the ePrivacy Regulation applies to electronic communications data after it has been received. The Council text fails to address this urgent need.

Tracking walls

The European Parliament introduced a ban on tracking walls, that is the practice of denying users access to a website unless they consent to processing of personal data via cookies (typically tracking for targeted advertising) that is not necessary for providing the service requested.

The Council text goes in the opposite direction by specifically allowing tracking walls in Recital 20 for websites where the content is provided without a monetary payment if the website visitor is presented with an alternative option without this processing (tracking). This could be a subscription to an online news publication. The net effect of this is that personal data will become a commodity that can be traded for access to online news media or other online services. On the issue of tracking walls and coerced consent, the Council ePrivacy text may actually provide a lower level of protection than Article 7(4) of the GDPR, which specifically seeks to prevent that personal data can become the counter-performance for a contract. This is contrary to the stated aim of the ePrivacy Regulation.

Privacy settings and privacy by design

The Commission proposal requires web browsers to offer the option of preventing third parties from storing information in the browser (terminal equipment) or processing information already stored in the browser. An example of this could be an option to block third party cookies. The Council text proposes to delete Article 10 on privacy settings. The effect of this is that fewer users will become aware of privacy settings that protect them from leaking information about their online behaviour to third parties and that software may be placed on the market that does not even offer the user the possibility of blocking data leakage to third parties.

Data retention

Article 15(1) of the current ePrivacy Directive allows Member States to require data retention in national law. Under the case law of the Court of Justice of the European Union (CJEU) in Digital Rights Ireland (joined cases C-293/12 and C-594/12) and Tele2 (joined cases C-203/15 and C-698/15), this data retention must be targeted rather than general and undifferentiated (blanket data retention). In the Commission proposal for the ePrivacy Regulation, Article 11 on restrictions is very similar to Article 15(1) of the current Directive.

In the Council text, Article 2(2)(aa) excludes activities concerning national security and defence from the scope of the ePrivacy Regulation. This includes processing performed by electronic communications service providers when assisting competent authorities in relation to national security or defence, for example retaining metadata (or even communications content) that would otherwise be erased or not generated in the first place. The effect of this is that data retention for national security purposes would be entirely outside the scope of the ePrivacy Regulation and, potentially, the case law of the CJEU on data retention. This circumvents a key part of the Tele2 ruling where the CJEU notes (para 73) that the protection under the ePrivacy Directive would be deprived of its purpose if certain restrictions on the rights to confidentiality of communication and data protection are excluded from the scope of the Directive.

If data retention (or any other processing) for national security purposes is outside the scope of the ePrivacy Regulation, it is unclear whether such data retention is instead subject to the GDPR, and must satisfy the conditions of GDPR Article 23 (which is very similar to Article 11 of the proposed ePrivacy Regulation), or whether it is completely outside the scope of EU law. The Council text would therefore create substantial legal uncertainty for data retention in Member States’ national law, undoubtedly to the detriment of the fundamental rights of many European citizens.

Proposal for a Regulation concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC – Examination of the Presidency text (20.09.2018)

e-Privacy: What happened and what happens next (29.11.2017)

EU Member States fight to retain data retention in place despite CJEU rulings (02.05.2018)

EU Council considers undermining ePrivacy (25.07.2018)

Civil society letter to WP TELE on the ePrivacy Regulation (24.09.2018)

(Contribution by Jesper Lund, EDRi member IT-Pol, Denmark)