22 Feb 2017

The UK Digital Economy Bill: Threat to free speech and privacy

By Guest author

The Digital Economy Bill is being debated by the House of Lords in the United Kingdom. This is a far-reaching bill that covers a range of digital issues, including better broadband coverage across the UK. However, from the digital rights point of view, there are three main areas of concern.

Age verification:
The bill includes proposals to force porn sites to verify the age of their users with no requirements to protect their privacy. During the debate on 6 February 2017, the UK government said no privacy safeguards were necessary. In order to force foreign websites to comply with the proposals, the government has proposed that a regulator could instruct Internet Service Providers (ISPs) to block websites that fail to provide age verification. This could mean that thousands of websites containing legal content could be censored. These proposals have implications for privacy and free speech rights in the UK and EDRi member Open Rights Group (ORG) is campaigning to amend the bill.

Data sharing:
There are worrying proposals to make it easier to share data not only across government departments, but also with private companies. ORG has been involved in government discussions about these measures but the concerns raised have not been addressed in the bill. The main concerns are that the bill lacks sufficient privacy safeguards, ministers have too much power without scrutiny, data on births, deaths, and marriages can be shared without any restrictions other than those found in pieces of other legislation, and the codes of practice are not legally binding.

There are proposals to increase the maximum prison sentences for online copyright infringement to ten years – to bring it in line with offline infringement. ORG is concerned that the definition of the infringement is too broad and will catch large numbers of internet users. ORG is trying to amend the bill to ensure that such severe sentences are given to only those guilty of serious commercial infringement.

ORG has made a submission explaining the huge threat to free speech and why these proposals should be dropped. They launched a spoof recruitment campaign for Internet Censors to help classify the web for age verification. Over 23 000 people have signed a petition for rejecting the proposals.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

ORG’s submission

Spoof recruitment campaign

Petition about the proposals

(Contribution by Pam Cowburn, EDRi member Open Rights Group, the United Kingdom)



22 Feb 2017

What does your browsing history say about you?

By Guest author

An average internet user visits dozens of websites and hundreds of web pages every day, most of which are kept in the history of our internet browsers. But what if someone took this massive database of visited web pages and cross-referenced them? A joint collaboration of Tactical Tech and SHARE Lab researchers focused on discovering intentions, desires, needs, and preferences of a person based on their browsing history.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Swiss journalist, called Mr J for the purposes of the research, visited the Tactical Tech office in Berlin in June 2015, and provided them with a sample of his web history, upon which this research was based. By analysing large sets of web addresses (so-called Uniform Resource Locators URLs), especially from popular services such as Google Maps, Google Search or YouTube, they were able to create a picture of Mr J’s everyday routine, including his interests and intentions, even apartments he rented via Airbnb while he was travelling abroad. Also, since Facebook has a “real-name policy”, it is quite easy to link a person’s web history to their profile, as well as create a social graph of their Facebook friends and connections, based on the Facebook URLs they visited.

As websites Mr J visits contain a lot of trackers, small bits of data used for collecting behavioural information of users, the experiment also showed which companies extract the most data on Mr J. Google, Facebook and Twitter were unsurprisingly among the companies with the largest number of trackers. It was also interesting to “read” sample web pages Mr J visited like a machine would do it. This is possible with Google’s Cloud Natural Language tool, which is attached to its deep learning platform and can be used to extract information about people, places, events, and much more, mentioned in text documents, news articles or blog posts. It recognised important events, names, and places based on keywords it picked up from web pages.

All these findings lead to the conclusion that if someone, such as private companies, the state, or law enforcement, were to employ these techniques on a large segment of the population and target people’s web history, it would be a frightening introduction to a project of “thought police”, arresting individuals suspected of committing a crime in the future.

SHARE Lab: Browsing Histories – Metadata Explorations

(Contribution by Bojan Perkov, EDRi observer SHARE Foundation, Serbia)



15 Feb 2017

Citizens’ rights undermined by flawed CETA deal


On 15 February 2017, the European Parliament voted in favour of the Comprehensive Economic Trade Agreement (CETA). This concludes the process at the EU level. The EU Member States will now have to ratify the agreement, without having a right to make changes to the text. CETA creates significant risks for citizens’ fundamental rights, especially with regard to privacy and data protection.

CETA raises serious questions to the protection of our online rights and freedoms. These concerns have been sadly ignored. We now turn to the EU Member States to stand up for the interest of their citizens by rejecting CETA.

said Maryant Fernández Pérez, Senior Policy Advisor at European Digital Rights (EDRi).

The Parliament approved the agreement despite EDRi’s and other civil society organisations’ calls to improve the agreement text. We raised concerns about the lack of transparency in the negotiation process, weakened protection of the personal data and privacy of European citizens, the possibility of corporations to challenge government decisions under the so-called Investment Court System, and the inclusion of intellectual property rights (IPR) obligations without focusing on promoting access to knowledge.

Despite not being yet ratified by the EU Member States, CETA is expected to already be provisionally applied as of Spring 2017, with some exceptions, meaning that parts of it will start having a practical impact, for example on data protection. If Member States don’t stand up for citizens’ rights by rejecting the agreement, CETA could become a blueprint for other trade agreements and increase growing public mistrust in trade policy. It is the time to better design trade agreements, in order to maintain a high level of protection for the EU citizens. This is possible only with better transparency and inclusion of public interest organisations.

It is crucial for national and local NGOs to make their arguments heard in the ratification process of CETA in each of the EU Member States.

Read more:

Civil Society Letter asking MEPs to vote against CETA (13.02.2017)

Despite large opposition, CETA limps forward in the European Parliament (24.01.2017)

European and Canadian civil society groups call for rejection of CETA (28.11.2016)

CETA signature ignores Agreement’s flaws (30.10.2016)

CETA puts the protection of our privacy and personal data at risk (05.10.2016)

CETA’s cross-boder data flows will be provisionally applied (07.10.2016)

CETA will undermine EU Charter of Fundamental Rights (04.05.2016)


15 Feb 2017

The time has come to complain about the Terrorism Directive

By Maryant Fernández Pérez

Nearly a year has passed since we told that you’d be now complaining about the Terrorism Directive. On 16 February, Members of the European Parliament (MEPs) will vote on the draft Terrorism Directive. EU policy-makers have meaningfully addressed only very few of the concerns that EDRi and other NGOs have raised since the beginning of the EU legislative process.

We worked hard during the elaboration of the Terrorism Directive at the EU level: we defended digital rights since the very beginning, providing policy-makers with expert input; we joined forces with other digital rights organisations; and raised our voice against key proposals together with NGOs like Amnesty International, Human Rights Watch (HRW), the International Commission of Jurists (ICJ), the Open Society Foundations (OSF), the European Network Against Racism (ENAR) and the Fundamental Rights European Experts (FREE) Group (see our joint statements here and here). As a result of the hard work and numerous exchanges with policy-makers, not everything in the Directive is bad for digital rights.

What’s good?

Unfortunately, not as much as we would like. However, there are still some positives. Several provisions that we had advocated for are part of the final text, for example an assurance, in principle, of being able to express radical, polemic or controversial views. We managed to eliminate mandatory internet “blocking”, and some safeguards were introduced with regard to removing and blocking online content and limiting when the absurdly vague concept of unduly compelling a government can constitute a terrorist offence. We also killed some bad proposals that, for instance, tried to undermine encryption and the use of TOR.

What’s wrong?

From a digital rights perspective, there is a long list of bad elements that the European Commission, EU Member States* and the majority of the MEPs of the European Parliament’s Committee on Civil Liberties (LIBE) have introduced and/or kept in the draft Terrorism Directive, including the following:

To sum up, it took a year and two months to conclude a legislative instrument that endangers the protection of our rights and freedoms. This compares badly with the time that it took the EU to conclude an instrument to protect fundamental rights, such as the General Data Protection Regulation (five years, and two more years until it enters into force). Obvious, depressing, conclusions can be drawn about the priorities that drove different parts of the EU decision-making process in both cases.

Therefore, we urge the European Parliament to vote against this Directive or at least vote in favour of some of the amendments proposed to improve some of the elements listed above.

What can you do?

You can raise awareness and contact your MEPs prior to the debate on 15 February (starting around 3pm CET) and the vote on the Directive on 16 February (around 12pm CET). After the vote, it will be the turn of your Member State to implement the Directive and give meaning to the ambiguous provisions of the Directive. If the Terrorism Directive is adopted, civil society should look closely how their national parliaments will implement it, so it will not lead to abusive provisions. Ultimately, yet again, we will have to rely on the courts to be the guardians of our civil liberties.

If you have any questions, don’t hesitate to contact us!


* The United Kingdom, Denmark and Ireland decided not to be bound by this Directive.

08 Feb 2017

Proposed surveillance package in Austria sparks resistance

By Guest author

The Austrian coalition parties have renegotiated their government programme in January 2017. This new programme contains a so-called “security package” that encompasses the introduction of several new surveillance measures and additional powers for the Austrian security agencies. These changes in the law are to be implemented by June 2017.

However, so far no evaluation of already existing surveillance measures and investigatory powers has been carried out. Furthermore, it is doubtful that the new measures will bring about an increase in security, whereas they will severely limit fundamental right to privacy and dial back on existing data protection measures.

The following measures are outlined in the newly agreed government programme:

Networked CCTV monitoring: The Austrian Minister of the Interior Wolfgang Sobotka has repeatedly demanded “all-encompassing surveillance” of public spaces by linking already deployed CCTV cameras operated by both private and public entities, and even transmitting the footage to investigative authorities in real time. The implementation of this kind of surveillance apparatus would effectively create a true panopticon affecting every citizen. However, in light of the terrorist attack in Nice in mid-July 2016 on a promenade monitored by several surveillance cameras, any preventive effect of the surveillance of public spaces is highly doubtful, even with respect to conventional crimes: The Police Directorate of Vienna has removed 15 out of its 17 CCTV installations during the recent years due to high operating costs and no discernible benefits in combating crime.

Automatic license plate recognition: The government wants to implement a system which would recognise all licence plate numbers and retain details of the movements of all vehicles on Austrian highways. In 2007, the Austrian constitutional court decided in a similar case (Section Control) that surveillance of car drivers is only permitted for a few determined routes and that number plate information can only be retained if the vehicle was driving too fast or is on an official wanted list. The new government programme facilitates an unjustified storage of movements for all vehicles, which is very alarming.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

Government spyware: In 2016 there was a legislative proposal to legalise the use of government spyware on electronic devices of Austrian citizens. Due to massive criticism from a legal and technical perspective, the Austrian Minister of Justice Wolfgang Brandstetter withdrew the proposed law. In 2008 a commission of constitutional experts under Professor Bernd-Christian Funk came to the conclusion that government spyware is not in line with Austrian constitutional law. Nonetheless, the Austrian government has started a third attempt to pass a legal basis for this unconstitutional measure.

Data Retention Directive 2.0: The Austrian data retention law was abolished by the Austrian constitutional court in 2014 due to its unconstitutionality and violation of fundamental rights. The European Court of Justice (CJEU) confirmed this decision in December 2016 by passing an even further reaching verdict against this type of unfounded mass surveillance. Nevertheless, the new government agreement contains plans for a “quick freeze” based retention of telecommunication data. The final legislative text will have to be scrutinised carefully to define if it is in line with recent CJEU rulings.

Registration of prepaid SIM cards: The Austrian government plans to forbid unregistered prepaid SIM cards and thus to eliminate a way of communicating freely and anonymously with family members, help lines, and persons of trust (such as lawyers). Criminals can easily circumvent this by using foreign SIM cards or online messaging services, making the measure ineffective and disproportionate.

“Subversive movements”: It must be possible to criticise the state or institutions. The government wants to establish a criminal offense for the expression of opinions which undermine the authority of the state. This is a crucial development which stands against the fundamental principle of freedom of expression.

Electronic tags for non-convicted “endangerers”: Another critical demand in the security package is the introduction of electronic tags – a surveillance device locked to an individual’s body – for “endangerers”. But the term “endangerer” (“Gefährder”) is legally not defined and the federal government calls such a person a potential disturber and refers to an “abstract endangering situation” (“abstrakte Gefährdungslage”). So far, electronic tags have been used only for convicted perpetrators or in cases of strong suspicion. This extended use of electronic tags is highly problematic as it violates the principle of presumption of innocence. Similar discussions are ongoing in Germany.

Resistance has been mounting over the proposed extension of surveillance measures in Austria. EDRi observer, epicenter.works and other fundamental rights NGOs in Austria are working to mobilise the population to stop the unprecedented and unfounded surveillance measures in the new government programme to be enacted.

Surveillance package – government plans complete surveillance (only in German)

Surveillance: Cameras are being removed again (only in German, 28.01.2017)

Opportunity and risk of state spyware (only in German, 26.04.2016)

German “Bundestrojaner” – The dismantling of state spy software (only in German)


(Contribution by EDRi observer epicenter.works, Austria)



25 Jan 2017

#PrivacyCamp17: Controlling data, controlling machines

By Heini Järvinen

Accountability, transparency and profiling were the buzzwords of the fifth annual Privacy Camp, which took place on 24 January in Brussels. The camp, this year entitled “Controlling data, controlling machines: dangers and solutions”, brought together civil society, policy-makers and academia to discuss the problems for human rights in the digital environment. The event is organised every year before the Computers, Privacy & Data Protection (CPDP) conference, and it’s co-organised by EDRi, Privacy Salon, Université Saint-Louis (USL-B) and the interdisciplinary Research Group on Law Science Technology & Society of the Vrije Universiteit Brussel (VUB-LSTS).

Who controls your data? Who controls the machines? Who is to be held responsible for the security of our data, and how can civil society make sure the message gets through? These questions were at the very centre of the debates surrounding the pending adoption of important EU-wide legislation, such as the review of the e-Privacy Directive, the smart borders package, the draft Regulation on dual-use goods, and the latest filtering proposals in the draft copyright Directive.

The first panels of the morning were “Community Building Workshop: Societal Impacts of Big Data and the Role of Civil Society”, which discussed how civil society can engage in the policy debates on Big Data, and “Owning the Web Together: Peer Production and Sharing”, which pondered on whether it’s possible to create online platforms based on genuine practices of sharing, with different ownership models and fair working conditions, or if the commons-based decentralised digital platforms are a utopian dream.

The next panel “Instant Big Data Targeting: Programmatic Ad Tech & Beyond” explained to the participants the structure of programmatic advertising, and discussed how personal data is treated and for what purposes. Simultaneously, the panel “The Internet of Things, Security and Privacy” discussed the possible effects of the Internet of Things (IoT) to the future of surveillance, and the solutions to legislative approaches and security education.

The afternoon panel on “Surveillance Tech Export and Human Rights Law” shed light on the proposed overhaul of the EU’s export controls for so-called “dual-use items” that can be used to violate fundamental human rights such as the right to privacy and the protection of personal data. The panellists discussed how human rights law could be used to hold the companies and states accountable.

The Lightning Talks presented a number of interesting projects and point-of-views related to online privacy. For example, Alexander Czadilek and Christof Tschohl from EDRi observer Epicenter.works introduced their new Handbook for the Evaluation of Anti-Terrorism legislation (HEAT), and Katarzyna Szymielewicz from EDRi member Panoptykon presented some ideas on how a strong implementation of the General Data Protection Regulation (GDPR) could be ensured in the EU Member States. EDRi presented the guide to Digital Defenders, a booklet to teach kids privacy that was published in October 2016 and proved to be a huge success.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

The day of fruitful debates was wrapped up with a bit of fun. An interactive quiz tested the participants’ level of knowledge regarding surveillance. We came reassured that our community excels at mapping surveillance, definitely watches too much TV (but only educative contents, of course!), can separate fact from fiction, reads the news, and surely knows their classics of surveillance related literature.

Privacy Camp

Privacy Camp: Programme

Video: How long it takes to read the terms and condition for the use of a fitness tracker and how far you could run while reading them? (Finn Mystrand in the panel “The Internet of Things, Security and Privacy”)

Video: Teaser: Information. What are they looking at? (Theresia Reinhold during the “Lightning Talks”)



11 Jan 2017

ENDitorial: Happiness – owning nothing and having no privacy?

By Joe McNamee

In November 2016, Danish social-liberal parliamentarian Ida Auken wrote a chilling, dystopian article that was published on the website of the World Economic Forum. It looked forward to a hypothetical society in the year 2030, where nobody owned anything, not even their own personal space, not their own secrets, not their own life. In an addendum to the piece, Ms Auken explained that some had portrayed this as a “utopia or dream of the future” which was not, she explained, her stance.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

An unseen hand would own everything and everything would be communal. The unseen hand would be benevolent. Those that had absolute power and absolute control in a society where individuals had no privacy and no assets (and, consequently, no ability to challenge power, to control or to hold power accountable) would somehow have willingly given away their power and replaced it with a benevolent dictatorship.

Nobody would have the responsibility to do the hard work of industrial production, but it would somehow still be done. Artificial intelligence, owned, developed and maintained either by no-one or by the all-seeing benevolent dictator, would be able to do your shopping. It would know your preferences better than you, so why would you do it yourself?

In this utopia/dystopia, Ms Auken imagines individuals being disturbed by the lack of privacy and hopes that nobody will use it against them. Of course, as mentioned, she envisages that artificial intelligence would know individuals better than they know themselves. As a result, artificial intelligence will be aware of their concerns and one imagines that those individuals’ filter bubbles would be adapted accordingly, in order to assuage their fears.

The luddites, the ones who would want a society based on the freedom to evolve, to challenge and to question without the “sharing economy” disenfranchising, disappropriating and commodifying them, would live outside the city. City dwellers would worry for the welfare of these self-sufficient societies, living with privacy in an adaptable and changeable society.

Ms Auken explains she wrote the post as a means of starting a debate because (hopefully in a less extreme variety), the issues she raises are already on the horizon. Her rather provocative piece is, therefore, an important spur for some much-needed debate.

Her post raises questions such as…

  • If knowledge is power and the vast unbalance between the knowledge of the surveillance economy and the knowledge of citizens continues to grow, can that power be held accountable?
  • Can a society evolve in such circumstances?
  • Can democracy exist when monopolies of that surveillance economy are (now, already) being asked to monitor and filter our communications, building on their existing, profitable, filter bubbles?

Welcome to 2030. I own nothing, have no privacy, and life has never been better (11.11.2016)

(Contribution by Joe McNamee, EDRi)



11 Jan 2017

Snowden: Surveillance is about control

By Guest author

In December 2016, the 33rd edition of the world’s longest-running annual hacker conference Chaos Communication Congress, organised by EDRi member Chaos Computer Club (CCC), took place. It featured many insightful lectures and workshops on issues related to security, cryptography, privacy and freedom of speech. When it comes to surveillance issues, a live appearance from Edward Snowden stole the show.

The surprise appearance happened during a talk on the political reactions to mass surveillance in Germany. Speakers Anna and Andre Meister pointed out that, although Germany is the only country organising a parliamentary inquiry committee investigating the Snowden revelations, they are missing the input of the number one witness, Edward Snowden himself. That is when Snowden appeared on the screen and addressed the audience in a live video stream.

Snowden’s intervention was especially informative in the sense of current surveillance and security debates, including the EU Directive on Combating Terrorism. EDRi has criticised the Directive extensively and pushed for a human rights agenda together with other organisations in order to prevent abuses of freedom of expression and privacy.

As Snowden pointed out, we’ve repeatedly seen evidence that mass surveillance is actually not effective in stopping terrorism. And yet despite that, we see more and more political support, not only to continue these programmes, but to expand them, and to fund them to even greater levels. As we see in many of EU countries, there is a trend of giving more power to the intelligence agencies, without the reflection of how their activities affect citizens’ rights.

“It [surveillance] was never about terrorism, because it’s not effective in stopping terrorism. It’s not about security at all, it’s not about safety. It’s about power. Surveillance is about control. It’s about being able to see moments of vulnerability, in any life, whether that person is a criminal or they are an ordinary person,” said Snowden.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

As speaker Andre Meister, EDRi observer, put it, democracy is supposed to be the informed consent of the governed. However, if we are not informed, we cannot really consent to what is happening. Snowden revelations and the inquiry committee in Germany have shown that “spy agencies” function in a way that contradicts the principle of democracy, since they are operating in secret and there’s often no control over whether they are breaking laws.

Snowden pointed out the new harsh surveillance legislation in China and Russia passed with the argument of “just keeping up with the Western world”. He expressed his concern about our society no longer being worried about human rights – we are only barely concerned with the rights of our co-citizens. However, Snowden reminded the audience, human rights are universal, and regulated by several international rights agreements and treaties.

The fact is that no country is immune to the trend of increasing mass surveillance. Rights are being violated indiscriminately by intelligence agencies, not only in China and Russia, but in the US, Germany, in the UK, in Canada. And as Snowden put it, secret government is necessarily a bad government. In order not to have bad governments, we have to take action. It might seem that Snowden is preaching to the choir, but his appeal to stand for our privacy and the privacy of others still generates much-needed inspiration.

EDRi: Chaos Communication Congress 2016 (06.01.2017)

3 Years After Snowden: Is Germany fighting State Surveillance?

EDRi: European Union Directive on counterterrorism is seriously flawed (30.11.2016)

EDRi: Terrorism Directive: Document pool

(Contribution by Zarja Protner, EDRi intern)



11 Jan 2017

The Republic of Moldova: “Big Brother” Law

By Guest author

In the European Union (EU) the limitation of mass surveillance measures is currently discussed in the context of the European Court of Justice (CJEU) and four EU member states’ constitutional court decisions relating to the laws on retaining traffic data. At the same time, in the Republic of Moldova, a new law on broadening the obligations to retain traffic data, increase digital surveillance and impose internet blocking is being proposed – without a comprehensive analysis of the necessity and proportionality of this excessive interference with the fundamental rights, and claiming these obligations are needed to comply with the international conventions.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

The draft Law no. 161 on Amendments and Supplements to Certain Legislative Acts, also known as the “Big Brother” Law, raises several issues relating to the way these provisions could be applied. It could affect fundamental rights, and, in particular, the right to privacy, without being justified as necessary in a democratic society, in line with the European Convention on Human Rights.

Some of the proposed amendments raise legitimate questions about the need for each particular measure. For instance, the implementation of the proposal to block access to “all IP addresses that host web pages (…) containing information that urge to hatred or ethnic, racial or religious discrimination, to hostility or violence” would lead directly to blocking Facebook, YouTube or Twitter in the country, although this most probably was not what the legislator wanted.

Bogdan Manolea, the Executive Director of the Romanian EDRi member, Association for Technology and Internet (ApTI) in collaboration with the Legal Resources Centre from Moldova (LRCM) prepared recommendations concerning the “Big Brother” Law. The recommendations include:

  • rejection of the proposed articles that would lead to mass surveillance measures (such as those related to data retention);
  • detailed examination of legislation that extends the limitation of fundamental rights, including a study of the impact on human rights based on the case law of the European Court of Human Rights and independent expert analysis;
  • waiving the obligations to “stop“ access to web pages. Blocking of web pages by Internet Service Providers (ISPs) represents an interference with the normal internet traffic between users and websites, which amounts to a violation of freedom of expression and the right to privacy by means of creating a layer of censorship. It is important to understand the difference between:
    • stopping access/blocking – when the content remains on the internet, visible to most users, but hidden for the users from the Republic of Moldova who are subject to blocking; and
    • deletion of content from the internet – when the illegal content cannot be accessed anymore.

You can read the full Opinion on the Draft Law no. 161 on Amendments and Supplements to Certain Legislative Acts (“Big Brother” Law) here http://crjm.org/wp-content/uploads/2016/12/2016-11-Op-Big-Brother-CRJM-Manolea_Eng-fin.pdf (in English) or here http://crjm.org/wp-content/uploads/2016/12/2016-11-Op-Big-Brother-CRJM-Manolea_Ro-fin.pdf (in Romanian).

“Big Brother” Law proposed for public debate (10.10.2016)

Civil Society Organisations Calls for an international expertise of the Draft Law which Extends and Intensifies the Law Enforcement Bodies’ Control over the Digital Space (08.04.2016)

(Contribution by Bogdan Manolea, EDRi member ApTI, Romania)



11 Jan 2017

2017 – another extremely challenging year for digital rights


The agenda of the year 2016 for the protection of digital rights was filled with challenges, and it looks like 2017 is not going to be any easier.

Since the Digital Single Market is one of the priorities of the Maltese presidency of the Council of the European Union, we can expect more policy developments affecting citizens’ rights and freedoms online in 2017. In its work programme, Malta pledges to pursue talks on geoblocking, roaming fees, connectivity, high frequencies and cross-border portability.

While taking advantage of the single market to benefit the economies by scrapping trade barriers and providing European citizens access to services, it is crucial to keep the focus on improving data protection, freedom of expression and defending citizens’ right to privacy.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

What were the crucial policy developments in 2016? What we expect to happen in 2017, and what are our key priorities for the year ahead?

Data protection and privacy

In 2016, the European Parliament adopted the General Data Protection Regulation (GDPR) and the Law Enforcement Data Protection Directive (LEDP), which are set to enter into force in 2018. EDRi welcomed the overall positive outcome of the GDPR, but regrets that the initial high expectations were not realised. The Commission adopted the Privacy Shield adequacy decision that has already been challenged in front of the Court of Justice of the European Union (CJEU) and rejected by the European Parliament. The EU/US Umbrella Agreement, which was judged to be incompatible with EU law by the European Parliament’s legal service, was also approved.

As for 2017, e-Privacy will be one of EDRi’s main priorities. On 10 January, the European Commission published its proposal for the e-Privacy Regulation. This legislation is crucial to provide clear rules on tracking individuals as they surf the web, and freedom of communication more generally. To promote trust, privacy and innovation, the proposal needs significant improvement.


In 2017, we will provide input on discussions around cross-border access to evidence and the protection of encryption. We will also provide input on discussions around the Council of Europe’s Budapest Convention on Cybercrime, also with a particular interest in the hot topic of “access to evidence”. Weakening of procedural rules for access to communications data by foreign governments would obviously have major implications for privacy and security.

Net neutrality

In 2016, the Body of European Regulators of Electronic Communications (BEREC) published its guidelines on the implementation of European net neutrality rules. Thanks to our hard and persistent work, the guidelines reflect our recommendations quite well.

In 2017 we will keep on campaigning for net neutrality by providing input to discussions around the BEREC regulation, and monitoring the Telecoms Package review. In December, we reported on the success of one of our Austrian members in ensuring the effective implementation of the new rules.


The current European copyright system is broken and must be changed. The European Commission has set in its agenda reforming copyright as one of the foundations to build the Digital Single Market. In 2016, the Commission issued a highly criticised draft legislation. The proposed Copyright Directive could not conceivably be worse, even including a proposal for upload filtering, despite the fact that the Court of Justice of the European Union has already rejected this approach.

In 2017, the European Parliament and Council will discuss the new proposal. We will closely follow the discussions and advocate for amendments to improve the parts of the text that can be improved and rejection of the parts that cannot.