26 Apr 2018

LEAK: British EU Commissioner: ID check & prior approval for online posts

By Joe McNamee

In a letter to Commissioner Mariya Gabriel obtained by EDRi1, the British European Commissioner, Sir Julian King, makes it clear that, not alone does he no longer find it acceptable that people should be able to communicate online without prior approval, he also objects to people communicating without being identified. Commissioner King is pushing the European Union towards an internet where freedom of expression is strangled by filtering and ID checks.


For the past year, Commissioner King and his services have been strongly pushing for “upload filtering (pdf)” – the automatic approval of all uploads in all formats before they are put online. The aim is to ensure that nothing that was previously removed on the basis of the law, or the arbitrary terms of service of an internet company, or that is or has been assessed as being unwelcome or illegal by a guess made by an artificial intelligence programme can be uploaded or re-uploaded to the internet. If the European Commission succeeds in getting this principle accepted by the European Parliament in the Copyright Directive (vote is scheduled for 20-21 June 2018), it plans to rush out new legislation to cover other forms of content within weeks. It seems that some Members of the European Parliament (MEPs) are already being lobbied to push for this.

Paradoxically, while the European Commission uses populist demands about “all parties” making “more efforts and faster progress” on removing “illegal” content, the Commission itself has no idea how many items of allegedly illegal content that were flagged by the EU police cooperation agency Europol led to an investigation or a prosecution – clearly showing a lack of a serious, diligent approach “from all sides”. “From all sides, except ours” might be more accurate.

ID Checks

Now, acting on his own initiative, Commissioner King has decided that “voluntary” identification (by companies that are eager to collect as much data about us as possible) is the next battle – this time in the fight against “online disinformation” (whatever that may mean) and to fight against abuse of data (collecting data as a way of avoiding collected data from being abused). Facebook’s “real-name policy” has previously caused demonstrable harm to vulnerable and marginalised groups.

In the letter, King proposes multiple ways of achieving this control – such as through the WHOIS database of domain name owners, through surveillance of IPv6 internet protocol numbers (the European Court of Human Rights ruled this week (pdf) that a court order is needed to gain access to IP address data), “verified pseudonymity”, and “other identification mechanisms”.

UK perspective

Coincidentally or not, the British Conservative government, which appointed Commissioner King, last week launched an attack on social media companies for not properly verifying the ages of children. Social media companies, which profit from exploitation of our data, are unlikely to be very unhappy about government pressure to gather still more personal data.

When not fighting “fake news”, the government that appointed Commissioner King allegedly spent more than one million pounds on negative Facebook adverts attacking the leader of the main UK opposition party during the 2017 general election. This is highly unlikely to be the kind of activity that Commissioner King is referring to when he talks about plans to “further limit the possibilities for using mined personal information for certain specific purposes, in particular political ones”.

EDRi will keep working to ensure that EU policy-makers respect the Charter of Fundamental Rights of the European Union when proposing any legislative or non-legislative action to privatise law enforcement functions.

1 While we know that the Financial Times, (paywalled) if not others, have obtained a copy of this letter, we are not aware of it having been made public before today.


24 Apr 2018

ePrivacy: Civil society letter calls to ensure privacy and reject data retention


On 23 April 2017, EDRi, together with other civil society organisations, sent a follow up to our previous open letter to the permanent representations of EU Member States in Brussels. The letter highlighted the importance of the ongoing reform of Europe’s ePrivacy legislation for strengthening individuals’ rights to privacy and freedom of expression and for rebuilding trust in online services, in particular in the light of the revelations of the Cambridge Analytica scandal.

Open letter to European member states on the ePrivacy reform

23 April 2018

Dear Minister,
Dear Member of the WP TELE,

We, the undersigned organisations, support the ongoing and much-needed efforts to reform Europe’s ePrivacy legislation. As we mentioned in our recent open letter, the reform is essential in order to strengthen individuals’ rights to privacy and freedom of expression across the EU and to rebuild trust in online services, in particular given the revelations of the Cambridge Analytica scandal.1

Despite the urgent need to protect the confidentiality of communications, we are aware of the political difficulties that were met during debates in Council and at Working Party level, specifically regarding Article 11 of the proposed ePrivacy Regulation.

Given these difficulties and following the recent publication of the full document WK 11127/2017,2 we would like to highlight a number of legal points that may help move the discussion forward:

– The Court of Justice of the European Union (CJEU) clarified, in two different judgements (Digital Rights Ireland – joined cases 293/12 and 594/12 and Tele2-Watson, joined cases C-203/15 and C-698/15), that mandatory bulk retention of communications data breaches the Charter of Fundamental rights. Any attempt to subvert CJEU case law by adding “clarity to the legal context” without a legal basis that respects the Charter is a direct attack on the most basic foundations of the European Union and should be dismissed. In fact, the current legal framework (the e-Privacy Directive, Directive 2002/58) provides legal clarity since mandatory retention of metadata for the purpose of prevention, investigation, detection or prosecution of criminal offences, as well as access to retained metadata for this purpose, is regulated in its Article 15(1).

– A Regulation aimed at protecting personal data and confidentiality of electronic communications would be deprived of its purpose if certain types of processing (“processing for law enforcement purposes”) are completely excluded from its scope. This was also noted by the Court of Justice in paragraph 73 of the Tele2-Watson judgment. Furthermore, such processing requires specific safeguards defined by the Court and must be necessary and proportionate.

– Finally, we have also noted certain attempts by a number of delegations to introduce a minimum storage period (of 6 months) for all categories of data processed under Article 6(2)(b). If approved, this would impose indiscriminate retention of personal data in a way that has already been ruled as unlawful by the Court of Justice of the European Union in Tele2/Watson. If Article 6(2)(b) establishes a legal basis for processing communications data in order to maintain or restore security of electronic communications networks and services, or to detect errors, attacks and abuse of these networks/services, the processing should still be limited to the duration necessary for this purpose. On top of this, the general principles of GDPR Article 5 should apply, e.g. storage limitation in Article 5(1)(e). If the technical purpose can be achieved with anonymised data, this is no justification for processing data for identified or identifiable end-users. Setting a minimum mandatory retention period for communications data processed under Article 6(2)(b) will mean weakening the level of protection guaranteed under the GDPR, which is not only unacceptable but also contradictory to the concept of lex specialis.

We are aware of the political difficulties raised in Council around the issue of data retention, however the clarity provided by the CJEU in two landmark rulings on that matter can not and must not simply be ignored. We strongly encourage you to keep in mind all of the legal points above in the ongoing debates. We count on the Council to swiftly conclude a general approach on the ePrivacy Regulation, which should include a legally sound Article 11 rooted in respect for the EU Charter and the CJEU case law, to provide law enforcement authorities with the legal certainty needed to accomplish their duties.3

Yours faithfully,

European Digital Rights




Privacy International


IT-Political Association of Denmark


https://edri.org/files/eprivacy/20180327-ePrivacy-openletter-final.pdf and https://edri.org/cambridge-analytica-access-to-facebook-messages-a-privacy-violation




03 Apr 2018

Nearly 100 public interest organisations urge Council of Europe to ensure high transparency standards for cybercrime negotiations

By Maryant Fernández Pérez

(This blogpost is also available in French and Spanish)

Today, 3 April 2018 European Digital Rights (EDRi), along with 93 civil society organisations from across the globe, sent a letter to the Secretary General of the Council of Europe, Thorbjørn Jagland. The letter requests transparency and meaningful civil society participation in the Council of Europe’s negotiations of the draft Second Additional Protocol to the Convention on Cybercrime (also known as the “Budapest Convention”) —a new international text that will deal with cross-border access to data by law enforcement authorities. According to the Terms of Reference for the negotiations, it may include ways to improve Mutual Legal Assistance Treaties (MLATs) and allow “direct cooperation” between law enforcement authorities and companies to access people’s “subscriber information”, order “preservation” of data and to make “emergency requests”.

The upcoming Second Additional Protocol is currently being discussed at the Cybercrime Convention Committee (T-CY) of the Council of Europe, a committee that gathers the States Party to the Budapest Convention on Cybercrime and other observer and “ad hoc” countries and organisations. The T-CY aims to finalise the Second Additional Protocol by December 2019. While the Council of Europe has made clear its intention for “close interaction with civil society“, civil society groups are asking to be included throughout the entire process—not just during the Council of Europe’s Octopus Conferences.

Transparency and opportunities for input are needed continuously throughout the process. This ensures that civil society can listen to Member States, and provide targeted advice to the specific discussions taking place. Our opinions can build upon the richness of the discussion among States and experts, a discussion that civil society will miss if we are not invited to participate throughout the process.

— the letter reads

Current negotiations raise “multiple challenges for transparency, participation, inclusion and accountability,” despite the fact that the Council of Europe’s committees are traditionally very inclusive and transparent. We are requesting the T-CY to:

develop a detailed plan for online debriefing sessions after each drafting meeting, both plenary and drafting, and to invite civil society as experts in the meetings, as is customary in all other Council of Europe Committee sessions. With a diligent approach to making all possible documents public and proactively engaging with global civil society, the Council of Europe can both build on its exemplary approach to transparency and ensure that the outcome of this process is of the highest quality and achieves the widest possible support.

In light of the passing of the CLOUD Act in the United States that undermines the rights to privacy and other rights, the forthcoming proposal of the European Union on e-evidence, and other initiatives, it is vitally important that the T-CY listens to and engages with civil society proactively and in a timely manner. Civil society wants to engage in this process to ensure the new protocol will uphold the highest human rights standards.

The letter is available in English, French and Spanish.

The letter was coordinated by European Digital Rights (EDRi) and the Electronic Frontier Foundation (EFF) with the help of IFEX, Asociación por los Derechos Civiles (ADC), Derechos Digitales, and Association for Progressive Communications (APC).


21 Mar 2018

EU Council indecision on ePrivacy is bad for Europe

By Joe McNamee

In 2017, the United States National Telecommunications and Information Administration (NTIA), which is part of the Department of Commerce, warned of the “chill on discourse and economic activity” caused by privacy and security fears. With the recent revelations about Facebook and Cambridge Analytica, and news about even more extensive abuses likely to appear, the damage caused by weak legislation continues to grow.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

While the US is unable to pass privacy legislation that solves this problem, the European Union’s (EU’s) world-leading General Data Protection Regulation (GDPR) enters into force on 25 May 2018. The one piece of the jigsaw that remains to be put in place to is the ePrivacy Regulation. It complements the GDPR by providing clear and specific rules on issues such as tracking of individuals online, tracking of individuals offline (for example by recording the wifi or bluetooth networks to which your phone automatically connects) and the use of communications metadata (such as location data).

The European Commission launched its ePrivacy proposal in January 2017. The legislation needs to be approved by the European Parliament and the EU Member States in the Council of the European Union. The response was a barrage of negative lobbying. Despite this, the European Parliament adopted a strong position in defence of electronic privacy rights in October 2017. However, lobbying by the Google/Facebook online tracking duopoly in national capitals has proven more successful. Today, 435 days since the proposal was launched, the Council appears no closer to protecting European citizens and businesses with clear rules on privacy of communications.

On 7 March 2018, the Bulgarian presidency of the Council published a new discussion paper on the ePrivacy Regulation. This file should be now among the top priorities of the Bulgarian presidency ahead of the implementation of the GDPR in May 2018. However, there is little real progress to report For example and quite amazingly, the document indicates that “some” Member States are still arguing, contradicting rulings of the Court of Justice of the EU, to allow communications companies to use individuals’ metadata without consent.

Once the Council finally prioritises the ePrivacy Regulation and agrees on its “General Approach”, negotiations can finally start with the European Parliament. This would allow a final agreement to be reached, so that European businesses and companies can get the full benefit of a comprehensive privacy and confidentiality regime fit for the 21st century.

Bulgarian discussion paper (07.03.2018) https://www.parlament.gv.at/PAKT/EU/XXVI/EU/01/38/EU_13835/imfname_10792028.pdf

ePrivacy proposal undermined by EU Member States (10.01.2018)

Quick guide on the proposal of an e-Privacy Regulation (09.03.2017)

(Contribution by Joe McNamee, EDRi and Margaux Rundstadler, EDRi intern)



19 Mar 2018

CLOUD Act: Civil society urges US Congress to consider global implications

By Maryant Fernández Pérez

On 19 March 2018, European Digital Rights (EDRi) co-signed a letter with three other civil society organisations, asking the US Congress to ensure that the “Clarifying Lawful Overseas Use of Data Act” (the US “CLOUD Act”) is not attached to the omnibus bill.

If the CLOUD Act is attached to the omnibus bill, it would mean it would be passed without discussion or modification of very problematic provisions that will impact individuals’ rights worldwide. The US legislator would give up its power to the executive branch of government. The CLOUD Act would authorise the US Government to unilaterally issue executive agreements with a “qualifying foreign government”, such as the European Union and/or its Member States, without “following each other’s privacy laws” and without review by Congress. This decision would have global implications that we urge the US Congress to consider:

First, executive decisions of this kind would facilitate law enforcement access to individuals’ data directly from companies. They, however, would seriously weaken and erode privacy and other rights of citizens around the world, including Europeans. For instance, under the CLOUD Act, a US police department could request access to “the contents of a wire or electronic communication and any record or other information” about a European citizen without necessarily following EU privacy laws. If the EU enters into an agreement with the US, European citizens would have to rely on the company subject to the data access request to challenge the order before a US court within 14 days following a complicated “comity” procedure whereby a US court would decide to modify or quash the legal process.

Second, as currently drafted, the US CLOUD Act has no review mechanism in the event of democratic backsliding in a third country. This means that, once a government has entered into an agreement with the US Government, it would be almost impossible for the US to revoke this status. In the letter, we point out US Congress about the procedures that the European Commission initiated against Hungary and Poland and ongoing legal proceedings due to rule of law and human rights violations, including threats to judicial independence and civil society organisations. It would be problematic for the US legislator to allow such agreements to be entered into, particularly without robust mechanisms for withdrawing from them.

Giant tech companies such as Microsoft have been lobbying for the CLOUD Act. However, the bill does not adequately protect individuals’ rights – including those of US persons. In addition, the bill ignores the current, long-established system for dealing with cross-border access to data requests, Mutual Legal Assistance Treaties (MLATs). MLATs are often misrepresented as never being suitable for dealing with electronic evidence. The reality is that significant improvements to MLAT procedures are possible and, indeed some have already been made – as evidenced by the recent major improvements in the efficiency of the US Department of Justice (DoJ). Thanks to the “MLAT Reform” programme, the US DoJ recently reduced the amount of pending cases by a third.

On 19-21 March 2018, the European Commissioner Věra Jourová will be in Washington to discuss the CLOUD Act and cross-border access to data in general. We hope she will raise concerns about the global implications of the CLOUD Act for people around the world.

You can read the letter here.



28 Feb 2018

The European Commission rightly decides to defend citizens’ privacy in trade discussions


On 31 January 2018, the European Commission adopted horizontal clauses on data flows, data protection and privacy in trade deals. On 9 February, these provisions were leaked.

The European Consumer Organisation (BEUC), European Digital Rights (EDRi), and the Transatlantic Consumer Dialogue (TACD) welcome the European Commission’s political decision. The adoption of this position is very positive as it demonstrates that the EU will protect its citizens’ fundamental rights when negotiating free trade deals.

For many years, we have repeatedly requested that data protection and data flows be fully excluded from trade deals. Adequacy decisions are a better instrument to enable data flows. However, not all adequacy decisions are properly negotiated or designed, as the “Privacy Shield” revealed. If the EU must negotiate on data flows as part of trade agreements, the consideration of additional safeguards should be imperative. The EU’s data protection and privacy rules are a model for citizens’ rights in many parts of the world and represent a fundamental pillar of our legal system that responds to the necessity of protecting and promoting EU citizens’ fundamental rights in practice. These rules must never be undermined by a trade agreement. The European Data Protection Supervisor (EDPS) has expressed similar views.

Unfortunately, not all countries around the world protect their citizens’ fundamental rights like we do, and they could therefore challenge our legal acquis via trade deals. Through this political decision, the European Commission ensures that this will never be the case.

As the Commission pointed out in its press release, the proposed data protection and privacy clause is a horizontal and a non-negotiable red line. BEUC, EDRi and TACD appreciate the Commission’s efforts not to negotiate on personal data protection and privacy in trade agreements. We agree with the Commission’s decision to emphasise that the EU data protection framework shall always prevail with regards to cross-border personal data transfers and shall never be challenged through investor-to-state dispute settlement.

In a letter to the European Commission we have asked for clarification regarding the publication of the text and its application in trade agreements.



This move from the Commission shows the EU is building on its General Data Protection Regulation (GDPR) success. It allows other countries to have a regulatory space to adopt adequate safeguards to protect two fundamental rights, the rights to personal data and privacy. As independent research shows, old trade language is not sufficient to ensure the protection of people’s rights. As previously highlighted, modern digital markets need personal data. For example, a consumer’s personal data usually needs to be processed to conclude an online purchase. Citizens should not need to care about territorial borders It is crucial that trade deals do not undermine fundamental rights to privacy and personal data protection, and ultimately, trust in the online economy.

BEUC-EDRi letter to Commissioner Malmström on Data flows in trade (15.12.2017)

EDPS Statement: Less is sometimes more (18.12.2017)

Study “Trade and privacy – Difficult bedfellows? How to achieve data protection-proof free trade agreements” (13.07.2016)

BEUC-EDRi-TACD-CDD Statement: The EU can achieve data protection-proof trade agreements (13.07.2016)


14 Feb 2018

EDRi’s Press Review 2017


During the past year, our work to defend citizens’ rights and freedoms online has gained an impressive visibility – we counted more than two hundred mentions! – in European and international media. Below, you can find our press review 2017.


09/01 Germany’s plan to fight fake news (The Christian Science Monitor)
10/01 Telecoms firms and internet services like WhatsApp face tougher new privacy rules (Euractiv.com)
10/01 Anti-Piracy: Can It Exist Without Censorship? (Digital Music News)
10/01 Public Domain Project Calls on EU to Abandon Piracy Filter Proposals (TorrentFreak)
11/01 Commission leaves the European Parliament with lots of work to do (eubusiness.com)
12/01 Briefing: Regulating privacy in the age of Big Data (New Europe)
14/01 Werbewirtschaft kritisiert EU-Pläne zur E-Privacy-Verordnung (Deutschlandfunk)
17/01 Yahoo! E-mail Scan Allegations May Test EU Data Transfers (Bloomberg Law: Privacy & Data Security)
24/01 CETA clears crucial hurdle in Parliament’s trade committee (Euractiv.com)
26/01 In Moldova, Civil Society Stands Up to ‘Big Brother’ Law (Global Voices)
30/01 Dänemark: Neues Gesetz könnte zu erheblicher Internetzensur führen (netzpolitik.org)


01/02 Türkçe İçeriğiyle Çocuklar İçin Dijital Mahremiyet Kılavuzu (Bigumigu)
01/02 Donald Trump: et maintenant, les données personnelles (Libération)
01/02 Letter on proposal to reform the EU Audiovisual Media Services (AVMS) Directive (Euractiv.com)
08/02 Anti-Whistleblower Provision Buried In Germany’s New Data Retention Law Challenged In The Courts (Techdirt)
13/02 NGOs sign appeal to MEPs to stop CETA (European Public Health Alliance)
13/02 Finissons-en définitivement avec CETA! (Le cercle des libéraux)
15/02 Voller Gummiparagraphen: EU-Anti-Terrorismus-Richtlinie gefährdet Grundrechte (netzpolitik.org)
15/02 MEPs approve EU-Canada trade deal (EurActiv)
16/02 Copyright power matrix (Politico.eu)
16/02 CETA ondermijnt recht op privacy en bescherming van gegevens (DeWereldMorgen.be)
17/02 Il Parlamento Europeo ha allargato il reato di terrorismo – Il Post (Nuova Resistenza)
20/02 Umstrittene europäische Antiterror-Richtlinie verabschiedet (domain-recht)
21/02 Windows 10 privacy settings still worrying European watchdogs (TechCrunch)
21/02 Windows 10 remoteness settings still worrying European watchdogs (Kalen2uTech)
22/02 European Watchdogs: Microsoft Sells User’s Personal Data To Third Parties, Collecting It Thru Windows 10 [REPORT] (University Herald)
23/02 Meet the innovators fighting for your right to privacy online (Wired UK)
28/02 MWC 2017: Wikipedia goes data-free in Iraq (BBC News)
28/02 They’re Your Fingerprints, But Has Someone Hacked A Database To Use That Information? (Huffington Post South Africa)
28/02 Truth Behind Advertising In A Digital Era (iPulse)
02 Joe McNamee “Our Open Web Fellow is helping us bring practical understanding to the political debate.” (Our stories from the Mozilla Network)
02 The 5G policy approach (Pan European Networks: Government – issue 21)


01/03 US surveillance law may see no new protections for foreign targets (CSO Online)
06/03 France Sees Sharp Rise in Blocked and De-Listed Websites (Global Voices Online)
07/03 La UE busca blindar el negocio del copyright con una “máquina de censura” (Público)
07/03 EU Internet Advocates Launch Campaign to Stop Dangerous Copyright Filtering Proposal (EFF)
08/03 “Save The Meme” Campaign Protests EU’s Proposed Piracy Filters (TorrentFreak)
08/03 Privacy Shield : les défenseurs des libertés s’inquiètent (Politis)
08/03 ‘Sin memes no hay democracia’, la nueva campaña contra la reforma de la ley de copyright de la UE (Cadena SER)
16/03 Netizen Report: Azerbaijani Bloggers Targeted with Legal Threats, Spearphishing (Global Voices Online)
27/03 Urheberrechts-Richtlinie: Die EU will Copyright-Verstöße stärker filtern als Terror-Propaganda (netzpolitik.org)
28/03 Constituido el Grupo de Trabajo sobre Derechos Digitales de los Ciudadanos (La Moncloa)
28/03 Rechtsausschuss entschärft Oettingers EU-Leistungsschutzrecht (Telepolis)
28/03 El Minetad crea un grupo experto para adaptar los derechos fundamentales al entorno digital (TICbeat)
29/03 The Future of Free Speech, Trolls, Anonymity and Fake News Online (Pew Research Center’s Internet and American Life Project)
31/03 NAFTA Renegotiation Will Resurrect Failed TPP Proposals (EFF)


06/04 #PrivacyShield: MEPs alarmed by US developments that undermine privacy safeguards #DataProtection (EU Reporter)
13/04 1.477 Änderungsanträge: Im Europaparlament beginnt die heiße Phase der Urheberrechts-Richtlinie (netzpolitik.org)
17/04 Trump’s stance on internet privacy puts U.S.–E.U. pact on thin ice (The Daily Dot)
20/04 El seminari d’estiu de la Unipau analitzarà ‘l’ús del terror com a arma política’ entre el 6 i el 12 de juliol (cugat.cat)
20/04 Associação portuguesa de defesa dos direitos digitais avança (Computerworld Portugal)
21/04 Audiovisuelle Medien: Eine EU-Richtlinie wird Video-Anbieter zwingen, massenhaft legale Videos zu löschen (netzpolitik.org)
21/04 Studie des Europaparlaments: Staatstrojaner bergen erhebliche Risiken für das Grundrecht auf Privatsphäre (netzpolitik.org)
25/04 Meet the ‘Avengers’ of the privacy world: The ‘Digital Defenders’ (IAPP – The Privacy Advisor – International Association of Privacy Professionals)
25/04 Euro-Quote und Werbung: EU-Parlament will Videoportalen strengere Regeln setzen (Heise Newsticker)


10/05 Mit Technik zur Liebe (rbb|24)
10/05 Liebe in Zeiten der Tinderisierung (Wiener Zeitung)
11/05 Microsoft CEO: ‘It’s up to us to help stop dystopian nightmare of Orwell’s 1984’ (International Business Times UK)
11/05 Hakuna Metadata – Warum Metadaten und Browserverläufe mehr über uns verraten als oft vermutet (netzpolitik.org)
16/05 Druck auf Facebook wächst in mehreren Ländern (F.A.Z. PLUS)
18/05 Portabilité des contenus en ligne : première étape vers le marché unique du numérique (CUEJ.info)
18/05 Niederländisches Zero-Rating-Verbot gekippt – Frontalangriff gegen die Netzneutralität (netzpolitik.org)
19/05 Netzneutralität: Niederländisches Gericht kippt Verbot von Zero Rating (Heise Newsticker)
22/05 European Digital Rights – EDRi annual report (Contexte.com)
23/05 Dein Profil aus Twitter-Metadaten: ALTwitter (netzpolitik.org)
23/05 Netzwerkdurchsetzungsgesetz: Bürgerrechtler und Verbände schicken Brandbrief nach Brüssel (iX Magazin)
24/05 EC called on to oppose German hate speech law (Telecompaper (subscription))
25/05 Controversial EU rules could make life trickier for tech groups (Financial Times)
25/05 Controversial EU video rules may cause glitches for US tech giants (Irish Times)
29/05 More han 60 Groups, Companies Urge EU To Step Up Copyright Reform (Intellectual Property Watch)
30/05 Huge Coalition Protests EU Mandatory Piracy Filter Proposals (TorrentFreak)
30/05 ePrivacy: Was die EU dieses Jahr für Privatsphäre und Kommunikationsfreiheit tun kann (netzpolitik.org)
30/05 Pravo na nenavist’: Evrokomissiju prizyvajut za?itit’ svobodu slova ot nemeckogo zakonodatel’stva (RT)
31/05 DIGITAL: Copyright reform only briefly alluded to during Council (Bulletin Quotidien Europe 11798) (Agence Europe)
31/05 Crowdfunding campaign to buy stolen NSA hacking tools from Shadow Brokers (Network World)
31/05 Shadow Brokers : des hackers voulaient se cotiser pour récupérer les outils volés de la NSA (MAJ) (01net.com)


01/06 While EU Copyright Protests Mount, the Proposals Get Even Worse (EFF)
07/06 re:publica 2017 – Digitale Liebe und analoges Risiko (netzpolitik.org)
14/06 Privacy-keen Germans push back against plans to ‘duplicate the US data chaos’ (ZDNet)
21/06 ePrivacy-Debatte: Konservativer EU-Abgeordneter vergleicht seine Kollegen mit iranischem Wächterrat (netzpolitik.org)
23/06 EU pressures firms to tackle online terrorism (EUobserver)
23/06 Wie man ein Imperium der Algorithmen beherrscht (netzpolitik.org)
23/06 Germany wants to fine Facebook over hate speech, raising fears of censorship (The Verge)
24/06 Kritik an Verknüpfung von Raubkopien und Terrorismus (Heise Newsticker)
26/06 Ljubye ograni?enija v messendžerah nedopustimy, s?itaet èkspert EDRi (ria.ru)
26/06 Agujeros en la privacidad de las comunicaciones pueden ser usados por terceros (Diario Digital Nuestro País)
28/06 Europäische Bürgerrechtler kritisieren Netzwerkdurchsetzungsgesetz (netzpolitik.org)
28/06 La justicia europea tumba el envío a Canadá de los datos de pasajeros aéreos (netzpolitik.org)
30/06 Germany passes controversial law to fine Facebook over hate speech (The Verge)
30/06 Mal eben den Rechtsstaat outsourcen (Zeit Online)
30/06 Facebook could now be fined $57m over hate speech (Mashable)
30/06 Germany passes controversial law to fine Facebook over hate speech (CNBC)
30/06 Haatbericht niet op tijd verwijderd? Techbedrijf in Duitsland riskeert boete van 50 miljoen euro (Volkskrant)
30/06 Germany tells social-media companies to erase hate — or face fines up to $57 million (Washington Post)
30/06 German Law Requires Companies To Swiftly Delete ‘Obviously Illegal’ User Content (Tom’s Hardware)


02/07 Facebook, Twitter Could Face Fines of $57 Mln for Failing to Remove Hate Speech (Netralnews)
02/07 Facebook reacts at Germany’s new law over hate speech (TechnoChops)
03/07 Germany Set To Fine Social Media Companies For Not Removing Hate Speech (GC Report)
04/07 Fines to guarantee open internet vary greatly within EU (EUobserver)
06/07 Etyka wed?ug Facebooka (Krytyka Polityczna)
06/07 Germany Passes Law to Fine Social Media Companies that Fail to Remove Hate Speech (Law Street Media)
10/07 Stalemate Continues in Negotiations Over European Copyright Filters (EFF)
12/07 Filtern, Sperren, halbgare Kompromisse: Erste EU-Ausschüsse haben über Urheberrecht abgestimmt (netzpolitik.org)
12/07 Zbli?a si? „podatek od linków” i antypirackie filtrowanie internetu? Unijna reforma zmierza w z?? stron? (Bezprawnik)
13/07 Social media: the Faustian deal (Euronews)
13/07 Intermediaries Could Be Made Liable In EU Copyright Legislation (Intellectual Property Watch)
14/07 Copyright votes in CULT and ITRE: Filtering, blocking & half-baked compromises (EU Business)
18/07 Serious concerns raised about EU Copyright reform (VPN Compare)
18/07 German social media law sparks protest (The Irish Times)
26/07 Top EU court says deal on sharing airline passenger names must be changed (The Irish Times)
26/07 Top EU court says deal on sharing airline passenger names must be changed (The Globe and Mail)
26/07 EU court’s blow to Canada deal marks new hurdle for data laws (Euractiv)
26/07 Top EU court says Canada air passenger data deal must be revised (Reuters)
26/07 EU defends airline data-sharing after court ruling (EU Observer)
26/07 Court grounds EU counterterrorism plan (Politico.eu)
26/07 EuGh-Urteil: Flugpassagierdaten-Abkommen zwischen EU und Kanada illegal (Euractiv)


02/08 e-Privacy Regulation: Good Intentions but a Lot of Work to Do (Foreword to issue 2/17 of the European Data Protection Law Review)
30/08 Joint Statement | Ten Demands for a progressive Trade Policy (European Public Health Alliance)


06/09 EU Presidency Pushing Other Member States for Substantial Internet Surveillance (CircleID)
07/09 European Union Calls For Massive Internet Censorship (The Daily Caller)
08/09 EU pushes for indiscriminate internet surveillance in leaked anti-piracy plan (theinquirer.net)
08/09 Reality check: has Juncker delivered on his promises? (Euronews)
08/09 European Union Considering Intrusive Upload Filter as “Link Tax” Alternative (bleepingcomputer.com)
08/09 POLITICO Brussels Influence: Transparency kick-off (sort of) — Martin ‘No lobbying’ Selmayr — Soil savers (Politico)
08/09 EU anti-piracy plan would introduce internet surveillance and ‘ancillary copyright’, claim campaigners (Computing)
08/09 EU anti-piracy plan calls for Europe-wide ancillary copyright (Kit Guru)
11/09 The importance of Europeans sticking together to achieve a progressive Europe (Open Democracy)
11/09 La multa a Facebook podría haber sido hasta 20 veces mayor en 2018 (Público)
13/09 Kampagne: Öffentliches Geld, Öffentlicher Code (netzpolitik.org)
13/09 EU Copyright Reform Meets Resistance From Stakeholders, Some Governments (Intellectual Property Watch)
13/09 Brief: Software Paid For With Public Money Should Be Open Source, Groups Say (Intellectual Property Watch)
13/09 31 colectivos reclaman una legislación que obligue a las instituciones públicas a utilizar ‘software’ de código abierto (Cuatro)
13/09 Kampagne Public Code: Software für die Verwaltung soll frei sein (Heise Newsticker)
13/09 Nach Wahlsoftware-Debakel. Aktivisten fordern Transparenz bei staatlicher Software (Spiegel Online)
13/09 Freie Software: Wenn der Staat finanziert, dann Open Source (Computer Base)
13/09 PublicCode fordert Freigabe aller öffentlich finanzierten Software (Pro-Linux.de)
13/09 31 Organisationen fordern freie Software in der Verwaltung (golem.de)
13/09 31 colectivos reclaman una legislación que obligue a las instituciones públicas a utilizar ‘software’ de código abierto (La Vanguardia)
18/09 New legal tool on electronic evidence: Council of Europe welcomes civil society opinion (Council of Europe)
18/09 Cross-border access to data: Council of Europe submission (Digital Rights Watch)
19/09 This Is What NGOs Want on E-Evidence From the Council of Europe (Civil Liberties Union for Europe)
19/09 EU Clamping Down On Data Use For Marketing (The NonProfit Times)
19/09 Urheberrechtsreform: Estnische EU-Ratspräsidentschaft wirbt für Upload-Filter (netzpolitik.org)
21/09 The EU Suppressed a 300-Page Study That Found Piracy Doesn’t Harm Sales (Gizmodo)
21/09 EU Buried Its Own $400,000 Study Showing Unauthorized Downloads Have Almost No Effect On Sales (Techdirt)
22/09 EU paid for, then suppressed, study that says piracy doesn’t harm sales (Neowin)
22/09 Piratage : l’UE a caché une étude aux conclusions optimistes (Les Numeriques)
22/09 EU covers up study that reveals piracy doesn’t harm sales (Daily Sabah)
22/09 EU withheld a study that shows piracy doesn’t hurt sales (endgadget)
22/09 The EU found out that piracy doesn’t harm sales and tried to hide it (buzz.ie)
22/09 EC Diagnosed with © ‘Ostrich Syndrome’: Missing Study on Piracy (copybuzz)
22/09 European Union paid for, then suppressed, study that says piracy doesn’t harm sales (Hi-Tech Facts)
22/09 EU Report: Piracy Doesn’t Harm Sales (Hi Tech Beacon)
22/09 The EU Commission couldn’t prove piracy affects sales (Click Lancashire)
22/09 Piracy Doesn’t Harm Sales — EU Report (Newburgh Gazette)
22/09 The EU has suppressed a study that claimed that piracy does not harm sales (The Stopru)
22/09 The EU Suppressed a 300-Page Study That Found Piracy Doesn’t Harm Sales (Gizmodo India)
22/09 EU withheld a study that shows piracy doesn’t hurt sales (Yahoo! Finance)
23/09 EU withheld a study that shows piracy doesn’t hurt sales (Gears of Biz)
25/09 EU held back report that found piracy doesn’t harm music sales (M Magazine)
25/09Studie objednaná EU dokazuje, že mezi pirátstvím a prodejností není souvislost (oTechnice.cz)
25/09 “L’UE a ignoré une étude sur le piratage parce que ses conclusions ne respectaient pas son programme” (Express)
26/09 La Commission Européenne dissimule un rapport qui nie les liens entre piratage et baisse des ventes (Le Soir)
26/09 Kontroverse um Piraterie-Studie der EU-Kommission (Heise Newsticker)
26/09 Net Neutrality Reversal Will Harm Free Speech, International Groups Argue (MediaPost)
26/09 New International Open Letter Warns US Lawmakers over Net Neutrality Rollback (CommonDreams)
26/09 Wat er in het weggemoffelde EU-rapport over cyberpiraterij staat: dit mochten we niet weten (Newsmonkey)
27/09 IGF Austria: Fake-News, Meinungsfreiheit und Sicherheit (Futurezone.at)
28/09 EU wants tech firms to police the internet (EUobserver)
28/09 Commission’s position on tackling illegal content online is contradictory and dangerous for free speech (EUbusiness)
28/09 Illegale Inhalte im Netz: EU-Kommission setzt auf die vermeintliche Wunderwaffe „Upload-Filter“ (netzpolitik.org)
28/09 EU internet policing proposals spark free speech concerns (Deutsche Welle)
29/09 European Commission puts pressure on tech firms to tackle illegal content (Silicon Republic)
29/09 EU Proposes Take Down Stay Down Approach to Combat Online Piracy (TorrentFreak)
29/09 EDRi: Grenzübergreifender Datenaustausch muss mit Grundrechten vereinbar sein (netzpolitik.org)
29/09 European Commission backs takedown-and-stay-down for combating piracy online (Complete Music Update)
29/09 Europe’s digital future on the table at Tallinn summit (rfi.fr)
29/09 Europe’s online piracy crackdown is ‘dangerous for free speech’, activists claim (The Sun)
29/09 European Initiative Says Don’t Curb Objectionable Online Content, U.S. Action Unlikely (Corporate Counsel)
29/09 Europe’s digital future on the table at Tallinn summit (Radio France Internationale)


02/10 EU internet policing proposals spark free speech concerns (DeathRattleSports.com)
02/10 CopyCamp Conference Discusses Fallacies Of EU Copyright Reform Amid Ideas For Copy Change (Intellectual Property Watch)
05/10 LIBE ePrivacy vote delayed; JURI, ITRE and EDPS weigh in (iapp)
05/10 EU fails to protect free speech online, again (Article 19)
11/10 Who’s afraid of… e-Privacy? (IFEX)
16/10 Over 50 Human Rights & Media Freedom NGOs ask EU to Delete Censorship Filter & to Stop © Madness (copybuzz)
16/10 56 Groups Call For Deletion Of Internet Filtering Provision In EU Copyright Proposal (Intellectual Property Watch)
16/10 Civil Society Groups Call for Deletion of Internet Filtering Provision in EU Copyright Proposal (CircleID)
16/10 57 rights groups back anti-Article 13 letter to the European Parliament (Gears of Biz)
16/10 57 rights groups back anti-Article 13 letter to the European Parliament (theinquirer.net)
16/10 Facebook als Hilfs-Sheriff: Kritik an Auslagerung der Rechtsdurchsetzung im Netz (Heise Newsticker)
17/10 Abandon Proactive Copyright Filters, Huge Coalition Tells EU Heavyweights (TorrentFreak)
17/10 Digital rights groups speak out against EU plan to scan online content (Engadget)
17/10 57 Organisationen fordern: Pflicht für Upload-Filter streichen (Initiative Urheberrecht)
17/10 Digital rights groups speak out against EU plan to scan online content (Yahoo! Finance)
18/10 EU encryption plans hope to stave off ‘backdoors’ (Politico.eu)
18/10 EFF wants ‘illegal’ EU copyright reform deleted (World Intellectual Property Review)
18/10 Bruxelles veut aider les États face aux défis du chiffrement (Contexte)
19/10 Now the digital rights groups write to the EU about safe harbour reform (Complete Music Update)
19/10 EU encryption plans hope to stave off ‘backdoors’ (Baltic Review)
19/10 EU justice committee passes amended ePrivacy directive (Telecompaper)
19/10 Hauchdünne Mehrheit für Kompromiss bei ePrivacy-Reform (netzpolitik.org)
19/10 Euro-parliamentarians say a clear “no” to the anti-privacy lobby (EU Business)
19/10 European lawmakers still hearing conflicting demands over safe harbor in Copyright Directive (RAIN News)
20/10 EU MEPs want stronger privacy rules for Internet-enabled communication services (Help Net Security)
21/10 ePrivacy: Die Lobbymacht der Datenindustrie (netzpolitik.org)
24/10 Sechs Gründe, warum die totlangweilig klingende ePrivacy-Verordnung für dich wichtig ist (netzpolitik.org)
25/10 ePrivacy: Morgen entscheidende Abstimmung über Vertraulichkeit der digitalen Kommunikation (netzpolitik.org)
26/10 How Europe fights fake news (Colombia Journalism Review)


10/11 Commission wants to extend law for police data access to the US (EurActive.com)
21/11 Urheberrechts-Richtlinie: Wenig LIBE für Uploadfilter im EU-Parlament (Netzpolitik.org)
28/11 What is net neutrality? (Channel 4 News)
30/11 November 2017 Open Letter on EU © Reform (copybuzz)


10/12 Net Neutrality’s Holes in Europe May Offer Peek at Future in U.S. (The New York Times)
10/12 Net Neutrality’s Holes in Europe May Offer Peek at Future in U.S. (Latest News7)
11/12 Net neutrality, i paladini Usa temono un “pasticcio all’europea” (CorCom)
12/12 Net neutrality’s holes in Europe may offer a peek at the future in America (Pittsburgh Post-Gazette)
13/12 Want cheaper British car insurance? Mind how you shop (Business Insider UK)
18/12 EU-Zensurmaschine bei Urheberrechtsreform: Zurück zu den Fakten! (Netzpolitik.org)
19/12 French privacy watchdog tells Whatsapp to stop sharing data with Facebook (rfi)
19/12 EU chief responsible for combating ‘hate speech’ deletes ‘hate-filled’ Facebook account (Express)
21/12“Let’s not have democracy anymore, let’s have internet companies” (euroscope)
22/12 What does the repeal of net neutrality mean for development? (Devex)

EDRi’s Press Review 2016

EDRi’s Press Review 2015

EDRi’s Press Review 2014


24 Jan 2018

CJEU hate speech case: Should Facebook process more personal data?

By Maren Schmid

Austria’s Supreme Court of Justice has referred a case to the Court of Justice of the European Union (CJEU) regarding hate speech on social media platforms. The referral could have a global impact on Facebook – and ultimately on our privacy and freedom of speech.

----------------------------------------------------------------- Support our work with a one-off-donation! https://edri.org/donate/ -----------------------------------------------------------------

The case goes back to 2016, when the former leader of the Austrian Green party, Eva Glawischnig, filed a lawsuit against Facebook over insulting post written about her, calling her a “corrupt oaf” and “wretched traitor to her people.” In May 2017, a court in Vienna ruled that the postings must be deleted across the platform, not just in Austria, but worldwide. The Austrian Supreme Court has now asked the Court of Justice of the European Union (CJEU) to confirm (a) if the deletion of a posting is only limited to the member state or should be done globally and (b) if Facebook has to delete only the individual post they were informed about, or also similar postings (for example by using an algorithm).

This raises numerous quite fundamental questions. First, the imposition of such a restriction based on automatic filtering appears to be a fairly literal contradiction to the Netlog/Sabam ruling, which opposed prior filtering of all content at the cost of a service provider (albeit dealing with different subject matter – copyright).

Secondly, it requires additional personal data processing from a company that rapaciously exploits user data for commercial purposes. While such cases are generally considered to be a simple balancing exercise between freedom of expression and the right being breached, the issue is more complex. Due to the personal data processing that the automatic filtering would require, the balance is between privacy, freedom of expression and freedom to conduct a business (especially if imposed on all providers subsequently, thereby also restricting competition) on the one hand, and combating hate speech on the other.

Thirdly, the application of the algorithm to “similar” cases requires a balancing judgement on how an (almost by definition) imperfect technology will be implemented by Facebook. This is especially relevant with regards to the last section of paragraph 1.3.8 of the Draft Recommendation of the Council of Europe (pending approval by Ministers in March 2018) on the roles and responsibilities of intermediaries, which points out the imperfection of automatic filtering – particularly as it cannot assess context. This article, for example, quotes the same words as were used against Eva Glawischnig, but are obviously not hate speech in this context.

If the CJEU were to support the view that Facebook should be obliged to filter by algorithm, it would have to configure its systems in a way that minimises its legal risks. To do this it would need to find a balance between the compelling reasons to over-censor and the limited reasons not take a more diligent approach:

Encouraging an error on the side of over-deletion, we have:

  • direct legal liability for failing to respect the order
  • secondary law on hate speech
  • implementation of terms of service, which are less clear and narrower than the law

Encouraging an error on the side of accuracy or under-deletion, we have:

  • customer relations

This would contradict various existing CJEU law on balancing of obligations. This balance of incentives is not conducive to free speech being protected. Support for extra-territorial application seems even more antithetical to the notion of freedom of expression and the rule of law. Restrictions on fundamental rights need to be accessible and predictable – it is challenging to imagine that the CJEU would consider that citizens elsewhere in the EU being subjected to regulation by imperfect Facebook algorithms would meet this criterion. It is puzzling that the Austrian court asked the question.

Fourthly, in the Telekabel case, the CJEU ruled as follows: “Accordingly, in order to prevent the fundamental rights recognised by EU law from precluding the adoption of an injunction such as that at issue in the main proceedings, the national procedural rules must provide a possibility for internet users to assert their rights before the court once the implementing measures taken by the internet service provider are known.” In addition to the fact that such national procedural rules generally do not exist, as shown by experience in Austria implementing that ruling, this safeguard is unenforceable in practice, because the measure will be (by definition) implemented for both illegal content and violations of terms of service.

Fifthly, the application of imperfect algorithms to “similar” and not necessarily illegal content (as well as inevitable extension to terms of service implementation) appears to fall below the standards demanded by the court in relation to the respect of the obligation for restrictions to be “provided for by law”. See, in particular, paragraph 139 of the EU/Canada PNR Opinion: “It should be added that the requirement that any limitation on the exercise of fundamental rights must be provided for by law implies that the legal basis which permits the interference with those rights must itself define the scope of the limitation on the exercise of the right concerned”.

How will the Court balance the rule of law, freedom of expression, privacy, basic principles of international law on predictability and accessibility and freedom to conduct a business with hate speech? Time will tell.

Draft Recommendation of the Committee of Ministers to member states on the roles and responsibilities of internet intermediaries

CJEU Opinion on EU/Canada PNR Opinion

(Contribution by Joe McNamee, EDRi, and Maren Schmid, EDRi intern)



22 Jan 2018

Press release: 6th annual Privacy Camp takes place on 23 January 2018


Tomorrow, on 23 January 2018, Privacy Camp brings together civil society, policy-makers and academia to discuss problems for human rights in the digital environment. In the face of what some have noted as a “shrinking civic space” for collective action, the event provides a platform for experts from across these domains to discuss and develop shared principles to address key challenges for digital rights and freedoms.

Themed “Speech, settings and [in]security by design”, the one-day conference at the Saint-Louis University in Brussels features panel discussions and privacy workshops led by experts in the fields of privacy, surveillance and human rights advocacy. The nonprofit, nonpartisan event draws privacy activists, civil society representatives, public servants and academia of all ages and backgrounds who are interested in improving privacy and security in communications and work towards the respect of human rights in the digital environment.

This year, Privacy Camp also features the “Civil Society Summit” of the European Data Protection Supervisor (EDPS).

Among others, speakers of the Privacy Camp 2018 are Giovanni Buttarelli, Wojciech Wiewiorowski, Fanny Hidvegi, Glyn Moody, Katarzyna Szymielewicz, Juraj Sajfert, Marc Rotenberg. The full programme can be accessed here.


10 Jan 2018

2018: Important consultations for your Digital Rights!


Public consultations are an opportunity to influence the future legislation at an early stage, in the European Union and beyond. They are your opportunity to help to shape a brighter future for digital rights, such as your right to an open internet, a private life, and data protection, or your freedom of opinion and expression.

Below you can find a list of public consultations we find important for digital rights. We will update the list on an ongoing basis, adding our responses and other information that can help you get engaged.

Public consultation for inputs to BEREC Report on Internet of Things Indicators by BEREC.

Feedback on the Commission proposal for a Regulation on preventing the dissemination of terrorist content online.

  • Deadline: 26 November 2018

Public consultation on the data economy by BEREC.

Feedback on the Commission proposal to create a cybersecurity competence network with a European Cybersecurity Research and Competence Centre.

  • Deadline: 12 November 2018

Public consultation on the 2019 draft work programme of the Body of European Regulators for Electronic Communications (BEREC)

Public consultation on the evaluation of the activities of the EU Intellectual Property Office related to enforcement and the European Observatory on Infringements of Intellectual Property Rights (Regulation No 386/2012).

  • Deadline: 2 October 2018

Public consultation on the Proposal for a Regulation on European Production Orders for electronic evidence and a Directive on legal representation.

  • Deadline: 20 July 2018

Public consultation on digital ethics from the European Data Protection Supervisor.

  • Deadline: 15 July 2018

Public consultation on the Proposal for a Directive on EU whistleblower protection.

Public consultation towards a Protocol to the Convention on Cybercrime by the Council of Europe

Public consultation on measures to further improve the effectiveness of the fight against illegal content online.

Public consultation on the proposal for a Directive of the European Parliament and of the Council on the re-use of public sector information/ Data Package III.

  • Deadline: 22 June 2018

Public consultation on the evaluation of the application of Regulation (EU) 2015/2021 and the BEREC Net Neutrality Guidelines by BEREC

Public consultation for inputs to BEREC Work Programme 2019 by BEREC

Feedback on Inception Impact Assessment “Measures to further improve the effectiveness of the fight against illegal content online” by the European Commission

Online consultation Phase II on Internet universality indicators by UNESCO

Public consultation on fake news and online disinformation by the European Commission

Online consultation on ICANN’s compliance with the GDPR by ICANN

Feedback on the 2nd data package or proposal for a Regulation on the Free flow of non-personal data by the European Commission

You can find public consultations of importance to digital rights and EDRi’s responses from previous years here: