In the digital era, copyright should be implemented in a way which benefits creators and society. It should support cultural work and facilitate access to knowledge. Copyright should not be used to lock away cultural goods, damaging rather than benefitting access to our cultural heritage. Copyright should be a catalyst of creation and innovation. In the digital environment, citizens face disproportionate enforcement measures from states, arbitrary privatised enforcement measures from companies and a lack of innovative offers, all of which reinforces the impression of a failed and illegitimate legal framework that undermine the relationship between creators and the society they live in. Copyright needs to be fundamentally reformed to be fit for purpose, predictable for creators, flexible and credible.

04 May 2016

Dutch dragnet surveillance bill leaked

By Guest author

On 29 April, the final text for the Dutch dragnet surveillance bill was leaked. It turns out that Minister of the Dutch Interior Ronald Plasterk is still bent on granting the secret services the power to carry out bulk interception of innocent citizens’ communications.

................................................................. Support our work - make a recurrent donation! .................................................................

How did we get here?

Ever since the law was announced in 2013, one of the main concerns of the debate have been how the dragnet will function, and how extensive it will actually be. Based on the draft that was released for public consultation in September 2015, dragnet surveillance could definitely be in our future. The explanatory memorandum didn’t do much towards clearing things up. The Dutch EDRi member Bits of Freedom wasn’t alone in voicing harsh criticism about what was being proposed.

The dragnet rears its head…

After months of silence, on 20 April, the Netherlands Broadcasting Foundation NOS disclosed a number of examples of how the dragnet will be implemented. The examples taken from a confidential document presented to providers for consideration demonstrate that Plasterk plans to interpret the law in a far broader manner than he said he would. The number of citizens whose communication will be intercepted is overwhelming.

…and escapes through the meshes of the law

On 29 April, the Dutch newspaper Volkskrant leaked the bill for the new Intelligence and Security Services Act. Conclusion: the dragnet is still in place. So what was done with the tidal wave of criticism? As the Dutch government reminds us: “The main points of criticism concerned the following three issues: large dragnet, collaboration with foreign secret services, and proper oversight.” These issues needed addressing. But apparently not that much.

The dragnet

As far as “bulk” or “purpose-oriented” interception is concerned, not much has changed, except the addition of the word “investigation-assignment-oriented” to describe the nature of the interception.

Although no definition of this word is given, the memorandum clearly shows that “investigation-assignment-oriented” can be interpreted just as creatively as “bulk” or “purpose-oriented”. The memorandum hardly, if at all, goes into the type of situations that might be envisaged. It’s not ruled out that the power could for instance be used to identify “prison escapees”, but that’s about as concrete as it gets. It’s deplorable that concrete cases are presented to providers for cost analysis purposes, but are not offered to the Council of State for a proper assessment of the compatibility of such a law – and the manner in which it will be implemented – with European law and the Dutch constitution. What the explanatory memorandum does make very clear, however, is that any limits imposed on the dragnet will have to come from an oversight body after applying the law, not from the government when creating it.

Third party hacking

The government still wants intelligence and security services to be able to hack via a third party. This means that the services are allowed to hack into the device of an innocent citizen in order to hack a target. This, obviously, is totally unforeseeable for the citizen, and creates major security risks for them.

Neither the loud criticism nor the results of the Privacy Impact Assessment (PIA), which was commissioned by the government, have led to the proposed power to be reconsidered. Third party hacking is “essential for an effective implementation of the hacking powers”. Yes, clauses have been added to the draft offered for consultation about the assessment and limitation of the damages to a third party, but this doesn’t resolve the main issue: the damages to a third party resulting from being hacked by the government’s services.

The government acknowledges the fact that, by hacking, vulnerabilities in software will be exploited that can affect a large number of people (for example a vulnerability in an Android-phone will not only affect a suspect, but everyone with the same phone), but concludes that national security outweighs personal security. Of course there is room, but not an obligation, to report the vulnerabilities to “those responsible”. Not an obligation; a possibility.


Oversight will be improved. In the explanatory memorandum, the government states that heightened oversight is needed to match the increased power, but it also states that oversight had to be improved due to its conflicts with European law. The depiction of the situation as presented by the government in the bill and in its press release, is, shamefully, inaccurate.

As regards oversight, the minister has to request permission from an independent committee consisting of (former) judges. The committee’s decision will be binding. However: if in a hurry, permission can be requested afterwards, or while an investigation is in progress. If permission is denied, the hitherto gathered information will have to be destroyed.

What’s striking is that a number of authorities will not have to be sanctioned by the oversight committee, most remarkably the seizing of traffic data. Whereas the Dutch government and European and Dutch courts have stated that the seizure of such records constitutes an infringement substantial enough for a judge to have to rule on it, in the case of this bill the power does not require approval by the independent oversight committee. Especially in light of previous European rulings, this is an untenable situation.

For protected professions, there will be judicial review. Exercising interception powers in cases concerning journalistic sources will be subject to more scrutiny: in these cases the period for which a power is allowed to be exercised is limited.

Exchange with foreign services

Nothing has been done regarding the criticism in the responses to the consultation and in the PIA with regard to the lack of rules surrounding the exchange of data with foreign services. The law imposes no restrictions on the data that is to be transferred. The explanatory memorandum does state that information about, or data from, Dutch citizens can be filtered out. However, the government asserts that this is not an obligation, and sometimes even undesirable.

Dutch dragnet surveillance bill leaked: our analysis (04.05.2016)

(Contribution by Ton Siedsma and Evelyn Austin, EDRi member Bits of Freedom, The Netherlands)



04 May 2016

The lobby-tomy 6: Not in my backyard

By Guest author

Something you’ll hear in policy debates on the environment: windmills are a great idea and obviously good for the environment, but we don’t want them in our backyard. This argument doesn’t just apply to the debate on the environment, but apparently also in the debate on privacy protection. Representatives from industry speak convincingly about what privacy is good for others, but that they would rather not see the rules applied to them.

................................................................. Support our work - make a recurrent donation! .................................................................

The new European data protection regulation is the most lobbied piece of legislation thus far because the subject is very important and touches upon almost every aspect of our daily lives. Therefore EDRi member Bits of Freedom used the Dutch freedom of information act to ask the government to publish all the lobby documents they received on this new law. Bits of Freedom published these documents on their website with their analysis in a series of blogs. What parties lobby? What do they want? What does that mean for you? These nine blogposts are now translated into English for the EDRi-gram. This is part 6.

Everything is great, but…

The lobby letters all share a generally positive tone of voice. Many letters start off with: “we welcome the provisions.” Other parties think the regulation is an important step to further regulate the economy and to increase consumer trust. These sentences are often followed by a “but”, in which case the letter moves onwards to exceptions. The data protection regulation contains numerous exceptions, with the main ones at the end of the text, with the aim of defending research, archiving, journalism, and religion. According to organisations, these exceptions aren’t enough, and therefore they lobbied for more.

Not for our sector!

These new rules are important, but also problematic for the lobbyists for specific sectors. There are many letters from archives that say they are unhappy. In a letter to the Dutch Ministry of Justice, the Cadastre and the Chamber of Commerce say that the new privacy law should take archives and registers better into account. They for example don’t think it would be fair if people could delete their data.

After all, this wasn’t the case in the previous privacy law, they say. According to that law, the right to restrict processing wasn’t applicable to these kinds of registers. Furthermore, the organisations ask the government to critically evaluate the commercial reuse of public sector information, by which they also refer to open data and privacy. This is a relevant question. As they say in their letter, it “runs into a lot of public resistance, based on privacy concerns.”

Medical research

What’s also striking is that many Dutch health research institutions are unhappy with the exceptions for scientific research. The Hartstichting (heart foundation) says “we have our own ethical standards”. In their letter, they explain that they use different methods to obtain consent, and that they employ their own ethical commissions to evaluate data processing.


Judges also want an exception. In a letter of the “European Network of Councils of the Judiciary”, a European body for the national councils of the judiciary, they say that it would be worrisome if there were to be insufficient exceptions for judges. They for example want to prevent that correspondence or emails between judges is accessed as personal data about the person they are discussing.

Housing corporations

According to housing corporations, the proposals “mean quite a lot.” In a letter to the Ministry of Justice, they claim to be sufficiently regulated by “all kinds of policy and legislation” in “more or less fragmented legislation, like for example the cookie law.”

Among other things, they think that they would face an information obligation that would be too extensive under the current proposals. With regards to the right to delete and the right to be forgotten, they say:

Many organisations and in particular housing corporations have complaints mechanisms and complaints commissions. An extension with more complaints opportunities is an unreasonable burden. Also, the right to delete can breach the retention obligation from the proposals.

That’s a bit strange. Because there are already complaints mechanisms, housing corporations want to take away people’s ability to check the accuracy of their data and the ability to remove superfluous information?

Housing corporations have more complaints. They think there are too many burdens, the fines are disproportionate, and they think they should be able to decide how organisations grant access to data. They think there has been little recognition of local interests, and they therefore propose to regulate privacy in a different way: not through one European law, but through a series of obligations that can be translated by Member States themselves in national legislation.

Not for our country!

And the same can be heard from other organisations. “Our country is exceptional, so maybe we should do things differently.” In a letter to the Ministry of Justice, Danske Medier, a large Scandinavian media company, criticises the changes made by the European Parliament:

“Without any discussion – perhaps even by accident – they then wiped away the legal prerequisite for telephone marketing to private households, which is the traditional and most effective way of selling news media in the Nordic countries.”

To them, it’s also about making data available for other organisations:

To a great extent, the high penetration of newspapers and other news media in Norway, Sweden and Denmark is due to the fact that consumers in these countries may be contacted by telephone by certain business sectors, which are fundamental for a viable democracy.

The interesting thing about this is that it means that data processing by third parties should be made easier in the whole of Europe, just to satisfy the requirements of a business model often used by Scandinavian media.

Can’t we fix this ourselves?

CIO, the Dutch ecclesiastical counsel, is not happy with the current way in which the exception for churches is phrased in the text. Dutch churches have their own methods for registration and the administration of data (SILA).

“We recommend you to choose a formulation that delivers more possibilities and autonomy, so that an appropriate form of management and processing of personal data can be formed for the Churches and where the unique SILA system as we know it today is respected in the Netherlands.”

At times justified, but no excuse

At times it can be justified to create exceptions like this. But it is important to stay watchful in cases of self-regulation. Advertisement companies for example also want more self-regulation, as they argue in a letter to the Ministry of Justice. Is that because they have so much confidence in their own ability, or because they want to evade legal obligations?

Ironically, having lobbied for a vast number of exceptions in the EU Regulation, industry groups are now complaining that… you guessed it… there are too many exceptions in the Regulation.

To be continued

Want to continue reading about this? On the Bits of Freedom website, you can find all the lobby documents and the analysis. The next part will be about “privacy schools.”

The lobby-tomy 6: not in my backyard (only in Dutch, 25.11.2015)

Letter by KvK Nederland, Kadaster and RDW to ministry of justice (only in Dutch, 16.04.2012)

Letter by Nederlandse Federatie van Universitair Medische Centra to ministry of justice (26.03.2013)

Letter by European Network of Councils for the Judiciary to ministry of justice (11.12.2013)

Letter by Aedes – Vereniging van woningcorporaties – to ministry of justice (only in Dutch, 01/2013)

Letter by Danske Medier to ministry of justice (23.05.2014)

Letter by CIO to security and justice (only in Dutch, 23.05.2014)

Letter by World Federation of Advertisers and Allegro Group

(Contribution by Floris Kreiken, EDRi member Bits of Freedom, The Netherlands)



04 May 2016

EUIPO publishes final report about ”Youth and Intellectual Property”


On 6 April, the European Union Intellectual Property Office (EUIPO, formerly known as OHIM) published its report on “Youth and IP”, which followed the 2013 study on “European Citizens and Intellectual Property: Perception, Awareness and Behaviour”. The survey tracks citizens’ perception of “intellectual property” (IP) and the relevant drivers of consumer behaviour.

................................................................. Support our work - make a recurrent donation! .................................................................

The study is relevant in light of a planned copyright reform on the European level, which is supposed to replace the current outdated and fragmented regime. The study is based on the views of over 26 500 young Europeans, and examines the perception of young citizens related to “IP”. It analyses the reasons behind infringements. Among other conclusions, the report shows that law-abiding citizens do not just turn into “criminals” when they go online. Unsurprisingly, the incoherence and lack of modernisation of the current copyright regime brings uncertainty of young EU citizens with regard to copyright.

  • 22% of youth did not know if they were using legal or illegal sources to access content.
  • 13% used illegal sources by “accident”, and 24% could not tell the difference between legal and illegal source of digital content.
  • On average, 78% of EU citizens said they always choose affordable legal offers as opposed to illegal offers.
  • 19% of EU citizens wondered whether a site for downloading music or videos was legal, but only 12% tried to check it (42%/26% for those aged 15-24).

Furthermore, the survey sends another message: The gap between “IP” perceptions and behaviour may also find its source in the fact that Europeans feel “IP” mostly benefits businesses and an elite class. Europeans name as the main beneficiaries of “IP”:

  • 43% big businesses and show businesses
  • 37% inventors, 31% creators
  • 20% artists, 16% SMEs
  • 15% politicians

Finally, the report examines the reasons and justifications for the intentional use of unauthorised sources amongst young people. The results range from financial reasons to practicability and the desire to protest against “rich artists”. The report shows that 22% of youngsters feel that downloading from an unauthorised source is acceptable if there is no legal alternative, and 42% think downloading is acceptable when it is for personal use.

If the new legal framework wants to bring an end to this outdated system that is widely perceived as illegitimate, we must rethink which role and purpose copyright should have in our society. Future-oriented legislation must therefore go hand in hand with freedom of expression and information, the right to science, and culture, balanced with a appropriate remuneration for creators. The copyright reform initiated by the European Commission needs to take all of these issues into consideration and go for a broad, ambitious and innovative reform of the EU copyright law, and not only paper over some of the problems.

EUIPO: Full report- Intellectual Property and Youth Scoreboard 2016 (04/2016)

EUIPO: Executive summary – Intellectual Property and Youth Scoreboard 2016 (04/2016)

EDRi: Commission launches consultations on ancillary copyright and panorama (06.04.2016)

EDRi: Copyright reform: Restoring the facade of a decrepit building. (16.12.2015)

(Contribution by Claudius Determann, EDRi trainee)



04 May 2016

Please sue us

By Guest author

Each of the Member States of the European Union is required to incorporate European directives into national legislation. If a Member State does not obey this obligation, the European Commission can sue this country in the Court of Justice of the European Union (CJEU). But what actions can a country take if such directives force it to adopt legislation that contradicts its own constitution? From the European Commission’s perspective, Member States have an opportunity to raise such concerns for a few weeks during the adoption process of a Directive and, if it doesn’t, all subsequent problems are the fault of the Member State itself.

................................................................. Support our work - make a recurrent donation! .................................................................

Being forced to do something you can’t actually do

This transposition into national legislation also applied to the Directive that forced telecom and Internet providers to retain data concerning the location and communication behaviour of all their users, also known as data retention Directive. Many Member States where unable to meet this requirement. This resulted in the Commission starting a number of infringement procedures against, among others, Romania, Sweden, and Germany.

In order to get a good impression of what goes on behind closed doors, Dutch EDRi member Bits of Freedom requested the Commission to disclose all documents relating to five of these infringement procedures. A few months later, we received thousands of sheets of paper. Now we know how effortlessly national and European leaders blatantly ignore fundamental practical and objections. Ironically, while Member States were taken to court for failing to implement the repressive measures in the Directive, no effort at all was devoted by the European Commission to enforcing Article 10 of the Directive – collecting statistics that were supposed to be used to assess whether the Directive was actually useful or not. It’s a tricky situation: being forced to implement certain rules, despite them being contradictory to the country’s constitution.

Please sue us

The preventive and persistent preservation of data concerning everybody’s location and communication behaviour is, fortunately, a controversial policy. However, to some governments, this seems to be irrelevant. In one of the obtained documents, the Commission describes how a Czech minister viewed the implementation of this controversial undertaking. His assessment: “one day’s headlines and then forgotten”. Some countries even encourage the Commission to start an infringement procedure against them. Crazy, right? It’s as if you’d approach a police officer on the street and beg him or her to please give you a ticket. But this is politics.

The politicians of the German ruling party CDU supported the Commission’s attempts to enforce the implementation of the Directive, because such an infringement procedures increase the pressure on the national debate. For the same reason, the German minister of Internal Affairs (who wanted to see the Directive implemented) did not want the Commission to amend the Directive. In the absence of a reform, the pressure on her Liberal colleague at the Justice department (who refused to implement the Directive) remained high. Similarly the Commission was told by Romanian representatives that a warning against the country would be “helpful”.

Keeping score is too much of an effort

There is no scientific evidence that the invalidation has caused the law enforcement agencies major difficulties. There is no evidence indicating that invalidating the data retention Directive has had a negative impact on the clear-up rate of criminal offences.

This is what the German Minister of Justice wrote in a letter to the European Commission, after the data retention Directive was found to be in violation of the constitution in Germany. It is clear-cut criticism on the assumed – but never substantiated – need for a data retention act.

For many countries, it is too much trouble to gather evidence that supports the alleged need for a data retention act. The Czechs told the Commission that maintaining statistical data (an unenforced obligation under the Directive) was an enormous burden and that it was difficult to obtain data from the police. Instead they indicated a preference to have a conversation with other Member States and to learn from their best practices. How to implement the Directive, without much need for working out if it was serving any purpose?

A data retention act doesn’t help anybody

The documents also give an impression of what is still ahead of us. For instance, the Commission pressured Romania into introducing a new data retention policy after the previous one was declared invalid. The Commission did this despite the warning that there is a risk that a new case would be brought to the Constitutional Court and that the new law will be again declared unconstitutional.

The national legislator being disciplined over and over again calls for additional complexity in the Commission’s enforcement procedures. Their lawyers wrote:

“By letter of 25 November 2008 […] Romania informed the Commission […] that it adopted law no. 298/2008 […]. Romania stated that these measures constituted ‘complete transposition’ of [the data retention Directive] into Romanian law. However, due to an internal omission, this infringement procedure was not subsequently terminated, which should have been done. On 23/11/2009, the Romanian constitutional Court annulled the national law. This law longer exists.

Given those circumstances, it is necessary to close this case which dealt with the situation prior to the annulment of the law by the Romanian Constitutional Court. However, the Commission decided to open a new procedure in order to make sure that [Romania] will transpose the Directive, taking into account the legal situation which is currently in force since the annulment of the law by the Romanian Constitutional Court.”

That is quite a mess that benefits no-one, other than a handful of lawyers. And this is what the Netherlands is about to do: adopting a new data retention law (even though the European Directive itself has now been overturned by the European court), while knowing that it will again collapse in a Dutch or European court. Meanwhile, the investigative agencies are left to deal with the consequences: they have no use for investigative tools that can be declared illegal by a judge – indeed, they were never able to show a use for the data in the first place. The Dutch government should instead invest in something the police can actually use.

Please sue us (only in Dutch, 23.03.2016)

(Contribution by Rejo Zenger, EDRi member Bits of Freedom, The Netherlands)



04 May 2016

CETA will undermine EU Charter of Fundamental Rights

By Guest author

In February 2016, the European Commission and Canadian government published the final draft text of the EU – Canada trade agreement (CETA), prior to its approval or rejection by the Council of the European Union, European Parliament and, possibly, national parliaments.

In October 2015, the Court of Justice of the European Union (CJEU) invalidated the Safe Harbour data protection framework, because it failed to provide an essentially equivalent protection of EU citizens and residents’ personal data in the United States. The Court confirmed that cross-border data transfer frameworks need robust privacy and personal data protection safeguards.

................................................................. Support our work - make a recurrent donation! .................................................................

According to Foundation for a Free Information Infrastructure (FFII)’s analysis, CETA is not compatible with the Charter of Fundamental Rights of the European Union (EU).

After the conclusion of the CETA negotiations, the EU legal services conducted a legal review of the trade agreement (so-called “legal scrubbing”). However, this process did not bring the CETA text into line with the Court’s Safe Harbour ruling. This incompatibility means that our privacy and data protection rights are under threat. This is particularly relevant as Canada is a member of the “Five Eyes” arrangement, a group of countries committed to (suspicionless) mass surveillance.

CETA contains a general exception (Article 28.3 (2)), which is argued to be there to reserve policy space. This general exception, however, contains multiple strict conditions. In only two of 45 World Trade Organisation cases (Article XX of the General Agreement on Tariffs and Trade (GATT) and Article XIV of the General Agreement on Trade in Services (GATS), states successfully invoked similar provisions.

Regarding privacy, the general exception additionally contains the condition that EU laws on which measures to protect personal data would be based must not be inconsistent with other provisions of CETA (Article 28.3 (2)(c)). To put it simply, the general exception that should allow the EU to act to protect our privacy does not allow the EU to act contrary what is agreed in CETA. This concession would become obligatory and therefore, if adopted, CETA would de facto be placed above the EU Charter of Fundamental Rights.

The FFII analysis gives a specific example of such a concession in CETA, which can be found in Chapter 13 (Financial Services). Under CETA, Article 13.15 establishes that the EU and Canada have to allow a financial institution or a cross-border financial service supplier to transfer information across borders. The related privacy standard is weaker than the one in EU law. For instance, it contains the condition that each Party needs to provide “adequate safeguards to protect privacy”, which international arbitrators do not have to read in the light of the Charter of fundamental rights (as the EU Court of Justice does). This is particularly relevant as CETA contains two international dispute settlement mechanisms. In short, the privacy safeguard set in Article 13.15 (2) falls short of the one in the Court’s Safe Harbour decision.

As a result, if adopted, CETA would create an international obligation with a lower privacy standard. Conflicts over obligations in trade agreements are decided by international trade and investment arbitrators, not by supreme or human rights courts. CETA gives financial institutions a carve out from regular privacy enforcement. CETA gives financial institutions a “status aparte”.

Negotiations behind closed doors and a failed legal scrubbing have led to a text that is not compatible with the Charter of Fundamental Rights of the European Union.

Final draft text of the EU – Canada trade agreement, CETA (29.02.2016)

European Court of Justice’s Safe Harbour decision (06.10.2015)

EDRi: Transatlantic coalition of civil society groups: Privacy Shield is not enough – renegotiation is needed (16.03.2016)

FFII: CETA and mass surveillance (13.04.2016)

FFII: CETA places itself above EU Charter of Fundamental Rights (14.04.2016)

FFII: CETA will harm our privacy (15.04.2016)

(Contribution by Ante Wessels, EDRi member Vrijschrift, the Netherlands)



04 May 2016

EU Trade Secrets Directive: A sad day for the freedom of expression

By Guest author

On 14 April, the European Parliament adopted the deeply flawed EU Trade Secrets Directive. This is a sad state of affairs, that does not reflect well on the quality of the EU legislature, both on process and on substance.

On process, it started with Commission-sponsored research that was deeply flawed and misleading. At no point has the Commission presented compelling evidence of the existence of a clear need for EU-wide trade secrets rules, let alone the far-reaching one we are getting now. Furthermore, how credible is a plenary vote in which the translations of the proposed text, finally adopted by the European Parliament, have at times opposite meanings in the German version compared with the English version?

................................................................. Support our work - make a recurrent donation! .................................................................

As it stands now, this Trade Secrets Directive does not really harmonise EU trade secrets protections. Only three Member States have legislation in civil law that protects trade secrets to some extent. It is more a case of transatlantic regulatory convergence, since a very similar proposal is going through to Congress.

The fact that this seems to be a prelude to the transatlantic regulatory convergence that TTIP-proponents are talking about is not the biggest problem. It completely departs from the problem it claims to address: competitive advantages gained through unfair means. Instead it defines trade secrets in such a broad way, namely information of commercial interest, that it is bound to have a chilling effect on corporate transparency, journalism, environmental activism, labour mobility and IT-security research.

The recent Panama papers are a good example: each of the actors named in them could, under the rules promulgated in this Directive, claim a violation of a trade secret. The safeguards put in place through amendments might be upheld in court, but the prospect of such a legal challenge would in itself constitute a deterrent for the newspapers involved.

It will in all likelihood take a long time after the implementation to have the court system redress the most egregious censoring effects of this Directive. In the meantime a lot of free speech will be supressed, either directly or indirectly through its chilling effects.

EDRi: EU trade secrets Directive: threat to free speech, health, environment and worker mobility (23.03.2015)

(Contribution by Walter van Holst, EDRi-member Vrijschrift, The Netherlands)



02 May 2016

BREAKING: TTIP leaks confirm dangers for digital rights

By Maryant Fernández Pérez

Today, Greenpeace has unveiled documents on the Transatlantic Trade and Investment Partnership (TTIP), including the telecommunications chapter and EU’s Tactical State of Play of March 2016.

The leaks show an ideological drive towards deregulation and law enforcement by private companies

, said Joe McNamee, Executive Director of European Digital Rights (EDRi).

This would sweep away key European success stories such as open and competitive telecommunications markets and a legal framework based on transparency and the rule of law

, he added.

EDRi has analysed two of the leaked TTIP documents, the Telecommunications Chapter and the Tactical State of Play. Some of our most important concerns include:

Telecommunications Chapter

  • “Article X.5: Regulatory Flexibility” would give new and excessive powers to telecom regulators, including the power for any national telecom regulator to stop applying EU legislation on a service that the EU or an EU Member State “classifies as a public telecommunications service”. Regulators would have the power to ignore democratically agreed laws if it decided, entirely at its own discretion, that the enforcement was not needed to “prevent unreasonable or discriminatory practices” or, to protect consumers, for example.
  • “Article X.6: Review of legislation” is even worse, as it gives telecom authorities the power to repeal or modify EU legislation, without any democratic accountability or responsibility.
  • Article 48 refers to the confidentiality of electronic communications. While the provision states that both the EU and the USA have to ensure the confidentiality of electronic communications and related traffic data, they should do this “without restricting trade in services”. Would a data protection or privacy measure constitute a trade restriction? This point remains far from clear. What we do know is that decisions on whether data protection and privacy rules are acceptable would not be decided by the European Court of Justice and would not need to take our fundamental rights into consideration.

EU’s tactical State of Play (March 2016)

While the European Commission claims to be very transparent in its reports, the public receives a non-complete state of play after each round of negotiations. The leak is a real, internal state of play on the negotiations, clearly reflecting the lobbying efforts of certain parts of industry from both sides of the Atlantic. A first reading of the leak has allowed us to identified developments on digital rights that are worrisome:

  • Regarding data flows, no progress has been, probably because of the current discussions on the equally flawed EU-US “Privacy Shield”. The document states that these talks might be accelerated because US telecom companies are “very interested in data flows”.
  • On encryption, it says that the EU and the US are discussing similar wording as the one used in the Trans-Pacific Partnership (TPP). This is bad news, as explained by EDRi-member EFF.
  • Concerning so-called “Intellectual Property” (IP), the negotiators seem to take lobbyists’ wish list very seriously. According to the leaked report, “[w]hen confronted with EU warning that bringing sensitive proposals that would require changes in EU law to the table – and doing it at a late stage of the negotiation – may have a negative impact on stakeholders” (which would apparently not include citizens) “and has very limited chances of being accepted”, the US seemed to be prepared to depart from the model of the TPP. Among the proposals the US is thinking of tabling, it includes privatised enforcement measures, that EDRi has been criticising since its inception because they bypass the rule of law and lead to arbitrary corporate decision-making without accountability (cf. “voluntary stakeholder initiatives”). As with ACTA, the US is strongly supportive of “voluntary initiatives” as US-based global giants already impose US copyright law on a global level. The EU (as shown by the recent leak of the Communication on Platforms) supports this approach.

In the leaks analysed by EDRi, there is no single mention of the public, NGOs or civil society in general.

Background information:

TTIP leak: Electronic communications / Telecommunications Chapter

TTIP leak: EU’s Tactical State of Play (March 2016)

EDRi’s red lines on TTIP

EDRi booklet: TTIP and Digital Rights

TTIP Resolution: document pool


02 May 2016

EDRi and 72 other NGOs send letter to EU regulators on net neutrality

By Maryant Fernández Pérez

Today, EDRi joined forces with 72 other civil society organisations from the five continents of the world to ask European Telecom Regulators to uphold net neutrality in the current negotiations about the future of the Open Internet in the European Union.

The Body of European Regulators of Electronic Communication (BEREC) and the 28 telecom regulators are currently negotiating guidelines that will clarify the recently adopted net neutrality law in the EU. A public consultation will be launched by BEREC in June, lasting for twenty working days, as a result of which the final guidelines will have to be published by 30 August 2016.

BEREC has a crucial role in ensuring that the open democratic internet. Failure will be bad for Europe and bad for the world

, said Joe McNamee, Executive Director of European Digital Rights (EDRi).

In this important letter, 73 NGOs from around the world ask the EU Regulators to establish strong guidelines for net neutrality in Europe. In order to respect the Regulation’s stated aim of ensuring “the continued functioning of the internet ecosystem as an engine of innovation”, we urge BEREC to adopt guidelines give real meaning to this goal, including:

  • Careful consideration of so-called “Specialised Services”;
  • The reaffirmation that zero rating is prohibited under the regulation; and
  • Strictly non-discriminatory traffic management and a clear statement opposing intrusive traffic management that would restrict internet users’ privacy.

In order to fix some of the ambiguities of the EU net neutrality regulation, on 31 March EDRi and the SaveTheInternet coalition partners launched a consultation to give citizens more time to tell the regulators what they think about the open internet in Europe. EDRi is also part of RespectMyNet, which is a campaign to encourage internet users to report net neutrality violations all over the European Union.

Read the letter here:

Background information:

Timeline for the adoption of Net neutrality’s implementation guidelines

Net neutrality pieces that BEREC needs to clarify

Deep Package Inspection: what is it and what does the EU regulation say?

Net neutrality: document pool II

EDRi’s first input to EU regulators on net neutrality guidelines (13.01.2016)

Respect My Net: online platform to report net neutrality violations (03.03.2016)

Save the Internet – Final consultation to save the open Internet in Europe (31.03.2016)


28 Apr 2016

Leaked EU Communication – Part 2: Protecting Google at all costs

By Joe McNamee

While the European Commission talks tough about supporting European industry, much of what is in the leaked Communication on online platforms appears to be designed to protect Google and other online giants, to the detriment of competition and European innovation.

Fair payments” for copyright

The Communication refers obtusely to the notion of “fair” distribution of revenue for copyrighted material that is “made available” through platforms. The wording in some parts of the text appears to refer to proposals to introduce “ancillary copyright”, which is often referred to as a “Google tax”. Services like Google News use small snippets from articles to give an indication of the content of stories and publishers want to be paid for this use of their content.

Publishers put their newspapers online in order for people to read them. When people find them through Google News, this makes the publication more successful. Publishers want to be “compensated” because Google also benefits from this.

In Germany, where an “ancillary copyright” levy was imposed, local German companies have to pay to provide news aggregation services. However, since the introduction of ancillary copyright, the biggest media companies have agreed to unpaid listing on Google News. Google uses its dominance to avoid paying anything at all. Small German companies suffer. Google benefits.

In Spain, an “ancillary copyright” law was introduced, under which payments are obligatory. So, Google News left Spain completely. This means that people just go directly to the larger news outlets that they know, which undermines the accessibility of smaller outlets that are now less easy to find. Small Spanish news outlets suffer. Google doesn’t suffer.

Now the European Commission is considering this model for all of the twenty-eight countries of the European Union.


The leaked Communication lauds the “success” of the Commission’s “EU Internet Forum“. The Internet Forum (pdf, a Commission-driven project, in cooperation with US online companies to tackle terrorist content and hate speech online) aims to develop a “code of conduct” for the processing complaints about “illegal” content (or harmful content or just breaches of terms of service) by online companies. Guess how many European companies take part in the IT Forum? Hint: The number is less than one. So, Google (with Facebook and Twitter) have the right to negotiate a baseline level responsiveness to complaints, as well as speed of censorship of illegal (and legal) content. European start-ups are not in the room, but will be expected to respect this baseline, even if this is cripplingly expensive or impractical. They do not have the economies of scale that Google does. European companies suffer. Google wins.


The European Commission threatens “sectoral” legislation on liability, in addition to the existing E-Commerce Directive, to deal with, inter alia, possible copyright infringements. Google already has advanced restrictions in place. For example, it deletes over one million links that have been accused of copyright infringements every day. Similarly, YouTube implements a process called “ContentID, a senior legal counsel at Google once (in his previous job) described as a tool to “massacre” fair use of copyrighted material. Regardless of what copyright flexibilities exist in law, ContentID allows rightsholders to delete content directly from YouTube.

In short, Google is very well equipped to deal with any new, more onerous liability obligations. Indeed, the more restrictive they are, the bigger the Google’s economy of scale and the bigger the competitive advantage that will be given to Google.

Blind faith

On dealing with illegal or unwelcome content, the Commission’s approach is quite simple, and almost beautiful in its naïveté.

It will give Google the problem of liability and the problem of public relations pressure to do “more” (with no baseline) to deal with hate speech, terrorism, child protection, copyright, etc.

The European Commission then hopes that Google, when seeking to solve these liability and public relations problems will, by coincidence, solve the Commission’s public policy problems. The Commission hopes that Google will solve these problems in a way

  • which is transparent and necessary;
  • which is proportionate;
  • which will continue, in the medium and long term, to be effective and proportionate in an ever changing online landscape;
  • which respects the rule of law;
  • which respects free speech;
  • which respects other jurisdictions and, of course;
  • which does not involve any deliberate or accidental anti-competitive behaviour that will.

Seems reasonable.

27 Apr 2016

Leaked EU Communication – Part 1: Privatised censorship and surveillance

By Joe McNamee

EU Charter of Fundamental Rights: Subject to the principle of proportionality, limitations [to fundamental rights ]; may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.

A draft European Commission Communication on Platforms has been leaked. The proposals with regard to the regulation of “illegal” “or harmful” content are hugely disturbing. In summary, the European Commission seems willing to completely give up on the notion of law. Instead, regulation of free speech is pushed into the hands of Google, Facebook and others.

In relation to audiovisual regulation (to update the EU AVMS Directive), the draft suggests that an EU Kids Online research project shows that “children are more and more exposed to harmful content through video-sharing platforms”. This research project does not actually show this at all – it is researched children’s perception of risk and does not provide detailed analysis over time about actual exposure.

In relation to the real motivation behind the privatised censorship proposals (copyright), the draft talks about platforms “which make available copyright-protected content uploaded by end-users”. The wording is very deliberate. While the E-Commerce Directive gives liability protection to hosting companies that passively host content on behalf of their users, “making available” is an active use of content for which the rightsowner has a “exclusive right to authorise or prohibit any communication to the public”. As a result, any “making available” by online platforms without prior consent of the rightsholder would be a breach of copyright, for which the platform would be liable. The only option for being liable for a “making available” by your customers is to subject any uploads to prior checking, filtering and/or takedown in cases of doubt. Online platforms already delete vast amounts of perfectly legal content uploaded by users, so this new incentive would make the situation even worse.

The European Commission even looks to the big online monopolies to take “more effective” action to protect “key societal values”. More effective than what? What values? With what oversight? Following what rules? No rules at all, according to the European Commission – it should be done using “effective voluntary action”. What would this look like? Facebook has already undertaken experiments which show that it has the power to manipulate elections, to manipulate people’s mood or even to manipulate people working in a specific building. No rules are being considered to limit such behaviour.

Remarkably, this approach is not being proposed due to ignorance on the part of the Commission – the text explicitly refers to situations where “information is filtered via algorithms, or manipulated through opaque moderation processes”. How should this risk to our “key societal values” be addressed? Apparently, it will be achieved by ensuring “non-discrimination, or to ensure transparent, fair and non-discriminatory access to information” when access to information is being “manipulated through opaque moderation processes”. The blatant contradiction is apparently not obvious to whomever wrote this part of the text.

The Commission also sees a concern on the part of online platforms that they could become liable for illegal material, if they have systems in place to carry out proactive surveillance. It therefore suggests that measures are needed to “provide certainty” for companies “enabling them to undertake such responsible behaviour”.

Sadly, there is also definitive proof of the fact that the entire text is an example of policy-based evidence-making: it is provided by the statement that extension of certain obligations to online platforms “has been confirmed by the responses to the public consultations on the Telecoms Review and the ePrivacy Directive Review ”. The public consultation on the ePrivacy Directive has not finished and was only launched two weeks before the leaked draft was published – so it confirmed nothing, yet! Similarly, the text refers to the “success” of the Commission-led “self-”regulatory Internet Forum on terrorism and hate speech, even though that project has not produced anything, except some soothing press releases.

Summary: The key societal value of predictable and accountable restrictions on fundamental rights is at risk. With evidence being moulded to suit pre-existing policies, the European Commission appears eager to ensure that the online monopolies monitor online activity, take action to remove any content that creates legal risks for them, and arbitrarily police content to “protect” unspecified and undefined “societal values”. Instead of laws, we will have terms of service. Instead of accountability, we will have unaccountable censorship imposed by a system where, in the Commission’s own words, “information is filtered via algorithms, or manipulated through opaque moderation processes”.

All of this will, the Commission hopes create “the right framework conditions for user trust, innovation and value creation in Europe”.