In the digital era, copyright should be implemented in a way which benefits creators and society. It should support cultural work and facilitate access to knowledge. Copyright should not be used to lock away cultural goods, damaging rather than benefitting access to our cultural heritage. Copyright should be a catalyst of creation and innovation. In the digital environment, citizens face disproportionate enforcement measures from states, arbitrary privatised enforcement measures from companies and a lack of innovative offers, all of which reinforces the impression of a failed and illegitimate legal framework that undermine the relationship between creators and the society they live in. Copyright needs to be fundamentally reformed to be fit for purpose, predictable for creators, flexible and credible.
After a massive leak of the voter’s list showing the voting preferences, addresses, phones and dates of birth of a majority of the Maltese population, EDRi member noyb.eu will assist the Daphne Foundation and Repubblika in their class action and file complaints about the data breach in various EU Member States.
Colossal privacy violations of voters’ data
At the end of March 2020, independent Maltese media reported that a database containing 337,384 records of Maltese voters’ personal information had been freely accessible online for at least a year. The data did not only include the fields available in the published electoral register but also included mobile and fixed telephone numbers, dates of birth, polling booth and polling box numbers, and a numerical identifier indicating an individual’s political affiliation.
How could this happen?
Maltese voters are enrolled in the Maltese electoral register, which is maintained by the Electoral Commission – a body set up by the Maltese Constitution and whose role it is to maintain the register and organise local, national and European Parliament elections. Around the end of March it was discovered that, C-Planet IT Solutions, an IT company connected to the Labour Party to have stored a copy of the electoral register in an open directory, which was indexed by Google. The database was unprotected and accessible to anyone with a web browser, reported the Times of Malta.
Data protection and democracy
After the Cambridge Analytica scandal, everyone understands the fundamental role of data protection in a democracy, especially when the data at stake includes political opinions. As a principle, the GDPR prohibits the processing of data revealing political opinions. What is even more worrying is the total lack of protection of these data which were publicly accessible by everyone.
In a democracy, we cannot accept the processing of political data spiraling out of control. Political parties in particular should not be using voters’ information for purposes other than what the law permits them to do. Could you imagine your political preferences being used to deny you access to a public service or an employment opportunity?
Romain ROBERT, data protection lawyer at noyb.
Civil society in Malta reacts.
Against this context, two NGOs – the Daphne Foundation and Repubblika –have teamed up and organised a platform that allows citizens affected by this data breach to sue C-Planet IT Solutions Limited and any other entity involved. An investigation has been launched by the Maltese DPA, but the class action targets civil damages, including moral damages. The Daphne Caruana Galizia Foundation set up a tool that allows everyone to check what information was collected on them. They invite everyone wanting to join the collective action to visit the FAQ. Also, if you want to join a complaint filed by noyb outside Malta, please contact them at firstname.lastname@example.org.
Last year, the South African parliament adopted a progressive new copyright bill that would have drastically improved access to educational materials, introduced a fair use exception, implemented the Marrakesh treaty for the benefit of people who are blind or print disabled, and strengthened the negotiating positions of authors and performers in their negotiations with publishers. On Friday, the South African President decided to send the bill back to Parliament, citing constitutional concerns1. While civil society had waited for over one year for the President to sign the bill into law, entertainment industry associations IFPI, MPA and others had lobbied foreign governments to intervene in South Africa’s democratic process and compel the President to refer the bill back to Parliament – apparently with success.
The role of the United States (US) in trying to get South Africa to abandon the reform has been a matter of public record ever since the US Trade Representative started an investigation late last year that could have led to South Africa losing trade benefits when importing goods to the US. But details of the EU Commission’s intervention on behalf of the entertainment industry have only become known in recent days, following a freedom of information request to DG Trade2.
According to the documents, entertainment industry groups approached DG Trade in 2019 with the initial idea that the European Commission should send a “demarche”, a letter submitted by the EU Ambassador to South Africa “to the highest levels of the South African government” in order “to eliminate the negative impact that the Bills would have on the creators they aim to support”. Actual creators’ associations, meanwhile, had no problems with the bill and wrote to DG Trade shortly thereafter, urging them to let the South African copyright reform go ahead, which would drastically improve the position of the original authors and performers vis-à-vis their much more powerful international publishers. In their letter, they pointed out that “performers and other creative workers in South Africa have been subsidizing the industry for far too long. The overwhelming majority live a very precarious life.”
income inequality in South Africa is the highest in the world and the
publishing industry caters mostly to the wealthy – majority white –
elite in the country. The copyright bill tries to address this income
inequality on several fronts, by allowing the copying of textbooks
that are not offered at affordable prices, and by improving the
negotiating position of, majority low income and majority Black,
authors and performers. The contractual protections proposed in the
South African copyright bill are not unlike those included in the
2019 EU copyright Directive.
Despite the authors’ and performers’ explicit support for the bill, the European Commission decided to follow the entertainment industry’s call for intervention. On 20 March 2020, a month after a lobby meeting between DG Trade and representatives of the MPA and IFPI, the EU Ambassador to South Africa sent a letter to the South African President, urging him not to sign the copyright bill into law. The letter contains thinly veiled threats that European businesses would pull investments from South Africa should the copyright law go ahead, although DG Trade’s interactions that led to sending the letter were primarily with US-based entertainment companies such as the Hollywood studios organized in MPA. In other words, the European Commission was intervening on behalf of US entertainment companies to deny Black South African authors and performers the same contractual rights that it recently granted European authors. Despite its claims towards the South African government that it was “consulting widely”, the internal documents show that the European Commission did not consult with European civil society at all. If civil society had been consulted, the European Commission would know that there is broad support for the introduction of fair use and the rapid implementation of the Marrakesh treaty.
European Commission’s intervention in South Africa’s democratic
process is not just worrying from corporate
lobbying perspective. It also highlights
the extreme hypocrisy in its international copyright policy. In
negotiations on international copyright treaties, the Commission has
long been opposed to any global standards on copyright exceptions.
Even in the case of the Marrakesh treaty, designed to provide access
to knowledge for the blind, the EU had to be dragged to the
negotiating table kicking and screaming. It has rebuffed recent
initiatives to draft a treaty for global exceptions for libraries and
educational institutions, arguing that the cultural differences
between countries are too significant to have a one-size-fits-all
approach and that countries should be free to adopt the copyright
exceptions that fit their specific circumstances. South Africa was
trying to do just that – to introduce fair use provisions and
educational exceptions specific to the post-Apartheid democracy that
is still struggling with huge income inequality and structural
The European Commission’s hypocrisy in intervening to bring this reform to a halt is perhaps only surpassed by that of the US government, which is denying another country the same fair use provision that has supported the US economy for decades. While we may not expect any better from the US government, we should hold the European Commission to a higher standard. This is why EDRi is calling upon the European Parliament’s Trade committee to put the issue on the agenda and question the Commission about its aggressive lobbying on behalf of the entertainment industry. EDRi is also preparing a letter to Trade Commissioner Hogan to bring accountability to the European Commission’s international copyright policies.
In EDRi’s series on COVID-19, COVIDTech, we explore the critical principles for protecting fundamental rights while curtailing the spread of the virus, as outlined in the EDRi network’s statement on the pandemic. Each post in this series tackles a specific issue at the intersection of digital rights and the global pandemic in order to explore broader questions about how to protect fundamental rights in a time of crisis. In our statement, we emphasised the principle that states must “defend freedom of expression and information”. In this fourth post of the series, we take a look at the issue of immunity passports, their technological appeal and their potentially sinister consequences on social inequality and fundamental rights
The dangerous allure of science fiction
Early in the
coronavirus outbreak, pandemic guilty-pleasure film, Contagion,
skyrocketed to the top of streaming sites’ most watched lists. One
of the film’s most interesting plot points (mild spoiler alert) is
the suggestion of a simple form of immunity passport. Wristbands for
people who have been vaccinated are presented as an obvious solution
– and why wouldn’t they be? Various forms of immunity passport
are a compelling idea. It sounds as if they could allow us to get
back to a more normal life. But the reality is not as clear-cut as in
the movies, and the threats to how we live our lives – in
particular, the people that could be most harmed by such schemes –
mean that we must be incredibly cautious. Consequently, as it
stands now, the lack of evidence, combined with the size of
the threat that these schemes pose to fundamental rights and
freedoms, reveal that – digital or otherwise –
immunity passports must not be rolled out.
Immunity passports – science fact says “no”
In the last few weeks, “digital immunity passports”, certificates, apps, and other similar ideas have become prominent in discussions about how to exit from global lockdowns, with proposals popping up in Germany, Italy, Colombia, Argentina and the US to name a few. It is a legitimate policy goal to help people find safe ways to exist in this “new normal”. Yet these proposals are all founded on the dangerous fallacy that we know and understand what coronavirus “immunity” looks like.
The WHO have been clear in their assessment that there is “currently no evidence” for immunity, and that such schemes may in fact incentivise risky behaviour. Medical journal The Lancet adds that such proposals are “impractical, but also pose considerable equitable and legal concerns even if such limitations [due to our lack of knowledge about immunity] are rectified.” And science journal Nature warns that immunity passports can actually harm public health. If public health experts are warning against immunity passports – even once we know more about COVID-19 immunity – then why are governments and private actors still pushing them as a silver bullet?
Like with controversial tracking and contact tracing apps, there are a host of privacy and data protection concerns when such schemes become “digital”. Individual health data is very sensitive, as is data about our locations and interactions. As it is often with private companies that are aggressively pushing proposals (hello TransferWise and Bolt in Estonia), there are serious concerns about transparency, accountability, and who really benefits. EDRi has warned that public health tools should be open for public scrutiny, and limited in scope, purpose and time. With private companies rushing to profit from this crisis, can we be confident that this will happen? The lessons learned from digital identification programmes suggests we have reasons to be very sceptical.
A new generation of “haves” and “have nots”
The crux of the problem with immunity passports is that they will likely be used to decide who is and who is not allowed to participate in public life: who can go to work – and therefore earn money to support themselves and their family; who can go to school; and even who can stay in hotels. By essence, these “passports” could decide who can and who cannot exercise their fundamental rights.
Biometric surveillance and the risks of hyper-connected data
In a wider sense, digital immunity passports – especially those linked to people’s sensitive biometric data – are part of a growing mass surveillance infrastructure which can watch, analyse and control people across time and place. Such systems rely on holding mass databases on people (which in itself comes with big risks of hacking and unauthorised sharing) and are damaging to the very core of people’s rights to dignity, privacy and bodily integrity. The combining of health data with biometric data further increases the ability of states and private actors to build up highly detailed, intrusive and intimate records of people. This can, in turn, have a chilling effect on freedom of expression and assembly by disincentivising people from joining protests, suppressing political opposition, and putting human rights defenders and journalists at risk. As Panoptykon Foundation have explained, such systems are ripe for abuse by governments looking to control people’s freedoms.
Discrimination and unequal impacts creating a segregated society
It is foreseeable that the introduction of immunity passports will have unequal and disproportionate impacts upon those that already face the highest levels of poverty, exclusion and discrimination in society. Those with the smallest safety nets, such as people in precarious and low-waged jobs, will be the ones who are least able to stay at home. The pressure to be allowed outside – and the impacts of not being allowed to do so – will therefore be unequally distributed. We know that some people are more at risk if they do contract the virus: those with underlying health conditions, older people and in the UK,black people. This inequality of who suffers the most will replicate the already unequal distribution in our societies. And if immunity passports are administered digitally, then those without access to a device will be automatically excluded. This stratification of society by biological and health characteristics, as well as access to tech, is dangerous and authoritarian.
Digital immunity passports are no longer the preserve of science fiction. There is a very real risk that these schemes are putting innovation and appearance over public health, in a move often called “technosolutionism”. Digital and biometric immunity passports not only threaten the integrity of our sensitive bodily and health data, but create a stratified society where those who can afford to prove their immunity will have access to spaces and services that the remainder will not– de facto becoming second class citizens. The New York Times calls this “immunoprivilege”.
When the time comes that we have solid scientific evidence about immunity, it will be up to public health officials to work out how this can translate into certification, and for data protection and privacy authorities and experts to help guide governments to ensure that any measures strictly respect and promote fundamental rights and freedoms. Until then, let’s rather focus on improving our national health systems, ensuring that research goes into preventing this and future pandemics (despite the push-back from Big Pharma) and that we build a new society free of virus such as COVID-19 and surveillance capitalism.
Would you like your local government to judge you by your Facebook activity? In a recent study, we investigated how local authorities (Councils) in Great Britain are looking at social media accounts as part of their investigation tactics on issues such as benefits, debt recovery, fraud, environmental investigations, and children’s social care.
Social media platforms are a vast trove of information about individuals and collectives, including their personal preferences, political and religious views, physical and mental health and the identity of their friends and families. Social media monitoring or social media intelligence (SOCMINT) are the techniques and technologies that allow the monitoring and gathering of information on social media platforms such as Facebook and Twitter.
Life-changing decisions could be made on the basis of this intelligence but yet no quality check on the effectiveness of this form of surveillance is in place as of now. This has particular consequences and a disproportionate negative impact on certain individuals and communities.
significant number of local authorities are now using ‘overt’
social media monitoring as part of their intelligence gathering and
investigation activities. This substantially out-paces the use of
‘covert’ social media monitoring
you don’t have good privacy settings, your data is fair game for
overt social media monitoring.
is no quality check on the effectiveness of this form of
surveillance on decision making.
social media profile could be used by a local
without your knowledge or awareness, in a wide variety of their
functions; predominantly intelligence gathering and investigations.
The UK Surveillance Commissioner’s Guidance defines overt social media monitoring as looking at ‘open source’ data, that is, publicly available data, and data where privacy settings are available but not applied. This may include: “List of other users with whom an individual shares a connection (friends/followers); Users’ public posts: audio, images, video content, messages; “likes”, shared posts and events”. According to the Guidance, “[r]epetitive examination/monitoring of public posts as part of an investigation” constitutes instead ‘covert’ monitoring and “must be subject to assessment.”
Who is being targeted?
Everyone is potentially targeted as at some point in our lives we all interact with local authorities as we go through some of the processes listed above. The difference, however, is that we all are affected differently.
As in many other instances when it comes to the digitalisation and use of new technologies, those belonging to already marginalised and precarious groups and who are already subject to additional monitoring and surveillance, are once again experiencing the brunt of such practices.
There are particular groups of the populations which are being impacted dramatically by the use of such techniques because they are dependent and subject to the functions of local authorities such as individuals receiving social assistance/welfare as well as migrants.
We have seen similar developments in the migration sector where for immigration enforcement purposes governments are resorting to social media intelligence. Some of these activities are undertaken directly by government themselves but in some instances, governments are calling on companies to provide them with the tools and/or know-how to undertake these sort of activities.
How to protect those most vulnerable
As local authorities in Great Britain and elsewhere seize on the opportunity to use this treasure trove of information about individuals, use of social media by local authorities is set to rise and in the future we are likely to see more sophisticated tools used to analyse this data, automate decision-making, generate profiles and assumptions.
The collection and processing of personal data obtained from social media as part of local authority investigations and intelligence gathering, must be strictly necessary and proportionate to make a fair assessment of an individual. There needs to be effective oversight over the use of social media monitoring, both overt and covert, to ensure that particular groups of people are not disproportionately affected, and where violations of guidance and policies do occur, they are effectively investigated and sanctioned.
It is urgent to ensure that the necessary and adequate safeguards are in place to protect those in the most vulnerable and precarious positions where such information could lead to tragic life altering decisions such as the denial of welfare support.
we urge local authorities to:
Refrain from using social media monitoring, and avoid it entirely where they do not have a clear, publicly accessible policy regulating this activity
Local authorities should use social media monitoring only if and when in compliance with their legal obligations, including data protection and human rights.
Every time a local authority employee views a social media platform, this is recorded in an internal log including, but not limited to, the following information:
Date/time of viewing, including duration of viewing of a single page
Reason/justification for viewing and/or relevance to internal investigation
Information obtained from social platform
Why it was considered that the viewing was necessary
Pages saved and where saved to
Local authorities should develop internal policies creating audit mechanisms, including:
The availability of a designated staff member to address queries regarding the prospective use of social media monitoring, as well as her/his contact details;
A designated officer to review the internal log at regular intervals, with the power to issue internal recommendations
Whilst we may post publicly, we don’t expect local authorities to look at our photos and screenshot our thoughts, and use this without our knowledge to make decisions that could have serious consequences on our life.
The growing intrusion by government authorities’ – without a public and parliamentary debate – also risks impacting what people say online, leading to self-censorship, with the potential deleterious effect on free speech. We may have nothing to hide, but if we know our local authority is looking at our social media accounts, we are likely to self-censor.
Social media platforms should not be reframed as spaces for the state to freely gather information about us and treat people as suspects.
This article was originally published by Metamorphosis in Global Voices.
Scammers using fake Forbes articles and anti-EU disinformation as bait continue to target Facebook users across Europe, the EDRi member Metamorphosis Foundation has warned.
The Skopje-based Metamorphosis Foundation is a civil society
organisation from North Macedonia promoting digital rights and media
Its monitoring of social networks has revealed that scammers
continue to use Facebook advertisements masked as links to articles
from the respectable Forbes.com, continuing disinformation trends
involving not only China, but also European Union members like
On 19 May, the Ministry of Interior Affairs of North Macedonia warned citizens that scammers use social networks and e-mail to distribute links misrepresented as articles from Forbes.com to promote the purchase of a supposed new Chinese cryptocurrency.
Citizens who click on the links and provide personal data to the
scammers are then targeted by phone calls persuading them to start
‘investing’ by paying installments of $250 dollars.
Other manipulation techniques are then deployed to make users
increase the fee.
The anti cyber-crime unit of the Macedonian police claimed the malicious links lead to a website hosted in Ukraine, allegedly run by a Russian citizen in a manner similar to the debunked OneCoin Ponzi scheme run by Bulgarian fraudster Ruja Ignatova, which inflicted damage worldwide of over $4 billion.
Data publicly provided by Facebook about the geographic reach of
the advertisements promoting these links suggest they go far beyond
the borders of North Macedonia, activists warn.
Manipulative ads help scammers gather
personal data from victims
Metamorphosis identified several similar ads that are active on social networks. Users who click on these ads are redirected to addresses such as this one instead of pages on the Forbes.com website.
Bardhyl Jashari, Executive Director of Metamorphosis, explained:
“Misleading advertisements continue to target social network users
across the world. Using the public data provided by Facebook about
the ads targeting the audience based in North Macedonia as a starting
point, the Metamorphosis team revealed that the same ads are served
in almost all European countries, as well as countries in the Middle
East. Scammers use pages about culture, even about cookies (the
edible ones), to launch ads that lead the users to web pages and
blogs that look almost the same as the ones the Macedonian police
This dangerous trend also touches upon another of Metamorphosis’ areas of involvement. Since its founding in 2004, Metamorphosis has been working on promoting serving and promoting child safety online.
Jashari also noted:
“A very worrisome development is that these organised
crime networks also use pages aimed at children and teenagers to
camouflage their malicious content. For instance a page branded as
community for the popular game MineCraft (titled Minecraft) had been
running ads that continue to disseminate disinformation about Sweden,
aimed at users in Russia, Austria, Belgium, but also in Singapore,
Qatar and United Arab Emirates, and dozens of other countries.”
Users clicking on these ads are taken to a page providing an incentive for them to leave their personal data. In the case of Sweden this was disguised as a discount coupon.
While MineCraft has a huge adult following, it is a particularly
popular game among children aged between 9 and 11. This practice
helps condition future audiences particularly susceptible to both
disinformation and scamming.
What is Metamorphosis
doing to combat these tactics?
In November 2019, Metamorphosis’ Critical Thinking for Media-wise Citizens (CriThink) project warned that scammers benefit from established disinformation narratives about Sweden.
Sponsored Facebook posts lure people who had been previously primed through right-wing populist propaganda media networks based in North Macedonia to believe media manipulations about unrest in the country and the European Union (EU), originally published by pro-Kremlin media.
In the same manner, these articles promoted fake news that Sweden
has introduced a cryptocurrency opposing the Euro.
To launch these geo-targeted ads, scammers used a series of pages
with general interest topics, including some branded as unofficial
fan clubs of Western celebrities like actors Liam Neeson and Anthony
CriThink, which is an initiative supported by the EU Delegation in
North Macedonia, educated local social media users on how to use the
transparency features of Facebook pages used by the scammers, in
order to flag and report the suspicious pages using the mechanisms
provided by the platform.
In order to boost citizen engagement in raising media literacy
levels, CriThink articles related to social networks provide
instructions on how users can use reporting features to alert
administrators about harmful content, ranging from hate speech to
Several weeks later, in December 2019, Facebook informed some of its users who participated in the online action that they had removed the ads reported as scams.
YouTube, Chrome, Android, Gmail, maps and many other digital products without which the internet is unimaginable, are an important segment of the industry which entirely relies on processing personal data. With a significant delay and numerous difficulties, states have begun bringing some order in this field, which directly interferes with basic human rights. The European Union has set this standard by adopting the General Data Protection Regulation (GDPR), while the new Law on Personal Data Protection in Serbia, in place since August 2019, followed this model too.
Although they have been operating in Serbia for a
long time, global tech-corporations observe most developing countries
as territories for an unregulated exploitation of citizens’ data.
At the end of May 2019, SHARE sent the aforementioned request to 20
of the biggest tech companies from around the world, three months
before the application of the new Law on Personal Data Protection,
reminding them of their obligations towards Serbian citizens and the
parameters of the new national law.
Twitter responded to us by saying that they were working on it. A global platform for booking airline tickets, eSky, also contacted us, and appointed their representative in Serbia. In December 2019, when Google and Facebook were dragging their feet in the issue of appointing representatives in the country, SHARE filed misdemeanor charges to the Serbian Commissioner.
The European Digital Rights network joined 118 civil society organisations from across the globe in signing an open letter (the latest act of a longstanding movement) addressing the need to end gag lawsuits that threaten the public interest by allowing powerful actors to silence those that would speak against them.
problem: gag lawsuits against public interest defenders
EU must end gag lawsuits used to silence individuals and
organisations that hold those in positions of power to account.
Strategic Lawsuits Against Public Participation (SLAPP) are lawsuits
brought forward by powerful actors (e.g. companies, public officials
in their private capacity, high profile persons) to harass and
silence those speaking out in the public interest. Typical victims
are those with a watchdog role, for instance: journalists, activists,
informal associations, academics, trade unions, media organisations
and civil society organisations.
examples of SLAPPs include PayPal suing SumOfUsfor a peaceful protest
outside PayPal’s German headquarters; co-owners of Malta’s
Satabank suing blogger Manuel Deliafor a blog post denouncing money
laundering at Satabank; andBollore Group suing Sherpa and ReAct in
France to stop them from reporting human rights abuses in Cameroon.
In Italy more than 6,000 or two-thirds of defamation lawsuitsfiled
against journalists and media outlets annually are dismissed as
meritless by a judge. When Maltese journalist Daphne Caruana Galizia
was brutally killed, there were 47 SLAPPs pending against her.
are a threat to the EU legal order, and, in particular:
threat to democracy and fundamental rights.
The EU is founded on the rule of law and respect for human rights.
SLAPPs impair the right to freedom of expression, to public
participation and to assembly of those who speak out in the public
interest, and have a chilling effect on the exercise of these rights
by the community at large.
to access to justice and judicial cooperation.
Cross-border judicial cooperation relies on the principles of
effective access to justice across the Union and mutual trust
between legal systems. That trust must be based on the legally
enforceable upholding of common values and minimum standards. To the
extent that they distort and abuse the system of civil law remedies,
SLAPPs undermine the mutual trust between EU legal systems: member
states must be confident that rulings issued by other member states’
courts are not the result of abusive legal strategies and are
adopted as the outcome of genuine proceedings.
threat to the enforcement of EU law, including in connection to the
internal market and the protection of the EU budget.
The effective enforcement of EU law, including the proper
functioning of the internal market, depends on the scrutiny of the
behaviour of individual entities by the EU, member states and
–crucially –informed individuals. Watchdogs, be it media or
civil society actors, play a key enforcement role. Therefore, the
absence of a system which safeguards public scrutiny is a threat to
the enforcement of EU law. The same reasoning applies to the
management of EU programmes and budget, which cannot be monitored
through the sole vigilance of the European Commission.
threat to freedom of movement. The
absence of rules to protect watchdogs from SLAPP has an impact on
the exercise of the Treaty’s fundamental freedoms, since it
affects the ability of media, civil society organisations and
information services providers to confidently operate in
jurisdictions where the risk of SLAPPs is higher, and discourages
people from working for organisations where they can be the target
solution: an EU set of anti-SLAPP measures
The EU can and must end SLAPPs by adopting the following complementary measures to protect all those affected by SLAPPs:
An anti-SLAPP directive
An anti-SLAPP directive is needed to establish a Union-wide minimum standard of protection against SLAPPs, by introducing exemplary sanctions to be applied to claimants bringing abusive lawsuits, procedural safeguards for SLAPP victims, including special motions to contest the admissibility of certain claims and/or rules making the burden shifting to the plaintiff to demonstrate a reasonable probability of succeeding in such claims, as well as other types of preventive measures. The Whistle-Blower Directive sets an important precedent protecting those who report a breach of Union law in a work-related context. Now the EU must ensure a high standard of protection against gag lawsuits for everyone who speaks out –irrespective of the form and the context –in the public interest.
The legal basis for an anti-SLAPP directive is to be found in multiple provisions of the Treaty; for example, Article 114 TFEU on the proper functioning of the internal market, Article 81 TFEU on judicial cooperation and effective access to justice and Article 325 TFEU on combating fraud related to EU programmes and budgets.
2. The reform of Brussels I and Rome II Regulations Brussels I Regulation (recast) contains rules which grant claimants the ability to choose where to make a claim. This must be amended to end forum shopping in defamation cases, which forces defendants to hire and pay for defence in countries whose legal systems are unknown to them and where they are not based. This is beyond the means of most and falls foul of the principles of fair trial and equality of arms.
Rome II Regulation does not regulate which national law will apply to a defamation case. This allows claimants to select the most favourable substantive law and therefore leads to a race to the bottom. Today, victims may be subject to the lowest standard of freedom of expression applicable to their case.
3. Support all victims of SLAPPs Funds are needed to morally and financially support all victims of SLAPPs, especially with legal defence. Justice Programme funds should be used to train judges and practitioners, and a system to publicly name and shame the companies that engage in SLAPPs, for example in an EU register, should be created
Finally, the EU must ensure that the scope of anti-SLAPP measures include everybody affected by SLAPPs, including journalists, activists, trade unionists, academics, digital security researchers, human rights defenders, media and civil society organisations, among others.
This paper was signed by 119 media and civil society organisations.
You can find the original letter and the full list of signatories here.
Today, 4th June 2020, European Digital Rights (EDRi) submitted its response to the European Commission’s public consultation on artificial intelligence (AI). In addition, EDRi released its recommendations for a fundamental rights-based Artificial Intelligence Regulation.
is a growing concern for all who
care about digital and human
rights. AI systems have the ability to exacerbate mass surveillance
and intrusion into our personal lives, reflect and reinforce some of
the deepest societal inequalities, fundamentally alter the delivery
of public and essential services, undermine data protection
legislation, and disrupt the democratic process.
In Europe, we have already seen the negative impacts of automated systems at play at the border, in predictive policing systems which only increase over-policing of racialised communities, in ‘fraud detection’ systems which target poor, working class and migrant areas, and countless more examples. Read more in our explainer.
Therefore, EDRi calls for the European Commission to set clear red-lines for impermissible use, ensure democratic oversight, and include the strongest possible human rights protection.
We encourage all people, collectives and organisations to respond to the consultation and make sure these issues are addressed. Need help answering the consultation? Read EDRi’s answering guide for the public here.
Will you make your voice heard in a crucial moment for the future of our societies? Submit your own response to the consultation online here.
Today, 4 June 2020, European Digital Rights (EDRi) submitted its answer to the European Commission’s consultation on the AI White Paper. On top of our response, in our additional paper we outline recommendations to the European Commission for a fundamental rights- based AI regulation. You can find our consultation response, recommendations paper, and answering guide for the public here.
How to ensure a “trustworthy AI” has been highly debated since the European Commission launched its White Paper on AI in February this year. Policymakers and industry have hosted numerous conversations about “innovation”, “Europe becoming a leader in AI”, and promoting a “Fair AI”.
Yet, a “fair” or
“trustworthy” artificial intelligence seems a far way off. As
governments, institutions and industry swiftly move to incorporate
AI into their systems
concerns remain as to how these changes will impact people, democracy
and society as a whole.
EDRi’s response outlines the main risks AI poses for people, communities and society, and outlines recommendations for an improved, truly ‘human-centric’ legislative proposal on AI. We argue that the EU must reinforce the protections already embedded in the General Data Protection Regulation (GDPR), outline clear legal limits for AI by focusing on impermissible use, and foreground principles of collective impact, democratic oversight, accountability, and fundamental rights. Here’s a summary of our main points.
Put people before
A ‘human centric’ approach to AI requires that considerations of safety, equality, privacy, and fundamental rights are the primary factors underpinning decisions as to whether to promote or invest in AI.
the European Commission’s
White Paper proposal takes as a point of a departure the inherent
economic benefits of promoting AI, particularly in the public sector.
Promoting AI in the
public sector as a whole, without requiring scientific evidence to
justify the need or the purpose of such applications in some
potentially harmful situations, is likely to have the most direct
consequences on everyday peoples’ lives, particularly on
Despite wide ranging applications that could advance our societies (such as some uses in the field of health), we have also seen the vast negative impacts of automated systems at play at the border, in predictive policing systems which exacerbate overpolicing of racialised communities, in ‘fraud detection’ systems which target poor, working class and migrant areas, and countless more examples [link to explainer]. All such examples highlight the potentially devastating consequences AI systems can have in the public sector, contesting the case for ‘promoting the uptake of AI.’ These examples highlight the need for AI regulation to be rooted in a human-centric approach.
The development of artificial intelligence technology offers huge potential opportunities for improving our economies and societies, but also extreme risks. Poorly-designed and governed AI will exacerbate power imbalances and inequality, increase discrimination, invade privacy and undermine a whole host of other rights. EU legislation must ensure that cannot happen. Nobody’s rights should be sacrificed on the altar of innovation.
said Chris Jones, Statewatch
collective harms of AI
The vast potential scale and impact AI systems challenges existing conceptions of harm. Whilst in many ways we can view the challenges posed by AI as fundamental rights issues, often the harms perpetrated are much broader, disadvantaging communities, economy, democracy and entire societies. From the impending threat of mass surveillance as a a result of biometric processing in publicly-accessible spaces, to the use of automated systems or ‘upload filters’ to moderate content on social media, to severe disruptions to the democratic process, we see the impact goes far beyond the level of the individual. One specificity of regulating AI is the need to address societal-level harms.
harms by focusing on impermissible
Just as the problems
with AI are collective and structural, so must be the solutions. The
European Commission’s White Paper outlines some safeguards to
address ‘high-risk’ AI, such as training data to correct for bias
and ensuring human oversight. Whilst these safeguards are crucial,
they will not address the irreparable harms which will result from a
number of uses of AI.
“The EU must move beyond technical fixes for the complex problems posed by AI. Instead, the upcoming AI regulation must determine the legal limits, impermissible uses or ‘red-lines’ for AI applications. This is a necessary step for a people-centered, fundamental rights-based AI”
says Sarah Chander, Senior Policy Adviser, EDRi.
The EDRi network lists some of the impermissible uses of AI:
indiscriminate biometric surveillance and biometric capture and processing in public spaces1
use of AI to solely determine access to or delivery of essential public services (such as social security, policing, migration control)
uses of AI which purport to identify, analyse and assess emotion, mood, behaviour, and sensitive identity traits (such as race, disability) in the delivery of essential services
autonomous lethal weapons and other uses which identify targets for lethal force (such as law and immigration enforcement)
“The EU must ensure that states and companies meet their obligations and responsibilities to respect and promote human rights in the context of automated decision-making systems. EU institutions and national policymakers must explicitly recognise that there are legal limits to the use and impact of automation. No safeguard or remedy would make indiscriminate biometric surveillance or predictive policing acceptable, justified or compatible with human rights”
said Fanny Hidvegi, Europe Policy Manager at Access Now
democratic oversight for AI in the public sphere
The rapidly increasing deployment of AI systems presents a major governance issue. Due to the (designed) opacity of the systems, the complete lack of transparency from governments when such systems are deployed for use in public, essential functions, and the systematic lack of democratic oversight and engagement – AI is furthering the ‘power asymmetry between those who develop and employ AI technologies, and those who interact with and are subject to them.’2
As a result, decisions impacting public services will be more opaque, increasingly privately owned, and even less subject to democratic oversight. It is vital that the EU’s regulatory proposal on AI addresses this – implementing mandatory measures of democratic oversight for the procurement and deployment of AI in the public sector and essential services. More, the EU must explore methods of direct public engagement on AI systems. In this regard, authorities should be required to specifically consult marginalised groups likely to be disproportionately impacted by automated systems.
strongest possible fundamental rights protections
Regulation on AI must reinforce, rather than replace, the protections already embedded in the General Data Protection Regulation (GDPR). The European Commission has the opportunity to complement these protections with safeguards for AI. To put people first and provide the strongest possible protections, all systems should complete mandatory human rights impact assessments. This assessment should evaluate the collective, societal, institutional and governance implications the system poses, and outline adequate steps to mitigate this.
“The deployment of such systems for predictive purposes comes with high riskson human rights violations. Introducing ethical guidelines & standards for the design and deployment of these tools is welcome, but not enough. Instead, we need the European Union and Member States to ensure compliance with the applicable regulatory frameworks, and draw clear legal limits to ensure AI is always compatible with fundamental rights.”
says Eleftherios Chelioudakis – Homo Digitalis
EDRi’s position calls for fundamental rights to be prioritised in the regulatory proposal for all AI systems, not only those categorised as ‘high-risk’. We argue AI regulation should avoid creating loop-holes or exemptions based on sector, size of enterprise, or whether or not the system is deployed in the public sector.
“It is crucial for the EU to recognize that the adoption of AI applications is not inevitable. The design, development and deployment of systems must be tested against human rights standards in order to establish their appropriate and acceptable use. Red lines are thus an important piece of the AI governance puzzle. Recognizing impermissible use at the outset is particularly important because of the disproportionate, unequal and sometimes irreversible ways in which automated decision making systems impact societies.”
said Vidushi Marda, Senior Programme Officer, at ARTICLE 19
The rapid uptake of AI will fundamentally change our society. From a human rights’ perspective, AI systems have the ability to exacerbate surveillance and intrusion into our personal lives, fundamentally alter the delivery of public and essential services, vastly undermine vital data protection legislation, and disrupt the democratic process.
For some, AI will mean reinforced, deeper harms as such systems feed and embed existing processes of marginalisation. For all, the route to remedies, accountability, and justice will be ever-more unclear, as this power asymmetry further shifts to private actors, and public goods and services will be not only automated, but privately owned.
There is no “trustworthy AI” without clear red-lines for impermissable use, democratic oversight, and a truly fundamental rights-based approach to AI regulation. The European Union’s upcoming legislative proposal on artificial intelligence (AI) is a major opportunity change this; to protect people and democracy from the escalating economic, political and social issues posed by AI.
In EDRi’s series on COVID-19, COVIDTech, we will explore the critical principles for protecting fundamental rights while curtailing the spread of the virus, as outlined in the EDRi network’s statement on the virus. Each post in this series will tackle a specific issue about digital rights and the global pandemic in order to explore broader questions about how to protect fundamental rights in a time of crisis. In our statement, we emphasised that “measures taken should not lead to discrimination of any form, and governments must remain vigilant to the disproportionate harms that marginalised groups can face.” In this third post of the series, we look at surveillance – situating the measures in their longer term trajectory – particularly of marginalised communities.
One minor highlight in this otherwise bleak public health crisis is that privacy is trending. Now more than ever, conversations about digital privacy are reaching the general public. This is a vital development as states and private actors pose ever greater threats to our digital rights in their responses to COVID-19. The more they watch us, the more we need to watch them.
however, is that these debates have siphoned this new attention to
privacy into a highly technical, digital realm. The debate is
dominated by the mechanics of digital surveillance, whether we should
have centralised or decentralised contact
tracing apps, and how zoom
traces us as we work, learn and do yoga at home.
Although important, this is only a partial framing of how privacy and surveillance are experienced during the pandemic. Less prominently featured are the various other privacy infringements being ushered in as a result of COVID-19. We should not forget that for many communities, surveillance is not a COVID-19 issue – it was already there.
The other sides of COVID surveillance
Very real concerns about digital measures proposed as pandemic responses should not overshadow the broader context of mass-scale surveillance emerging before our eyes. Governments across Europe are increasingly rolling out measures to physically track the public, via telecommunications and other data, without explicit reference to how this will impede the spread of the virus, or when the use and storage of this data will end.
are also seeing the emergence of bio-surveillance
dressed in a
public health response’s
government’s app mandating the use of geo-located selfies, to
of using facial biometrics to create immunity
passports to facilitate the return of of workers in the UK,
governments have, and will continue to, use the pandemic as a cover
to get into our homes, and closer to us.
Yet, less popular in media coverage are physical surveillance techniques. Such measures are – in many European countries – coupled with heightened punitive powers for law enforcement. Police have deployed drones in France, Belgium and Spain, and communities in cities across Europe are feeling the pressure of increased police presence in their communities. Heightened measures of physical surveillance cannot be accepted at face value or ignored. Instead, they must be viewed in tandem with new digital developments.
Who can afford privacy?
These measures are not neutrally harmful. In unequal societies, surveillance will always target racialised1 people, migrants, and the working classes. These people bear the burden of heightened policing powers and punitive ‘public health’ enforcement – being more likely to need to leave the house for work, take public transport, live in over-policed neighbourhoods, and in general be perceived as suspicious, criminal, necessitating surveillance.
This is a privacy issue as much as it is about inequality. Except, for some, the consequences of intensified surveillance under COVID-19 means heightened exposure to the virus through direct contact with police, increased monitoring of their social media, the anxiety of constant sirens, and in the worst cases, the real bodily harm of police brutality.
This vulnerability is economic, too – for many, privacy is a sparse commodity.It is purchased by those who live in affluent neighbourhoods, by those with ‘work from home’ jobs. Those who cannot afford privacy in this more basic sense will, unfortunately, not be touched by debates about contact tracing. For many, digital exclusion means that measures such as contact-tracing apps are completely irrelevant. Worse, if future measures in response to COVID-19 are designed with the assumption that we all use smart phones, or have identity documents, they will be immensely harmful.
These measures are being portrayed as ‘new’, at least in our European ‘liberal’ democracies. But for many, surveillance is not new. Governmental responses to the virus have simply brought to the general public a reality reserved for people of colour and other marginalised communities for decades. Prior to COVID-19, European governments have deployed technology and other data-driven tools to identify, ‘risk-score’ and experiment on groups at the margins, whether by way of predicting crime, forecasting benefit fraud, or assessing whether or not asylum applicants are telling the truth by their facial movements.
need to integrate these
experiences of surveillance into the mainstream privacy debate. These
have been sidelined
away with the
logic of individual responsibility. For
a public debate on technology and surveillance of marginalised
communities, one participant swiftly
moved the conversation away from police
asked the room of anti-racist activists
everybody here use a VPN?”
Without a holistic picture of how surveillance affects people differently – the vulnerabilities of communities and the power imbalances that produce this – we will easily fall into the trap that quick fix solutions can guarantee our privacy, and that surveillance can be justified.
Is surveillance a price worth paying?
If we don’t root our arguments in people’s real life experiences of surveillance, not only do we devalue the right to privacy for some, but we also risk losing the argument to those who believe that surveillance is a price worth paying.
This narrative is a direct consequence of an abstract, technical and neutral framing of surveillance and its harms. Through this lens, infringements of privacy are minor, necessary evils. As a result, privacy will always lose the the false ‘privacy vs health’ trade-off. We should challenge the trade-off itself, but we can also ask: who will really will pay the price of surveillance? How do people experience breaches of privacy?
Another question we need to ask is who profits from surveillance? Numerous companies have shown their willingness to enter public-private alliances, using COVID-19 as the opportunity to market surveillance based ‘solutions’ to issues of health (often with dubious claims). Yet, again, this is not new – companies like Palantir, contracted by the UK government to process confidential health data during COVID-19, have a much longer-standing role in the surveillance of migrants and people of colour and facilitating deportations. Other large tech companies will use COVID-19 to continue their expansion into areas like ‘digital welfare’. Here, deeply uneven power relationships will be further cemented with the introduction of digitalised tools, making them harder to challenge and posing ever greater risks to those who rely on the state. If unchallenged, this climate of techno-solutionism will only increase the risk of new technology testing and data-extraction from marginalised groups for profit.
A collective privacy
There is a danger to viewing surveillance as exceptional; a feature of COVID-19 times. It suggests that protecting privacy is only newsworthy when it is about ´everyone’ or ‘society as a whole’. What that means, though is that actually we don’t mind if a few don’t have privacy.
Surveillance measures and other threats to privacy have countless times been justified for the ‘public good’. Privacy – framed in abstract, technical and individualistic terms – simply cannot compete, and ever greater surveillance will be justified. This surveillance will be digital and physical and everything in between, and profits will be made. Alternatively, we can fight for privacy as a collective vision – something everybody should have. Collective privacy is not exclusive or abstract – it means looking further than how individuals might adjust their privacy settings, or how privacy can be guaranteed in contact tracing apps.
of privacy means
contesting ramped-up police
use of marginalised groups as guinea pigs for
digital technologies, as
well as ensuring new
technologies have adequate privacy protections.
It also requires
us to think about who will
be the first to feel the
impact of surveillance? How do we support
them? To answer these
questions, we need to recognise
surveillance in all its manifestations, including way
before the outbreak of COVID-19.