freedom of expression

Freedom of expression is one of the key benefits of the digial era. The global information society permits interaction on a scale that was previously unheard of – promoting intercultural exchange and democracy. Consequently, the protection of this freedom is central to much of EDRi’s work.

04 Feb 2016

EDRi co-hosts the Privacy Camp, 26 January 2016


In the run up to CPDP conference in Brussels, civil society groups met at the fifth annual Privacy Camp to exchange views and develop new strategies. This year’s conference took place under the title “The Multiple Ways of (De/Self)-Regulation: What is at stake for Human Rights?” and included various panels and speakers from around the EU and the US involved in privacy activism. For those who missed it, we’ve provided an overview of the sessions (conference programme) below.

9:30-11:00 Opening session: Lobby X-Factor

Judges: Jennifer Baker (independent EU tech journalist), Olivier Hoedemans (Corporate Europe Observatory) and Cristian Bulumac (EU Parliament, Greens/NGL). Candidates: Raegan MacDonald (Mozilla), Walter van Holst (Vrijschrift), Joe McNamee (EDRi). Moderator: Rocco Bellanova (USL-B)

Privacy Camp kicked off with the greatest game show in the world: Lobby X-Factor. Three high-powered jury members, three world-class privacy pundits, and one proposed amendment to EU law. In order to determine an undisputed champ of EU privacy lobbying, candidates were challenged to persuade the jury of a proposal: let’s force all visitors to the Middle East to wear a tracking bracelet which uploads a selfie to a law enforcement app once per day.

Our host Rocco Bellanova first introduced the jury, composed of none other than Jennifer Baker, Olivier Hoedemans and Cristian Bulumac. Not easily impressed, it was clear from the start that contestants would have to bring their A-game to convince the Eurobubble veterans.

First off was Joe McNamee, who employed a broad range of tried-and-tested lobbying tactics. From bribing his targets with chocolate and alluding to comfy career opportunities, to simply shouting the word ‘freedom’, it was clear that Joe knew all the tricks in the lobbying book.


Raegan MacDonald displayed a markedly different style which one might call the ‘classic’ lobbying approach. The audience was amazed at her effortless stroll through the Brussels Bullshit Bingo, eliciting ‘oohs’, ‘ahs’, and riotous applause with each successive reference to synergy, stakeholders, security and innovation.

Walter van Holst took a maverick approach by focusing above all on unflinching honesty. He laid himself bare, explaining how his mortgage financing troubles had left him with no loyalty other than to his employer – therefore, the ideal lobbyist.

After tallying votes from the audience and jury members, it was Joe McNamee who took home the prize. We look forward to next year’s Privacy Camp to see if anyone dare take on our champ. Following a brief award ceremony, the participants also reflected on the real-world lessons to be learned from this experience. Bulumac noted how different strategies might be needed for different ‘targets’: while Joe’s Silicon Valley rhetoric might be able to charm assistants and younger staff, he believed that Raegan’s tried-and-tested buzzwords were unbeatable when it comes to persuading MEPs themselves. Clearly, the X-Factor was not just humorous (and dare we say glamorous?), but also educational.

11:30-12:45 Safe Harbor 2.0: a stillborn project?

Moderation: Diego Naranjo (EDRi). Speakers: Gloria Gonzalez Fuster (Vrije Universiteit Brussel), Laurent Lim (CNIL) and Marc Rotenberg (EPIC).

Following a brief introduction by Diego Naranjo, Laurent Lim kicked off the discussion by describing CNIL’s activities with regard to the Safe Harbour and international data transfers since the Schrems-decision. He also mentioned his personal skepticism of the Commission’s proposed reforms and the current viability of available alternatives (standard contractual clauses and binding corporate rules). Marc Rotenberg underlined Laurent’s conclusions by describing the shortcomings of US law in relation to international transfers. Gloria shared her experiences from visiting the US and the significance of the Schrems ruling in European law. After these opening marks, the floor was opened for discussion with the audience.

Both Laurent and Marc shared the sentiment that reaching an agreement before 1 February seemed unlikely of not impossible. “It’s too late now, the clock has run out”, Marc said. “The necessary reforms won’t happen before Tuesday. I won’t even have done my laundry before then”. EDRi can’t speak to the current status of Marc’s laundry, but he and Laurent have certainly been proven right on the lack of substantive legal reform. Laurent also added that, in his personal view, following the previous three month grace period, the question of enforcement has also become a ‘matter of credibility’ for DPAs and data protection law.

Another point of discussion was the differences in public perception between the US and the EU. Marc emphasised the converging trends in this field, debunking the conventional wisdom that Americans are freedom-oriented and Europeans are dignity-oriented. Gloria added, however, that Europeans continued to see privacy and data protection as universal rights, whereas Americans appear more amenable to exceptionalism approaches.

The panel also discussed the responsibilities and discretion of DPAs in handling complaints. From the audience, Max Schrems commented that the CJEU did not rule on this issue in his case. Marc, however, suggested that a duty to handle this complaint is implied by the logic of the judgment. While no consensus was reached on this point, it was suggested that Commission investigations might provide an impetus for more active enforcement at national level, especially in light of the hundreds of complaints launched against the Irish Data Protection Commissioner.

Finally, the issue of data localisation was raised. The panellists quickly agreed to refrain from using the unhelpful term ‘balkanisation’ and also that this trend would not in any way ‘break the internet’. Gloria noted that localisation does not generally yield concrete results for the protection of privacy, but that it can be a useful bargaining tool when negotiating with US legislators. Marc echoed this notion, stating that localisation can have a ratcheting effect on levels of privacy protection.

11:30-12:45 TTIP, TiSA, CETA and Co.:Trade agreements and digital rights

Moderation: Maryant Fernández Pérez (EDRi) Speakers: Walter van Holst (Vrijschrift), Ralf Bendrath (European Parliament, Policy Advisor), Jan-Willem Verheijden (EU Commission, Trade in Services Unit, DG Trade), Delphine Misonne (USL-B)

The panel discussed the main issues of trade agreements (in particular TTIP, TiSA, CETA) and their impact on digital rights.

Jan-Willem Verheijden, EU Commission Trade Official, opened the debate. Referring to TTIP and TiSA, he argued that they do not include the protection of personal data and do not affect data protection laws. From his point of view, the topic of data protection would not be touched by trade agreements as they deal with fundamental rights, “which are not negotiable”. On the other hand, he observed that data flows are important for the US and EU.

The second panelist was Ralf Bendrath, senior policy advisor to Jan Albrecht MEP. He observed that the protection of personal data is not a trade barrier but a fundamental freedom to be respected. Another important point touched by the MEP policy advisor was that the TiSA general exception based on Article XIV GATS offers insufficient protection for EU data protection rules. He also expressed his dislike of the “national security exceptions” provisioned in TiSA. Furthermore, quoting the draft TiSA text, he was wondering why the Commission chose to copy only parts of the e-Commerce Directive dealing with the topic of spam into the agreement, instead of the entire section.

Walter van Holst then took the floor and highlighted various concerns to civil society, including cryptographic standards and software source code disclosure requirements bans before moving on to more general issues. He questioned the validity of touching so many regulatory areas through secretly negotiated, take-it-or-leave-it trade agreements. Especially topics like ISDS (Investor State Dispute Settlement) and the proposed regulatory cooperation touch the fundamentals of our democracies and the rule of law. When the discussion arose about the necessity of multilateral or bilateral agreements instead of the existing GATT-frameworks, he pointed out that this had mostly to do with Brazil, India and China rightfully refusing to adopt US and EU-style IPR-legislation from which they have nothing to gain.

The final word was given to Delphine Misonne (USL-B researcher). In relation to TTIP, she criticised the ISDS system and stressed that the perceptions of the agreements’ issues are very different on both sides of the Atlantic. Having focused her academic research on environmental law, she also underlined that, regarding TTIP, there is a lack of public debate on environmental issues.

14:00-15:30 – Litigation activism and its future

Moderation: Ulf Buermeyer (Berlin Superior Court and CIHR). Speakers: Max Schrems (Europe vs Facebook), Adrienne Charmet (LQDN), Gus Hosein (Privacy International).

The panellists’ introductory remarks focused on their respective experiences with litigation activism. Common ground soon emerged, with the speakers stressing the high workload and related costs associated with litigation, and the importance of finding lawyers willing to provide expertise to help build a case. Gus Hosein added how Privacy International had benefited greatly from the the strong tradition of pro bono work in Anglo-saxon law firms.

A central theme was the importance of communications and PR throughout the litigation process. Gus warned against ‘hollow victories’; without the support of public opinion, favourable judgments may fail to lead to needed reforms – as occurred with the ECHR’s decision on prisoner voting rights in Hirst v UK. Max was praised for his effective communications strategies such as distributing FAQs to journalists directly after the judgment – in Gus’ words: ‘simple, correct, sexy’. Max advised to draft various statements in preparation for various possible outcomes. He also added that targeting large, popular companies is helpful in generating media attention, since journalists are eager to write on such issues. Adrienne described La Quadrature’s success with amicus curiae briefs to the Conseil d’Etat, for which they had crowd-sourced comments and feedback from over 500 participants.

The discussion also turned to the United States, where NGOs appear to litigate more actively. To explain this activity, US activist Marc Rotenberg (EPIC) pointed to the beneficial cost apportionment rules in the US which allow each side to bear its own costs (as opposed to the loser pays principle common in Europe). He also stressed the efficacy of amicus curiae briefs. However, downsides of the US system included the comparative difficulty of suing companies outside of a class action context, and the distribution of class action damages to non-neutral NGOs under the cy-près doctrine.

Other themes throughout the panel included the difficulty of finding lawyers trained in privacy and data protection law (and who don’t work ‘for the other side’); the balance between litigation before national courts and European courts; and the advantages brought by the General Data Protection Regulation regarding damage rules, collective redress and direct access to the CJEU.

The panel also discussed possible next steps in strengthening European litigation activism. They stressed the importance of international exchange and communication and combining resources from various actors. This could include technical expertise from the hacker community, litigation experience from professional lawyers, specialist legal knowledge from privacy activists and the financial means of larger NGOs such as consumer organisations. The need for a coordinating hub or network at European level was mentioned repeatedly. At these points, many eyes turned towards EDRi’s representatives in the room, although it was also acknowledged that these activities would involve a serious workload and require serious investments.

14:00-15:30 – Technology, regulation,…: What response to mass surveillance? (privacy by design & by default, obfuscation)

Moderation: Rocco Bellanova(USL-B and PRIO) Speakers: Eleanor Saitta (OpenITP and IMMI), Jérémie Zimmermann (La Quadrature du Net), Julia Powles (University of Cambridge and the Guardian)

The afternoon panel focused on mass surveillance and the possible responses to it. Eleanor Saitta spoke first. She argued that regulation is a key instrument and a cost driver (in other words, it can make surveillance more expensive) as it can lead companies towards different business models. Regulation is also important for innovation, and has a very critical role in preserving our freedom to build solutions that prevail on surveillance. In this sense, regulation is a tool that could be useful, as it gets market to build infrastructures. Julia Powles, (the Guardian and University of Cambridge) agreed on this point, as to her it is really important that regulation could lead the way to technology.

Jeremie Zimmermann intervened in the discussion. In his opinion, the topic of mass surveillance represents a collective failure. The failure consists in the fact that, after two years since Snowden’s revelations no one dared to bring legal action against the Safe Harbour agreement (only a student had this idea). A second failure is the battle for convincing inside and outside the institutions that privacy matters: “we may somehow give up on this elaborate bourgeois problem” and try to elaborate different communication strategies. We should pay attention on the concept of intimacy, which is different from the concept of privacy. Building on this, another failure enumerated by Jeremie Zimmermann was the fact that privacy campaigns did not reach the public in an extensive manner. Talking about regulation and technology is not sufficient, and a more cultural approach would be needed.

16:00-17:30 – Closing Session: New surveillance laws in the wake of Charlie Hebdo and 13/11

Moderation: Estelle Massé (Access) Speakers: Ton Siedsma (Bits of Freedom), Jim Killock (OpenRights Group), Anna Biselli (Digitale Gesellschaft) , Agnès de Cornulier (La Quadrature), Jesper Lund (IT-Pol)

The closing session aimed to create a dialogue on new surveillance laws in the wake of Charlie Hebdo and 13/11 events. The panel gathered NGOs representatives from Bits of Freedom, Open Rights Group, Digitale Gesellschaft, La Quadrature, and IT-Pol. With this composition, the panel was intended for NGOs to share their views on possible next steps for joint campaigning on the issue of mass surveillance.

Agnès de Cornulier, representative of the French association La Quadrature du Net, took the floor first. She explained how 2015 was a black year for freedoms in France: many security measures were enacted, and the state of emergency has been unreasonably prolonged. Particularly, Agnès focused on the proposed bill on the state of emergency, expressing her concerns regarding measures for police searches of electronic devices, Internet censorship and freedom of association.

Ton Siedsma then explained the current situation in Netherlands, following Minister Ronald Plasterk’s proposal amending the Dutch Intelligence and Security Act of 2002. He also pointed out that Bits of Freedom created an online consultation tool in order to help citizens respond the public consultation on the security bill.

Jesper Lund spoke about the mass surveillance situation in Denmark, referring in particular to the Danish anti-terror proposal issued on 19 February 2015 and the new Danish PNR proposal.

The situation in Germany was covered by Anna Biselli, from Digitale Gesellschaft. First, she talked about the German political situation that led to the data retention bill proposal on June 2015. Secondly, she added that a new draft legislation on public secret services should be announced by the first days of February 2016. Digitale Gesellschaft is waiting for it in order to analyse its contents.

(Contribution by Elisabetta Biasin and Paddy Leersen, EDRi interns)

04 Feb 2016

Press release: TiSA negotiations: the European Parliament’s strong position

By Maryant Fernández Pérez

On 3 February 2016, the European Parliament gave its opinion to the European Commission on what to do and what not to do with regard to the Trade in Services Agreement (TiSA). The European Commission is in charge of conducting the negotiations on behalf of the European Union. At the end of the negotiation process, the European Parliament only gets to give a final “yes” or “no” to trade agreements. Therefore, the European Parliament usually states its opinion and recommendations on trade agreements via non-legislative resolutions. In principle, this allows European Commission negotiators to know what elements of a deal would be likely to lead to rejection.

We are pleased that, on a broad range of digital issues, the European Parliament is in line with EDRi’s position on TiSA. As the various leaks show, the European Commission’s views differ from those of the European Parliament in some key aspects.

said Joe McNamee, Executive Director of European Digital Rights.

These Parliament’s recommendations have been adopted at a right time, as the Commission is currently negotiating with the other 22 Parties to TiSA on some sensitive issues. EDRi welcomes and highlights the Parliament’s recommendations on:

  • transparency of the negotiations;
  • data protection in the context of data flows and the often confused issue of “data localisation”;
  • national security exceptions;
  • net neutrality and
  • net competition.

The European Parliament followed the recommendations of the International Trade Committee (INTA) and barely changed its proposed report. Some amendments passed, adding some points, such as the need for a mechanism to suspend or reverse commitments.

As EDRi welcomes the Parliament’s recommendations on TiSA and urges the European Commission to respect it fully, or risk rejection of the entire deal, once it is completed.

Read more:

TiSA resolution: what are you going to do about it? (3.02.2016)

TiSA: European Parliament ready to defend digital rights? (27.01.2016)

EDRi’s position paper on TiSA

TiSA resolution: document pool

03 Feb 2016

TiSA resolution: what are you going to do about it?

By Maryant Fernández Pérez

The Trade in Services Agreement (TiSA) is bizarrely and sadly not subject to the same public debate as other “trade” agreements, such as the Transatlantic Trade and Investment Partnership (TTIP) or the recently concluded Trans-Pacific Partnership (TPP). While some do not find TiSA as “sexy”, it still contains provisions that should deserve all your attention.

Based on the leaked documents and limited public information available, EDRi has elaborated its position on TiSA to make sure digital rights are not forgotten in the discussions and that they can be duly respected. Today, 3rd February, the European Parliament updated its 2013 recommendations to the European Commission, which is ultimately in charge of conducting the negotiations on behalf of the European Union.

The Parliament’s resolution is timely because the 16th round of the TiSA negotiations is taking place this week. According to the European Commission, the negotiators of the 23 Parties to the TiSA are dealing with the subjects of transparency, e-commerce and telecommunications, among others.

According to the European Parliament, the Commission should endeavour to have the “highest level of transparency” and extend the European Ombudsman’s recommendations on transparency to TiSA documents. Interestingly enough, though, TiSA’s (leaked!) annex on Transparency addresses other types of “transparency”. For instance, some countries are proposing to undermine the right to regulate, both in this annex and the (also leaked) annex on Domestic Regulation. On this point, the Parliament is asking the Commission to legally secure the right to regulate, which EDRi welcomes (see p. 4 of our position).

Regarding e-commerce, we highlight the Parliament’s recognition of the value of protecting personal data when transferring data to third countries, which may include local data storage requirements for the specific purpose of data protection, but not forced data localisation. We also welcome the Parliament’s refusal to allow “any backdoors in technologies” or broaden the national security exceptions.

Concerning telecommunications, we highlight the Parliament’s recommendation to promote net competition and to safeguard of net neutrality.

In a nutshell, the Parliament followed the recommendations of the International Trade Committee (INTA), adding some points such as the need for a mechanism to suspend the agreement or reverse commitments. Now the question is whether the European Commission will succeed in integrating the (unfortunately non-binding) Parliament’s recommendations into the final text of TiSA. Amendments to INTA’s report were put forward in plenary to ensure that the EU would withdraw from the negotiations if Parliament’s demands were not met. However, these amendments did not obtain majority, undermining the strength of the message being sent by the Parliament.

The problem with bilateral or multilateral trade agreement negotiations is that you win on something in return for losing on something else. However, we believe the Commission should not use this excuse to disregard the Parliament’s (good!) recommendations on inter alia digital rights. As the UN independent expert Alfred-Maurice de Zayas pointed out, “[t]rade is not an end in itself” and in this sense countries must not “circumvent, undermine or make impossible the fulfilment of [their] human rights treaty obligations”. These include the right to privacy and the freedom of expression and opinion, which are also recognised as such under the EU Charter of Fundamental Rights, together with the fundamental right to data protection and many others.

03 Feb 2016

What’s behind the shield? Unspinning the “privacy shield” spin

By Joe McNamee
  • If there is a deal, why was nothing published?

It is standard practice from the European Commission. When an agreement is reached, the Commission launches a press release, but not the actual agreement. In this way, the Commission can control the amount of information available to journalists and the general public. It then launches the actual document once the press cycle is over and the details are no longer newsworthy.

  • Was there a deal?

Actually, there was no deal. The Commission had to announce something on 2 February in order to prevent regulators from starting enforcement action against companies that were (and, today, still are) transferring data illegally to the United States.

  • Is it strategically wise to announce a deal before discussions have been completed?

For the US, definitely, for the EU, it was strategically disastrous. As the EU has announced a deal, European negotiators have absolutely no leverage in the discussions around the detail of the agreement. Politically, it is impossible for the EU  to reject anything that the US now proposes, because it is politically impossible for the Commission to abandon negotiations after it announced the completion of an agreement.

  • Are there significant questions to be addressed?

Yes. The US was so sure that it would be able to persuade the EU to capitulate in the negotiations that it adopted the flawed “Cybersecurity Act”. Under that legislation, a provision was adopted under which Internet companies (either voluntarily or under coercion) will be able to secretly share personal data with US authorities – in direct contravention of the ruling of the Court of Justice of the EU.  Similarly, the previously announced but unpublished (see the first bullet point, above) Umbrella Agreement is seriously deficient and needs to be re-negotiated before it can be adopted. The EU now has no leverage to demand this. Finally, the crucial Judicial Redress Act has been amended by the US Senate in a way that means that individuals outside the US can only get redress if their government shares enough data with the US authorities.

  • Whose dictionary will be used?

A further major problem with the current approach is that the EU and US have different interpretations of the words being used. Under current US practice, collecting all information related to European citizens does not constitute processing of personal data and is targeted. Under current EU practice, such data collection is processing of personal data and is not targeted.

  • But at least the Commission will review this agreement every year?

Under the illegal Safe Harbor agreement, the European Commission was obliged to present an evaluation by July 2003. It failed to meet this obligation and submitted the evaluation one year and three months after the legal deadline.  Part of the reason for this delay was the effort it took to re-invent the evidence to show that the failing agreement was actually working. The Commission was not held accountable for failing to meet this deadline. Similarly, under the Data Retention Directive, the Commission was obliged to produce an implementation report by 15 September 2010. It finally published its implementation report on 18 April of the following year. The Commission was not held accountable for failing to meet this deadline.

  • But at least the Commission will be able to suspend the agreement if it feels it is not being respected?

When the Commission saw in 2013 that the Safe Harbour agreement was not protecting EU fundamental rights (and as it most probably saw in 2004 also), it could have and should have suspended the agreement at that time. It took the political decision not to do this and was not held accountable for failing in its duties. Having “negotiated” the new “Privacy Shield” agreement, it would politically be even more difficult to suspend the deal. It is simply inconceivable that the Commission would suspend the agreement.

  • But at least there will be no mass surveillance any more?

It is true that some significant reforms have been made in the US – although often fixing quite absurd, undemocratic practices. For example, as a domestic reform, the US authorities have promised not to invent new meanings for legislation after it has gone through the legislative process. However, fundamental problems remain with the key mass surveillance measures, in particular Section 702 of the Foreign Intelligence Surveillance Act (FISA) and Executive Order 12.333. A simple question needs to be asked: if the judicial body tasked with oversight of implementation of FISA can be “systematically misled“, if the author of the PATRIOT Act can complain of that legislation being “abused“, if a group of congressmen can credibly accuse the Director of National Intelligence of “lying to Congress under oath” then what trust can non-US citizens have in letters signed by an outgoing US President?

  • But at least there will be proper oversight of corporate exploitation of our personal data?

Not exactly. If an individual manages to work out what a privacy policy actually means, if that individual then is able to gain an insight into how the data are really being used on the other side of the Atlantic, in a different jurisdiction, they will have some – as yet very unclear – options. The “fact sheet” produced by the Department of Commerce is very disturbing in this regard. While the opening political fluff speaks of “vigorous enforcement”, the text makes no reference to proactive enforcement, referring only – and in very unclear terms – to dispute resolution.


02 Feb 2016

European Commission defence of European rights sinks in an unsafe harbour

By Joe McNamee

Following the decision of the European Court of Justice to overturn the EU/US “Safe Harbor” Agreement last year, EU/US negotiations have been ongoing to reach a new deal, which would facilitate transfer of data across the Atlantic. Having failed to reach an agreement before 1 February, the European Commission today announced plans to back down from defending the European Court’s ruling and to accept a new badly flawed arrangement.

The emperor is trying on a new set of clothes. Today’s announcement means that European citizens and businesses on both sides of the Atlantic face an extended period of uncertainty while waiting for this new stop-gap solution to fail.

said Joe McNamee, Executive Director of European Digital Rights.

Among the proposals are an “exchange of letters” to permit Europe to receive assurances from the outgoing US President that non-US data will be processed in ways that are strictly necessary and proportionate – i.e. not subject to mass surveillance.

The new arrangement will rely on additional legal instruments, which are also likely to fail to achieve their intended goals. At a meeting in the European Parliament last night, Commissioner Jourová was asked repeatedly for her views on flaws in the crucial Judicial Redress Act and the EU/US Umbrella Agreement. She refused to address either problem.

Parliamentarians from across the political spectrum last night repeatedly accused the United States of not taking the negotiations seriously. Seeing fatal problems being built into the Judicial Redress Act, seeing the adoption of the secret data-sharing provisions in the Cybersecurity Act and seeing the lack of any meaningful reforms on the US side, it is hard to disagree.

Read more:

Why is Safe Harbour II such a challenge?

Access Now, EDRi on data protection: “No Safe Harbour 2.0 without reform on both sides of the Atlantic”

01 Feb 2016

EDRi’s work in 2015

By Kirsten Fiedler

Information technology has a revolutionary impact on our society. It has boosted freedom of communication and democracy but has also led to new approaches to surveillance and is increasingly used to impose restrictions on fundamental rights. In the past year, we worked hard to ensure that your rights and freedoms in the online environment are respected when they are endangered by the actions of political bodies or private organisations.

Sadly, 2015 was a year in which our rights and freedoms were endangered on multiple occasions. In response to the terror attacks in Paris, Europe’s governments were quick to react to the tragedy by calling for more surveillance, ignoring the failures of existing measures. At the EU level, this meant the rushing of anti-terror measures (Directive on combating terrorism), a big push for the adoption of the previously rejected proposal for the monitoring of air passengers (EU PNR) and the launch of initiatives to push Internet companies into voluntary censorship measures.

But there were also successes, especially with regard to data protection and the demise of the “Safe Harbor” agreement. Our key campaigns were heavily focused on driving a positive agenda – for a conclusion of the data protection reform package, for the upholding of equal access to the Internet (net neutrality) in Europe, and for a reform of the EU’s outdated copyright framework. For copyright, we want to improve access to knowledge and culture online, thereby indirectly reducing incentives for invasive enforcement mechanisms. We also worked on privatised law enforcement by Internet companies as well as trade agreements (both of which are horizontal topics that touch virtually all digital rights issues).

Last but not least, we’ve been preparing for the future. In March 2015, EDRi’s members agreed on a multi-annual strategy and decided on the organisation’s four key focus areas for the next years (data protection and privacy, surveillance, network neutrality and copyright reform).

You can find the full annual report 2015 here (pdf) and our transparency report there (png). You can also check out our press review 2015, our responses to public consultations last year and, last but not least, you can find a neat overview of our biggest achievements below:

Data protection and privacy
Network neutrality
Copyright Reform
Privatised law enforcement
Trade agreements

Data protection and privacy

Privacy material


Surveillance material

Network neutrality

Our net neutrality material

Copyright Reform

Our copyright reform material

Privatised law enforcement

Our material on privatised enforcement

Trade agreements

Our trade agreements material

  • Document pool on the non-legislative resolution of the EU Parliament
  • Infographic to explain the legislative process of the resolution
  • Two booklets: EDRi’s “Red lines on TTIP” (pdf) and “TTIP and Digital Rights” (pdf)
  • Analysis of amendments tabled in various committees (for ex, in INTA together with BoF)
01 Feb 2016

Why is Safe Harbour II such a challenge?

By Joe McNamee

It seems baffling to many outside the Brussels bubble – and certainly our friends across the Atlantic – that reaching a revised Safe Harbour deal has proved so difficult.

Part of the problem is Europe. The United States was able to negotiate a questionable deal with the EU to gain access to financial transaction data (the TFTP agreement) and only had to deal with a highly deferential letter from Commissioner Malmström when the Snowden revelations indicated that the deal was being abused.

When the United States wanted long-term storage of air passenger data, the EU caved in completely to US demands and agreed to 15-year long data storage. That deal remains in place, despite of being patently illegal – as proven by the fact that the European Court of Justice overturned the EU’s Data Retention Directive and by the fact that the Commission now considers that 5 years of passenger data retention to be sufficient (i.e. if 5 years is enough, 15 years is clearly far too much).

And let’s not forget that the EU also agreed to the original Safe Harbour deal, although many experts believed that it was illegal.

If, over the past 17 years, the EU caved in and accepted a questionable deal on financial data, if it then ignored evidence that the deal was not being respected, if it accepted and still maintains an illegal deal on passenger data, if it accepted the illegal Safe Harbour deal, it would seem entirely rational and logical that the United States would negotiate on the basis that the EU would cave in again.

That assessment appears to be wrong in this case, as the consequences of a deal that fails to respect the law would be felt more quickly and the range of manoeuvre available to the Commission is narrower.  Generally, as we see with Safe Harbour and the Data Retention Directive, for example, it takes so long for the Court to catch up, that the Commissioner responsible will have left office, so there are no political consequences. Safe Harbour is different.

A new illegal deal would have even worse transatlantic consequences than we are facing at the moment, making the consequences more meaningful. Politically, legally and economically, the Commission needs to ensure that it is able to put forward a credible defence before the Court. It would be grossly reckless for the European Commission to treat this as a political negotiation, and up until this weekend, it has laudably not done so.

Furthermore, while the European Commission frequently seeks solace in semantics (“what does ‘genuinely necessary’ really mean?”) in order to avoid fully respecting Court rulings, the Safe Harbour ruling is very clear in not giving room for manoeuvre. Also, due to the inevitability of the Court being asked to rule on any new deal, the scope for the Commission to play for time is severely limited.

This unique situation has led to the two sides in the Safe Harbour II negotiations simply not hearing each other. The United States – logically in the historical context – has been proposing elaborate political spin and elegant, but ultimately specious, explanations of what a deal could look like – in a manner that has always worked before. Meanwhile, the European Commission has been explaining that this negotiation is different. This, too, however, sounds like a negotiating tactic. “Why do they not understand?” both sides ask, infuriated that the other side won’t accept to move forward based on their version of the political and legal context.

As a result, the only possible deal that is immediately available is where the European Commission agrees a politically expeditious but legally untenable deal, creating a time bomb rather than a durable deal, to the benefit of no one. In absence of reforms before an agreement, individuals’ fundamental rights would remain under threat. The political arm wrestling which led us nowhere must end. Discussing legal solutions to a legal problem is the only viable path to agreeing to a robust data transfer agreement.

28 Jan 2016

Digital Single Market: The EU Parliament responds to the Commission


On 19 January 2016, the European Parliament voted to adopt its report “Towards a Digital Single Market Act”. This Resolution is a non-legislative statement, prepared by the Committee on Industry, Research and Energy (ITRE) and the Internal Market and Consumer Protection (IMCO), in response to the European Commission’s Digital Single Market (DSM) strategy presented on 6 May 2015.

While the Commission’s initial DSM Communication was characterised by ambiguities and contradictions,  the IMCO-ITRE draft Report demonstrates a more consistent approach to the matters at hand. The vote by the EU Parliament represents an important stage for the DSM strategy as it has finally expressed its position and recommendations to the Commission.

EDRi already applauded the clarity and adequacy of certain parts of the IMCO-ITRE report. In particular, we welcomed its approach on net neutrality and privatised law enforcement. Nonetheless, the report could have been better vis-à-vis the Commission’s nebulous “free flow of data” initiative and the almost ideological support for the once-only principle related to e-government. The report was barely changed for the vote in Plenary. The amendments adopted applied minor changes to the text on patents and telecom rules on transparency.

As the Parliament’s position is now, in principle, settled, it is time for the Commission to deliver.

After the vote, Commission’s Vice-President for the Digital Single Market Andrus Ansip listed the proposals that the Commission is expected to make in 2016:

  • a proposal for mobile broadband in the telecom reform package in February;
  • a new industrial package in March, dealing with Internet of Things, clouds and Information and Communications Technology (ICT) priority standards;
  • a new action plan for the a new regulation on consumer protection and corporations, which includes provisions on e-commerce and geoblocking;
  • copyright proposals on the improvement of cross-border access to digital content, on exceptions and limitations and on the “follow the money” principle, all in June;
  • a proposal on the role of online platforms in June;
  • a review of the Audiovisual Media-Services Directive (AVMS) also in June;
  • a Satellite and Cable Directive review in June;
  • a cybersecurity proposal in July;
  • a second reform on the Telecom rules and infrastructures also in July;
  • the e-Privacy Directive review in November; and
  • an initiative on the free flow of data, also in November.

The Digital Single Market Strategy has numerous positive aspects, from the moment it identified the key issues for the creation of a Digital Single Market. Nevertheless, it is important that the Commission improves its strategy, putting individuals and their rights at the centre of any proposal they will issue.

Our overview of the Digital Single Market Communication (17.05.2015)

EDRi Briefing on the Draft Report on the Digital Single Market (06.10.2015)

EU Parliamentarians make statement on Digital Single Market (16.12.2015)

IMCO-ITRE Report “Towards a Digital Single Market Act” (14.12.2015) and plenary amendments (13.01.2016)

European Parliament’s Resolution “Towards a Digital Single Market Act” (19.01.2016)


(Contribution by Elisabetta Biasin, Intern at EDRi)

27 Jan 2016

TiSA: European Parliament ready to defend digital rights?

By Maryant Fernández Pérez

On 18 January 2016, the European Parliament’s International Trade Committee (INTA) adopted a non-legislative report, that will be subject to a vote by the whole Parliament on 3 February 2015.

Similar to TTIP, harsh criticism has been expressed on the nature and content of the TiSA negotiations. While the INTA committee remained silent about certain points of concern for digital rights, such as access to open source code, INTA’s report on TiSA complies with EDRi’s position on TiSA.

................................................................. Support our work - make a recurrent donation! .................................................................

In relation to transparency, the INTA committee asked the European Commission to ensure the “highest level of transparency” and bring negotiations in line with the recommendations of the European Ombudsman on TTIP.

In terms of content, EDRi highlights three recommendations:

First, it is outstanding that the report rightly emphasises the need to meaningfully respect the right to regulate.TiSA is being negotiated formally since March 2013 by 23 members of the World Trade Organisation (WTO). The European Union, as one of those members, is being represented by the European Commission. However, the European Parliament’s approval is required for the agreement to enter into force. Before reaching that stage, the European Parliament usually states its opinion and recommendations on trade agreements via non-legislative resolutions. 3 February will be the second time the Parliament adopts a position on TiSA.

Secondly, EDRi welcomes the INTA’s approach vis-à-vis data protection as a fundamental right. For example, the report asks for a strong horizontal exception on data protection “without any condition that it must be consistent with other parts of the TiSA”. Likewise, INTA did not confuse local data storage requirements for specific purposes, such as data protection, which is in compliance with EU law, with forced “data localisation”. Fortunately, INTA asks the Commission to ban the latter and not the former.

Thirdly, the report recognises that net neutrality (and the “open Internet”) must be safeguarded.

TiSA is being negotiated formally since March 2013 by 23 members of the World Trade Organisation (WTO). The European Union, as one of those members, is being represented by the European Commission. However, the European Parliament’s approval is required for the agreement to enter into force. Before reaching that stage, the European Parliament usually states its opinion and recommendations on trade agreements via non-legislative resolutions. 3 February will be the second time the Parliament adopts a position on TiSA.

EDRi position on TiSA (January 2016)

INTA Report on European Parliament’s recommendations on TiSA (25.01.2016)

TiSA Resolution: document pool (07.12.2015)

European Ombudsman does not see sufficient transparency in TTIP (14.01.2015)

(Contribution of Maryant Fernández, EDRi)



27 Jan 2016

Academics under attack in Turkey

By Guest author

1128 academics from Turkish universities signed an open letter urging the government to stop using curfews to facilitate the violence ongoing for weeks in Kurdish towns. The number of local signatories increased to 2212 by 20 January 2016, including 30 Nobel Prize winners. Moreover, the letter heading “We Will Not Be A Party To This Crime” was also supported by 2279 academics from abroad.

................................................................. Support our work - make a recurrent donation! .................................................................

In response, President Erdoğan publicly denounced the signatories as “nefarious”. Pro-government organisations were accused of starting a smear campaign against them. In addition to an immediate threat of prosecution and
sacking from their institutions through disciplinary processes, the academics face possible physical harm from ultra-right organisations and pro-government groups who openly urge followers on mass and social media to “spill blood”.

The requests for removal of such hate speech has been denied by Facebook and Twitter. Alternative Informatics Association sent the following letter to the management of these companies:

“Following the announcement of the Peace Declaration by BAK (Barış İçin Akademisyenler – Academics for Peace, which was signed by many academics and colleagues in diverse localities and universities in Turkey and abroad), a considerable number of hate groups have appeared which identify the academics not the only through their social media profiles, but also their academic titles and universities. A close monitoring of these hate groups’ online activities and false campaigns include devastating cases of defamation and
life-threatening insults on a huge scale. These hate speech alerts cause student revolts against their mentors/tutors, and further create threatening conditions as catalysts for direct targeting of academics.

Faced with this dramatic situation, experts and practitioners in the field including our own members have filed complaints against the main cases of such discriminatory content and hate speech using the interface of your website; however your Management has consistently claimed that there is no basis for complaint/s.

It is a well-known fact that such negative content fuels hate speech against targeted groups, encourages further oppression, legitimises and spreads potential crime. Furthermore, viral content featuring physical assault in university offices of academics, instances of obstruction causing physical and/or psychological damage can also
spread and be legitimised.

With all these concerns in mind, we believe that the targeting of these individuals and legitimising of hate crime with multimedia content on your website may cause serious and massive public harm. As a final significant note, posing as the grey line that cuts across freedom of speech and hate speech, such content may be the basis for hate crime/s. The shared content and posts by these groups already feature instances of “causing harm to property” which is the preliminary stage of hate crime. We call upon your Management to act more sensitively against these mobs that incite hate crime and take mitigating action/s that includes removal of content based on complaints, suspension of individual and/or group accounts pages where necessary.

Alternative Informatics Association”

“We Will Not Be A Party To This Crime” text in several languages and the
list of local signatories:

Supporting academics from abroad:

Announcements and news:
Amnesty International: Turkey: Detention of academics intensifies crackdown on freedom of expression (15.01.2016)

Pen International: Turkey: Arrest of Academics is an Unacceptable Violation of Freedom of Expression (15.01.2016)

European Union – External Action: Statement by the Spokesperson on the situation in the Southeast of Turkey and steps taken against a group of academics (16.01.2016)

The Guardian: Turkey rounds up academics who signed petition denouncing the attacks on kurds (15.01.2016)