A measure which would be illegal if implemented by a government should also be illegal if implemented by industry as a “voluntary” measure, as a result of government pressure or for public relations or anti-competitive reasons. However, as key international legal instruments, such as the European Charter of Fundamental Rights and the European Convention on Human Rights, as well as national constitutions are binding for states and governments, they are not directly applicable to other entities, such as private companies. As a result, there is a major trend towards governments persuading or coercing companies to impose restrictions on fundamental freedoms under the guise of “self-regulation,” thereby circumventing legal protections.

27 Jul 2016

Turkey: “The worst menace to society” helps to defeat the coup

By Guest author

On 15 July 2016, coup d’état attempt against the Turkish government took place. Although tension in Turkey gradually escalated in the first half of 2016, nobody expected a military coup.

The news about the the blocking of the bridges over the Bosphorus strait quickly spread via social media at about 10 pm in the evening of 15 July. One hour later the coup announcement was read in state TV, which was controlled by the troops. However, the announcement did not give much information about the forces behind the attempt.

................................................................. Support our work - make a recurrent donation! .................................................................

Starting at around 11pm, the internet appears to have been slowed down by bandwidth throttling, to the point that it was practically impossible to access social media websites. There are also unconfirmed reports claiming that throttling was applied to not only major social media sites, but also to other sites such as news portals. However, it is not clear whether access difficulties to the news sites stemmed from deliberate throttling or from a surge in overall traffic. Throttling is normally done by the Union of Internet Service Providers (BSE) on the order of the Turkish Telecommunications Authority (TIB). However, it is not clear whether at that point the government or rebel soldiers controlled the TIB and the BSE. By the time the throttling started, TV stations started reporting about the coup.

President Erdogan, who was in a coastal town for holidays appeared on a TV channel via the Facetime videotelephony tool, which was provided to him by a journalist. He called his supporters to take to the streets and resist the coup. He claimed his former ally and current rival Fethullah Gülen, a Muslim preacher, to be the mastermind of the coup attempt. Gülen, however, denied any involvement.

The coup attempt appeared to be an old-fashioned one – it did not take internet technology into consideration. The forces behind the coup gained control of the state TV, and lost it to the government forces after midnight. By that time, Erdogan’s supporters flocked to the streets, and almost all TV channels started broadcasting against the coup. The government ordered the 85 000 mosques in the country to send a message from their loudspeakers, denouncing the coup and calling people to the streets.

At about 1.30am an unlikely and unprecedented event – in Turkish conditions – occurred: The internet throttling was removed and all web sites became freely accessible. It appears highly probable that this action was taken by the TIB and the BSE which were under the government control at that time. It seemed that the government realised that the same social media it had been speaking against since the Gezi uprising could actually be a decisive weapon at that crucial point.

The footage circulating in the social media appears to have had a huge psychological effect, giving the advantage to the opposition to the coup, and leaving the coup leaders to a weaker position. The soldiers supporting the coup seemed to be confused and disoriented by the masses of people filling the streets to oppose the coup.

Claiming that it was the social media that caused the defeat of the coup would be exaggerating. The main reason the coup failed was the lack of social support. The role of the social media and the internet was, however, very noteworthy. Even if the coup started successfully, it was not long before the resistance against the coup began. With little support from the population, the only choice that the coup leaders would have had, was to crush the opposition with brute force. Hence, it could be argued that social media saved the lives of thousands of people by helping to defeat the coup at its very beginning.

Even if the attempt was stopped quickly after its start, its aftermath is bleak: More than 60 000 public officers were removed from office as of 24 July. A state of emergency was declared. One third of the generals and thousands of lower ranking officers are under arrest.

It is yet to be seen what effect this tension will have for Turkey in near future.

Social media grinds to a halt inside Turkey (15.07.2016)

“FaceTime is a cyberweapon” and other lessons about digital age coups (19.07.2016)

Why Turkey issued a social media ban during a coup attempt—and promptly lifted it (17.07.2016)

WikiLeaks: Search the AKP email database



27 Jul 2016

More Copyfails or meaningful improvements?

By Diego Naranjo

The EU will soon be reforming its copyright rules. The European Commission is planning to present its proposal on 21 September 2016. To succeed in updating the copyright rules in a way that respects the needs of both the users and creators of cultural goods, we believe both European citizens and policy makers should better understand how the current system has failed, and how those problems could be fixed.


Over the last few months, we have been publishing weekly topical blogposts on key failures of the current European Union copyright framework, suggesting how they could be eliminated. You can find all the Copyfails here.

The EU missed the chance to fix many of the Copyfails in 2001 when the main norm regulating copyright in Europe was passed. The internet was in its early stages – there was no YouTube, Facebook, WordPress – and its possibilities were not yet evident. Fifteen years later, we are still stuck with the outdated rules that are not adapted to the digital era.

If the EU really means to achieve a “more modern, more European copyright” and a real digital single market, as the Commission has claimed, EU policy makers cannot act as if the current chaos of unclear and varying rules around Europe did not exist. The Commission cannot spend time, money and effort making cosmetic changes to a fundamentally unfit system, putting “lipstick on a pig”. They are under huge lobbying pressure from big industries that have profited from these failures in the past. Now, however, leadership is needed.

Libraries, researchers, artists, educators, academics and civil society have shown in a very concrete way how and why the framework is not working for them, and for the society in general. The EU should not let corporations, claiming to defend the interests of European culture and creators, but defending most of all their own private financial interests, decide how the copyright system in the EU will look like after the reform.

In our Copyfails series we highlighted the nine main problems that need to be tackled if the EU wants to have a real copyright reform. Will the EU listen and engage in a genuine debate, so that we can achieve a European copyright framework fit for the future? Or will we end up with rules that only benefit a narrow range of stakeholders? We’ll get the answer to this question shortly after the summer, first from the European Commission and then, in the subsequent months, from the EU Member States and European Parliament.

Read more:

Copyfails: Time to #fixcopyright! (23.05.2016)

Copyright reform: Restoring the facade of a decrepit building (16.12.2015)

Communia: Best Case Scenarios for Copyright (06.06.2016)


27 Jul 2016

EU Ombudsman demands trilogue reform, following our advice

By Maryant Fernández Pérez

On 12 July 2016, the European Ombudsman Emily O’Reilly adopted a decision that asks for a reform of trilogues. In her decision, she follows many of our recommendations. The Ombudsman is the body dealing with maladministration in the European Union (EU).

................................................................. Support our work - make a recurrent donation! .................................................................

Trilogues are informal negotiations conducted between a small number of representatives of the Council of the European Union, the European Parliament and the Commission to rush the adoption of EU legislation – laws which have an impact on the lives of 500 million people. While this system can be efficient, trilogues nonetheless undermine EU’s democracy, transparency and accountability. Due to long-standing criticism, the European Ombudsman decided to investigate on the transparency of the trilogues process. After conducting an investigation and receiving 51 responses to a public consultation, including from EDRi, the European Ombudsman now recommends that the European Commission, the European Parliament and the Council of the European Union:

  1. Publish a “trilogue calendar” and to include trilogues in the institutions’ public databases;
  2. Pro-actively publish the Parliament’s and the Council’s positions vis-à-vis the Commission’s proposal before trilogues start, regardless of the legal status of their positions (for example, regardless of their positions being a “general approach”, the result of a Parliamentary committee vote, etc);
  3. Publish summary agendas before or shortly after trilogue meetings;
  4. Pro-actively publish the evolution of the “four-column documents”, which present a comparison of the Commission’s initial proposal, the position of the European Parliament and the Council, and a the compromise text between the institutions, including the final text, as soon as possible after the conclusion of the negotiations;
  5. Make available links to minutes and videos of public trilogue meetings in the institutions’ databases and respective calendars;
  6. Pro-actively disclose details of the policy-makers involved in trilogues, including civil servants;
  7. Pro-actively publish a list of trilogue documents to facilitate access to public documents’ requests;
  8. Work together to publish as much trilogue information and documentation as possible via a user-friendly database.

The European Ombudsman does not go as far as we would have wanted to, but the recommendations, if acted on, would represent a huge step forward for more accountability, democracy and transparency in the European Union. The institutions have until 15 December 2016 to inform the Ombudsman on the actions they intend to take

European Ombudsman’s decision concerning the transparency of trilogues (12.07.2016)

EDRi: Trilogues: the system that undermines EU democracy and transparency (20.04.2016)

EDRi’s response to the European Ombudsman’s public consultation on the transparency of trilogues (31.03.2016)

(Contribution by Maryant Fernández Pérez, EDRi)



27 Jul 2016

Massive lobby against personal communications security has started

By Joe McNamee

Since 2002, European citizens’ freedom of communication, the security of our communications devices, and the protection of our personal data in the online world have been safeguarded by the so-called e-Privacy Directive. This Directive is now up for renewal. Unsurprisingly, after the big online companies launched probably the biggest ever lobbying campaign to undermine the EU’s general privacy legislation, the General Data Protection Regulation (GDPR), they’re now attacking this legislation – this time joined by telecoms providers.

................................................................. Support our work with a one-off-donation! .................................................................

The online companies want to protect their ability to track people as they use the internet. They want to protect their ability to use data from apps to discover where people are going in the offline world and to be able to use this data to create profiles. Already, with data from just three hundred clicks on Facebook “like” buttons, researchers have shown that they can develop a better insight into your personality than anybody you know – better than your spouse, your siblings or your family. Telecoms providers look at all of this information and the huge profits the online companies are making out of it. They look at the protection that the e-Privacy Directive gives to their customers and cry that this is unfair. They want to make money out of it too – they have information about our location, about our movements, about our friends, about the businesses we communicate with. Why can’t they spy on us too? It is for our own good, after all.

As a result, an impressive-sounding twelve trade associations signed a letter demanding that the protection to our freedom of expression and communication should be repealed. Apparently for comedy value, the letter calling for removal of the only EU legal instrument protecting the confidentiality of communications was entitled “Empowering trust and innovation by repealing the e-Privacy Directive”.

The list of signatories to the letter seems impressive until we realise that it is just a small number of companies mobilising them. This is very much in line with the lobbying on the General Data Protection Regulation: The key industry players used various methods to make sure their arguments were repeated by lots of different voices, to create the impression of a broad opposition against the legislation. In the case of this letter, for example Google is a member exactly half of the signatory associations – the App Developers Alliance, Interactive Advertising Bureau, Computer and Communications Industry Association (CCIA), Digital Europe, the European Digital Media Association (EDiMA) and the European Internet Service Providers Association (EuroISPA).

Shockingly, the European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry (COCIR) also signed up for the call for the repeal of the privacy rules. What interest do they have in removing rules on placing software on users’ devices? What aspect of protection of protection of confidentiality of communications worries them? We don’t know. We do know that its members include Deutsche Telekom’s subsidiary T-Systems. Deutsche Telekom is also a member of signatory associations European Telecommunications Network Operators’ Association (ETNO) and the GSM Association (GSMA).

Between now and November 2016, the European Commission will decide how it will update the e-Privacy Directive.

Joint Industry Statement: Empowering trust and innovation by repealing the e-Privacy Directive (05.07.2016)

EDRi: Data Protection Reform – Next stop: e-Privacy Directive (24.02.2016)

(Contribution by Joe McNamee, EDRi)



27 Jul 2016

The lobby-tomy 8: “Anti-fraud” – another magic word

By Guest author

Prevention of fraud is a compelling argument for less privacy protection. Insurance companies, banks, and lenders often use it to get access to data.

................................................................. Support our work - make a recurrent donation! .................................................................

The new European data protection regulation is the most lobbied piece of legislation ever because the subject is very important and touches upon almost every aspect of our daily lives. Therefore Bits of Freedom used the Dutch freedom of information act to ask the government to publicise all the lobby documents they received on this new law. We published these documents on the Bits of Freedom website with our analysis in a series of blogposts. What parties lobby? What do they want? What does that mean for you? These nine articles are now translated into English for the EDRi-gram. This is part 8.


Fraud: nobody likes it. Even though it’s a legitimate purpose to collect and process data, there should be limits. Those limits are unfortunately very difficult to determine, because “more protection against fraud is better”, right?

Insurance companies

For insurance companies, prevention of fraud a very important argument when justifying the weakening of the privacy protection of their clients or potential clients. In a letter to the ministry of security and justice the Verbond voor Verzekeraars, an interest group for insurance companies in the Netherlands, writes that they want to make it easier to process sensitive data, to make sure that they can use health data and criminal records for insurance purposes and to prevent fraud.

Insurance Europe, that represents European national insurance companies, has a even more extensive wish list. Their letter to the permanent representation obviously starts with “Insurance Europe welcomes the European Commission’s (EC) objective to further harmonize the data protection legislation within the EU and strengthen individual’s rights.” However, they want to limit the application of the provision on profiling with regard to the activities of insurance companies: “Insurance Europe recommends that the rules on profiling as proposed in the draft Regulation are amended to avoid prohibiting or restricting risk-adequate rating, rate classification and risk assessments necessary for premium calculation.”

That’s interesting, because in a letter by TechAmerica indicated that the authors said that they thought the article on profiling was specifically meant for insurance companies. This isn’t a crazy idea; debates about profiling quite often refer to the activities of insurance companies. In the world of online tracking and “big data” this is, of course, profiling has become a far broader activity.

Banks and credit

For banks and lenders fraud is an important argument as well. The Federation of European National Collection Associations (FENCA), that represents debt collection organisations, wrote in a letter to the Dutch Ministry of Justice that they would like easier access to data, even when it’s for a different purpose than for which the data have been collected. Even though collecting debts is important, that would be excessive. If data can be used for a different purpose for the one you handed it over in the first place, how do you give consent? How do you exert control over your data?

Experian, a data broker who supplies credit analyses, for example to define if a person is eligible for a loan, also wants to make sure that companies should be more easily able to process certain data when they have a legitimate interest.

Privatised law enforcement

According to the Rabobank, a Dutch banking and financial services company, banks have “big worries about the capabilities to fight crime under the upcoming data protection regulation”. In an email to the Dutch Ministry of Justice they express their concern about the limited ways to process criminal records to prevent fraud.

The Dutch association for banks delivers its arguments, as well as those of the European Bank lobby, in a seventy page document. In this document, they write that fifty percent of all data is currently processed on the grounds of the “legitimate interest” legal justification. They worry about the increased emphasis on consent by data subjects, and the additional requirements described in the provisions on profiling. They aimed to introduce definitions to prevent all these requirements. They for example say:
“Art. 4(3a) defines profiling. However it makes no distinction between profiles of the personality of individuals and the outcome of algorithms that monitor deviations from average use of products in order to detect e.g. internet fraud. Such calculated average use of a product should not be confused with the profile of a personality.”

In other words: the protection against profiling described in the text should only apply to certain ways of profiling; to creating profiles of someone’s personality, not to how people use products. The consequence would be to reduce protections and make it less clear for individuals what their rights actually are.

Thomson Reuters, a multinational mass media and information firm, emailed to a representant of the Dutch Permanent Representation to the EU about the importance of the World-Check program that helps governments and companies in combating fraud with the help of open data. This re-use of open data is very controversial at the moment.

Anti-fraud shouldn’t be a “carte blanche”

Combating fraud is important, but it also requires the data security of individuals being protected at the same time as the interests of the financial industry on the other side. Profiling is a debate that stretches beyond internet freedom alone and touches on solidarity in our society. Will people have equal access to loans or insurance? Or will this access be reserved for people profiled as being healthy, rich or more highly educated?

A lack of awareness considering the issue is nicely illustrated in the letter by Eurofinas, the European Federation of Finance House Associations, to the Permanent Representation. They act on behalf of consumer credit organisations in Europe and wanted to get rid of data minimisation. Data minimisation is a fundamental principle of data protection law: data collection should be proportionate, and companies should only collect the minimum amount of data necessary for the purpose for which they collect it. However, at the same time, the letter also states that the sanctions connected to infringement of the data protection law are disproportionately high.

More data is not always better – it frequently is not, in fact. When data that is collected and processed, it should be as accurate as possible. This means there should be requirements that relate to the quality of the data, including the context in which they have been collected. Apart from that, combating fraud should happen in a transparent way: as a citizen, you should be able to tell what data has been collected about you, and why it has been collected. As a database is always more of a security risk than no database, data collection and storage should be kept to a minimum . Combating fraud cannot lead to exclusion or discrimination.

To be continued

Want to continue reading about this? On the EDRi member Bits of Freedom’s website, you can find all the lobby documents and the analysis. The next blog concludes this series.

Verbond van Verzekeraars position paper sent to ministry of justice (26.02.2013)

Email by Insurance Europe to the Dutch Permanent Representation (28.02.2013)

TechAmerica Europe position paper sent to ministry of justice (14.01.2014)

FENCA’s letter to the Dutch Ministry of Justice (24.11.2014)

Email by DLA Piper to the Dutch Permanent Representation (19.03.2014)

Email by Rabobank to the Dutch Ministry of Justice (15.10.2013)

Email by Nederlandse Vereniging van Banken to the Dutch Permanent Representation (17.12.2013)

European Banking Federation position paper (17.12.2013)

Email by Thomson Reuters to the Dutch Permanent Representation (02.10.2012)

(Contribution by Floris Kreiken, EDRi member Bits of Freedom, the Netherlands)



27 Jul 2016

German surveillance laws: placebos, poison, and also bad sport

By Guest author

The German parliament, the Bundestag, voted in favour of two contentious surveillance laws in July 2016. These are not only disappointing with regard to their content but also as cases of dubious parliamentary procedure.

Those observing international politics may be familiar with the phrase “burying bad news”. The phrase gained notoriety through leaked emails from an advisor to the British government, Jo Moore. She apparently tried to exploit the diversion of public attention as a result of what we now call 9/11 to encourage releasing any potentially inconvenient news. Governments across Europe seem to have developed similar tricks in their own local ways. A Dutch tradition has been observed for difficult parliamentary questions to be answered very late on the last Friday of a parliamentary session. The German variety is probably best described as a sport: it is all about advancing unpopular measures at breathtaking speed, while trying to further evade the limelight. This is generally done by seeking to hide in the shadow of a football tournament and the German national team’s matches in particular.

................................................................. Support our work with a one-off-donation! .................................................................

For a warm-up, there was a VAT increase, passed one day before Germany’s quarter-final in the 2006 World Cup, a ministry announcement on detailed plans for a comprehensive employee salaries database made on the day Germany played in the European Championship’s semi-final in 2008, and a law raising compulsory health insurance rates, passed one day before Germany entered the semi-final at the World Cup in 2010. In 2012, while a German semi-final match was actually going on at the European Championship, the Bundestag executed what must be considered an extreme training session: With just 26 of 620 members present, the plenary went through the second and final third readings of a bill that would make data sharing between residence registration authorities and businesses the default. An opt-in had been changed to an opt-out at the committee stage just three days earlier. No actual debate took place in the plenary, speeches were only submitted in writing. The whole legislative charade was accomplished in 57 seconds. It was an impressive exercise, but also an easy target for opponents: after a public outcry politicians turned their efforts to back-peddling, and the law was stopped in the second chamber, the Bundesrat.

With this background it would be difficult not to regard the legislative schedule of June and July 2016 as a case of burying bad news. But this was also the time before the summer recess, the last one before relations in Germany’s “grand coalition” are expected to deteriorate ahead of the general elections in autumn 2017. Whatever the reasons, the two surveillance laws that were debated seem like quick fixes that do not solve the problems they are supposed to counter.

A so-called “anti-terror package” was hastily put together over the spring as a response to recent terrorist attacks and as an implementation of the EU’s Terrorism Directive. It contains measures such as the abolition of anonymous SIM cards, use of undercover police agents for preventive measures, permission for secret service surveillance on minors from the age of 14, and a database providing constant exchange with foreign states. The last measure is a clear violation of a principle laid down in the German constitution that person-related data may not be exchanged between police forces and secret services. This bill cleared the last parliamentary hurdle in the Bundesrat on 8 July 2016. On 20 June, during the obligatory expert hearing, the opposition walked out in protest against what they called a farce due to the selection of experts and the rushed proceedings.

Lagging behind just a few steps in the legislative process is the new law on Germany’s foreign intelligence service (Bundesnachrichtendienst, BND). It was given its first reading in the Bundestag also on 8 July 2016. After the Snowden revelations and arduous work in a parliamentary committee of inquiry that uncovered grave legal issues about the workings of Germany’s foreign intelligence, this law seems like an attempt to put an end to any such deliberations by simply legalising everything. The law even extends the BND’s surveillance options beyond current practices and into the domestic realm, and it further complicates parliamentary oversight.

EDRi member Digitalcourage staged a quickly organised protest as both laws went through their respective votes at the Bundesrat and Bundestag on 8 July – the last day before the recess and the morning after Germany had lost their semi-final against France at the European Championships. Visualising anti-terror laws as mere placebos and extended surveillance as poison for liberties, pill boxes were handed out to bystanders.

If pills won’t move parliamentarians to exercise more diligence in law-making, maybe they should consider this: the German football team lost a knock-out game shortly after or before all of the contentious votes we have listed here – while the only tournament for which we hardly found anything to report was the World Cup in 2014. Grand Coalition waves through anti-terror law (only in German, 24.06.2016) The new BND law: everything the foreign intelligence service does will simply be made legal – and even extended (only in German, 30.06.2016)

Digitalcourage: action report – surveillance laws are placebos against terror and poison for liberties (only in German, 08.07.2016)

EDRi-gram 14.10, ENDitorial: Next year, you’ll complain about the Terrorism Directive

(Contribution by Sebastian Lisken, EDRi member Digitalcourage, Germany)



27 Jul 2016

ENDitorial: Is 5G as terrible as the telecoms providers claim it is?

By Joe McNamee

A collection of big telecoms providers, together with some equipment manufacturers that rely on them for business, recently launched a document called the “5G manifesto”. The document aims to give the European Commission guidance on how to ensure the upgrade of EU mobile communications to its “5th Generation”.

................................................................. Support our work - make a recurrent donation! .................................................................

The document makes it clear that the biggest European telecoms providers feel that 5G is unable to provide compelling products, unable to generate new business opportunities, unable to attract investment and, most damningly of all, requires communist-level state intervention, in order to have any chance of seeing the light of day in Europe.

Even worse, the providers feel that the benefits are so unclear that the EU needs to “promote the benefits of 5G networks” to potential industry users (telecoms providers are unable to do this on their own, apparently). Under the Communist Manifesto, the telecoms providers, who would offer the networks, feel unable to promote their own 5G services – and the possible industrial users would be unable to understand the possible benefits of these services – without state intervention.

The providers also demand state intervention in the roll-out of the technologies, by having “adequate” policies, and “encouraging and incentivising” trials and pilot projects.

The providers also feel unable to ensure adequate standardisation activities and urge direct “co-financing” of standardisation activities. They also demand direct public funding and indirect, ( by “incentivising” support for private sector investment for “trials and large-scale demonstrators”, research and development, and as an additional way of funding standardisation activities.

The “trials and large-scale demonstrators” funding should, according to the telcos, allow for grants of half a billion to a billion Euro. In addition, a further billion Euro should be devoted to a “5G venture fund”. However, industry should not have to spend much time worrying about any safeguards associated with these public funds. These billions of Euro should be spent using “lean administrative procedures, simple and effective governance”. They helpfully tell the Commission that the best way of spending money “to provide the greatest benefit to the operator” is by investing in infrastructure.

Remarkably, the telcos indicate that they are prepared to pay for radio spectrum, but they do ask that the spectrum is “released on time and at reasonable prices”.

Despite all of the demanded public investment in infrastructure, the telcos argue that regulated access (for competitors) to infrastructure should be limited. This is despite the fact that the GSM Association has pointed out that high levels of competition in Europe means that “subscribers in the European Union pay less than half what their U.S. cousins do for 4G services”. This means that repeal of pro-competition rules will cost every European dearly.

And, en passant, the telecos demand an end to EU legislation on privacy of communications and net neutrality. Deutsche Telekom has previously demanded “revenue sharing” in order to allow innovative start-ups to have privileged access to its customers. Repeal of net neutrality rules will also cost the European online economy and European innovation dearly.

So, the price of 5G will be billions of public spending on networks, public spending on selling the services to industry, public spending on pushing the use of the technology by public services, public spending on standardisation, public spending on a “venture fund”, public spending on trials and large-scale demonstrators, public spending on standardisation processes, an end to pro-competition network access rules, an end to pro-innovation net neutrality rules, and an end to the EU’s legislation on privacy and freedom of communication.


The current European Commissioner for Digital Economy and Society, Günther Oettinger, welcomed the Manifesto.

5G Manifesto

Commissioner Oettinger welcomes 5G Manifesto (07.07.2016)

EDRi: Telcos & Commission attack net neutrality and BEREC’s independence (12.07.2016)

Europe trailing in mobile network spending (21.02.2014)

Deutsche Telekom chief causes uproar over net neutrality (30.10.2015)

(Contribution by Joe McNamee, EDRi)



20 Jul 2016

Copyfail #9: Digital Rights Management (DRM): Restricting lending and borrowing books and music in digital format

By Diego Naranjo

This article is the ninth in the series presenting Copyfails.

The EU is reforming its copyright rules. We want to introduce you to the main failures of the current copyright system, with suggestions on how to fix them. You can find all the Copyfails here.

How has it failed?

We are able to lend book to our friends, make photocopies of its pages, quote parts of the text, or sell our book to a second-hand bookshop. But with digital works like ebooks, CDs, or DVDs, users often face technical restrictions. You cannot lend your ebook to a friend (without lending your e-reader, too), or make a copy of your copy-protected DVD, not even for your own private use. Even if your government says you are allowed to, European and international law says companies are permitted to question it by using “Digital Rights Management” (DRM), software that limits copying.

DRM is a collection of systems used to protect copyright on electronic media, such as digital music and films, as well as computer software. It attempts to control the user’s ability to access, copy, transfer and convert material. Circumventing DRM technologies is forbidden in EU copyright law.

Given the fact that DRM is a blunt tool that does not take into consideration the legal freedoms to use copyrighted works for parody, citation, quotation, private copying and so on, not allowing the circumvention DRM means in practice giving away all those rights. DRM, as a rule, take all of those freedoms from you, in the name of stopping copyright violations.


Why is this important?

If someone puts a lock on something you own, you are not the owner. DRMs are digital locks which are put on your devices without asking your opinion or permission to install them and, even worse, without giving you the key. Copyright experts widely agree that DRM systems don’t achieve their intended purpose; they are bad for society, businesses and artists.

Copyright is supposed to guarantee that artists and creators get paid for their work – that there are incentives to creativity. Copyright should not be used as an excuse to restrict our freedoms or access to knowledge and learning. DRM does not fix the problem it is supposed to fix – unauthorised copying and exchanging of ebooks, music, and videos – and it adds unnecessary restrictions on legally acquired content.

How to fix it?


Read more:

Amazon Erases Orwell Books From Kindle (17.07.2009)

DRM Frequently Asked Questions

Electronic Frontier Foundation: DRM

Amazon wipes customer’s Kindle and deletes account with no explanation (22.10.2012)


19 Jul 2016

European Court confirms: Strict safeguards essential for data retention


Today, on 19 July 2016, the Advocate General (AG) Henrik Saugmandsgaard Øe of the Court of Justice of the European Union (CJEU) issued an Opinion on a case Tele2 Sverige AB v Post- och telestyrelsen (C-203/15) that deals with data retention obligations that were imposed by law on a Swedish telecom provider.

The Court was asked a set of questions related to the respect of European Union (EU) law, in the context of the data retention laws in Sweden and the UK. In the Opinion issued today, the AG re-stated principles that were previously established in the Digital Rights Ireland case. He also provided extensive further analysis of the legal context that national courts need to consider when they “rigorously verify that no other measure or combination of measures” can be as effective as the national data retention regime being proposed.

It is to be hoped that the final Court ruling will be respected by EU Member States. Sadly, since the Digital Rights Ireland case was decided in 2014, EU Member States have persisted in implementing or creating new legislation that wilfully ignores the principles previously established by the Court. The Advocate General made it unequivocally clear that all of the safeguards listed in the Digital Rights Ireland case must be respected by national laws.

It is time for EU Member States to start respecting the law. It is time for the European Commission to do its job to ensure that the law is respected,

said Joe McNamee, Executive Director of European Digital Rights.

How many times does the Court need to be asked the same question before EU Member States start listening? Data retention is an extreme measure which can only be implemented if the criteria repeatedly laid down by the Court are respected.

The European Commission should, at long last, start doing its job. So far, it has avoided taking a position on the numerous data retention laws in Europe that breach the principles that were established by the EU Charter of Fundamental Rights, clarified by the Court in 2014 and, today, re-stated by the Advocate General of the Court of Justice of the European Union.

Almost exactly a year ago, EDRi wrote to the European Commission Vice-President, Frans Timmermans, demanding action. In response, the Commission said that it would “monitor” thoroughly the data retention laws in the EU, but has so far avoided taking action. Time has run out for the Commission’s delaying tactics. It is now time – finally – to ensure that the law of the European Union is respected.

Read more:

Press Release from the CJEU on the Advocate General Opinion on the case (Case C-203/15) (19.07.2016)

European Commission will “monitor” existing EU data retention laws (29.07.2015)

European Digital Rights asks the European Commission to investigate illegal data retention laws in the EU (02.07.2015)


18 Jul 2016

Citizens sent a clear and loud message: We want a free and open internet!

By Heini Järvinen

Keeping the internet free and open undoubtedly matters to Europeans: by the end of the public consultation on implementation of net neutrality rules, over half a million comments were sent following the campaign.


The comments have been sent to the Body of European Regulators of Electronic Communications (BEREC), which will now finalise the guidelines for the implementation of the Regulation that contains the rules on net neutrality. The guidelines will be published on 30 August 2016.

With a flood of messages supporting net neutrality, we expect the final guidelines to offer clear interpretations for how to deal with zero rating, specialised services and traffic management, and that the guidelines guarantee that we can keep enjoying the openness that has made the internet a huge economic and societal success story.

European Digital Rights and its partners want to thank everyone who participated in this outstanding effort to show the regulators that we want to define ourselves – and not let companies do it – how our digital public space will look like in the future!



This is the culmination of nearly three years of hard work:

  • Following the launch of the European Commission’s deeply flawed proposal in September 2013, EDRi and its partners worked hard to persuade the European Parliament to support net neutrality in April 2014.
  • We then undertook the difficult job of trying to influence the secretive “trilogue” discussions (from February to July 2015), where the Parliament sought to defend its position, against the strong opposition of both the European Commission and EU Council.
  • Ultimately, a deal was reached in July 2015 – producing that was far better than we could possibly have hoped. Efforts to close key loopholes in the Parliament’s final vote in November 2015
  • From November 2015 until today, we did everything possible, including a face-to-face meeting with BEREC, numerous one-to-one meetings with national regulators and preparation, launch and publicising the platform.

For a complete history of this long and difficult campaign, see:

EDRi’s submission to BEREC’s consultation:

  1. Our policy analysis
  2. Our response to the consultation, which contains specific amendments to the draft guidelines.

A heart-felt thank you to all individuals and organisations that have supported these efforts.