A measure which would be illegal if implemented by a government should also be illegal if implemented by industry as a “voluntary” measure, as a result of government pressure or for public relations or anti-competitive reasons. However, as key international legal instruments, such as the European Charter of Fundamental Rights and the European Convention on Human Rights, as well as national constitutions are binding for states and governments, they are not directly applicable to other entities, such as private companies. As a result, there is a major trend towards governments persuading or coercing companies to impose restrictions on fundamental freedoms under the guise of “self-regulation,” thereby circumventing legal protections.

19 Oct 2016

ENDitorial: Commissioner defends nuclear attack on internet freedom

By Joe McNamee

The European Commission launched its proposal for a Copyright Directive in September 2016. The legislation includes new rules on filtering of uploads to the internet, text and data mining and the so-called “link tax”.


In response, on 9 September, the Copyright for Creativity Alliance (including EDRi) sent a letter to European Commission Vice-President Andrus Ansip about the copyright reform that was launched recently under his authority. On 12 October, the Commissioner responded.

In the letter, Ansip said:

One of the main goals of the Commission’s Digital Single Market Strategy is to achieve a wide availability of creative content across the EU.

The proposal suggests to create a power for copyright holders to prevent the upload of ANY content that contains some of their work – which includes the power to block availability of perfectly legal and democratically valuable quotation or parody. This quite obviously does not achieve a wide availability of creative content across the EU.

Worse still, going beyond any surveillance and censorship regime imposed anywhere else in the world, the Commission not alone proposes mass filtering and blocking of uploads to the internet in Europe. It also privatises this activity, putting the hands of bizarre “pluristakeholderism” – like multi-stakeholderism, but without internet users. This means that (big) rightsholders and internet companies will cooperate to decide what filtering is implemented and how.

----------------------------------------------------------------- Support our work - make a recurrent donation! -----------------------------------------------------------------

In the letter, Ansip said:

We acknowledge the positive effects of the limited liability regime established in the e-commerce Directive on innovative online services.

Under existing EU law (in the e-commerce Directive), internet companies are protected from liability for illegal or unauthorised activity of their customers. This is crucial to minimise incentives to monitor and censor internet users and to allow innovation to flourish. What he did in his proposal was to kill the limited liability regime in a kind of legislative “drive-by shooting”. It moves virtually all internet hosting providers outside the scope of the e-commerce Directive by saying that availability to the public is not a passive activity (as recognised by the e-commerce Directive and the Court of Justice of the EU). It does this with just one word – “thereby”:

“Where information society service providers store and provide access to the public to copyright protected works or other subject-matter uploaded by their users, thereby going beyond the mere provision of physical facilities.”

Having already killed the e-commerce Directive, it then drives a stake through its heart by saying that providing such a service is “performing an act of communication to the public”. This means that not alone is the pre-existing protection from liability removed, the hosting company becomes directly liable for any infringements carried out by its customers.

In the letter Ansip said:

Our goal is not to change this regime and not diminish innovation and user choice.

What he did in his proposal was to create a right of appeal for unfair deletion or blocking of user content. This is not a bad thing and this makes it clear that the Commission itself sees a risk of the legislation diminishing user choice. However, we know from experience that online companies rarely remove user content because it is “illegal”. They remove it because it is an alleged breach of their terms and conditions. There is no mechanism in EU or national law to force internet companies to host material they have decided was in breach of their terms of service. As a result, the “safeguard” that is proposed by the Commission will not be usable in practice. The Commission has recognised that it has created a problem and failed to deliver a solution.

Worryingly, the analysis in Commissioner Ansip’s letter is not just wrong. It is demonstrably, obviously and egregiously wrong.

Copyright for Creativity Alliance’s sent a letter to Andrus Ansip (09.09.2016)

Ansip’s reply to Copyright for Creativity Alliance’s letter (12.10.2016)

Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market (14.09.2016)

(Contribution by Joe McNamee, EDRi)



19 Oct 2016

Censorship in Italy: Child protection is the excuse again

By Guest author

One of the recurrent attempts to control the internet is the excuse of “child protection”. Italy has moved a step to this direction, and is going to release a new law against “cyberbullying” that confirms this new trend. This new project follows the same well-worn, failed approach.


The draft has been modified by the Chamber of Deputies of the Italian Parliament, and will be discussed in the following months in the Italian Senate which was the author of the first draft.

The text, as amended, contains many worrying points.

First, the scope of the legislation has been extensively broadened: all the possible crimes that can be conducted online are included. If the purpose of the new legislation is to fight cyberbullying, the logic behind including other crimes is difficult to understand.

----------------------------------------------------------------- Support our work with a one-off-donation! -----------------------------------------------------------------

These inclusions will only create legal uncertainty. How will a certain conduct be criminalised, and based on which law? Is the purpose of this law to actually fight cyberbullying?

Secondly, what raises more doubts is the clause related to the instruments that would be used for the enforcement of this “protection” against cyberbullying.

On one hand, a board of “experts” will be created to find appropriate measures to combat cyberbullying. Leaving aside the scepticism deriving from previous experiences with “expert” groups, the criteria to select the board is far from clear. The expert group should be able to elaborate appropriate measures to fight cyberbullying in only 60 days.

On the other hand, thanks to this new provision anyone who will feel hurt, defamed, harassed, stalked or offended by certain content will be able to act directly. They can inform the platform where the content appears, and ask for its removal. At the same time, the same person will inform the Data Protection Authority (DPA), who will control the removal of the content, and act directly to assure it after 48 hours, if the platform does not act as requested.

This new activity is likely to increase enormously the already high number of requests that the DPA receives. However, it does not foresee any increase to the DPA’s budget.

This specific measure will have two consequences: unilateral and arbitrary censorship of content, and a huge power for and pressure on platforms to act without any form of neutral examination. The consequences are unpredictable.

According to experts and journalists, the new project, assuming it will be amended by the Senate, is the result of non-evidence based digital policies. The internet, at least in Italy is rarely considered from a positive perspective, at least by the texts like this one – for example as a place or an environment useful also to improve the lack of digital literacy. Using cyberbullying as an excuse to regulating the internet by censoring inconvenient content, and by delegating the responsibility to private companies is an enormous threat to our democracies. The Italian Senate needs to stand up for its citizens, and defend an internet where rule of law and fundamental freedoms are respected.

Italy on the verge of the stupidest censorship law in European history (18.09.2016)

Cyberbullies in the Parliament (only in Italian, 07.08.2016)

The fight against cyberbullies is something serious (only in Italian, 06.08.2016)

(Contribution by Alessandro Bruni, EDRi intern)



19 Oct 2016

Shadow regulations – unfair and undemocratic

By Guest author

Shadow Regulations are voluntary agreements between companies (sometimes described as codes, principles, standards, or guidelines) to regulate your use of the internet, often without your knowledge.


Shadow Regulation has become increasingly popular after the monumental failure of restrictive internet laws such as Anti-Counterfeiting Trade Agreement (ACTA), The Stop Online Piracy Act (SOPA) and PROTECT IP Act (PIPA). This is because Shadow Regulation can involve restrictions that are as effective as any law, but without the need for approval by a court or parliament. Indeed, sometimes Shadow Regulation is even initiated by government officials, who offer companies the Hobson’s choice of coming up with a “voluntary” solution, or submitting to government regulation.

----------------------------------------------------------------- Support our work with a one-off-donation! -----------------------------------------------------------------

Shadow Regulation is used in many different contexts, including copyright enforcement, regulation of “hate speech”, and to restrict sales of lawful products, among others. What’s wrong with these agreements? The crux of the problem is that they can quietly reshape our internet without our knowledge or input. We weren’t consulted during their development, don’t know how they are being applied, and typically have little or no means of recourse when they are used to shut down our speech online.

This doesn’t mean that voluntary agreements with internet companies are always a bad thing. Such agreements can be a positive way to avoid heavy-handed and inflexible regulation, and there are ways of reaching such agreements in an inclusive, balanced, and accountable way.

But although voluntary agreements can be done right, more often Shadow Regulation is deliberately exclusive and opaque, resulting in private parties acting as the internet police to enforce content removal or the restriction of online behaviour, while elected governments avoid responsibility. That’s both unfair and undemocratic.

This article was originally published by EDRi member EFF on

Anti-Counterfeiting Trade Agreement

SOPA/PIPA: Internet Blacklist Legislation

Shadow Regulation: the Back-Room Threat to Digital Rights (29.09.2016)

Fair Processes, Better Outcomes (30.09.2016)

Free speech – only as strong as the weakest link

Beyond regulation: Reaching solutions that work for users

(Contribution by EDRi member EFF, international)



19 Oct 2016

Orange is the new blacklist

By Guest author

On Monday morning 17 October, Orange customers who tried to access, and other sites found themselves being redirected to the site of the Interior Ministry explaining that those sites were blocked. The banned websites were accused of “provoking terrorist acts or publicly glorifying terrorist acts”.


Orange declared that the websites had been added to the terrorism blacklist due to “human error”.

Since the adoption of the law on terrorism in late 2014, and more precisely a decree of February 2015, the French police can order – without a court order or judicial control – the blocking of internet sites that support terrorist acts or groups.

This measure was widely criticised, in particular because it could lead to over-blocking cases, and because the definition of the “glorification of terrorism” is more than vague.

----------------------------------------------------------------- Support our work - make a recurrent donation! -----------------------------------------------------------------

Some EU Member States are now seeking to export this concept to the European level. In the draft Anti-Terrorism Directive, the Council of the European Union introduced text to make the ”glorification and justification of terrorism” a crime, without providing a definition of what this might mean. This could lead to the Europeanisation of the collateral damage that is already happening in France, and which has just been proved to be, one more time, absurdly ineffective.

Google redirected to place Beauvau by Orange (only in French, 17.10.2016) blocked for glorifying terrorist acts because of Orange’s “human error” (only in French, 17.10.2016)

(Contribution by Guillermo Peris, EDRi intern)



19 Oct 2016

“Follow the money” on copyright infringements

By Joe McNamee

The European Commission is pushing forward energetically on privatised law enforcement projects for all manner of internet activities. This is the approach to terrorism, hate speech, copyright enforcement… whatever the question, the answer is that internet companies can solve the problem.


It is currently discussing “guiding principles” for withdrawal of services by advertising companies to penalise and prevent “commercial scale” infringements. Tellingly, the final paragraph of the “guiding principles” contains very similar wording to the ill-fated “Anti-Counterfeiting Trade Agreement” (ACTA) that was rejected in 2012.

Like ACTA, the “guiding principles” include illusory “safeguards”, such as references to non-existent legal terms like “fundamental principles” and “fair process” (not due process). Like ACTA, it refers to “commercial scale”, as if this was a safeguard. The European Commission itself has previously said that the term is too vague in existing law.

----------------------------------------------------------------- Support our work - make a recurrent donation! -----------------------------------------------------------------

The text also refers to a “right to access lawful content”, even though there is no such “right”. We have a right to freedom of movement (not a right to legal movement), we have a right to freedom of communication. The implication of the expression “right to access lawful content” is that everything we do or say should be assumed to be illegal until proven otherwise. This is profoundly objectionable.

The planned agreement has a “verification and compliance” process for when participating companies cooperate to destroy an online service by withdrawing advertising revenue. But what is this “verification and compliance” process actually verifying or complying with? This is not specified, presumably because it is not important for the Commission. How accessible will a process be, if a provider withdraws services on the basis of terms of service? On what basis would an injured party believe that their service will get a fair hearing from a large provider, possibly in another country? A credible and accessible complaint process and redress mechanism appears unlikely.

Paragraph 7 of the Commission’s document both says that the agreement “will establish key performance indicators (KPIs)” and that signatories to the agreement will set up a working group “on the KPIs”. Does this mean that a working group on KPIs will be set up after the KPIs have already been defined?

It has been shown again and again and again that rightsholders cannot be trusted in projects of this kind. The Commission is proposing a project where, as described above, the target is ill-defined, the safeguards are illusory, jurisdiction is unaddressed and the compatibility with primary EU law (Article 52 of the Charter of Fundamental Rights of the European Union in particular – in contravention to the most basic of the Commission’s roles) is ignored – the Commission has already taken the view that such “voluntary” agreements are beyond the reach of the Charter. Such proposal appears reckless at best and legally untenable at worst.

European Commission: Guiding principles: The Follow the Money Approach to IPR enforcement –
Stakeholders’ voluntary agreement on online advertising and IPR

European Commission – Roadmap: Proposal for a revision of the Directive on the enforcement of intellectual property rights (Directive 2004/48/EC)

Warner Bros: Our false DMCA takedowns are not a crime (15.11.2013)

Digital camera review taken down by a botched DMCA notice that makes claims of trademark infringement (21.03.2013)

Microsoft DMCA notice “mistakenly” targets BBC, Techcrunch, Wikipedia and U.S. Govt

(Contribution by Joe McNamee, EDRi)



17 Oct 2016

EDRi’s privacy for kids booklet: Your guide to the Digital Defenders


Today, we are publishing a booklet “Your guide to Digital Defenders vs. Data Intruders – Privacy for kids!“, to help young people between 10-14 years to protect their privacy.

The internet is an amazing opportunity for young people to learn, communicate and to explore new worlds. Our booklet will help them enjoy all the benefits of the internet while protecting their personal information.

said Kirsten Fiedler, Managing Director of European Digital Rights.

Children’s freedom to explore and develop should not be limited due to lack of awareness of privacy-protecting strategies. The booklet helps them make safer and more informed choices about what to share and how to share online. It includes chapters on what privacy actually is, how to use safer messaging systems and how to improve the security of smartphones.


The booklet is the outcome of an international project with contributions by EDRi’s network (Bits of Freedom, Open Rights Group, Chaos Computer Club, Digitale Gesellschaft, ApTI Romania, Mediamocracy and many more). In the parallel universe of the booklet, a team of superheroes (the Digital Defenders) fights a group of villains (the Intruders). They were created by German comic artist and illustrator Gregor Sedlag.

The original language is English, but we have started to coordinate translations to make it available in as many languages as possible. The booklet is available under a creative commons (CC-BY) licence and can be freely downloaded and re-distributed. Donations to cover printing costs as well as translations are accepted here. If you want to help with translations, or if you want to print it and distribute it at schools please contact us!


Read more:
Educate and empower children on online privacy


12 Oct 2016

Corporate-sponsored privacy confusion in the EU on trade and data protection

By Maryant Fernández Pérez

After the “Privacy shield” was adopted on 12 July 2016, the European Commission started internal discussions about whether or not to include “data flows” and “data localisation” clauses in Transatlantic Trade and Investment Partnership (TTIP) and in the Trade in Services Agreement (TiSA). It appears that the European Commission Directorate-General for Justice and Consumers (DG Justice) initially accepted the inclusion of clauses on forced, unjustified “data localisation”, but not on transfers of data. However, according to EurActiv, DG Justice has backed down and accepted a weakening of its position on data protection and privacy in order to placate industry, after a campaign based on dubious assertions and backed up by the US government.

Now, the European Commission President Jean-Claude Juncker and the Vice-President Frans Timmermans seem to be prepared to defend core principles of EU law and the rights of EU citizens. They are allegedly blocking the “compromise” to water down protections because “the deal might poke holes in the EU data protection rules that are set to go into effect in 2018”. Weakening privacy and data protection of European citizens through the inclusion of “data flows” in trade agreements has global corporate sponsorship. The EU should resist. There are three main reasons for this:

1. Data flows must not be part of trade agreements

Trade negotiations are not suitable for shaping rules affecting the fundamental rights to privacy and data protection. If the EU was unable to ensure protections of fundamental rights in the Privacy Shield (see here, here and here), on what basis could it think that trade agreements would achieve a better result? Is the apparently ideological rush to include “data flows” in trade agreements worth the risk of making a dubious compromise that would put the whole agreement in doubt?

Data transfers are and can be ensured in other legal fora. Personal data flows are ensured in the EU legal framework by several mechanisms, such as binding corporate rules, modal clauses, adequacy decisions or special arrangements, of which the EU-US Privacy Shield is an example, albeit not a stellar one. The General Data Protection Regulation (GDPR) even provides more alternatives to transfer data of EU citizens abroad, such as self-certification. In addition, the European Commission is expected to issue a “Free flow of data initiative”, apparently only for commercial data.

2. Including data flows in trade agreements like TTIP or TiSA would have huge implications

On 13 July 2016, the University of Amsterdam issued an independent study that EDRi, BEUC, TACD and CDD commissioned in order to ascertain whether fears with regard to both privacy and data protection in trade agreements were founded. The study concluded the risks are real, and a great deal of effort needs to be put into making trade agreements data protection- and privacy-proof. This is our take:

Unless parties want to change their legal framework to truly protect human rights online, trade agreements’ vague commitments to protect data protection and privacy will be meaningless in practice.

Exceptions and safeguards protecting personal data and privacy are being suggested as a means to address the concerns about fundamental rights. However, these clauses can only be activated if certain conditions are complied with, such as:

  • that privacy and data protection measures cannot be inconsistent with other obligations of the agreement. Would the EU legal measures on data protection be inconsistent with the obligation to ensure “a free flow of data”? According to the lobby group CCIA, the response could well be “yes” (cf. “Europe might want to consider whether its 20th century localised data protection framework is well suited in the 21st century interconnected digital world”). To guard against such extreme positions, the European Parliament asked the Commission not to include such conditionality; or
  • that privacy and data protection measures should take “international standards” into consideration. As the EU is a standard setter in privacy and data protection, this creates the risk of a race to the bottom and could prevent other countries from adopting measures which defend privacy and data protection as much as (or more than) the EU.

Even if trade agreements had strong exceptions and safeguards, they could be undermined by:

  •  trade dispute settlement mechanisms of trade agreements, as the Charter of Fundamental Rights will obviously not be considered; and by
  • national security exceptions. Trade agreements contain exceptions on “essential security interests” that establish that nothing in the trade agreement shall prevent any Party to the agreement from adopting measures to protect “essential security interests”. This means that if a party to the agreement wanted to conduct mass surveillance, for example, the trade deal would not ensure the protection of the privacy and personal information of individuals. This is very worrisome, as the Snowden revelations and other scandals have shown. The European Parliament has warned the Commission that their consent to TTIP could be endangered if “US blanket mass surveillance activities are not completely abandoned”.

Conditions, suspensions or prohibitions of transfers of EU citizens’ personal data outside the EU must be possible if fundamental rights are violated or circumvented, as the European Parliament has proposed to the Commission. This position is absent from all of the clauses seen in current trade proposals. In fact, the EU is currently negotiating on trade agreements whose drafts include provisions on data protection that are fundamentally broken. The existence, application or enforcement of the laws adopted by the Parties to a trade agreement relating to their fundamental rights requirements must not be considered as a violation of any trade agreement.

3. Blackmail tactics of industry lobbyists

The hollow-sounding and specious arguments that the “global tech sector” use, such as that they take “the fundamental right to privacy very seriously”; and that without data flows (as if they would suddenly, mysteriously, stop), no trade agreements will be or can be concluded; or that the EU could be perceived as “data protectionist” are far from credible. Even some industry actors (e.g. eBay) had admitted to the Commission that the inclusion of data flows are not a priority for them because they rely on binding corporate rules to transfer data from EU citizens.

Having lobbied unsuccessfully against the General Data Protection Regulation (GDPR), having successfully lobbied for a flawed, inevitably temporary “Privacy Shield”, having incomprehensibly asked the Commission to repeal the e-Privacy Directive, it is understandable that industry lobbyists, backed by the US government want to:

  • ensure there are legal means available to challenge privacy and data protection measures, with the weak excuse that fundamental rights are barriers to trade;
  • prevent other countries to adopt high standards on data protection and privacy; and
  • make sure whatever protections on privacy and personal data are contingent on a nebulous and unpredictable understanding of “necessity” and “proportionality” in trade agreements, whereby fundamental rights will always be deprioritised compared with trade concerns.

It is also understandable that after hearing that the Commission was opposing to include data flows, they increased their lobbying and resorted to “independent” “think tanks” like ECIPE to multiply their message.

The European Commission should do better. As Evgeny Morozof argues, when policy is dictated by corporations, the protection of your privacy starts being seen as a barrier to economic growth. By defending the protection of privacy and personal information of all, the EU will gain influence and credibility. Data protection and privacy are not barriers to trade. Quite the opposite, privacy is an asset of economic growth; it’s a business opportunity to regain trust. Making void assurances and general statements that are not reflected in the actual text of the agreements would not be enough. The European Parliament has strongly reiterated this approach and even asked the Commission to “immediately and formally oppose the US proposals on movement of information”.

This is exactly what the EU should do.


11 Oct 2016

#2 Freedom to have secrets: How to keep your information private


This is the second blogpost of our series dedicated to privacy, security and freedoms. In the coming weeks, we will explain how your freedoms are under threat, and what you can do to fight back.

In our previous blogpost we described “cookies” and how they help to make a profile of your personality. This time we explain how your freedom to have secrets is at risk.


Big Data Surveillance: What is that and how it works?

Today, more and more devices and appliances connect to the internet, and most of our communications are in the hands of private companies. These companies often collect data about us: Your “free” email service is very probably routinely screening the contents of your emails, and using this information for advertising purposes. Based on your mobile phone’s location data, it’s not very difficult for companies to find out where you are at every moment, guess what you might be interested in, and who your friends are.

Could you imagine that a toothbrush or a television could be used to spy on you? Or that searching for a recipe to cook lentils could lead into anti-terror squads raiding your home?

If companies are able to read your emails, sms and chats, and to know constantly where you are, and with whom you have close relationships, how can you keep anything to yourself, or to share only with those who you choose? This kind of snooping is a threat to your freedom to have secrets! Even if the companies have no bad intentions, creation of databases with vast amounts of personal data generates huge security risks.

How to claim back your freedom to have secrets

To keep some of your information private, disable location in your smartphone, and check out these tools:

Signal: Recommended by whistleblower Edward Snowden as one of the best available apps, this application allows you to chat securely. All the communications are encrypted end-to-end by default, including group chats and attachments. This means that nobody but the person to whom you send the message will be able to read its contents. Sometimes it is a pain to change to a different technology. However, the more people that use Signal, the more people will use Signal! Privacy and security needs leaders to set an example… Try Signal, it’s as easy as any other instant message app! Ask the five people with whom you are in contact the most regularly to start using it, too, and you’ll be able to chat with them, with no risk to your privacy and security.

Want to go a step further? Why not encrypting your smartphone? Check the full disk encryption options in Android security settings, and check the “data protection” options in iPhones and iPads to improve your security beyond the defaults.

See more advice from our member organisation, the EFF, about how to keep your information safe here.

You can find more tools in the surveillance self-defense guide by the EFF.

John is dealing with location surveillance in this video, prepared by our member Association for Technology and Internet (ApTI) – Romania:


What can politicians do to safeguard your freedoms online?

The rules on online privacy in the EU (ePrivacy Directive) will be soon updated. This law is dealing with privacy and confidentiality of communications for the entire EU, and it affects tracking and other issues related to your freedoms online. Are politicians ready to fight for your privacy and security?

Read our previous blogposts here, and stay tuned to our next blogposts to know more about your freedoms online, and how they are threatened!


06 Oct 2016

Big Brother Awards Belgium: Facebook is the privacy villain of the year


Big Brother Awards Belgium 2016 – The Devil is in the Default

On 6 October, the Belgian Big Brother Awards 2016 took place in Brussels. The negative prize for the worst privacy abuser was unanimously granted to Facebook by the professional jury. The public confirmed Facebook’s title as the ultimate privacy villain of the year – a big majority of the votes went to the social network that is successfully harvesting and generating personal data from people all around the world.

Facebook is a multi-billion dollar company that has one commodity – you!

said Joe McNamee, Executive Director of European Digital Rights.

Facebook has access to a wide range of personal data, and it tracks your movements across the web, whether you are logged in or not. And the devil is in the default: To opt out, you are expected to navigate Facebook’s complex web of settings.

We nominated Facebook for the award because their default settings are noxious for privacy. To understand what privacy you are giving away when you use Facebook… well, that is impossible. Data algorithms that can make new assumptions about users are being constantly developed – even Facebook today would have difficulty knowing how they will use your data tomorrow.

said McNamee.

The Big Brother Awards are based on a concept created by EDRi member Privacy International. The goal is to draw attention to violations of privacy.


Big Brother Awards Belgium 2016: “The Devil is in the Default”


05 Oct 2016

ENDitorial: It is possible that Netflix is legal in Ireland – or not

By Joe McNamee

Perhaps it should come as a surprise that copyrighted data are protected in law more rigorously than personal data in Europe.

In data protection law, there is a “legitimate interest” exception: if you are processing personal data because you have a “legitimate interest” in doing so, and if this does not undermine the rights of the individuals whose data are being processed, then this is permitted.

So, what about when you have a legitimate interest in making a copy of a copyrighted work? In Europe, no “legitimate interest” exception to copyright rules exists. Nothing that is even similar to a legitimate interest exception exists in European copyright law. This is in contrast with the US, which has a flexible “fair use” exception. EU law harmonises the rule that absolutely every unauthorised copy of a copyrighted file infringes copyright, unless it falls within the scope of limited, narrow and very specific exceptions, only one of which is obligatory.

................................................................. Support our work with a one-off-donation! .................................................................

At the request of civil society, including EDRi, and in an attempt to make the rules surrounding copyright clearer for people, the EU Intellectual Property Office (EUIPO) has prepared a “Frequently Asked Questions” (FAQ) document, to explain key points of copyright law for each of the 28 EU Member States. The results are interesting, laying bare the chaos of copyright law in Europe.

The FAQ’s analysis of streaming in Ireland is particularly interesting. The experts that prepared the report say that there is no specific rule in Ireland prohibiting the accessing of an unauthorised streaming site. However, it is prohibited to make a “substantial” copy of content without authorisation. When you view a streaming video, a temporary copy of the content appears on your computer. Therefore, it is possible that this copy could be considered to be “substantial” by a Court and this would then be a breach of copyright.

But if the temporary copy that a viewer’s computer generates when accessing a streaming service might be considered to be a “substantial” copy under Irish law, surely this has consequences for authorised streaming services like Netflix? Yes. However, the good news is that the EUIPO copyright experts argue that, insofar as the copy made by an Irish user’s computer or TV might not be a “substantial” copy, then accessing streaming services “could be legal in the context of a licensing arrangement”.

Accessing unauthorised sites might be legal. Accessing (and paying for) licensed services might be illegal. Or both might be legal. Or both might be illegal. And nothing in the EU’s new Copyright Directive will change this. And the EU wonders why infringements are so widespread.

EUIPO: FAQs on copyright – 15 questions from consumers on copyright

Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society

Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market (14.09.2016)

EDRi: ENDitorial: Copyright combinatronics (16.11.2011)

(Contribution by Joe McNamee, EDRi)