A measure which would be illegal if implemented by a government should also be illegal if implemented by industry as a “voluntary” measure, as a result of government pressure or for public relations or anti-competitive reasons. However, as key international legal instruments, such as the European Charter of Fundamental Rights and the European Convention on Human Rights, as well as national constitutions are binding for states and governments, they are not directly applicable to other entities, such as private companies. As a result, there is a major trend towards governments persuading or coercing companies to impose restrictions on fundamental freedoms under the guise of “self-regulation,” thereby circumventing legal protections.

31 Oct 2017

The privacy movement and dissent: Protest

By Guest author

This is the fourth blogpost of a series, originally published by EDRi member Bits of Freedom, that explains how the activists of a Berlin-based privacy movement operate, organise, and express dissent. The series is inspired by a thesis by Loes Derks van de Ven, which describes the privacy movement as she encountered it from 2013 to 2015.*

In order to describe, analyse, and understand the ways in which the privacy movement uses protest, it is important to bear in mind the internet plays an all-encompassing role. First, we can distinguish between actions that are internet-supported and actions that are internet-based. Protests that are internet-supported are traditional means of protest that the internet has made easier to coordinate and organise, whereas protests that are internet-based could not have happened without the internet. Second, there is the height of the threshold for people to become involved. A high threshold means that participating entails a high risk and level of commitment, while a low threshold means a low risk and level of commitment. In the privacy movement, internet-supported protest with a low threshold and internet-based protest with a high threshold are the most common forms of protest.

----------------------------------------------------------------- Support our work - make a recurrent donation! -----------------------------------------------------------------

Internet-supported protest with a low threshold

The most common types of internet-supported protest with a low threshold that we find in the privacy movement are asking for donations and organising legal protest demonstrations.

The internet has given an impulse to donations: whereas in the analogue age the costs to coordinate such actions would outweigh the benefits, in the digital age collecting money has become much more accessible and easier. The Courage Foundation, for instance, collects donations for the legal defense of whistleblowers such as Edward Snowden and Lauri Love. Many other European organisations similarly offer their members and supporters the opportunity to make donations. However, it is worth noting that specifically in the case of the privacy movement, the threshold for donating money is higher than usual, as whistleblowing is a politically sensitive subject and community members have a heightened knowledge of privacy concerns associated with online payments. It is not surprising that donating via the anonymous digital currency Bitcoin is an option many organisations offer.

When it comes to demonstrations, the internet has also been an enhancing factor, as it has made the spreading and exchanging of information about the goal and practical details of a demonstration much easier. This also proves to be the case for demonstrations organised by the privacy movement. A fitting example of how the internet can help rapidly spread information and the effect that has on protest is the Netzpolitik demonstration held in Berlin on 1 August 2015. The announcement by Netzpolitik, a German organisation concerned with digital rights and culture, that two of their reporters and one source had been charged with treason, made thousands of people gather in the streets of Berlin to protest for the freedom of the press.

Here, too, it is worth considering how low the threshold for demonstrating actually is for activists within the privacy movement. In the analogue age it was difficult for governments to get a clear image of who exactly took part in a demonstration. Modern technology, however, has changed and continues to change the game. For instance, after participating in a protest, protesters in the Ukraine received a text message from their government that stated, “Dear Subscriber, you have been registered as a participant in a mass disturbance”. Something similar happened in Michigan, USA, in 2010. After a labour protest the local police asked for information about every cellphone that had been near the protest. Thus, the height of the risk that is involved in these sorts of protest is definitely worth reconsidering, especially when reflecting on a movement with so much awareness of (digital) surveillance.

Internet-based protest with a high threshold

Internet-based actions with a high threshold include protest websites, alternative media, culture jamming, and hacktivism.

Protest websites are websites that “promote social causes and chiefly mobilise support”. The privacy movement is involved in a number of these sorts of websites, for example and, which are dedicated to whistleblowers and explain how supporters can help them, and, which asks supporters to take action in protecting net neutrality.

Alternative media have proven to be a crucial part of how the privacy movement voices dissent and “bears witness”, as the internet has made it possible to circumvent mass media and has reduced the effort to spread information to a large audience. A well-known example of alternative media, emerging from the privacy movement, is The Intercept, an online news organisation co-founded by Glenn Greenwald, Laura Poitras, and Jeremy Scahill. This newspaper aims, according to its website, to “[produce] fearless, adversarial journalism” and focuses on stories that provide transparency about government and corporate institutions’ behaviour.

Culture jamming is a form of protest where corporate identity and communications is appropriated for the protesters’ own goals, using tactics such as “billboard pirating, physical and virtual graffiti, website alteration, [and] spoof sites”. An example for spoof sites is the Twitter account: @NSA_PR, or NSA Public Relations in full, a reaction to the actual official Twitter account the public relations department of the US National Security Agency that was launched at the end of 2013. The spoof account often responds to recent surveillance and security issues in a humorous way. For example, when WikiLeaks published documents about the NSA’s interception of French leaders, NSA Public Relations posted, “Parlez-vous Français?”.

Hacktivism is the last form of internet-based protest with a high threshold. It is defined as “confrontational activities like DoS attacks via automated email floods, website defacements, or the use of malicious software like viruses and worms”. These activities are not commonly used within the privacy movement. Instead a “”digitally correct” form of hacktivism is practised. Digitally correct hacktivism designs computer programs that help confirm and accomplish their political aims. Of the many programs that exist, two of the most well-known and widely used programs for this kind of protest are the Tor Project web browser and Pretty Good Privacy. Both programs are designed to secure the user’s privacy. Whereas it is debatable whether direct action hacktivism is legal or not, the use of the Tor browser and email encryption are, of course.

The digital age has undeniably affected the way in which social movements protest. Traditional forms of protest have become internet-supported, but additionally there are also forms of protest being used that cannot even exist without the internet. This is even more the case for the privacy movement. For a movement that is so intertwined with the internet, we see that it is difficult to even make the distinction between online and offline protest, and that it comes up with its own specific alterations to already existing forms of protest.

The series was originally published by EDRi member Bits of Freedom at

Dissent in the privacy movement: whistleblowing, art and protest (12.07.2017)

The privacy movement and dissent: Whistleblowing (23.08.2017)

The privacy movement and dissent: Art (04.10.2017)

(Contribution by Loes Derks van de Ven; Adaptation by Maren Schmid, EDRi intern)

* This research was finalised in 2015 and does not take into account the changes within the movement that have occurred since then.

Della Porta, Donatella, and Mario Diani. Social movements. An Introduction. Malden: Blackwell Publishing, 2006.
Van Aelst, Peter, and Jeroen van Laer. “Internet and Social Movement Action Repertoires. Opportunities and Limitations.” Information, Communication & Society 13:8 (2010): 1146-1171.



31 Oct 2017

Surveillance laws fall far short of fundamental rights standards

By Anne-Morgane Devriendt

On 23 October, the European Union Agency for Fundamental Rights (FRA) published the second volume of its study on surveillance and its impact on fundamental rights. This study comes following the request of the European Parliament (EP) for information on the consequences of surveillance for fundamental rights. The Agency notes that “the mere existence of legislation allowing for surveillance constitutes an interference with the right to private life” even though it notes the role of surveillance measures in the fight against terrorism and new threats linked to new technologies.

The report completes and updates the first part that was published in 2015 that was dedicated to the EU Member States’ legal frameworks. However, since 2015 and the terrorist attacks that occurred on European soil, some countries have reformed their intelligence legislation to expand their surveillance practices. This new volume presents the current legislative frameworks and then focuses on the oversight bodies that can ensure surveillance bodies’ accountability, and remedies. It shows that even though surveillance has been developed in many countries since 2015, not enough has been done to protect fundamental rights.

----------------------------------------------------------------- Support our work with a one-off-donation! -----------------------------------------------------------------

Regarding the legislative framework, all Member States have legislation on targeted surveillance and five of them also have legislation on mass surveillance – based on“national interest”. Yet, the report underlines the lack of a definition of “national interest”. While recent reforms have brought more transparency, in line with some demands from civil society, including by clarifying the powers granted to the intelligence bodies, the report points out that they still do not comply with the recommendations of the FRA for “clear, foreseeable and accessible” legislation.

Regarding oversight bodies, all Member States have diverse bodies assuming this activity, including expert bodies, national parliaments through parliamentary committees and Data Protection Authorities (DPAs), with various degrees of power and independence.

Finally, the report shows that the possibilities for effective remedies are limited and that not many citizens resort to them. Even though complaints through non-judicial bodies are limited, they are more accessible than judicial remedies, as they are faster, cheaper and their procedures are “less strict” than for judicial remedies. More generally, remedies are also limited by the laws restricting access to notifications and information. The report recommends that judicial and non-judicial remedies should be accessible to citizens by giving oversight bodies the power to process complaints (power to access the data collected by intelligence services, make decisions that are binding for intelligence services, etc.).

The FRA recommends that the legislation should be “clear, specific and comprehensive” and elaborated though large-scale, inclusive public debate and public consultations and stresses the need for strong and transparent safeguards for both targeted surveillance and broader surveillance. The report also underlines the importance of protecting whistleblowers. Regarding that last point, the EP has already taken steps to reinforce the protection of whistleblowers by adopting a resolution on 23 October.

There is already huge pressure, for example through the Council, to ignore, re-interpret or misrepresent the two European Court rulings on mass data retention

Surveillance by intelligence services: fundamental rights safeguards and remedies in the EU – Volume II: field perspectives and legal update (23.10.2017)

Surveillance by intelligence services – Volume I: Member States’ legal frameworks (11.2015)

Europe’s governments win the Big Brother Awards 2017 for opening the pandora’s box of surveillance (13.10.2017)

(Contribution by Anne-Morgane Devriendt, EDRi intern)



31 Oct 2017

The European Commission struggles to find a position on encryption

By Joe McNamee

On 18 October, the European Commission adopted some form of position on encryption, inexplicably embedded in its “anti-terrorism package”. Home affairs activity in relation to encryption is horizontal (covering all illegal activity) and not specifically related to terrorism. However, the Commission chose to include this topic in its anti-terrorism package. The decision to publish the Commission’s encryption policy in a terrorism initiative that covers a wide range of other issues (from air passenger profiling, to protecting public spaces to regulating explosive precursors) appears to be more of a political/public relations choice than a substantive decision.

Generally, the issue of encryption in the context of investigations is framed as an overall setback for law enforcement authorities, deliberately ignoring the fact that vastly more data (such as metadata of communications) is now available for law enforcement authorities as a result of electronic communications.

Cross-border access to data

The Commission builds on that confusion by presenting a planned initiative on cross-border access to electronic data (described as “electronic evidence”) inside its text on encryption. The Commission itself describes the data in the cross-border initiative as “possibly encrypted”. As a result, the Commission, in a text on encryption in a document about terrorism, is talking about possibly not encrypted data in relation to possibly not terrorist investigations.

Technical measures

The Commission then talks obliquely about “technical measures” for recovering some encrypted material. This would build on Europol’s existing, but not described, decryption capabilities. The “technical measures” could therefore mean anything, from state hacking to brute force attacks. It is unclear what the Commission means when it stated that it was not proposing measures that “could weaken encryption or could have an impact on a larger or indiscriminate number of people”.

Points of expertise

A network of national “points of expertise” would build on but not replace work being done in EU Member States. This would bring together national experts working on technical measures to address encrypted material, in the context of investigations.

“Toolbox of alternative investigation techniques”

The Commission proposes a “toolbox of alternative investigation techniques” which would be developed by the national “points of expertise”. This process is also to happen ostensibly without looking at measures that would weaken encryption or could have an impact on a larger or indiscriminate number of people, apparently in isolation from any such measure that would be developed by Member States.

----------------------------------------------------------------- Support our work - make a recurrent donation! -----------------------------------------------------------------

Structured dialogues with industry

Even more coded is the reference to the “important role of service providers and other industry partners” to provide “solutions with encryption”. Those words have no obvious meaning – and possibly no meaning at all. Traditionally, “dialogue with industry” is a euphemism for coercion of industry to do things that industry would not otherwise have done. A non-committal reference to engaging with “civil society”, “where appropriate”, is made in the document. However, to our knowledge, no civil society was (so far) invited to the December 2017 EU Internet Forum.

Training programmes

The Commission also suggests to provide training programmes with the aim “for law enforcement and judicial authorities [to] ensure that responsible officers are better prepared to obtain necessary information encrypted by criminals”. The Commission does not explain why information encrypted by (potential) criminals is different from information encrypted by non-criminals. However, it does point out various options to provide training programmes such as the European Cybercrime Training and Education Group and the European Union Agency for Law Enforcement Training, as well as a funding option under the Internal Security Fund.

Continuous assessment of technical and legal aspects of the role of encryption

Finally, the Commission proposes an “observatory function” in cooperation with the European Cybercrime Centre at Europol, the European Judicial Cybercrime Centre and Eurojust.


The European Commission has consulted widely and has been more transparent than usual in its development of its current position. It also appears to resist some of the more outlandish and hysterical positions of certain European politicianslike the British government, in particular, that bounces around ideas of limiting or breaking encryption at apparently random intervals. However, the lack of clarity and overtly political elements of the text raise fears for the next steps in the Commission’s policy-making in relation to this important topic. We can only hope that the Commission will still consult civil society organisations, not just industry.

“Eleventh progress report towards an effective and genuine Security Union” (18.10.2017)

EU’s plans on encryption: What is needed? (16.10.2017)

EDRi delivers paper on encryption workarounds and human rights (20.09.2017)

EDRi position paper on encryption (25.01.2016)

Encryption – debunking the myths (03.05.2017)

(Contribution by Joe McNamee, EDRi)



31 Oct 2017

The European Parliament calls for protection of whistleblowers

By Ana Ollo

On 24 October, the European Parliament adopted a resolution calling on the European Commission to propose legislation protecting whistleblowers in the European Union (EU). The institution made a clear statement recognising the essential role that whistleblowers play in our society, as well as the need to protect them.

Whistleblowers fight for transparency, democracy and the rule of law, by reporting unlawful or improper conduct that undermine the public interest. They point out acts of corruption, criminal offences or conflicts of interest, which represent threats against our rights and freedoms.

Despite the importance of the role of whistleblowers in our society, they face various risks that can dissuade them from whistleblowing and from fulfilling our civic duty. The legislation of many EU Member States does not offer them protection nor the right to preserve their anonymity. In some cases, whistleblowers are subject to criminal or civil proceedings, or even face personal threats and harm. Consequently, EDRi has called several times for their effective protection, especially at the EU level, as did the Council of Europe, the Organisation for Economic Cooperation and Development (OECD) and Transparency International, among other organisations.

----------------------------------------------------------------- Support our work - make a recurrent donation! -----------------------------------------------------------------

It is in this context that the European Parliament adopted its resolution on legitimate measures to protect whistleblowers acting in the public interest when disclosing the confidential information of companies and public bodies. It calls on the European Commission to propose an EU Directive by the end of 2017. The text should grant a high level of protection to whistleblowers, as well as incentivise others to contribute to the fight for transparency and accountability.

The resolution contains a broad definition of “whistleblower”, referring to anybody who reports information in the public interest. It calls on the Commission to establish a system allowing them to expose wrongdoing either within the organisation or directly to the appropriate public authorities, non-governmental organisations or the media. Regarding the protection offered, the Parliament defends whistleblowers’ right to anonymity and believes that retaliation against them should be “penalised and sanctioned effectively”. Furthermore, in case of alleged retaliatory actions, it establishes that employers shall provide evidence that their actions are not related to the report made by the whistleblower. It also calls on Member States to establish independent bodies to advise potential whistleblowers on their legal situation, and suggests creating a similar body at the EU level.

This resolution represents a first step towards an effective protection of whistleblowers throughout the European Union.

European Parliament Resolution (2016/2224(INI)) on legitimate measures to protect whistleblowers acting in the public interest (24.10.2017)

Council of Europe Recommendation CM/Rec(2014)7 to member States on the protection of whistleblowers (30.04.2014)

The EU must take action to protect whistleblowers” (31.05.2017)

Protecting whistleblowers – protecting democracy (25.01.2017)

Open letter to the to the Heads of State and Government of the European Union “The Trade Secrets Protection Directive Is Still Dangerous For Freedoms and Rights” (13.05.2016)

(Contribution by Ana Ollo, EDRi intern)



31 Oct 2017

Portugal bans use of DRM that limits access to public domain works

By Electronic Frontier Foundation

With the tendency of becoming too accustomed to bad news on copyright, it is refreshing to hear that Portugal has recently passed a law that helps to strike a fairer balance between users and copyright holders on digital rights management (DRM).

The law does not abolish legal protection for DRM altogether – unfortunately, that would not be possible for Portugal to do unilaterally, because it would be inconsistent with European Union law and with the World Intellectual Property Organisation (WIPO) Copyright Treaty to which the EU is a signatory. However, Law No. 36/2017 of 2 June, 2017, which entered into force on 3 June, 2017, does grant some important new exceptions to the law’s anti-circumvention provisions, which make it easier for users to exercise their rights to access content without being treated as criminals.

The amendments to Articles 217 and 221 of Portugal’s Code of Copyright and Related Rights do three things. First, they provide that the anti-circumvention ban does not apply to circumvention of DRM in order to enjoy the normal exercise of copyright limitations and exceptions that are provided by Portuguese law. Although Portugal does not have a generalised fair use exception, the more specific copyright exceptions in Articles 75(2), 81, 152(4) and 189(1) of its law do include some key fair uses; including reproduction for private use, for news reporting, by libraries and archives, in teaching and education, in quotation, for persons with disabilities, and for digitising orphan works. The circumvention of DRM in order to exercise these user rights is now legally protected.

----------------------------------------------------------------- Support our work - make a recurrent donation! -----------------------------------------------------------------

Second and perhaps even more significantly, the law prohibits the application of DRM to certain categories of works in the first place. These are works in the public domain (including new editions of works already in the public domain), and to works published or financed by the government. This provision alone will be a boon for libraries, archives, and for those with disabilities, ensuring that they never again have to worry about being unable to access or preserve works that ought to be free for everyone to use. The application of DRM to such works will now be an offence under the law, and if DRM has been applied to such works nevertheless, it will be permitted for a user to circumvent it.

Third, the law also permits DRM to be circumvented where it was applied without the authorisation of the copyright holder. From now on, if a licensee of a copyright work wishes to apply DRM to it when it is distributed in a new format or over a new streaming service, the burden will be on them to ask the copyright owner’s permission first. If they do not do that, then it will not be an offence for its customers to bypass the DRM in order to obtain unimpeded access to the work, as its copyright owner may well have intended.

If there is a shortcoming to the law, it is that it doesn’t include any new exceptions to the ban on creating or distributing (or as lawmakers ludicrously call it, “trafficking in”) anti-circumvention devices. This means that although users are now authorised to bypass DRM in more cases than before, they’re on their own when it comes to accomplishing this. The amendments ought to have established clear exceptions authorising the development and distribution of circumvention tools that have lawful uses, rather than leaving users to gain access to such tools through legally murky channels.

Overall though, these amendments go to show just how much flexibility countries have to craft laws on DRM that strike a fairer balance between users and copyright holders – even if, like Portugal, those countries have international obligations that require them to have anti-circumvention laws. EDRi member Electronic Frontier Foundation (EFF) applauds Portugal for recognising the harmful effects that DRM has access to knowledge and information, and hopes that these amendments will provide a model for other countries wishing to make a similar stand for users’ rights.

Copyright reform: Document pool

Copyfail #9: Digital Rights Management (DRM): Restricting lending and borrowing books and music in digital format  (20.07.2016)

(Contribution by Jeremy Malcolm, EDRi member Electronic Frontier Foundation (EFF), USA; Adaptation by Maren Schmid, EDRi intern)



26 Oct 2017

Leak: Three EU countries join forces for restrictions & copyright chaos

By Joe McNamee

Leaked documents concerning the Copyright Directive show that France, Spain and Portugal have joined forces in the Council of the European Union to attack the cornerstones of internet freedom in Europe.

The documents show that the three countries propose elevating fighting copyright violations to a special status – above combating terrorism, child abuse and serious online crime. This would put our fundamental rights on the line, and create legal chaos for service providers in Europe.

No more hosting services

Under existing rules, internet hosting companies are not liable for unauthorised content uploaded by their users, unless they fail to act quickly to remove that content, once they are informed about it. The proposal is to leave that law in place, but redefine the services provided by hosting providers so that pretty much nobody is covered by that legislation (the e-Commerce Directive).

How is this done?

Firstly, the leaked document says that any company that allows users to upload content  that could be copyrighted or subject to any property right (“other subject matter” such as, choreography, for example) is performing an act of “communication to the public”.

This means that the service provider is performing an activity that requires authorisation by rightsholders – unless at all times the provider can be sure that nothing that is, or could conceivably be, subject to a property right is being uploaded.

Specifically, the proposal is that companies “that store works or other subject-matter uploaded by their users and are actively involved in providing access to the public to such contents” should no longer be considered hosting companies, even if this is pretty much the definition of hosting. This means that hosting services (that optimise the content they store in any way) would need to carry out constant monitoring of everything that is uploaded to their services – and delete anything that might create a risk – as they will be directly liable for anything their users do.

Mandatory surveillance of all uploads

Having already made it virtually impossible to provide a hosting service without being licensed by all relevant collective rights management groups (film, audio, image, etc), the three countries go further: They demand that larger providers (those that store an undefined “significant” amount of material) should not only have to monitor everything that is being uploaded, but should also be required to “prevent the availability” of content that is identified by rightsholders (by using content identification and upload filtering). This would be flanked with an additional obligation to inform the multitude of rightsholders “on the functioning” of those measures.

Redress mechanisms?

A patently inadequate and complicated complaints mechanism is proposed in order to make the proposal seem balanced. Under this mechanism:

  • a user could complain to the provider who filtered out the content, who would process the complaint and;
  • pass it on to the rightsholder (who asked for the filtering to happen) who would process the complaint within a “reasonable” period of time and;
  • inform the provider, who would inform the user who may or may not be happy with the outcome, but has no more redress.
  • The rightsholders would have no liability for false claims of ownership.

It seems irrelevant to the French, Spanish and Portuguese that the European Court has ruled that it is unacceptable to impose a filtering obligation on providers if that filtering:

  • is of all electronic communications passing via its services; (as in this case)
  • applies indiscriminately to all its customers; (as proposed in this case)
  • is done as a preventive measure; (as proposed in this case)
  • is done exclusively at the provider’s expense; (as proposed in this case ) and
  • is done for an unlimited period; (as proposed in this case)

The Court also ruled against filtering by social media in the Netlog/Sabam case.

Another related leak from the Estonian Presidency reveals that it is letting the three countries set their agenda without interference. It seems that the Estonian Presidency is, again, choosing political expediency over the rights of European citizens and the free and open internet – and the Estonian ethos of a well-regulated, digital-friendly society. We have prepared a document to show how carefully the Estonian Presidency is following the three countries  that are proposing these extreme measures.

Duty of care

But France, Spain and Portugal’s approach to the Copyright Directive also risks creating chaos for another reason – clarity. The legal basis of the Directive in this case is to harmonise the EU single market. Once adopted, it has to be “transposed” into national law, leaving Member States considerable flexibility about how this is done. Directives need to be very clear to avoid divergent implementations in different Member States.

Directives consist of articles and explanatory “recitals”. The recitals proposed by the three countries are remarkable by any stretch of the imagination. The three countries propose enhancing this harmonisation by suggesting to the 27 Member States (and their 27 judicial systems)  that they can “expect” companies under their jurisdiction to enact an undefined “duty of care”. This would cover internet companies that are – and are not – communicating to the public and internet companies that are – or are not – covered by Article 14 (hosting services) of the E-Commerce Directive. The 27 Member States and their court systems, when implementing the Directive, would create and interpret the “expectation” of this “duty” that would encourage companies to implement undefined “appropriate and proportionate tools” to protect “works or other subject matter” when their services are “impacting” on the exploitation of copyrighted works.

These missing definitions and vague language (“significant”, “expect”, “duty”, “prevent”, “impacting”) would result in 27 different national laws (interpreted by 27 national court systems) in the EU on how this “duty of care” would be implemented. The only point of consistency would be that this would apply only to copyrighted content (and, of course, “other subject matter”). As a reminder: Content that is considered less important by the EU Council, like terrorism (nothing similar was approved in the terrorism Directive adopted earlier in 2017) or child exploitation (nothing similar was approved in the child exploitation Directive adopted in 2011) would not be subject to this unclear “duty” and existing rules would continue to apply.

This proposal is great news – but only for a few!

  • It is great news for service providers outside the EU that can take over the EU hosting market once EU companies are driven out;
  • and it is great news for repressive regimes that are already pointing to EU policy and practices to justify their internet crackdowns.

Yet, it is less good news for fundamental rights, privacy, freedom of expression, European companies, victims of repressive regimes, or the rule of law.

Leaked document: Amendment from ES, FR, PT to the recitals 37, 38, 39 and Article 13 on the value gap

Comparison: Spain, Portugal and France’s demands – Estonian Presidency document

Leaked document: Presidency Flash – Copyright Working Party 17/18 October 2017

Copyright reform: Document pool

(Contribution by Joe McNamee, EDRi)


25 Oct 2017

Tell the European Parliament to stand up for e-Privacy!

By Diego Naranjo

On 26 October, the European Parliament (EP) will decide on a key proposal to protect your privacy and security online. This step consists in confirming (or not) the Parliament’s mandate to negotiate the e-Privacy Regulation with the Council of the European Union.

This vote has been demanded as part of an effort to either water down or completely destroy the proposal. As a result, we (very exceptionally) support the mandate being granted.

Do you want to protect the privacy of millions of people in the next generations? Then take action now and contact the Members of the European Parliament (MEP) from your country in order to be able to make sure that the European Parliament approves the mandate. You can:

  1. Call your MEP using the free call system (developed by La Quadrature Du Net) and ask them to vote on Thursday 26 October to support the mandate for the e-Privacy trilogues.
  2. Tweet to the MEPs from your own country now (and also other MEPs, ideally in their own language). Use the hashtag #ePrivacy! You could tweet for example along the lines:

Dear <@MEP>, please vote for a mandate for the #ePrivacy #trilogues. Good for citizens, for trust, for innovation, for competition!

You can find below the list of MEPs’ Twitter handles for each Member State:

The Regulation applies to confidentiality of communications, online and offline tracking and device security. It has been the subject of a huge lobbying campaign by industry associations peddling a range of outlandish claims including that the Regulation would ban advertising and would even be responsible for “killing the internet” (seriously).

e-Privacy Directive: Frequently Asked Questions

e-Privacy Mythbusting (25.10.2017)

Quick guide on the proposal of an e-Privacy Regulation (09.03.2017)

Last-ditch attack on e-Privacy Regulation in the European Parliament (24.10.2017)

Dear MEPs: We need you to protect our privacy online! (05.10.2017)


25 Oct 2017

Join us at the 34C3 network assembly!

By Guillermo Peris

The 34th Chaos Communication Congress (34C3) will take place in Leipzig on 27-30 December 2017. This year, we will organise an assembly together with our friends at the Electronic Frontier Foundation (EFF), Privacy International,, Digitale Gesellschaft Switzerland, Forum InformatikerInnen für Frieden und gesellschaftliche
Verantwortung (FIfF), Fitug, Gesellschaft für Freiheitsrechte (GFF), Hermes Center, Vrijschrift and the Free Software Foundation Europe (FSFE).

This assembly will be the meeting point for every digital rights defender out there, a workshop space where you can participate in or organise sessions, where you can get to know the EDRi network and its allies and relax.

If you are planning to carry out a workshop at 34C3 and think it could fit in the EDRi space, we would love to know about it! It can be anything related to digital rights (privacy and data protection, copyright, net neutrality, surveillance, whistleblowing, transparency…) and from every perspective (technical, legal, sociological…).

Please send us your proposal by 19 November. We will get back to you by the end of November to let you know if your session can be organised in our assembly. [Update: The deadline has been extended to 26 November. ];

How do I do it?
Write an email to guillermo.peris[at]edri[dot]org with the following information for each proposed session:

  • session title
  • short description
  • language
  • session format
  • length
  • preferred session date and time – please indicate two options!
  • a short introduction of yourself and your organisation

Examples of formats:

  • conversation (share your experience and ideas and invite reflection)
  • workshop (a practical, hands-on oriented session)
  • training (teach something to the attendees)

Tips for planning your workshop:

  • Be inclusive and foster new connections between participants
  • Limit the duration of your session to maximum 1,5 hours
  • Invite different organisations or projects to collaborate on the session with you

34C3 Tickets: Status and Open Sale

24 Oct 2017

Last-ditch attack on e-Privacy Regulation in the European Parliament

By Joe McNamee

The ECR, the right-wing, Eurosceptic political group in the European Parliament has joined forces with German Conservatives, Axel Voss and Monika Hohlmeier, as well as the Danish Liberal Morten Løkkegaard to try to overturn progress made on the e-Privacy Regulation.

The Regulation applies to confidentiality of communications, online and offline tracking and device security. It has been the subject of a huge lobbying campaign by industry associations peddling a range of outlandish claims including that the Regulation would ban advertising and would even be responsible for “killing the internet” (seriously).

As the myths and mythology that Members of the European Parliament (MEPs) are being confronted with every day are getting more and more ridiculous, on 24 October, we wrote to all 751 MEPs. However, to avoid the e-mail getting too long, we restricted ourselves to the six most outlandish myths:

  1. that e-Privacy bans online advertising (advertising existed before online surveillance)
  2. that e-Privacy is bad for democracy (tracking has manipulated elections)
  3. that e-Privacy is bad for media pluralism and quality of journalism (tracking is the business model of fake news)
  4. that e-Privacy prevents the fight against illegal content (the telecoms companies made this false argument about net neutrality. It wasn’t true and still isn’t)
  5. that e-Privacy helps Google and Facebook (no, seriously, the lobbyists are actually saying this)
  6. that we need a level playing field (actually that one is true, we need everyone to be regulated fairly)

You can read our letter here.

Tell your MEPs you want a strong e-Privacy Regulation – as agreed by the European Parliament Committee on Committee on Civil Liberties, Justice and Home Affairs (LIBE). Find your MEPs here.


20 Oct 2017

See which MEPs voted in favour of e-Privacy – and which ones against it


On 19 October, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted on the proposed e-Privacy Regulation. With 31 votes the Committee voted in favour of measures defending privacy, security and competition for phone and internet services.

The 31 MEPs in favour of the e-Privacy Regulation belong to the Alliance of Liberals and Democrats for Europe group (ALDE), the Europe of Freedom and Direct Democracy (EFDD), the European United Left-Nordic Green Left (GUE/NGL), the Non-Inscrits (NI), the Progressive Alliance of Socialists and Democrats (S&D) and the Greens–European Free Alliance (Verts/ALE):

Name EU political group Country National party
Gérard Deprez ALDE Belgium Mouvement Réformateur (MR)
Nathalie Griesbeck ALDE France Mouvement démocrate (MoDem)
Sophia in ‘t Veld ALDE Netherlands Politieke Partij Democraten 66 (D66)
Kaja Kallas ALDE Estonia Eesti Reformierakond
Angelika Mlinar ALDE Austria NEOS – Das Neue Österreich und Liberales Forum
Ignazio Corrao EFDD Italy Movimento 5 Stelle (M5S)
Laura Ferrara EFDD Italy Movimento 5 Stelle (M5S)
Xabier Benito Ziluaga GUE/NGL Spain Podemos
Cornelia Ernst GUE/NGL Germany Die LINKE
Josu Juaristi Abaunz GUE/NGL Spain Euskal Herria Bildu (EH Bildu)
Dennis de Jong GUE/NGL Netherlands Socialistische Partij (SP)
Martin Sonneborn NI Germany Die PARTEI
Caterina Chinnici S&D Italy Partito Democratico (PD)
Ana Gomes S&D Portugal Partido Socialista (PS)
Sylvie Guillaume S&D France Parti socialiste (PS)
Sylvia-Yvonne Kaufmann S&D Germany Sozialdemokratische Partei Deutschlands (SPD)
Cécile Kashetu Kyenge S&D Italy Partito Democratico (PD)
Dietmar Köster S&D Germany Sozialdemokratische Partei Deutschlands (SPD)
Marju Lauristin S&D Estonia Sotsiaaldemokraatlik Erakond (SDE)
Juan Fernando López Aguilar S&D Spain Partido Socialista Obrero Español (PSOE)
Andrejs Mamikins S&D Latvia Sociāldemokrātiskā Partija “Saskaņa” (SDPS)
Claude Moraes S&D United Kingdom Labour Party
Péter Niedermüller S&D Hungary Demokratikus Koalíció (DK)
Kati Piri S&D Netherlands Partij van de Arbeid (PvdA)
Soraya Post S&D Sweden Feministiskt initiativ (FI)
Birgit Sippel S&D Germany Sozialdemokratische Partei Deutschlands (SPD)
Janusz Zemke S&D Poland Sojusz Lewicy Demokratycznej (SLD)
Jan Philipp Albrecht Verts/ALE Germany Bündnis 90/Die Grünen
Eva Joly Verts/ALE France Europe Écologie Les Verts (EELV)
Judith Sargentini Verts/ALE Netherlands GroenLinks
Bodil Valero Verts/ALE Sweden Miljöpartiet de gröna (MP)


The 24 MEPs against the e-Privacy Regulation belong to the European Conservatives and Reformists (ECR), the Europe of Freedom and Direct Democracy (EFDD), the Europe of Nations and Freedom (ENF) and the European People’s Party (PPI):

Name EU political group Country National party
Daniel Dalton ECR United Kingdom Conservative Party
Jussi Halla-aho ECR Finland Perussuomalaiset (PS)
Monica Macovei ECR Romania Independent
Helga Stevens ECR Belgium Nieuw-Vlaamse Alliantie (N-VA)
Gerard Batten EFDD United Kingdom UK Independence Party
Raymond Finch EFDD United Kingdom UK Independence Party
Harald Vilimsky ENF Austria Freiheitliche Partei Österreichs (FPÖ)
Auke Zijlstra ENF Netherlands Partij voor de Vrijheid (PVV)
Asim Ahmedov Ademov PPE Bulgaria ГЕРБ, Граждани за европейско развитие на България
Heinz K. Becker PPE Austria Österreichische Volkspartei (ÖVP)
Michał Boni PPE Poland Platforma Obywatelska (PO)
Anna Maria Corazza Bildt PPE Sweden Moderata samlingspartiet (M)
Rachida Dati PPE France Les Républicains (LR)
Monika Hohlmeier PPE Germany Christlich-Soziale Union in Bayern (CSU)
Lívia Járóka PPE Hungary Fidesz
Barbara Kudrycka PPE Poland Platforma Obywatelska (PO)
Roberta Metsola PPE Malta Partit Nazzjonalista (PN)
Alessandra Mussolini PPE Italy Forza Italia (FI)
József Nagy PPE Slovakia Most–Híd
Csaba Sógor PPE Romania Uniunea Democrată Maghiară din România
Jaromír Štětina PPE Czech Republic Tradice Odpovědnost Prosperita (TOP 9)
Traian Ungureanu PPE Romania Partidul Național Liberal (PNL)
Axel Voss PPE Germany Christlich Demokratische Union Deutschlands (CDU)
Tomáš Zdechovský PPE Czech Republic Křesťanská a demokratická unie – Československá strana lidová (KDU–ČSL)


One of the MEPs of the Committee was absent:

Name EU political group Country National party
Kristina Winberg EFDD Sweden Sverigedemokraterna (SD)


Euro-parliamentarians say a clear “no” to the anti-privacy lobby (19.10.2017)

e-Privacy Directive: Frequently Asked Questions

e-Privacy revision: Document pool

Quick guide on the proposal of an e-Privacy Regulation (09.03.2017)

Dear MEPs: We need you to protect our privacy online! (05.10.2017)