On 17 January 2018, the Romanian Ministry of Culture organised a debate on the EU copyright reform proposal. With the room full with about fifty participants, three quarters were representing press publishers, record labels and collective management associations. It seemed almost like a full-fledged campaign meeting organised for and by traditional newspapers and rightsholders organisations to rally support for Articles 11 and 13 of the Copyright Directive proposal – a support meeting coincidentally (or not) organised just prior to national officials presenting their country’s position on the copyright reform in Brussels.
More information is available in English here.
The U.S. Senate on Thursday passed a bill to renew the National Security Agency’s warrantless internet surveillance program for six years with minimal changes, overcoming objections from civil liberties advocates that it undermined the privacy of Americans.
The European Court of Justice in Luxembourg on Thursday ruled that Austrian privacy campaigner Max Schrems cannot lodge a class action suit against Facebook Ireland. Schrems was seeking to stake the collective claim on the behalf of 25,000 people. The judges instead said he can file an individual case. Schrems maintains that Facebook violates the privacy of European-based users.
Austria’s Supreme Court of Justice has referred a case to the Court of Justice of the European Union regarding hate speech on social media platforms. The referral could have a global impact on Facebook – and ultimately on our privacy and freedom of speech.
Europe's General Data Protection Regulation (GDPR) will come into effect in May 2018, and with it, a new set of tough penalties for companies that fail to adequately protect the personal data of European users. Amongst those affected are domain name registries and registrars, who are required by ICANN, the global domain name authority, to list the personal information of domain name registrants in publicly-accessible WHOIS directories. ICANN and European registrars have clashed over this long-standing contractual requirement, which does not comply with European data protection law.
This was one of the highest profile topics at ICANN's 60th meeting in Abu Dhabi which EFF attended last year, with registries and registrars laying the blame on ICANN, either for their liability under the GDPR if they complied with their WHOIS obligations, or for their contractual liability to ICANN if they didn't. ICANN has recognized this and has progressively, if belatedly, being taking steps to remediate the clash between its own rules, and the data protection principles that European law upholds.
This bill, however, would give law enforcement around the globe — though particularly in the U.S. — more access to users’ private data without sufficient privacy protections.
The head of Austria's data protection authority Andrea Jelinek is replacing Isabelle Falque-Pierrotin as the chair of the body representing national data protection supervisors known as the Article 29 Working Party. Jelinek was elected for the post on Wednesday and is likely to also become the head of the upcoming European Data Protection Board, tasked to enforce the general data protection regulation.
EU data protection chiefs are worried member states won't be ready when a new wide-sweeping general data protection regulation goes live on 25 May. National laws still need to be passed to ensure data authorities can enforce the regulation EU-wide.
In January 2018, the Bulgarian Presidency of the Council of the European Union picked up where the Estonian Presidency left off on the ePrivacy Regulation. It issued two examinations of the last Estonian “compromise” proposal and asked national delegations for guidance on some issues. Together, the documents cover most of the key points of the text. While the Bulgarian Presidency brings clarity on some points, its questions pave the way to undermine the text – and therefore threatens the protection of citizens’ privacy, confidentiality of communications of both citizens and businesses, as well as the positions of innovative EU companies and trust in the online economy.
The European Parliament’s Special Committee on Terrorism (TERR) was established on 6 July 2017, for a renewable twelve-month mandate. The Committee was created with the ambitious aim of addressing ostensible practical and legislative deficiencies in the fight against terrorism across the European Union and with international actors.
EDRi observer Gesellschaft für Freiheitsrechte (GFF) has filed a constitutional complaint against surveillance by Germany’s foreign intelligence agency, the Bundesnachrichtendienst (BND). A new law that the German Parliament passed in October 2016 allows the BND to spy on foreign journalists.
Enforcement of the European Union’s General Data Protection Regulation is coming very soon. This regulation is not limited to companies based in the EU—it applies to any service anywhere in the world that can be used by citizens of the EU.
Under the old “cookie law”, using a third-party cookie-setting service like required informing users who were citizens of the EU. Under GDPR, explicit consent is required and implied consent isn’t enough.
Artificial intelligence is giving surveillance cameras digital brains to match their eyes, letting them analyze live video with no humans necessary. This could be good news for public safety, helping police and first responders more easily spot crimes and accidents and have a range of scientific and industrial applications. But it also raises serious questions about the future of privacy and poses novel risks to social justice.
Mozilla has filed a petition in federal court in Washington, DC against the Federal Communications Commission for its recent decision to overturn the 2015 Open Internet Order.
The discussions on the e-Privacy Regulation continue in the European Union legislative process. On 5 December 2017, the Estonian Presidency of the Council proposed new compromises on key articles. This latest proposal for amendments is related to Articles 6, 7 and 8 of the draft e-Privacy Regulation, which concern permitted processing (Art. 6), storage and erasure of communications data (Art. 7) and the protection of stored communications in users’ devices (Art. 8).
The EU and Japan have announced the conclusion of the final discussions on a trade agreement, the EU-Japan Economic Partnership Agreement (EPA).
The European Commission proposed its badly drafted “Directive on combating sexual abuse, sexual exploitation of children and child pornography” in 2010. In 2011, it was finally adopted by the Council of the European Union and the European Parliament. Under the Directive, the European Commission was legally required to publish an implementation report by 18 December. The Commission ignored its legal obligation and published its report a year late, on 16 December 2016. It published one report on the whole Directive and one on the implementation of Article 25 on the Directive, on internet blocking. Despite taking an extra year to collect information, the 13-page document is almost entirely devoid of useful data.
On 20 December 2017, EDRi member Iuridicum Remedium (IuRe) filed a request with the Constitutional Court of the Czech Republic to revoke the Czech data retention related legislation. The filing of the request was achieved in close cooperation with the Czech Pirate Party, whose 22 deputies were for the first time elected to the Chamber of Deputies of the Czech Parliament in October 2017.
In April 2015, prosecutor Fredrik Ingblad directed claims against Fredrik Neij (one of the creators of The Pirate Bay) in an effort to disrupt the operation of The Pirate Bay website in Sweden. Ingblad also filed a complaint against Punkt SE (IIS), the organisation responsible for Sweden’s .se top-level domain. Mr Ingblad argued that the domains ‘ThePirateBay.se’ and ‘PirateBay.se’ were used as “tools” to aid and abet copyright infringement and should therefore be seized by the Swedish state.
In December 2017 the Swedish Supreme Court confirmed that the two domains can indeed be seized by the state.
At the Real World Crypto security conference in Zurich, Switzerland, a group of researchers from the Ruhr University Bochum in Germany plan to describe a series of flaws in encrypted messaging apps. While the Signal and Threema flaws they found were relatively harmless, the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.