(originally published at https://edri.org/towards-corporate-copyright-reform-eu/)
On 24 August, Statewatch leaked the draft Impact Assessment (IA) of the European Commission (EC) on the copyright reform.
Impact Assessments are an essential part in the decision making process. They are where the EC analyses the different options available when considering a policy initiative. Ahead of the official presentation of the final IA in September 2016, the leak hints the range of proposals that could be adopted in the European Union (EU) on copyright matters.
During our copyfails blogpost series we described how badly the EU copyright regime is broken, and how these failures could be fixed if the political will existed. However, after reading the draft IA, our conclusion is that EU policy-makers do not seem to think it is worth the effort to bring copyright to the XXI century. Ignoring the results of the copyright consultation of 2014, and despite not having published the analysis on the results on the public consultation on ancillary copyright and freedom of panorama, the Commission has a plan: Let’s ignore all facts (even those previously identified) and avoid a real reform at all costs.
The draft text shows:
First, the long-awaited copyright reform is likely to become a patchwork of concessions to lobbyists’ demands. If a ban on geo-blocking was something that had any chance to be discussed, the film industry fought that idea, and has prevailed in its demands to maintain the borders in Europe’s “digital single market”. If news publishers wanted an EU wide version of the failed ancillary copyright initiatives to “tax” Google in Spain and Germany, they they will be delighted with the even more extravagant and dangerous position being adopted by the Commission. While the national-level initiatives have been very controversial and have lead to serious consequences, the Commission is going much further. “Ancillary copyright on steroids” seem to the Commission to be the best option, despite publishers themselves admitting that this measure, in their most optimistic possible scenario, would only lead to a ten-percent increase in revenues. Finally, when the music industry giants started complaining about how little money they get from YouTube (despite the billions they do receive), they were given a proposal to fix the so-called “value gap” extending the same system to other online platforms.
Second, once the corporate wish list was diligently followed, the Commission felt creative and thought that extending the automatic identification of works, Google’s Content ID, and making it the new standard would be a good idea. And why not adopt a Google product as a standard? Why not adopt a Google product that is regularly used to delete perfectly legal content? Why not give rights-holder the power to de facto overturn legislators’ decisions on copyright flexibilities? Why not create another barrier for Europe’s online entrepreneurs?
Content ID tools cannot deal with the nuances of copyright law. This will inevitably lead into restrictions on uses of cultural content which are permitted under legally safeguarded copyright flexibilities (“exceptions and limitations”), for example, copyrighted works in teaching environments. Furthermore, the huge costs of creating such a system would impede small and medium enterprises from competing in the market with giants like Google and seriously undermine the possibilities to create new businesses in Europe.
Despite the bad news that this draft IA brings, not everything is lost yet. The European Commission has time and the duty to fix the draft Impact Assessment and prepare the copyright reform that the EU needs. At this stage a solid alliance of diverse stakeholders is needed in order to subvert the corporate copyright reform that could be announced this month.
European Commission Staff Working Document Impact Assessment on the modernisation of copyright rules
European Copyright Leak Exposes Plans to Force the Internet to Subsidize Publishers
Google snippet tax, geoblocking, other copyright reform shunned in EU plan
Commissioner Oettinger is about to turn EU copyright reform into another ACTA
Copyfails: Time to #fixcopyright!
(Originally published at the EDRi website as part of our campaign to reform EU copyright)
We believe that new technologies bring new ways to access culture – they are not a threat for creators. We believe that the legitimacy crisis of the current EU copyright regime is created by the system itself. We believe there’s a need for a modernised copyright regime which takes into consideration the needs of all parts of society, including creators.
Europe needs a more profound reform of the EU copyright regime than the one that the European Commission has announced. To illustrate this, we have identified nine copyfails – crucial failures of the current EU system. You can read the first blogpost of our “copyfails” series, presenting the copyfail #1 here.
The European Commission has set in its agenda reforming copyright as one of the foundations to build the Digital Single Market. However, the Communication published at the end of 2015 did not meet the expectations of the announced “more modern, more European” copyright. On the contrary, the Commission apparently only wants to paper over the serious cracks in the wobbling structure of EU copyright legislation rather than addressing the real problems.
Are you ready to #fixcopyright in the EU? Follow #fixcopyright on Twitter!
Copyright reform: Restoring the facade of a decrepit building (16.12.2015)
Last January my colleague from EDRi Maryant Fernández and I participated in a Pecha Kucha event with the occassion of the CPDP Conference. In a Pecha Kucha event speakers need to do a presentation based on 20 images, using 20 seconds for each of them. Since the conference is focused on data protection and privacy, we decided to do ours about anti-terrorism laws and the use of profiling techniques, including profiling.
I intervened on 1 June 2016 in an event hosted by Isabella Adinolfi in cooperation with Commons Network, titled: Roundtable: Why the EU needs Knowledge Commons.
“In late 2015 the Commons Network published the paper: The EU and the Commons: A Commons Approach to European Knowledge Policy. It outlines the compelling logic, benefits and ethics of a commons approach to knowledge, with an emphasis on how that could improve policy in certain areas such as health, the environment, science and culture, and the Internet.” (Source: http://commonsnetwork.eu/roundtable-why-the-eu-needs-knowledge-commons/)
My intervention starts around 48:10 and is about copyright reform in the EU:
(Originally published at https://edri.org/cjeu-hearing-on-the-eu-canada-pnr-agreement-still-shady/)
The European Court of Justice (CJEU) had a hearing on 5 April to decide about the referral made on 25 November by the European Parliament on the EU-Canada agreement on Passenger Name Records (PNR). Passenger Name Records (PNR) include information provided by passengers and collected by air carriers for commercial purposes, such as, but not only, the date of the trip and complete itinerary, the name and contact information, the form of payment, frequent flyer information, meal preferences and medical information. In some cases, the airlines will have access to other data such as hotel bookings, car rentals, train journeys, travel associates, etc. This provides a massive insight into the private life of an individual.
The agreement between the EU and Canada allows for the transfer and processing of PNR data of passengers flying between the EU and Canada. The result of the referral of the agreement to the CJEU could impact the proposal for an EU PNR Directive (Fight against terrorism and serious crime: use of passenger name record (PNR) data (procedure file 2011/0023(COD)), that was adopted by the European Parliament’s Civil Liberties Committee on 15 July 2015, and which may be scheduled to be voted in the European Parliament’s plenary session on 27-28 April 2016. The narrow vote (32 in favor, 26 against, no abstentions) in favour happened despite the rejection of this same EU PNR proposal by the same Committee in 2014 and despite the CJEU ruling invalidating the Data Retention Directive.
During the hearing, many crucial issues came up:
Firstly, the European Commission (EC) argued before the Court that PNR data is “anonymised” after 30 days and that, as a result, the CJEU judgment invalidating the data retention Directive is not applicable in this case. However, the EC fails to see that the PNR data is only “masked out” – depersonalised by masking certain identifiers. This is not anonymisation. The EU PNR Directive contains similar clauses and the European Data Protection Supervisor (EDPS) Opinion 5/2015 of 24 September 2015 said that they were glad that the mention to anonymous data was taken off the proposal since “(i)ndeed, the data at stake could not be considered as anonymous since they would still be re-identifiable.”
Secondly, the EC quoted the EU anti-terrorism coordinator saying that the number of convinctions based on PNR are irrelevant”. This just does not make sense. If the goal is to find suspects, and there are no convictions based on the PNR data used, the collection and processing of PNR data could well not be “necessary” nor “genuinely meet objectives of general interest recognised by the Union” as Article 52.1 of the Charter of Fundamental Rights states for any limitation for fundamental rights.
Thirdly, during the hearing Member States defended the agreement based on different reasons. The Spanish representative stated that the data retention period of 5 years is absolutely necessary for criminal investigations. Why not five and a half years, as it is the case currently under the PNR agreement with Australia… or 15 years, as under the PNR agreement with the USA? Why not 20 years? Or maybe just 3? Is the standard “whatever-length-we-randomly-decide-each-time”?
Fourthly the issue of the independent supervisory authority was also highlighted during the hearing. The EDPS reiterated the views expressed in their Opinion on the agreement of 30 September 2013 and said that the oversight in Canada PNR is not an equivalent independent authority, which was refuted by the EC during the hearing. The EDPS Opinion explicitly regretted the fact that “oversight may take place (…) by a (non independent) authority created by administrative means”. The EDPS also noted the “limitations of judicial review with respect to judicial redress”.
In sum, the hearing has shown once again that PNR profiling is a not a necessary and proportionate means to prevent international crime and terrorism in the EU. The Advocate General of the Court will announce his opinion on 13 June 2016.
EU-Canada agreement on PNR referred to the CJEU: What’s next? (03.12.2014)
Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record
EU PNR Document Pool
Opinion of the European Data Protection Supervisor on the Proposals for Council Decisions on the conclusion and the signature of the Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record data (30.09.2013)
Steve Peers: The Domino Effect: how many EU treaties violate the rights to privacy and data protection (25.11.2014)
Bruce Schneier: Refuse to be terrorised (24.08.2006)
Mass surveillance through PNR is facing closure: EU-Canada agreement is put to testing (in German) (05.04.2016)
(Contribution by Diego Naranjo, EDRi)
(This article was originally published at the 24 February 2016 edition of EDRi-gram, the European Digital Rights fortnightly newsletter at: https://edri.org/data-protection-reform-next-stop-e-privacy-directive/ )
Did you think the data protection reform was finished? Think again. Once the agreement on the texts of the General Data Protection Regulation (GDPR) and the Data Protection Directive for Law Enforcement Agencies (LEDP) was reached, the e-Privacy Directive took its place as the next piece of European Union (EU) law that will be reviewed. The e-Privacy Directive (Directive 2002/58/EC on privacy and electronic communications) contains specific rules on data protection in the area of telecommunication in public electronic networks.
The Directive was first launched as part of the 1999 Communications Review and aimed to provide specific data protection rules for the e-communications sector, following the entry into force of the 1995 Data Protection Directive the previous year. The Directive dropped out of the Review package quite early in the legislative process and was not finally adopted until 2002.
The new instrument needs to cover all online processing of personal data, insofar as not already covered by the GDPR. Not least because of this, the new instrument needs to be enforced by Data Protection Authorities and not Telcoms regulators, as is the case in some EU Member States. It also needs to be updated in relation to the treatment of traffic and location data, as well as other geographical information and how consent is provided in this cases. Location data – even “anonymous” location data – can raise serious security and privacy concerns.
Another element that requires considerable re-thinking is the Directive is the issue of “cookies”. A more consistent and thorough analysis needs to be done on the different types of cookies that exist (tracking cookies, non-tracking cookies, session cookies…) and how to treat them accordingly. The bad joke which consent for cookies have become, have given arguments to anti-privacy/Big Data lobbies for how (meaningless) consent is the new spam. New, clearer rules should have a focus on improving the quality of the (very frequently profoundly misleading) information given to individuals reducing the number of cookie consent requests. Generally, we advise following the recommendations set by the Article 29 Working Party on this point.
The revised instrument should state that the deliberate installation of any piece of software or hardware on any device without the knowledge or consent of the owner of the device is an unauthorised access and/or data/system interference, as defined in the Council of Europe Cybercrime Convention. Another of the topics that cannot be avoided related to the use of encryption in devices. In the new legislation legislators should consider whether attempts to remove encryption, including the installation of “backdoors”, should be explicitly forbidden. Attention to how consent is provided (and revoked) for value-added services and the harmonisation and enforcement of the “national security/pubic order/crime prevention” exemptions is also needed.
The agreed text of the GDPR was the best possible outcome in the current political scenario, bearing also in mind the heavy lobby it received. The revision of the ePrivacy Directive needs not to undermine the good parts of the GDPR while at the same time trying to fix the loopholes it has created. Some lobbies call to “leveling the playing field” in this area, which is not objectionable, as long as the playing field is levelled upwards and to the level set by the GDPR and the case law of the courts in Luxembourg and Strasbourg. That is the playing field and any policy development in this are needs to stay up to those levels of protection.
Directive 2002/58/EC on privacy and electronic communications
Article 29 Working Party: Opinion 04/2012 on Cookie Consent Exemption (07.06.2012)
Data Protection Regulation Update: precise implementation depends on exceptions and Recitals (19.01.2016)
EU Data Protection Package – Lacking ambition but saving the basics (17.12.2015)
Recommendation No. R (95) 4 on the protection of personal data in the area of personal data in the area of telecommunication services
(Contribution by Diego Naranjo, EDRi)