Intervention at Mydata 2016 Helsinki on data protection, privacy and encryption

 

After the adoption of the EU General Data Protection Regulation – what next? Join DR.  MALTE BEYER-KATZENBERGER (Policy officer, European Commission, DG CONNECT), KASPAR KALA (Advisor at Ministry of Economic Affairs and Communications), TARU RASTAS (Senior Adviser in the Finnish Ministry of Transport and Communications), PHILIPPE DE BACKER (Belgian State Secretary for the Fight against Social Fraud, Privacy and North Sea), DIEGO NARANJO (Advocacy Manager of EDRi), JARNO LIMNÉLL (Professor of Cyber Security, Aalto University) in a Panel Discussion on policy making for personal data at the mydata2016 conference.

MyData 2016 was an international conference that focuses on human centric personal information management.
MyData is an initiative to help people gain more control over their personal data.

Advertisements

Towards a corporate copyright reform in the EU?

(originally published at https://edri.org/towards-corporate-copyright-reform-eu/)

On 24 August, Statewatch leaked the draft Impact Assessment (IA) of the European Commission (EC) on the copyright reform.

Impact Assessments are an essential part in the decision making process. They are where the EC analyses the different options available when considering a policy initiative. Ahead of the official presentation of the final IA in September 2016, the leak hints the range of proposals that could be adopted in the European Union (EU) on copyright matters.

During our copyfails blogpost series we described how badly the EU copyright regime is broken, and how these failures could be fixed if the political will existed. However, after reading the draft IA, our conclusion is that EU policy-makers do not seem to think it is worth the effort to bring copyright to the XXI century. Ignoring the results of the copyright consultation of 2014, and despite not having published the analysis on the results on the public consultation on ancillary copyright and freedom of panorama, the Commission has a plan: Let’s ignore all facts (even those previously identified) and avoid a real reform at all costs.

Copyright_blogpost_20160831

The draft text shows:

First, the long-awaited copyright reform is likely to become a patchwork of concessions to lobbyists’ demands. If a ban on geo-blocking was something that had any chance to be discussed, the film industry fought that idea, and has prevailed in its demands to maintain the borders in Europe’s “digital single market”. If news publishers wanted an EU wide version of the failed ancillary copyright initiatives to “tax” Google in Spain and Germany, they they will be delighted with the even more extravagant and dangerous position being adopted by the Commission. While the national-level initiatives have been very controversial and have lead to serious consequences, the Commission is going much further. “Ancillary copyright on steroids” seem to the Commission to be the best option, despite publishers themselves admitting that this measure, in their most optimistic possible scenario, would only lead to a ten-percent increase in revenues. Finally, when the music industry giants started complaining about how little money they get from YouTube (despite the billions they do receive), they were given a proposal to fix the so-called “value gap” extending the same system to other online platforms.

Second, once the corporate wish list was diligently followed, the Commission felt creative and thought that extending the automatic identification of works, Google’s Content ID, and making it the new standard would be a good idea. And why not adopt a Google product as a standard? Why not adopt a Google product that is regularly used to delete perfectly legal content? Why not give rights-holder the power to de facto overturn legislators’ decisions on copyright flexibilities? Why not create another barrier for Europe’s online entrepreneurs?

Content ID tools cannot deal with the nuances of copyright law. This will inevitably lead into restrictions on uses of cultural content which are permitted under legally safeguarded copyright flexibilities (“exceptions and limitations”), for example, copyrighted works in teaching environments. Furthermore, the huge costs of creating such a system would impede small and medium enterprises from competing in the market with giants like Google and seriously undermine the possibilities to create new businesses in Europe.

Despite the bad news that this draft IA brings, not everything is lost yet. The European Commission has time and the duty to fix the draft Impact Assessment and prepare the copyright reform that the EU needs. At this stage a solid alliance of diverse stakeholders is needed in order to subvert the corporate copyright reform that could be announced this month.

European Commission Staff Working Document Impact Assessment on the modernisation of copyright rules
http://statewatch.org/news/2016/aug/eu-com-copyright-draft.pdf

European Copyright Leak Exposes Plans to Force the Internet to Subsidize Publishers
https://www.eff.org/deeplinks/2016/08/european-copyright-leak-exposes-plans-force-internet-subsidize-publishers

Google snippet tax, geoblocking, other copyright reform shunned in EU plan
http://arstechnica.co.uk/tech-policy/2016/08/geoblocking-google-tax-copyright-reform-shunned-eu-plan/

Commissioner Oettinger is about to turn EU copyright reform into another ACTA
https://juliareda.eu/2016/08/copyright-reform-another-acta/

Copyfails: Time to #fixcopyright!
https://edri.org/copyfails/

Twitter_tweet_and_follow_banner

Copyfails: Time to #fixcopyright!

(Originally published at the EDRi website as part of our campaign to reform EU copyright)

By Diego Naranjo

We believe that new technologies bring new ways to access culture – they are not a threat for creators. We believe that the legitimacy crisis of the current EU copyright regime is created by the system itself. We believe there’s a need for a modernised copyright regime which takes into consideration the needs of all parts of society, including creators.

Europe needs a more profound reform of the EU copyright regime than the one that the European Commission has announced. To illustrate this, we have identified nine copyfails – crucial failures of the current EU system. You can read the first blogpost of our “copyfails” series, presenting the copyfail #1 here.

The European Commission has set in its agenda reforming copyright as one of the foundations to build the Digital Single Market. However, the Communication published at the end of 2015 did not meet the expectations of the announced “more modern, more European” copyright. On the contrary, the Commission apparently only wants to paper over the serious cracks in the wobbling structure of EU copyright legislation rather than addressing the real problems.

copyfails

Are you ready to #fixcopyright in the EU? Follow #fixcopyright on Twitter!

COPYFAILS:
Copyfail #1
Copyfail #2
Copyfail #3
Copyfail #4
Copyfail #5
Copyfail #6

Read more:
Copyright reform: Restoring the facade of a decrepit building (16.12.2015)
https://edri.org/copyright-reform-restoring-the-facadeof-a-decrepit-building/

Are you a terrorist? PechaKucha Brussels 2016 on PNR and profiling

Last January my colleague from EDRi Maryant Fernández and I participated in a Pecha Kucha event with the occassion of the CPDP Conference. In a Pecha Kucha event speakers need to do a presentation based on 20 images, using 20 seconds for each of them. Since the conference is focused on data protection and privacy, we decided to do ours about anti-terrorism laws and the use of profiling techniques, including profiling.

Intervention at the roundtable: Why the EU needs Knowledge Commons – 1 June 2016

I intervened on 1 June 2016 in an event hosted by Isabella Adinolfi in cooperation with Commons Network, titled: Roundtable: Why the EU needs Knowledge Commons.

“In late 2015 the Commons Network published the paper: The EU and the Commons: A Commons Approach to European Knowledge Policy.  It outlines the compelling logic, benefits and ethics of a commons approach to knowledge, with an emphasis on how that could improve policy in certain areas such as health, the environment, science and culture, and the Internet.” (Source: http://commonsnetwork.eu/roundtable-why-the-eu-needs-knowledge-commons/)

My intervention starts around 48:10 and is about copyright reform in the EU:

CJEU hearing on the EU Canada PNR agreement: Still shady

(Originally published at https://edri.org/cjeu-hearing-on-the-eu-canada-pnr-agreement-still-shady/)

The European Court of Justice (CJEU) had a hearing on 5 April to decide about the referral made on 25 November by the European Parliament on the EU-Canada agreement on Passenger Name Records (PNR). Passenger Name Records (PNR) include information provided by passengers and collected by air carriers for commercial purposes, such as, but not only, the date of the trip and complete itinerary, the name and contact information, the form of payment, frequent flyer information, meal preferences and medical information. In some cases, the airlines will have access to other data such as hotel bookings, car rentals, train journeys, travel associates, etc. This provides a massive insight into the private life of an individual.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The agreement between the EU and Canada allows for the transfer and processing of PNR data of passengers flying between the EU and Canada. The result of the referral of the agreement to the CJEU could impact the proposal for an EU PNR Directive (Fight against terrorism and serious crime: use of passenger name record (PNR) data (procedure file 2011/0023(COD)), that was adopted by the European Parliament’s Civil Liberties Committee on 15 July 2015, and which may be scheduled to be voted in the European Parliament’s plenary session on 27-28 April 2016. The narrow vote (32 in favor, 26 against, no abstentions) in favour happened despite the rejection of this same EU PNR proposal by the same Committee in 2014 and despite the CJEU ruling invalidating the Data Retention Directive.

During the hearing, many crucial issues came up:

Firstly, the European Commission (EC) argued before the Court that PNR data is “anonymised” after 30 days and that, as a result, the CJEU judgment invalidating the data retention Directive is not applicable in this case. However, the EC fails to see that the PNR data is only “masked out” – depersonalised by masking certain identifiers. This is not anonymisation. The EU PNR Directive contains similar clauses and the European Data Protection Supervisor (EDPS) Opinion 5/2015 of 24 September 2015 said that they were glad that the mention to anonymous data was taken off the proposal since “(i)ndeed, the data at stake could not be considered as anonymous since they would still be re-identifiable.”

Secondly, the EC quoted the EU anti-terrorism coordinator saying that the number of convinctions based on PNR are irrelevant”. This just does not make sense. If the goal is to find suspects, and there are no convictions based on the PNR data used, the collection and processing of PNR data could well not be “necessary” nor “genuinely meet objectives of general interest recognised by the Union” as Article 52.1 of the Charter of Fundamental Rights states for any limitation for fundamental rights.

Thirdly, during the hearing Member States defended the agreement based on different reasons. The Spanish representative stated that the data retention period of 5 years is absolutely necessary for criminal investigations. Why not five and a half years, as it is the case currently under the PNR agreement with Australia… or 15 years, as under the PNR agreement with the USA? Why not 20 years? Or maybe just 3? Is the standard “whatever-length-we-randomly-decide-each-time”?

Fourthly the issue of the independent supervisory authority was also highlighted during the hearing. The EDPS reiterated the views expressed in their Opinion on the agreement of 30 September 2013 and said that the oversight in Canada PNR is not an equivalent independent authority, which was refuted by the EC during the hearing. The EDPS Opinion explicitly regretted the fact that “oversight may take place (…) by a (non independent) authority created by administrative means”. The EDPS also noted the “limitations of judicial review with respect to judicial redress”.

In sum, the hearing has shown once again that PNR profiling is a not a necessary and proportionate means to prevent international crime and terrorism in the EU. The Advocate General of the Court will announce his opinion on 13 June 2016.

EU-Canada agreement on PNR referred to the CJEU: What’s next? (03.12.2014)
https://edri.org/eu-canada-agreement-on-pnr-referred-to-the-cjeu-whats-next/

Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record
http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%2012657%202013%20REV%201

EU PNR Document Pool
https://edri.org/eu-pnr-document-pool/

Opinion of the European Data Protection Supervisor on the Proposals for Council Decisions on the conclusion and the signature of the Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record data (30.09.2013)
https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2013/13-09-30_Canada_EN.pdf

Steve Peers: The Domino Effect: how many EU treaties violate the rights to privacy and data protection (25.11.2014)
http://eulawanalysis.blogspot.be/2014/11/the-domino-effect-how-many-eu-treaties.html

Bruce Schneier: Refuse to be terrorised (24.08.2006)
https://www.schneier.com/essays/archives/2006/08/refuse_to_be_terrori.html

Mass surveillance through PNR is facing closure: EU-Canada agreement is put to testing (in German) (05.04.2016)
https://digitalegesellschaft.de/2016/04/vds-reisedaten-kanada-eugh/

(Contribution by Diego Naranjo, EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner