EDRi-gram newsletter - Number 10.18, 26 September 2012

====================================================================== EDRi-gram biweekly newsletter about digital civil rights in Europe Number 10.18, 26 September 2012 ======================================================================= Contents ======================================================================= 1. Facebook gives up its face recognition feature in EU 2. European Parliament steps back from promoting ISP liability 3. Ancillary copyright madness in Germany and France 4. EDRi responds to Commission b self-regulationb consultation 5. EU Parliament approves directive on orphan works 6. Data protection package: a proposed timetable in the EP 7. The Netherlands against ACTA in all its forms 8. Mapping Net Neutrality worldwide 9. Freedom Not Fear 2012 10. First victim of French 3 strikes law is found guilty for negligence 11. ENDitorial: Clean IT is just a symptom of the pinata politics of privatised online enforcement 12. Recommended Reading 13. Agenda 14. About ======================================================================= 1. Facebook gives up its face recognition feature in EU ======================================================================= Following pressure from Data Protection offices in EU, Facebook has decided to give up the controversial face recognition feature in EU. The feature used by Facebook was taking information given by users when tagging friends' faces in photo, with the declared purpose to make suggestions on tags for future images, thus making the process simpler and faster. This comes as a result of the work of the Irish Data Protection Authority (Office of the Data Protection Commissioner of Ireland - DPCI) which, in December 2011, performed an audit assessing Facebook Irelandbs (FB-I) compliance with the Irish Data protection law as well as the EU law and made a series of recommendations to Facebook. On 21 September 2012, DPCI issued the outcomes of its Review Implementation of Audit Recommendations finding that most recommendations by the Audit had been met by the company, most notably the turning off of the face recognition feature. At the same time, DPCI gave Facebook four weeks to solve the remaining issues that are still to be met. Among other things, Facebook has been asked to provide more detailed information about the use of the "fr" cookie and to explain the consent collected for this cookie. It has also been asked to introduce a "robust process" to "irrevocably delete user accounts and data upon request within 40 days" of being notified and to address the concerns regarding the possibility of targeted advertising utilising sensitive data on the network. b I am satisfied that the Review has demonstrated a clear and ongoing commitment on the part of FB-I to comply with its data protection responsibilities by way of implementation or progress towards implementation of the recommendations in the Audit Report. I am particularly encouraged in relation to the approach it has decided to adopt on the tag suggest/facial recognition feature by in fact agreeing to go beyond our initial recommendations, in light of developments since then, in order to achieve best practice. This feature has already been turned off for new users in the EU and templates for existing users will be deleted by 15 October, pending agreement with my Office on the most appropriate means of collecting user consent. By doing so it is sending a clear signal of its wish to demonstrate its commitment to best practice in data protection compliance,b said Billy Hawkes, the Irish Data Protection Commissioner. Facebook declared it intends to re-introduce the tag feature in the future, but it would do that under new guidelines and, according to Billy Hawkes, the tool would only return if Facebook agreed on the b most appropriate means of collecting user consentb. Report of Review of Facebook Irelandbs Implementation of Audit Recommendations Published b Facebook turns off Tag Suggest in the EU (21.09.2012) http://dataprotection.ie/viewdoc.asp?DocID=1233&m=f Facebook Ireland Ltd b Report of Re-Audit (21.09.2012) http://dataprotection.ie/documents/press/Facebook_Ireland_Audit_Review_Repor... Facebook given 4 weeks to FULLY SATISFY Irish data commissioner - Review mainly leads to whiskey doubles all round (21.09.2012) http://www.theregister.co.uk/2012/09/21/irish_data_protection_commissioner_f... Facebook abandons face recognition within the EU (only in French, updated 24.09.2012) http://www.01net.com/editorial/573553/facebook-abandonne-la-reconnaissance-f... Facebook to switch off controversial facial recognition feature following data protection concerns (22.09.2012) http://www.dailymail.co.uk/news/article-2207098/Facebook-switch-controversia... ======================================================================= 2. European Parliament steps back from promoting ISP liability ======================================================================= On 11 September 2012, the European Parliament voted on an own-initiative report of Mr Jean-Marie Cavada (EPP, France) on the online distribution of audiovisual works. As we reported in the EDRi-gram after the vote in the leading Committee, the Culture and Education Committee, last July, the report was containing some surprising and potentially very problematic terms on the liability of networks operators. The text was calling for b ways to encourage network operators to standardise their technical toolsb for copyright enforcement and arguing that the current trend was towards a removal of liability of networks operators. This is factually wrong, could lead to privatisation of censorship and would encourage enforcement outside the rule of law. Finally, this is in no way pursuing the goal of the report, which is to promote and develop access to cultural content. This problematic part of the report (point 59 of the final report) was thankfully rejected in the final vote of the European Parliament on the dossier following a lot of behind the scenes activity by EDRi. This vote is important for three reasons. Firstly, the European Parliament would have faced difficulties convincing the other institutions of its credibility on the dossier. A report containing (obviously) inaccurate statements will not be particularly credible. Secondly, encouraging network operators to standardise their b technical toolsb means encouraging Internet service providers to monitor, filter and possibly block access to content. This call was going against recent decisions of the Court of Justice of the European Union that protecting intellectual property could not override other fundamental rights such as the right to privacy, the freedom of information and the freedom to conduct business. (C-70/10 Scarlet/SABAM and C-360/10 SABAM/Netlog). The mix of b technical toolsb creates the motive, means and opportunity for Internet companies to appoint themselves as the judge, jury and executioner of online law enforcement. Finally, and most importantly, it shows the willingness of the European Parliament to move away from concentrating all intellectual property related issues on enforcement b particularly privatised enforcement by Internet companies. It is a clear reversal of the Parliament's previous approach in the so-called b Gallo reportb adopted by the European Parliament in 2010 that demanded b appropriate solutionsb from Internet Service Providers in b dialogueb with stakeholders. One such b dialogueb was the one convened by the European Commission, which suggested the b voluntaryb implementation of exactly the kinds of filtering systems that the European Court of Justice subsequently ruled to be in breach of citizens' fundamental rights. This vote is in tune with the recently adopted Opinion of the Industry Committee of the European Parliament on Completing Digital Single Market, led by Italian Conservative Parliamentarian Aldo Patriciello. In that report, Parliamentarians focussed on eliminating the many barriers to online services in Europe, demanding in particular b a harmonised approach to copyright exceptions and limitationsb. This reflects a growing awareness that it is time to move away from trying to use disproportionate tools to enforce a copyright system that is devoid of credibility and towards building a more credible approach. The road will still be long to adapt the current framework to the digital revolution and to overcome the barriers that prevent consumers to access, use and enjoy cultural content but the European Parliament has made it clear that it was the direction it wanted to take. EDRi-gram: EP: Surprises in the online distribution of audiovisual works' report (18.07.2012) http://www.edri.org/edrigram/number10.14/online-distribution-works Patriciello Opinion Not yet published by Parliament Cavada Report (25.07.2012) http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&reference=A7-2012-0262&language=EN Gallo Report (22.10.2012) http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2010-340 (Contribution by Marie Humeau - EDRi) ======================================================================= 3. Ancillary copyright madness in Germany and France ======================================================================= On 29 August 2012, the German government decided to pass a draft legislative proposal for ancillary copyright (so-called "Leistungsschutzrecht") aimed at b protectingb publishing houses' online content from being quoted in news aggregation sites and on search engines. This draft law would give publishers the right to limit or forbid any publication or reproduction by third parties of snippets of their content. Services (Google in particular) which publish (or "steal") even very small parts or snippets as a means of helping end-users find interesting information would have to obtain a license and pay a tax in order to do so. The law would have an extensive impact since any website, aggregator or blog could be affected by this. A couple of years ago, German publishers suddenly realised that there were companies on the internet which make billions of Euro from advertising. Advertising has traditionally been the publishers' business model and they have failed to adapt this part of their business to the online environment. They therefore argue that companies that are able to make money in the digital environment should subsidise their pre-existing business model. Ironically, though, those companies are still able to make significant profits. For example, Germany's biggest publisher Axel Springer recently announced an increase in 55% for its online products in the first half of 2012. Just a few days ago, French magazine TC)lC)rama.fr revealed a draft proposal written by the press association IPG and inspired by the developments in Germany, in order to tax Google and cream off its billion euro profits in France. The draft b lex Googleb wants to give publishers the exclusive right to reproduce snippets from articles, under penalty of a fine of 30 000 euro and 3 years imprisonment for offenders. The somewhat incomprehensive German and French provisions create a disincentive for online companies to help people find the publishers' online content and b compensateb the publishers when their content is found. Following the same logic, concert venues could ban taxi drivers to take people to their concerts, unless they pay b compensationb to the venue for bringing customers to their doors. In an environment where expensive, disjointed and out-of-date copyright law is already causing significant damage to the European economy, this approach may be a joke, but it certainly is not funny. Civil society groups as well as the German association of internet economy eco have highlighted the absurdities and negative consequences of ancillary copyright provisions repeatedly. They have pointed out that the current terms of the law are more than unclear, that it is difficult to establish what makes a website "commercial" and therefore leads to legal uncertainty. In addition, the current German draft would restrict the diversity of information on the internet. Civil society groups have also pointed out the complete superfluousness of such provisions - publishers are already protected by copyright provisions and are given extensive rights by journalists through contracts or general terms and conditions. Due to the vague definition of a "press product", search engines would need to conclude thousands of individual contracts. Smaller publishers and bloggers do not have the capacity to do the same. It is thus likely to result in adverse effects: a creation of exceptions for monopolies, leading to an uncompetitive market situation. Ultimately, this will also limit the freedom of communication and freedom to do business. 3rd revision of the German draft proposal (only in German) http://irights.info/userfiles/3_%20Referentenentwurf-LSR-Kabinettsfassung_Sc... Axel Springer online profit (only in German, 8.08.2012) http://www.welt.de/wirtschaft/article108532273/Axel-Springer-steigert-Gewinn... eco Comments on Planned Ancillary Copyright (10.07.2012) http://international.eco.de/2012/news/eco-comments-on-planned-ancillary-copy... TC)lC)rama reveals press publishers' project (only in French, 21.09.2012) http://www.telerama.fr/medias/taxe-google-telerama-devoile-le-projet-des-edi... Common declaration of French and German publishers (only in German, 19.09.2012) http://www.bdzv.de/fileadmin/bdzv_hauptseite/aktuell/bdzv_branchendienste/bd... (Contribution by Kirsten Fiedler - EDRi) ======================================================================= 4. EDRi responds to Commission b self-regulationb consultation ======================================================================= The Commission is asking for feedback on a draft b codeb for what it describes as b multistakeholder actionsb. The intention is to use the final text as a blueprint for future self- and co-regulatory actions, in order to ensure that certain best practices are respected. The deadline is at the end of this week (30 September 2012) and EDRi has already submitted its response. We have been (sometimes very!) critical of the Commission's approach to self-regulation b most particularly when it is not self-regulation at all but privatised law enforcement, as we see in the now infamous Clean IT project and as was also proposed in ACTA. If the Commission were currently following the draft code, many of the excesses that we see today would not be happening. For example, the chaotic and expensive two-year b brainstormingb of Clean IT would never have happened because the code stipulates the establishment, from the outset, of b clear and unambiguousb objectives, b starting from a well-defined baseline.b Indeed, the confusion regarding the specific aims of the project is one of the main reasons that EDRi felt that it was inappropriate to participate in that group. While the draft proposed by the European Commission would represent a solid step forward, there are still valuable improvements that would need to be made. For example, contrary to the process followed by Clean IT, there should be an b up frontb understanding that any outcome cannot legally result in restrictions of fundamental rights. Secondly, it is very important that any involvement from public authorities in self-regulatory measures result in those authorities agreeing to take a formal position to either endorse or reject the outcome of the project. The alternative is power without responsibility b a public authority can convene industry discussions, push for a particular outcome and then claim that the entire process was b industry's idea.b We also suggest that the involvement of the public authority be under constant review and only allowed to continue when a majority of stakeholders are in favour. Power without responsibility is a corrosive and corrupting factor for any administration. Our response therefore highlights this point as being one of critical importance. The third major point of our response refers to the actions that should be taken if a stakeholder group resigns from a multi-stakeholder process. In the Commission's draft code, representativeness is given a high degree of priority, but the guarantees to ensure this is actually respected are somewhat weak. For example, there is no clarity as to what should be done if a stakeholder group loses faith in the process and resigns. Our suggestion is that the group should have the right to produce a statement of objections and for this to be appended to the final, published agreement. We also suggest that the resignation of key stakeholder groups or an agreed proportion of participants would automatically trigger the ending of the project. In the same vein, we propose that a level of non-compliance should be agreed which, if attained, would also lead to the ending of the project. The Commission consultation comes in two parts b a short questionnaire and a PDF/DOC of the draft code, which should be submitted with b tracked changesb after being edited in line with the respondent's views. We encourage other civil society groups and also individuals to respond b and we will not complain if any of our analysis is plagiarised. On-line public consultation on Code for Effective Open Voluntarism: Good design principles for self- and co-regulation and other multistakeholder actions Deadline: 30 September 2012 http://ec.europa.eu/information_society/digital-agenda/actions/consultation/ EDRi's tracked changes document http://edri.org/files/EC_code_final.pdf (Contribution by Joe McNamee - EDRi) ======================================================================= 5. EU Parliament approves directive on orphan works ======================================================================= On 13 September 2012, the EU Parliament approved the draft legislation on orphan works proposed in 2011, completed by the EU Parliament and Council compromise in June 2012. The European Commission issued an Impact Assessment in 2011 accompanying the proposal for a directive on certain permitted used of orphan works, considering there was an urgent need of a legislative initiative on orphan works, as a result of the situation created by the US Google Books Settlement (in its original formulation orphan works were to be automatically included in the scope of the Google Books Settlement), the need to obtain prior copyright permissions for the use of orphan works in Europe and the risk of a knowledge gap in case orphan works could not become part of European Digital Library projects. The Commission also considered a key action of the Digital Agenda for Europe was the creation of a legal framework to facilitate the digitisation and dissemination of orphan works (works for which no author is identified or located). The proposed directive was intended to make it "safer and easier for public institutions such as museums and libraries to search for and use orphan works (...)." The directive defines what works that can be considered orphan works and it stipulates that the public institutions would be required to carry out a prior b diligent searchb, in terms with the proposed directive requirements, in the Member State where the work was first published. When the diligent search establishes the orphan status of a work, it would be considered an orphan work all over the EU. Thus, orphan works can be made available online for cultural and educational purposes without prior authorisation, unless (or until) the owner of the work puts an end to such status. Following certain concerns and criticism, in June 2012, the draft proposal was completed with two points which established that in case the right holder showed up, he would be entitled to claim compensation for the use of his own work and that public institutions should be allowed to generate some revenue from the use of an orphan work to be used to pay for the search and the digitisation process. The approved text by the European Parliament also includes some other additions such as that the diligent search will not be necessary for each work but "in good faith" and "prior to the use of the work." A new article was also added - the new Directive b shall be without prejudice to the Member Statesb arrangements concerning mass-scale digitisation of works, such as those relating to out-of-commerce works." Although considered a good idea, the proposed directive does not impress everybody. MEP Christian EngstrC6m, of the Swedish Pirate Party, believes the directive is not bold enough and b is not going to help to make the European common cultural heritage available the way it is drafted so I would urge everyone to reconsider because at the moment it simply isn't useful.b Another difficulty is that when dealing with musical works, a cultural heritage institution will have to consider the future rules that will result from the proposed directive on collective rights management and multi-territorial licensing of rights in musical works for online uses. Commission's Vice-President Neelie Kroes has recently pointed out that although the proposals on orphan works, as well as the proposal on collective rights management, were good steps in the way to improve EU copyright, there were also other problems beyond licensing or orphan works and that "we need to focus also on substantive copyright reform." Orphan works directive approved by EU Parliament (14.09.2012) http://ipkitten.blogspot.nl/2012/09/orphan-works-directive-approved-by-eu.ht... Are European orphans about to be freed? (21.09.2012) http://kluwercopyrightblog.com/2012/09/21/are-european-orphans-about-to-be-f... Finding a good home for orphan works online (12.09.2012) http://www.europarl.europa.eu/news/en/headlines/content/20120706STO48456/htm... "Orphan" works: informal deal done between MEPs and Council (6.06.2012) http://www.europarl.europa.eu/news/en/pressroom/content/20120606IPR46383/htm... European Parliament legislative resolution of 13 September 2012 on the proposal for a directive of the European Parliament and of the Council on certain permitted uses of orphan works (COM(2011)0289 b C7-0138/2011 b 2011/0136(COD) (13.09.2012) http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2012-0349&language=EN&ring=A7-2012-0055 ======================================================================= 6. Data protection package: a proposed timetable in the EP ======================================================================= Last week, on 19 September 2012, the Civil Liberties, Justice and Home Affairs (LIBE) Committee discussed the data protection package, in particular the planned timetable. LIBE is the Committee leading the dossier in the European Parliament and will issue two reports, one on the proposal for a General Data Protection Regulation ( b the Regulationb) and one on the proposal for a Directive b on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such datab (b the Directiveb). The two Rapporteurs, Mr Jan-Philipp Albrecht (Greens, Germany) for the Regulation and Mr Droutsas (S&D, Greece) for the Directive, decided to follow a package approach because of the important links between the two proposed legislative measures. However, Mr Droutsas underlined the difficulties that the Council seems to encounter on the Directive with the position of certain Member States. The joint parliamentary meeting taking place on 9 and 10 October is going to be crucial in solving this issue, he added. Because of the problems in the Council, the feasibility of the package approach was questioned by Mr Alvaro (ALDE, Germany) b even though he recognised the benefit of such an approach - and Mr Kirkhope (ECR, United Kingdom). The cooperative approach of the dossier, desired by the Rapporteurs, was warmly welcomed by the other members of the European Parliament from all political groups. Important issues were underlined several times during the debate such as the importance of a good implementation and of a strong enforcement of data protection, the need for clarity, the necessity of protecting fundamental rights and finally the issue of data flow to third countries. Even if no final agreement on those issues was found during the debate, the debate was very helpful to understand the forthcoming steps in the process. Mr Albrecht indeed presented his forecasted timetable for the Regulation. The current plan is to have the Regulation definitely voted before the end of this legislature, i.e. in 2014. To achieve this goal, he would like to provide a second working paper for the joint parliamentary meeting taking place beginning of October. At that time, the paper will be available only in English and will subsequently be translated for a debate in the Committee that will take place on 5 or 6 November 2012. The Rapporteur intends to have a draft report ready by December of this year, so the vote can take place between February and April 2013, to enable negotiation with the Council later on. The envisaged timeframe is very important as it gives a great perspective on the forthcoming steps. However, this timetable is foreseen as being very ambitious by Mr Alvaro, Mr Kirkhope and Mr Voss (EPP, Germany), the b Shadow Rapporteursb. During the debate, they expressed the necessity to favour quality over speed. It is a very important issue and the process should not be rushed. Mr Albrecht concluded by underlining the importance of a coherent and harmonised framework and the necessity of consolidating the current system of data protection. Good legislation needs good implementation and a strong enforcement system. EU citizens have to be protected when their data are processed, he said. Therefore, he agreed that if more time was needed to make a good and strong legislation, then this time will be taken. More information on the procedure being followed and a glossary of the key terminology is available in EDRibs b Activist Guide to the Brussels Mazeb (2012) http://www.edri.org/files/2012EDRiPapers/activist_guide_to_the_EU.pdf The entire debate is available on the Parliament website (19.09.2012) http://www.europarl.europa.eu/ep-live/en/committees/video?event=20120919-090... (Contribution by Marie Humeau - EDRi) ======================================================================= 7. The Netherlands against ACTA in all its forms ======================================================================= In response to an open letter sent by EDRi-member Bits of Freedom (BoF), the Dutch government has confirmed that it opposes any controversial ACTA-provisions in whatever form. This confirmation was provoked by the news, only six days after ACTA was rejected by the European Parliament, that a draft text of the Canada b EU Trade Agreement contained provisions that were virtually identical to provisions from ACTA. As the Netherlands set an important example by rejecting ACTA long before the vote in the European Parliament, Bits of Freedom requested the government to do the same with CETA or any agreement alike. And it did. More specifically in its letter of 17 September 2012, the government b upon BoF request b confirmed that it would not agree to the ACTA-provisions in CETA or any other treaty in which such provisions may appear. It stated: "The European Commission rightly agreed to respect the vote of the European Parliament against ACTA and to observe this vote concerning CETA. ACTA-provisions 27(3) and 27(4) regarding the liability of Internet Service Providers are no longer part of the current draft of CETA. Other provisions relating to the enforcement of intellectual property rights are currently being studied with the aforementioned vote in mind. If provisions do not correspond thereto, they will be changed or deleted." and: "In light of resolution 288 of the House of Representatives [2], this government will not agree b in whatever agreement this may be b to any ACTA-provisions it voted against. Examples are provisions on the strict enforcement of intellectual property on the internet and provisions that stand in the way of future intellectual property reforms." The government further noted that currently there were no other treaties similar to ACTA being negotiated. This confirmation by the Dutch government is of course very good news. However, due to recent elections, a note of caution is in place: the new government that is currently being formed may decide differently. Seeing the latest positions of the two major parties there is not too much reason for concern: in their election campaign, the liberal party (VVD) took a position against ACTA and similar treaties; the labour party (PvdA) took position only against ACTA but did support resolution 288 (also mentioned above) by which the government was requested to vote against treaties similar to ACTA. Bits of Freedom hopes that the formal position of the Dutch government against controversial ACTA-provisions in whatever form serves as an example to policymakers in other countries to do the same. This will hopefully help the European Commission accept its loss and realize that the only constructive way forward is to start looking for acceptable alternatives in an open and transparent way. Translation open letter: Dutch government must reject CETA (1.08.2012) https://www.bof.nl/2012/08/01/translation-open-letter-dutch-government-must-... Translations of Dutch parliamentary resolutions against ACTA (29.05.2012) https://www.bof.nl/2012/05/29/translations-of-dutch-parliamentary-resolution... (Contribution by Simone Halink - EDRi-member Bits of Freedom, Netherlands) ======================================================================= 8. Mapping Net Neutrality worldwide ======================================================================= When questioned about Net Neutrality the European Commission previously claimed that only little data existed to show that net neutrality violations had occurred. A new project: netneutralitymap.org shows net neutrality violations worldwide based on tests for shaping. It documents the need for net neutrality legislation. Although Net Neutrality is currently discussed throughout Europe, very little actual data is used for campaigning. A new project tries to change this by mapping data from Measurement Lab's global "Glasnost" tests. The map uses the same metric previously used by the researchers of Measurement Lab to detect violations of Net Neutrality along one year and display them on a map. The map clearly shows: violations of Net Neutrality are commonplace throughout Europe. Especially the Bittorrent protocol is frequently shaped. While data from small countries are sparse - data from larger countries confirm that net neutrality violations are indeed common. The map was created by activists around the Austrian EDRi member VIBE.at and "Initiative fuer Netzfreiheit" which recently started a campaign to promote Net Neutrality in Austria. "I did not perceive Net Neutrality violations as a problem until I first looked at the map we created" says Michael Bauer of VIBE.at. "It is striking how common shaping is in todaybs internet". The European Commission previously claimed a lack of data on Net Neutrality violations as the main reason for not punishing them. Measurement lab had this data since 2009. With this new way of presenting the data it is clear that the lack of data is not a reason for delaying net neutrality regulation any longer. The Net Neutrality map http://netneutralitymap.org Austrian campaign on Net Neutrality (only in German) http://unsernetz.at Measurement Lab - open platform for researchers to deploy Internet measurement tools http://measurementlab.net Initiative fur Netzfreiheit (only in German) http://netzfreiheit.org (contribution by Michael Bauer - EDRi-member VIBE.AT - Austria) ======================================================================= 9. Freedom Not Fear 2012 ======================================================================= The 4-day "Freedom Not Fear 2012" (FNF 2012) event came to a successful end on Monday, 17 September 2012. Organisations and individuals from 11 EU-member states participated to raise their voice for better privacy safeguards, to protest against emerging surveillance measures and to exchange views on digital rights issues The Brussels action in which several EDRi members participated (FoeBuD, Digitale Gesellschaft, IuRe, Panoptykon, Bits of Freedom, VibeAt and the Liga voor Mensenrechten) was accompanied by protest events in the US, Argentina, Luxembourg and Australia. Bits of Freedom (Netherlands) attended the FNF weekend in Brussels focusing mainly on the events around the review of the data protection framework. They consider it great to meet many activists working on different topics of which many are related to the activities of the Dutch organisation. Also, BoF found it inspiring to see which important issues exist outside the scope of their work. FoeBuD (Germany) said that several excellent results were produced at FNF 2012. FoeBuD members really enjoyed the internationality this year - and will continue working to bring even more organisations to next year's event. One topic that FoeBuD has recently focused on is the European Data Protection Regulation, and some good work on this was done during the FNF activists' weekend and the meetings with European officials. Another focus is the project to investigate and hopefully start a European Citizens' Initiative (ECI) against data retention, on which some valuable exchanges took place during FNF. The next step on this will be to organise an international conference in Amsterdam to talk about the ECI. Three Digitale Gesellschaft (Germany) members were able to participate in this year's FNF12. This was a perfect occasion for them to put their energy into pan-European networking between activists and to explain their position to European policy makers. During the conference, the members gave a short introduction and overview of the German national campaign on net neutrality. The FNF 2012 started on Friday afternoon with a discussion about the consultations of the EU Commission about a European notice-and-takedown system of content on the Internet. Mr. Werner Stengg, Head of the EC Unit "Online Services" presented the Commission's point of view on this sensitive topic. The talk was followed by two hours of discussions with Mr. Peter Hustinx, European Data Protection Supervisor, about the upcoming EU Data Protection Reform. He started with a detailed explanation of his interpretation of the Freedom Not Fear motto: "Fear is always a bad adviser." He emphasized the need to keep on striving for positive developments on privacy issues. Mentioning the whole range of various kinds of activism, from single person engagement up to professional privacy activism: "Keep on going - we need you!" Three more days of the barcamp-like conference filled with meetings, lectures and discussions followed, also including a colorful demonstration within the city of Brussels and one more outside action named the "Camspotting Game". One of the results of b Freedom Not Fearb was the establishment of the International Working Group on Video Surveillance, which announced a campaign targeting the latest developments in privacy-intrusive technology such as "Facewatch" in the UK. Freedom Not Fear 2012 http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2012 Walk of Protest FNF 2012 http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2012/Walk-of-protest ======================================================================= 10. First victim of French 3 strikes law is found guilty for negligence ======================================================================= After almost two years since the 3-strikes law has entered into force in France, the first Internet user was sentenced by the court to a 150 euro fine for negligence for not using the Internet access security measures and because the user has innocently confessed it. Since October 2010, about 3 million French IP addresses have been identified by rightholders of being possible infringers. Out of these, Hadopi considered 1.15 million worthy of a b first strikeb notice, about 102 000 of a second warning, and only 340 of a third warning. Only 14 cases were sent to court, so far. This is the first fine applied for the Hadopi law because the infringement must be proven and this is not easy to do. In order to be punished for negligence, one has to have failed to apply security means to his Internet connection or to have not used accordingly these means, both being rather difficult to prove. However, this particular Internet user gave himself up by admitting that he had not used any security means to prevent access to his Internet account. By trying to defend himself, the Internet user summoned by the court for repeated infringements, gave the court the motives to condemn him for negligence. He argued he was himself unable to download material from the Internet and blamed his wife (with whom he is under divorce procedures) for having illegally downloaded material from the Internet. The woman confirmed she had downloaded Rhianna songs. b By saying he knew she was downloading infringing content, but didnbt prevent her from doing so, he self-incriminated,b explained Guillaume Champeau of Numerama. So, although actually innocent, the man is now to pay for being responsible for the downloading, because he did not prevent it. Hadopi: one first condemned person, by ingenuity (only in French, 13.09.2012) http://www.numerama.com/magazine/23715-hadopi-un-premier-condamne-par-naiuml... Hadopi confirms that the first condemned betrayed himself (only in French, 13.09.2012) http://www.numerama.com/magazine/23718-la-hadopi-confirme-que-son-1er-condam... French 3 Strikes: Court Fines First File-Sharer, Even Though Hebs Innocent (13.09.2012) http://torrentfreak.com/french-3-strikes-court-fines-first-file-sharer-even-... ======================================================================= 11. ENDitorial: Clean IT is just a symptom of the pinata politics of privatised online enforcement ======================================================================= There has been a lot of attention to the b Clean ITb project since EDRi published a leaked draft document last week, on 21 September 2011. Since then, the project organisers have said that the statement on the front page saying that b this document contains detailed recommendationsb was incorrect and that it also contained (unidentified) other mistakes. Project coordinator But Klaasen explained on Twitter that the leak was little more than a b discussion document.b According to the Clean IT website, this is the output of two day meetings in Amsterdam (October 2011), Madrid (January 2012), Brussels (March 2012) Berlin (June 2012) and Utrecht(September 2012). According to the website of Clean IT, which has produced 23 pages of bullet points of policy suggestions, there will be just one more meeting (Vienna, November 2012) before a final presentation is made in February 2013. Mr Klaasen also explained on Twitter that all suggestions received thus far are only b food for discussionb, because they do not censor the ideas they receive. Clean IT is therefore part of a wider problem b a conveyor-belt of ill-defined projects whereby industry is expected to do b somethingb to solve ill - or even undefined problems on the Internet. For example, it takes an almost impressive amount of fragmentation for the European Commission to be simultaneously funding two different and uncoordinated projects (Clean IT and CEO Coalition on a Safer Internet for Kids) developing b voluntaryb industry standards on b notice and takedownb, on b upload filtersb, on b reporting buttonsb and all with little or no analysis of the specific problems that need to be solved. Worse still, Clean IT was born out of a failed b voluntaryb project organised directly by the European Commission on b illegal online contentb. That project failed because it did not have a problem definition. Without knowing what problems it was trying to solve, it ended up going round in ever smaller circles before finally disappearing down the proverbial drain. Sadly, no lessons were learned before the Commission committed to funding Clean IT, which is currently making the same mistakes all over again. Even bigger mistakes have not been learned from in this approach. In the Commission-organised b dialogue on illegal uploading and downloadingb, a proposal was made for widespread b voluntaryb filtering of peer-to-peer networks. This was resisted by the Internet access provider industry and ultimately ruled by the European Court of Justice (Scarlet/Sabam case C70/10) to be in breach of fundamental rights. All of this experience meant that EDRi could not possibly participate in Clean IT without seeking to ensure that the project did not make the same mistakes that we have seen over and over again. In 2011, as a precondition of participation, we therefore set very reasonable demands: 1. Identify the specific problems to be solved. (At different moments, Clean IT was meant to address b Al Quaida influencedb networks, b terrorist and extremist 'use' of the Internetb and b discriminationb/b illegal softwareb.) 2. Identify the scope of the industry involvement. Listing every single type of online intermediary is neither credible nor effective. 3. Actively seek to identify and avoid possibilities for unintended consequences for both fundamental rights and addressing illegal content. The project leader rejected all of these preconditions, regrettably leaving us no option but to stay outside the process. As a result, we have a project that seeks to use unspecified industry participants to solve unidentified problems in ways which may or may not be in breach of the Union and international law. It would be unconscionable for EDRi to participate in these circumstances. We have also been contacted via Twitter by Commissioner Kroes' spokesperson. Mr Heath's comments suggest that CleanIT is only a b brainstormingb session and the Commission has spent hundreds of thousands of Euro just for lists of possible policies. It is very important to stress that absolutely nothing in the document that we released last week has been officially approved as European Commission policy. The recommendations, insofar as they are recommendations, are the sole responsibility of the CleanIT project. Commissioner MalmstrC6m has acted to distance herself from the project and has made this very clear via Twitter messages. There are, however, serious questions that are still to be asked regarding the budget approval processes that lead to such projects being approved for public funding. The law is quite clear b the Charter of Fundamental Rights, the Convention on Human Rights and the International Covenant on Civil and Political Rights are quite clear b restrictions on fundamental rights must be foreseen by law and not introduced as unpredictable, ad hoc projects by industry. The rule of law cannot be defended by abandoning the rule of law and EDRi will continue to defend this principle. EDRi: Clean IT b Leak shows plans for large-scale, undemocratic surveillance of all communications (21.09.2012) http://edri.org/cleanIT Clean IT rebuttal of our comments http://www.cleanitproject.eu/edri-publishes-clean-it-discussion-document/ Mr Heath's comments https://twitter.com/EDRi_org/status/250524464499023872 Mr Klaasen's tweet https://twitter.com/ButKlaasen/status /249145735453487105 Commissioner MalmstrC6m's tweets https://twitter.com/MalmstromEU/status/250573911471845376 https://twitter.com/MalmstromEU/status/250574119991660545 https://twitter.com/MalmstromEU/status/250641266038173696 (Contribution by Joe McNamee - EDRi) ======================================================================= 12. Recommended Reading ======================================================================= Islands of Resilience Comparative Model for Energy, Connectivity and Jurisdiction Realizing European ICT possibilities through a case study of Iceland http://islandsofresilience.eu/ http://icg.greens-efa.org/pipermail/hub/attachments/20120925/83bf78da/attach... JoaquC-n Almunia Vice President of the European Commission responsible for Competition Policy - Competition enforcement in the knowledge economy Fordham University/ New York City (20.09.2012) http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/12/629&format=HTML&aged=0&language=EN&guiLanguage=en EDPS issues comments on DG MARKT's public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries (13.09.2012) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consul... The internet in pieces Harried by cyberattacks, Iran is making good on a vow to build its own web. Others could follow (23.09.2012) http://www.guardian.co.uk/commentisfree/2012/sep/23/iran-us-cyber-espionage-... ======================================================================= 13. Agenda ======================================================================= 27 September 2012, Paris, France Open Data - La ConfC)rence http://www.opendata-laconference.com/agenda.html 7-10 October 2012, Amsterdam, Netherlands 2012 Amsterdam Privacy Conference http://www.apc2012.org/ 11-12 October 2012, Amsterdam, Netherlands Economies of the commons 3 - Sustainable Futures for Digital Archives http://ecommons.eu/ 25-28 October 2012, Barcelona, Spain Free Culture Forum 2012 http://fcforum.net/ 3-4 November 2012, Baku, Azerbaijan Best Bits b a strategic gathering of NGOs around Internet governance and Internet principles http://igf-online.net/bestbits.pdf 6-9 November 2012, Baku, Azerbaijan Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human, Economic and Social Development" http://www.intgovforum.org/cms/ 9-11 November 2012, Fulda, Germany Digitalisierte Gesellschaft - Wege und Irrwege FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium http://www.fiff.de/2012 29-30 November 2012, Brussels, Belgium For Your Eyes Only: Privacy, Empowerment and Technology in the context of Social Networks http://www.foryoureyesonly.be 4 December 2012, Brussels, Belgium 3rd Annual European Data Protection and Privacy Conference http://www.eu-ems.com/summary.asp?event_id=123&page_id=983 23-25 January 2013, Brussels, Belgium CPDP 2013 Conference - Reloading data protection CfP by 19 October 2012 http://www.cpdpconferences.org/callforpapers.html 6-8 May 2013, Berlin, Germany re:publica 2013 http://re-publica.de/12/2012/08/28/der-termin-steht-vom-06-08-mai-2013-geht-... 31 July b 4 August 2013, Geestmerambacht, Netherlands Observe. Hack. Make. - OHM2013 https://ohm2013.org/ ============================================================ 14. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 32 members based or with offices in 20 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring http://flattr.com/thing/417077/edri-on-Flattr - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/mk/vesti/edri - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE