EDRi-gram newsletter - Number 9.7, 20 April 2011

Wed Apr 20 11:20:52 PDT 2011

============================================================

       EDRi-gram

biweekly newsletter about digital civil rights in Europe

Number 9.8, 20 April 2011

============================================================
Contents
============================================================

1. Top 10 misleading statements of the European Commission on data retention
2. European Commission's Net Neutrality report
3. Implementation of the SWIFT agreement under review
4. French Parliament issues a positive report on Net Neutrality
5. Dutch government announces measures against downloading
6. Italian court found Google responsible for search suggestions to users
7.Privatised enforcement Series C: The law according to the Advocate General
8. ENDitorial:CoE: A New Notion of Media. For Better or For Worse?
10. Recommended Reading
11. Agenda
12. About

============================================================
1. Top 10 misleading statements of the European Commission on data retention
============================================================

The European Commission adopted its evaluation report on the Data Retention
Directive this week. In anticipation of the Commission to hide the numerous
failures of the Directive by omission and dissemblance, EDRi produced a
"shadow report" providing a more accurate assessment of the Directive, using
the Commission's own methodology. The Commission lived down to our
expectations, with the report itself and the Commissioner's press conference
producing an imaginative selection of misleading statements. The following
are ten of the most egregious examples:

1. The evaluation report shows value of "retained data"

In its implementation report and its press spin, the Commission made
repeated reference to the value of retained data for law enforcement
purposes. What it studiously avoided saying is that the vast majority of the
data used for law enforcement purposes do not rely on the Data Retention
Directive.

2. The Madrid and London bombings showed the need for data retention

The Commission seeks to justify the excesses of the Directive by referring
to the terrorist attacks in Madrid and London. Retained data were indeed
useful in Madrid - but the data used were retained by operators for billing
purposes and, therefore, irrelevant to the data retention Directive.

3. "Data retention is a necessary measure"

The European Commission neither sought nor was provided with any evidence
that the extra data retained under the Data Retention Directive was either
necessary or useful. In the absence of any evidence, it is impossible for
the Commission to credibly make this statement.

4. "Industry needs data retention"

It is equally not necessary for the industry, which fought against the
measure prior to its adoption and has seen the range of rules and
obligations get more and more onerous and fragmented as the Commission has
lobbied for adoption of the Directive by the Member States. Why would the
industry need  an instrument which creates rather than removes barriers?

5. The Constitutional Courts did not criticise data retention per se.

This is factually untrue in relation to Romania.

6. The Commission must take infringement proceedings against Member States
that have not implemented the Directive

It is remarkable that the Commission is acting vigorously against Member
States that have not implemented the Directive, yet has taken no measures -
and has threatened no measures - against Member States that have
implemented it incorrectly in ways which further undermine citizens' rights.
Examples include countries that have been identified in the report that have
no process for deleting the data once it has exceeded the retention period.

7. The Directive was asked for by the Member States unanimously

Member States have never unanimously asked for a data retention Directive.
In fact, it was precisely because unanimity was not possible that the EU was
not able to adopt data retention as a security measure. As a result of that
failure of Member States to achieve unanimity, the Commission proposed a
Directive, to force Member States that do not believe that data retention is
necessary to impose it anyway.

8. There are no examples of abuses of retained data

The Commission's document suggests that there are no examples of retained
data being abused. This is despite the fact that the Commission is aware of
at least two major abuses, namely:

- German telecommunications giant Deutsche Telekom illegally used
telecommunications traffic and location data to spy on about 60 individuals
including critical journalists, managers and union leaders in order to try
to find leaks. The company used its own data pool as well as that of a
domestic competitor and of a foreign company.

- In Poland retained telecommunications traffic and subscriber data was used
in 2005-2007 by two major intelligence agencies to illegally disclose
journalistic sources without any judicial control.

9. Some of the data retention is "permitted" by the E-Privacy Directive,
rendering analysis of the impact of the Data Retention Directive
complicated.

This analysis is bizarre because the Commission itself made a statement when
the E-Privacy Directive was adopted saying that the E-Privacy Directive
"should neither prohibit nor approve any particular measure Member States
may deem necessary," because a single market instrument could not place
limits on a third pillar (i.e. law enforcement) policy area. No retention
measure is therefore permitted by the E-Privacy Directive.

10. Data from 20 Member States shows an average of 148 000 requests per year
for retained data

Statistically correct, this statement by Commissioner Malmstrvm omits to
mention that half of those requests were in one Member State, Poland, which
has implemented the Directive in a way which permits vast abuses of the data
being retained. Commissioner Malmstrvm in her speech went on to say that "if
the data were not helpful, law enforcement authorities would presumably not
spend human and financial resources on requesting them in those numbers".
She is either unaware or indifferent to the fact that they are not asking
for the data in those numbers - apart from Poland, they are asking for
vastly fewer data.

Commission statement on the E-Privacy Directive
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52002PC0338:EN:HTML

Commissioner Malmstrvm's speech on the evaluation report - Data Retention
Directive - a valuable tool in fighting serious crime and terrorism, but in
need of improvement (18.04.2011)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/484&format=HTML&aged=0&language=EN&guiLanguage=en

Official data retention evaluation report (18.04.2011)
http://ec.europa.eu/commission_2010-2014/malmstrom/archive/20110418_data_retention_evaluation_en.pdf

EDRi shadow data retention report (17.04.2011)
http://www.edri.org/files/shadow_drd_report_110417.pdf

Commission faces battle on data retention (19.04.2011)
http://www.euractiv.com/en/infosociety/commission-faces-battle-data-retention-news-504187

(Contribution by Joe McNamee - EDRi)

============================================================
2. European Commission's Net Neutrality report
============================================================

The European Commissioner for the Digital Agenda Neelie Kroes presented on
19 April 2011 its report on net neutrality, which brings nothing significant
to the table, except strengthening the "wait and see" approach already
presented at the Net Neutrality Summit in November last year.

The Commission's report is already confirming the unequal treatment of
Internet traffic, quoting the results of the survey made by BEREC (Body of
European Regulators for Electronic Communications) in early 2010 in several
EU member states:

- Limits on the speed of peer-to-peer (P2P) file-sharing or video streaming
by certain providers in France, Greece, Hungary, Lithuania, Poland and the
United Kingdom;

- Blocking or charging extra for the provision of voice over internet
protocol (VoIP) services in mobile networks by certain mobile operators in
Austria, Germany, Italy, the Netherlands, Portugal and Romania.

However, the decision by Kroes is not to act, but to wait: "Together with
national telecoms regulators, the Commission will spend 2011 closely looking
at current market practices. At the end of 2011, I will present the findings
and will publicly name operators engaging in doubtful practices."

And even if something is wrong, the problems will be related just to
the correct information of the consumer: "I will be looking particularly
closely for any instances of unannounced blocking or throttling of certain
types of traffic, and any misleading advertising of broadband speeds. If I
am not satisfied that consumers can counteract such practices by switching
providers, I will not hesitate to introduce more stringent measures."

In fact the report itself praises the violations of the net neutrality
principles, by supporting operators' claims:
"It is widely accepted that network operators need to adopt some traffic
management practices to ensure an efficient use of their networks and that
certain IP services, such as for instance real-time IPTV and video
conferencing, may require special traffic management to ensure a predefined
high quality of service".

La Quadrature du Net has been quick in qualifying the report as
disappointing. Jirimie Zimmermann explained:
"Mrs Kroes hides behind false free-market arguments to do nothing at all,
pretending that competition and consumer law can successfully address the
issue. In most Member States, mobile phone operators agree on engaging in
the very same discriminations in their so-called 'mobile Internet' offers.
These operators simply do not offer access to the universal platform of
communications we call 'the Internet'. By turning a blind eye on these
practices, the Commission covers anti-competitive behaviours that hinder
innovation and violate users' freedom of communication."

Neelie Kroes European Commission Vice-President for the Digital Agenda :The
internet belongs to all of us. Press conference on Net Neutrality
Communication Brussels (19.04.2011)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/285&format=HTML&aged=0&language=EN&guiLanguage=en

Commission Communication: The open internet and net neutrality in Europe
(19.04.2011)
http://ec.europa.eu/information_society/policy/ecomm/doc/library/communications_reports/netneutrality/comm-19042011.pdf

Net Neutrality: The European Commission Gives Up on Users and Innovators
(19.04.2011)
http://www.laquadrature.net/en/net-neutrality-the-european-commission-gives-up-on-users-and-innovators

EDRi-gram: ENDitorial: Net neutrality - wait and see the end of the open
Internet (17.11.2010)
http://www.edri.org/edrigram/number8.22/net-neutrality-wait-and-see

============================================================
3. Implementation of the SWIFT agreement under review
============================================================

A review prepared by the EU delegation of the joint review team on the
implementation of the SWIFT (TFTP) agreement concluded that "all of the
relevant elements of the Agreement have been implemented in accordance with
its provisions, including the data protection provisions". The report has
been accepted by EU Justice and Home Affairs Council.

The agreement, which was signed on 28 June 2010, foresees the transfers to
the USA of financial payment messages held by Society for Worldwide
Interbank Financial Telecommunication (SWIFT), to be used in the Terrorist
Finance Tracking Program (TFTP).

Europol is the body which has the specific task to check whether requests
from the US Treasury Department for SWIFT data comply with the terms of the
TFTP Agreement, while the Europol Joint Supervisory Body (JSB) is to review
Europol's activities. An inspection mandated by the JSB to check Europol's
implementation of the TFTP Agreement has revealed a lack of audit of the
data transfers in a report published in March 2011.

The four requests made during the inspection were made in abstract terms,
for broad types of data, which makes impossible compliance with Article 4(2)
of the TFTP Agreement (which says that requests must be tailored as narrowly
as possible). The JSB recommended that the requests had to contain more
detailed information, specific to each request, and that the US authorities
might need to provide certain additional information.

Moreover, it has come out that there is a lot of information provided orally
by the US Treasury Department to Europol staff with no written requests to
allow the proper verification of compliance with the data protection
standards.

MEPs have shown their concerns related to the findings of the German report
and expressed their disagreement to Europol's activity.  "As Members of
Parliament we feel betrayed reading this report (...) We voted in favour
(of this agreement last year) in the trust that both parties would apply the
adopted agreement" which "concerns the transfer of sensitive data belonging
to our citizens", said Alexander Alvaro (ALDE, DE), Parliament's rapporteur
on the TFTP agreement.

Although the joint review prepared by the EU delegation had a different
conclusion, it included recommendations contradicting its findings. Thus,
the EU review team recommended "more publicly accessible information on the
way the program functions, in as far as this is possible (...) in
particular, the overall volume of data provided to the U.S. authorities and
the number of financial payment messages accessed." It also suggested
"further enhancing the Europol verification procedure referred to in Article
4," and "more verifiable statistical information on the added value of TFTP
derived information to efforts to combat terrorism and its financing in
order to further substantiate the added value of the program." It also
recommended "improving some aspects of the provision of information to the
general public on the rights accorded to them under the Agreement."

As MEPs had asked the director of Europol to answer to their concerns,
Europol issued an information note to the European Parliament on 8 April
2011. According to the information note, Europol had taken into
consideration the JSB's recommendations and "comprehensively reviewed the
process. A revised version was adopted and introduced in March 2011."

"The procedural steps involved in the process include specific actions to
assess the validity of the US request in terms of its compliance with the
criteria established in Article 4, including a record of the verification
officer's operational judgement and a record of the advice given by the
Legal Affairs Unit and Data Protection Office (DPO). The DPO has seen every
request since the Agreement entered into force, but following observations
made by the JSB, Europol decided to make certain practical enhancements to
the process to ensure a more efficient involvement of the DPO.

As part of the process, a standard template is used as a formal record of
the advice from each party and of the authorising officer's final decision,"
says the information note.

Europol fails to audit the transfer of SWIFT financial data to the USA
(9.03.2011)
https://p10.secure.hostingprod.com/@spyblog.org.uk/ssl/spyblog/2011/03/09/europol-fails-to-audit-the-transfer-of-swift-financial-data-to-the-usa.html

Report on the inspection of Europol's implementation of the TFTP agreement,
conducted in November 2010 by the Europol Joint Supervisory Body (1.03.2011)
http://www.bfdi.bund.de/SharedDocs/Publikationen/Allgemein/ReportGKIzuSWFT.pdf;jsessionid=AB0454AACD783E1B1130F7FD9201BBB9.1_cid136?__blob=publicationFile

EU Council: Report on the joint review of the implementation of the
Agreement between the European Union and the United States of America on the
processing and transfer of Financial Messaging data from the European Union
to the United States for the purposes of the Terrorist Finance Tracking
Program (17-18.02.2011)
http://register.consilium.europa.eu/pdf/en/11/st08/st08142.en11.pdf

Europol Activities in Relation to the TFTP Agreement
Information Note to the European Parliament (8.04.2011)
http://www.statewatch.org/news/2011/apr/eu-europol-report-on-implementation-tftp-agreement.pdf

Committee on Civil Liberties, Justice and Home Affairs Press release- SWIFT
implementation report: MEPs raise serious data protection concerns
(14.03.2011)
http://www.statewatch.org/news/2011/mar/ep-libe-swift-prel-mar-11.pdf

============================================================
4. French Parliament issues a positive report on Net Neutrality
============================================================

Last week, a trans-partisan/cross party parliamentary mission set up by the
Economic Affairs committee of the French National Assembly released a report
on Net Neutrality. After working on the report for more than five months and
conducting dozens of hearings, the mission led by Laure de La Raudihre (UMP,
conservative) and Corinne Erhel (PS, socialist) presented a 145-page
document covering most aspects of Net Neutrality.

Overall, the report is extremely positive - probably one of the most
detailed ever issued on the matter by public authorities in Europe. Although
it draws to a large extent on the French electronic communication regulatory
authority's (ARCEP) 10 proposals from September 2010, the report goes
further on several aspects.

In particular, the report includes a call for the legislative protection of
Net Neutrality, which is defined as "the ability of Internet users to send
and receive any application of their choice, to connect any device and use
the programmes of their choice, as long as they don't harm the network with
a quality of service that is transparent, sufficient and non-discriminatory
(...)". Interestingly, the non-discrimination criteria is interpreted
strictly, as the the authors explain that all traffic should be treated
equally, thereby rejecting the so-called traffic differentiation. Traffic
differentiation would have allowed for different treatments according to
types of traffic.

The document confines acceptable management of Internet traffic to cases of
legal obligations, unforeseen congestion or if the network's security is at
risk. By doing so, it draws a clear line between the Internet and managed
services, which are defined as all electronic communications for which
operators guarantee a specific quality of service and manage traffic to that
aim. To make sure the difference between the Internet and managed services
is clear, the report further proposes to reserve the "Internet" label to
offers abiding by the principle of Net Neutrality.

The most political aspect of the report is its strong stance against content
blocking, as the parliamentary mission calls for systematic judiciary
oversight of mandatory blocking measures. The mission therefore opposes the
recently adopted legislation which grants the police the power to block
child abuse websites (LOPPSI law). The rapporteurs also suggest that instead
of acting preventively to block "illegal" communications, a repressive
logical approach -"whereby illegal activities supported by such
communications are condemned"- should be pursued.

One of the shortcomings of the report, however, lies in the fact that it
leaves out the issue of network management techniques and whether these
should be regulated. In February, a preliminary version suggested that
techniques such as Deep Packet Inspection should be monitored so as to
ensure that they are not used in a way that jeopardizes the privacy of
Internet users. It is unknown why this issue was eventually dropped from the
final version.

The work of the mission and the reception of the report by other members of
the Economic Affairs committee of the French National Assembly is a positive
step. But it remains to be seen if and how the report will actually
translate into actual policies. Rapporteur Laure de La Raudihre has
indicated that she is ready to table a legislative proposal to implement
some of the recommendations of the report. But with the 2012 elections
coming up in France and considering that the agenda of the French Parliament
is already quite full, any vote on Net Neutrality before late 2012 is very
unlikely. But the content of the report already gives a clear signal to
telecoms operators that, for some lawmakers at least, the future of the
Internet matters more than their narrow business interests.

The proposals put forward in the document are the following:

A. First axis: enshrine Internet Neutrality as a political goal
Proposal #1: define the Net Neutrality principle
Proposal #2: establish promotion of Net Neutrality as a political goal and
give regulatory authorities the power to impose obligations suited for its
promotion

B. Second axis: strict supervision of Internet blocking
Proposal #3: further question the justifications for legal blocking
measures, despite their seeming legitimacy, due to their inefficiency and
the adverse effects they may lead to
Proposal #4: establish immediately a unified procedure which includes the
intervention of a judge

C. Third axis: protect the Internet's universality and guarantee its quality
Proposal #5: reserve the "Internet" label to offers which respect the
neutrality principle
Proposal #6: create an Internet quality observatory
Proposal #7: assign Arcep (national regulatory authority) the mission of
guaranteeing an Internet of sufficient quality

D. Fourth axis: ensure sustainable financing of the Internet
Proposal #8: study the economic stakes attached to the Internet network
Proposal #9: carefully assess the creation of a European "data call
termination"

The report (only in French, 13.04.2011)
http://www.assemblee-nationale.fr/13/rap-info/i3336.asp

ARCEP has published ten proposals and recommendations for promoting a
neutral and high quality Internet (15.11.2010)
http://www.arcep.fr/index.php?id=8571&L=1&tx_gsactualite_pi1[uid]=1317&tx_gsactualite_pi1[annee]=&tx_gsactualite_pi1[theme]=&tx_gsactualite_pi1[motscle]=&tx_gsactualite_pi1[backID]=26&cHash=2cde5a935b

Net Neutrality: An Encouraging Report From the French Parliament
(14.04.2011)
http://www.laquadrature.net/en/net-neutrality-an-encouraging-report-from-the-french-parliament

Parliamentary Report recommend introducing Net Neutrality into the law (only
in French, 13.04.2011)
http://www.lemonde.fr/technologies/article/2011/04/13/un-rapport-parlementaire-prone-l-inscription-de-la-neutralite-du-net-dans-la-loi_1507174_651865.html

(contribution by Filix Triguer - La Quadrature du Net)

============================================================
5. Dutch government announces measures against downloading
============================================================

On 11 April 2011, the Dutch government published its copyright policy
plans for the coming years. The plans include restricting the currently
existing private copying exception and the possibility to block access
to websites facilitating copyright infringement. EDRi-member Bits of Freedom
objected against the plans, which will lead to more repression while not
providing a sustainable solution for the conflict between copyright and the
internet.

Currently, downloading material without authorisation is considered to
fall within the scope of the private copying exception under the Dutch
copyright act. The Dutch government wants to restrict this exception to
the effect that downloading from an evidently illegal source shall be
deemed unlawful. In addition, the government wants to make it possible
for rightsholders to have Internet providers block access to websites and
services facilitating copyright infringement, as a last resort. Although the
government does not intend to prosecute individual internet users, it cannot
guarantee that rightsholders will not do so in civil actions.

In arguing for its plans, the government also refers to repressive
copyright policies outside The Netherlands. As a justification for the
restriction of the private use exception, reference is made to the Gallo
report which was adopted in 2010. In addition, reference is made to
draft legislation in the United States and policies in the United
Kingdom regarding the blocking of websites. Digital rights organisation
Bits of Freedom strongly objected to the new plans, stating that they
will merely lead to repression of internet users and open the way to
censorship.

Dutch government copyright plans (only in Dutch, 11.04.2011)
http://www.rijksoverheid.nl/documenten-en-publicaties/brieven/2011/04/11/speerpuntenbrief-auteursrecht-20-20.html

Press Release Bits of Freedom (only in Dutch, 11.04.2011)
https://www.bof.nl/2011/04/11/persbericht-downloadverbod-slecht-voor-muzikanten-fans-en-internetvrijheid/

(Contribution by Ot van Daalen - EDRi-member Bits of Freedom, Netherlands)

============================================================
6. Italian court found Google responsible for search suggestions to users
============================================================

On 31 March 2011, an Italian court of Milan ruled that Google was
responsible for its Google Suggest, the "autocomplete" function that
suggests words and characters to complete a partial search for its users.

The case was brought to court by a person whose name, when typed in the
Google search field, was associated, through the "suggested searches" (now
"related searches"), to the words "truffatore" (con man, swindler) and
"truffa" (scam, fraud). The person's public image as an entrepreneur and
provider of educational services in the field of personal finance suffered
and the man's lawyer, Carlo Piana, argued that Google could control the
content produced by its autocomplete function.

Google defended itself by claiming that it was protected by the E-Commerce
Directive exempting online service providers from liability for content they
give access to but not created by them.

"Google argued that it could not be held liable because it is a hosting
provider, but we showed that this is content produced by them (and by the
way, they do filter out certain content, including terms that are known to
be used to distribute copyright infringing material), although through
automated means," wrote Carlo Piana in a blog post.

The court agreed, emphasizing that Google's autocomplete search was not
entirely automatic and Google did have control over the defamatory
suggestions its algorithms came up with.

Moreover, Google had failed to intervene to correct the specific combination
of words despite the warning sent by the office of the applicant. An
ordinance last January had already called to intervene but Google did not
take action, arguing that the system was based on statistical evaluations
arising from users' searches and therefore the engine is not responsible for
the content generated..

Google was ordered to filter out libellous "search suggestions" and to pay
the man 1500 Euro for the rights affected, and 2300 Euro for various legal
fees.

According to a report by All Technology News, Google has already censored in
2011, in its auto-complete keyword search, some words related to alleged
illegal piracy. Users no longer receive suggested entries for partially
entered characters for some p2p platforms.

Guido Scorza, a lawyer specializing in new media and technology law and
founder of the Institute for Innovation policies believes the court's
decision is "an erroneous interpretation that does not take into account the
technological context and media provided for reference or the scope of
certain types of behaviour in a typical environment". In his opinion, "a
sequence of three words, with no punctuation or logical connection, on a
blank page and just below a field of search, in 2011, is not a meaningful
sentence, let alone a sentence of offensive content."

"We believe that Google should not be held liable for terms that appear in
autocomplete as these are predicted by computer algorithms based on searches
from previous users, not by Google itself. We are currently reviewing our
options," was Google's statement.

Google has lost similar cases last year in France, Sweden and Brazil.

Google is responsible for 'autofill' search terms, says Italian court
(11.04.2011)
http://www.out-law.com/default.aspx?page=11860

The Italian Court Decision (only in Italian, 31.03.2011)
http://piana.eu/files/Ordinanza.pdf

Autocompletion brings liability (5.04.2011)
http://piana.eu/suggestions

Google Suggest, convicted in Italy (only in Italian, 6.04.2011)
http://punto-informatico.it/3125765/PI/News/google-suggest-colpevole-italia.aspx

Words, just words (only in Italian, 6.04.2011)
http://punto-informatico.it/3126383/PI/Commenti/parole-soltanto-parole.aspx

EDRi-gram: First decision in the Italian criminal case against Google
executives (24.02.2011)
http://www.edri.org/edrigram/number8.4/decision-italy-vs-google-executives

============================================================
7.Privatised enforcement Series C: The law according to the Advocate General
============================================================

The Advocate General of the European Court of Justice recently published his
views with regard to the Scarlet/Sabam case C-70/10 in the European Court of
Justice. This is a crucial case with regard to privatised enforcement, as it
is the first time that the legality of this approach has been tested. The
case came as a result of an attempt by the Belgian collecting society Sabam
to require the small Belgian ISP Scarlet to install a filtering system to
monitor all peer to peer traffic on its network and block files which Sabam
ruled to be unauthorised. As Scarlet was a small, struggling ISP, Sabam
hoped that they would comply to avoid high court costs.

Since the start of the case, however, things have unravelled somewhat for
Sabam. Firstly, Scarlet was taken over by the Belgian former incumbent
Belgacom, which had the resources and ability to fight the case and,
secondly, Sabam was humiliated by an undercover TV "sting" which showed them
demanding royalties for artists that do not exist (such as Suzi Wan, a brand
of noodles) and demanding royalty payments for use of their non-existent
works.

The Advocate General described the case as being about (paragraph 54)
"delegating the legal and economic responsibility of the fight against
illegal downloading to Internet access providers." Sabam's action in
bringing the case has been very valuable to digital rights. If they had not
brought this case, the European Commission would have been vigorously
pushing in favour of exactly such measures, claiming that this approach was
legal without immediate fear of contradiction.

For example, in the recent Communication on the implementation of the IPR
Enforcement Directive, the Commission argued that such injunctions might be
applied, without contradicting any relevant EU law or human rights law. This
is also the advice that it gave to the Court. Indeed, the Commission had
already run a "dialogue on illegal up- and downloading" with the industry
and the content industry with the aim of achieving "voluntary" breaches of
the right to privacy and the right to communication that are at stake in the
Scarlet/Sabam case, albeit without success.

The view of the Advocate General is that the filtering and blocking demanded
by Sabam would constitute an infringement of the fundamental rights to
privacy and communication. As such, the requirements imposed by the Charter
on Fundamental Rights and Convention of Human Rights in such cases would
have to be met. In particular, the Advocate General explains that
restrictions must be based on law, the law must pre-date the restriction and
the law must be necessary, proportionate and effective. Interestingly
(paragraph 113), he also says that Article 52.1 of the Charter creates an
implicit obligation for the law to be properly legitimated by a legislative
process.

In paragraph 52 of the Opinion, the Advocate General explains that,
according to the Charter on Fundamental Rights, the proportionality of a
restriction of fundamental rights needs to be defined both by the
legislator, when formulating the law on which the restriction is based and
by the judge imposing the restriction. Not only does this contradict the
Commission's input on in this particular case, it also places huge doubts
over a wide range of Commission initiatives. For example, in recital 13 of
the Child Exploitation Directive, the Commission bizarrely suggests
"stimulating" internet providers to undertake blocking and filtering
"voluntarily," circumventing the law, the legislator and the judge.

It remains to be seen what lessons the European Commission will take from
this ruling in its demands for more extra-judicial policing from Internet
intermediaries. In particular, will the Commission stop funding projects,
such as CIRCAMP, its entire raison d'etre being in fundamental contradiction
with this Opinion?

Advocate General's Opinion (only in French, 14.04.2011)
http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=rechercher&numaff=C-70/10

Court of Justice Press Release (14.04.2011)
http://curia.europa.eu/jcms/upload/docs/application/pdf/2011-04/cp110037en.pdf

Circamp
http://www.circamp.eu

The Suzi Wan playlist
http://www.humo.be/tws/actua/21679-3/basta-vs-sabam.html

EU in "secret talks" to stop illegal downloads (28.01.2011)
http://www.euractiv.com/en/infosociety/eu-secret-talks-illegal-downloads-news-501715

(Contribution by Joe McNamee - EDRi)

============================================================
8. ENDitorial:CoE: A New Notion of Media. For Better or For Worse?
============================================================

The fourth meeting of the Council of Europe (CoE) Committee of experts on
new media (MC-NM) was held on 28-29 March 2011 in Strasbourg, with two main
points on its agenda. The first one was a discussion on comments received in
response of its public consultation on two draft recommendations on the
protection of human rights with regards, to search engines and to social
network services, respectively. This MC-NM work is led by The Netherlands
representative (Sjoera Nas), with the help of the Secretariat. Both draft
recommendations are accompanied by guidelines for providers of such
services. The second agenda item was the discussion on a draft
recommendation on a new notion of media. Discussions on both points started
during previous meetings, in March and September 2010.

The public consultation on social networks and on search engines will be
allowed some more time, since only few responses have been received so far,
mainly from civil society organizations, since only one main industry actor
from the sector provided its comments. Unsurprisingly, the former confirmed
that the main concerns of the civil society are to ensure a better data
protection for citizens using this kind of services, as well as stronger
legal protection of their freedom of expression and information, especially
when they are threatened by content filtering and blocking practices.
Unsurprisingly too, the fact that personal data are the major currency of
so-called free services - especially when used for behavioral profiling and
advertising purposes - is perfectly reflected in the Industry actor
response.

The simple fact that a single response was received from the web 2.0
industry reveals the need to regulate this sector - at least to make it
healthier - for a better respect of fundamental rights. As a matter of fact,
since the EU and some European countries at the national level started to
deal with - and even to fine - a major US search engine company, it has led
to understand that when a company operates in a given region or country, it
has to abide by its law. Most probably, it would take the same process for
social network services to "learn by example".

At least, one would have expected some responses from European social
networks, but they might not yet have understood that such process of
jointly defining human rights guidelines with institutions like the Council
of Europe - as the European association of Internet service providers
(EuroISPA) and the Interactive Software Federation of Europe (ISFE, online
games providers), respectively, did - would prove a better strategy for them
than the vague development of "ethical codes of conduct" through a so-called
self-regulation process.

Most part of the March 2011 MC-NM meeting was however dedicated to the
discussion of the draft recommendation on a new notion of media. As
previously reported, this work is examining to which extent and under which
conditions web 2.0 services should be considered as part of a "media
ecosystem" (rather than the brave old traditional "media landscape") and
consequently be regulated, partly or totally, by media laws, with all the
issues at stake in terms of fundamental rights, democracy and the rule of
law.

After the intense discussions during the last MC-NM meeting in September
2010, the project has now developed into both a draft '"Recommendation on a
new notion of media" and its draft "Appendix" providing two "Toolkits" with
the purpose to help deciding whether and to which extent a web 2.0 service
should be considered as a media. The first toolkit defines a set of
criteria, each being qualified by numerous indicators. The second one gives
directions on how to use and apply these criteria, accompanied by a list of
examples.

This "unorthodox presentation'" as it was acknowledged during the meeting,
in addition to the rather unorthodoxically high amount of employed effort to
define these criteria, indicators, and "policy maker manual" (it took the
MC-NM Chair, Thomas Schneider, the Switzerland representative, a retreat in
the Swiss mountains together with the Serbian and Bulgarian representatives
and the Secretariat to come up with these documents!), are enough to show
how tricky the issue is.

The major difficulty is indeed to ensure that web 2.0 services would be
considered as media and their use be protected as such, through provisions
on freedom of the press and protection of journalism, in view of public
interest and pluralism of opinions, and more generally speaking the
protection of democratic values (an approach that EDRI would commend and
advance) At the same time, to ensure that they would not be considered as
media when this means that industry owners of these services would retain
editorial control on their users' expression and information and would
benefit from exemptions or derogations to, say, data protection obligations
"to reconcile the right to privacy with the rules governing freedom of
expression" as set forth ( though "solely for journalistic purposes or the
purpose of artistic or literary expression") in article 9 of the European
Data Protection Directive (an approach of web 2.0 services that EDRI would
stand against and strongly fight). The current draft documents suggest a
dual response to this dilemma.

First, they recommend the adoption of a new and broad notion of media that
considers a whole "media ecosystem" where media actors in the traditional
sense coexist and interact with actors performing a whole set of functions.
These would include, in addition to media production and distribution
actors, not only users turned into ubiquitous prosumers, application
designers and content aggregators, but also a number of "intermediaries" or
"auxiliaries" (including from the Telecommunications sector) providing and
operating infrastructures, networks and platforms. The recognition of such a
media ecosystem would need to acknowledge that some of these new actors have
become essential pathfinders to information, to the extent that they have
the power to act as its gatekeeper. Not to mention that this ecosystem is
also a market, where the dominant position at the national or global level
that some actors have acquired should also be looked at as a media
concentration issue with its democratic consequences and the related
question on whether public service obligations should be imposed on these
industry actors.

Secondly, they advocate the adoption of a graduated and differentiated
approach in terms of media policy when applied to such different actors,
depending on their performed functions, their kind of interactions, keeping
in mind that this media ecosystem develops in a fluid and multidimensional
reality. To this end, a list of "media indicators" is suggested, and grouped
under six criteria: (1) editorial control or oversight or moderation, (2)
purpose, (3) intent, (4) outreach, (5) professional standards, and (6) third
party expectation. For each criterion, a detailed list of indicators has the
purpose of precising the media character (is a given web 2.0 service truly a
media?) and of defining the appropriate scale of graduated and
differentiated media policy to be applied (to which extent a given web 2.0
service performs a media function?).

The discussion on the draft recommendation itself has rather quickly led to
consensus within the group on the relevance of this new notion of media as
an "ecosystem", reflecting this proteiform universe with the diversity and
fluidity of its actors, their functions and interactions, although EDRI
unsuccessfully opposed the now unfortunately unavoidable mention of
"self-regulatory tools, including codes of conduct" that obviously go much
further than the sole "journalist deontological codes" given such an
extended notion of media.

The discussion on the toolkits and especially the criteria and their sets of
indicators was harsher, since it debated the practical issue of which media
policies should be applied to which web 2.0 services, in which way and to
which extent. EDRi made clear its position that, first and foremost, the
document must clearly set what is NOT a media, and should NOT be considered
as such in any circumstances, but rather as a pure communication service.
This is needed to avoid the temptation by some governments, when it comes to
media policy implementation at national level, to use the Council of Europe
Recommendation and Toolkits for unintended purposes, or even to hijack them.
This could result in repressive policies with regards to freedom of
expression and freedom of information, that the Council of Europe
institutions would not be able to oppose since these policies would have
been "blessed" by its own recommendations!

While EDRi acknowledges and commends the Council of Europe best intentions
to uphold fundamental rights, freedom of the media and democracy in the new
media sector with this work, it has to advocate serious caution with regards
to the unintended consequences that might - or rather would probably -
derive from such a process, and do its best to ensure that strong guaranties
are provided to avoid their occurrence. To only take the first criterion as
an example, its extended definition as "editorial control or oversight or
moderation" rather than being restricted to "editorial control", is an issue
in itself.

The very difference between a traditional notion of media and such a new
notion is mainly characterized by an ex-ante editorial control in the former
case and an ex-post moderation (or more generally speaking an "oversight and
capacity to act" on the content public availability) in the latter. The
simple fact to group these functions, abilities and powers into a single
criterion carries the risk of equating the role of a technical intermediary
to that of an editorial board, which summarizes the whole issue of Internet
content regulation by technical intermediaries through devolved regulation
(sometimes called private censorship) that EDRi, together with many other
digital rights organizations, has been fighting for more than 15 years!

A revised version of the documents is expected for the next MC-NM meeting,
but as the situation now stands, it is unlikely that such a clear
distinction advocated by EDRi and supported almost only by The Netherlands
representatives will be introduced, unless this Council of Europe activity
gains more attention and stirs a strong controversy in the mean time.

This new notion of media will be further discussed during the next European
Dialogue on Internet Governance (EuroDIG) to be held in Belgrade on 30-31
May 2011, and will be again on the agenda of the next MC-NM meeting
scheduled on 20-21 September 2011, only some days before the next Internet
Governance Forum (IGF) to be held in Nairobi on 27-30 September 2011.

CoE CDMC website
http://www.coe.int/t/dghl/standardsetting/media/

CoE MC-NM group website
http://www.coe.int/t/dghl/standardsetting/media/MC-NM/

EDRi-gram: Enditorial: Council Of Europe: Bad News As It Happens
(06.10.2010)
http://www.edri.org/edrigram/number8.19/council-of-europe-expert-groups

EDRi-gram: New Media, Search Engines And Network Neutrality On 2010 CoE
Agenda (07.04.2010)
http://www.edri.org/edrigram/number8.7/coe-new-media-working-group

CoE-EuroISPA "Human Rights Guidelines for Internet Service Providers" (2008)
http://www.coe.int/t/dghl/standardsetting/media/Doc/H-Inf(2008)009_en.pdf

CoE-ISFE "Human Rights Guidelines for Online Games Providers" (2008)
http://www.coe.int/t/dghl/standardsetting/media/Doc/H-Inf(2008)008_en.pdf

EuroDIG 2011 session on "New media" (30-31.05.2011)
http://www.eurodig.org/eurodig-2011/programme/plenary/new-media

IGF 2011 - Nairobi, Kenya (27-30.09.2011)
http://www.intgovforum.org/

(Contribution by Meryem Marzouki, EDRI-member IRIS - France)

============================================================
9. Recommended Reading
============================================================

Freedom House - Freedom of the Net 2011: A Global Assessment of Internet and
Digital Media (18.04.2011)
http://www.freedomhouse.org/template.cfm?page=664

Internet freedom in Azerbaijan: Joint Statement of Institute for Reporters'
Freedom and Safety and Democracy Monitor (18.04.2011)
http://www.irfs.az/content/view/6294/28/lang,eng/

Article 29 Working Party -  Opinion 10/2011 on the proposal for a Directive
on the use of passenger name record data for the prevention, detection,
investigation and prosecution of terrorist offences and serious crime
(5.04.2011)
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp181_en.pdf

Europe Creates Orphan Works Registry, Copyright ID System; Digitises EU
Content (12.04.2011)
http://www.ip-watch.org/weblog/?p=15265

Tim Berners-Lee: Web access is a "human right"  (12.04.2011)
http://www.networkworld.com/news/2011/041211-mit-berners-lee.html

============================================================
10. Agenda
============================================================

5-6 May 2011, Milano, Italy
The European Thematic Network on Legal Aspects of Public Sector
Information - public conference
http://www.lapsi-project.eu/milan

17-18 May 2011, Berlin Germany
European Data Protection Reform & International Data Protection Compliance
http://www.edpd-conference.com

30-31 May 2011, Belgrade, Serbia
Pan-European dialogue on Internet governance (EuroDIG)
http://www.eurodig.org/

2-3 June 2011, Krakow, Poland
4th International Conference on Multimedia, Communication, Services and
Security organized by AGH in the scope of and under the auspices of INDECT
project
http://mcss2011.indect-project.eu/

12-15 June 2011, Bled, Slovenia
24th Bled eConference, eFuture: Creating Solutions for the Individual,
Organisations and Society
http://www.bledconference.org/index.php/eConference/2011

14-16 June 2011, Washington DC, USA
CFP 2011 - Computers, Freedom & Privacy
"The Future is Now"
http://www.cfp.org/2011/wiki/index.php/Main_Page

11-12 July 2011, Barcelona, Spain
7th International Conference on Internet, Law & Politics (IDP 2011): Net
Neutrality and other challenges for the future of the Internet
http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en

24-30 July 2011, Meissen, Germany
European Summer School on Internet Governance 2011
Applications open until 15 May 2011
http://www.euro-ssig.eu/

============================================================
11. About
============================================================

EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE