Even if the European Union recently adopted an updated and comprehensive regulation on data protection, the issue of privacy will likely continue to produce political controversies and fuel (legal) disputes in Brussels as well as in many countries of the old continent.
What’s interesting is that the customary European mess surrounding data protection rules appears to be ‘infecting’ the U.S. At least to a certain extent. By reclassifying broadband ISPs as common carriers, the U.S. Federal Communications Commission has also grabbed legitimate powers to regulate how they handle privacy.
And that’s exactly what it did publishing in March a proposal which many believe to be way too prescriptive for ISPs, not least because it will place on them several obligations that other Internet companies do not have to comply with. The problem is that up to now the Federal Trade Commission was the only ‘privacy cop’ presiding over the compliance of data protection rules on the Internet. Now that the FCC have weighed in it’s less clear what will be the role of the two agencies.
On paper the FCC will start policing the ISPs under its new (and more stringent) rules, whereas the FTC will continue to enforce consumers protection rules on the commercial Internet. We will then see two different set of rules applying to ISPs on the one hand and to the rest of Internet companies on the other.
The odd thing here is that while Europe is putting much effort in placing all the players under the same regulatory umbrella (for instance with the new General Data Protection Regulation), the U.S. are seemingly walking the opposite direction. Even Giovanni Buttarelli, the European Data Protection Supervisor, wrote in a recent opinion: “we also recommend clarification of the respective roles of the FCC and the FTC over broadband internet service providers.”
Ever since the terrorist Paris attacks in November the debate over government ‘backdoors’ into encryption has been back in the spotlight. For obvious reasons the US is at the forefront of the dispute as it is home to an overwhelming share of the world’s leading businesses in the digital sector.
US authorities are increasingly seeking the cooperation of these companies with regard to special access on encrypted systems as part of the on-going government campaign against terrorism.
However, Silicon valley companies and civil society groups reject such calls on the grounds that this will undermine the digital security, posing a threat to crucial rights such as privacy or freedom of expression (Apple CEO Tim Cook has emerged as the most vocal industry leader in criticizing federal plans to weaken encryption).
The truth is both camps may have a point. That is why it is difficult to pick a side in such a complex and mostly technical discussion, as it is very hard to tell how to strike a right balance between security and privacy matters.
In this respect, it is interesting to note the opinion expressed by AT&T CEO Randall Stephenson on the sidelines of the World Economic Forum that is currently taking place in Davos.
According to Mr. Stephenson, it’s the congress, not the companies, that should determine U.S. policy on access to encrypted data on cellphones and other devices. “I personally think that this is an issue that should be decided by the American people and Congress, not by companies,” Mr. Stephenson said on Wednesday, in an interview with The Wall Street Journal.
For the record, Mr. Stephenson added that his own company has been unfairly singled out in the debate over access to data. “It is silliness to say there’s some kind of conspiracy between the U.S. government and AT&T,” he said, clarifying that the company turns over information only when accompanied by a warrant or court order.
It is hard to dissent with the fact that the decision on access to encrypted data should lie with democratically elected instances.
Encryption is bound to become a key issue on the 2016 presidential race – as the latest Democratic Party presidential debate has clearly shown –, although barely 10% of US adults say they have encrypted their communications, according to a recent Pew Research poll. Therefore, the American electorate will soon have a say on the matter.
This could sound as a simplistic way to address the issue (digital activites are pointing out that US politicians have little knowledge of the issue).
But if the topic of encryption is properly addressed in the context of an open and democratic discussion, and any action is ultimately taken with the backing of elected representatives, there is little reason to complain.
Even so (and if basic rights are being put at risk, as some may suggest) modern democracies, such as the US, offer the legal means to challenge – and sometimes reverse – a decision through federal courts.
We welcome the new General Data Protection Regulation (GDPR) that was agreed in mid-December, as it marks a crucial step forward. However, it fails to create a level playing field for telecom operators. And still presents multiple critical aspects.
Following the introduction of the regulation, the electronic communications sector will be forced to abide by a twofold regulation, complying with both the new data protection legislation and the ePrivacy Directive. If Europe wants to support the growth and innovation spreading out within its convergent digital markets, this asymmetry needs to be addressed shortly.
The ongoing, rapid Internet evolution has been providing breeding grounds for several new telecom-alike services (including OTT services) to grow. The point is that, unlike traditional telecom providers, such services are not necessarily bound by the terms of ePrivacy Directive, although they are functionally equivalent to one another.
As a consequence, different rules applying to equivalent services inevitably create unfair competition between telecom operators as well as legal uncertainty and general confusion among consumers. In order for them to benefit from a consistent regulation, regardless of the service provider in question, a prompt revision of the ePrivacy Directive is required.
The main reason why, back in 2013, Neelie Kroes felt compelled to put forward a set of EU-wide rules on net neutrality is that she could predict a wave of domestic regulations was bound to materialize sooner or later: a nightmarish scenario for a European commissioner who dreamed of building a telecom single market where “telcos can think European to compete globally”.
Alas, the kind of national fragmentation Mrs. Kroes ardently sought to prevent is about to be blessed by the EU law. Under a hard-fought settlement reached by the European Parliament and the Council in June, key elements of the first-ever EU bill on net neutrality will be adjudicated in the member states and their interpretation left up to national regulators. For example, domestic regulators will determine what is and what is not a “specialised service”.
This epilogue, which contradicts the original goal of the bill as it was conceived by Neelie Kroesand, has very little benefits for consumers and comes with a higher price. It may underdime the legal certainty and regulatory predictability (at EU level) that the telecoms sector badly needs to attract more investment. The truth is that a regime of “European net neutralities” is nearly as bad as not having a legislation at all.
Most Brussels’ insiders didn’t blink an eye when in mid-April draft copies of the upcoming Digital Single Market strategy began circulating among tech lobbyists eventually landing on the desk of a few reporters. Such leaks are commonplace in the “EU bubble”, even more so when it comes to digital-related legislative initiatives.
In fact, during the former European Commission’s term not a single bill drafted under the auspices of the then EU digital chief Neelie Kroes escaped the fate of being leaked weeks (and at times even months) before its official presentation. No wonder that the EU community abounds with stories of interns or civil servants who were punished after being caught “smuggling” internal documents out the Commission.
The DSM leak is thus hardly a surprise. But it calls into question the Commission ability or willingness to protect the confidentiality of its work. Worse: several of these leaks are said to be orchestrated on purpose by commissioners’ cabinets.
True, the impact of this practice should not be overestimated. Yet it highlights a clear deontological problem within the ranks of the Commission that should be addressed as soon as possible.
Where does the real balance of power lie in the European Parliament elected in June last year? More specifically, who wields the most influence?
Superficially, of course, it is the Centre-Right European People’s Party as the largest grouping but it does lose 16% of its seats compared to the previous legislature.
The gap now between the second largest grouping, the Socialists and Democrats group, is only 30 seats compared to 81 in the last Parliament.
The S&D group attracted 7 more seats in the 2014 elections but many expected it to come out on top so their improved performance is somewhat qualified. The Liberal group (ALDE) lost almost 20% of its seats and even the Greens lost 9% compared to the 2009 elections.
The big collective winners, of course, were the variety of “anti-EU/anti-establishment” groupings of the extreme left and right accounting, depending on your definition, for 25-30% of the total membership.
But here again, their weight has been mitigated as the mainstream groupings have successfully kept them out of any real positions of influence in the Parliament and many of these parties remain fragmented.
But enough about basic statistics. An obvious measure of influence is the frequency with which majorities are assembled and key votes won. Another, admittedly more subjective, gauge is visibility in the media – and here I mean particularly the media outside the “Brussels bubble”.
Three of the highest profile matters that the European Parliament is now handling – data privacy, the conduct of the financial sector and “Luxleaks” – have Green MEPs taking the lead (Jan Albrecht, Sven Giegold and Philippe Lamberts).
Anglo-Saxon media at least regularly refer to and quote these parliamentarians in their news stories. This does not necessarily translate, of course, into the Green group being able to assemble majorities in their favour on these matters but it is a pretty clear example of a group representing less than 6% of the total EP membership punching way above its weight.
I may be being too simplistic in this assessment. The two largest groups still hold key positions.
The EPP-S&D arrangement of sharing the EP’s presidency every two and a half years shows no sign of overhaul and many respected figures from these groups hold the chairmanships of important committees, such as Claude Moraes on Civil Liberties and Bernd Lange on Trade from the S&D and Elmar Brok on Foreign Affairs and Jerzy Buzek on Industry, Research and Energy from the EPP.
Whatever the size of the group members belong to, however, all MEPs face a new challenge in their role as “co-legislators”.
The new European Commission led by Jean-Claude Juncker and masterminded by his first Vice-President Frans Timmermans, seems determined to reduce significantly the number of proposals where the Parliament’s opinion and approval are to be sought.
In its first annual work programme for 2015, the Commission has announced just 23 new proposals and the removal of 80 more languishing on the negotiating table.
This compares with 316 proposals in the first annual programme of the last Commission headed by Jose-Manuel Barroso and on average 100 new proposals in the subsequent four years of “Barroso II”.
This does not automatically mean that MEPs will have less to get their teeth into from now on but it does suggest a keener rivalry between groups and between members to secure positions of prominence such as rapporteurships and chairing committees of enquiry in those areas where the Commission will be focusing its attention.
After the stunning combined victory of the extreme groups in last June’s poll the understandable reaction of the main political groupings was to close ranks in an attempt to preserve some sense of “business as usual”. That strategy has worked well until now.
It remains to be seen whether this self-imposed cohesion will survive as the business of politics, as much as legislation, takes its natural course.
This could be a critical year for the governance of the Internet. A plan for transferring the US stewardship of the IANA functions to the global community is expected to come to life by next September. Post-WCIT tensions over the role of countries in managing the web may come to a showdown at the WSIS+10 high-level conference to be held next December in New York.
And while the UN General Assembly is likely to extend the mandate of the IGF, an essential platform for policy dialogue, many other Internet Governance issues such as privacy, cybersecurity and net neutrality will be debated more than ever in countless international venues. If it wants to carry some weight with the Internet “big game”, Europe cannot afford to play with 28 different national teams. It should speak with one voice out of a clear and bold vision.
Unfortunately, there are few signs that this will occur. In the past years Member states have relegated the issue of Internet Governance to a bunch of working documents and non-binding declarations. They haven’t gone beyond agreeing on a set of vague principles and have widely disregarded the European Commission’s pleas for more common action.
Such disengagement conceals the will to keep a free hand on the issue, highlighting different national stances. For instance, France and Germany are seemingly inclined to favour a more intergovernamental approach in the future governance of the Internet, whereas other EU countries are far more cautious fearing this could give more (legal) legitimacy to non liberal states’ attempts at censuring the web.
Nonetheless, a reasonable compromise would not be that difficult. Last year, the European Commission presented an ambitious political document on Internet Governance that could serve as a basis for further negotiations. Likewise, the European Parliament outlined his position in a number of non-binding resolutions.
Europe has still a great chance to be a protagonist of the current transition if it is willing to set aside ineffective national interests and develop a long-term and common strategy. But it should hurry.
On 25 January the proposed EU General Data Protection Regulation is turning three. The irony is that it won’t come into force before it is six. That is, of course, the best-case scenario.
A compromise between EU governments is unlikely to be concluded before the end of the year, or even later. After that, the Council must reach consensus with the European Parliament on the wording of the final text. A lot of time may have passed by then.
Much more time than Viviane Reding could have imagined when she unveiled the proposal in 2012. What’s more, the wait won’t be over. Once adopted, there is expected to be a two year transition period before the regulation takes effect.
In the meantime many things are likely to change under the skies of Europe. The regulation has been proposed in the wake of the NSA spy scandals, with most EU leaders calling for stricter privacy rules in order to appease their public opinions. However, in the aftermath of Charlie Hebdo shooting the political agenda in many EU countries seems to be shifting from privacy worries to surveillance efforts.
On the other hand the rise of new technologies, such as the Internet of Things or Big Data, may present challenges to privacy that will require fresh legislative intervention.
In short, when in 2018 – or even later – the regulation enters into force, it risks to be out of touch with the reality, and partially ineffective. European paradoxes at their best.
As widely reported by the press, the Internet of Things took center stage at this year’s CES event in Las Vegas. But it wasn’t just a matter of health trackers, connected cars or “smart” home appliances being showcased to the usual crowd of tech enthusiast. There was also a lot of talk about the implications of a coming world in which most everyday objects will be connected.
In fact, for all its touted benefits, the rise of IoT is expected to raise a number of legal questions and regulatory issues. This was the core message of a speech delivered by US Federal Trade Commission chairwoman Edith Ramirez during the event itself.
While recognizing that the boom in connected devices has the potential to foster global economic growth and improve people’s lives, Ramirez voiced particular concern about security and privacy risks posed by the Internet of Things. Her words highlight FTC efforts in developing a fresh and more tailored response to the challenge.
So, how the European Union is faring in this respect? Well, let’s say that it’s time to do more.
The European Commission held a public consultation on IoT between April and July 2012 in view of presenting an ambitious “recommendation” (i.e. a non.binding by Spring 2013. At the same time, the conclusions of an EU Expert Group signalled that policy initiatives were required in as many areas as privacy, safety and security, ethics, interoperability, governance and standard.
Yet the recommendation has never come into being, and ever since IoT has all but disappeared from the EU institutions’ radar. To a certain extent some IoT issues have been addressed through a proposed “data protection” regulation and a cyber security directive.
However, a far more comprehensive approach is clearly needed and the new European Commission should start working on it as soon as possible. Even if it may be still considered in its infancy, IoT is growing at a rapid pace. According to Cisco, some 25 billion devices will be connected by 2015, and 50 billion by 2020. A stronger regulatory framework at EU level will not only ensure that consumers’ rights be kept safe, but will also enable the industry to evolve in a stable manner as legal uncertainty is bad for innovation too.
Europe’s copyright rules have long been left behind by the exponential growth of digital technology. The existing EU framework rests on a directive from 2001, which was basically designed for an ‘analogue’ world.
The result is an outdated legal landscape that remains highly fragmented along national lines and looks ever more at odds with the borderless nature of the Internet.
Since its early days the new European Commission has pledged with great fanfare to fix the problem. It is now expected to unveil plans for copyright reform by this spring, the task being entrusted to the commissioner for the Digital Economy, Germany’s Günther Oettinger – with the commission’s Vice-President Andrus Ansip set to supervise the job. They better brace themselves for a bumpy ride. For the battle is about to turn nasty.
Copyright is one of Europe’s thorniest – and most polarizing – issues, with scores of vested interests pulling in opposite directions and (most) governments rather wary of relinquishing their national powers.
It is no wonder if the past decade has seen a series of EU-led initiatives flopping miserably. And it is not granted that Mr. Oettinger may succeed where his honourable predecessors failed. On paper he should have the experience and the political backing behind him to deliver.
After all, during his previous tenure as European commissioner for energy Mr. Oettinger had to deal with powerful lobbies. He can also count on strong support from the German government.But he is a newcomer to the complicated copyright dossier and admittedly he’s been given little time to think it through.
To be sure, the new digital commissioner will struggle to strike a satisfactory balance between right holders’ demands for protection (and esclusivity) and digital/telecoms players’ cries for more openness and flexibility. In fact, there are reasons to worry that he finds himself torn between the two opposing camps, ultimately giving birth to a botched, unambitious proposal that once again will prevent Europe from achieving an harmonized framework over copyright in sync with the digital times.
Norwegian politician Trygve Lie once described the post of Secretary-General of the United Nations, which he held for 6 years, as “the world’s most impossible job”. It is not exaggerated to say that Mr. Oettinger is about to grapple with Europe’s most impossible job.
Experts may have mixed feelings about Neelie Kroes’ record as EU Digital chief. Yet it would be hard for them to question her efforts to bring the ‘digital cause’ to prominence among European leaders and the public opinion alike. That is precisely why the new European Commission needs to keep her on board.
In her five-year-long crusade, Mrs Kroes managed to forge a powerful narrative around the vital importance of information and communication technologies for Europe’s present and future prosperity. That message is eventually being heard in the political circles.
It still has to be translated into bolder legislative efforts. The new European executive has openly pledged to accomplish this daunting job, notably by putting emphasis on completing the digital single market. Against this background, Mrs Kroes’ diplomatic and communicative skills can be very helpful. Her forward-looking vision too. Mr Juncker should consider appointing her to a newly created job of EU Digital Ambassador.
He may look to a successful initiative launched by Mrs Kroes herself, namely the creation of national ‘digital champions’, to have an idea of how the role would work.
Digital Champions are high-profile public figures tasked with advocating a digital inclusive society: they also advise governments on promoting e-skills in education, fostering e-government services, encouraging digital entrepreneurship, supporting businesses to embrace new technologies, boosting research and innovation. Mrs Kroes, who is soon to become the Netherlands Special Envoy for Startups, would be the ideal candidate to impersonate this role at European level.
Messrs Ansip and Oettinger, who took over the EU digital portfolio from her, have much to gain too. Mrs Kroes could help them build the public and political consensus required to pass very sensitive reforms: from copyright to, say, radiopectrum management.