EU Issues Overview – 5 – 11 December 2015 Thumbnail
Newsletters 15 December 2015

EU Issues Overview – 5 – 11 December 2015

Data protection

EU: New agreement on transatlantic data flows will have an explicit suspension clause

  • Speaking at the 6th Annual Data Protection and Privacy Conference which took place in Brussels on 10 December, the EU Justice Commissioner Věra Jourová said that a new agreement on transatlantic data transfers should include an explicit suspension clause which would allow the EU to suspend the agreement if its conditions are not met.
  • US Federal Trade Commissioner Julie Brill, who also spoke at the conference, stated that the invalidation of the Safe Harbour made data transfers less transparent. Brill highlighted that while the principles and operating procedures of the Safe Harbour were known, there is far less transparency with regards to the alternative transfer tools. Commissioner Brill noted that although companies with approved binding corporate rules are listed on the European Commission’s website, the details of the rules that each company creates for itself are not public.
  • Commissioner Jourová added that the new arrangement needs to ensure that data protection provisions travel together with the data which is being transferred.

EU: Data protection reform will be finalised before end of 2015, Commission and Council Presidency say

  • CommissionerJourová said that a deal on the proposed data protection framework overhaul could be struck within the next two weeks. Luxembourg Justice Minister Félix Braz added that details of negotiations will become clear next week.
  • According to media reports, MEP Jean Philipp Albrecht (Greens, Germany), Rapporteur on the dossier, stated that the Parliament’s plenary will vote on the final text in January or February.

EU: Chairwoman of the Article 29 Working Party speaks about post-Safe Harbour arrangements

  • Describing how the job of the Article 29 Working Party (WP) changed after the Safe Harbour deal was invalidated, Isabelle Falque-Pierrotin, Head of the French data protection watchdog (CNIL) and Chairwoman of the WP, said that the WP is increasingly involved in defining operational and strategic decisions for the 28 national data protection authorities (DPAs).
  • Falque-Pierrotin said that, despite the announcement of German DPAs with regards to not giving new contracts for biding corporate rules or model contract clauses, there is unity in DPAs approach to post-Safe Harbour arrangements.
  • The Chairwoman of the WP also clarified that the end of January deadline does not mean that the DPAs expect a new data transfer agreement to be ready by then. The DPAs want to see some kind of political signal showing that the situation of EU citizens’ data in the US when accessed by the intelligence services is understood and taken seriously.

EU: Luxemburg says countries support pan-European data retention rules

  • Félix Braz said that a majority of Member States are supportive of an EU-wide rule which would clarify how companies and administrations store data and provide access to it for law enforcement purposes.The comments followed last week’s meeting of the EU Justice Ministers.
  • According to media reports, France and the UK want to keep control of data retention measures at a national level.
  • Commissioner Jourová commented that the Commission does not have plans to put forward new data retention legislation.

EU: Group of DPAs say Belgian cookie judgment should apply EU-wide

  • A taskforce within the Article 29 Working Party which was set up in 2014 to analyse Facebook’s revamped policy on how it collects information from its members said that the social network must stop tracking Internet users who are not its members. The issue at stake is the use of the so-called datr cookie.
  • The statement called upon Facebook to end the tracking of non-users, not only browsing in Belgium, but throughout the EU. Led by the Dutch DPA, the group includes representatives from Belgium, France, Spain and the city of Hamburg.
  • A recent decision of a court in Brussels required the company to stop the tracking or face a fine of €250,000 per day. Belgium’s privacy commission announced that Facebook would need to start complying with the court order starting on 14 December.


EU: Negotiators come to an agreement on the proposed Network and Information Security Directive

  • On 7 December, the European Parliament, the Council of the EU and the Luxembourg Presidency came to an agreement on the Network and Information Security Directive. Proposed back in 2013, the Directive requiresoperatorsof essentialservices to take appropriate security measures and report on cybersecurity incidents.
  • The inclusion of online services within the scope of the Directive was long-time dividing the negotiators. Under the agreement reached, cloud service providers, large e-commerce retailers and search engines will be included in the scope, although under lighter requirements than other essential services (e.g. banks, utilities and hospitals).
  • MEP Andreas Schwab (EPP, Germany) commented that the inclusion of certain online services could constitute a first step in the regulation of online platforms. However, other digital service providers, such as app stores, Internet payment services and social networks will not fall under the scope of the Directive.
  • The Network and Information Security Directive is the first EU-wide cybersecurity law and will also enhance cooperation and capabilities between Member State authorities. Andrus Ansip, Vice-President of the Commission for the Digital Single Market said that this agreement is a necessary and important step towards strong EU-wide cybersecurity solutions when a breach online can have a serious knock-on effect in the rest of Europe.

EU: More needs to be done to enhance IT security, expert panel agrees

  • On 8-9 December, the European Parliament’s Civil Liberties Committee and the STOA panel (Science and Technology Options Assessment) organised a workshop on IT security and EU IT capabilities. Thediscussions focussed on developments around the digital economy and cybersecurity, with the Internet of things and big data at the forefront.
  • MEP Claude Moraes (UK, S&D), Chair of the LIBE Committee, underlined that in order to ensure online privacy, the EU needs to step up its action and address the issue of vulnerability of IT security. In this respect, he referred to enhancing encryption, developing minimum security, reshaping the Internet architecture, boosting the EU IT capabilities and creating a more autonomous IT industry.
  • Prof. Joseph Cannataci, UN Special Rapporteur on the right to privacy, particularly in the context of new communication technologies, highlighted that the EU should lead by example. He warned against measures that would put privacy at risk. With regards to encryption, Cannataci stated thatbackdoors to the Internet and other communications is a bad idea.
  • Michael Boni (EPP, Poland) argued that a regulatory and non-regulatory framework is needed, calling for more soft law and co-regulation. He also underlined the importance of proper implementation.


EU: European Commission presents its Communication on copyright modernisation

  • On 9 December, the European Commission presented its Communication on the EU copyright framework modernisation called Towards a modern, more European copyright framework.
  • Access to content, adaptation of exceptions to digital and cross-border environments, a well-functioning marketplace for copyright, and an effective and balanced enforcement system are the main pillars of the Communication.
  • The Commission announced that by spring 2016, it will consider measures addressing the different factors around the sharing of the value created by new forms of online distribution among the various market players. The Commission will also examine whether there is a need to act on the definition of the rights of ‘communication to the public’ and of ‘making available’.
  • As for enforcement, the Commission will assess by autumn 2016 whether framework for the intellectual property rights enforcement should be amended.
  • The initiatives on the copyright modernisation will be consistent with the Commission’s work on online platforms.

EU: European Commission unveils its proposal on online content portability

  • Together with the Communication, the Commission also unveiled a proposal on a Regulation on ensuring the cross-border portability of online content services in the internal market.
  • The proposal seeks to ensure that subscribers to online content services, which are delivered on a portable basis, can receive these services when temporarily present in another EU Member State.
  • The obligation to enable subscriber to use the online content services while the subscriber is temporarily present in another Member State applies to the same content, range and number of devices and the same functionalities as in the Member State of residence. It does not extend to any quality requirements applicable to the delivery in the Member State of residence. Nevertheless, the Regulation will require providers to inform the subscriber on the quality of delivery in another Member State.
  • From the perspective of licensing of copyright and the related rights, the provision and access to and use of the service by a subscriber who is temporarily present in another Member State is deemed to occur solely in the country of residence.
  • The Commission proposed for the Regulation to apply to any contracts concluded and rights acquired before the application of the Regulation, should they be relevant for the provision, access and use.

EU: Should Wi-Fi providers fight copyright infringement? EU court hears stakeholders’ arguments

  • The question of whether Internet-access providers are legally liable when users transmit copyright-protected music over their web links has become central to a dispute between German Wi-Fi provider and the German branch of Sony Music.
  • Sony told the EU judges this week that the provider should be required to put in place technical controls such as filters to fight copyright infringements on its system. The provider argued that the Internet connection was set up as a mere conduit for information and that it has no control over the data transmitted or stored on the system which provides a non-password-protected connection to the Internet.
  • One of the issues at stake is identification of users. The music company’s lawyer argued that the EU’s e-commerce rules relieve telecom operators and ISPs from any responsibility for the information they transmit only if they fulfil certain conditions.
  • In his intervention in front of the court, the Commission representative argued that national judges must balance intellectual property rights against the freedom of information.
  • Maciej Szpunar, the Advocate General on the case, is expected to issue his opinion on 16 March 2016.


France: Council of Ministers approves the proposed digital bill

  • On 9 December, the Council of Ministers approved the proposed digital bill which consists of three pillars: data flows and knowledge (creation of a public data service, access to public data), protection of citizens in the digital society (neutrality of the Internet access, confidentiality of private correspondence) and access for all to digital (establishment of a right to maintain the connection, mobile coverage). The proposal will now be fast-tracked through the Parliament and subject to a plenary debate in January.
  • The proposal was also sent to the European Commission to be cross-checked with European legislation for coherency. Centre-right MP Laure de La Raudière (Les Républicains) warned that fast-tracking of the proposal could lead the law to be contrary to future European law as the General Data Protection Regulation is still in negotiations. This concern was also raised by the French State Council.

Related articles

Newsletters 3 April 2020

Kilima: Highlights from ISOC Africa – March 2020

Africa Regional Bureau Newsletter for March 2020

Newsletters 3 February 2020

Kilima: Highlights from ISOC Africa – January 2020

Africa Regional Bureau Newsletter for January 2020

Newsletters 12 December 2019

Kilima: Highlights from ISOC Africa – November 2019

Africa Regional Bureau Newsletter for November 2019