‹ Back
Newsletters 26 October 2016

EU Issues Overview – 15 October – 21 October 2016

Internet Access

EU: Risk of fragmentation over fair use policy mobile roaming

  • EU telecoms regulator BEREC cautioned against the danger of Member States applying the European Commission’s “fair use” policy on mobile roaming in different ways. BEREC warned of a risk of fragmentation due to the draft text allowing mobile operators to include their own terms and conditions for fair use.
  • BEREC also advised on the need to reform the wholesale market to prevent a reduction in investments and distortion of competition.
  • In parallel, Sébastien Soriano, President of the French telecoms regulator, confirmed on 17 October that the EU’s radio spectrum policy group will work with BEREC towards improving high-speed Internet connectivity in rural areas. 
  • BEREC will host two workshops focusing on regulatory issues related to the Internet of Things and Spectrum.  BEREC will also monitor and report on the impact of digital content services and smart devices.
  • The College of Commissioners is expected to adopt a final proposal on 15 December 2016.

EU: Digital Commissioners lend support for data economy

  • At a conference on ‘Building the European Data Economy’ on 17 October, Commissioner Oettinger outlined the European Commission’s work on data flows and the data economy. He set out the need for greater legal certainty concerning rights on data and principles allowing for the trading and use of data.
  • Commissioner Oettinger explained that the European Commission is looking to provide guidance on emerging issues such as liability, ownership, access, transfer and reusability of data.
  • Also on 17 October, Vice-President Andrus Ansip participated in the Consumer Summit 2016 and addressed the value of data and data flows for the digital economy and how digital services boost consumer choice.

Switzerland: Swiss in the lead to deliver ultrafast broadband via copper

  • Switzerland would be the first country in Europe to deliver G.fast connections which can reach speeds of 500Mbps.
  • G.fast uses traditional copper cables to carry data at record speeds and brings fiber distribution points closer to households.  Swisscom – the provider of G.fast – intends to install distribution points in 200 million homes.


EU: TiSA blocked over data protection

  • The Trade in Services Agreement faces deadlock as parties cannot agree on how to ensure data privacy on a global scale. The European Commission’s DG Trade and DG Justice have been working towards a compromise allowing for data to flow freely outside of Europe while ensuring the protection of personal data.
  • The possibility remains that TiSA will set EU data protection standards globally. However, should TiSA fail resolve the data flows vs data protection debate, the EU risks legal action over its adequacy decisions such as the EU/U.S. Privacy Shield.

EU: Website operators may have a legitimate interest to store certain personal data

  • The European Court of Justice (ECJ) ruled that website operators may have a legitimate interest to store certain personal data of visitors to their websites as a means of protection against cyberattacks.
  • The case involved a German citizen seeking an injunction to prevent websites from registering and storing IP addresses. A ‘dynamic’ IP address does not enable a link to be established between a specific computer and the connection to the network used by the Internet service provider, thus implying only the service provider has the additional information necessary to identify the user.
  • The Court ruled that the processing of personal data is compliant with EU law so long as it is necessary to achieve a legitimate objective pursued by the controller. In this context, the ECJ argued the German federal institutions had a legitimate interest in ensuring the continued functioning of their website and protection against cyberattacks.

EU: Pan-European exercise to test the resilience of EU infrastructures to cyberattacks

  • On 13 and 14 October, ICT and IT security industry experts belonging to over 300 organisations including, amongst others, national and governmental cybersecurity agencies, ministries, EU institutions, Internet and cloud service providers were called to replicate a six-months long cyber crisis.
  • Cyber Europe 2016 constituted the largest technical and operational EU cybersecurity exercise to date. Initiated in April 2016, it enabled EU cybersecurity professionals to analyse complex, innovative and real cybersecurity incidents.
  • The aim was to ensure business continuity and safeguard the European Digital Single Market. The simulation – which involved Internet of Things, drones, cloud computing, mobile malware and ransomware technologies – focused on political and economic policies related to cybersecurity, taking into account new processes and cooperation mechanisms within the Network and Information Security (NIS) Directive. 
  • The outcome will be analysed by ENISA and Member States; an initial report is expected in 2017, with a follow-up Cyber Europe exercise scheduled for 2018.

UK: National spy agencies accused of breaking privacy rules

  • The Investigatory Powers Tribunal (IPT) ruled UK spy agencies did not comply with privacy rules in collecting large amounts of citizens’ data without appropriate oversight.
  • As part of its review of the activities exercised by spy agencies, the IPT examined the collection of communications data and personal information – and concluded that some data collected did not comply with Article 8 of the European Convention on Human Rights (ECHR), which states all citizens have the right to a private life.
  • The IPT will rule before Christmas on whether the agencies violated the EU’s Charter of Fundamental Rights.

Ireland: Tech firms to report data breaches

  • Ireland will require tech companies to report data infringements to an independent office. Denis Naughten, Minister for Communications, will present a proposal to create an independent National Cybersecurity Centre in charge of coordinating Ireland’s response to cyberattacks.
  • Mr Naughten is thought to be considering requesting tech companies comply with digital due diligence and risk-assessment requirements.
  • The creation of a cyber centre comes as a result of the EU requiring Member States to identify and protect their critical infrastructure.

UK: Banks under-reporting cyberattacks to national regulators

  • British banks may not be reporting cyberattacks to regulators for fear of punishment or bad publicity. The official number of attacks upon financial institutions in Britain to date in 2016 is 75, compared to 5 in 2014; however bankers and cybersecurity experts consider the real figure is substantially higher.
  • Banks – who are not obliged to reveal cyber-attacks by the UK’s Financial Conduct Authority (FCA) –   are not thought to be alone in under-reporting attacks.   Government data shows that while 5 million fraud-related crimes and 2.5 million cybercrimes occur in the UK annually, only 250,000 were reported.

EU: EDPS Opinion on empowerment in managing personal data

  • The European Data Protection Supervisor (EDPS) published an Opinion on ‘Personal Information Management Systems – Towards more user empowerment in managing and processing personal data’ which analyzed the concept of technologies and ecosystems empowering individuals to take control over the sharing of their personal data.
  • The Opinion asks the European Commission to encourage the development of innovative digital tools and to adopt policies that inspire the development of economically viable business models.


EU: Commission to explore impact of Microsoft acquisition of Linkedin on innovation

  • The European Commission wants to understand the effects of the $26 billion acquisition of Linkedin by Microsoft. Two questionnaires were sent to competitors and customers this week to get further clarity on the implications of the acquisition and request details on artificial intelligence projects in the pipeline that could potentially require access to data on the hands of LinkedIn.
  • Competition Commissioner Margrethe Vestager has until 22 November to decide whether to approve the deal or decide to launch an in-depth inquiry.
‹ Back

Related articles

Newsletters 3 April 2020

Kilima: Highlights from ISOC Africa – March 2020

Africa Regional Bureau Newsletter for March 2020

Newsletters 3 February 2020

Kilima: Highlights from ISOC Africa – January 2020

Africa Regional Bureau Newsletter for January 2020

Newsletters 12 December 2019

Kilima: Highlights from ISOC Africa – November 2019

Africa Regional Bureau Newsletter for November 2019