EDRI-gram Nieuwsbrief - 15 december 2010

1. Rule of law in the hands of private companies. Wikileaks is just the start.

Private-sector attempts to undermine and attack the ability of WikiLeaks to function on the Internet have attracted much attention.

Their domain name ( was was taken out of service by EveryDNS, their ability to collect funds was restricted by Paypal, Visa and Mastercard while Amazon deleted their website. When did we abandon the rule of law and replace it with summary justice meted out by private companies? How does it happen that private companies can punish a website that has never been convicted of a crime? Why would they do this?

The truth is that there have been years of “behind-the-scenes” efforts by (mostly western) governments to persuade, reward or coerce Internet companies into developing censorship structures. Under the harmless-sounding flag of “self-regulation,” and demands that Internet providers take more responsibility for illegal online activity, a comprehensive infrastructure is being put in place. The purpose of this infrastructure is to hand over quasi-judicial responsibilities to private companies, which, less bound by the obligations imposed on courts, impose summary justice on those accused of illegal activity online. This action can be to have payments being blocked by payment providers, websites deleted and Internet traffic filtered by Internet providers, slowly and imperceptibly eroding the rule of law. While western governments must respect their constitutions, life becomes much simpler when private companies can take extra-judicial action against uncomfortable online information.

Even before WikiLeaks had been heard of by anyone in Europe except geeks, the European Commission had launched proposals for European web hosting companies to take extra-judicial action to delete websites without judicial authority (helpfully suggesting that they give themselves licence to do so in their terms of service), online trading platforms to ban people accused of counterfeiting from online trade, Internet access providers to filter peer to peer traffic in order to delete anything that might not be authorised by copyright owners and mobile phone companies to block alleged illegal content from their networks.

This is not just a European phenomenon. The EU negotiated the Anti-Counterfeiting Trade Agreement with countries around the world. This agreement suggests extra-judicial “cooperation” between Internet providers and copyright owners to police and punish alleged infringements. The Organisation for Economic Cooperation and Development has launched a major project on the role of Internet intermediaries in “achieving public policy objectives”. The Organisation for Security and Cooperation in Europe actively welcomes an approach where the only punishment for the publication of racist material online is the extra-judicial deletion of the websites containing the material. The list goes on.

Unfortunately, this trend for governments to outsource regulation of the Internet is happening at a moment when Internet companies are increasingly open to such requests. Companies like Virgin and Deutsche Telekom/T-Mobile are campaigning for the right to interfere in Internet traffic for their own commercial purposes. Virgin has announced plans to implement technology to open every packet of data sent to or received from its consumers in order to police possible copyright infringements, which would undermine its music business. Deutsche Telekom has also signaled its intention to restrict access of its customers to high-bandwidth sites. Earlier this year, its CEO reportedly demanded that Google be required to pay for the bandwidth used to access its services.

The increasing willingness of the largest Internet providers to interfere with their customers' traffic for business purposes obviously creates dangers for competition, innovation and free speech - dangers that would normally inspire government intervention for the good of society. Instead there appears to be a silent agreement - Internet companies will gradually undertake extra policing activities and, in return, they will be left free to slowly dismantle the openness that is at the heart of its value for democratic society.

2. Data Retention Directive evaluation: expect the unexpected?

The evaluation of the controversial Data Retention Directive takes an unexpected turn, for the worse. At a crucial one-day conference in Brussels on 3 December 2010, aimed at gathering input for the evaluation, long-term critic of the Directive Commissioner Malmström (DG Home Affairs) surprisingly announced that “data retention is here to stay”.

The statement not only disregards legal developments since 2005, the damage done by telecommunications data retention to 500 million Europeans and the lack of evidence that such a measure is necessary and proportionate. On top of that, the Commissioner undermines the entire evaluation process and the evidence-based decision making itself. To great risk, because our fundamental freedoms and the very nature of our free and open societies is at stake.

Nevertheless, the unexpected statements of the Commissioner could turn out to be momentary. Each member of the Commission swore, for the first time in history, a legally binding oath before the European Court of Justice to respect the Fundamental Rights Charter on 3 May of this year. In 2011, the same European Court of Justice will rule on the constitutionality of the principle of data retention, after a referral of this question by the Irish High Court. The Commission might realize in time that it will lose its credibility, once the Court - taking note of the ECJ Schecke (§86) and ECtHR Marper (§119-125) judgements - rules data retention in breach of our fundamental rights to privacy. Better stand up for the rights of 500 million citizens now, than feeling sorry afterwards.

“We shouldn't put the privacy of all citizens at risk”, Commissioner Reding (Justice, Fundamental Rights and Citizenship) told Dutch newspaper NRC Handelsblad recently. So the Commission is divided on this controversial issue. In the evaluation report, to be published in the first quarter of 2011, the entire Commission will have its say. Is data retention here to stay? We might as well expect the unexpected.

3. Commission finds solution on notice and takedown and it seeks the problem

On 15 December 2009, the European Commission held its third meeting on “public private cooperation to counter the dissemination of illegal content in the European Union. The first meeting took place in November 2009 and the second in May 2010.

After the previous meeting, the European Commission received written comments jointly from EDRi and EuroISPA as well as a variety of industry players. Six months later, the Commission finally reacted to that feedback, sending participants revised recommendations on the evening before the meeting.

The Commission tried to open discussions on its recommendations for extra-judicial takedown of material that has been accused of being illegal, on grounds of containing child abuse, racism/xenophobia or terrorist content. However, both industry and EDRi demanded repeatedly that the Commission finally should define the problems that it believes it is addressing by this initiative. Unfortunately, the Commission steadfastly refused to do this. The Commission also choose not to answer a direct question as to how this initiative complies with either Article 10 of the European Convention on Human Rights (which requires a legal basis for interferences with communication) and the 2003 Interinstitutional Agreement, which obliges the Commission not to promote co- or self-regulatory measures in relation to matters of significance to fundamental rights.

In the afternoon session, DG Information Society of the European Commission explicitly stated that some Member States do not devote adequate resources to addressing online child abuse and that it is “at the bottom of the (priority) list” in some European countries. As a result, the Commission is focusing on takedown of the criminal websites and is developing statistical tools to assess the speed with which sites are deleted.

Contradicting repeated statements about the “need” to block websites in the USA, Russia and Ukraine, the Commission explained that significant progress was being made in those countries. This may not necessarily be such good news - exporting a system where criminals are “punished” by having their websites deleted rather than facing a judicial procedure in full respect of the rule of law does little to respect the EU's obligation to support democracy and the rule of law internationally.

The Commission then invited an anti-spam initiative in order to allegedly demonstrate how Internet intermediaries can regulate the online environment.

The meeting closed with industry stressing the lack of clarity about where the process was meant to go, the relevance of the “recommendations” published by the Commission and the fact that lack of resources in law enforcement agencies cannot be solved by industry actions.

The Commission may or may not provide more guidance on whatever problem that this process is supposed to solve, but asks for industry input on this. Comments are requested by the end of January, with a working group meeting planned for February and another “plenary” meeting in April.

4. ECJ to discuss the case of eBay & trademark infringement

In the case introduced by L'Oreal against auction site eBay and referred by the High Court of Justice (England and Wales) to the European Court of Justice (ECJ) the Advocate General, Niilo Jaaskinen, published on 9 December 2010 its opinion that the site could not be considered liable for trademark infringement committed by its users in case it was not expressly notified regarding such infringements.

However, in case electronic marketplaces, such as eBay, do not take measures to stop a trademark infringement when notified of it, they will no longer be except from liability: “Regarding the same user and the same trade mark an operator of an electronic marketplace has actual knowledge in a case where the same activity continues in the form of subsequent listings and can also be required to disable access to the information the user uploads in the future. In other words, exemption from liability does not apply in cases where the electronic marketplace operator has been notified of infringing use of a trade mark, and the same user continues or repeats the same infringement,” says the Advocate General.

In 2007, L'Oréal notified eBay of its concerns about the sale of its goods on eBay's European websites and, dissatisfied with the site's answer, brought a legal action against eBay in Belgium, Britain, France, Germany and Spain. L'Oreal claimed eBay was equally liable, together with its users, for potential brand infringements which included eBay users selling L'Oréal perfumes and cosmetics samples meant for free distribution, removing package boxes from perfumes and cosmetics before selling them via eBay or selling their products intended for markets outside of Europe. eBay argued the were just hosting the auctions and therefore not directly liable, according to the EU E-commerce directive.

In an earlier case this year dealing with the conflict between trademark infringement and contextual adevertising brought by a group of luxury goods companies in March 2010, the ECJ ruled that Google could continue selling advertisements linked to searches for brand names. Similarly, the Advocate General now believes eBay can continue to purchase keywords-based advertising in order to direct users of Internet search engines to its site (including L'Oréal trademarks) stating that “the use of the disputed trademarks as keywords by eBay does not necessarily result in misleading the consumers as to the origin of the goods offered.” Yet, he also expressed himself in favour of L'Oréal, stating the company can prohibit the selling of goods with the outer packaging removed if this is damaging for the company's reputation or the function or quality of its products. Also, trade mark protection can be invoked where goods for sale on eBay haven't been put on the market within the EU.

It seems both eBay and L'Oreal have received Jaaskinen's opinion positively: “Despite the complexity of the issues and the preliminary nature of the advocate general's opinion, we are encouraged that the ECJ's final judgment will reinforce European consumers' freedom to buy and sell authentic goods online,” stated Steve Milton, Director of Corporate Communications at eBay International.

L'Oréal believes that the opinion is a balanced one and “is overall consistent with the stance that L'Oréal has held for several years,” and that it also supports “effective combating of internet-based counterfeit product sales.”

The Advocate general's opinion is not binding for the ECJ but, in most of the cases the Court follows his recommendations. Usually, the ECJ rules between three and six months after the advocate general's opinion.

Also, in the US, the Supreme Court refused to hear an appeal in a similar case, thus supporting the ruling made by the Appeal Court on 1 April 2010 in the case brought by jeweller Tiffany against eBay in 2004 and consequently making the ruling definitive. The Court of Appeal's decision was that eBay did not infringe trademarks when allowing counterfeit sales in its auction sales. The court considered that eBay had fulfilled its duty by removing certain items when so asked by Tiffany, and that its obligations went no further than that. However, the Court of Appeal asked the lower court in the case to rule on whether eBay adverts for Tiffany goods were infringing false advertising regulations.

5. Council text on web blocking - breaking the law to fight crime

The Council of Justice Ministers adopted a text on web blocking at its recent meeting in Brussels on 2-3 December 2010. The Belgian Presidency, for domestic reasons, felt obliged to adopt a text during its term of office. As a result, the outcome is a hastily cobbled together text that makes little legal sense and whose main value is to finally betray the real meaning behind the proposal.

The adopted text can be divided into two main parts:

1. “Member States shall take the necessary measures, including through non-legislative measures, to ensure that the blocking of access to webpages containing or disseminating child pornography is possible towards the Internet users in their territory.”

Under the UN Child Rights Convention, Member States are already under a binding legal obligation to take all appropriate measures to prevent the “exploitative use of children in pornographic performances and materials”. If Member States do not feel that blocking is “necessary” to achieve this, the Council's wording would not create an obligation for them to suddenly make a different analysis that would make blocking obligatory.

However, the text is very clear about the obligation to create an infrastructure which is capable of implementing the blocking of web pages (Member States shall (…) ensure that the blocking of access to webpages (…) is possible (…) in their territory.)

The reference to “non-legislative” measures is particularly interesting because blocking via “self-regulatory” mechanisms by Internet providers is unquestionably illegal. It is illegal under:

  • a. The European Convention on Human Rights - Article 10 “The exercise of these freedoms (…) may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law”
  • b. The European Commission's own impact assessment - “Such measures must indeed be subject to law, or they are illegal.”
  • c. The International Covenant on Civil and Political Rights. Article 19.3 “The exercise of the rights provided for in paragraph 2 of this article carries with it special duties and responsibilities. It may therefore be subject to certain restrictions, but these shall only be such as are provided by law and are necessary.”
  • d. The 2003 Interinstitutional Agreement on Better Lawmaking - Article 17: “The Commission will ensure that any use of co-regulation or self-regulation is always consistent with Community law (…) These mechanisms will not be applicable where fundamental rights or important political options are at stake or in situations where the rules must be applied in a uniform fashion in all Member States.”

2. The second element of the agreement is also noteworthy. It requires that the individuals accused of uploading depictions of serious crimes against children are informed that their site is blocked and “as far as possible, are informed of the possibility of challenging it.” Such an obligation would only be necessary if it is assumed that there would be no investigation or prosecution of the individuals that uploaded the site. In Belgium, this is done by providing a fax number on the blocking page that will not be available to the person who, by definition, will be not be in Belgium and therefore not able to see the page.

6. French law Loppsi 2 under debate again

The so-called Loppsi 2 draft law (loi d'orientation et de programmation pour la performance de la sécurité intérieure - law on guidelines and programming for the performance of internal security) is being discussed these days in the French General Assembly in second reading, after having been approved by the Senate in September 2010.

The National Assembly is continuing the long and controversial debate on the draft text which might allow the blocking, at the level of ISPs, of websites considered by the authorities as undesirable, without judiciary control and which may give the police authority to install spyware on PCs, without the users' knowledge and without having to justify their actions.

Article 4 of the text referring to the blocking of child pornography sites is considered as a Trojan horse. The concerns are that the filtering may be extended to other types of sites out of political reasons as it happened with FNAEG (Fichier National Automatisé des Empreintes Génétiques - Automated National File of Genetic Prints) which started initially by gathering the DNA data of sexual criminals and ended up in containing the DNAs of more than 1,5 million people.

Many organizations (even child protection ones) have expressed several times the idea that, while supporting the fight against child pornography sites, they also believed that the measures proposed by the French government were disproportionate and most of all inefficient.

La Quadrature du Net has brought as example the attempts to forbid the hosting of Wikileaks in France. “This shocking maneuver is a new demonstration of the government's will to by-pass the legal authority in order to play the Internet police in contempt of the fundamental rights. The child protection pretext is only a means for the political power to establish a filtering infrastructure for the information on the net” stated the organization.

The organisations belonging to CLEJ (Collectif Liberté Egalité Justice - Collective for Freedom, Equality and Justice), warn over the fact that the draft text “reveals a political line that is particularly worrying: databases, surveillance, control, detention!” The group is worried by the increased surveillance and believes that “in France the goal is to increase the spying of public space to the maximum: the authorities will be able to place video-surveillance devices practically everywhere in public spaces.”

After going through the National Assembly, the text will go back to the Senate at the beginning of 2011. According to Gérard Larcher, President of French Senate the debate next year will be difficult and “fierce”.

7. Privacy Platform Meeting

On 1 December 2010, the Privacy Platform held a meeting on the Commission's recent Communication on updating the Data Protection Directive. Hosted by Sophie in't Veld MEP, the panel consisted of: Martin Selmayr, Head of Commissioner Reding's cabinet (who spoke in her absence as the Commissioner was ill), Jacob Kohnstamm, Chairman of the Article 29 WP, and Peter Hustinx, the European Data Protection Supervisor.

The meeting was well attended and overall, it followed standard storyline. In regard to the Communication and future steps for the revised Data Protection Directive, Mr. Kohnstamm urged that more ambition was needed, and listed five general principles that should be kept in mind. First that class action is a necessity, the patchwork of data protection rules should be a thing of the past (particularly in the post-Lisbon EU), the duty of controllers should be strengthened, privacy by design should be addressed more thoroughly and that there should be better enforcement powers for data protection authorities (DPA).

Peter Hustinx, echoing many statements in support of the Article 29 WP Chairman, emphasized the need to take a bold approach, particularly in terms of enforcement, accountability, harmonisation and including privacy by design into the beginning of the development process rather than tackling it at the end. This approach is outlined in more detail in his recently published policy paper which outlines a more robust approach to data protection.

The issue of real consent was discussed throughout the meeting, where Marc Rotenberg from the Electronic Privacy Information Center (EPIC), commented that “consent” is often anti-privacy, as its terms are dictated by the firm in question. Mr. Hustinx agreed, saying that transparency does not equal consent. Sophie in't Veld made the point that consent implies choice, but in reality, “choice” does not really exist.

In regard to public authorities taking more responsibility and accountability, Ms. In't Veld pointed to the irony that they are usually the greatest violators of privacy, illustrating another dilemma with regards to attaining adequate data protection in the information society.

There was discussion of sanctions and better enforcement measures for the Data Protection Directive and for DPAs. Mr. Kohnstamm agreed that more sanctions are needed, but that the measures also need to expand power and scope in order to logistically take on the added load (adding that currently there are only 80 employees in his DPA).

The public consultation on the Communication is open until 15 January 2011. The Commission plans to release the final review of the Data Protection Directive sometime “around” the summer of 2011.

8. Sweden's high court sends IP-data protection conflict to the ECJ

The Swedish ISP TeliaSonera has recently received a decision at the Swedish Supreme Court that questions a 2009 court decision forcing it to hand over the identity of SweTorrents BitTorrent site operator.

In 2009, four movie studios represented by anti-piracy group Antipiratbyran took TeliaSonera to Södertörn District Court which forced the ISP to reveal the identity of the respective file-sharer.

The anti-piracy group as well as the court considered that, based on Sweden's IPRED (Intellectual Property Rights Enforcement Directive) legislation, ISPs had the obligation to reveal to rightholders the identity of customers involved in copyright infringement cases. The provider refused to comply arguing that ISPs had the fundamental right to protect their customers' privacy and pointing out the conflicts between IPRED and the European Data Protection Directive.

TeliaSonera appealed, but in May 2010, the Court of Appeal upheld the District Court's decision, ruling that the ISP would face a fine amounting to about 80 000 euro in case of non-compliance. TeliaSonera appealed again taking the case to the Supreme Court which has now ruled to postpone the decision and send the case to the European Court of Justice (ECJ) in Luxembourg in order to clarfy the conflict between data protection and IP enforcement provisions.

“It is good that the Supreme Court shares our view that there must be a balance between the interests in matters of principle and that court has now therefore decided that TeliaSonera's case should await the ECJ ruling, “said Patrick Hiselius, TeliaSonera's lawyer.

This means that a final decision in the matter might take a few years. And, as there is nothing in the Swedish Electronic Communications Law that obliges ISPs to store information about the IP addresses of their customers, Telia, as well as the other ISPs, will be free to stop storing data or delete data in order to protect the privacy of their customers. At least until the data retention directive is implemented in Sweden.

9. ENDitorial: WIPO SCCR 21 session

The present text is a report from the Standing Committee on Copyright and Related Rights 21st meeting in Geneva, Switzerland (SCCR 21). In this report, the debate on the Broadcasting Organizations' protection (except for the NGO statements) is not included due to the fact that the author was not present during these negotiations.

The discussions on the matter started during the afternoon of the second day of the meeting. A handy comparison chart of the four previously introduced proposals from 2009 and 2010 was available, from which it was fairly easy to catch up with the current discussion. Brazil, Ecuador and Paraguay (later joined by Mexico - thus the BEMP Treaty proposal) and the African Group made fairly similar proposals, based on a World Blind Union recommendation for the visually impaired (various terminologies were used in various documents, e.g. blind and other reading disabilities or persons with print and other reading disabilities - for the purpose of this document, they mean the same). In their proposals, other disabled people were also mentioned, unlike the US or EU proposals, which were in this and other respects much more restrictive in the exceptions proposed. The exceptions for other disabled were, in the final document, moved to a different meeting, together with the limitations and exceptions for educational and research institutions, libraries and archives.

During the meeting, KEI made a statement supporting the BEMP Treaty proposal for extending the exceptions to include other disabled in need than only visually impaired, which I signed on EDRi's behalf.

Most of the discussion in the meeting, from Wednesday on, revolved around the issue of limitations and exceptions for the visually impaired. Unfortunately, that left little time for the multitude of other topics that should have been handled. This was recognized, and thus, what the meeting actually ended up in doing on the topics left unhandled was to divide them up between additional working days and the coming SCCR meetings in the following manner:

May/June 2011, SCCR 22: three additional working days for limitations and exceptions for persons with print and other reading disabilities, to be presented to the WIPO General Assembly (GA) during September 2011, where a decision is to be taken on the topic.

November 2011, SCCR 23: three additional working days for limitations and exceptions for libraries and archives. This was an especially hot topic amongst the NGOs, as it originally seemed that educational and research institutions would have been handled before libraries and archives and all were predicting that to be a much tougher negotiation, possibly having repercussions on the negotiations for libraries and archives.

It seems that the limitations and exceptions for archives is going to be a lot easier topic to handle than for libraries. There is little point in limiting the usage of archive material, especially (but not only) in the case of orphan works, by the archives. It is, after all, fairly unlikely that these would be profitable usages nor that they would be “misused”, in the sense of the current copyright law or its related rights. The question for libraries is arguably tougher, although, access to information through libraries should be a clear goal to educate the people.

May/June 2012, SCCR 24: again, three additional working days to the regular session, now for the limitations and exceptions for education, teaching and research institutions, and, rather surprisingly, persons with other disabilities (than print or reading impaired).

There seemed to be no representatives for education, teaching and research NGOs and institutions at the meeting. Maybe they were there, but the NGOs representing visually impaired, libraries, archives and general purpose NGOs such as EDRi, EFF and KEI (although, no FSF, even though they had a seat - unfortunate), and of course the associations representing copyright holders and 'casters were at least much more visible.

Both SCCR 23 and SCCR 24 results are to be presented in the following WIPO GA meeting in September 2012.

Basically, the exceptions for various disabled are not going to switch the field of copyright much to any direction - nor will the exceptions to archives. And these exceptions are easily justifiable by the mere access to information argument - access to extremely limited amount of information compared to non-disabled, in any case.

The exceptions for libraries, schools, higher education and research, on the other hand, might be more meaningful from a copyright perspective. But in a good sense, as in getting access to information for those who, at the moment, are lacking it, especially for education but also for cultural purposes (as is of course true for disabled as well!).

As it seems to be becoming more and more common, the meeting stretched until (and past) midnight on the last evening. The final version of the timetable for further negotiations was accepted 7 minutes to midnight - after midnight it would have been too late, and it would have gone to SCCR 22. After that, the paper was still discussed, thanks were given etc., but basically, the result of SCCR 21 was achieved at that point.

12. Agenda

archief/edri_gram_nieuwsbrief/15_12_10.txt · Laatst gewijzigd: 2017/09/11 21:36 door KapiteinG