Prosit!
Please excuse us, but this will be a long report :/
—
As the European political families are gearing up for European Parliament elections in June, the legislative work is still really, really intensive. This is caused by the technical fact that if a file isn’t wrapped up by the end of February there simply won’t be enough time to formally adopt it.
—
We can report on agreements on the anti-SLAPP Directive, the European Media Freedom Act and the Cyber Resilience Act. All three are relevant to Wikimedians and Wikimedia projects. Meanwhile the Child Sexual Abuse Materials Regulation is stuck, while the infamous AI Act’s saga is heading to a culmination this Friday.
Dimi & Michele
=== anti-SLAPP Directive ===
The anti-SLAPP (Strategic Lawsuits Against Public Participation) proposal https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2022/0117(COD)&l=en, which was published in April 2022, aims at protecting persons who engage in public participation from manifestly unfounded or abusive court proceedings that present a cross-border aspect. It is part of the European Democracy Action Plan https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2020%3A790%3AFIN&qid=1607079662423. It introduces minimum common rules “by developing a common EU understanding on what constitutes a SLAPP and by introducing procedural safeguards”. As you may be aware, our projects and communities are facing SLAPP cases across Europe, including in Portugal https://diff.wikimedia.org/2023/07/27/high-stakes-for-the-wikimedia-projects-in-portugal-fighting-a-strategic-lawsuit-against-public-participation-slapp/ and Estonia https://meta.wikimedia.org/wiki/CEE/Newsletter/Newsroom/Is_suing_Wikipedia_a_worthwhile_idea .
—
The legal affairs Committee (JURI) voted last week and approved the provisional agreement between the Parliament and the Council. Now, the parliament’s plenary needs to formally approve the text (normally the end of February) and then it will be the turn of Council. Once the text is formally adopted by both Institutions and after 20 days of its publication in the Official Journal, it will enter into force (possibly already in April). From that moment, it will start to apply the two years’ time period to transpose the Directive.
—
Overall, the agreement can be considered satisfactory as it introduces some common safeguards that until now the EU lacked. There are nonetheless a few aspects on which Wikimedia Europe wants to focus at national level when Member States will transpose the Directive. Indeed, Member States can decide to offer further protection, for instance, on the early dismissal mechanism, the possibility to introduce the right to ask for the compensation of damages or the possibility to take into account the ubiquitous nature of the Internet as a relevant element to determine the cross-border nature of a case. We will prepare “transposition documentation” and work with interested communities across the continent.
=== EMFA ===
The European Media Freedom Act is intended to boost media and journalistic freedom https://ec.europa.eu/commission/presscorner/detail/en/ip_22_5504 across the bloc. It is a bag of very versatile measures that are intended to help protect a pluralistic media landscape. Things like rules on government spending on public service announcements and enshrining the protection of sources at the EU level. For Wikimedia this law is relevant, because it also wants to limit how online platforms moderate content provided by media providers, which are defined as media outlets but also individual journalists.
—
The agreed text has been voted by the Culture and Education (CULT) Committee 24 January and now the parliament’s plenary is supposed to endorse it at the end of February. Once the text is formally voted on by both co-legislators, it will be published in the Official Journal and will enter into force (possibly already in April). The new law will start to apply 15 months after its entry into force, but some articles will apply earlier.
—
The agreed text of Article 17 would require online platforms to accept self-declarations from media service providers who identify as such and warn such users ahead of moderating their content and to allow them a fast-track channel to contest decisions. All this can be problematic, seeing that disinformation is sometimes produced by media providers. Despite the fact that Wikimedia projects were exempted from this provision in the Commission proposal, and that Parliament introduced Recital 35a explicitly recognising the role of online encyclopaedias and excluding them from the scope of the Article https://www.europarl.europa.eu/doceo/document/A-9-2023-0264_EN.pdf, the final version of the text contains a less clear carveout. This means that Wikipedia is in scope, but the exact extent of the obligations likely won’t mess with the established content moderation practices. The technical and legal language is messy, if you care about a deep-dive, please ping us :)
—
On the other hand, lawmakers reached a non satisfactory deal on Article 4 of the EMFA, which is supposed, among other things, to protect journalists from the possibility to deploy spyware against them. As we care about freedom of information and journalism, we supported this provision as well.
=== Transparency and targeting of political advertising ===
The proposed regulation https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2021/0381(COD)&l=en aims at regulating political advertising services, including targeting and amplification techniques, making them more transparent. The deal is sealed and is expected to enter into force 20 days after its publication in the Official Journal.
—
The final agreement solves the issue of the definition by introducing the remuneration element and encompassing in house activities as well as political campaigns.This was important to us, as some iterations of the definition could have covered encyclopaedic content. Nonetheless, the new definition leaves room for a broad interpretation, especially concerning in house activities, which could catch civil society advocacy in scope.
—
A ban for non-EU sponsors has been introduced, in the last three months preceding an election or referendum, be it at EU, national, regional or local level.
—
With regard to the possibility to use special categories of personal data to profile people and deliver targeted messages, legislators introduced a specific prohibition. The latter applies also to inferred data (even though this is specified in a recital and not an Article), thus offering a proper protection.
—
The new rules will enter into application after 18 months from the adoption of the regulation. This practically means that they will not be in place for the future EU elections foreseen in June 2024.
=== CRA ===
We finally have a deal on the Cyber Resilience Act https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_17000_2023_INIT, a law for internet-connected products that is meant to improve the security and software maintenance of your smart toaster and AI-powered fridge (just random examples). The tool originally chosen is to create obligations to manufacturers and/or vendors. We were involved in these negotiations https://wikimedia.brussels/who-should-be-liable-for-free-software/ because the newly proposed obligations could have seriously messed up the free & open software ecosystem.
—
In the end the CRA will not harm free software and is unlikely to cause havoc on the open source environment, as long as it is outside a commercial activity. Two main clarifications were added:
-
(10c) .. the provision of free and open-source software products that are not monetised by their manufacturers is not considered a commercial activity. -
(10c) This Regulation does not apply to natural or legal persons who contribute source code to free and open-source products that are not under their responsibility.
—
Truth be told, this is still a terrible piece of law and we have to be honest, at best it won’t do much harm. The original proposal by the Commission was not well thought out and more a result of the “We need to do something!”-reflex. The co-legislators tried to fix it on the fly, but politically didn’t want to re-think the entire approach. In the end we are stuck with definitions in recitals (the non-active part of the text), obligations without corresponding penalties (what’s the use?) and how exactly the compliance will look like is largely left to the European Commission to decide by issuing guidances later on. All in all the EU would have been better off without this law.
"In the final iteration of the text, seen by Euractiv, non-profit
organisations that sell open source software on the market but reinvest
all the revenues in non-for-profit activities were also excluded from
the scope."
“the provision of free and open-source software products with digital elements that are not monetised by their manufacturers is not considered a commercial activity”.
===CSAM ===
This proposed regulation wants to establish unified rules on cohabiting child sexual abuse material and grooming of minors online. Regular readers of this report know that the most contentious issue is a provision that would oblige messaging services to actively scan all users’ messages to detect such material.
—
The European Parliament’s Civil Liberties Committee (LIBE) led by Spanish lawmaker Zaralejos (EPP) has edited the proposal and gotten approval by the plenary for its position https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2022/0155(COD)&l=en. The solution is to restrict the scanning of private conversations only to cases where a judge has given permission as part of criminal procedures. The Council, on the other hand, still can’t agree on a joint paper. Only after they agree they could start negotiation with the parliament. From what we hear some Member States (and especially their police and security services) aren’t fans of end-to-end encryption and wouldn’t mind it being bowled away by the CSAM Regulation. At the same time Germany, Poland and France keep blocking negotiations citing privacy and fundamental rights concerns. If the Council doesn’t reach an agreement soon, this law simply won’t see the light of day.
—
Not directly related, but kind of related, the Wikimedia Foundation has published its new child safety policy https://diff.wikimedia.org/2024/01/25/wikimedia-foundation-launches-new-child-safety-policy-to-better-protect-younger-users/ and provided better public explanations on how it tackles such thorny issues. Protecting children online is also an obligation under the Digital Services Act and a major political issue across countries. Such communication is definitely very useful.
===Resolution on EU Crimes ===
In the meantime, the European Parliament adopted its resolution on EU crimes https://www.europarl.europa.eu/doceo/document/TA-9-2024-0044_EN.pdf. The Treaty on the Functioning of the European Union in its Article 83 contains ,a list of crimes to be recognised by all member States. According to the same Article, in order to change the Treaty the Council needs the approval of the Parliament.
—
What is of interest to us in this resolution is its Paragraph 12, where Parliament: "Stresse[ed] that misuses of the internet and the business model of social media platforms, which is based on micro-targeted advertising, contribute to spreading and amplifying hate speech, inciting discrimination and violence and increasing the risk of revictimisation; calls on the Commission and the Member States to ensure the correct implementation of current legislation, such as Regulation (EU) 2022/20651, and to make use of all means and instruments at their disposal to counter the dissemination of hate speech online"
=== DSA Enforcement ===
The Digital Services Act, the EU’s general content moderation law, is gradually entering into force with both regulators and platforms working on readiness. Member States are passing laws on appointing national regulators, while the Commission is working, among other things, on guidelines. An expected timeline for the next:
-
After March: A Consultation about general guidelines on risk assessments under Art 34 DSA.
-
Guidelines on data access are likely to come after EU elections.
-
End of 2024: Consultation about Trusted Flagger guidelines. The guidelines should ideally give protection against abuse by large TFs, while also allowing smaller organisations to make use of this tool.
—
Meanwhile the Wikimedia Foundation has submitted feedback https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14027-Digital-Services-Act-transparency-reports-detailed-rules-and-templates-/F3451860_en on the planned guidelines for transparency reports under the DSA.
===AI Act===
The AI Act’s fate will be decided this Friday in Brussels, where Member States need to vote on a “take-it-as-is-or-leave-it” proposal by the Belgian Council Presidency. The same agreement has already been approved by the parliament. Germany, France and Italy still haven’t decided on their position and continue to criticise the “over-regulation” of general purpose AI models (a.k.a. large language models). Still, even if the three vote against, they won’t have enough weight to block it, they would need another country, literally any, to form a so-called “blocking minority”. Austria still hasn’t confirmed how they will position themselves. Expect a more detailed analysis once this saga is over.
—
Of course a political cliffhanger is nothing to stop a solid bureaucracy from expanding. The European Commission established a European AI Office https://digital-strategy.ec.europa.eu/en/library/commission-decision-establishing-european-ai-office that is supposed to monitor and enforce rules on general purpose AI models.
=== France ===
France is working on passing a “national content moderation and DSA transposition law” that comes packaged with many, many bad ideas https://wikimedia.brussels/wikipedia-will-be-harmed-by-frances-proposed-sren-bill-legislators-should-avoid-unintended-consequences/.offering a proper protection.
—
Following the vote of the of 17 October the French National Assembly on the SREN bill https://www.assemblee-nationale.fr/dyn/16/textes/l16t0175_texte-adopte-seance (17 October 2023), the French Government made a new notification to the European Commission, an obligation they have under EU law. This notification kicks of a standstill period that is set to expire the 9 of February.
—
In the meanwhile the EU Commission, sent a letter to the French government, also an option under EU rules, in which formally expressed its point of view (quite negative). This response automatically extended the standstill period until 11 March 2024.
=== Sweden ===
19 January saw the publication of an official government report https://www.regeringen.se/contentassets/6b70735c6c05451c9728a4a2d987bf05/inskrankningarna-i-upphovsratten-sou-2024_4.pdf in Sweden, with proposed modernizations of the exceptions and limitations in the Swedish copyright act. The report is based on a public inquiry, in which Wikimedia Sverige's Eric Luth has been one of 13 experts, and the proposals include a modernised freedom of panorama provision, new exceptions for parody and news reporting, and a better environment for scientific research and open science.
===Denmark===
We gather that the Danish government might be preparing a very similar process of an inquiry, report and then proposed legislation to update copyright exceptions & limitations. WMDK is engaged.
=== EU Elections ===
Ahead of EU elections European party groups have usually draft documents called manifestos that outline their main proposal. We have tried to suggest ideas across the political spectre and are keeping an eye on the final documents. These usually come in handy for outreach purposes after the elections.
—
The Social Democrats want to ensure that Europe harnesses the power of AI to protect workers and citizens following the ‘human in control’ principle. They are also envisioning major investment in digital public infrastructure and education and to protect democracy and workers’ rights against “Big Tech’s pursuit of profit or algorithmic management.”
—
The German Social Democrats - SPD - have also adopted their own party programme for the European elections. It explicitly states the intention to introduce an Open Knowledge Act.
—
The Greens will be pushing the idea of “Digital Fairness Act” that protects citizens from “intrusive online advertising practices” and protects the rights of individuals and the common good. Interestingly they also mention data spaces that should open anonymised social data for non-commercial uses.
—
If you know of more relevant content in the national party programmes you can read, please send tips to dimi@wikimedia.be :)