Prosit!
Please excuse us, but this will be a long report :/
—
As the European political families are gearing up for European Parliament
elections in June, the legislative work is still really, really intensive.
This is caused by the technical fact that if a file isn’t wrapped up by the
end of February there simply won’t be enough time to formally adopt it.
—
We can report on agreements on the anti-SLAPP Directive, the European Media
Freedom Act and the Cyber Resilience Act. All three are relevant to
Wikimedians and Wikimedia projects. Meanwhile the Child Sexual Abuse
Materials Regulation is stuck, while the infamous AI Act’s saga is heading
to a culmination this Friday.
Dimi & Michele
=== anti-SLAPP Directive ===
The anti-SLAPP (Strategic Lawsuits Against Public Participation) proposal
<https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2022/0117(COD)&l=en>,
which was published in April 2022, aims at protecting persons who engage in
public participation from manifestly unfounded or abusive court proceedings
that present a cross-border aspect. It is part of the European Democracy
Action Plan
<https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2020%3A790%3AFIN&qid=1607079662423>.
It introduces minimum common rules “by developing a common EU understanding
on what constitutes a SLAPP and by introducing procedural safeguards”. As
you may be aware, our projects and communities are facing SLAPP cases
across Europe, including in Portugal
<https://diff.wikimedia.org/2023/07/27/high-stakes-for-the-wikimedia-projects-in-portugal-fighting-a-strategic-lawsuit-against-public-participation-slapp/>
and Estonia
<https://meta.wikimedia.org/wiki/CEE/Newsletter/Newsroom/Is_suing_Wikipedia_a_worthwhile_idea>
.
—
The legal affairs Committee (JURI) voted last week and approved the
provisional agreement between the Parliament and the Council. Now, the
parliament’s plenary needs to formally approve the text (normally the end
of February) and then it will be the turn of Council. Once the text is
formally adopted by both Institutions and after 20 days of its publication
in the Official Journal, it will enter into force (possibly already in
April). From that moment, it will start to apply the two years’ time period
to transpose the Directive.
—
Overall, the agreement can be considered satisfactory as it introduces some
common safeguards that until now the EU lacked. There are nonetheless a few
aspects on which Wikimedia Europe wants to focus at national level when
Member States will transpose the Directive. Indeed, Member States can
decide to offer further protection, for instance, on the early dismissal
mechanism, the possibility to introduce the right to ask for the
compensation of damages or the possibility to take into account the
ubiquitous nature of the Internet as a relevant element to determine the
cross-border nature of a case. We will prepare “transposition
documentation” and work with interested communities across the continent.
=== EMFA ===
The European Media Freedom Act is intended to boost media and journalistic
freedom <https://ec.europa.eu/commission/presscorner/detail/en/ip_22_5504>
across the bloc. It is a bag of very versatile measures that are intended
to help protect a pluralistic media landscape. Things like rules on
government spending on public service announcements and enshrining the
protection of sources at the EU level. For Wikimedia this law is relevant,
because it also wants to limit how online platforms moderate content
provided by media providers, which are defined as media outlets but also
individual journalists.
—
The agreed text has been voted by the Culture and Education (CULT)
Committee 24 January and now the parliament’s plenary is supposed to
endorse it at the end of February. Once the text is formally voted on by
both co-legislators, it will be published in the Official Journal and will
enter into force (possibly already in April). The new law will start to
apply 15 months after its entry into force, but some articles will apply
earlier.
—
The agreed text of Article 17 would require online platforms to accept
self-declarations from media service providers who identify as such and
warn such users ahead of moderating their content and to allow them a
fast-track channel to contest decisions. All this can be problematic,
seeing that disinformation is sometimes produced by media providers.
Despite the fact that Wikimedia projects were exempted from this provision
in the Commission proposal, and that Parliament introduced Recital 35a
explicitly recognising the role of online encyclopaedias and excluding them
from the scope of the Article
<https://www.europarl.europa.eu/doceo/document/A-9-2023-0264_EN.pdf>, the
final version of the text contains a less clear carveout. This means that
Wikipedia is in scope, but the exact extent of the obligations likely won’t
mess with the established content moderation practices. The technical and
legal language is messy, if you care about a deep-dive, please ping us :)
—
On the other hand, lawmakers reached a non satisfactory deal on Article 4
of the EMFA, which is supposed, among other things, to protect journalists
from the possibility to deploy spyware against them. As we care about
freedom of information and journalism, we supported this provision as well.
=== Transparency and targeting of political advertising ===
The proposed regulation
<https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2021/0381(COD)&l=en>
aims at regulating political advertising services, including targeting and
amplification techniques, making them more transparent. The deal is sealed
and is expected to enter into force 20 days after its publication in the
Official Journal.
—
The final agreement solves the issue of the definition by introducing the
remuneration element and encompassing in house activities as well as
political campaigns.This was important to us, as some iterations of the
definition could have covered encyclopaedic content. Nonetheless, the new
definition leaves room for a broad interpretation, especially concerning in
house activities, which could catch civil society advocacy in scope.
—
A ban for non-EU sponsors has been introduced, in the last three months
preceding an election or referendum, be it at EU, national, regional or
local level.
—
With regard to the possibility to use special categories of personal data
to profile people and deliver targeted messages, legislators introduced a
specific prohibition. The latter applies also to inferred data (even though
this is specified in a recital and not an Article), thus offering a proper
protection.
—
The new rules will enter into application after 18 months from the adoption
of the regulation. This practically means that they will not be in place
for the future EU elections foreseen in June 2024.
=== CRA ===
We finally have a deal on the Cyber Resilience Act
<https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_17000_2023_INIT>,
a law for internet-connected products that is meant to improve the security
and software maintenance of your smart toaster and AI-powered fridge (just
random examples). The tool originally chosen is to create obligations to
manufacturers and/or vendors. We were involved in these negotiations
<https://wikimedia.brussels/who-should-be-liable-for-free-software/>
because the newly proposed obligations could have seriously messed up the
free & open software ecosystem.
—
In the end the CRA will not harm free software and is unlikely to cause
havoc on the open source environment, as long as it is outside a commercial
activity. Two main clarifications were added:
-
(10c) .. the provision of free and open-source software products that
are not monetised by their manufacturers is not considered a commercial
activity.
-
(10c) This Regulation does not apply to natural or legal persons who
contribute source code to free and open-source products that are not under
their responsibility.
—
Truth be told, this is still a terrible piece of law and we have to be
honest, at best it won’t do much harm. The original proposal by the
Commission was not well thought out and more a result of the “We need to do
something!”-reflex. The co-legislators tried to fix it on the fly, but
politically didn’t want to re-think the entire approach. In the end we are
stuck with definitions in recitals (the non-active part of the text),
obligations without corresponding penalties (what’s the use?) and how
exactly the compliance will look like is largely left to the European
Commission to decide by issuing guidances later on. All in all the EU would
have been better off without this law.
"In the final iteration of the text, seen by Euractiv, non-profit
organisations that sell open source software on the market but reinvest
all the revenues in non-for-profit activities were also excluded from
the scope."
“the provision of free and open-source software products with digital
elements that are not monetised by their manufacturers is not considered a
commercial activity”.
===CSAM ===
This proposed regulation wants to establish unified rules on cohabiting
child sexual abuse material and grooming of minors online. Regular readers
of this report know that the most contentious issue is a provision that
would oblige messaging services to actively scan all users’ messages to
detect such material.
—
The European Parliament’s Civil Liberties Committee (LIBE) led by Spanish
lawmaker Zaralejos (EPP) has edited the proposal and gotten approval by the
plenary for its position
<https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2022/0155(COD)&l=en>.
The solution is to restrict the scanning of private conversations only to
cases where a judge has given permission as part of criminal procedures.
The Council, on the other hand, still can’t agree on a joint paper. Only
after they agree they could start negotiation with the parliament. From
what we hear some Member States (and especially their police and security
services) aren’t fans of end-to-end encryption and wouldn’t mind it being
bowled away by the CSAM Regulation. At the same time Germany, Poland and
France keep blocking negotiations citing privacy and fundamental rights
concerns. If the Council doesn’t reach an agreement soon, this law simply
won’t see the light of day.
—
Not directly related, but kind of related, the Wikimedia Foundation
has published
its new child safety policy
<https://diff.wikimedia.org/2024/01/25/wikimedia-foundation-launches-new-child-safety-policy-to-better-protect-younger-users/>
and provided better public explanations on how it tackles such thorny
issues. Protecting children online is also an obligation under the Digital
Services Act and a major political issue across countries. Such
communication is definitely very useful.
===Resolution on EU Crimes ===
In the meantime, the European Parliament adopted its resolution on EU crimes
<https://www.europarl.europa.eu/doceo/document/TA-9-2024-0044_EN.pdf>. The
Treaty on the Functioning of the European Union in its Article 83 contains
,a list of crimes to be recognised by all member States. According to the
same Article, in order to change the Treaty the Council needs the approval
of the Parliament.
—
What is of interest to us in this resolution is its Paragraph 12, where
Parliament: "Stresse[ed] that misuses of the internet and the business
model of social media platforms, which is based on micro-targeted
advertising, contribute to spreading and amplifying hate speech, inciting
discrimination and violence and increasing the risk of revictimisation;
calls on the Commission and the Member States to ensure the correct
implementation of current legislation, such as Regulation (EU) 2022/20651,
and to make use of all means and instruments at their disposal to counter
the dissemination of hate speech online"
=== DSA Enforcement ===
The Digital Services Act, the EU’s general content moderation law, is
gradually entering into force with both regulators and platforms working on
readiness. Member States are passing laws on appointing national
regulators, while the Commission is working, among other things, on
guidelines. An expected timeline for the next:
-
After March: A Consultation about general guidelines on risk assessments
under Art 34 DSA.
-
Guidelines on data access are likely to come after EU elections.
-
End of 2024: Consultation about Trusted Flagger guidelines. The
guidelines should ideally give protection against abuse by large TFs, while
also allowing smaller organisations to make use of this tool.
—
Meanwhile the Wikimedia Foundation has submitted feedback
<https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14027-Digital-Services-Act-transparency-reports-detailed-rules-and-templates-/F3451860_en>
on the planned guidelines for transparency reports under the DSA.
===AI Act===
The AI Act’s fate will be decided this Friday in Brussels, where Member
States need to vote on a “take-it-as-is-or-leave-it” proposal by the
Belgian Council Presidency. The same agreement has already been approved by
the parliament. Germany, France and Italy still haven’t decided on their
position and continue to criticise the “over-regulation” of general purpose
AI models (a.k.a. large language models). Still, even if the three vote
against, they won’t have enough weight to block it, they would need another
country, literally any, to form a so-called “blocking minority”. Austria
still hasn’t confirmed how they will position themselves. Expect a more
detailed analysis once this saga is over.
—
Of course a political cliffhanger is nothing to stop a solid bureaucracy
from expanding. The European Commission established a European AI Office
<https://digital-strategy.ec.europa.eu/en/library/commission-decision-establishing-european-ai-office>
that is supposed to monitor and enforce rules on general purpose AI
models.
=== France ===
France is working on passing a “national content moderation and DSA
transposition law” that comes packaged with many, many bad ideas
<https://wikimedia.brussels/wikipedia-will-be-harmed-by-frances-proposed-sren-bill-legislators-should-avoid-unintended-consequences/>.offering
a proper protection.
—
Following the vote of the of 17 October the French National Assembly on the
SREN bill
<https://www.assemblee-nationale.fr/dyn/16/textes/l16t0175_texte-adopte-seance>
(17 October 2023), the French Government made a new notification to the
European Commission, an obligation they have under EU law. This
notification kicks of a standstill period that is set to expire the 9 of
February.
—
In the meanwhile the EU Commission, sent a letter to the French government,
also an option under EU rules, in which formally expressed its point of
view (quite negative). This response automatically extended the standstill
period until 11 March 2024.
=== Sweden ===
19 January saw the publication of an official government report
<https://www.regeringen.se/contentassets/6b70735c6c05451c9728a4a2d987bf05/inskrankningarna-i-upphovsratten-sou-2024_4.pdf>
in Sweden, with proposed modernizations of the exceptions and limitations
in the Swedish copyright act. The report is based on a public inquiry, in
which Wikimedia Sverige's Eric Luth has been one of 13 experts, and the
proposals include a modernised freedom of panorama provision, new
exceptions for parody and news reporting, and a better environment for
scientific research and open science.
===Denmark===
We gather that the Danish government might be preparing a very similar
process of an inquiry, report and then proposed legislation to update
copyright exceptions & limitations. WMDK is engaged.
=== EU Elections ===
Ahead of EU elections European party groups have usually draft documents
called manifestos that outline their main proposal. We have tried to
suggest ideas across the political spectre and are keeping an eye on the
final documents. These usually come in handy for outreach purposes after
the elections.
—
The Social Democrats want to ensure that Europe harnesses the power of AI
to protect workers and citizens following the ‘human in control’ principle.
They are also envisioning major investment in digital public infrastructure
and education and to protect democracy and workers’ rights against “Big
Tech’s pursuit of profit or algorithmic management.”
—
The German Social Democrats - SPD - have also adopted their own party
programme for the European elections. It explicitly states the intention to
introduce an Open Knowledge Act.
—
The Greens will be pushing the idea of “Digital Fairness Act” that protects
citizens from “intrusive online advertising practices” and protects the
rights of individuals and the common good. Interestingly they also mention
data spaces that should open anonymised social data for non-commercial uses.
—
If you know of more relevant content in the national party programmes you
can read, please send tips to dimi(a)wikimedia.be :)
--
Wikimedia Europe ivzw