Hi again,

It is refreshing to finally have a real conversation going on here :) I really like it. So I am taking the time to fully engage. 

As for a more general solution with regards to the age verification issue, I appreciate very much what the EU has done with the Digital Services Act. It obliges platforms to protect minors. It asks them to analyse, assess and mitigate risks. But it also gives platforms, at least at first, plenty of room for maneuver and to figure out how to do it. The platform has the opportunity to prove to the regulator that there is no significant, systemic risk and/or that risks are being taken care of efficiently. It also explicitly says that no additional user data should be gathered. 

This, for me, is a sensible solution. And one of our goals should be (and is) to elevate the DSA, or its principles, to the level of international treaties. We can start with a Council of Europe treaty. The French government, however, was hell-bent to go beyond it and be stricter.

Another general solution I personally like is to move age-verification to the device or browser. Like parental controls already work on many systems, including TVs. I am not sure how well such an approach would be accepted by the communities, the device manufacturers or the legislators. In this scenario the community would need to provide metadata/categorisation for sensitive content. Not sure it is feasible, but this is a universal approach that doesn't require the hovering up of user data. I have proposed a Wikimania session on online age-verification, we need to have this discussion and come up with solutions we are willing to accept. Because such regulation is coming, not only in France and the UK, but everywhere. It is just starting.

Now, back to France. Our initial position was that the DSA has just been passed and that the EU will have this special group to work out best practices, so national governments should wait at least a little bit to see the results of the DSA. I believe the European Commission has made similar arguments to Paris. But, as I said, France explicitly wants to pre-implement and go beyond EU level regulation.

Our second position was that they should take a different definition of social media, one idea was to generally exclude not-for profit content sharing services, like the copyright directive. This is politically not feasible anymore. Politicians don't agree that not-for-profits should have special exemptions when it comes to content moderation (see DSA, terrorist content, child sexual abuse material). So, regardless of how much lawmakers toyed with the definition, it always included platforms that allow users to share content.

The original amendment Senators had proposed after hearing from Wikimedia actually included the brand name "Wikipedia". It literally said "with the exception of Wikipedia", I kid you not. So we then intervened again (note: this is our third fallback option) and asked for a more general wording, which was then accepted.And I think educational and scientific repositories goes well beyond Wikimedia projects.

The accepted language is modelled after the carve-out used in the copyright directive, the second part of Article 2(6). As mentioned above, a general exception for all not-for-profits, as in the first part of the same article from the copyright directive, was not feasible in France. I agree that in this case the "online encyclopedia" part was in the end not really necessary anymore, as Wikipiedia is an educational resource par excellence. But the final wording is the product of a thought process of lawmakers, and without "online encyclopedia" we wouldn't have gotten the "educational and scientific repositories.

As for Wikivoyage, I don't know if it is an educational resource or not, but it is part of the Wikimedia movement, whose current mission statement is "bring free educational content to the world". If it is not educational, then we need a new mission statement. Wikinews I prefer not to comment, I have very specific views of that project. MediaWiki itself is a software project, not an online platform. Meta-Wiki is what I worry about. I have no answers on this. But, here again, we decided to ask for the protection of educational and scientific projects at large, instead of  lobbying for a wording that would carve-out every single Wikimedia project.

So, I don't really accept the criticism that we are asking for exceptions for ourselves as a snowflake, we explicitly try not to do this and create as large a space for self-governing communities as possible. This is our approach. It worked with the DSA, it didn't work in France. I can also confirm that on half a dozen of files we are working on (e.g. AI, political advertising, child sexual abuse materials, Media Freedom Act) our projects are not directly concerned and we could easily pass on them. But we still speak up and join coalitions to try and establish a larger space for autonomous online communities. The truth is that lawmakers are much more willing to protect concrete projects.

Still, when push comes to shove, and the large umbrella attempts fail, of course we are going to look for a way to protect our projects. Call it selfish, but I don't think we are.


Le mer. 31 mai 2023 à 19:00, Mathias Schindler <mathias.schindler@gmail.com> a écrit :

On Wed, May 31, 2023 at 4:43 PM Dimi Dimitrov <dimi@wikimedia.be> wrote:

> === Liability on Free Software ===
> The Cyber Resilience Act (CRA) sets out cybersecurity requirements for a range of software products placed on the EU market. The instrument of choice is to impose liability on developers and deployers of software. Our main worry is how the new obligations would hinder developers, especially volunteers, of free software. We are coordinating our position [10] and actions with the FSFE and EDRi.
> —
> The Industry, Research and Energy (ITRE) committee in the European Parliament has the lead and MEPs have tabled their amendments, which will now be discussed in the coming weeks (see Documentation Gateway in [11]). The good news is that most political groups are thinking about the specific needs of free software. The challenge is that the lawmakers, including the ones in Council, seem to be lacking a coherent vision of what a liability system should look like. We appear to be stuck considering patches and carve-outs. We are now going through an initial assessment of amendments [12] and will coordinate with our allies before contacting lawmakers.

You might want to borrow language from Directive EU 2019/770, Article 3 (5) f here:

5.   This Directive shall not apply to contracts regarding:

(f) software offered by the trader under a free and open-source licence, where the consumer does not pay a price and the personal data provided by the consumer are exclusively processed by the trader for the purpose of improving the security, compatibility or interoperability of that specific software;

Since this is already law in place and transposed, it would be a good starting point for consistency.

Publicpolicy mailing list -- publicpolicy@lists.wikimedia.org
To unsubscribe send an email to publicpolicy-leave@lists.wikimedia.org

Dimitar Dimitrov
Policy Director
Wikimedia Europe

mobile: +32497720374
Rue Belliard 12 Belliardstraat, Brussels

Wikimedia Europe ivzw