As Brussels is locking down, some of the few conversations still happening physically in town are the TERREG trilogue meetings. The E-Evidence file is stalling in its EP committee (good!). Meanwhile we are gearing up for the proposals on data governance and the Digital Services Act package. 

Anna & Dimi

This and previous reports on Meta-Wiki:


Terrorist Content Regulation - TERREG


Hard to believe that this mess could get any messier, but here we are. The German Presidency of the EU presented a compromise that makes us think an enthusiastic law enforcement intern had been charged with a task of drafting a law that should protect fundamental rights. As a result, all content would be terrorist unless proven otherwise by a government or a platform, and that would include both journalistic and artistic materials. Because who is better equipped to evaluate all these inconvenient truths than those trustworthy actors? Yes, sarcasm is our coping mechanism. But we are also working with our partners and sending feedback to all participants of the trilogues to let them know that the only trajectory such a law would have is from the EP vote into the Court of Justice of the EU pipeline. Taking a lot of important information down[1] along with itself, of course. If you want to join the activities, please get in touch with us. Every voice from every Member State counts.  


E-Evidence Regulation


The E-Evidence Regulation aims to streamline the process of a prosecutor or judge in one EU country asking for electronic evidence. [2] One example is Facebook Messenger communications data. Another example is which IPs opened with Wikipedia URLs. It is this second instance that worries us. Under the newly proposed rules prosecutors could request and receive such data without a judges consent, which is currently required. 

While the lead committee in Parliament fights to keep the old categorisations and thereby judicial oversight, the Council has already agreed to the new principles. [3][4] There, especially France and Belgium are pushing for the new categorisations. Germany, Greece, Sweden, the Netherlands are critical thereof. But the issue being largely disregarded nationally and Germany holding the Council Presidency, a solid block of opposing countries isn't forming. We should and will raise some awareness by publishing blog posts about this situation in several languages. 


Digital Services Act Package


The three Legal Affairs committee reports we wrote about last month [5] have passed the plenary vote. This of course doesn’t change the fact that they continue to be non-binding. One thing that changed, though, is that an amendment by MEP Wölken (S&D DE) passed narrowly that foresees the phasing out of targeted advertising and the eventual introduction of a full ban on this practice. [6]  It was interesting to observe the reactions by ress publishers, who largely lobbied in favor of the reports which include stricter rules on gatekeeper platforms. They quickly changed track and started pushing back against stricter rules on advertising as part of the package. 

Meanwhile, France said it wants harmful content to be included, else, it plans to add obligations to its national law on separatism. Portugal, which will take over the Presidency of the Council in January, stated that a common set of requirements, including transparency, should apply to all platforms but also that specific rules should apply to the largest online players. The big tech lobby association EDiMA positioned itself on the question of the hotly debated “Good Samaritan” principle [7] by trying to give it its own spin. It says that platforms should not lose liability protections if they start to proactively remove illegal content of their users. 


Data Governance Act


On November 11 the European Commission is expected to present a Regulation on European data governance a.k.a. the Data Governance Act. There has been a public consultation, which we participated in. [8] >From what is being discussed around Brussels and online events, the Commission sees data as a key element to both Artificial Intelligence and industrial development. They want to make more public data re-usable, including personal data. They also want to encourage companies to share their date across sectors and to make it easier for individuals to make their personal data re-usable for the public good.  

As is the tradition with such files, there has been a leak to test the waters. [9] It shows that the Regulation will work along three vectors:

1.  Enhanced Use of Data Held by Public Sector Bodies: There are datasets that public bodies hold that cannot be opened up in the traditional way on the grounds of confidentiality and protection of personal information. Therefore public bodies are to establish secure environments where data can be re-used (e.g. mined) within the institution. Anonymised data could be provided if the re-use can’t happen within the public bodies infrastructure. In case the data can’t be anonymised and can’t be processed within the public body, there needs to be a  legal basis under the GDPR for its transmission outside of the public body. But such transmission is never to happen outside of the European Union. 

2. “Data Sharing Service Providers”: The Regulation will establish an authorisation regime for what are essentially data trustees. These can be intermediaries set up by multiple companies or individuals. They need to be separate from other operations, need to follow a strict set of rules, will act as clearinghouses for pooled data and will be prohibited from monetising data. 

3. ”Data Altruism”: The idea is to make more data available for the “public good”. Data subjects will be allowed to share their data, including personal data, to authorised organisations. The authorisation regime for entities seeking to collect data based on data altruism includes a list of requirements. The entity must be functionally separate from other operations. The permission by data subjects must be specific, explicit and legitimate and the data subject must have the tools to withdraw consent at any moment. Only non-profit organisations based in the EU will be covered. 


Commission adopts new Open Source Software Strategy 2020-2023


A Communication (not just a press release, so it is an official mandate) under the theme ‘’Think Open’’ commits the Commission to increase its use of open source not only in practical areas such as IT, but also in areas where it can be strategic. According to the document, "open  source  code  is  available  to  all,  which  helps  to create  interoperable,  non-discriminatory  and transparent procedures for access to data, AI and machine learning training methods and models." It comes with no binding targets, but it does set up an office with the mandate to popularise open source across Directorates and agencies. It is also a public document that, interestingly, makes the point that open source is good for European sovereignty.