Thanks a lot, Dimi, for this valuable brief on EU developments!
Od: Dimi Dimitrov <dimi(a)wikimedia.be>
Odesláno: středa 1. března 2023 12:41
Komu: publicpolicy(a)lists.wikimedia.org
Předmět: [Publicpolicy] EU Policy Monitoring Report - February 2023
Hello, everyone! Almost two weeks ago online platforms released their user numbers for the
EU, including the Wikimedia Foundation, an obligation under the DSA. Else, the Commission
is running a consultation on… well… de facto net neutrality. Meanwhile, the Parliament and
Council are starting to think hard about liability and security of software, including a
potential liability carve-out for free & open software.
=== Digital Services Act ===
The EU’s new content moderation rules have a number of special obligations - transparency,
annual risk assessment, mitigation plans, third-party audits - for so-called very large
online platforms (VLOP). A VLOP is any platform that averages more than 45 million monthly
active recipients within the EU. Platforms had until 17 February to declare their numbers.
Here is a list of declarations: [1]. So far, 18 self-declared very large online platforms
and search engines. Among them, Wikipedia is the only not-for-profit.
—
For the Wikimedia Foundation it was of utmost importance to produce reliable user numbers
without gathering additional data. Wikimedia records only the number of unique devices,
not actual users. The “EU DSA Userbase Statistics” [2] uses the unique devices data and a
conservative estimation taken from the Cisco Annual Internet Reports on how many devices
per person there are. It is important that there is at least one VLOP out there whose
operator is demonstrating how one can comply while protecting fundamental rights such as
privacy. So far, there is no indication that the European Commission intends to challenge
the Foundation’s methodology.
—
The European Commission will soon officially designate VLOPs, after which platforms will
have a further four months to start complying with the specific obligations, while all the
other obligations that aren’t specific to VLOPs will only apply from 17 February 2024.
One of the challenges will be to find a third-party auditing body that annually checks the
risk assessments and mitigation measures. It would be exciting to see not-for-profit or
community led initiatives here, instead of the The Big Four [3] professional services
firms dominating the field.
=== Cyber Resilience Act ===
The Cyber Resilience Act is a proposed regulation by the European Commission aiming to
introduce baseline cybersecurity requirements for digital products and services. It
includes such obligations as security tests and security updates for up to five years
after a product or even a piece of software. [4]
—
The European Commission is proposing a carve-out for free & open source software,
which we welcome. However, the carve-out is only in a recital (which is the “non-active”
part of a EU law), instead in a proper article. It also restricts the protection to
“software developed or supplied outside the course of a commercial activity”, which most
programmers and lawyers we spoke to believe is a very problematic wording. Many FOSS
software projects are usually developed and maintained by a mix of volunteers,
contractors, businesses or even incidental contributors participating in bug bounty hunts.
—
Wikimedia is working on addressing the above mentioned weaknesses and trying to coordinate
with organisations such a the Free Software Foundation Europe and Open Forum Europe on
this. Our current thinking and suggestions can be seen here: [5]
=== Net Neutrality ===
The European Commission, under the lead of Commissioner Breton, has launched an
“exploratory consultation” (i.e. not a regular consultation) on what they call “Fair
Share”. [6] It is essentially an idea by the French Commissioner to have network operators
charge data-heavy services, such as streaming platforms. The idea is, of course, not new
and has been heavily discussed in the past under the banner “net neutrality”.
—
While it seems the initiative won’t get the necessary traction to make it to an actual
legislative proposal, we intend to participate in the consutlation. Our thinking and
public positioning on the matter can be found in EN [7] and FR [8].
=== Data Act ===
The Data Act is a regulation proposal that aims to boost data sharing in-between
businesses and between businesses and governments. [9] It also wants to make it easier to
switch between cloud services. As such it touches upon a myriad of data sharing issues,
including the sui generis database right and data protection.
—
The Council [10] and the Parliament [11] have written and agreed on their negotiating
positions and are expected to start trilogues in the second half of March, when the
parliamentary position is adopted in plenary.
—
Both houses agree with the Commission to de facto abolish the sui generis database right
when it comes to machine-generated data. However, the European Parliament wording on
Article 35 has fewer conditionalities attached to it, which is why we will reach out to
negotiators to voice our preference for it.
—
Another part of the text we are working on, together with EDRi, is Chapter V. It gives
governments the right to request data from businesses in emergency situations. This is so
vaguely framed that it might not even survive a legal challenge. The European Parliament
added “no personal data” to the text, which is welcome, we continue to be worried about
the lack of purpose limitation.
=== EEN ===
A somewhat weird challenge to Wikipedia’s prominence on search engines and most
importantly Google Search came from a group called the European Encyclopedia Network. [12]
In a letter to Danish Commissioner Vestager [13] they claim that Wikimedia Enterprise is
proof that Google is unfairly upranking Wikipedia. A logic we can’t really follow.
—
Wikimedia Europe and Wikimedia Denmark have jointly written an open letter to Commissioner
Vestager [14] offering collaboration on making encyclopaedia content more accessible and
pointing out some criteria which we know influence search rankings. We have also written
to the EEN offering to work together, as we believe we have much in common.
===
[
1]https://docs.google.com/spreadsheets/d/1H89uABJZCg0BQlUdpDPE0XBpdtXWPGQbw…
[
2]https://foundation.wikimedia.org/wiki/Legal:EU_DSA_Userbase_Statistics
[
3]https://en.wikipedia.org/wiki/Big_Four_accounting_firms
[4]https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
[
5]https://docs.google.com/document/d/1GSO-WpA86vklStTIXpSJrqvppqQTyUfn90Q55…
[6]https://digital-strategy.ec.europa.eu/en/consultations/future-electronic-communications-sector-and-its-infrastructure
[7]https://wikimedia.brussels/net-neutrality-the-fair-share-debate/
[8]https://www.wikimedia.fr/neutralite-du-net-et-partage-equitable-des-couts-le-mouvement-wikimedia-se-positionne/
[
9]https://en.wikipedia.org/wiki/Data_Act_(European_Union)
[
10]https://drive.google.com/file/d/1AtjIhK3dVqqgMyuHEuA0IzCCYoqvicLF/view?u…
[
11]https://drive.google.com/file/d/1n4HyPr2epR_lOrPjJefU2JuLCF6Yys28/view
[12]https://encyclopedianetwork.eu/
[13]https://encyclopedianetwork.eu/sites/default/files/2023-02/Letter%20to%20the%20European%20Commission%201.02.2023.pdf
[14]https://wikimedia.brussels/wp-content/uploads/2023/02/Open-letter-from-Wikimedia-to-Vestager-Cabinet.pdf
Wikimedia Europe ivzw