We are all waiting for the Digital Services Act and the Digital Markets Act - this legislative term’s cornerstone digital dossiers expected to reshuffle the responsibilities of online platforms.
To pass the time, the Commission has published its proposal for a Data Governance Act - a regulation that wants to open up European data for business and research without relying on very large platforms collecting data.
Meanwhile, the Terrorist Content Regulation is seemingly stuck in trilogues.
This and previous reports on Meta-Wiki: https://meta.wikimedia.org/wiki/EU_policy/Monitor
======
Data Governance Act
======
After getting shaky knees and postoping its publication three times, the European Commision finally got around to share with the rest of the world a proposal for a Regulation on European data governance, a.k.a. the Data Governance Act. [1] No radical changes as compared to the leak we covered in last month’s monitoring report [2], but bear with us for a basic rundown.
---
The European Commission wants more European data (public, private and personal) to be shared for the purposes of innovation, research and business. It also wants to avoid a system where only a few large platforms control all the data. It thus wants to create mechanisms and tools to get there.
---
Public Sector Data: It creates a mechanism for re-using protected (e.g. because of privacy rules, statistical confidentiality or IP) public sector data. Public sector bodies are to establish secure environments where data can be mined within the institution. Anonymised data could be provided outside of the body if the re-use can’t happen within its infrastructure. In case the data can’t be anonymised and can’t be processed within the public body, there needs to be a legal basis under the GDPR for its transmission outside of the public body (i.e. getting explicit consent from all subjects). To help both private entities looking for data and public sector bodies who need to provide it, governments are to designate one or more competent bodies.
---
Commercial Data: The European Commission wants Member States to create a notification regime (de facto a public registry) for “data sharing providers”. Such organisations are meant to boost B2B data sharing by acting as neutral clearinghouses for the data several companies share. They must be an entity that has no other purpose and is either registered in the EU or has a legal representative in one of the Member States.
---
“Data Altruism Organisations”: The Commission wants to establish a possibility for organisations engaging in data altruism to register as ‘Data Altruism Organisation recognised in the EU’. As a real-life example you may imagine a project gathering activity tracker data to research COVID-19 syptoms. The label will come with rules and strings. Being a legal entity constituted to meet objectives of general interest and operating on a non-for-profit basis and independently from any for-profit entity. The Commission will create a “common European data altruism consent form” by which data subjects may share their personal data with such organisations for a general interest goal. Data Altruism Organisations will also have to be either established in the EU or have a legal representative within the Union.
---
Lastly, a formal expert group - the *European Data Innovation Board* - will be created which shall facilitate the emergence of best practices and advise the Commission on standardisation and guidelines.
---
While there has been no outright opposition to the proposal, some organisations defending privacy (AccessNow, noyb.eu) have raised concerns that parts of this proposed Regulation overlap with the GDPR and we will must be careful not to undermine its rules. The main point of debate remains about the fact that the Commission wants to enshrine that personal data can only be transferred out of the EU if adequate protection is guaranteed. This comes very close to GDPR language (think of the struck down EU-US agreements allowing data flows across the Atlantic). It is also an open question as to how much the European legislator can restrict data sharing without violating non-localisation principles written into trade agreements. [3]
---
Special mention: The European Commission want public sector bodies to not use the *sui generis database right*. The text reads: "The right of the maker of a database [...] shall not be exercised by public sector bodies in order to prevent the re-use of data or to restrict re-use beyond the limits set by this Regulation." To my knowledge this might become the first time a European legislator states that an existing IP protection should not be used.
======
Terrorist Content Regulation
======
The German Presidency of the EU is on the roll with TERREG aiming at closing this debate before the end of 2020. A general proposal [4] seems to suggest that DE adopted a strategy of pushing the envelope further to make EC proposals seem moderate in comparison. Notably, journalistic, artistic, and research content is exempted, but only if a government or a platform would recognise them as legitimate journalistic artistic or research purposes (!). There are so many problems with introducing such mechanisms, and we already have many examples on how "terrorist content" narrative harms initiatives such as condemnation of claims made by terrorists and leads to silencing journalists. We have it covered for you in this analysis[5]. Specific measures are designed in a way that will coerce platforms into using content filtering for terrorism, which is even more difficult to execute than for copyright due to context.
There is still time to talk to your government and your MEPs about this: ask them to push back and support the solutions that the European Parliament has proposed back in 2019 as they overwhelmingly supported the LIBE Report
======
Digital Services Act/Digital Markets Act
======
A huge dossier on rules and regulations covering online platforms that is expected to span everything from content moderation to competition rules. We have written about it in 10/10 monitoring reports this year. There is little new in the books. We are waiting, along with everyone else, for the Commission to publish its proposals on 9 December. In the meanwhile they have cranked up their security to avoid leaks. [6].
We promise to be back on 10 December with a DSA/DMA special edition and in the meantime we’ll spare you another round of “who said what”, as it is mostly clear where the various stakeholder groups stand.
======
Copyright Reform - Article 17 Hearing in CJEU
======
When the Copyright in the Digital Single market Directive was passed in Council, the Republic of Poland referred the case to the Court of Justice of the EU, claiming Article 17 and its de facto provision for “upload filters” violate EU law. A first hearing took place in Luxembourg and as these aren’t streamed publicly, we sent Communia’s Paul Keller to take notes: [7]
======
Guidelines for Civil Servants - Open Source in the Public Sector
======
After its “Think Open’’ communication whereby the Commission committed itself to increase its use of open source technology [8], there are now guidelines for civil servants, project managers, and IT officials looking to engage with open source in the public sector. [9] These might come in handy when we talk to public sector bodies about practicalities.
======
Austrian Hate Speech Law
======
A number of MEPs have asked the Commission to request Austria to postpone its draft hate speech law [10], because it could lead to more fragmentation in the single market. While there is nothing Brussels could do to force Vienna to delay its plans, we have raised similar concerns with the European Commision. It would be harmful to have different definitions of platforms and rules that apply to each of them depending on Member State. The so-called NetzDG wants to make platforms more responsible for and more proactive in fighting offenses such as hate speech, coercion or stalking on their services. [11]
======
French Terrorism Law
======
A French law that would ban sharing images or video of police officers “with the aim of harm” passed the lower chamber of the national parliament. Civil society organisations, including Amnesty International and Reporters Without Borders, criticised the law for being extremely vague on the definition’s side. On a very practical level the issue is that the person who initially needs to assess whether the content is with malicious intent and confiscate it is the police officer who is being filmed. [12]
======
END
======
[1] https://ec.europa.eu/digital-single-market/en/news/proposal-regulation-europ...
[2] https://lists.wikimedia.org/pipermail/publicpolicy/2020-October/002039.html
[3] https://datainnovation.org/2020/11/why-the-european-commission-should-revise...
[4]https://www.politico.eu/wp-content/uploads/2020/11/German-prez-TERREG.pdf
[5] https://medium.com/@wikimediapolicy/upside-down-should-all-content-be-deemed...
[6]https://twitter.com/LauKaya/status/1333326141025816576
[7] https://www.communia-association.org/2020/11/12/cjeu-hearing-polish-challeng...
[8] https://ec.europa.eu/info/news/european-commission-adopts-new-open-source-so...
[9] https://joinup.ec.europa.eu/collection/open-source-observatory-osor/guidelin...
[10]https://twitter.com/PiratKolaja/status/1329033494169870338
[11] https://edri.org/our-work/first-analysis-of-the-austrian-anti-hate-speech-la...
[12]http://www.assemblee-nationale.fr/dyn/15/dossiers/securite_globale1
publicpolicy@lists.wikimedia.org