Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The data importer should…notify the data exporter and the data subject if it receives a legally binding request by a public authority under the law of the country of destination for disclosure of personal data.”
– Draft Commission text on Standard Contractual Clauses.
Story of the week: This week, the European Commission has published its draft decision on standard contractual clauses (SCCs) for the transfer of personal data to third countries, after the Schrems II strike down earlier this year. The EDPB has also released its guidance for the transfer of EU personal data abroad.
Also this week: EU encryptions concerns, Copyright in Poland, Italy & the Czech Republic, Europe’s first 5G military test site, Digital Services Act and the short term rentals market, Vestager Vs Amazon, a new EU budget for tech, hate speech in Austria and Croatia, and lots more…
Digital Brief: Data transfers fit for Schrems?
The Commission’s new draft text for standard contractual clauses (SCCs) – agreements designed by the EU executive which safeguard EU data protection standards between two parties taking part in a transfer – have been ‘modernised’ to take into account the July decision of the European Court of Justice on EU data transfers outside of the bloc.
In addition to invalidating the EU-US data transfer accord, the Privacy Shield, the court said that SCCs were theoretically valid but the risks involved with transferring data to some foreign countries should be taken into account by national data protection authorities.
“Unless there is a valid Commission adequacy decision, those competent supervisory authorities are required to suspend or prohibit a transfer of personal data to a third country where they take the view, in the light of all the circumstances of that transfer, that the standard data protection clauses are not or cannot be complied with,” the court had said.
The complaint had originally been raised because of concerns related to US government access to EU data. Section 702 of the US Foreign Intelligence Surveillance Act (FISA) permits the National Security Agency to collect foreign intelligence belonging to non-Americans located outside the US and has long been of concern to privacy activists in Europe.
The draft text for modernised standard contractual clauses (SCCs) published by the Commission on Thursday, now includes provisions addressing the issue of government data access requests, stating that “the data importer agrees to promptly notify the data exporter and, where possible, the data subject” if it receives a legally binding request by a public authority for disclosure of personal data transferred.
However, if for whatever reason the data importer is prohibited from notifying the data exporter and/or the data subject, the data importer should “agree to use its best efforts to obtain a waiver of the prohibition,” the text states.
Elsewhere the new SCCs also adopt a modular concept approach, attempting to meet specific data transfer scenarios. These include Controller to controller transfers; Controller to processor transfers; Processor to processor transfers; and Processor to controller transfers.
Meanwhile, the EU’s umbrella data protection authority, the European Data Protection Board, has published recommendations on international data transfers.
As part of the guidance adopted by the EDPB earlier this week, a six-step approach has been recommended for data exporters in the EU. This includes (1) Mapping all international data transfers, (2) Verifying technical tools used for the transfers, (3) Assessing local laws that may infringe on the protection of the data being transferred, (4) Adopting supplementary measures necessary to bring the level of protection of the data transferred up to the EU standard of essential equivalence, (5) Taking formal procedural steps to legally implement the supplementary measures and (6) regularly re-evaluating the level of protection afforded to the data transferred to third countries.
“The EDPB hopes that these recommendations can help data exporters with identifying and implementing effective supplementary measures where they are needed. Our goal is to enable lawful transfers of personal data to third countries while guaranteeing that the data transferred is afforded a level of protection essentially equivalent to that guaranteed within the EEA,” EDPB Chair Andrea Jelinek said.
Helping people & businesses recover with technology
Google is committed to helping 10 million people and businesses find jobs, digitise and grow through easy to use products and training to support Europe during the pandemic.
Data Governance Act. The Commission had been due to present its Data Governance Act this Wednesday, but the unveiling has now been pushed back to next Wednesday. EURACTIV has already seen a draft copy of the text, and you can read all about it here.
Encryption concerns. EU member states want more competences to be able to probe messages with end-to-end encryption, according to a draft Council resolution that has been made available to EURACTIV Germany.
While this remains a political statement of intent, it is to be finally adopted in December. However, civil society organizations fear this could put a ‘nail in the coffin’ of end-to-end encryption, which was fought for in the “Crypto Wars” of the 1990s.
In response to the reports, the German Council presidency released a statement, saying the initiative aims to find solutions that represent “the least possible interference with encryption systems.”
European Parliament Vice-president, Czech MEP Marcel Kolaja (Pirates, Greens/EFA), slammed the draft resolution earlier this week. “For me, as someone who had been working in IT for two decades, it is obvious that we can’t break encryption and at the same time, stay secure,” said Kolaja. “Together with my Pirate colleagues, we will do everything we can to stop this,” he added. Kolaja also asked Czech Ambassador to the EU Edita Hrdá to reject the document at the next COREPER meeting, reports EURACTIV’s Aneta Zachová.
Google collaborates in the European cloud project. France’s cloud hosting provider OVHcloud has announced a new strategic partnership with Google Cloud. OVHcloud will establish a new hosted private cloud offering by using Google’s platform Anthos.
Polish Copyright Hearing. Earlier this week, the European Court of Justice held a hearing into Poland’s complaint about Article 17 of the EU’s copyright directive. Poland argues that the article’s filter requirement could lead to censorship. Should the court decide that Article 17 constitutes a general monitoring obligation in breach of the eCommerce Directive, they could decide to strike down those particular elements in the clause.
An initial opinion from a Court Advocate General is foreseen for 22 April 2021, just weeks before the Copyright Directive’s implementation deadline for EU member states.
EU police copyright operation in Italy. Over 5.550 computer servers, used to transmit and store television broadcasts, live sports games and films without paying the legitimate copyright holders, have been taken down in Italy, reports European Union Agency for Criminal Justice Cooperation. One person believed to be the leader of the criminal activities has been arrested by Italian authorities.
Czech question. After press publishers in the Czech republic had called for the mandatory collective management of rights granted under Article 15 of the copyright directive, the EU’s Internal Market Commissioner replied that publishers are not allowed to implement this type of mechanism.
Europe’s first 5G military test site. A 5G military test site has been opened by the Latvian National Armed Forces in collaboration with mobile network innovator LMT, marking the first such 5G military test site in Europe.
5G growth a priority, Dombrovskis says. Speaking earlier this week at the Third Baltic ecosystem forum 5G Techritory, Commission’s Executive Vice President Valdis Dombrovskis said that 5G rollouts in Europe would help to aid the bloc’s economic recovery from the coronavirus. “We have to make sure Europe has the broadest possible 5G coverage to support economic growth and public services,” Dombrovskis said.
UK’s National Security and Investment Bill. The UK government will soon present a bill aimed at blocking foreign takeovers of UK firms should there be a proven risk of a national security threat, reports the BBC. The bill could further curtail the presence of China’s Huawei in the UK’s telecommunications sector.
Orange Romania. Orange Romania has agreed on a deal to acquire a controlling stake in fixed operator Telekom Romania Communications (TKR).
Sweden Huawei latest. Swedish telecoms regulator PTS on Monday (9 November) halted 5G spectrum auctions after a court suspended parts of its decision that had excluded Chinese telecom equipment maker Huawei from 5G networks.
Digital Services Act
Dutch Deputy Prime Minister on AirBnB. As a means to tackle the negative side effects of the online short term rentals market, governments should be allowed better access to data from platforms such as Airbnb as part of the EU’s Digital Services Act, the Netherland’s Deputy Prime Minister Kajsa Ollongren has said.
European autonomy. Europe’s strategic autonomy and its ability to protect its citizens’ data privacy could depend on whether the Digital Services Act can keep up with China’s influence over the technologies that shape our daily lives, writes Nicolas Tenzer.
Focus on illegal content, says MEP. The EU should focus on regulating illegal content as part of its upcoming Digital Services Act, which aims to present an ambitious new regulatory framework for online services, but platforms should also be allowed to take ‘voluntary measures’ to remove harmful content, MEP Dita Charanzová says.
Vestager Vs Amazon. Amazon has violated EU antitrust rules in its use of non-public merchant data, cementing the platform’s dominance in the eCommerce market and marginalizing third-party sellers, the European Commission’s Vice President for Digital, Margrethe Vestager, has said.
“Our investigation shows that very granular, real-time business data relating to third-party sellers’ listings and transactions on the Amazon platform, systematically feed into the algorithm of Amazon’s retail business,” Vestager told reporters.
“It is based on these algorithms that Amazon decides what new products to launch, the price of each individual offer, the management of inventories, and the choice of the best supplier for a product.”
Dual-use goods agreement. Negotiators from the European Council and the Parliament have signed off on new export rules that restrict the sale of cyber-surveillance goods to worldwide regimes engaging in the repression of human rights.
However, the text of the regulation on so-called dual-use goods, brokered on Monday evening (9 November), leaves it up to member states to decide whether the new restrictions could include the export of products such as facial recognition technologies. Read more here.
European Union aid has been used to pay for surveillance equipment and training in countries with inadequate safeguards against excessive state snooping, rights groups said on Wednesday, calling for an end to the “unacceptable” practice.
Third-country surveillance. European Union aid has been used to pay for surveillance equipment and training in countries with inadequate safeguards against excessive state snooping, rights groups said on Wednesday, calling for an end to the “unacceptable” practice.
Reclaim your face. Civil society groups, led by Digital rights group EDRi, have launched a European-wide campaign calling for a ban on the use of facial recognition technologies. The “Reclaim Your Face” coalition calls on local and national authorities to reveal the risks and reject the use of biometric surveillance in public spaces.
Migrant AI. An array of AI-powered technologies are deployed against migrants at borders around the world, writes Mozilla Fellow Petra Molnar, in a new study. “AI technologies intended to ‘manage’ migration frequently make it more arbitrary, unjust, discriminatory, and invasive. People on the move — an already vulnerable group — are routinely having their rights violated by these technologies,” Molnar says.
MEPs and Council Presidency discuss European efforts. Earlier this week, Parliament’s special committee on Artificial Intelligence held a debate with the German Council Presidency based on the input from a study on Artificial Intelligence commissioned by the Bundestag. “A ’Made in Europe’ Artificial intelligence is our objective,” said Thomas Jarzombek, commissioner for digital industry and start-ups for the German Federal Ministry for Economic Affairs and Energy.
Anna Christmann from the Bundestag Study Commission on Artificial Intelligence added that Europe needs to “need to develop our own version of AI, because other regions of the world may not have the same values as we do.”
More money for research. Earlier this week, the German presidency of the Council today reached a political agreement with the European Parliament’s negotiators in talks aimed at securing the Parliament’s consent to the next multiannual financial framework, the EU’s long-term budget.
As part of the new package, a reinforced outlay has been set aside for some of the EU’s research programs.
“It was a very tough fight but at least, we can say that we managed to claw back €4bn for Horizon Europe which compensates to some extent, for the cuts pushed so hard by the EU Member States,” said Christian Ehler MEP, the EPP Group spokesman on the research program Horizon Europe.
“This EU money will invariably have an impact on our ability to address major challenges of our times – including climate change, pandemics, quantum technology, artificial intelligence, cultural and creative industries/ It will give a boost to Europe’s ability to innovate and to develop a more prosperous and sustainable economy,” Ehler added.
Meanwhile, those in the creative industries also praised the new agreement. Creative Europe – the only EU program dedicated to culture -would see its budget increased to €2.2bn, up from the current €1.46bn for the 2014-2020 outlay.
“This much-needed increase to the budgets of Creative Europe, InvestEU and Horizon Europe is very timely and underlines the importance of culture strategically,” Executive Chair of the Independent Music Companies Association (IMPALA), Helen Smith said.
The deal will now be submitted to member states for approval.
Google antitrust. A group of 165 companies and industry bodies have called on EU antitrust enforcers to take a tougher line against Google, saying the U.S. tech giant unfairly favours its own services on its web searches.
EDiMA rebranded. Brussels trade association EDiMA, which represents some of the world’s largest tech platforms, has relaunched under the name DOT Europe, representing the leading companies in Digital, Online, and Tech (DOT) in Europe. “The world of 2020 is very different to the world of 2000. The launch of DOT Europe shows the commitment of all 19 members to bringing forward real solutions to the challenges we face today, and to those of the next 20 years,” DOT Europe Director General Siada El Ramly said.
Austria hate speech ruling. Austria’s Supreme Court ruled earlier this week that online hate speech on Facebook about Green Party politician Eva Glawischnig must be removed globally. Read more on EURACTIV Germany.
Croatian parliament’s media committee calls for adoption of hate speech codes. The Croatian parliament’s committee on Information, Computerisation and Media called on providers of media services and electronic publications to adopt their hate speech codes. Only the far-right Homeland Movement opposed the proposition. Read more.
TERREG. This week’s (supposed final) trilogue on the EU’s regulation against online terrorist content was postponed, most likely until next Tuesday/Wednesday, two sources confirmed to EURACTIV.
Schmidt to become a Cypriot? Former Google CEO Eric Schmidt could soon become an EU citizen – he’s applied for Cypriot citizenship as part of the country’s ‘passport-for-sale’ program.
New ENISA supply chain report. Earlier this week, the European Union Agency for Cybersecurity (ENISA) released its Guidelines for Securing IoT – Secure Supply Chain for IoT report, covering the entire Internet of Things (IoT) supply chain – hardware, software and services. “Securing the supply chain of ICT products and services should be a prerequisite for their further adoption particularly for critical infrastructure and services,” ENISA Executive Director Juhan Lepassaar said.
NIS Directive. Parliament has published a briefing on the network and information security directive – remember the EC will present a review before the end of 2020. EURACTIV understands that the scope of operators of essential services is likely to be widened after the rapid uptake of digital tools during COVID.
Chinese and Russian intelligence among most active in Czech Republic. “Russia aims for the destabilisation and breakup of its enemies, whereas China aims to create a Sinocentric global community, where all the other nations approve the legitimacy of Chinese interests and respect,” the Czech Security Information Service said in its annual report. Read more.
Media / Disinformation
New German study. New research from the Global Disinformation Index (GDI) shows that half of German news sites present a ‘medium risk of disinforming their online readers.’ They lack key operational checks and balances and information, such as whether their newsroom operates independently from the site’s owners, the report states.
Pact for Skills. The European Commission has outlined a series of ambitious commitments to bolster the uptake of next-generation skills in Europe, in a bid to assist in wider EU goals of the continent’s digital and green transitions.
Vocational and Educational Training. This week, the European Commission is staging its Vocational Education and Training (VET) week as a means to foster the uptake of skills that can aid in the executive’s twin ambitions of the green and digital transition. EURACTIV caught up with the Commission’s Joao Santos to hear more.
Consumer scams. The European Commission last week urged online platforms to gird for a fresh wave of consumer scams linked to the resurgence of COVID-19 infections in Europe and said they need to work harder against the spread of disinformation related to the pandemic.
On my radar
On Wednesday 18 November, the Commission will unveil its Data Governance Act. EURACTIV has already seen a draft copy of the text, and you can read all about it here.
What else I’m reading this week: