Opinion piece by Nina Elzer, CENTR Policy Advisor - Get ready for additional legislation – there is confluence of intentions of both the European Commission and the Council (i.e. Member States), and trust me, lots of MEPs will be happy to chime in. The conclusions of the last Council meeting set the tone: “Industry has its own responsibility to help combat terrorism and crime online”.
The way forward is the secretive “EU Internet Forum”, which is supposed to develop into an “Industry Forum”. This means self-regulation unless or until self-regulation no longer works - i.e. no self-regulation. The “blueprint of success” is the Code of Conduct of mainly US-based IT companies, in which they self-commit to dealing with requests to remove or block terrorism or hate-speech related content more speedily and more effectively. Voluntary activities, such as upload filters, PhotoDNA or speech-detecting algorithms are no longer perceived as an industry effort to help, but part of policy-makers’ expectations towards IT companies. Only yesterday did the US tech giants team up in the “Global Internet Forum” to counter terrorism and to ward off additional requirements - if only for a while.
What you can expect
Germany showed the way forward and pressed ahead with its own piece of legislation that allows to install “state trojans” directly on users’ devices and enables law enforcement to intercept encrypted messages. You can be sure that Germany will also defend that position in the negotiations around the ePrivacy regulation - despite the rapporteur’s promotion of a “right to encrypt”. ENISA’s strong position in favour of encryption will be no more than a fig leaf until they crumble under pressure from Member States (or perhaps they already have). The Commission will extend the Code of Conduct to wider industry – those that refuse to sign it will be “named and shamed”. This is just the first step to revising the e-commerce directive and its liability safeguards – they will blame the need for doing so on you, the industry. Don’t even think that jurisdiction and your own legal system can save you from requests (to remove or block content or hand over data) coming from another Member State: in the Consumer Protection Cooperation regulation, cooperation among relevant authorities across borders is already strengthened to facilitate such requests, e.g. if it comes to online trade of allegedly illegal products or services that could harm consumers or the environment. What is more, the Commission has quite a clear mandate to work on legislation that allows for the collection of e-evidence across borders (and jurisdictions), i.e. allowing an authority (e.g. the police) from one Member State to demand data that is located or stored in another. Cooperation between law enforcement and providers might be voluntary for starters, but the option to make it mandatory can already be found in a Commission “non-paper”. If any of this does not bring the wished-for remedy, means to “directly access” data from a computer (i.e. data stored in the cloud) are also envisaged.
If this sounds gloomy, it's because it should. There has been a trend over the last months if not years to target industry with (threats of) legislation that would increase their responsibility and liability for what happens on their platforms or networks. Yet, while the previous Commission and European Parliament liked to think of themselves as the bastion of human rights and liberties, under this legislative term, the winds have changed. Terrorism, the increase of hate speech and fake news online (and no, these are not new phenomena), the rise of populism within the EU, and the enduring challenge to fight child sexual abuse and crime (online) and even a reinvigorated voice of the IP industry to fight copyright abuse and counterfeits have shifted the “balance” away from human rights to security. Yes, there can be both – human rights and security – but with the tides of time that balance shifts. In view of history, however, it would be a shame if the “security” argument is the one that prevails.
