*More steps toward a Cyberspace Sovereign Europe with European regulatory characteristics.
======================================================================
EDRi-gram
fortnightly newsletter about digital civil rights in Europe
EDRi-gram 15.17, 6 September 2017
Read online: https://edri.org/edri-gram/15-17/
=======================================================================
Contents1. Winter is here
2. Six states raise concerns about legality of Copyright Directive
3. Leaked document: EU Presidency calls for massive internet filtering
4. Denmark: Targeted ANPR data retention turned into mass surveillance
5. Controversial testing of facial recognition software in Germany
6. Netherlands: Sharing of travel data violated students' privacy
7. Private copy levy: Just pay up! Then we’ll see...
8. Recommended Action
9. Recommended Reading
10. Agenda
11. About=======================================================================
1. Winter is hereThis autumn announces itself much colder and threatening for our rights
and freedoms than we thought: The e-Privacy Regulation and copyright
reform are the two main pieces of EU legislation that will keep the
digital rights defenders of EDRi’s Brussels office busy. We will also
continue our work on implementation of the General Data Protection
Regulation (GDPR), the Audiovisual Media Services Directive (AVMSD),
encryption, cross-border access to electronic evidence, and intermediary
liability, among other dossiers.—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–e-Privacy
In January 2017, the European Commission published its proposal for an
e-Privacy Regulation (ePR), which will cover privacy and data protection
issues specific to electronic communications. Our longer position paper
and quick guide provide an introduction to the most important points of
the proposal. The next steps with this dossier will be the key votes in
the European Parliament (EP). Some Committees are scheduled to vote on
an Opinion in late September, and the lead Committee (Civil Liberties,
Justice and Home Affairs, LIBE) is likely to vote on its final Report in
October. The good news is that the LIBE draft Report already contains a
number of amendments to the original Commission text that are in line
with our suggestions. After the LIBE vote, the text is likely to go
through “trilogues”, which are informal negotiations between the Council
of the European Union, the European Parliament and the Commission. The
text will then be adopted in the Parliament’s Plenary session. This is
likely to happen at the earliest in spring 2018.Copyright reform
In September 2016, The European Commission published its proposal for a
new Copyright Directive that aims at modernising EU copyright rules. The
proposal poses a number of threats to our online freedoms, of which the
most distressing is the introduction of a “censorship machine”, which
would filter all uploads to the internet (Article 13 of the proposal) in
contradiction to at least four European court rulings and existing EU
secondary law. Another paragraph introduces the so-called “link tax”
(Article 11), which has already been an expensive failure in Germany and
Spain. In addition to our continuous efforts to convince the politicians
to abandon the most damaging points of the proposal, we are also meeting
and exchanging with activists around Europe to increase cooperation. Our
event, the “School of Rock(ing) Copyright” will take place in September
in Ljubljana, and in October in Budapest and in Lisbon.General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR), the main text of EU
legislation dealing with the protection of personal data, was finalised
in 2016. However, because of the numerous, unpredictable flexibilities
in the legislation, our work is not over yet. We are working together
with many EDRi members, the European Consumer Organisation (BEUC) and
academics, to promote the best possible implementation of the GDPR. We
will be working on a “compliance check list for users”, general research
about the effects of the Regulation, and technical tools to help
citizens to exercise their rights.E-evidence and cybercrime
The European Commission is preparing to present plans on dealing with
access to electronic evidence (“e-evidence”). In addition, an optional
protocol to the Cybercrime Convention (also known as “the Budapest
Convention”) is currently being prepared, to be finalised by the end of
2019. We will be following the process closely, and sending submissions
to the Council of Europe (CoE) to ensure that our rights and freedoms
are considered in the final protocol. The first meeting of the drafting
group will take place on 19-20 September 2017.Audiovisual Media Services Directive (AVMSD)
In May 2016, the European Commission proposed to reform the Audiovisual
Media Services Directive (AVMSD). The current AVMS Directive regulates
traditional TV broadcasters and on-demand services in the EU. The new
proposal broadens the scope of the Directive to cover the regulation of
video-sharing platforms and potentially even other social media
companies. Our main concern is the lack of clarity and safeguards for
respecting the rule of law and protecting fundamental rights. The
trilogue negotiations on the proposal have now started, following a vote
in favour by 17 (in the Committee that took the decision) of the 751
Members of the European Parliament (adopting the Parliament’s
negotiating position) and none of the EU Member States (adopting the
negotiating position of the Council of the European Union). A few
policy-makers will continue with the aim of reaching a political
agreement by the end of the year. EDRi will issue recommendations and
try to obtain improvements in the opaque process.In addition to the priorities listed above, we will also be working on
other topics, such as Notice and Action, digital trade, a Fundamental
Rights Review Project on surveillance instruments, and following
developments on net neutrality and whistleblowing protection.e-Privacy revision: Document pool
https://edri.org/eprivacy-directive-document-pool/Copyright reform: Document pool
https://edri.org/copyright-reform-document-pool/The School of Rock(ing) EU Copyright 2017
https://edri.org/sorc2017/Proceed with caution: Flexibilities in the General Data Protection
Regulation
https://edri.org/analysis-flexibilities-gdpr/Access to e-evidence: Inevitable sacrifice of our right to privacy?
https://edri.org/access-to-e-evidence-inevitable-sacrifice-of-our-right-to-privacy/Audiovisual Media Services Directive reform: Document pool
https://edri.org/avmsd-reform-document-pool/=======================================================================
2. Six states raise concerns about legality of Copyright DirectiveAccording to a new leak, a number of EU Member States share our serious
concerns about the proposal for mass surveillance and censorship of
uploads to the internet in Europe, included in the European Commission's
proposal for a new copyright Directive. Those Member States seem
unwilling to build a censorship machine forcing EU countries to adopt
Google’s current practices. They highlight that such practices should
not be implemented without making sure of the consequences for
fundamental rights and for the rule of law.The leaked document contains a list of questions posed to the internal
legal service of the Council of the EU, signed by six EU Member States:
Belgium, the Czech Republic, Finland, Hungary, Ireland and the
Netherlands. From the questions, it appears that those Member States
feel that the proposals for the upload filter are so grave that their
legality is in serious doubt. They have asked the Council legal service
to evaluate if the proposal is legal, in light of the proactive
monitoring of content being demanded. Following the rulings
(Scarlet/Sabam, Netlog/Sabam) of the Court of Justice of the European
Union (CJEU) that such proactive filtering are a disproportionate breach
of freedom of expression and information, freedom to conduct a business
and to the protection of personal data, the Member States want a neutral
evaluation.They also ask if these measures are “justified and proportionate”, in
order to verify if they would be in line with the Charter of Fundamental
Rights of the European Union. These Member States also ask if the fact
that one article of the proposed copyright Directive could fundamentally
change the scope of the liability principles for internet providers in
the e-commerce Directive. Those principles are crucial for freedom of
expression in Europe, because they prevent internet companies from being
excessively incentivised to restrict users’ communications.The six Member States also raised crucial questions about the argument
that searching for specific files (within all internet traffic) is a
“general” monitoring obligation (see Question 3). This doubt appears
very valid, bearing in mind that the e-Commerce Directive (recital 47)
explicitly states that exceptions to the prohibition of general
monitoring obligations would only be possible when searching for data in
“a specific case”. Are millions of searches “a specific case”?Finally, they also ask whether the wording “communication to the public”
is being mixed up with the expression “providing access” when, as these
Member States recall, “(t)he CJEU has never considered that is (sic) was
sufficient for a service to be 'providing access' in order to establish
that it is communicating to the public.”The Council legal service will have to analyse thoroughly these
questions before it can take a position on the subject, but right now it
seems they will only deliberate orally during the next working group on
11-12 September. It is clear that the European Commission should have,
but apparently did not, carry out a neutral assessment of these
questions before launching its proposal for the copyright Directive.
Therefore, it is welcome that the six EU Member States have invested
time and resources in diligently raising fundamental questions on
illegality, legal uncertainty and outright chaos that the upload filters
suggested in Article 13 of the proposed Directive would bring. It is
crucial to clarify what they would mean for human rights in the online
environment, for European innovation and for Europe’s credibility in
defending online freedoms in its foreign policy. The EU Presidency,
Members of the European Parliament (MEPs) supporting the censorship
machine, and some Member States (such as France, Spain, and Germany)
should take note of the serious questions posed to the Council and
re-think their positions on this debate.Leaked document: Questions from Member States to the Council legal
services on the Censorship Machine
http://statewatch.org/news/2017/sep/eu-copyright-ms-questions.htmEU countries question legality & attack on fundamental rights
http://copybuzz.com/analysis/eu-countries-question-legality-attack-fundamental-rights/No, you can’t enjoy the music you paid for, says EU Parliament Committee
(05.07.2017)
https://edri.org/no-you-cant-enjoy-the-music-you-paid-for-says-eu-parliament/Proposed Copyright Directive – Commissioner confirms it is illegal
(28.06.2017)
https://edri.org/proposed-copyright-directive-commissioner-confirms-it-is-illegal/EU Copyright Directive – privatised censorship and filtering of free
speech (10.11.2016)
https://edri.org/eu-copyright-directive-privatised-censorship-and-filtering-of-free-speech/Copyright reform: Document pool
https://edri.org/copyright-reform-document-pool/(Contribution by Diego Naranjo, EDRi)
=======================================================================
3. Leaked document: EU Presidency calls for massive internet filteringA Council of the European Union document leaked by Statewatch on 30
August reveals that during the summer months, that Estonia (current EU
Presidency) has been pushing the other Member States to strengthen
indiscriminate internet surveillance, and to follow in the footsteps of
China regarding online censorship. Standing firmly behind its belief
that filtering the uploads is the way to go, the Presidency has worked
hard in order to make the proposal for the new copyright Directive even
more harmful than the Commission’s original proposal, and pushing it
further into the realms of illegality.According to the leaked document, the text suggests two options for each
of the two most controversial proposals: the so-called “link tax” or
ancillary copyright and the upload filter. Regarding the upload filter,
the text offers two alternatives:- Option A maintains the Commission's original proposal of having in
place an upload filter which will be under the control of platforms and
other companies that are hosting online content. Although it removes
mentions to “content recognition technologies”, in reality, there is no
way to “prevent the availability” (another expression which remains in
the text) of certain content without scanning all the content first.- Option B is, at best, a more extreme version of Option A. In fact, it
seems so extreme that it almost makes the first option look like a
reasonable compromise. This may, of course, be the “diplomatic”
strategy. In this extreme option, the text attacks again the liability
regime of the e-commerce Directive – which, bizarrely, would not be
repealed, leaving us with two contradictory pieces of EU law but adds a
"clarification" of what constitutes a "communication to the public".
This clarification establishes that platforms (and its users) would be
liable for the copyright infringing content uploaded by its users.The proposals in this leak highlight a very dangerous roadmap for the EU
Member States, if they were to follow the Presidency’s lead. The
consequences of these flawed proposals can only be prevented if civil
society and EU citizens firmly raise their voices against having a
censorship machine in the EU. We will be turning on our call tool at
savethememe.net before each of the key votes in the European Parliament.
Make use of the tool, and call your representatives to stop the
#censorshipmachine!No, you can’t enjoy the music you paid for, says EU Parliament Committee
(05.07.2017)
https://edri.org/no-you-cant-enjoy-the-music-you-paid-for-says-eu-parliament/Proposed Copyright Directive – Commissioner confirms it is illegal
(28.06.2017)
https://edri.org/proposed-copyright-directive-commissioner-confirms-it-is-illegal/EU Copyright Directive – privatised censorship and filtering of free
speech (10.11.2016)
https://edri.org/eu-copyright-directive-privatised-censorship-and-filtering-of-free-speech/Copyright reform: Document pool
https://edri.org/copyright-reform-document-pool/(Contribution by Diego Naranjo, EDRi)
=======================================================================
4. Denmark: Targeted ANPR data retention turned into mass surveillanceSince mid 2016, Denmark has a nationwide automatic number plate
recognition (ANPR) system with stationary cameras at 24 locations and
mobile cameras mounted on 48 police cars. The ANPR system is currently
being integrated with POL-INTEL, the new Danish system for
intelligence-led policing (predictive policing), which is supplied by
Palantir Technologies. Expansion of the ANPR system with more cameras
can be expected in the coming years.Preparations for the ANPR system started in 2014. Besides the public
tender and subsequent deployment of the ANPR equipment, a legal
framework for using ANPR was also put in place. The Ministry of Justice
decided in 2015 that it was sufficient to lay down rules for processing
ANPR information in an administrative order. This meant that
surveillance with ANPR was introduced in Denmark without ever being
debated in the Parliament.—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–The legal framework for ANPR makes a distinction between hits and
no-hits when a number plate of a vehicle is scanned by the ANPR
equipment. Hits are number plates on the police hotlist – that is
vehicles which are wanted by the police for reasons ranging from unpaid
insurance, mandatory inspections skipped by the owner, vehicles reported
stolen, to suspected involvement in criminal activities. Vehicles
registered in the Schengen Information System (under Council Decision
2007/533/JHA) by other EU Member States for discreet checks (Article 36)
or sought for purposes of seizure (Article 38) can also be put on the
hotlist. No-hits are number plates with no match on the hotlist.The ANPR system is designed to serve a dual purpose. If a police car
with mobile ANPR equipment encounters a vehicle on the hotlist, the
police officers get a signal from the ANPR device, so that they can
decide whether to pursue the vehicle or not. This part of the ANPR
system is actively promoted by the Minister of Justice and the Danish
National Police as a huge help for police officers on the road. The
second purpose of the ANPR system, which is rarely mentioned in public
by the same authorities, is the passive retention of number plates
encountered by either mobile ANPR in police cars or the stationary ANPR
cameras. The location, timestamp, and a picture of the vehicle, which
may include the driver and passengers, is also stored in the central
ANPR database.Retention periods for ANPR hits range from three months to two years,
depending on the reason for being on the hotlist. If a vehicle is on the
hotlist because of unpaid insurance or skipped mandatory inspections,
the mobile ANPR equipment can be used to stop the vehicle and confiscate
the number plates. Retention of location information in cases like this
is neither necessary nor proportionate since any further processing of
the ANPR data will be totally unrelated to the reasons for putting the
vehicle on the hotlist.However, the main controversy has been around the retention of no-hits,
that is vehicles that are not even wanted for minor offences such as
driving without insurance. The original plan of the Danish National
Police was to retain all no-hits for 30 days and use this information
for backward-looking investigations, such as using data mining
(profiling) to determine persons of interest based on their proximity to
the time and place where a crime was committed. The Danish Data
Protection Agency (DPA) objected to the proposal to retain all ANPR
no-hits. In an Opinion of 17 March 2015, the DPA concluded that blanket
retention of all no-hits was not legal, and that retention of no-hits
could only be done under certain conditions, for example in connection
with targeted surveillance at the border.Due to the opinion of the Danish DPA, the ANPR administrative order of
December 2015 provides that no-hits can be retained for up to 30 days
only if the no-hit is registered in connection with a targeted police
operation, which must be limited in time and geographic area. These
conditions bear some resemblance to paragraph 59 of the judgment on the
Data Retention Directive (joined cases C-293/12 and C-594/12) by the
Court of Justice of the European Union (CJEU) in April 2014.
Accordingly, only targeted data retention, and not blanket data
retention, is allowed for the Danish ANPR system. Unfortunately, the
administrative order does not give any guidance as to how a limited time
period and a limited geographic area should be interpreted, except that
this will be specified in internal guidelines by the Danish National Police.During the summer 2017, it was revealed through freedom of information
(FOI) requests that most no-hits were actually retained in the ANPR
system. Specifically, the Danish National Police decided in November
2016 that all 24 locations with stationary ANPR cameras are part of
targeted police operations running until the end of 2017. This decision
paved the way for retaining all no-hits from the stationary ANPR cameras
for 30 days. No-hits from the mobile ANPR equipment are not covered by
this decision, and hence not necessarily retained on a general basis for
30 days, but the mobile cameras account for less than 10% of the scanned
number plates.The FOI request further revealed that 830 000 no-hits are retained every
day, and that the ratio between retained no-hits and hits is 90:1. The
Danish National Police has repeatedly denied FOI requests for documents
showing the location of the stationary ANPR cameras, but since the
cameras are very visible in the landscape, their location has been
mapped by activists. The unofficial map at the website www.anpg.dk shows
that roughly half of the ANPR cameras are placed at border crossings
(all intra-Schengen borders), whereas the other half covers major
traffic intersections. The map indicates a strategic positioning of the
stationary ANPR cameras in areas where lots of vehicles are encountered
every day.In essence, the ANPR system has become a tool for mass surveillance
since 99% of the retained number plates are not of any interest to the
police when the location of the vehicle is stored in the central
database. The justification for storing no-hits is subsequent processing
for unknown purposes and that the data may be useful for the police.
Moreover, the opinion of the Danish DPA, that no-hits can only be
processed in the ANPR system under certain conditions rather than
generally as the police wanted initially, and the targeted data
retention regime prescribed by the ANPR administrative order, have been
completely subverted by the decision of the Danish National Police to
include all stationary ANPR cameras all the time in “targeted” police
operations where no-hits can be retained for 30 days.After the story was reported in Danish news media, the police confirmed
that all no-hits from the stationary ANPR cameras are retained. In a
later interview with Dagbladet Information, the Danish National Police
called the criticism misguided. The retention of no-hits is
geographically limited to the locations where the police has decided to
put up stationary ANPR cameras. Even though there are cameras throughout
Denmark, as seen on the unofficial map, not every road in Denmark is
covered by ANPR, and in that sense, only a limited geographic area is
subject to surveillance. According to the police, the requirement of “a
limited time period” is satisfied by putting an end date on the targeted
police operation allowing no-hits to be retained. This end date can,
however, be extended with a later decision by the police.On 13 August 2017, EDRi member IT-Pol Denmark and Bitbureauet filed a
complaint with the Danish DPA about the retention practices for ANPR
no-hits. The complaint is currently being investigated by the DPA.EDRi: New legal framework for predictive policing in Denmark (22.02.2017)
https://edri.org/new-legal-framework-for-predictive-policing-in-denmark/EDRi: Denmark about to implement a nationwide ANPR system (02.07.2014)
https://edri.org/denmark-implement-nationwide-anpr-system/Unofficial map with the location of Danish ANPR cameras
https://anpg.dk/Danish car owners subject to extensive surveillance even though they are
not suspected of anything, Dagbladet Information (only in Danish,
25.07.2017)
https://www.information.dk/indland/2017/07/danskere-bil-udsat-omfattende-overvaagning-politiet-mistaenktComplaint to the Danish Data Protection Agency about retention practices
for ANPR no-hits (only in Danish, 13.08.2017)
https://itpol.dk/sites/itpol.dk/files/anpg-klage.pdf(Contribution by Jesper Lund, EDRi member IT-Pol, Denmark)
=======================================================================
5. Controversial testing of facial recognition software in GermanyAt the end of August 2017, German police has been testing a facial
recognition software at Südkreuz train station in Berlin. The system was
tested on 300 volunteers. The goal was to evaluate the accuracy of the
software in recognising and distinguishing them from the crowd – a
feature that the police hopes to ultimately use to track and arrest
crime and terrorism suspects.—————————————————————–
Support our work - make a recurrent donation!
https://edri.org/supporters/
—————————————————————–However, this testing has been subject to criticism regarding its
parameters and its efficiency in the fight against terrorism. The
experiment raises two concerns: the terms of the experiment and the
relevance of such a measure against terrorism.In the aftermaths of recent terrorist attacks, mass surveillance
measures have been increasingly introduced in Europe, as a means to
“fight against terrorism”. These measures might give citizens the
impression that the government is taking action, but there is no
evidence that they are efficient towards this goal.By using facial recognition software, Thomas de Mazière, the German
Minister of the Interior, aims at strengthening the public’s sense of
security and help the fight against terrorism. He considers that it does
not undermine civil liberties, but lawyers and civil society
organisations disagree, first and foremost on the terms of the
experiment. The facial recognition software was tested on volunteers,
who carried around bluetooth sensors transmitting information about
their location. German EDRi member Digitalcourage reported that these
sensors provide information that is not useful for the results of the
experiment and that it was not communicated to the volunteers.
Furthermore, Digitalcourage affirms that this data is easily accessible
by anyone.Beyond the technical issues and the lack of consent, it has been
denounced by lawyers as unconstitutional and uncalled for, because it
costs more in terms of civil rights than it can bring to the fight
against terrorism. The usefulness of mass surveillance in improving
security is questionable, to say the least. The fact that those involved
in recent terrorist attacks were known by the intelligence services and
had previously been under surveillance did not stop the attacks. It
would require immense resources to constantly follow all potential
suspects. It is difficult to see how introducing tools such as facial
recognition in public places to widen the scope of surveillance, and
thus increasing the amount of data to be processed by law enforcement,
could help preventing future terrorist attacks.Facial recognition at the Südkreuz station: Federal police did not
inform correctly – We request the end of the experiment
https://digitalcourage.de/blog/2017/gesichtsscan-beendenBerlin starts controversial test of facial recognition cameras at train
station (02.08.2017)
https://www.thelocal.de/20170802/berlin-launches-controversial-test-of-facial-recognition-cameras-at-train-stationGerman police test facial recognition cameras at Berlin station (01.08.2017)
https://www.reuters.com/article/us-germany-security/german-police-test-facial-recognition-cameras-at-berlin-station-idUSKBN1AH4VROpinion: Facial recognition tech makes suspects of us all (31.08.2017)
http://gearsofbiz.com/opinion-facial-recognition-tech-makes-suspects-of-us-all/37827Germany's facial recognition pilot program divides public (24.08.2017)
http://www.dw.com/en/germanys-facial-recognition-pilot-program-divides-public/a-40228816Facial recognition software to catch terrorists being tested at Berlin
station (02.08.2017)
http://www.telegraph.co.uk/news/2017/08/02/facial-recognition-software-catch-terrorists-tested-berlin-station/Facial recognition cameras at Berlin station are tricking volunteers,
activists claim (23.08.2017)
https://www.thelocal.de/20170823/berlins-facial-recognition-cameras-criticized-for-collecting-more-data-than-necessary(Contribution by Anne-Morgane Devriendt, EDRi intern)
=======================================================================
6. Netherlands: Sharing of travel data violated students' privacyIt was all over the news on 22 August 2017: Translink, the company
responsible for the Dutch public transport card “OV-chipkaart” had been
passing student travel data to the Education Executive Agency
responsible for student finance in the Netherlands (DUO). DUO uses this
data to figure out whether students who claim to live on their own – and
therefore receive a supplementary grant – actually still live with their
parents. A court ruled that this was violating students' privacy. The
same day, Dutch EDRi member Bits of Freedom called upon students to
issue a right of access request to DUO and Translink. The students were
encouraged to ask the following questions:
- Which data does DUO have on me and if I didn’t supply this data
myself, how did DUO obtain it?- Which data does Translink have on me and with whom has this data been
shared?Where and when we travel, whom we call, what we buy: sometimes it seems
records are kept of every single thing we do. We are becoming more and
more transparent and easier to influence for companies and governments.
Based on the data that is gathered about us, conclusions are drawn with
tangible, sometimes far-reaching consequences. Therefore it is important
that we gain insight into who knows what about us. And of course, what
is being done with that information.—————————————————————–
Support our work with a one-off-donation!
https://edri.org/donate/
—————————————————————–Imagine: you live in a dorm room when one of your parents becomes
seriously ill. You are at your parents' home for weeks or even months on
end. You don't actually live there, but you do sleep over. Is it really
possible for a DUO employee to make that distinction based on your
public transport data? We don't think so. You can interpret data in
multiple ways and often it does not tell the whole story. Conclusions
that someone else reaches by looking at your data are not always
correct. But still, you are the one who has to deal with the consequences.It is indeed important that fraud is addressed. However, it is also
important that the tools used to do so are proportionate to the offence.
In this case, the Dutch court ruled that DUO cannot request this kind of
privacy-sensitive information just like that. And even Translink really
does know better: in its terms and conditions, Translink states that it
will only hand over data as part of a criminal investigation and
therefore only to the police and judiciary. By deviating from its own
commitment, the company undermines trust in its service.The Dutch constitution states that everyone is entitled to respect of
their personal environment. The Dutch Data Protection Act (Wbp) is the
most important law regarding the collection and sharing of personal
data. This law also gives citizens the right to gain insight into their
own data and the right to correct it. By executing these rights, you can
verify whether the processing of your personal data is correct,
complete, relevant and lawful. Bits of Freedom's Privacy Review Machine
can help you with this.DUO and the OV-chipkaart: Ask for clarification about your data! (only
in Dutch, 22.08.2017)
https://www.bof.nl/2017/08/22/duo-en-de-ov-chipkaart-vraag-om-opheldering-over-jouw-gegevens/Privacy Review Machine (only in Dutch)
https://pim.bof.nl/(Contribution by Evelyn Austin, EDRi member Bits of Freedom, the
Netherlands; Translation: Philip Westbroek)=======================================================================
7. Private copy levy: Just pay up! Then we’ll see...European businesses and associations are still in reality forced to pay
“compensation” to copyright collecting societies for private copies,
despite repeated rulings of the Court of Justice of the European Union
(CJEU) exempting them from having to do so.—————————————————————–
Support our work with a one-off-donation!
https://edri.org/donate/
—————————————————————–European Digital Rights (EDRi) recently received an invoice from our
office supplies company for the purchase of an external hard drive,
which included a near-7% private copy levy of the total amount. The
private copy levy is the surcharge on the price of media capable of
making copies. It is supposed to compensate the alleged harm done to
rightsholders by legal private copying by private end-users of those
devices. The device we purchased will not be used to make copies of
copyrighted content.Article 5 of the 2001 Copyright Directive states that fair compensation
for private copies applies to a natural person for its private,
non-commercial use. This has led the 28 EU Member States to take hugely
varied approaches to implementing this provision, undermining the single
market. Furthermore, the system can be absurdly expensive to implement –
Digital Europe calculates that the establishment and implementation of
the Dutch system cost 50 million euro, in order to collect 40 million euro.The 2011 and 2015 CJEU rulings in Padawan v SGAE and Copydan
Båndkopi/Nokia Danmark cases clarified explicitly that the Private copy
levy do not apply:
- To media sold to legal entities.
- For purposes other than private copying.
Again in 2016, the CJEU repeated that private copying exception is
intended solely for individuals, and that legal entities are excluded.So… How come that EDRi, a legal entity and the final user of the
product, should still pay the private copy levy?It was probably obvious to the retailer who sells office equipment,
furniture and supplies to professionals, that EDRi is not a private
person who is required to pay the private copy levy. But never mind, as
they were preemptively charged the fee by their the wholesaler, and
their wholesaler was charged by the manufacturer or importer, they
passed on the hot potato to the end users.Rather contradictorily, this blindness of applying the private copy levy
to entities without any consideration as to know whether these entities
are liable for it, has been made possible by the above mentioned Copydan
Båndkopi/Nokia Danmark ruling. Its paragraph 53 still allows Member
States to impose the levy when it is difficult to identify whether the
final user is a private or a legal person, provided that the levy be
passed on in the transaction chain to the final user and that undue,
established payers can be easily reimbursed – if they just ask for it.The situation is absurd: EDRi has an obligation to pay the levy that it
should not pay in the first place, then ask Auvibel, the company
collecting the private copy levy in Belgium, for reimbursement in order
to ensure its right not to pay the levy. Even if the name “Auvibel” and
an amount corresponding to the levy appears on the invoice, it is likely
that numerous professionals do not even notice they pay private copy
levies that they should not be paying, and consequently do not ask for a
refund. In 2016, Auvibel invoiced 23 million euro for private copy
levies. From that amount, it is not known to the public how much is
collected from non-private users or for non-private use, nor the amount
reimbursed to those categories. Similarly, many organisations will not
want to invest administrative resources in reclaiming a few euro every
time they buy a hard disk, printer, DVD drive, USB key, etc.Europe-wide, this extremely expensive bureaucracy generated 580 million
euro for private copy levies in 2015, according to official figures.
However, there is no estimate of the proportion of illegitimate,
automatic, collection of private copy levies from professional end-users.Maybe we should bounce this back by invoicing Auvibel, in addition to
the private copy levy reimbursement, for the harm caused by a
time-and-money wasting, inappropriate, legally dubious, private copy
levy collection for professional use of computer equipment. Or maybe the
Belgian government could charge a levy to Auvibel, to recoup the
unjustified revenue and spend the money on social projects.(Contribution by Julien Bencze, EDRi)
=======================================================================
8. Recommended ActionSupport our work!
We need your support to defend your rights and freedoms!
https://edri.org/donate/=======================================================================
9. Recommended ReadingThe Guide to International Law and Surveillance (25.08.2017)
https://privacyinternational.org/node/1509Market Forces: the development of the EU security-industrial complex
(31.08.2017)
http://statewatch.org/marketforces/Crypto for kids
https://sustrik.github.io/crypto-for-kids/On internet privacy, be very afraid (24.08.2017)
https://news.harvard.edu/gazette/story/2017/08/when-it-comes-to-internet-privacy-be-very-afraid-analyst-suggests/=======================================================================
10. Agenda22.09.2017, Ljubljana, Slovenia
School of Rock(ing) Copyright – Ljubljana
https://edri.org/sorc2017/28.09.2017, Warsaw, Poland
CopyCamp 2017 – The Internet of Copyrighted Things
https://copycamp.pl/en/29.09.2017, Brussels, Belgium
EU Hackathon 2017 #OnOurWatchEU
http://europarl.me/node/3906.10.2017, Brussels, Belgium
Freedom not Fear 2017
https://www.freedomnotfear.org/06.10.2017, Budapest, Hungary
School of Rock(ing) Copyright – Budapest
https://edri.org/sorc2017/13.10.2017, Brussels, Belgium
Big Brother Awards Belgium 2017
https://bigbrotherawards.be/en/20.10.2017, Jena, Germany
TRUST – Think Realistic when Using Sophisticated Technologies – 33rd
FIfF annual conference
http://2017.fiffkon.de/20.10.2017, Lisbon, Portugal
School of Rock(ing) Copyright – Lisbon
https://edri.org/sorc2017/11.12.2017, Amsterdam. the Netherlands
Dutch Big Brother Awards 2017
https://www.bof.nl/dossiers/big-brother-awards/27.12.2017, Leipzig, Germany
Chaos Communication Congress (34C3)
https://www.ccc.de/en/updates/2017/34C3-in-leipzig============================================================
12. AboutEDRi-gram is a fortnightly newsletter about digital civil rights by
European Digital Rights (EDRi), an association of civil and human rights
organisations from across Europe. EDRi takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-gram.All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/Newsletter editor: Heini Jarvinen - edrigram@edri.org
Information about EDRi and its members: http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
https://edri.org/donate/- EDRi-gram subscription information
subscribe by e-mail
To: edri-news-request@mailman.edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request@mailman.edri.org
Subject: unsubscribe- Newsletter archive
Back issues are available at:
http://www.edri.org/newsletters/- Help
Please ask edrigram@edri.org if you have any problems with subscribing
or unsubscribing.
