Speaker 0
0:10 – 0:13
Welcome to Tech Talk. Bye. CT.
Speaker 1
0:13 – 0:14
Tea.
Speaker 2
0:16 – 1:06
Welcome to CDT's tech talk where we dish on tech and Internet policy while also explaining what these policies mean to our daily lives. I'm Brian Wasilowski and it's time to talk tech. In our last episode, we previewed the year ahead in tech and Internet policy with a focus on The US. And in this episode, it's all about Europe. Many of the same issues are being debated on both sides of the Atlantic, but the policy approaches, courses of action, and public pressures are very different. CDT, of course, has a wonderful team in Brussels that is actively engaging on the full range of policy debates, including copyright privacy, free expression, and much more. Jens Henrik Yepsen and Laura Blanco from that team in Brussels are our guests this week. Welcome, Jens and Laura.
Speaker 1
1:09 – 1:09
Thank you, Brian.
Speaker 2
1:10 – 1:26
Hi, Brian. Hello. They're on the phone, so apologies to our listeners. They're gonna do the best to deal with with me on this one. So let me just kick it off in a broad way. You know, what are the biggest challenges, of 2018? What are gonna be the biggest debates happening, in Europe?
Speaker 1
1:28 – 3:07
Yeah. Thanks, Brian. So we begin with data protection and privacy, which is, of course, one of CDT's core areas of focus. And in Europe, 2018 is gonna be a busy year on this front. So first of all, in May, the new European Data Protection Law comes into force. It's called the General Data Protection Regulation or GDPR. It's going to replace existing rules dating from 1995. And so while it obtains and updates those rules, it also imposes new and stringent obligations on companies that collect and store and share personal data. And it gives new rights to people whose data is processed. And also it's important to note that the GDPR will apply to any processing of data of people residing in the EU. Also if that processing is done by companies that do not have a presence in the EU such as an app developer for example. Another important change is enforcement. The new regulation gives European regulators powers to fine companies at a scale that we have not seen so far. So today European data protection authorities can impose administrative fines in the range of a few €100,000 but with GDPR penalties for companies in breach can go as high as 4% of global turnover for the graviest type of infringements.
Speaker 2
3:07 – 3:09
Wow, that's a big jump.
Speaker 1
3:11 – 4:08
It is, it is. And so right now both companies and regulators are working overtime to get ready for the new rules. It's very important for companies to be able to demonstrate and document that they are putting in place all of the safeguards and and processes and structures to be able to cope with the new rules. And of course the regulators are creating a new Data Protection Board, which will be set up to ensure that the rules are applied in a consistent way across the EU. That should be of interest to companies who, if the system works, will be able to rely on a consistent line of application, which has not necessarily been the case so far. Okay.
Speaker 2
4:09 – 4:10
And what else is going on?
Speaker 1
4:12 – 6:32
So further on privacy and data protection, there's a new law on its way in addition to the GDPR. So right now legislators in the EU are working on a piece of legislation which will complement and particularize the GDPR in the field of electronic communications. It's going to succeed existing e communications, including what's known as OTT services, over the top services, so Skype and WhatsApp and other Internet based messaging and communication services, The existing rules only cover traditional telecom services. And so the commission published a draft in last year around this time. Parliament has amended it and finished its work in October 2017 and now member states are working on a common position. So this work will take good deal of the year. And CDT participates in these discussions. We would like the outcome to be as effective as possible in terms of protecting communications confidentiality. We're pushing for rules, affirmative rules that allow recognize the right of providers and users to apply encryption to their communications for example. We're also working on finding good rules on controlling the kinds of tracking practices in for example the ad tech industry to the there's there's these rules have potential to address that situation in conjunction with the GDPR.
Speaker 2
6:33 – 6:33
Okay.
Speaker 1
6:34 – 6:41
Yes. So I wanted to talk now about law enforcement and encryption. Oh. This will be brief.
Speaker 2
6:42 – 6:45
It's your show, Yance. You can be as as not brief as you want.
Speaker 1
6:47 – 7:55
Right. Okay. So further further in the area of data protection, there is a lot of work going on in the law enforcement context. So in the EU, security and law enforcement are big political priorities. And EU leaders are taking many initiatives to beef up law enforcement cooperation among member states. And in the tech policy space, two initiatives are particularly important. One is access to electronic evidence by law enforcement authorities. The European Commission is going to publish draft legislation that will enable law enforcement agencies from one EU member states to request data from communications and cloud providers in other EU member states and even probably from providers that are not based in Europe at all but whose services are used by Europeans. So the argument here is that traditional MLAD systems are too slow and inefficient for investigations to be effective.
Speaker 2
7:56 – 8:02
I mean MLADS being those treaties between countries that kind of govern the request. Yes.
Speaker 1
8:03 – 9:13
This is exactly right, Brian. And in fact, some of the issues in play play here are the same as in the Microsoft Ireland case that is before The U. S. Supreme Court right now and where CDT filed an amicus brief recently. So we'll be pushing for a strong privacy and procedural safeguards and court oversight and we want to make sure that there are no conflicts of law with either The U. S. Or other jurisdictions. And then I'll just finish with encryption. This is an ongoing debate. There is a lot of pressure from the law enforcement community and from some member state governments for legislation that would enable them to access encrypted communications and data. So we push back on this together with other groups and with the tech companies. And so far, the commission has concluded that it will not move towards backdoors or key escrow or general weakening of security.
Speaker 2
9:13 – 9:15
That's a good development. That's very good.
Speaker 1
9:16 – 9:52
It is indeed. It is indeed. And there is good recognition that a high level of security is essential for the digital economy and society and for commerce and communications and so on. But at the same time law enforcement are going to strengthen their capabilities in terms of accessing devices and data that are encrypted. So there is going to be an ongoing discussion about So there is going to be an ongoing discussion about, law enforcement hacking or government hacking and the rules that should govern those practices.
Speaker 2
9:53 – 9:57
Great. So now to Laura. Sorry, I was premature in that. There you go.
Speaker 0
9:58 – 11:42
There you go. Yes. So, another of the biggest tech policy debates in Europe is in the field of online content moderation. Politicians are particularly concerned about terrorist content, hate speech, copyright infringement, and most recently, of course, the whole issue of fake news. This is obviously not only a debate that is taking place in Europe, but it's barely the start of the year. And here, we are seeing new initiatives. For example, there are plans in France to legislate to combat fake news. And more generally, there is the ongoing pressure from European legislators for Internet platforms to be more proactive in monitoring, filtering and legislators are even suggesting time frames of one hundred and twenty minutes. Of course, this is impossible to assess in this unrealistic timeframe what content is legal and what is illegal. But more importantly, this push for companies to act as de facto sensors of online expression are a cause of great concern for us due to the potential implications on free speech. Just an example, the commission's voluntary code of conduct on hate speech incentivizes companies to take down more and more content regardless of whether it is illegal. So, generally, we find this very dangerous approach.
Speaker 2
11:42 – 12:08
Yeah. No. It sounds dangerous. So let's let's go a little bit deeper on that too. I mean, you mentioned this a bit with, like, fake news. But, certainly, you know, here in The US and, obviously, in The EU as well, you know, tech companies, you know, kind of the the darlings of the past have been receiving a little bit of, or a lot more negative coverage. Do you think it's gonna continue in 2018? And do you think there's gonna be more policies like some of the ones that you just mentioned coming out because of that?
Speaker 0
12:11 – 14:46
Yes. I think it's safe to say this trend of putting online platforms in the spotlight will definitely continue this year. And, while there are real concerns about content online and on the use of social media, society at large. But in Europe, the issues that some initiatives have unintended consequences for free expression and access to information. The most obvious example at the moment being the German social media law also known as the NetStitchi. This law entered into fourth in October and is being implemented by platforms as of January. Just for background information, the SDG applies to social media companies and other providers with over 2,000,000 registered users in Germany that host third party content. And it basically threatens them with fines of up to €50,000,000 if they fail to remove what is known as obviously illegal speech within twenty four hours of it being reported. Now, this is clearly creating a lot of pressure on these platforms to censor speech. And to be on the safe side, these companies are likely to take down content that is perhaps offensive, but not necessarily illegal. In fact, there have already been examples at the beginning of the year of satirical content being taken down from social media platforms. And then another example of this type of legislation is the draft directive on copyright in the digital single market DSM. This piece of legislation, if it would enter into force, would oblige Internet intermediaries that host third party content to use filtering technologies to monitor and prevent the upload of content that may infringe copyright. So overall the commission really wants to target through their legislation the largest content sharing platform such as YouTube. But an unintended consequence would be that it would affect just about all types of platforms, including SMEs.
Speaker 2
14:46 – 14:58
Wow. So I mean, in your hat as an advocate, what would you tell politicians they should actually be doing here as opposed to these these kind of troubling approaches that we're seeing?
Speaker 0
15:00 – 17:11
Well, for example, talking, about the filtering technology and the automated content analysis tool, There seems to be a lack of understanding at technical level on what this type of technology can or cannot do. Policymakers here seem to consider it as a silver bullet to remove undesirable content. But our as our colleagues concluded last year in the paper mixed messages, this type of technology has many limitations. So companies can be for one can be more transparent about how their platforms handle content challenges and be open about the limitations of the technical tools that exist. We think that this would help policymakers understand that there's no one size fits all solution. And in this respect, we're quite hopeful in the whole fake news debate here in Europe because the commission recently set up an expert group and is requesting input from stakeholders across the board in a public consultation before deciding on any potential policy action. So we definitely encourage this type of multi stakeholder discussion. And then maybe finally, a more comprehensive policy solution could be for the EU to produce guidance on notice and action under its existing e commerce directive. This would maintain the principle of limited liability for intermediaries in that directive, while making clear what actions the intermediaries should take and the transparency and appeal processes they should have in place. Actually several leading members of the European Parliament have recently they suggested this way forward as an approach that would deal effectively with online content problems, but in a way that respects the fundamental right to free speech and the rule of law. So we are, of course, following the same line in that sense.
Speaker 2
17:11 – 17:42
And those would be some some ideas from our side. Well, I hope they're listening to you then. Those are great ideas. And that paper that you just referenced, mixed messages, that looks into automated content moderation is available at cdt.0rg if people wanna check it out. How about I go back to Jens for this last question here? Jens, you know, in addition to all of you and Laura have already talked about, what are some of the the emerging or new issues that we might expect to pop this year that might not be on anyone's radar just yet?
Speaker 1
17:44 – 19:59
Well, the debate around artificial intelligence, machine learning and automation, robotics, etcetera, That debate is really picking up this year. So politicians and officials are asking questions about the impact of these technological developments on people and on society in different ways. So the commission is working on a sort of an overarching communication sometime in the 2018 to kind of frame its overall thinking on the subject. There are many different policy questions to be looked at including how do you make sure that Europe keeps up with other regions on developing these technologies such as China and The U. S. Of course? How do you make sure that Europeans have the right skills to deploy the technologies and use them? And how do we manage the various changes in the labor market that can be expected? Further, the commission is looking into questions about liability for various types of autonomous systems. One example is self driving cars. Another is the liability and responsibilities associated with the Internet of Things, smart questions are not necessarily clearly thought out at the moment. So the commission is looking at the regulatory framework to see whether any sort of legislative change is necessary. This is actually something that our colleague, Benjamin Dean, has been looking at in a recent paper that or in a Forthcoming paper. Exactly.
Speaker 2
20:00 – 21:19
Yeah. No. It'll be a great paper, and that might be out as early as next week. Knowing these are tough, tough questions. Well, Jens and Laura, thank you so much for joining Tech Talk. Obviously, you have a very, very busy year ahead. Keep up with the work, and it's always great to have such great colleagues on the other side of the Atlantic and we'll see you. I'm gonna do a shameless plug here. We'll see you in person in March for our wonderful annual event tech prom. So people interested in coming to CDTs grand fundraising dinner. Another thing to do, you can meet Jens and Laura in person there. If that's not a draw, I don't know what is. Thank you for joining Jens and Laura. Thank you. Looking forward. That's it for this episode of Tech Talk. Clearly, the CDTEU team is busy. And if you wanna keep up, follow them on Twitter at CDTEU. And if you wanna be on their e newsletter list, email Laura. She's at Laura@CDT.org. And I'll sneak in one more shameless plug for CDT's annual dinner, Tech Prom. It's March 29 here in Washington, DC. DC. It's an event you do not wanna miss if you love tech and tech policy. Visit cdt.org for more information about tickets and sponsorship opportunities. I'm Brian Wasilowski. Thanks so much for listening.