On June 16th we joined civil society organizations like Privacy International, the European Digital Rights association EDRi and various others for a half-day civil society summit organized by the European Data Protection Supervisor (EDPS). On the agenda were a brief overview of the “Big Issues in Privacy and Data Protection in 2016” by Joe MCNamee of EDRi followed by three one-hour sessions on “Implementation of the GDPR, consistency, flexibility, guidelines” introduced by Anna Fielder (Privacy International); “Reform of e-Privacy Directive: What’s at stake?” introduced by Prof. Ian Brown (Oxford Internet Institute); and “Necessity and proportionality and data protection” introduced by Ralf Bendrath (German Working Group on Data Retention and Digitale Gesellschaft).
At the heart of current online consumer protection is the concept of informed consent where by the prospective consumer makes a conscious decision to sign up to a service with full knowledge and consent to the consequences of doing so. Even in the newly signed EU General Data Protection Regulation, which will go into effect in 2018, this will not fundamentally change. For anyone who has ever used a commercial internet service however, and this included policy makers, it is glaringly obvious that there is a fundamental flaw in this approach, namely the assumption that the consumer has a good understanding of the contract that is being entered into.
This week saw the publication of the report on ‘Online platforms and the Digital Single Market’ by the House of Lords EU Internal Market Sub-Committee. This reports presents the findings of the inquiry that was held from October 2015 till spring 2016, receiving 85 written responses and 20 oral evidence sessions. Included in the written responses were two from Horizon Digital Economy Research, one by Prof. Rodden and one by myself which we partially posted on this blog about in October 2015. The main driver for this inquiry was the publication in May 2015 by the European Commission (EC) of its ‘Digital Single Market Strategy for Europe’ (DSM), which drew attention to the growing role of online platforms as key players in social and economic interactions on the internet, and was followed on 24 September by the launch of an EC consultation ‘A fit for purpose regulatory environment for platforms and intermediaries’. For the purposes of both the EC consultation and the Lords’ inquiry online platforms were considered to ‘represent a broad category of digital businesses that provide a meeting place for two or more different groups of users over the Internet, examples of which include search engines, online marketplaces, the collaborative or sharing economy, and social networks’. What follows is an incomplete summary of the findings in the report, with a focus on the issues related to fundamental rights of platform users (e.g. privacy), the role of algorithms and user consent, which are most closely related to our work at CaSMa.
The European Commission Directorate General for Communications Networks, Content & Technology, a.k.a DG Connect recently launched a survey (deadline April 10th 2016) on the ‘future of the internet’ as part of its Net Futures agenda, which was established to “pioneer and coordinate research, innovation, and policy initiatives on what lies beyond the current internet architecture, software and services.” Below is a copy of my submission to the survey.
On 25th February 2016, the Digital4EU Stakeholder Forum, organized by the European Commission, took place in Brussels. This one day conference was centred on the progress made in creating a Digital Single Market in Europe. The agenda of the day started with a pre-conference breakfast session about the European Fund for Strategic Investment (EFSI)’s financing opportunities for digital projects, especially for extending the roll-out of Broadband internet connections in rural areas that have not yet achieved full internet penetration.
According to the General Data Protection Regulation (GDPR,) information society services that wish to process any personal information related to a child under the age of 16 years will require parental/guardian consent. The GDPR is the European Commission’s tool that will unify data protection in the EU and there are plans for it to be adopted in 2018. In the most recent GDPR draft released by the European Council, the age limit where parental consent is mandatory has raised from 13 to 16 years. The implications for children digital rights are not well understood and, at the moment, nobody knows if this regulation will protect children or by the contrary make them more vulnerable. Something certain is that, until now, minimal consultation to incorporate the children voice has taken place and consequently, children’s digital rights are not being treated with the respect or seriousness they deserve.
An interesting international unconference took place early last week in Madrid Hacking Big Data Brother: From Biometrics to Intra-action. Continue reading Hacking Data Big Brother
The EU regulatory framework for protection of personal data is undergoing major reform in order to tackle persisting differences between national data protection regimes across the EU. Additional objectives of the reform include strengthening data protection in line with its status as a fundamental right in the EU constitutional order, increasing public trust in online services, and minimising data controllers’ compliance burdens. As part of this reform the European Commission issued a proposal in 2012 for a General Data Protection Regulation (GDPR) which is to replace the current Data Protection Directive (Directive 95/46/EC).