Also Brexit is well… Brexit. The Developers Alliance Sept-October 2019 European Policy Recap.
The Delayed Birthing Of A New European Commission
The EU Approves US-EU Privacy Shield
The German Approach on Data And Algorithms
Finland Takes A Hard Look At The Economics of Data
Automate Your Privacy Compliance
Strong Feelings On Open Source?
European Union
The Delayed Birthing Of A New European Commission
The new European Commission was supposed to take office on November 1st. The President-elect of the European Commission, Ursula von der Leyen presented the proposed team of Commissioners-designate. The commissioners were positioned to “shape the European way”. New commissions need the approval of the European Parliament (EP), however. Three proposed names – from France, Hungary, and Romania – were rejected, however.
The most notable rejection was of the proposed Commissioner for the Internal Market, Sylvie Goulard of France. This Commissioner oversees a huge portfolio, entirely allocated to France. It’s areas range from traditional industry sectors to digital market, defense and space.
France has now proposed Thierry Breton, CEO of the European multinational tech company Atos (11 billion revenue). Breton is well known for an extensive and varied career. In public administration, he served as the French minister of the economy, finance, and industry. In the private sector, he was previously the CEO of France Télécom/Orange before Atos. Breton is known as a fervent supporter of Europe’s digital sovereignty.
The EP hearing of the three new Commissioners-designate will take place on November 14th.
Why are we following this? The commission’s main role is to propose legislation and to ensure the Member States are respecting EU law. Some of these EU Commissioners will set EU regulation paths that impact the software industry.
Along these lines is the reappointment of Margrethe Vestager as Competition Commissioner, as well as Executive Vice-President covering Digital Policy. The formal title of her portfolio is “Europe fit for the Digital Age”. Her proposal easily passed the Parliament. She’ll be even more influential in this next mandate than she already was. She is already thinking of more scrutiny and regulations for online platforms and tech.
Brexit Updates
The EU 27 Member States have agreed that they will accept the UK’s request for a Brexit “flextension” until 31 January 2020, due to the UK’s internal political situation.
The incertitude around Brexit (the date of actual withdrawal, but also under what conditions) is affecting citizens and businesses. Here’s a short checklist from the European Commission for traders with the UK, the UK Government’s guidelines on how to prepare your business for Brexit and the guidance of the US Department of Commerce for the free flow of data under Privacy Shield after Brexit.
Terrorist Content
The inter-institutional negotiations (so-called trialogues) on the new EU rules to tackle the dissemination of online content promoting terrorism started on October 17th. This will be followed by a second round of negotiations on November 20th, and a third on December 5th, with technical meetings in between. The positions of the Council and the Parliament on the main issue – the minimum time frame of removal orders – seems to be closed. The critical point is to force companies to remove online content promoting terrorism within an hour of receiving an order from national authorities. Also, from Parliament’s side, there’s a strong position that there should be no compulsory use of filters or automated tools.
The CJEU Rules On Cookies And Forgetfulness
The European Court of Justice (ECJ) ruled that websites must obtain explicit consent for cookies. A pre-ticked box is insufficient. The judgment, dated October 1st, states the following: “The Court decides that the consent which a website user must give to the storage of and access to cookies on his or her equipment is not validly constituted by way of a pre-checked checkbox which that user must deselect to refuse. For those who want a deeper dive into the issue, here’s a deep dive into the impact of the judgment.
The ECJ also limited the territorial scope of the “right to be forgotten”. In the Case C-507/17Google LLC, successor in law to Google Inc. v Commission nationale de l’informatique et des libertés (CNIL) it held that “there is no obligation under EU law, for a search engine operator who grants a request for de-referencing made by a data subject, as the case may be, following an injunction from a supervisory or judicial authority of a Member
State, to carry out such a de-referencing on all versions of its search engine.” Under the Data Protection Directive, citizens in the EU have a right to request search engines such as Google, to remove links to personal information when this information is ‘inadequate, irrelevant or no longer relevant’. Such a right to de-referencing or delisting is commonly referred to as the ‘right to be forgotten’.
In the judgment in Case C-18/18 Eva Glawischnig-Piesczek v Facebook Ireland Limited, CJEU EU law does not preclude a hosting provider such as Facebook from being ordered to remove identical and, in certain circumstances, equivalent comments previously declared to be illegal. In this case, CJEU considered that “EU law does not preclude such an injunction from producing effects worldwide, within the framework of the relevant international law which it is for the Member States to take into account”.
11 interveners were accepted by the CJEU in the Case T‑604/18 (better known as Android case), including Developers Alliance.
The European Data Protection Supervisor (EDPS) issued guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects.
The EU-US Privacy Shield
The European Commission presented its report on the third annual review of the functioning of the EU-U.S Privacy Shield. It confirmed that the framework ensures an adequate level of protection for personal data transferred from the EU to participating companies in the United States. Commissioner Vera Jurova stated that: “With around 5,000 participating companies, the Privacy Shield has become a success story.”
Data Economy
The German Approach On Data And Algorithms
Germany Data Ethics Commission published its Opinion on the approach to be taken in regulating data economy, including algorithmic systems (AI comprised) and some recommendations for the Federal Government’s Strategy on Artificial Intelligence. These will serve for drafting new rules and for adapting the current legislation not only in Germany but also at EU level. The President-elect of the new Commission, Ursula von der Leyen, is planning in her first 100 days in office, to “put forward legislation for a coordinated European approach on the human and ethical implications of Artificial Intelligence”.
Finland Takes A Hard Look At The Economics Of Data
The data economy is also one of the main priorities of Finland’s Presidency of the Council of the European Union (which runs from 1 July 1st to December 31, 2019). The aim is to issue recommendations on horizontal principles for a European data economy. A set of Data Principles was proposed to stir the debate.
Open Source
Automate Your Privacy Compliance
The EDPS has also developed open-source software tools for the automation of privacy and personal data protection inspections of websites. Its tool, named Website Evidence Collector, was released under the European Union Public License (EUPL-1.2). The software is available for download here, the European Commission’s collaborative platform Joinup, and on GitHub.
Strong Feelings On Open Source?
The European Commission wants to understand the needs of free and open-source developers and their communities and invited them to this Open Source Software Developer Survey.
It’s Not Me, It’s .EU
Interested in registering a European domain site? From October 13th, 2022 onward the right to register a .eu domain name, which was previously limited to residents of EU and EEA countries, is extended to citizens of the European Union, no matter where they are residing in the world. More info on this change here.
The European Digital Academy
The European Commission has launched a call for proposals to set up a “European Digital Academy”. The project “foresees the provision of services aiming to disseminate knowledge on emerging digital technologies (e.g. Artificial Intelligence, Internet of Things, blockchain, cybersecurity, robotics) and the development of innovative new online training modules on some of these technologies for European citizens and SMEs.”
Events
October was Cybersecurity Month in the EU.
EU Code Week was also in October, running the 5th-20th. A grass-roots initiative run by volunteers, the event aims to engage coding and digital literacy to a wider audience through fun activities and popular interests. The 2019 edition featured a new Massive Open Online Course (MOOC) and set the record of more than 66 000 activities.