Debunking the European Commission's '10 myths about ACTA'
Glyn Moody takes us through the EC's document '10 myths about ACTA' and shows us that it has some myths of its own
It's a sign of the European Commission's increasing desperation over ACTA that it has been forced to send out a document entitled "10 Myths About ACTA" [.pdf] that purports to debunk misinformation that is being put around. Unsurprisingly, the EC's document is itself full of misinformation. Here are just a few of the more outrageous examples.
1. ACTA will limit the access to the internet and will censor websites.
Read the text of the ACTA Agreement - there is no single paragraph in ACTA that substantiates this claim. ACTA is about tackling large scale illegal activity, often pursued by criminal organisations. It is not about how people use the internet in their everyday lives. Internet users can continue to share non-pirated material and information on the web. ACTA will not limit people's rights on the internet nor will it shut down websites, unlike the proposals discussed in the US (SOPA and PIPA).
There are some convenient half-truths here. Its supporters may claim that ACTA is about tackling large-scale illegal activity but nowhere in the document is there mentioned any minimum level for its operation. That is, potentially, it can apply to the actions of a single person, perhaps even sharing a single file, depending upon the circumstances. The problem is, ACTA's framing is so vague that it's not clear exactly who might be caught by its terms. Whatever the Commission may say now, it's how the text is interpreted later that matters.
After all, if the Commission had really wanted only to tackle "large-scale illegal activity", it would have added a minimum level to exclude the risk that ordinary Internet users would be affected. The refusal to add that minimum level to the treaty – something that would have been easy to do - can only mean that the Commission does indeed want the option of applying ACTA's rules to ordinary citizens, and that its claims to the contrary are simply whitewashing.
The next half-truth is: "Internet users can continue to share non-pirated material and information on the web". But what exactly is "non-pirated material"? Who decides? Because copyright has become such a complex set of laws that it is rarely clear – even to copyright lawyers – what exactly is or isn't "pirated": often the courts have to decide whether something is covered by "fair dealing/fair use", for example. So how can ordinary citizens possibly know in every case whether what they are sharing is "pirated"?
In particular, there is the situation that the term of copyright varies by country, and what may be in the public domain in one, is still in copyright in another. So what happens when someone in a country where some creation is in the public domain shares it with someone in a country where it isn't? The continuing injustice of the O'Dwyer case shows us that the US tries to applies its laws everywhere in the world: so does that mean its copyright laws apply in Europe?
Finally, while it is true that ACTA will not "shut down websites" directly, there is another clause that is even worse (Article 10):
Judicial authorities have the authority to order that materials and implements, the predominant use of which has been in the manufacture or creation of such infringing goods, be, without undue delay and without compensation of any sort, destroyed or disposed of.
Now, by definition, a Web site "creates" infringing copies when it sends or streams them to users; so lawyers could – and almost certainly will, knowing lawyers – argue that ACTA provides for the destruction and disposal of any computers whose "predominant use" is copyright infringement. So, no simple censorship, certainly, just the seizure and physical destruction of computers (assuming they are in one of the ACTA signatories), and probably the domain name too.
Not only that, but another section (Article 12) allows for "materials and implements" to be seized without informing the party affected, and even without any guarantee that people can defend themselves afterwards – so much for due process and justice.
3. ACTA is a secret agreement. Negotiations were not transparent and conducted "behind closed doors". The European Parliament was not fully informed, stakeholders were not consulted.
The text of ACTA is publicly available to all. The negotiations for ACTA were not different from negotiations on any other international agreement. It is a fact that such agreements are not negotiated in public, but with the Lisbon Agreement and the revised Framework Agreement there are clear rules on how the European Parliament (EP) should be informed of such trade negotiations. And these have been scrupulously followed. Trade Commissioner Karel De Gucht has participated in three plenary debates, replied to several dozens of written and oral questions, as well to two Resolutions and one Declaration of the EP, whilst Commission services have provided several dedicated briefings to Members of the European Parliament (MEPs) during the negotiations. Trade Commissioner Karel De Gucht has participated in three plenary debates, replied to several dozens of written and oral questions, as well to two Resolutions and one Declaration of the EP, whilst Commission services have provided several dedicated briefings to Members of the European Parliament (MEPs) during the negotiations. Likewise, the public was informed since the launch of the negotiations about the objectives and general thrust of the negotiations. The Commission released summary reports after every negotiation round and the negotiating text since April 2010. It organised press briefings and four stakeholder conferences on ACTA, one of them even only a few days before the first negotiating round.
This is extraordinarily duplicitous. The text of ACTA may be available to everyone *now*, but that is after the negotiations have been concluded – in other words, as a fait accompli. Even though the ACTA discussions began in 2006, the first formal draft that was officially released was only in 2010. The only reason people knew what was in ACTA was thanks to a document posted in Wikileaks in 2008: in other words, if the ACTA negotiators had got their way, ACTA would have been negotiated behind closed doors for four years before the public was allowed to see anything (and had there not been the Wikileaks leak, it's possible that even the draft would not have been released.)
The Commission claims "the public was informed since the launch of the negotiations about the objectives and general thrust of the negotiations": but what matters, of course, are the details, not the "general thrust". A few press briefings and stakeholder conferences are no substitute for actually allowing the public to give some – any – input to the ACTA process. But in the many years of negotiations, there was no possibility whatsoever to do that.
And yet even though the public was denied any opportunity to comment on a treaty that would have important implications for their lives, certain privileged groups were not just given access but consulted on their views, as Wikipedia explains:
Apart from the participating governments, an advisory committee of large US-based multinational corporations was consulted on the content of the draft treaty, including the Pharmaceutical Research and Manufacturers of America and the International Intellectual Property Alliance (which includes the Business Software Alliance, Motion Picture Association of America, and Recording Industry Association of America). A 2009 Freedom of Information request showed that the following companies also received copies of the draft under a nondisclosure agreement: Google, eBay, Intel, Dell, News Corporation, Sony Pictures, Time Warner, and Verizon.
Given the fact that major US corporations that stand to benefit directly from ACTA's disproportionate enforcement terms were allowed to shape its details from early on, while the 300 million European citizens who will be subject to those same terms had not a single formal opportunity even to express their views, the Commission's attempt to suggest that this was not a secret treaty, and that the public was consulted, is risible and insulting.
6. ACTA favours IP right-holders. ACTA eliminates safeguards and exceptions existing under international law.
Quite to the contrary, ACTA is drafted in very flexible terms and contains the necessary safeguards to allow the participating countries to strike an appropriate balance between all rights and interests involved, in line with their economic, political and social objectives, as well as with their legal traditions. All safeguards and exceptions under EU law or under the TRIPs Agreement remain fully preserved.
Notice how the "myth" has two components, but that the European Commission only answers one of them. The whole treaty is predicated on the assumption that more enforcement is good: there is no consideration of the collateral damage it might inflict, for example on members of the public. That, of course, is because the public was never allowed to present its views; inevitably, the resulting document is incredibly one sided and biased in favour of the copyright industries.
This can be most clearly seen in Article 9, which spells out the damages for infringement (my emphasis added):
1. In determining the amount of damages for infringement of intellectual property rights, a Party’s judicial authorities shall have the authority to consider, inter alia, any legitimate measure of value the right holder submits, which may include lost profits, the value of the infringed goods or services measured by the market price, or the suggested retail price.
2. At least in cases of copyright or related rights infringement and trademark counterfeiting, each Party shall provide that, in civil judicial proceedings, its judicial authorities have the authority to order the infringer to pay the right holder the infringer’s profits that are attributable to the infringement. A Party may presume those profits to be the amount of damages referred to in paragraph 1.
3. At least with respect to infringement of copyright or related rights protecting works, phonograms, and performances, and in cases of trademark counterfeiting, each Party shall also establish or maintain a system that provides for one or more of the following:
(a) pre-established damages
(b) presumptions for determining the amount of damages sufficient to compensate the right holder for the harm caused by the infringement; or
(c) at least for copyright, additional damages.
Consider, now, how this might apply to sharing a few mp3s online. According to ACTA, the copyright holders can demand damages equal to the "lost profits" from those mp3s. And if you want to know how the recording industry calculates those, ask Jammie Thomas-Rasset, who was fined $1,920,000 for sharing 24 songs in the US. When that was later reduced to $54,000, the recording industries demanded a retrial because they felt it was far too low.
ACTA essentially validates this kind of deranged calculus, and permits copyright companies to claim for completely imaginary losses "to compensate the right holder for the harm caused by the infringement", even though it is impossible to quantify that "harm" in any sensible way when you're dealing with digital file sharing. Indeed, arguably there is no harm, since file sharing can actually *boost* sales – just ask Paul Coelho; but ACTA's tunnel vision naturally cannot contemplate such a possibility.
Given these utterly disproportionate figures, it is extraordinary how the members of the European Commission can claim with any seriousness that ACTA does not "favour" rights-holders. Perhaps they imagine everyone earns the same as they do – 240,000 Euros a year - and can easily find a few million Euros down the back of the sofa if they need to....
8. ACTA leads to "harmonisation through the backdoor". A study ordered by the European Parliament's committee for International Trade (INTA) to academics says that ACTA will require changes to EU enforcement legislation and/or to national laws.
ACTA provisions are compatible with existing EU law. ACTA will not require any revision or adaptation of EU law and will not require any Member States to review the measures or instruments by which they implement relevant EU law. ACTA is also in line with international law, in particular with the WTO's Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS). The INTA study does not show evidence of any concrete situation where ACTA would contradict, repeal or require the modification of a single provision existing in EU legislation. This has been confirmed in very clear terms by the two above mentioned Opinions of the Legal Service of the European Parliament.
If ACTA is compatible with existing EU law – and that remains unclear, despite the Commission's assertions to the contrary – that's only so because the whole treaty is so vaguely worded. It is full of options – clauses that signatories "may" implement in certain ways.
But this is the central trick of ACTA: it is not that the treaty itself imposes new laws on participants *now* - the studied vagueness makes that unnecessary. What ACTA does is to create a framework whose assumptions are that laws will be passed in the future to comply with the optional, more stringent parts. In other words, ACTA is not so much about today's legal landscape, but about tomorrow's. It will allow politicians to say: "well, we really have to implement these harsher enforcement laws because it's in ACTA, and all of our partners have done so, and it would look bad if we didn't follow suit."
In fact, European commissioners aren't even waiting for ACTA to be ratified before moving down this path: with the “Proposal for a Revision of the Directive of Intellectual Property Rights” (.pdf) they are already planing to bring in harsher copyright enforcement of precisely the kind that ACTA tries to establish as a benchmark.
In other words, it's the usual copyright ratchet, whereby a country's copyright maximalism in one area is used as an excuse to "harmonise" everyone else's. That's precisely what has happened with copyright term, for example, where the varying terms for different kinds of creation – text, music, sound recordings – have gradually been extended around the world in order to bring about "harmonisation" (isn't it strange that there's never harmonisation *downwards*, and that it's always in favour of the copyright industries and to the detriment of the public?) ACTA seeks to use the same trick to export the worst excesses of copyright enforcement first to all signatories, and later around the world through further treaties, like the Trans-Pacific Partnership.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Five Reasons ACTA Must Be Stopped
With the ACTA protest in London coming up this Saturday, Stu Anderson brings opposition to ACTA into focus:
1. It is an Anti-democratic Instrument
Already covered in this Zine is how one of the major concerns over ACTA has been the shady and secretive way in which the instrument has been formulated behind closed doors.
ACTA was negotiated in secret, and indeed drafts of the text of the agreement only initially made it into the public domain after leaks from insiders to the process worried about the implications of the instrument. The US even blocked the release of draft versions of the agreement on the grounds of 'national security'. It was only after constant leaks that an official draft was finally released in April 2010, and even now many of the key preparatory documents and official opinions remain unreleased.
Concerns over the problems with the way the instrument have been negotiated have been so marked that the situation forced Kader Arif, the European Parliament's official rapporteur for ACTA, to resign in protest at the secrecy surrounding the agreement.
The negotiations have also bypassed the established (legitimate and transparent) international channels for the creation of binding transnational IP agreements, such as the WTO and WIPO. This becomes more important when we realise that the scope of ACTA will likely reach far beyond the signatories to the document, effectively being used as a bargaining chip to force developing countries into accepting similarly harsh IP regimes and forcing western proprietors' agenda on the world at large.
Of course, all of this is profoundly undemocratic; ACTA being an instrument which, if ratified, will bind national legislatures of signatories in a number of key respects regarding their domestic IP provisions and effectively pushing through a SOPA style copyright regime via the back door. This is even more so the case with the ACTA Committee- a body created by ACTA with the power to interpret and modify the agreement, as well as make amendments, again without using legitimate national and international channels.
2. It will have a chilling effect on innovation and freedom of expression
Moving to the provisions of the agreement itself, there are wide ranging concerns that it will have profound and dangerous effects on freedom of expression and culture. If ACTA is enacted, ISPs and online services will find themselves increasingly under pressure from the entertainment industries to monitor and filter content as well as individual communications.
This effectively leads to fears of censorship, removed from legitimate judicial channels and placed in the hands of private actors, as well as to the damaging effects for the principle of net neutrality in general. The agreement also provides for draconian search and seizure measures to become widespread.
This, allied with the harsh criminalising provisions of the instrument (see below), mean the potential for family computers being seized, denying them access to freedom of information and expression in the absence of any wrongdoing.
Needless to say, such measures would have a devastating and chilling effect on internet users and startups alike. Provisions such as the broadly-defined criminal sanctions for 'infringement on a commercial scale' (so broad as to potentially include not-for-profit filesharing as well as legitimate online services) will act as a harsh deterrent to innovation and freedom of expression.
3. It is Unjustifiably Harsh
ACTA seeks to employ oppressive punitive conditions as well as extend criminality for acts previously only considered civil matters. As mentioned above, ACTA seeks to cover activities which are both for-profit and not-for-profit, with provisions drawn in as vague and broad a manner possible so as to include within their scope widespread filesharing practises. This effectively criminalises a generation of net users, punishing them for an industry's failure to adapt to new technology. This should hardly be surprising since criminalising file-sharing was specifically part of the EU Commission's ACTA mandate, even without any motive of financial gain.
In terms of civil enforcement the provisions of ACTA are no less harsh, specifying provisions to include mandatory schemes of statutory damages which could lead to file-sharers in signatory countries becoming financially liable on a massive and disproportionate scale.
The document additionally provides that judges potentially take into account, in awarding damages, a number of considerations of value as submitted by the right holder, including lost profits, the market value or even the suggested retail price. This last provision gives standing to the 'lost sale myth'; an entirely unrealistic portrayal of the actual cost to the rights holder of file-sharing (if I download a track, this does not reflect that I am necessarily willing to pay the retail price).
Further, the provision that a judge can give credence to considerations from one side of a case and not another, while not technically binding, is practically unheard of in domestic law, and drastically impinges upon the right to the defender of a fair trial.
4. It is Inherently biased towards the interests of big business
If we expand upon this specific example of bias, it quickly becomes clear that the whole text of ACTA is inherently skewed towards a view and consideration of intellectual property rights which stresses the importance of ownership to the detriment of vital fair use provisions.
Unsurprisingly this is exactly the view of intellectual property law lobbied for by big business; one which favours their own interests over the those of creators and innovators. ACTA increases and strengthens the powers of the entertainment industries across the board, increasing criminal and civil sanctions and establishing new procedures which allow the big corporations to police the internet and bully smaller creators and innovators.
Importantly, the instrument makes mandatory the restrictions associated with a proprietary regime in intellectual works without making mandatory subsequent fair use provisions which are so vital for innovation. In such a climate, with national legislatures hamstrung by the binding nature of ACTA and with pressure on all sides from entertainment industries, it seems unlikely that the power they retain will be used to increase fair use provisions, much rather the opposite.
Another problem, already touched upon, is that the document also fails to consider fully the fundamental rights of all parties affected by the agreement. The European Economic and Social Committee has pointed out that the rights to information, health, sufficient food, right to farmers to select seed and the right to culture, all suffer in the wake of an overbearing emphasis on property rights. It must be remembered that no property right is an absolute right in anything and this is even more explicitly so the case in intellectual property.
5. It is just the latest effort in a Punitive, Repressive and ultimately self-defeating industry Strategy.
Ultimately, the ground of the problem with ACTA is that it is a document which seems to be designed with a particular repressive and socio-economically damaging strategy in mind. It relies on a reification and a ramping up of the greediest concerns of an outdated industrial paradigm which would seek to lock down culture, technology and innovation in the name of profit. I say this is self-defeating because, in fact, locking down culture is ultimately not only socially detrimental, but is also economically damaging.
ACTA is clearly designed to be a blueprint for things like SOPA and PIPA coming in through the back door of secretive international negotiation, in consultation with the content and pharmaceutical industries, intent on widening the spread of DMCA-like legislation worldwide, first through legal instrument, and then through political pressure.
Ultimately ACTA is just the latest of many attempts to drive through legislation pursuing a harmful strategy which obscures the chance any meaningful opportunity to start to think about how intellectual property laws might be reformed in ways which reconnect it with its roots – an instrument designed to secure the proliferation of creative works and to motivate people to create, to innovate and to produce for the common good. It is a strategy that begun in the eighteenth century, utterly unequipped to deal with today's technology and way people today innovate. It is for this reason more than any other that any legislation pursuing this strategy, be it SOPA, PIPA, ACTA or any other incarnation, must be strongly opposed.
Facebook goes public
A short summary of recent comment on Facebook's proposed IPO
The big social media news in 2012 so far is of course Facebook's proposed Initial Public Offering; the plan for the most popular social networking site worldwide to go public, meaning that Facebook is getting ready to have shares being traded on the stock market by May this year. As you have probably heard, Facebook's numbers are “very impressive”, as described by Kathleen Smith, principal of IPO investment advisory firm, Renaissance Capital. In case you haven't, here they are again: Facebook has 845 million users, 443 million of those are daily users, it's profits rose by 65% in 2011 to $1 billion, off revenues of $3.71 billion, founder and Harvard dropout Mark Zuckerberg is worth an estimated 17.5 billion and number 52 on Forbes billionaires list and so on and so on. (sources: BBC news, Forbes,Wikipedia)
We know that Facebook has been a spectacular, fast-developing success since its inception in 2004 and going public will be a way for it to continue to make more money. The stock market flotation seeks to raise around $5bn. The questions looming around this new prospect now focus on what will the implication be for the social experience of Facebook?
In short, the decision will mean the company will have to publish its financial information, so we can see how much it makes from advertising revenue and it will have to answer to shareholders when managing profitability. The underwriters of Facebook's IPO will be Morgan Stanley and Goldman Sachs will also be involved. They will be aiming at large businesses and wealthy famous people as the customers they want to buy shares. Daniel Burrus writing for the Huffington Post identifies two potential problems with how Facebook might have adapt to drive revenues: The first is that it might have to change its privacy policy again to 'allow them to be more intrusive' which could create a backlash, and the second is that Facebook could allow more advertising on the site, interfering with the sites use and possibly causing more upset. So an increase in adverts on the site and compromising privacy are concerns.
Zuckerberg has always expressed in interviews that his vision and motives for Facebook centre on its information sharing powers and the importance of openness as a social good. (BBC documentary: Mark Zuckerberg: Inside Facebook, Wired interview 2010) In an interview with Wired in 2010 he said, “ … it bums me out that people immediately go 'you must be doing this to make money'. Because that's so different from the ethos of the company”. He went on to say that Facebook's use of adverts was sparse compared to the average internet search. So there is a very real paradox in the new impetus for driving more profit and the executives' own original goals. Its a finely balanced thing, too much pressure from business and shareholders could mess up Facebook's entire creative purpose, its precariously held kudos for being cool, social, democratic and even subversive.
Glancing over the 'impressive numbers' on Facebook's usage and estimated worth and then reading Zuckerberg's letter in the prospectus for the IPO highlights the potential gap between Zuckerberg's idealism and those who will look at Facebook with dollar signs in their eyes. Zuckerberg wrote: “Facebook was not originally created to be a company. It was built to achieve a social mission- to make the world more open and connected. We think its important that everyone who invests in Facebook understands what this mission means to us, how we make decisions and why we do the things we do.”
In order to make this mission possible Facebook execs will have to strike a difficult balance to keep fans onside from 2012 onwards. Some commentators remind us that Facebook is not safe from the competitive and constantly changing world of internet start-ups that saw Yahoo and Myspace get usurped by newcomers. There is a danger that a Facebook site full of adverts would out people off. But on the other hand if you read any book giving advice to marketers on how best to utilise social media currently, you may question whether this is a door that hasn't already been opened. With such a huge following and now new investment it is hard to imagine a world without fb in the near future. What is more likely is that new groups will build on the platform that already exists and will develop alongside it.
What the new business model will do to Facebook is something we will find out sooner. Later this year when we sign in to invariably check our messages, share links, like pages, write to friends, form groups, create events, upload photos, see friend's photos, update our status or add new friends we will be able to see what subtle or dramatic changes the our favourite social network has undergone.
Beyond the Soup Kitchen
While the geeks get rich, I thought I'd go the other way
"The whole idea of what a homeless service is, is a soup kitchen," one of the representatives for The Connection at St Martin-in-the-Fields said yesterday. But does it have to be?
It was in the middle of "Teacamp", a monthly series of meetings that sport the same mix of geeks, government, and do-gooders as the annual UK Govcamp we covered a couple of weeks back. Meetings like this seem to be going on all the time all over the place, trying to figure out ways to use technology to help people. Hardly anyone has any budget, yet that seems not to matter: the optimism is contagious. This week's Teacamp also featured Westminster in Touch, an effort to support local residents and charities; the organization runs a biannual IT Support Forum to brainstorm (the next is March 28).
I have to admit: when I first read about Martha Lane Fox's Digital Inclusion initiative my worst rebellious instincts were triggered: why should anyone be bullied online if they didn't want to go there? Maybe at least some of those 9 million people who have never used the Internet in Britain would like to be left in peace to read books and listen to - rather than use - the wireless.
But the "digital divide" predicted even in the earliest days of the Net is real: those 9 million are those in the most vulnerable sectors of society. According to research published on the RaceOnline site, the percentage of people who have never used the Net correlates closely with income. This isn't really much of a surprise, although you would expect to see a slight tick upwards again at the very top economic levels, where not so long ago people were too grand, too successful, and too set in their ways to feel the need to go online. But they have proxies: their assistants can answer their email and do their Web shopping.
When Internet access was tied to computers, the homeless in particular were at an extreme disadvantage. You can't keep a desktop computer if you have nowhere - or only a very tiny, insecure space - to put it or power it, and you can't afford broadband or a landline. A laptop presents only slightly fewer problems. Even assuming you can find free wifi to use somewhere, how do you keep the laptop from being stolen or damaged? Where and how do you keep it charged? And so The Connection, like libraries and other places, runs a day center with a computing area and resources to help, including computer training.
But even that, they said, hasn't been reaching the most excluded, the under-25s that The Connection sees. When you think about it, it's logical, but I had to be reminded to think about it. Having missed out on - or been failed by - school education, this group doesn't see the Net as the opportunity the rest of us imagine it to be for them.
"They have no idea of creating anything to help their involvement."
So rather than being "digital natives", their position might be comparable to people who have grown up without language or perhaps autistic children whose intelligence and ability to learn has been disrupted by their brain wiring and development so much that the gap between them and their normally wired peers keeps increasing. Today's elderly who lack the motivation, the cognitive functioning, or the physical ability to go online will be catered to, even if only by proxy, until they die out. But imagine being 20 today and having no digital life beyond the completely passive experience of watching a few clips on YouTube or glancing at a Facebook page and thinking they have nothing to do with you. You will go through your entire life at a progressively greater disadvantage. Just as we assume that today's 80-year-olds grew up with movies, radio, and postal mail, when *you* are 80 (if the planet hasn't run out of energy and water and been forced to turn off all the computers by then), in devising systems to help you society will assume you grew up with television, email, and ecommerce. Whatever is put in place to help you navigate whatever that complex future will be like, will be completely outside your grasp.
So The Connection is helping them to do some simple things: upload interviews about their lives, annotate YouTube clips, create comic strips - anything to break this passive lack of interest. Beyond that, there's a big opportunity in smart phones, which don't need charging so often and are easier to protect - and can take advantage of free wifi just as a laptop can. The Connection is working on things like an SMS service that goes out twice a day and provides weather reports, maps of food runs, and information about free things to do. Should you be technically skilled and willing, they're looking for geeky types to help them put these ideas together and automate them. There are still issues around getting people phones, of course - and around the street value of a phone - but once you have a phone where you can be contacted by friend, family, and agencies, it's a whole different life. As it is again if you can be convinced that the Net belongs to you, too, not just all those other people.
Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.
Commission Proposes Stronger Data Privacy Legislation
Revising an old directive; renewed legislation with more teeth
After weeks of suspense and rumours, the European Commission introduced long-awaited legislation to update the 1995 Data Protection Directive, the primary instrument governing personal privacy in Europe. These widely-anticipated changes were spurred in large part by three distinct motivations: (1) the desire to provide users stronger rights over their personal information, (2) the need to adapt the 1995 pre-Internet Directive and (3) a wish to harmonise divergent privacy laws across all the European Union.
Ironically, these were the same exact goals 17 years ago when the European Union first passed the Data Protection Directive. At that time, there were few comprehensive privacy laws in Europe (or anywhere else, for that matter). The initial Directive required member states to pass enacting legislation codifying the principles contained within the document, whilst allowing for a margin of interpretation that would prove its limits in practice. Indeed in the intervening years the EU’s 27 member states have all implemented and interpreted the Directive in varying ways, leading to a fair amount of confusion to companies offering services across the internal market. And while each country is slightly different, enforcement has been consistently spotty across the continent, leaving users with the suspicion that their information is not adequately protected as companies utilise increasingly sophisticated technologies to track user behaviour.
The Commission has been working on the text of the legislation for over a year and has been consulting stakeholders for more than two years; in December, what was purportedly a near-final version was widely leaked and analysed. The most significant change in that draft was that the legislation was in the form of a regulation instead of a directive, meaning that it would be automatically binding on member states (rather than a mere instruction to national governments to pass consistent legislation). The draft contained other provisions designed to make complying with European privacy law simpler for companies — such as subjecting companies to the jurisdiction of one lead national data protection regulator, rather than 27 potentially different authorities. The draft legislation also eliminated the burdensome and often costly requirement to provide regulators with pro forma (and typically ignored) notification in advance of all data processing activity (and paying filing fees for the privilege).
On the other hand, the legislation provided new protections for users, such as a very strict data breach notification standard, a requirement that all consent to collect and use personal data needs to be upfront and explicit, and a so-called “right to be forgotten” — the ability of users to erase (at least some of the) information held about them by others. It also called for stronger powers for regulators, including the ability to obtain fines as high as 5% of global revenues for privacy violations (for a large international company, this could easily run to the hundreds of millions of dollars, though the legislation does include language that the penalty must be “proportional” to the scope of the violation). In response, many (especially in the United States) criticised the heightened user protections as being unworkable and unduly burdensome on industry; the United States Department of Commerce reportedly lobbied extensively to have the legislation revised prior to formal introduction.
The eventual version that was released by the Commission does address many of the criticisms that had been levelled, and appears to try to find middle ground between user’s rights, practical implementation and the costs imposed on businesses. For example, the compromises include a less prescriptive data breach rule and a 60% decrease in the maximum penalties a regulator can levy. The legislation still has its critics from both civil society and industry, and there will be intense lobbying as the bill is debated and amended in the European Parliament and Council (A side note to all this is that much online privacy won’t really be affected by this new law. In 2002, the European Union passed a specific law on e-Privacy that governs issues like cookies and online behavioural tracking. Of course, the Data Protection Regulation could be revised to specifically supersede the e-Privacy Directive if officials believe the Regulation is sufficiently robust to address the areas the Directive was written to address).
Although the particulars are still being worked out, the legislative proposal does make sign
ificant progress on the Commission’s primary focus on giving users strong, consistent protections across the Union. It represents a frank admission that the strong principles contained in the 1995 Data Protection Directive haven’t been implemented in a consistent and effective manner in practice to protect users, and that more rigorous laws are needed. If successful, the new regulation will better secure user data while offering companies a clear, predictable path to regulatory compliance; at worst, this same scenario could be playing out in another 20 years, as another Commission tries to find a new legal means to meaningfully protect personal information across Europe.
Justin Brookman is the Director of Consumer Privacy at CDT, the Center of Democracy & Technology. CDT is a non-profit public interest organisation working to keep the Internet open, innovative, and free.
ACTA, Parliament, and the true democratic deficit
The Government squabbles over fiscal sovereignty while signing up to a treaty that will suppress our rights as consumers
Earlier this month, the Internet went on strike. Thousands of websites, including high-profile ones like Wikipedia, blacked out for 12 hours on January 18th to protest US Congress attempts to severely limit civil liberties on the Internet in order to protect the vested interests of the content industry. Two days later, Congress shelved SOPA and PIPA, the two contentious bills. Yet barely two weeks later, we face a bigger challenge.
One of the more striking things about ACTA - the Anti-Counterfeiting Trade Agreement signed last week by the European Union and 22 of its member states - is the spectacularly undemocratic way in which it has come about and continues to be pushed through.
Those following the history of the treaty since its inception in 2008 will know that transparency has been a persistent issue throughout the negotiations. Its designation as a trade agreement essentially give the governments involved carte blanche to conduct negotiations behind closed doors. Drafts of the treaty were leaked repeatedly, one worse than the other. While the final draft has been considerably defanged, there are still significant areas of concern, both around the process and the content. La Quadrature du Net provides a detailed analysis of what is still wrong with the final version of the treaty. Most worrying is the provision which enshrines the undemocratic process in which ACTA has been negotiated for any future treaty amendments.
Yet reading the European Commission's Anti-Counterfeiting information page, all appears to be well: ACTA will not stop poor countries accessing cheap medicines, it will not get your iPod searched at the border or cut you off from the Internet. Nor, so the Commission, have there been any issues of transparency and democratic process in the ACTA negotiations.
A slightly different picture emerges from Kader Arif, the European Parliament's rapporteur on ACTA. In a statement on his blog explaining his resignation as rapporteur last week, Mr Arif acknowledges that ACTA is still extremely problematic and claims that "everything is being done to prevent the European Parliament from having its say in this matter."
Given that certain factions of the Conservative Party are utterly obsessed with the EU's alleged "democratic deficit", one would have thought they would be all over this. After all, not only must we now have a referendum every time someone corrects a typo in the Lisbon Treaty, but parts of the party want an immediate "in or out" referendum too. So when the only directly elected institution of the European Union complains that it has been consistently prevented from having a say on an international treaty which affects EU citizens, what does the UK government do? It signed ACTA, along with 21 other EU member states and the European Commission on January 26th. Not only that, but Parliament has abdicated any responsibility for scrutinising ACTA, pushing it back up to the European Parliament.
So where do we go from here? As the EU has admitted that ACTA is a legally binding international treaty, it cannot come into force without approval from the European Parliament. It is ironic that for all the Tories' clamouring on the "democratic deficit", we are left with only the EU between us and ACTA, with our democratically elected government having washed its hands. It is time to start lobbying your MEPs now. The Open Rights Group has some great suggestions on where to start.
Principle Failure
Is Google still succeeding at not being evil with the introduction of its new streamlined privacy policy?
The right to access, correct, and delete personal information held about you and the right to bar data collected for one purpose from being reused for another are basic principles of the data protection laws that have been the norm in Europe since the EU adopted the Privacy Directive in 1995. This is the Privacy Directive that is currently being updated; the European Commission's proposals seem, inevitably, to please no one. Businesses are already complaining compliance will be unworkable or too expensive (hey, fines of up to 2 percent of global income!). I'm not sure consumers should be all that happy either; I'd rather have the right to be anonymous than to be forgotten (which I believe will prove technically unworkable), and the jurisdiction for legal disputes with a company to be set to my country rather than theirs. Much debate lies ahead.
In the meantime, the importance of the data protection laws has been enhanced by Google's announcement this week that it will revise and consolidate the more than 60 privacy policies covering its various services "to create one beautifully simple and intuitive experience across Google". It will, the press release continues, be "Tailored for you". Not the privacy policy, of course, which is a one-size-fits-all piece of corporate lawyer ass-covering, but the services you use, which, after the fragmented data Google holds about you has been pooled into one giant liquid metal Terminator, will be transformed into so-much-more personal helpfulness. Which would sound better if 2011 hadn't seen loud warnings about the danger that personalization will disappear stuff we really need to know: see Eli Pariser's filter bubble and Jeff Chester's worries about the future of democracy.
Google is right that streamlining and consolidating its myriad privacy policies is a user-friendly thing to do. Yes, let's have a single policy we can read once and understand. We hate reading even one privacy policy, let alone 60 of them.
But the furore isn't about that, it's about the single pool of data. People do not use Google Docs in order to improve their search results; they don't put up Google+ pages and join circles in order to improve the targeting of ads on YouTube. This is everything privacy advocates worried about when Gmail was launched.
Australian privacy campaigner Roger Clarke's discussion document sets out the principles that the decision violates: no consultation, retroactive application; no opt out.
Are we evil yet?
In his 2011 book, In the Plex, Steven Levy traces the beginnings of a shift in Google's views on how and when it implements advertising to the company's controversial purchase of the DoubleClick advertising network, which relied on cookies and tracking to create targeted ads based on Net users' browsing history. This $3.1 billion purchase was huge enough to set off anti-trust alarms. Rightly so. Levy writes, "...sometime after the process began, people at the company realized that they were going to wind up with the Internet-tracking equivalent of the Hope Diamond: an omniscient cookie that no other company could match." Between DoubleClick's dominance in display advertising on large, commercial Web sites and Google AdSense's presence on millions of smaller sites, the company could track pretty much all Web users. "No law prevented it from combining all that information into one file," Levy writes, adding that Google imposed limits, in that it didn't use blog postings, email, or search behavior in building those cookies.
Levy notes that Google spends a lot of time thinking about privacy, but quotes founder Larry Page as saying that the particular issues the public chooses to get upset about seem randomly chosen, the reaction determined most often by the first published headline about a particular product. This could well be true - or it may also be a sign that Page and Brin, like Facebook's Mark Zuckberg and some other Silicon Valley technology company leaders, are simply out of step with the public. Maybe the reactions only seem random because Page and Brin can't identify the underlying principles.
In blending its services, the issue isn't solely privacy, but also the long-simmering complaint that Google is increasingly favoring its own services in its search results - which would be a clear anti-trust violation. There, the traditional principle is that dominance in one market (search engines) should not be leveraged to achieve dominance in another (social networking, video watching, cloud services, email).
SearchEngineLand has a great analysis of why Google's Search Plus is such a departure for the company and what it could have done had it chosen to be consistent with its historical approach to search results. Building on the "Don't Be Evil" tool built by Twitter, Facebook, and MySpace, among others, SEL demonstrates the gaps that result from Google's choices here, and also how the company could have vastly improved its service to its search customers.
What really strikes me in all this is that the answer to both the EU issues and the Google problem may be the same: the personal data store that William Heath has been proposing for three years. Data portability and interoperability, check; user control, check. But that is as far from the Web 2.0 business model as file-sharing is from that of the entertainment industry.
Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.
Dealing with data – The 'burden-less' business?
Sara Kelly of COADEC reviews Viviane Reding's latest proposals for EU Data Protection reform
“Businesses will now be burden-less under these reforms”, announced Viviane Reding, Vice-President of the European Commission and EU Justice Commissioner, during the launch yesterday of reforms to the EU's 1995 data protection rules aimed at strengthening online privacy rights.
Leaked drafts of the directive have been circulating since December, and many of today's announcements were trailed in Reding’s speech to the Digital Life Design (DLD) conference in Munich last weekend. Key changes confirmed today include a single set of rules on data protection, the requirement of reporting data breaches within 24 hours, the requirement of explicit consent, and possibly most controversially, the “right to be forgotten”.
Amid reports ahead of the announcement of the burden of complicated procedures of data protection, Reding used her address today to highlight the burden on businesses in complying with 27 different data protection requirements across the EU. This has limited the ability of many businesses to operate services that deal with data in multiple countries, so harmonisation of these codes will be welcome by businesses of all sizes as a way of saving time and money. Moreover, the directive’s proposed exemption for companies with fewer than 250 employees from the requirement to have a data protection officer shows that the Commission is conscious of the particular challenges that small businesses face in complying with these types of rules.
That said, it is not at all clear that the new directive will eliminate burdens for small businesses, and indeed there appears to be significant potential to increase them. This is especially true on two fronts:
- The “right to be forgotten” principle has a very real danger of being misused, in a way that particularly affects the owners of small social websites that rely on content from users. The directive as it stands outlines that the only way a user will not be able to remove their data is when this relates to a criminal investigation. The “right to be forgotten” could easily become “the right to take content and sell it for more money when I think it might have more value than when I originally gave you the right to use it”.
- Meanwhile, the heavy fines proposed for non-compliance may fall disproportionately on smaller enterprises, and it is possible that an inadvertent error may be enough to put one out of business
Addressing issues of data security is of course vital, but it must be balanced against the very legitimate uses of data employed by innovative businesses—most notable, social networks. Globally we have increasingly enjoyed the liquidity of information that the Internet provides. A picture shared or a blog posted can reach a wider audience than ever before, and that has bought with it incredible opportunities for those wishing to share their content and those designing platforms to do this.
The proposed directive will now be passed on to the European Parliament the Council of Ministers for discussion. We hope that these discussions will flesh out some of the details this directive desperately requires to ensure that the removal of one burden does not in turn lead to the creation of new ones, especially where the result would be detrimental to small, innovative businesses.
Sara Kelly is Policy and Development Manager for COADEC, The Coalition for a Digital Economy. COADEC works to support legislation and other government policies that foster a lasting, sustainable and innovative digital economy for Britain.
Camping Out
Wendy Grossman reports on this year's UK GovCamp and the hope for real change in attitudes towards technology
"Why hasn't the marvelous happened yet?" The speaker - at one of today's "unconference" sessions at this year's UK Govcamp - was complaining that with 13,000-odd data sets up on his organization's site there ought to be, you know, results.
At first glance, GovCamp seems peculiarly British: an incongruous mish-mash of government folks, coders, and activists, all brought together by the idea that technology makes it possible to remake government to serve us better. But the Web tells me that events like this are happening in various locations around Europe. James Hendler, who likes to collect government data sets from around the world (700,000 and counting now!), tells me that events like this are happening all over the US, too - except that there this size of event - a couple of hundred people - is New York City.
That's both good and bad: a local area in the US can find many more people to throw at more discrete problems - but on the other hand the federal level is almost impossible to connect with. And, as Hendler points out, the state charters mean that there are conversations the US federal government simply cannot have with its smaller, local counterparts. In the UK, if central government wants a local authority to do something, it can just issue an order.
This year's GovCamp is a two-day affair. Today was an "unConference": dozens of sessions organized by participants to talk about...stuff. Tomorrow will be hands-on, doing things in the limited time available. By the end of the day, the Twitter feed was filling up with eagerness to get on with things.
A veteran camper - I'm not sure how to count how many there have been - tells me that everyone leaves the event full of energy, convinced that they can change the world on Monday. By later next week, they'll have come down from this exhilarated high to find they're working with the same people and the same attitudes. Wonders do not happen overnight.
Along those lines, Mike Bracken, the guy who launched the Guardian's open data platform, now at the Cabinet Office, acknowledges this when he thanks the crowd for the ten years of persistence and pain that created his job. The user, his colleague Mark O'Neill said recently is at the center of everything they're working on. Are we, yet, past proving the concept?
"What should we do first?" someone I couldn't identify (never knowing who's speaking is a pitfall of unConferences) asked in the same session as the marvel-seeker. One offered answer was one any open-source programmer would recognize: ask yourself, in your daily life, what do you want to fix? The problem you want to solve - or the story you want to tell - determines the priorities and what gets published. That's if you're inside government; if you're outside, based on last summer's experience following the Osmosoft teams during Young Rewired State, often the limiting factor is what data is available and in what form.
With luck and perseverance, this should be a temporary situation. As time goes on, and open data gets built into everything, publishing it should become a natural part of everything government does. But getting there means eliminating a whole tranche of traditional culture and overcoming a lot of fear. If I open this data and others can review my decisions will I get fired? If I open this data and something goes wrong will it be my fault?
In a session on creative councils, I heard the suggestion that in the interests of getting rid of gatekeepers who obstruct change organizational structures should be transformed into networks with alternate routes to getting things done until the hierarchy is no longer needed. It sounds like a malcontent's dream for getting the desired technological change past a recalcitrant manager, but the kind of solution that solves one problem by breaking many other things. In such a set-up, who is accountable to taxpayers? Isn't some form of hierarchy inevitable given that someone has to do the hiring and firing?
It was in a session on engagement where what became apparent that as much as this event seems to be focused on technological fixes, the real goal is far broader. The discussion veered into consultations and how to build persistent networks of people engaged with particular topics.
"Work on a good democratic experience," advised the session's leader. Make the process more transparent, make people feel part of the process even if they don't get what they want, create the connection that makes for a truly representative democracy. In her view, what goes wrong with the consultation process now - where, for example, advocates of copyright reform find themselves writing the same ignored advice over and over again in response to the same questions - is that it's trying to compensate for the poor connections to their representatives that most people have. Building those persistent networks and relationships is only a partial answer.
"You can't activate the networks and not at the same time change how you make decisions," she said. "Without that parallel change you'll wind up disappointing people."
Marvels tomorrow, we hope.
Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.
Copyright by the book - a step-by-step guide to killing the economy
Milena Popova explains what happens when you play by the copyright rules
I recently gave a talk on the economics of copyright, and why content is a public good. I'm not big on seven-level nested bullet points but I did want some visual aids for my audience so I set out to create a slide deck. Let me be perfectly, crystal clear here: I'm talking about a one-hour talk on a topic that I was intimately familiar with, not writing new material from scratch; I'm talking about 16 slides, 13 of which had any actual content. This should not have taken more than two hours. 12 working hours later...
The reason I took nearly an hour for every slide was that - since I was talking about copyright - I thought I should at least try and do this by the book. That meant that every image I used had to fulfil one of three conditions:
- I had to own the copyright;
- the image had to be either in the public domain or licensed under an appropriate Creative Commons license;
- or I had to get permission from the rights holder.
Additionally, every image had to be properly credited.
So what effect did "copyright by the book" have on my output and productivity? I've already stated the obvious: the whole exercise took about six times as long as it had any right to. Finding appropriate images to support what I was saying was suddenly not a simple matter of a Google search - I had to restricte my sources to those I could be certain would meet the above criteria. Flickr's CC search functionality helped, and so did the Creative Commons website's search; the Wikimedia Commons was an invaluable resource. But even with those, just appropriately crediting the 16 or so images took hours.
Next were the images I had to get permission for. I cheated slightly here, in that I only approached people I was reasonably certain would grant permission in the first place, and whom I could approach easily (generally through the magic of Twitter). Even with that slight workaround it wasn't until the day of the talk that I had confirmed permission for all images, so I had to line up back-ups or risk not having an image or using one I didn't have the rights to. A final cheat was used when I declared a screen capture from an anti-piracy video to be under the "fair dealing exception for criticism/review purposes" as I was criticising the video in question.
Perhaps the most unpleasant impact of doing copyright by the book was that I felt restricted in what I could and couldn't say or display. When referring to popular television shows, for instance, I couldn't use an image from the show and had to find a workaround. This, of course, had an impact on the quality of my work, so that I found myself faced with a choice between breaking the law or not producing the best possible work I could.
Personally, I was mildly inconvenienced by my "copyright by the book" adventures. There are, however, wider implications here. Go into any office in the UK, sit in any meeting, go to any industry conference, and you will find hundreds of thousands of media files (images, music, videos) used without permission. They're the soundtrack to your motivational video, the image you use to illustrate a point in a presentation, or the Dilbert cartoon you email to your team on a Friday afternoon. They are the things that make death by PowerPoint slightly less... well, deadly. And yet, did you know that to license a single Dilbert strip for a one-time use in a presentation (and that means no sneakily making the slides available to your colleagues afterwards!), you'd have to fork out US$85 at a minimum? That includes a t $10 "handling charge" by Universal Unlick Reprints and discounts the fact that navigating Scott Adams' licensing system will take you a good half hour. If you don't believe me that this sort of thing happens in every single office, you only need to browse BoingBoing to find that even copyright trolls use unlicensed content for fun and profit.
If tomorrow we all turned up for work and suddenly started doing copyright by the book, the economy would grind to a halt. The output of pretty much anyone with a desk job would be halved, the rest of their time spent trying to work out who owned the copyright on something they wanted to use, trying to license content or trying to work out what they should use instead.
The Intellectual Property Office is currently running a consultation on the changes to UK copyright law proposed in the Hargreaves Review. If you believe that the current copyright system is neither effective nor sustainable, you should think about responding. If you need a starting point, Glyn Moody's responses will do as a good a job as any.
ORGZine
- Debunking the European Commission's '10 myths about ACTA' Comments (0)
- Five Reasons ACTA Must Be Stopped Comments (0)
- Facebook goes public Comments (0)
- Beyond the Soup Kitchen Comments (0)
- Commission Proposes Stronger Data Privacy Legislation Comments (0)
Open Rights Group blog
