The Free Internet Project

Blog

The EU's GDPR (General Data Protection Regulation) goes into effect May 25, 2018

The new EU General Data Protection Regulation goes into effect May 25th, 2018.  You may have recently received notices of changes to privacy policies by Google, Twitter, and other tech companies.  The reason: the GDPR.  It attempts to create uniform rules for how personal data is managed in EU countries. The European continent’s first piece of legislation pertaining to the protection of personal data was the “Convention 108”, adopted in 1981 by the Council of Europe (a different international institution that the EU which brings together 47 countries). Later, in 1995, the European Union passed its directive “on the protection of individuals with regard to the processing of personal data and on the free movement of such data”.  Unlike the 1995 personal data directive, which must be implemented by EU countries in their nationals laws, the new GDPR is EU law that applies without reliance on national implementing laws.  The GDPR is also broader than the personal data directive.  The key changes are discussed below.  

 

 

OVERVIEW OF KEY CHANGES BY GDPR

 

1. Extensive territorial scope: controllers of data with no establishment in the EU can still be subject to the Regulation for processing related to the offering of goods and services in the EU, or to the monitoring of the behavior of data subjects located in the EU.

  • No longer matters whether controllers actually process data within the EU.
  • If an EU citizen's data is processed, the controller is subject to the GDPR.  

2. Enhanced rights of data subjects:

  • New right to ‘data portability’: in certain situations, controllers will be bound to transmit personal data to new controllers, on the request of data subjects who may wish to switch from on service to another;
  • Upgraded rights to erasure (‘right to be forgotten’) and to restriction of processing;
  • Substantial increase of the number of information items which must be provided to data subjects, including in particular the retention period of the collected data;
  • More stringent conditions for a valid consent (where required): it will have to be freely given, specific, informed and unambiguous, by statement or by affirmative action.

3. Redesigned obligations for controllers and processors:

  • Auto-compliance and accountability: controllers and processors must ensure and be able to demonstrate that they have implemented any technical and organizational measures in order to ensure that the processing carried out comply with the Regulation. Such demonstration may be helped through adhesion to codes of conducts, or through certifications;
  • The end of prior notifications: the obligation to notify the competent supervising authority prior to each processing is replaced by an obligation to keep detailed records of processing activities;
  • Data by design and by default: controllers and processors will be expressly bound to respect these principles which is viewed as an effective means for compliance;
  • Specific measures to be implemented in certain situations: (i) appointment of a data protection officer; (ii) privacy impact assessments; and (iii) notification of data breaches to supervising authorities and to concerned data subjects;
  • Other new obligations related in particular to the (i) joint controller regime (the breakdown of the different responsibilities will have to be determined); and to (ii) the choice of data processors and to the contracts between controllers and processors.

4. Reinforcement and clarification of the supervising authorities’ roles and powers:

  • Administrative fines up to 20 million Euros or 4% of the worldwide annual turnover of the preceding financial year;
  • For cross-border processing, a lead authority will handle issues in accordance to a new co-operation procedure between it and other concerned supervising authorities (which will remain competent alone in certain situations);
  • Supervisory authorities will have to offer each other mutual assistance, and may conduct joint operations when necessary;
  • A new entity, the “European Data Protection Board”, will replace the Article 29 Working Party and will be in charge of providing opinions to supervising authorities on certain matters, of ensuring consistent application of the Regulation (by supervising authorities) in particular through a dispute resolution mechanisms, of issuing guidelines, of encouraging the drawing-up of codes of conducts etc.

Illinois Introduces State Bill Seeking to Protect Net-Neutrality

Since the Federal Communications Commission (FCC) voted to repeal the Obama-era net neutrality rules in December 2017, many states have been at work trying to safeguard against the possible negative fallout. On February 14, 2018, Illinois State Rep. Ann Williams filed House Bill 4819, the Broadband Procurement and Disclosure Act.

HB 4819 requires that all internet service providers (ISPs) who do business with state agencies adhere to basic net neutrality principles. The bill requires that the ISPs make “clear and conspicuous” statement disclosing the ISP’s network management practices. Most importantly, the bill aims to restore basic net neutrality rules by mandating that all ISPs providing service to Illinois agencies “shall not block” users from accessing lawful content. The bill also provides that ISPs shall not “impair” or “degrade” lawful traffic to the user, based on content. Finally, the bill prohibits ISPs from manipulating broadband service to favor certain traffic, and from unreasonably interfering with either the end user’s ability to access desired content or content producer’s ability to make content available to users.

U.S. Federal Communications Commission votes to repeal net neutrality law

 

On December 14, 2017, the United States Federal Communications Commission (FCC) voted to repeal Obama's net neutrality protections. These now-eliminated protections include barring internet providers from slowing down or blocking access to online content, and prohibiting internet providers from promoting their own content. Ajit Pai, Chairman of the FCC, stated "[the repeal] is not going to destroy the internet. It is not going to end the internet as we know it. It is not going to kill democracy. It is not going to stifle free expression online."

Others, have voiced strong opinions against the repeal. "This is a matter of enormous importance with significant implications for our entire economy and therefore merits the most thorough, deliberate, and thoughtful process that can be provided," stated Maine Senators Susan Collins, Republican, and Angus King, independent. The FCC also received millions of comments supporting current net neutrality protections.

States have voiced their stance against the FCC's net neutrality protection repeals. New York Attorney General Eric Schneiderman has declared intentions to sue to stop the FCC’s rollback of net neutrality, stating "We will be filing a claim to preserve protections for New Yorkers and all Americans. And we’ll be working aggressively to stop the FCC’s leadership from doing any further damage to the internet and to our economy.” Washington State Attorney Bob Ferguson also announced his intention to take action, stating "Today, I am announcing my intention to file a legal challenge to the FCC’s decision to roll back net neutrality, along with attorneys general across the country." Other states, including Oregon, Illinois, Iowa, and Massachusetts, will join the lawsuit as well.
 

China blocks What's App

China partially blocked the popular messaging service called What's App, owned by Facebook.  China reportedly blocked photos and videos from being shared on the service, and, in some cases, even messages. 

The New York Times stated: "According to the analysis that we ran today on WhatsApp’s infrastructure, it seems that the Great Firewall is imposing censorship that selectively targets WhatsApp functionalities,' said Nadim Kobeissi, an applied cryptographer at Symbolic Software, a cryptography research start-up."  The conjecture was that the censorship was part of the government's leadup to the upcoming selections in Congress: "To complicate matters, the 19th Party Congress — where top leadership positions are determined — is just months away. The government puts an increased emphasis on stability in the run up to the event, which happens every five years, often leading to a tightening of internet controls."

Canada's Supreme Court Backs Order for Google to Remove Link from Access in All Countries, Not Just Canada

This week, in Google Inc. v. Equustek Solutions, Inc., Canada's Supreme Court upheld (in a 7-2 decision) the grant of a preliminary injunction against Google to remove a link to a website that allegedly infringed the intellectual property of a small tech company.  The IP controversy was not against Google as a party, but the lower court ordered Google to remove the link to the defendant's website from access worldwide.  Google had delisted the website from searches in Canada (at google.ca).  But the Supreme Court of Canada upheld the grant of a worldwide preliminary injunction that affects people around the world.  [Download the decision.]

The Supreme Court reasoned: 

  •  Google’s argument that a global injunction violates international comity because it is possible that the order could not have been obtained in a foreign jurisdiction, or that to comply with it would result in Google violating the laws of that jurisdiction, is theoretical. If Google has evidence that complying with such an injunction would require it to violate the laws of another jurisdiction, including interfering with freedom of expression, it is always free to apply to the British Columbia courts to vary the interlocutory order accordingly. To date, Google has made no such application. In the absence of an evidentiary foundation, and given Google’s right to seek a rectifying order, it is not equitable to deny E the extraterritorial scope it needs to make the remedy effective, or even to put the onus on it to demonstrate, country by country, where such an order is legally permissible.
  • D and its representatives have ignored all previous court orders made against them, have left British Columbia, and continue to operate their business from unknown locations outside Canada. E has made efforts to locate D with limited success. D is only able to survive — at the expense of E’s survival — on Google’s search engine which directs potential customers to D’s websites. This makes Google the determinative player in allowing the harm to occur. On balance, since the world‑wide injunction is the only effective way to mitigate the harm to E pending the trial, the only way, in fact, to preserve E itself pending the resolution of the underlying litigation, and since any countervailing harm to Google is minimal to non‑existent, the interlocutory injunction should be upheld.

Commentators, such as Michael Geist, pointed out the danger in the Canadian approach: if each country (isuch as China or Iran) used the same power to issue worldwide injunctions against Google, there would be a race to the bottom and massive censorship online. 

Day of Protest on July 12 to Fight Repeal of Net Neutrality in US

From Fight for the Future: Thousands of websites plan massive online protest for July 12th. Twitter, Soundcloud, Medium, Twilio, Plays.tv, and Adblock are among latest major web platforms to join the Internet-Wide Day of Action to Save Net Neutrality scheduled for July 12th to oppose the FCC’s plan to slash Title II, the legal framework for net neutrality rules that protect online free speech and innovation. Companies participating will display prominent messages on their homepages on July 12 or encourage users to take action in other ways, like through push notifications and emails. The momentum comes against the backdrop of a recent Morning Consult / POLITICO poll that shows broad bipartisan support for net neutrality rules. “This protest is gaining so much momentum because no one wants their cable company to charge them extra fees or have the power to control what they can see and do on the Internet,” said Evan Greer, campaign director of Fight for the Future, “Congress and the FCC need to listen to the public, not just lobbyists. The goal of this day of action is to make them listen.”

More than 40,000 people, sites, and organizations have signed up to participate in the effort overall, and more announcements from major companies are expected in the coming days. Many popular online personalities including YouTuber Philip DeFranco, and dozens of major online forums and subreddits have also announced their participation. The effort is led by many of the grassroots groups behind the largest online protests in history including the SOPA blackout and the Internet Slowdown. The day of action will focus on grassroots mobilization, with public interest groups activating their members and major web platforms providing their visitors with tools to contact Congress and the FCC.

Companies participating include Amazon, Netflix, OK Cupid, Kickstarter, Etsy, Reddit, Mozilla, Vimeo, Y Combinator, GitHub, Private Internet Access, Pantheon, Bittorrent Inc., Shapeways, Nextdoor, Patreon, Dreamhost, and CREDO Mobile, Goldenfrog, Fark, Chess.com, Imgur, Namecheap, DuckDuckGo, Checkout.com, Sonic, Brave, Ting, ProtonMail, O’Reilly Media, Discourse, and Union Square Ventures. Organizations participating include Fight for the Future, Free Press Action Fund, Demand Progress, Center for Media Justice, EFF,  Internet Association,  Internet Archive, World Wide Web Foundation, Creative Commons, National Hispanic Media Coalition, Greenpeace, Common Cause, ACLU, Rock the Vote, American Library Association, Daily Kos, OpenMedia, The Nation, PCCC, MoveOn, OFA, Public Knowledge, OTI, Color of Change, MoveOn, Internet Creators Guild, and many others. See the full list here.

Freedom House "Freedom on the Net" Report 2016: 67% of world live in countries with censorship

In a survey of 65 countries, Freedom House has reported that internet freedom across the world has been in a decline for the past six years, with two-thirds of internet users living under a government that has censored internet. Freedom House has ranked China, Syria, and Iran as countries with the most restrictive internet laws. 

Many countries have blocked secure messaging apps. WhatsApp was blocked most of all messaging apps, being restricted in 12 countries this year. The number of governments that restricted access to social media and communication services increased from 15 to 24. Governments have also blocked materials related to LGBT rights and photos that made fun of countries' leaders. [Download the Report]

Russia orders ban of LinkedIn due to local server privacy reqirement

Linkedin will be banned in Russia possibly within this week. In August, a Moscow court upheld a decision to block Linkedin. Critics are worried that this decision will further expand the state’s control over Russian’s citizens to the internet. Roskomnadzor, the executive body responsible for regulating media, claims that Linkedin violated Russian privacy law by not storing users' personal information in Russia. Alexander Zharov, Roskomnadzor's chief, state that many larger internet companies are in the process of complying with this law. However, larger social media companies like Facebook and Twitter have not complied with this law. [More from The Independent]

China's new cybersecurity law criticized for censorship and privacy concerns

On Monday, China passed controversial cybersecurity legislation allegedly in response to hacking and terrorism threats. The law includes provisions that require the storage personal information and important business data, making companies concerned that they will be required to hand over their intellectual property. Yang Heqing, an official on the National People’s Congress standing committee, stated that the legislation has been enacted to address China’s national security and development issues. Zhao Zeliang, a director of the Cyberspace Administration of China, stated that the law is in accordance with international trade rules.

The legislation is drawing criticism from various rights advocates. In August, Global business groups had urged Beijing to amend the legislation. James Zimmerman, the chairman of the American Chamber of Commerce of China, stated that the vague provisions of the legislation could result in broad interpretations by regulation authorities.  [More from The Guardian]

Turkey blocks social media sites Twitter, WhatsApp, YouTube and Facebook

On Friday, the Turkish government began using throttling, a method that renders websites unusable by slowing them down, to block major social media apps including Twitter, WhatsApp, Youtube, and Facebook. The Turkish government has a history of suppressing internet freedoms and the circulation of information. Earlier this week, the government blocked internet for users in the southeast part of Turkey. In April 2015, the government lifted a ban on Twitter, originally due to a photo of a Turkish prosecutor held at gunpoint by far-left militants being circulated on the site, only when Twitter agreed to remove all offending images and shut down accounts. These actions are not unheard of, as various countries around the world have banned social media apps. For example, Brazil once suspended WhatsApp when the company did not turn in a user’s encrypted data.  [More from Social Barrel]

Pages