Warning: array_key_exists() expects parameter 2 to be array, boolean given in /home/ismapi/ictlogy.net/blog/wp-content/plugins/jetpack/class.jetpack.php on line 2184
ICTlogy » ICT4D Blog » e-Government, e-Administration, Politics

IDP2016 (X). Céline Deswarte: Towards a future proof legal framework for digital privacy in Europe

Notes from the 12th Internet, Law and Politics Congress: Building a European digital space, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 7-8 July 2016. More notes on this event: idp2016.

Keynote speech. Chairs: Pere Fabra

Céline Deswarte. Policy Officer, European Commission. Directorate General for Communication, Networks, Content and Technology.
Towards a future proof legal framework for digital privacy in Europe

EU legal framework for Digital Privacy: General Data Protection Regulation 2016/679/EU + ePrivacy Directive 2002/57/EC.

When you are surfing online you produce key information on time of connection, browsing history, location, etc. which can be retrieved. Telecom providers must anonymize or delete traffic and location data of their users and subscribers. When it is stored in hour own computer (e.g. cookies) the user must have given their prior consent after having been duly informed.

But is it consent strong enough? It is difficult to understand that consent is given “freely” if data subject has no genuine or free choice or unable to withdraw consent without detriment.

Protecting your personal data, when e.g. buying online. Companies must rely on a legal basis to process personal data, and respect principles of data processing.

On the specific issue of profiling, sharing personal data with a third party implies the right to be informed about it. Profiling is lawful unless it is equivalent to a decision with legal effects that is significantly harmful to the individual (e.g. one can lose one’s own job). Besides, there has to be a respect for the individual’s rights, e.g. the right to object at any time including profiling, and then data processing must stop.

Member states shall ensure the confidentiality of one’s electronic communications and related traffic data. So, it is not only about privacy in the sense of what you do, but also in the sense of what you say and to whom.

The big problem here is to whom applies all this regulation, as actors are many and different. So far, these principles only apply to telecom providers, while new market players like Voice IP or instant messaging, etc. do not need to respect this. In other words, social networking sites provide communication services but do not fall into the category of telecommunications providers.

12th Internet, Law and Politics Conference (2016)

IDP2016 (VIII). Lance Bennett: The Democratic Interface: Communication and Organizational Change in Movements and Parties

Notes from the 12th Internet, Law and Politics Congress: Building a European digital space, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 7-8 July 2016. More notes on this event: idp2016.

Keynote speech. Chairs: Rosa Borge.

Prof. Lance Bennett. Professor of Political Science and Ruddick C. Lawrence Professor of Communication, University of Washington, Seattle, USA.
The Democratic Interface: Communication and Organizational Change in Movements and Parties

(Keynote co-authored with Alexandra Segerberg and Curd Knüpfer).

The democratic interface: the capacity of electoral communication and organization processes to engage citizens and produce equal democratic representation. Does the interface work equally well for everyone? Is it working better for the right? Why? Has a change in participation logic disrupted the traditional party interface with voter on the left?

40 years of neoliberal globalization, resulting in a breaking up of common social institutions (unions, schools, media, health care, etc.) and more political polarization.

Power has moved from states to businesses and markets. Most parties are embracing neoliberal policies and parties have hollowed themselves as spaces for citizen engagement (Mair). There is a legitimacy crissi of liberal representative democracy (Della Porta), a relocation of politics in the everyday (Band) and a personalization of politics (Bennett).

Does the reactionary right have increasing electoral advantage? Those who identify on the right are more likely to follow rules, respect traditions and customs and, in general, to follow what constitutes the model of a political party in neoliberal democracies: hierarchy, leadership, command, etc. So the right may have more electoral success because their voters have preferences for authority, strong leadership, rules, common traditions, etc.

Why the deficits on the left? There are fewer angry citizens on the radical left than on the radical right? there is more trust or confidence in politicians and parties on the left? Both hypothesis are not validated. Same happens with satisfaction with democracy, the economy, etc. And same with participation: the left participates as much or even higher than the right.

So it has to be a different logic of participation on the left.

The connective party: communication and organization for participatory democracy. There is a discontent with neoliberal globalization since 90s, leading to flexible identities and multiple issues, “meta ideologies” of diversity and inclusiveness, mistrust of parties and leaders and the representative process, and a preference for direct or participatory or deliberative democracy.

There is a shift in participation logic at the left interface. And this may be the reason why left parties are having issues to connect with their partisans and sympathisers.

Can parties on the left mobilize more voters with connective action?

Requirement for a connective party:

  • Central party open to feedback from peripheral networks.
  • Peripheral networks deliberate and share positions across networks and with central organization.
  • Scale requires digital platforms.

Podemos was initially more decentralized, but went under a process of centralization and strong leadership, quite abandoning the círculos. This left aside many people that were in for the participation.

Barcelona en Comú created a whole participatory network with different spaces, times, tools. It is by far the least centralized in Barcelona municipality.

Alternativet (Denmark). Founded in 2013, entered parliament in 2015 with 5% vote. Called itself both a party and a political movement, socially open, networked online platform, living everyday democracy, organized through communication between citizen “labs” and party leadership.

Can socially mediated participation be coordinated? Can it scale? Can such organization be sustained? Can party leadership share power? Can technology developers design participatory and deliberative platforms in collaboration with core leaders and local activists who may undervalue technology?

Discussion

Modern democracies are over. They were done when neoliberalism replaced Keynesianism as a way to manage society and public issues.

Can Kurban: does right and left still explain the state of politics? Bennett: it is true that it is increasingly difficult to explain things using these axes, but they still somewhat work, especially for the right that still cluster well.

Juan Roch: what is the role of technology, of digital platforms? Bennett: they are only instrumental, but they are definitely very important. But it is worth noting that there still is a lot of doubts about intensive use of technology, and even refusal to see technology replacing face-to-face meetings.

12th Internet, Law and Politics Conference (2016)

IDP2016 (V). Data protection

Notes from the 12th Internet, Law and Politics Congress: Building a European digital space, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 7-8 July 2016. More notes on this event: idp2016.

Communications on data protection
Chairs: Mònica Vilasau

GDPR: A European model of privacy
Ricard Martínez. Responsable del Servicio de Transparencia en la Diputació de València. Expert in privacy.

The European Union has made of data protection and privacy a solid building, with strong foundations, and ready to face the challenges of the future. Data protection has become a fundamental right and, as such, it is against such the highest level of the right that the debate and the weightings take place.

This is at odds with the practices of US firms, that are clearly threatening this fundamental principle.

General Data Protection Regulation (GDPR) is trying to fix this and to protect the citizen against all kind of threads. But it is still imperfect. If, for instance, still relies on authorisation. It is well known that the end user will accept (authorise) any kind of data usage by third parties just to be able to enter a social networking site, or to have access to social media, or to use a given digital service. The regulation should then be more proactive, and “not trust” the judgement of the citizen, and protect them despite themselves. Accountability has to be filled with content, not be a hollow recipient of wishful thinking.

The legislator must know reality, the reality of the user, the reality of technology.

There is a big problem now that technologies enable the possibility that third parties can own others’ identities, do things for them (and without them knowing), make decisions for them (and without them knoweing), etc.

General data protection regulation vs. big data regulation
Alessandro Mantelero, Polytechnic University of Turin

One of the main problems of big data is that it does not actually asks for permission, or consent. Or, indeed, most of consent was already given when the user accepted the conditions of each and every social networking site, website, online service, etc.

Regulation is clearly lagging behind the advancements of technology. This is not new —it actually is the norm— but not only the gap is widening, but the paths are divergent one from another.

Achieving anonymity on the Internet is extremely difficult. This is what we have to address. When we collect information which is non-sensitive (e.g. on mobility) it will most likely produce outputs that are relevant for privacy, that can contribute to identify or draw a profile of someone. And all this is not in the GDPR. How is GDPR addressing these new but actual challenges

We are shifting from an individual-based data protection paradigm to a new paradigm of a collective vision, where the collective shapes the identity, shapes privacy, etc.

More information: Personal data for decisional purposes in the age of analytics: From an individual to a collective dimension of data protection.

Discussion

Alessandro Mantelero: this is not a legal topic, but an economic topic. If we test prototype cars for security and do not allow them to be on the streets until they match some security issues, same should happen when designing digital services. Yes, maybe this would slow the pace of innovation. Maybe. But we have to find a balance between total flexibility in digital services design and total lack of taking into account fundamental rights that can be seriously damaged by the design of those digital services.

12th Internet, Law and Politics Conference (2016)

IDP2016 (IV). E-government

Notes from the 12th Internet, Law and Politics Congress: Building a European digital space, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 7-8 July 2016. More notes on this event: idp2016.

Communications on E-government
Chairs: Agustí Cerrillo

Innovation management in public organizations: open data in the threshold of open government.
Adrián Vicente Paños, Diputació de València; Servicio de Transparencia y Gobierno Abierto.

In general, innovation is badly managed in European public administrations: lack of reusage, management deficits, etc.

e-Government, in many cases, has been used as a flagship for the “modernization” of public bodies. And, in particular, open data and open data portals are increasingly becoming the first stop for pubic bodies to face modernization and innovation. 84% of European countries have open data portals, although less than half of them have a certain degree of maturity.

Reuse of data vary significantly depending on the type of data and sector. Thus, finance, contracts, geospatial data and some others are by far much more used than other datasets.

There is a need to improve communication so that the end-user (e.g. the citizen) can reuse data, be more easily found, etc. Benchmarking good practices across different bodies would also have a potentially high impact.

The asymmetric regulation of third parties’ rights in the procedures of access and reuse of public information.
Leonor Rams Ramos, Profesora Contratada – Doctora de Derecho Administrativo (acreditada a Titular de Universidad) en la Universidad Rey Juan Carlos.

The new Spanish Law on Transparency (Ley 19/2013) was much needed, but has been criticised because of its wide limitations, very open cases for non-admittance, and lack of instruments for assessing its efficacy — among others.

What happens with third parties that, despite not being public bodies, they have relationships with public administrations and thus these have data that can be requested by the citizen. Can these third parties, these private bodies oppose to their data being published or given away by public administrations under the Transparency Law?

The Art.19.3 LTBG makes it compulsory to notify third parties if they could be affected by a request of data, and they then become an interested party of the procedure. It is not a right to veto: it just triggers some alerts so that the data from third parties is accurately dealt with. If the data required falls within the category of personal data, the veto is automatic. If not, it has to be analyzed case by case.

The problem is that the citizen that makes the request has no voice in the whole procedure, or can argue against the decision to veto the delivery of data. Even worse, the person requesting the data does not know what the third party can do or will do to avoid the disclosure of data. And hence cannot react or anticipate any movement from the third party, which rends them defenceless.

The collaboration of the private sector in European digital public services of digital identification.
Ignacio Alamillo Domingo, Abogado y auditor. Colaborador docente de la UOC.

Digital identity has ceased to be a matter of security, circumscribed in a very tiny area, to something that is ubiquitous, spreading all over a myriad of platforms and institutions.

On the other hand, digital identity is not only a matter of cost (cost to create an identity) but also a consumer good or even a capital active, and including a social good, liked to social networking or reputation, and leading to the appearance of public providers of digital identities (e-ID).

eIDAS aims at creating a public system of digital identification within the European Union. It focuses in security and interoperability, so that national systems can interact one with each other.

What is the role of the private sector in this system? It is possible that a means of digital identification can be private. This means that the public sector admits private means of identification and uses them or interacts with them. And by doing it at a national level it is enabled that it can be done at the European level. The problem here is how to assess private eIDs and their features, or how to avoid the (explicit or tacit) creation of monopolies or monopolies of e-identification private systems.

Last, but not least, no only public bodies can use eIDs, but also private parties can benefit from eIDAS and use an kind of eID issued by public or private bodies in any member state of the EU.

Discussion

Ignacio Alamillo: it would be interesting that the public sector accepted different degrees of identification, with different levels of security, compliance, etc., in collaboration with public-private-partnerships, etc.

12th Internet, Law and Politics Conference (2016)

IDP2016 (III). Raquel Xalabarder: Copyright law for a digital single market: how far are we from achieving it?

Notes from the 12th Internet, Law and Politics Congress: Building a European digital space, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 7-8 July 2016. More notes on this event: idp2016.

Keynote speech. Chairs: Maria Julià

Prof. Raquel Xalabarder. Professor of Intellectual Property, Law and Political Science Department, Universitat Oberta de Catalunya (UOC).
Copyright law for a digital single market: how far are we from achieving it?

Copyright law grants an exclusive right on works contained in products (tangible goods) and services which must freely circulate within the EC/EU internal market.

So far, we have a bunch of national copyright laws, with different scopes, and with a marked principle of territoriality. Can we harmonize these issues? There has to be no discrimination within the EU: what you grant to a national author, you grant it to a EU author. BUT. We had a single digital market for goods, but not for services. Once a work was embedded on a product, it fell within EU common law; but it happens otherwise with services. And here is the big deal we are facing now.

Rome EC Treaty:

  • Subsidiarity principle, only applies when objectives are better achieved by the EC than by member states individually.
  • Harmonization through directives, that need national implementation.
  • Lisbon EU Treaty Art. 118 TFEU: mandate for uniform IP rights in all EU. Need for a regulation on EU copyright?

We now have a bunch of EU directives that deal with computer software, rental and lending rights, satellite and cable communications, terms of protection, databases, copyright, resale right, enforcement, orphan works, collective management (of rights) organizations and music online, etc.

There’s a big deal trying to harmonize concepts like what is a work, what is an author, what are related rights, etc. Different directives refer to works and authors in very different ways.

Same happens with moral rights, exploitation rights, remuneration rights… Remuneration rights are especially difficult to address as they vary very much across countries, in what they cover, in the amount or kind of remuneration, its management, etc.

About communication to the public, there is no clear consensus on what the “public” is, communication, display or performance, etc.). Here the concept of linking to (protected) content becomes crucial, of course including the role of the agent that created the link.

The harmonisation of limitations to intellectual property rights are also scattered across different directives and regulations in general.

Licensing, enforcement… again matters of disagreement and lack of harmonization.

Discussion

Wouter Tebbens: copyleft software heavily relies on copyright, and the design and the product are very much the same. But what happens with copyleft hardware, where the design and the product are much different? Xalabarder: it is uncertain. It depends on whether you just protect the design, and then the product is not affected, or if you take into account the design embedded in the product. It is difficult to tell.

Some conclusions?

  • Fragmented harmonization of some issues: work, author, rights, limitations…
  • Court of Justice of the European Union (CJEU) role is paramount.
  • Territorial licensing allowed (for services) as “original sin”.
  • Member states “reception” of EU copyright law and caselaw?
  • Subsidiarity principle.
  • Time for a copyright unitary title?

12th Internet, Law and Politics Conference (2016)

IDP2016 (II). Digital Single Market and e-Commerce

Notes from the 12th Internet, Law and Politics Congress: Building a European digital space, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 7-8 July 2016. More notes on this event: idp2016.

Communications on Digital Single Market and e-Commerce
Chairs: Blanca Torrubia

The role of geoblocking in the internet legal landscape.
Marketa Trimble, Samuel S. Lionel Professor of Intellectual Property Law at William S. Boyd School of Law, University of Nevada, Las Vegas.

Geoblocking: blocking depending on place and depending on content.

Geoblocking breaks the ubiquity of the Internet and users’ expectations of a territorially-unlimited Internet. On the other hand, geoblocking is a way to try to accommodate Internet content to the territorial restraint of national jurisdiction.

Opposition to geoblocking:

  • Contrary to the original architecture of the internet.
  • It’s imperfect, leaving lots of room for spillovers.
  • Has uncertain legality.
  • Is associated with not insignifiat implementation costs.
  • May have an impact on freee speech.

The EU proposes a campaign against geoblocking, though proposing a new regulation to address geoblocking and other forms of discrimination based on customers’ nationality.

Some positive ends of geoblocking:

  • Contributes to the diversity of content on the Internet.
  • Geoblocking allows for content to be made available where it is legal.
  • A territorial partitioning of the Internet is inevitable as long as countries have strong national public policies that shape at least some of their laws.
  • Online gambling and other sensitive areas of regulation will provoke countries’ strong policy stances, for which geoblocking on the Internet offers a workable modus operandi.

Hardwiring Privacy in the European Digital Space.
Lee Bygrave, Professor, Norwegian Research Center for Computers and Law.

Information systems architecture has the ability to shape behaviour beyond what legislation allows.

There are explicit attempts to change system architectures to force changes in law or to put in practice de facto “regulations”, especially in the field of data protection and privacy.

Some of these hardwiring attempts to change regulation may have an impact in homeland security, on privacy guarantees, etc.

The exclusive right of the author to control publicity and sale offers of their work. Impact in the building of a single digital space.
Antoni Rubí Puig, Profesor de Derecho Civil de la Universitat Pompeu Fabra.

Can we buy in third countries’ websites goods that are subject to intellectual property rights that apply in our country but not in the third country? Can we do that without incurring in an IP illegality? Probably not. The right to distribute works is exclusive of the author’s.

There are several points in the whole process of publishing, offering, selling and delivering goods where the author has their say according to their intellectual property rights.

The proposals of the European Commission about contract rules in the supply of digital content and online sales: conformity, remedies and exercise of remedies
Rosa Milà Rafel, Investigadora Juan de la Cierva-Incorporación de la Universidad de Castilla-La Mancha Centro de Estudios de Consumo.

Proposal of EU directive of online sales. Goal: to eliminate one of the main barriers against international e-commerce in Europe.

Problem: if it is approved, it will indeed increase the fragmentation of actual regulation.

Proposal of EU directive of supply of digital content.

It includes a wide range of digital content, such as cloud computing services and social networking services.

Unlike the former one, this directive is likely to reduce fragmentation of existing regulation.

12th Internet, Law and Politics Conference (2016)