EU response to free speech killings? More internet censorship

In the wake of this week’s terrorist attacks in Paris, which began with the killing of 12 people at the offices of satirical publication Charlie Hebdo, the interior ministers of 12 EU countries have called for a limited increase in internet censorship.

The interior ministers of France, Germany, Latvia, Austria, Belgium, Denmark, Spain, Italy, the Netherlands, Poland, Sweden and the U.K. said in a statement (PDF) that, while the internet must remain “in scrupulous observance of fundamental freedoms, a forum for free expression, in full respect of the law,” ISPs need to help “create the conditions of a swift reporting of material that aims to incite hatred and terror and the condition of its removing, where appropriate/possible.”

This sounds similar to recent agreements in the U.K. whereby ISPs use filters to stop citizens seeing “extremist” online content, though it’s hard to tell without more details. There seems to be no coordinated push for more internet surveillance just yet, although there is a drive for better intelligence sharing between EU countries.

It seems, to say the least, an awkward reaction to what was in part a free-speech-related attack — the left-wing Charlie Hebdo has itself frequently been accused of hate speech for its portrayal of Muslims and others. On that front, a German newspaper that reprinted blasphemous Charlie Hebdo cartoons of Mohammed in the wake of the attack was firebombed in the early hours of Sunday morning, with no injuries. Others that did the same remain under police guard.

At the Paris meeting, the ministers also agreed on a more positive way to counter terrorist propaganda: more speech. They said they had resolved “to develop positive, targeted and easily accessible messages, able to counter this propaganda, aimed at a young audience that is particularly vulnerable to indoctrination.”

The ministers also agreed on various other measures to do with keeping an eye on people travelling, including urgently moving towards a new European Passenger Name Record framework. As legal advice released this week indicates, any such agreement will need to take account of last year’s striking-down of the Data Retention Directive, by embedding significant privacy safeguards.

The meeting came as ministers and heads of state from around the world marched in Paris in solidarity against the attacks and in favor of the free expression for which Charlie Hebdo was targeted. These included representatives of countries such as Egypt, Turkey, the United Arab Emirates, Algeria and Russia, all of which are notable for cracking down on free expression at home — their presence drew condemnation from Reporters Without Borders, which said it was “appalled”.

“We vomit on all these people who suddenly say they are our friends,” Charlie Hebdo cartoonist Bernard “Willem” Holtrop said of some who had expressed condolences and solidarity with the publication, such as Vladimir Putin, far-right French politician Marine Le Pen, Queen Elizabeth and Pope Francis. In the Saturday interview with a Dutch newspaper, he added: “I never come to the editorial meetings because I don’t like them. I guess that saved my life.”

EU legal advisers cast doubt on data retention legality

The European Parliament’s legal advisors have issued a report into the repercussions of last year’s ruling by the Court of Justice of the European Union, in which the CJEU struck down the E.U. Data Retention Directive. And the lawyers’ opinions suggest that surviving national data retention laws are on shaky ground.

The Directive forced E.U. member states to have a data retention regime in which telecommunications and internet service providers had to maintain records of their customers’ communications – metadata about who contacted whom and when, as opposed to the contents of those communications. After the CJEU judgement in April 2014, countries including Austria, Slovenia and Romania scrapped their national data retention laws (a couple others, notably Germany, had already rolled theirs back on constitutional grounds).

However, some countries have continued or – in the case of the U.K. with its DRIPA surveillance law — even expanded their national data retention regimes. Here’s a breakdown of what the Legal Service department said about the ruling’s implications in that regard (a copy of the opinion was obtained and published by the digital rights group Access).

  • The CJEU ruling was specific to the Data Retention Directive, which had been challenged by Digital Rights Ireland (DRI), so it did not have a direct effect on national data retention laws, apart from saying that it’s now okay by the E.U. for countries to repeal them.
  • With the Data Retention Directive now out of the picture, the continuing national laws are now governed by the earlier e-Privacy Directive of 2002, which allows member states to implement data retention regimes “when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system.”
  • Because member states’ national data retention laws are therefore still in the realm of E.U. law, they have to be compatible with the E.U.’s Charter of Fundamental Rights, specifically Articles 7 and 8, which set out the rights to privacy and personal data protection respectively, and Article 52(1), which says any limitations to rights must be proportionate.
  • The Charter is what informed the CJEU judgement striking down the Data Retention Directive – the court said the directive was not proportionate and didn’t provide “clear and precise rules” to limit the interference to what is “strictly necessary” and provide “minimum safeguards”.
  • Therefore, countries maintaining national data retention laws must re-examine those laws to check whether they fulfil the requirements “as interpreted by the Court of Justice in the DRI judgement”, and fix them if they’re not. What’s more, anyone who wants to challenge those national laws can now point to the CJEU judgement as a guideline, even though it doesn’t have a direct effect.
  • The same goes for existing E.U.–level data retention programs such as the Terrorist Finance Tracking Programme (TFTP) and the Union’s international passenger name record (PNR) agreements – they’re still valid, but if someone wants to challenge the legality of those, they can also point to the CJEU’s DRI judgement. The CJEU ruling should also be heeded when formulating any new E.U. data retention legislation. As it happens, TFTP and the international PNR agreements are about to be renegotiated.

This is particularly good news for the two British members of Parliament that are challenging DRIPA in the U.K. High Court. DRIPA was fast-tracked as an “emergency” law because the Data Retention Directive had been implemented in the U.K. as secondary rather than primary legislation, so the government feared that the CJEU judgement left it without a proper legal justification for continuing to demand that ISPs and web service providers keep retaining communications data.

DRIPA is temporary, time-limited to the end of 2016, but the underlying primary legislation that it expands on – the Regulation of Investigatory Powers Act (RIPA) – is not. RIPA is however up for review, as the government will want to make the DRIPA powers permanent before the end of 2016, so those conducting the review will now also need to take the E.U. legal advice into account.

RIPA was designed as anti-terrorist legislation but it’s widely used by local authorities in the U.K. to spy on citizens, in order to see whether they’re putting their trash out in the prescribed manner or trying to cheat their kids into schools in a different neighborhood. It’s also used to spy on lawyers and journalists. Around half a million RIPA requests for communications data are made each year.

The CJEU ruling will make it hard to justify the continuation of this situation, and even in the case of terrorism and more serious crime, the British government may have a struggle proving the proportionality of its mass surveillance regime. Proper reviews of data retention laws in other countries such as Sweden may uncover similar problems.

Europeans have two weeks to return iTunes purchases for a refund

Apple has quietly introduced a 14-day return policy for iTunes, App Store, and iBooks purchases in several countries in Europe, according to 9to5Mac. The new policy is apparently in response to a European Commission recommendation. Previously, to receive a refund, you would have to contact Apple support and provide a reason. That’s still the way it works in the United States. But for Europeans, there’s now an automated refund process through Apple’s “Report a Problem” feature. Google recently extended the Google Play app refund window to two hours, even in the United States.

EU digital economy chief downplays “Google tax” reports

Ever since Germany’s Günther Oettinger became the new EU commissioner for the digital economy, with copyright reform as part of his brief, he has been making noises about getting Google to pay some kind of “levy” for using European “intellectual works.”

I and others have been interpreting this as a desire on Oettinger’s part to extend the so-called ancillary copyright concept – where news aggregators such as [company]Google[/company] have to pay royalties to publishers for using snippets of their text in search results – across Europe. Google’s not the only company that’s affected but, given that it has more than 90 percent market share in European search, ancillary copyright is often called the “Google tax” in the EU.

From events on Wednesday, it seemed clearer than ever before that this was what the commissioner was after. But according to subsequent pronouncements from Oettinger and sources in the Commission, he doesn’t want to extend rules that don’t work.

Oettinger met with members of the European Parliament’s copyright working group to talk with parliamentarians (MEPs) about his plans for a new EU-wide copyright proposal, scheduled for 2015. And Julia Reda, the Pirate Party’s sole MEP, seemed to come away from the meeting in an incandescent mood.

“At today’s debut meeting of the European Parliament’s copyright working group, digital Commissioner Günther Oettinger expressed his wish for an EU-wide ancillary copyright law for press publishers, citing it as an example area of copyright where action was required at an EU level,” she said in a statement.

Reda pointed out that the two existing examples of ancillary copyright being rolled out nationally, in Germany and in Spain, had both turned out badly. In Germany, local publishers were forced to grant Google free use of their text snippets and thumbnails after the company delisted them from Google News and traffic to their websites predictably plummeted. In Spain, the severity of the local ancillary copyright law has created an even worse situation – the publishers, who lobbied for the law, can’t grant Google free access even if they want to, and now the company has axed Google News in Spain altogether, again hammering their traffic.

“By pursuing an EU-wide ancillary copyright law for press publishers, Oettinger is ignoring the recent spectacular failure of similar laws in Germany and Spain,” Reda said in her statement. “They did not fail because they were implemented at the wrong level, but because the idea itself is wrong-headed.”

However, Oettinger said on Twitter that there would be no extension of national rules across the EU:

One source within the Commission told me that Oettinger only wants new EU copyright legislation to “cover those areas where national legislation has no impact,” and suggested he had mentioned the experiences of Germany and Spain “as negative examples.” Meanwhile, another source said the Commission “will monitor the implementation of the law to see whether it delivers the objectives set by the Spanish government.”

No sweet spot

It is not clear to me at all that this means Oettinger doesn’t want an EU-wide ancillary copyright law. It could be that he does want such a law, but he doesn’t want it to be as ham-fistedly implemented as it was in Germany and Spain. If that is the case, I struggle to see where the sweet spot between those implementations might lie. The German implementation was too ineffective to give the hard-lobbying publishers what they wanted — Google successfully called their bluff — and the Spanish implementation was so idiotically heavy-handed that it amounted to a publishers’ suicide pact.

The problem is, as Reda said in her statement, that “legislative restrictions on free linking do not lead to better compensation for journalism, but to increased barriers to access for the public and losses for publishers and authors.” Companies such as Google – and European aggregators too, let us not forget – are under no obligation to keep linking to sources that lose them money. What’s more, those links benefit publishers by giving them traffic that they can convert into advertising revenue. It’s not like they lose out in any way from being linked to with snippets of their text.

To my mind, there are two underlying motivations behind the big publishers using their political leverage to push for ancillary copyright laws. The first is that they want money for nothing. The second is that the internet erodes their power. Once, they had loyal readers who bought their paper each day, but now aggregators such as Google News have made their articles options on a long and diverse menu.

Many casual readers are now driven to stories because of their relevance, not because they appear under a certain brand, and this new world gives newer, smaller publications a chance to shine. That’s awful for powerful press barons, but great for readers, great for media diversity, and consequently great for democracy.

Let’s hope that Oettinger is taking away the right lesson from the German and Spanish debacles as he formulates his copyright proposals (and sorry to paraphrase Reda again here, but she’s right on this): European citizens and online businesses benefit from barriers coming down, not barriers going up.

Google could face €15M privacy fine in the Netherlands

Google has been threatened with yet another fine in Europe over its cavalier approach to EU privacy laws. However, while previous fines levied by national data protection regulators have maxed out at around €1 million, the Dutch privacy watchdog is talking about a fine of up to €15 million ($19 million) for Google’s illegal combination of user data across various services without properly informing users of what’s being done or asking their permission. It’s still enough for the company (2013 revenues: $16.86 billion) to shrug off, but at least it no longer qualifies as chump change. Maybe it will actually start complying with the law. Or maybe not.

EU tax change is about to hammer small digital service providers

Starting in January, new EU tax rules will force many businesses offering online services across the Union to take on a load of new administrative responsibilities.

The changes have caused particular consternation among micro-businesses providing such services – for a classic example, think about an individual who’s making a small amount selling knitting patterns — and the outrage seems especially virulent in the U.K. With a couple weeks to go before the changes hit, here’s a run-down on what red tape is being introduced, and why.

What new tax rules?

From January 1st, 2015, the provision of many digital services in the European Union will be taxable in the country where the service is consumed, rather than the country from which it is provided. The point, in theory, is to stop big firms from setting up headquarters in some tiny low-tax country such as Luxembourg and using that location to get out of paying taxes in the rest of Europe.

The problem here is that there are 28 EU member states, each of which has its own value-added tax (VAT) rates, and its own minimum thresholds for having to charge VAT in the first place. For many digital services businesses, this will add a degree of complexity. For those who operate micro-businesses that currently don’t have to charge VAT at all – in the U.K., for example, that’s any business with a taxable annual turnover of under £81,000 ($127,000) – this could be a whole new ballgame.

The kinds of services that aren’t affected include lawyers and accountants emailing clients, the supply of physical goods through electronic ordering processes, car and hotel booking services, and real-time educational services. Business secretary Vince Cable has also said that people can ignore the changes if they sell through a “marketplace like an app store” – an option that of course means losing a cut of the sales revenue.

But those independently selling images or text or music, or paid-for “online magazines” or software, will have to adapt – and fast.

Good grief! And with only two weeks to go?

Yes … about that. These new rules were agreed upon in 2008, so businesses have technically had around six years to wrap their heads around the implications. Of course, it’s really down to the national tax authorities to make sure everyone’s up to speed and, certainly in the U.K., it’s not clear that this happened in any meaningful way.

For example, it was only this month that Her Majesty’s Revenue & Customs (HMRC) finally agreed that people wouldn’t suddenly have to charge VAT on small U.K. revenues if they also sell into other European countries – a key issue that caused panic when people started freaking out about the changes in November.

Crucially, though, the changes do not mean that micro-businesses need to register with the tax authorities in 28 different countries. Instead, each country should be setting up a “Mini One Stop Shop” that provides a single point of contact through which to collect and distribute the VAT on sales to other EU countries.

In the U.K., a business can sign up with the local MOSS if its taxable U.K. turnover is under £81,000. This will simplify matters, but it still means that someone who previously didn’t have to register with the VAT authorities at all, will now need to register for a VAT number and submit quarterly VAT returns (declaring nil VAT on U.K. sales), and register separately with the MOSS, again submitting quarterly returns.

And then there’s all the data collection.

What data?

Get ready for some serious record-keeping (storing everything for a decade, no less.) The changes don’t make much sense if no one knows in which country the buyer is located, so the business’s customers will now need to tell the vendor which country they live in, and what their billing address is.

But there’s more: HMRC has recommended that sellers collect two pieces of information from their payment providers, such as [company]PayPal[/company]. This includes the country code of the customer’s bank, and the customer’s billing address. Unfortunately, PayPal is only willing to provide the country code, so the rest is really is down to the business to establish. So much for the convenience of no-hassle payment mechanisms such as [company]Stripe[/company].

Then there’s the small fact of the business qualifying as a “data controller” under EU data protection legislation, because they’re processing people’s personal data. In the U.K., this means they’ll have to register with the Information Commissioner’s Office (ICO), for a £35 fee.

However, the ICO’s security requirements for small businesses are quite flexible – these knitting-pattern entrepreneurs won’t need to adopt military-grade encryption, but they will need to at least try to keep their customers’ data safe, as any small business should. Whether criminals see a hacking opportunity in all the personal information that will now be stored by individuals with minimal security expertise, is another matter.

Why do you keep mentioning the U.K.?

Partly because the U.K.’s relatively high VAT threshold means this will have more of an effect there – more micro-businesses will be dragged into the VAT-collection game for the first time — and partly because that’s where people have made the most noise about this. So far.

Last month, people in the U.K. first started shouting about the changes using the #VATMOSS hashtag, but as the British campaigners have realized that micro-businesses will be hit across the EU, they have now set up an EU VAT Action pressure group (which provides loads of useful information for those who need details.)

But could the effects hit even further afield? A rather worrying sign can be found in changes that were made earlier this month to the terms and conditions of [company]Google[/company]’s Helpouts platform, which gives people a way to offer expert advice services through the Hangouts facility. As of December 3rd, the site tells users: “Providers from Ireland or the United Kingdom may only offer free Helpouts. Customers in the EU may only take free Helpouts.”

Meanwhile, the T&Cs for U.S. Helpouts providers now state: “You may not provide Helpouts for a fee to customers within the European Union. All Helpouts which are provided to customers within the European Union must be provided free of charge.” It seems Google thinks these changes are a reason to steer clear of paid-for person-to-person services in the EU altogether.

Woah. Is that justified?

Arguably not, because – in one of the weirder specificities of these rules that were designed over six years ago – live webinars aren’t covered by the changes (but recorded webinars are.) The new rules are also only supposed to affect companies based in the EU, but then again Google and other big U.S. firms tend to run their international operations out of EU subsidiaries. I asked Google to explain why it made the changes, but it has refused to do so.

The one thing that is clear is that there’s still a lot of confusion, despite the long run-up to the changes. Unfortunately, this has led to a lot of people fearing for the future of their small businesses, as they contemplate questions like: “If you decide to comply with ?#?VATMOSS???? and you sell a bundle which includes a digital download and a physical product, will you have to report the physical part of that little sale to the U.K. and the digital part to another country?” (Answer: Probably.)

Some experts have even advised no longer selling services into other European countries – a suggestion that at the very least flies in the face of the EU’s precious Digital Single Market project, and that may even contravene EU anti-discrimination rules.

So what’s a poor micro-business or seed-stage startup to do? Read the extremely lengthy guidelines about what’s affected and what’s not, and go shout at some politicians and tax authorities.

As it happens, the EU VAT Action group began a Twitterstorm on Tuesday using the #EUVAT hashtag, calling on the European Commission to suspend the introduction of the new rules for micro-businesses and sole traders. Given the fact that the rules could kill off swathes of the small entrepreneurial digital sector — which the Commission is supposedly trying to stimulate — that may be a good idea.

UPDATE (3am PT): Just thought it might be worth throwing in a few of the tweets people have been publishing today, demonstrating the urgency of the situation:

UPDATE (3.05am PT): The Commission has responded … by saying there’s no problem. Financial Affairs, Taxation and Customs spokesperson Vanessa Mock just emailed this statement:

The Commission believes the administrative burden is bearable also for the smallest online businesses. The changes imply that each business including micro businesses need to know the country of their customer: this could be established eg. by IP address, invoicing address, bank card issuing country, (the possible sources are listed in an EU VAT implementing regulation). Then based on the country of the customer the VAT rate needs to be selected for that country. The list of VAT applicable rates is provided by the Commission on its website. Finally they have to declare sales per country to their [local] tax authority.

UPDATE (3.25am PT): And now Andrus Ansip, the Commission vice president for the digital single market, has published a blog post on the matter. In it, he said that “even if the concerns come late, they should be listened to,” and that he trusts that payments processors will start giving businesses the information they need for compliance.

“Small innovative online companies matter to me,” he wrote. “I want you to have the necessary space to grow into successful businesses and to trade across borders. But I also see the merits in the upcoming VAT change. Support for e-commerce will be at the heart of our strategy for the #DigitalSingleMarket that is planned next spring.”

BT in talks to buy EE for $20 billion

BT, the company once known as British Telecom, said on Monday that it is now exclusively negotiating a possible £12.5 billion ($19.6 billion) takeover of the mobile carrier EE, a joint venture of Germany’s Deutsche Telekom and France’s Orange.

BT and EE are now in a period of exclusivity that will last for “several weeks”, during which time BT will “complete its due diligence and for negotiations on a definitive agreement to be concluded.”

The former state telco had previously said that it was considering a purchase of either EE or O2, which is owned by Spain’s Telefonica. Since that revelation in late November, Three – the smallest U.K. mobile operator, owned by Hong Kong’s Hutchison Whampoa – was also reported to be contemplating a buy of EE or O2.

“The proposed acquisition would enable BT to accelerate its existing mobility strategy whereby customers will benefit from innovative, seamless services that combine the power of fibre broadband, wi-fi and 4G,” BT’s statement read. “BT would own the UK’s most advanced 4G network, giving it greater control in terms of future investment and product innovation.”#

According to the statement, the £12.5 billion would be a combination of cash and BT shares, which would leave Deutsche Telekom with a 12 percent stake in BT, and Orange with a 4 percent stake.

It will be interesting to see how this plays out with the regulators. BT is not currently a significant mobile player (it runs a virtual network that resells EE connectivity) so the buy would not in itself reduce the number of mobile carriers in the U.K., but if Hutchison went ahead with an O2 buy, that would bring the number of network operators down to three.

The new EU commissioner for the digital economy, Günther Oettinger, is quite keen on encouraging consolidation in the European telecoms sector, so as to create more powerful telcos that can better compete on the international stage.

“We firmly believe that convergence is the future of telecommunications in Europe. Customers want fixed-mobile converged services from a single provider,” Deutsche Telekom CFO and EE chairman Thomas Dannenfeldt said in a statement. “The proposed transaction with BT offers the chance to further develop our superbly positioned mobile business engagement in the UK and to take part in the outstanding opportunities of an integrated business model.”

EU digital chief tries to maintain single digital market momentum

European member states may be keen to water down current net neutrality proposals and push back against the centralization of radio spectrum policy in the EU, but new digital single market chief Andrus Ansip isn’t having any of it. In a speech on Monday, he adopted a tough stance on these issues, and on the abolition of roaming fees for those travelling within the EU. Ansip also told the member states to hurry up so the proposals can be become reality.

Ansip told telecoms providers at the GSMA Mobile 360 conference in Brussels that the concept of net neutrality “has to be solid and clearly defined.” Member states are more keen on unenforceable principles that can be interpreted differently in different countries, but Ansip noted that “if 28 countries have 28 different approaches, it makes the market even more fragmented.”

On spectrum, member states are trying to stop the Commission gathering any more powers of coordination. Ansip argued: “The more this natural resource is divided, the less efficient it is. Ideally, EU countries should be working together much more on allocating spectrum. After all, radio waves know no borders. Why should the internet? We don’t need national fragmentation of internet traffic.”

Ansip said roaming fees for travel between EU countries were “an irritant and an anomaly”. He said he “will continue to push for an end to roaming surcharges in Europe” because “they have no place in the telecoms and digital single markets that Europe so badly needs.” Member states want to see “fair use” policies inserted into current legislative proposals for allowing people to use roaming data within their domestic tariffs.

The Council of the EU, representing the member states’ governments, represents the last hurdle in the European legislative process. The debate over the Telecoms Package, proposed by Ansip’s predecessor, Neelie Kroes, is now heading into the new year. Ansip said he hoped an agreement could be reached within months. “Otherwise, I fear that we may lose momentum,” he said.

So far, the Council hasn’t even begun negotiations with the European Parliament over the package, as it must. Ansip pointed out that the Council itself had pushed for a single EU telecoms market, and suggested that the telcos should also be keen to see this creation because would aid cross-border consolidation and allow them to offer services across the EU.

“It is up to those in the market to invest in the necessary infrastructure. However, the market cannot always provide all that is needed. That’s where public authorities have a role to play,” he said. “Firstly, by providing the right and adequate regulatory environment, which we plan to achieve through the Digital Single Market strategy. And secondly, by incentivizing and leveraging more private investment.”

A single telecoms market is of course a necessary base for a single digital market. Beyond what Kroes had already proposed regarding telecoms, Ansip called for simplified rules on online purchases, an end to the geo-blocking of digital services, and the reform of Europe’s copyright rules.

How Europe could cut Google down to size without splitting it up

Google’s EU search antitrust case is a complex beast that is being overloaded by vested interests. Competition commission Margrethe Vestager would be best advised to keep her solutions simple, and here are some suggestions for what those solutions might entail.

Looks like the EU net neutrality debate will run into 2015

The Council of the EU, representing the 28 member states, is currently debating how to finalize the strict net neutrality rules that the European Parliament handed it earlier this year. It looked like the Council was about to water the rules down, but then the European Commission and the Parliament both pleaded with it not to, and now the decision has reportedly been delayed. The Italian presidency of the Council said Thursday that none of the compromise drafts had achieved consensus and a Council official quoted by IDG said the debate will now go through to 2015. The Commission and Parliament want strong rules and definitions but the member states want more flexible “principles” – we’ll have to wait to see who wins.