Let roaming fees hang around for a while longer, EU countries say

The Council of the European Union – the part of the EU legislature that represents member states – has formally laid out its stance on changing incoming legislation around roaming and net neutrality. This means negotiations with the European Parliament can formally commence, and as some parliamentarians warned on Tuesday, this will be a feisty fight.

The Council’s position opposes the Commission and Parliament’s original intention of eliminating roaming surcharges for those travelling within the EU by the end of this year. Instead, from mid-2016 people would get to use a daily 5MB “basic roaming allowance” when crossing borders that would be the same as domestic mobile data costs. Above that, operators will be able to charge extra for roaming, but not more than the wholesale costs levied by the carrier whose network is being roamed onto.

It would only be in mid-2018 that member states would ask the Commission to “assess … what further measures may be needed with a view to phasing out roaming charges” and then maybe propose new laws. In other words, the Council wants the abolition of roaming fees to be put on ice, despite the widespread push for a European digital single market.

As for net neutrality, “agreements on services requiring a specific level of quality will be allowed, but operators will have to ensure the quality of internet access services.” Again, this does not gel with the strict rules passed by the European Parliament last year, but EU digital chief Andrus Ansip, who is more bullish on the issue of the single digital market, has indicated that he is more sympathetic to this particular compromise.

According to sources in the European Parliament, many countries backed the watering-down of the roaming changes, with only Cyprus and the Italians saying the proposals didn’t go far enough. The strongest opponents of a tough net neutrality text were apparently the Germans and the British. It is probably worth nothing that two of Europe’s most powerful telcos, Deutsche Telekom and Vodafone, are German and British respectively.

Interestingly, the mobile industry body GSMA said in a statement that the reduced scope of the telecoms reform proposals, under the Council’s amendments, represented “a missed opportunity”. However, GSMA head Anne Bouverot said that “the immediate priority is for these proposals to reach a positive conclusion so that we can start the process of creating a truly Digital Single Market that will benefit Europe’s citizens and businesses.” The organization is against “overly prescriptive” neutrality rules, but a bit less openly agitated about the roaming elements.

The European consumer organization BEUC blamed telcos for lobbying against more meaningful roaming changes, arguing that a focus on wholesale prices could hinder competition (after all, Europe’s big telcos span many countries and will be both the buyer and supplier).

BEUC legal chief Guillermo Beltrà said:

It is no secret that the big telecom industry has done their utmost to delay the abolition of roaming charges. The end of roaming has been in the making for a very long time, and this is something that telecoms have known and should be ready for. In fact, they are also to benefit from the new consumer demand that will emerge once roaming is abolished.

If the Parliament is to successfully push back against the watering-down of the roaming proposals, a majority of parliamentarians will need to join the fight.

So far, the second- and fourth-largest blocs in the European Parliament (the Socialists and Democrats and the Liberals and Democrats respectively) have both indicated that they will fight the Council hard.

The largest bloc, the center-right European People’s Party, has also previously taken much credit for shepherding through the reforms, and the single-market-motivated Commission will no doubt be right behind them. The net neutrality situation looks a bit less clear-cut.

Whatever happens, this should be entertaining to watch.

This article was updated at 5.15am PT to include the GSMA statement, and again at 6.10am PT to include information from my parliamentary sources. It was also updated on 5 March to include BEUC’s statement.

Alarms sound over changes to EU roaming, net neutrality and privacy rules

The European Parliament’s liberal-centrist bloc has warned over changes being made by EU countries to incoming telecoms legislation, saying they will severely weaken efforts to introduce unified net neutrality rules and eliminate mobile roaming surcharges for people moving between member states.

The Council of the European Union, which represents member states, is expected to present its position on Wednesday regarding the Telecoms Single Market proposal – this follows the European Commission’s original proposal and changes made by the Parliament, and will trigger negotiations over the final text. The Alliance of Liberals and Democrats for Europe Group (ALDE) said Tuesday that the Council’s position is so watered down that it would undermine campaign pledges made by Commission president Jean-Claude Juncker and the Parliament that came in last year.

Meanwhile, digital rights groups have released leaked documents relating to the Council’s under-development position on a separate legislative package, the new General Data Protection Regulation. The version that left Parliament would introduce very tough new rules for companies and governments handling EU citizens’ personal data, but it appears member states have been agitating for these rules to be weakened.

Roaming rumble

The member states’ keenness to water down the net neutrality proposals is already well documented, with the countries apparently aiming for aspirational principles rather than tough new rules. However, the roaming aspect of the telecoms package is also contentious.

The Commission’s original proposal would have eliminated intra-EU roaming fees, allowing people to move around EU countries without having to pay more for mobile access than they would pay at home. This is integral to the European single market project – cross-border services won’t get anywhere if you can’t freely use them across borders.

However, the Council appears set to allow carriers to charge roaming surcharges for anything above a measly 5MB of data per day. The surcharges would be capped at the maximum wholesale rates charged between carriers, but they would still stymie the original intention of the legislation.

According to ALDE president Guy Verhofstadt:

This is a scandal. An end to roaming charges and the delivery of a genuine single market for telecoms was a campaign priority for all parties, many of whom are today responsible for blocking this measure…

To say this text lacks ambition is an understatement. Certainly our group will not accept this text, as the only winner from it is national telecoms operators themselves. Member States should hang their heads in shame.

Privacy shambles

As for the new data protection package, which is also intended to unify the disparate rules of the 28 EU member states, the rights groups EDRi, Access, Privacy International and the Panoptykon Foundation have warned that the package is “becoming an empty shell”.

On Tuesday the groups issued an analysis (PDF) of leaked documents about the Council’s position on the regulation. Here are the main points to worry about, according to EDRi et al:

  • Consent: The proposals would allow the failure of browser users to opt out of being tracked to be read as a form of consent for tracking and profiling. They would also weaken the limitations on what that consent can allow. “Germany undermines transparency still further by proposing that consent should cover unknown future uses of the data for ‘scientific’ purposes,” the analysis read.
  • Data subject rights: Gone is the article that would mandate “concise, transparent, clear and easily accessible policies” about data use. Governments would also be allowed to cite “national security, defence, public security and ‘other important objectives of general public interest'” as legitimate reasons for profiling people.
  • Fines and remedies: The new rules were supposed to introduce fines of up to five percent of annual turnover for serious data protection infringements, as a deterrent to the likes of [company]Google[/company], who shrug off today’s fines. The new proposals would lower that amount. The possibility of class action lawsuits would also be nixed, and individuals suing over data protection will only be able to take it to local regulators, not courts.
  • Data breach notifications: Companies would only have to tell people that their data has been stolen if the theft is “high risk”.
  • Cross-border complaints: There’s supposed to be an EU “one stop shop” for data protection complaints, which makes sense as the whole point of this regulation is to create a unified EU framework. But no, the Council would want multiple national data protection regulators to be brought in first to try reach consensus, because member states don’t want to cede control.

The deadline on this one is a bit further out, with the Council expected to produce its position on the data protection regulation in the summer, before commencing negotiations with the other legislative branches of the EU.

According to EDRi: “Unless something is done urgently, the Council will simply complete its agreement, at which stage only an absolute majority of the European Parliament would be the only way of saving Europe’s data protection reform.”

I have asked the Latvian presidency of the Council (it’s a rotating presidency) for comment on the leaks, but haven’t received a reply at the time of writing.

EU legal advisers cast doubt on data retention legality

The European Parliament’s legal advisors have issued a report into the repercussions of last year’s ruling by the Court of Justice of the European Union, in which the CJEU struck down the E.U. Data Retention Directive. And the lawyers’ opinions suggest that surviving national data retention laws are on shaky ground.

The Directive forced E.U. member states to have a data retention regime in which telecommunications and internet service providers had to maintain records of their customers’ communications – metadata about who contacted whom and when, as opposed to the contents of those communications. After the CJEU judgement in April 2014, countries including Austria, Slovenia and Romania scrapped their national data retention laws (a couple others, notably Germany, had already rolled theirs back on constitutional grounds).

However, some countries have continued or – in the case of the U.K. with its DRIPA surveillance law — even expanded their national data retention regimes. Here’s a breakdown of what the Legal Service department said about the ruling’s implications in that regard (a copy of the opinion was obtained and published by the digital rights group Access).

  • The CJEU ruling was specific to the Data Retention Directive, which had been challenged by Digital Rights Ireland (DRI), so it did not have a direct effect on national data retention laws, apart from saying that it’s now okay by the E.U. for countries to repeal them.
  • With the Data Retention Directive now out of the picture, the continuing national laws are now governed by the earlier e-Privacy Directive of 2002, which allows member states to implement data retention regimes “when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system.”
  • Because member states’ national data retention laws are therefore still in the realm of E.U. law, they have to be compatible with the E.U.’s Charter of Fundamental Rights, specifically Articles 7 and 8, which set out the rights to privacy and personal data protection respectively, and Article 52(1), which says any limitations to rights must be proportionate.
  • The Charter is what informed the CJEU judgement striking down the Data Retention Directive – the court said the directive was not proportionate and didn’t provide “clear and precise rules” to limit the interference to what is “strictly necessary” and provide “minimum safeguards”.
  • Therefore, countries maintaining national data retention laws must re-examine those laws to check whether they fulfil the requirements “as interpreted by the Court of Justice in the DRI judgement”, and fix them if they’re not. What’s more, anyone who wants to challenge those national laws can now point to the CJEU judgement as a guideline, even though it doesn’t have a direct effect.
  • The same goes for existing E.U.–level data retention programs such as the Terrorist Finance Tracking Programme (TFTP) and the Union’s international passenger name record (PNR) agreements – they’re still valid, but if someone wants to challenge the legality of those, they can also point to the CJEU’s DRI judgement. The CJEU ruling should also be heeded when formulating any new E.U. data retention legislation. As it happens, TFTP and the international PNR agreements are about to be renegotiated.

This is particularly good news for the two British members of Parliament that are challenging DRIPA in the U.K. High Court. DRIPA was fast-tracked as an “emergency” law because the Data Retention Directive had been implemented in the U.K. as secondary rather than primary legislation, so the government feared that the CJEU judgement left it without a proper legal justification for continuing to demand that ISPs and web service providers keep retaining communications data.

DRIPA is temporary, time-limited to the end of 2016, but the underlying primary legislation that it expands on – the Regulation of Investigatory Powers Act (RIPA) – is not. RIPA is however up for review, as the government will want to make the DRIPA powers permanent before the end of 2016, so those conducting the review will now also need to take the E.U. legal advice into account.

RIPA was designed as anti-terrorist legislation but it’s widely used by local authorities in the U.K. to spy on citizens, in order to see whether they’re putting their trash out in the prescribed manner or trying to cheat their kids into schools in a different neighborhood. It’s also used to spy on lawyers and journalists. Around half a million RIPA requests for communications data are made each year.

The CJEU ruling will make it hard to justify the continuation of this situation, and even in the case of terrorism and more serious crime, the British government may have a struggle proving the proportionality of its mass surveillance regime. Proper reviews of data retention laws in other countries such as Sweden may uncover similar problems.

Looks like the EU net neutrality debate will run into 2015

The Council of the EU, representing the 28 member states, is currently debating how to finalize the strict net neutrality rules that the European Parliament handed it earlier this year. It looked like the Council was about to water the rules down, but then the European Commission and the Parliament both pleaded with it not to, and now the decision has reportedly been delayed. The Italian presidency of the Council said Thursday that none of the compromise drafts had achieved consensus and a Council official quoted by IDG said the debate will now go through to 2015. The Commission and Parliament want strong rules and definitions but the member states want more flexible “principles” – we’ll have to wait to see who wins.

European Parliament reportedly wants Google to be broken up

The Parliament is, according to the Financial Times, poised to call on the European Commission to separate Google’s core search business from its other businesses or take some other serious measure to tackle the firm’s dominance in the EU.

Net neutrality looks doomed in Europe before it even gets started

Leaked documents from the Italian presidency of the Council of the European Union show that member states want net neutrality “principles” and “objectives” rather than the strict rules agreed to by the European Parliament earlier this year.