Facebook, under fire in the U.S. and U.K. for its role in the Cambridge Analytica breach, is also facing heat from EU lawmakers. The European Parliament Civil Liberties (LIBE) Committee held a third hearing on the matter Monday, focused on possible solutions.
Dugie Standeford
Dugie Standeford, European Correspondent, Communications Daily and Privacy Daily, is a former lawyer. She joined Warren Communications News in 2000 to report on internet policy and regulation. In 2003 she moved to the U.K. and since then has covered European telecommunications issues. She previously covered the U.S. Occupational Safety and Health Administration and intellectual property law matters. She has a degree in psychology from Duke University and a law degree from the University of Tulsa College of Law.
Governments want to maintain the Whois database as much as possible while complying with the EU general data protection regulation as quickly as possible, and they spent most of their time in Governmental Advisory Committee (GAC) meetings at the Monday to Thursday Panama ICANN policy meeting scrambling to figure out how to accomplish that. ICANN, not in compliance with the EU privacy law, approved a "temporary specification" to enable tiered access to domain name registrants' data in the Whois database (See 1805140001), and floated a proposed unified access model for allowing those with a legitimate interest to access non-public personal data (see 1806060004). Also in the works is an "expedited policy development process" (EPDP) that aims to replace the specification within one year. Under pressure from law enforcement, network security, intellectual property and other interests, governments are pushing to determine their role in the processes and their positions.
An EU plan to require major content-sharing platforms to monitor users' uploads moved forward Wednesday. By 14-9, the European Parliament Legal Affairs Committee (JURI) approved a report responding to a 2016 European Commission proposal for a directive on copyright in the digital single market. The report, by Member of the European Parliament (MEP) Axel Voss, of Germany and the European People's Party, supports the EC's controversial calls for a new right (Article 11, the "neighboring" right, also called the "snippet tax") for online news publishers, and for large platforms to filter users' uploads to prevent copyright breaches (Article 13).
Trans-Atlantic personal data-sharing agreement Privacy Shield should be suspended if the U.S. fails to meet its commitments by Sept. 1, the European Parliament Civil Liberties Committee said in a resolution approved Monday. By 29-25, lawmakers said the EU-U.S. deal doesn't offer strong enough privacy protections for Europeans, as shown by the Facebook-Cambridge Analytica data breach. Given EU dissatisfaction with the agreement, and the entry into force of the general data protection regulation, there are questions whether the self-certification system is as relevant anymore.
Six years after world IPv6 launch, the technology is in the "early majority" phase, said the Internet Society and others tracking rollout this week. The longer addresses are increasingly used by telcos, mobile operators, content networks and data centers, but deployment is being delayed by factors like the "elephant in the room" -- enterprise networks, ISOC reported. One issue has been the lack of a viable business case, but that's changing as IPv4 Internet Protocol addresses become more expensive, observers said.
An ICANN injunctive action against a German domain name registrar seeks to "preserve Whois," the internet body said. The case, filed in Bonn Friday against EPAG Domainservices GmbH, asks the court for "assistance in interpreting" the EU general data protection regulation (GDPR). EPAG said it will no longer collect registrants' administrative and technical contact information when it sells new domain names because that would violate the GDPR. ICANN, with a "temporary specification" for registries and registrars to follow to comply, said EPAG's "position has identified a disagreement with ICANN and others as to how the GDPR should be interpreted." While clarification might be helpful, the GDPR trumps ICANN's specification, ICANN players told us Tuesday.
With Friday the rollout date for the EU general data protection regulation in Europe, the focus for many businesses now shifts from how to comply to when and how stringently the GDPR will be enforced, said speakers at various webinars and others we spoke with. All agreed enforcement would begin Friday, but there are questions about what the priorities of data protection authorities (DPAs) will be, they said. The Irish Data Protection Commission set out its approach in a Wednesday blog. Privacy experts urged companies to stay calm, but to act to show regulators they're committed to compliance. Civil society groups, however, said the level of scrutiny of U.S. and EU companies by privacy watchdogs and regulators "will be very high," and 28 advocacy groups Thursday pressed U.S. businesses to adopt GDPR rules. Meanwhile, ICANN's struggle to bring its Whois database into alignment with the new regulation continues.
The ICANN board delayed action Sunday on a temporary Whois "specification" aimed at giving it time to come up with a new model that complies with EU privacy law. With the looming EU General Data Protection Regulation May 25 effective date, ICANN proposed an interim plan that balances the existing Whois model with the GDPR by "allowing for the robust collection of [domain name] registration data but also restricting the access to personal data to layered/tiered access," ICANN CEO Göran Marby blogged Friday. Users with a legitimate reason would be able to seek access to non-public data through registrars and registries, and could contact either the registrant or administrative and technical contacts through an anonymized email or web form, he said. Registrants could opt into having full contact details available. But the board didn't vote on the draft at this weekend's Vancouver meeting, emailed Michele Neylon, managing director of Irish domain registrar and hosting company Blacknight Internet Solutions. ICANN didn't comment Monday.
A German Supreme Court ruling that Eyeo GmbH's AdBlock Plus isn't anticompetitive will have "very tangible commercial implications" for online advertising and publishers of online content in the U.S. and elsewhere, Hogan Lovells (Hamburg) trademark and unfair competition attorney Anthonia Ghalamkarizadeh told us. The April 19 decision means Eyeo is free to continue marketing AdBlock Plus, by far the most popular and widespread adblocker in the world, she emailed. The service has rivals and faces opposition from publishers that are finding methods other than ads to fund their online content, she and others said.
The European Commission ramped up pressure on online platforms Thursday, telling them to be more open in dealings with other businesses and take more responsibility for fighting fake news. The platform transparency rules, aimed at creating a fairer business environment for smaller companies, include requirements that platforms make terms and conditions for professional users clearer and resolve disputes more efficiently. The disinformation proposal calls for an EU-wide code of practice and the possibility of regulation if significant changes aren't apparent by October. It won praise from the tech sector and others, while the transparency regulation prompted a mix of reactions.