Highlights from the Past Weeks

CW 14 / Monday, 4 April to Thursday, 7 April: Plenary Session Week (Strasbourg);

DSA I – EP WITH NEW PROPOSAL: After the French EU Presidency agreed to limit online advertising practices at the last high-level trilogue, Socialist MEP Schaldemose presented a new proposal with tighter restrictions.

Schaldemose proposes banning the use of personal data for commercial messages on all online platforms. The proposal establishes an explicit prohibition on the use of sensitive data on religion, health, political opinions, and racial or ethnic origin for targeted advertising.

Schaldemose also tightened the wording of the ban on targeted advertising to minors, writing that online platforms should no longer request personal information to find out if a user is a minor. If there is any doubt about the age, targeted ads should not be displayed (see Politico Pro, Paywall, Euractiv),

Schaldemose also proposed a compromise that there should be no general obligation to monitor information that is transmitted or stored “by automated or non-automated means”. The phrasing that general surveillance should be “neither de jure nor de facto” was moved to a preamble, according to a draft compromise proposal on Article 7. However, the rapporteur wants to keep the Parliament’s text to ensure that technology companies are not forced to use automated mechanisms to moderate content. The Council has already proposed deleting this article.

Faced with Council opposition to including provisions on encryption in the DSA, Schaldemose tried to find a middle ground by proposing an article stating that EU countries should not prevent switching services from offering end-to-end encryption. However, it deleted parts that were intended to prohibit member states from forcing tech companies to restrict anonymous use of their services (see Politico Pro, paywall).

DSA II – COUNCIL WITH NEW TEXT: The French Presidency of the Council of the EU has proposed new changes to the rules for removing illegal content online in order to conclude negotiations on the DSA with the European Parliament.

According to reports from Politico Pro (paywall), Paris has won the support of EU capitals for parts of the rules that would force tech companies to delete illegal content such as Child Sexual Abuse Material and obtain information about users.

The French presidency also proposed to lawmakers changes to the rules defining very large online platforms, on which most of the obligations are imposed, and to the rules on how tech companies should handle reports from users about illegal posts. (PDF)

The next trilogue is scheduled for 22 April.

ARTIFICIAL INTELLIGENCE I – COUNCIL WITH NEW PROPOSAL: The French presidency circulated a new compromise text on the AI law last week that covers law enforcement agencies’ use of the technology. The text was discussed on Thursday at a meeting with representatives of the justice and interior sectors. The Presidency is seeking adoption of a general direction by the Telecommunications Council on 3 June. The text includes measures on biometrics, transparency obligations and an EU database for high-risk AI systems. (see Euractiv)

ARTIFICIAL INTELLIGENCE II – AMENDMENTS PUBLISHED:  Fundamental rights safeguards in the Artificial Intelligence Act need to be strengthened. This can be seen in the over 600 amendments submitted to the legal affairs committee (see pages 310-527, 528-746 and 747-965 – PDF). MEPs García Del Blanco, Wölken, Repasi and Leitão-Marques (S&D) have proposed new articles to ensure that AI systems are developed, deployed and used “in full respect of the EU Charter of Fundamental Rights.” They wrote that the technology is to “never undermine or override human autonomy.”

MEP Melchior (Renew) put forward a total ban on real-time biometric recognition such as facial recognition and deleted exceptions for law enforcement. Meanwhile, Sergey Lagodinsky (the Greens) wants to prohibit the sale of emotion-recognition systems unless it is for someone’s personal use.

The first amendments were also made known in the Industry Committee ( see pages 127-381 – PDF).

CYBERSECURITY – MEMBER STATES AGAINST CERTIFICATION SYSTEM

Member States have started to disagree over how much the EU’s incoming cybersecurity certification should crack down on extraterritorial data laws, bringing an ongoing dispute over the scheme for cloud services to the fore.

The Irish, Swedish and Dutch governments pushed back on plans to impose “sovereignty requirements” on cloud providers in the EU’s draft cybersecurity certification for cloud services in a letter shared with national governments. The requirements are meant to protect European data from extraterritorial security legislation.

The letter (PDF), as quoted by Politico Pro, included the following statements:

“Recently, the European Commission has asked ENISA [the EU’s cybersecurity agency] to add sovereignty requirements to the European cloud certification scheme. These requirements would apply to cloud service providers which are operating on the European market and would amongst other things ensure that only the EU law applies to these cloud service providers and that maintenance, operations and data must be located within the EU. (…) The proposed requirements on sovereignty in the cloud scheme could have wide-ranging effects for companies (sub-contractors) involved in cloud service deliveries and their ability to develop their services and compete on the global market.”

TELECOMMUNICATIONS – EU COMMISSION TAKES 10 MEMBER STATES TO THE CJEU: The European Commission has taken Spain, Croatia, Latvia, Lithuania, Ireland, Poland, Portugal, Romania, Slovenia and Sweden to the Court of Justice of the European Union for failing to fully implement the EU Electronic Communications Code (ECC or EECC) and for failing to notify the Commission of how national measures are implemented (see COM press release).

OPEN DATA – EU MEMBER STATES DEFAULT: The European Commission has sent reasoned opinions to Austria, Belgium, Bulgaria, Croatia, the Czech Republic, Latvia, the Netherlands, Slovakia and Sweden requesting information on how the Open Data Directive (Directive EU 2019/1024) is transposed into national law. This should have been done by 17 July 2021. (see COM press release)

DATA PROTECTION – INFRINGEMENT PROCEEDINGS DUE TO DATA PROTECTION DEFICIENCIES: The European Commission has asked Germany, Greece, Finland and Sweden to ensure the correct implementation of EU data protection rules. “Germany has not yet communicated measures to implement the directive with relation to the activities of the German Police. Greece has failed to correctly transpose provisions relating, among others, to the scope of application of the Law Enforcement Directive and the time limits for the storage of data. Finland and Sweden have failed to fulfil their obligations as regards the right to effective judicial remedy for data subjects in certain cases,” the press release states.

The countries now have two months to respond to the letter and take the necessary measures to remedy the violations of EU law identified by the Commission. Otherwise, the Commission may decide to issue a reasoned opinion.

PROTECTION OF CHILDREN – COUNCIL OF EUROPE WANTS CRIMINALISATION OF GROOMING: In its latest report, the Council of Europe recommended the criminalisation of grooming. The organisation’s committee, which specialises in protecting children from sexual abuse, advises that law enforcement and judicial agencies should be better equipped to crack down on sex offenders who form relationships with children online, even if they never meet the minors or obtain sexual material. Other recommendations include not prosecuting children for voluntarily sharing self-generated sexual images of themselves.

DGA – PARLIAMENT CONFIRMS TRILOGUE RESULT: Last week, the European Parliament confirmed the compromise reached with the Council on the Data Governance Act by a clear majority. The text was adopted by Parliament by 501 votes to 12, with 40 abstentions. It must now be formally adopted by the Council before it is published in the Official Journal and enters into force (EP press release).

POLITICAL ONLINE ADVERTISING – COMPETENCE DISPUTE IN PARLIAMENT: The Conference of Presidents is expected to rule on the dispute over authority over the Targeted Political Advertising Ordinance on 28 April. While the Internal Market Committee has led work on the bill, the Civil Liberties Committee and the Culture Committee have called for exclusive jurisdiction in certain areas.

BUDAPEST CONVENTION – COUNCIL AUTHORISES MEMBER STATES TO SIGN: The Council adopted a decision authorising member states to sign, in the interest of the EU, the Second Additional Protocol to the Convention on Cybercrime (Budapest Convention). This protocol will improve cross-border access to electronic evidence such as emails or documents located in the cloud for use in criminal proceedings. It will contribute to the fight against cybercrime and other forms of crime on a global scale by facilitating cooperation between Member States and third countries, while ensuring a high level of protection for individuals and compliance with EU data protection standards.

The Protocol was adopted by the Committee of Ministers of the Council of Europe on 17 November 2021, and is scheduled to be opened for signature on 12 May 2022. The EU cannot sign the protocol because only states can be parties to it. (see Council press release)

IRELAND – ECJ RULES AGAIN ON DATA RETENTION: Last week, the European Court of Justice (ECJ) confirmed that the general and unprovoked collection of traffic data is not compatible with EU law (C-140/20, judgment, press release – PDF). The judgment is based on a reference for a preliminary ruling from the Irish High Court. Unlike in the German proceedings, the question of a prohibition on the use of evidence relating to data collected by means of data retention also plays a role here.

Permissible, on the other hand, are:

• targeted storage, e.g. at specific geographical locations (crime hotspots) and/or occasions (major sporting or other events);
• the indiscriminate and general collection of source (sender) IP addresses, among other things to combat CSAM;
• the collection of inventory data (name, address, number of the customer) without any reason and in general;
• the Quick Freeze procedure as targeted, event-related storage.

The ECJ should soon also deliver the judgments on the German references for a preliminary ruling SpaceNet (C-793/19) and Deutsche Telekom (C-794/19). A date is not yet known.

GERMANY – IDENTICAL CONTENT ON SOCIAL MEDIA MUST BE DELETED: Social networks must take more consistent action against hate on their network: A widely disseminated false quote must be deleted in all its variants, the Frankfurt am Main Regional Court ruled on Friday in the case of Green Party politician Renate Künast.

Facebook must proactively find and delete content without Künast having to point out each individual case, the court ruled: Since it had “specifically pointed out that the statement attributed to it is a false quote, it does not have to repeat this reference for every further legal violation, stating the URL,” the court justified its decision. (see press release LG Frankfurt/Main (DE))

GERMANY – GOVERNMENT PRESENTS TCO IMPLEMENTATION ACT: The German federal government has presented the proposal for an implementing law (PDF, DE) for the EU regulation on combating terrorist content online (TCO). Compared to the last draft, only minor changes were made, some of which eco had pointed out in its comments.

Relevant Publications, including from the EP Think Tank:

• Digital Services Act (Briefing)
• Plenary round-up – April 2022 (At a Glance)

Highlights of the Current Week

Here you will find a listing of the upcoming dates of the European Parliament. The meeting calendar for 2022 is available here (PDF).

An overview of the most important dates of the Council week can be found here or the meeting calendar here, the focal points of the meetings of the next 14 days here and the provisional meeting calendar of the French Council Presidency here (PDF).

Among them are:

Summits and Ministerial Meetings:

• Foreign Affairs Council (including Global Gateway), Monday, 11 April – Agenda, A items;
• General Affairs Council, Tuesday,12 April – Agenda, A items, A items addendum, background brief;

Preparatory Bodies:

• Working Party on Cooperation in Criminal Matters (COPEN), Monday, 11 April, Tuesday, 12 April, and Wednesday, 13 April;
• Working Party on Competitiveness and Growth (Internal Market) (including DSA), Wednesday, 13 April;
• Coreper I (including Fit for 55), Wednesday, 13 April;
• Coreper II, Wednesday, 13 April;

Information on the weekly commission meeting can be found in the preview (PDF) or (at short notice) in the current agenda. Among others, the legislative proposal against child abuse (most recently postponed again from 27 April to 11 May) or the Media Freedom Act (29 June) should be highlighted.
The next meeting is scheduled for 27 April.

The CJEU judicial calendar can be found here. There is a judicial vacation from 3 to 16 April. The judgment in Poland’s case on Art. 17 DSM Directive is scheduled for 26 April (C-401/19).

European Parliament Committees

CW 15 / Monday, 11 April to Thursday, 14 April: Green Week (no meetings);

LIBE Committee (EP)

Current meetings

• none

Further meetings (calendar)

• Wednesday, 20 April 2022, 9.00-12.00 and 13.45-15.45 (Brussels)
• Thursday, 21 April 2022, 9.00-12.00 and 13.45-15.45 (Brussels)

JURI Committee (EP)

Current meetings

• none

Further meetings (calendar)

• Monday, 25 April 2022 (Brussels)
• Thursday, 28 April 2022 (Brussels)

Dossiers Timetable (28 March 2022)

ITRE Committee (EP)

Current meetings

• none

Further meetings (calendar)

• Wednesday, 20 April 2022
• Thursday, 21 April 2022

Dossiers Timetable (31 March 2022)

IMCO Committee (EP)

A delegation of MEPs will visit Navarre (Spain) to visit digital industry and sustainable single market projects and learn about eGovernment initiatives and consumer protection activities (see IMCO).

Current meetings

• none

Further meetings (calendar)

• Wednesday, 20 April 2022 (Brussels)
• Thursday, 21 April 2022 (Brussels)

Dossiers Timetable (March 2022)

CULT Committee (EP)

Current meetings

• none

Further meetings (calendar)

• Monday, 25 April 2022 (Brussels)

Further Parliamentary Meetings

CW 16 / Monday, 18 April to Thursday, 21 April: Committee Meeting Week (Brussels);

CQW 17 / Monday, 25 April to Thursday, 28 April: Group and Committee Meeting Week (Brussels);

CW 17 / Monday, 2 May to Thursday, 5 May: Plenary Session Week (Strasbourg);