Personal data transfer mechanism Privacy Shield appears likely to emerge successfully from the European Commission review that begins this week. "I'm quite sure it will pass," emailed Hogan Lovells (London) data protection lawyer Eduardo Ustaran. "I may be wrong but I do not expect a revolution," emailed Linklaters (Brussels) privacy attorney Tanguy Van Overstraeten. "The next important step will be the court review." Data Protection Commissioner v. Facebook was referred by the Irish High Court to the European Court of Justice in April.
Dugie Standeford
Dugie Standeford, European Correspondent, Communications Daily and Privacy Daily, is a former lawyer. She joined Warren Communications News in 2000 to report on internet policy and regulation. In 2003 she moved to the U.K. and since then has covered European telecommunications issues. She previously covered the U.S. Occupational Safety and Health Administration and intellectual property law matters. She has a degree in psychology from Duke University and a law degree from the University of Tulsa College of Law.
ICANN continues to struggle with who can access domain name registration data under the EU general data protection regulation, a Monday webinar heard. The law is specific about the role of data controllers, and ICANN is trying to determine if creating a unified model for access to nonpublic Whois data complies, said CEO Goran Marby. It's up to the community to decide whether it supports such unified access, he said. Legal and technical approaches are under consideration, said General Counsel John Jeffrey, including the Registration Data Access Protocol (RDAP), to enable users to access current domain registration data that could eventually replace the Whois database. Third parties seeking access to nonpublic data would submit a request to ICANN, which would approve it and pass it along to the data controllers (registries and registrars) or deny it, he said. Comments are due Oct. 13. There's also an expedited policy development process (ePDP) on ICANN's temporary specification for generic top-level domain registration data, said David Olive, senior vice president-policy development support. EPDP is expected to deliver a draft initial report by the Oct. 20-25 ICANN meeting in Barcelona, followed by publication of an initial report for comment shortly thereafter, he said. Marby said GDPR is fairly specific about the individual role of data controllers, and the only way to change the situation would be to lower the risk of liability for registries and registrars. He stressed that none of the proposed solutions will happen if contracted parties don't feel their GDPR risks are diminished. The probability of having a technical solution such as RDAP is likely low but ICANN must ask, he said.
Blockchain technology is coming to the domain name area. Top-level domain .luxe, to be launched at the Oct. 20-25 ICANN meeting in Barcelona, will offer names in the domain name system as well as in the Ethereum blockchain, Minds + Machines Group (MMX) registry CEO Toby Hall said in an interview. Another blockchain is being developed to replace the root zone file (the delegation details of TLDs), which is now controlled by private parties with a decentralized file controlled by internet users, the Handshake organization said. The move toward the technology seems to be welcome, but some wondered if the DNS needs fixing.
Facebook must be absolutely straight with consumers about how it operates and makes money, said EU Justice, Consumers and Gender Equality Commissioner Vera Jourova at a livestreamed Thursday news briefing. The European Commission said in February that social media companies must do better aligning terms of service with EU consumer protection rules. Facebook and others have made some changes, but Jourova said many people are still unclear about how it makes their data available to third parties or holds full copyright in content posted on the site. The EC gave the company until October to correct all remaining misleading terms and conditions, with all changes to be in place by year's end. "I am becoming impatient" with Facebook, the commissioner said: Talks have been ongoing for about two years but "we cannot negotiate forever." Asked what she'll do if the platform hasn't shown progress around October, Jourova said it will face penalties set by national authorities in 2019. The EC also went after Airbnb, which Thursday committed to making all requested modifications, Jourova said. These included making its prices more transparent and clarifying that consumers can use all available remedies, including suing hosts, in case of damages or personal harm. Facebook wants its terms to be clear and accessible to everyone, a spokeswoman said. It updated its terms of service in May and included the vast majority of changes proposed by the EU Consumer Protection Cooperation Network and the EC, she said: Facebook "will continue our close cooperation to understand any further concerns and make appropriate updates."
EU lawmakers Wednesday adopted their negotiating position on copyright modification, paving the way for "trialogue" talks with the European Commission and Council. The 438-226 vote came after what Member of the European Parliament Virginie Roziere, of the Socialists and Democrats and France, called "virulent" lobbying and misinformation, much of it from the U.S. Lawmakers got more messages from the U.S. than from the whole of the EU on the proposal for a directive, she said at a news briefing. The amended text made key "tweaks" to the original report by the lead Legal Affairs Committee, Parliament said. The most contentious proposals -- for platforms to monitor user uploads for copyright infringements (Article 13), and for news publishers to be given a new right to remuneration (Article 11) -- are still in play.
The U.K. privacy watchdog is dealing with its first general data protection regulation cases, but "it's too early to speculate on enforcement action," an Information Commissioner's Office spokesperson emailed Wednesday. The ICO started using its "powers of assessment and audit in order to begin looking at certain organisations' data protection practices." French data protection agency CNIL (Commission Nationale de l'Informatique et des Libertes) said it hasn't yet issued fines based on the GDPR. With the regulation having taken effect May 25 (see 1805230001), "the complaints brought before the CNIL in relation to the GDPR are currently in a trial phase and we do not yet know when the CNIL will deliver its decisions," a spokesperson emailed. No enforcement issues have arrived at the European Data Protection Board, a spokeswoman told us. The EDPB is involved only if there's a cross-border dimension that requires national supervisory authorities to work together to ensure the GDPR is consistently applied, she said. Under that mechanism, the board issues opinions or, if there's a dispute between national data protection authorities, binding decisions to arbitrate. "It's the calm before the storm," emailed Hogan Lovells (London) data protection attorney Eduardo Ustaran.
A new round of generic top-level domain names is unlikely to happen before 2020, said ICANN President-Global Domains Division Akram Atallah in a Friday interview. The Generic Names Supporting Organization (GNSO) is working on recommending policies for further rounds, and other ongoing reviews will feed into the final board decision, he said. Many are eager for another tranche of gTLDs, but some question whether the 2012 round was a success.
While not as heated as in the U.S., the net neutrality debate hasn't entirely evaporated in Europe. Regulatory guidelines set by the Body of Regulators of Electronic Communications (BEREC) in 2015, now undergoing review, have drawn concerns from telecom and cable operators, while BEREC's decision to sign a memorandum of understanding with the Indian regulator sparked outrage from one telecom consultant. France, meanwhile, said it's unclear what U.S. net neutrality will look like in coming years, but in other parts of the world efforts to protect it "continue to make strides."
Google must pay a record 4.34 billion euro fine ($5.1 billion) and remove years-old illegal restrictions on Android device makers and mobile network operators or face stiff penalties for noncompliance, said EU Competition Commissioner Margrethe Vestager Wednesday. Google breached three EU antitrust rules, she said: It forced manufacturers to pre-install the Google Search and Chrome browser apps as condition for licensing its app store (Play Store); it paid large device makers and mobile operators to ensure they exclusively pre-installed the search app on their mobile smartphones and tablets; and it prevented manufacturers who wanted to pre-install Google apps from selling any smart mobile devices running on alternative versions of Android not approved by Google ("Android forks").
The European Parliament nixed a plan to start immediate talks on a proposed copyright revision measure, seeking instead fuller debate in September. The 318-278 vote Thursday rejected a negotiating position proposed by the Legal Affairs (JURI) Committee, meaning the draft copyright directive won't go to "trilogue" discussions with the Council and European Commission but will be open to full legislative debate and amendment, parliament said. The JURI approach, by Member of the European Parliament (MEP) Axel Voss, of Germany and the European People's Party, supports the EC's controversial calls for a new right (Article 11, the "neighboring" right, also called the "snippet tax") for online news publishers, and for large platforms to filter users' uploads to prevent copyright breaches (Article 13) (see 1806200011).