As EU data protection authorities pan ICANN's proposed interim plan for to comply with the EU general data protection regulation (GDPR), the question becomes: What, in practical terms, will happen to the Whois database May 25, the effective date of the new law? Horror stories about threats to internet security, intellectual property rights protection and law enforcement activities arising from GDPR compliance abound. Some we spoke with said ICANN missing the compliance date could be a mess, but others said things aren't that dire.
Dugie Standeford
Dugie Standeford, European Correspondent, Communications Daily and Privacy Daily, is a former lawyer. She joined Warren Communications News in 2000 to report on internet policy and regulation. In 2003 she moved to the U.K. and since then has covered European telecommunications issues. She previously covered the U.S. Occupational Safety and Health Administration and intellectual property law matters. She has a degree in psychology from Duke University and a law degree from the University of Tulsa College of Law.
Europe is lagging behind the U.S. in 5G preparedness now, but it doesn't have to, GSMA officials and others told us. There are many ongoing 5G-related activities, including a strategic focus on the technology by the European Conference of Postal and Telecommunications Administrations (CEPT) and Body of Regulators of Electronic Communications (BEREC), and there's strong political will to push Europe to the forefront, they said. But the 5G killer application remains elusive, EU efforts to boost investment in new networks have become bogged down, and political will is being sapped to some extent by more pressing issues such as Brexit and other world events, they said.
Debate over a European Commission proposal for a new e-privacy law is heating up as telcos and digital companies race to comply with the EU general data protection regulation. The e-privacy regulation (ePR), which would modify existing electronic privacy rules enacted as part of telecom liberalization, is an exception to Europe's general reluctance to impose sector-specific privacy regulations and a political move aimed at leveling the playing field between traditional providers and over-the-top players that offer telco-like services, Hogan Lovells (Paris) telecom and privacy lawyer Winston Maxwell told a Tuesday webinar. Communications providers said the current version of the draft is inflexible, while digital rights activists criticized EU governments' failure to move forward on the regulation.
ICANN gave European data protection authorities (DPAs) a proposed model for complying with the EU general data protection regulation, President Göran Marby said Monday. Unanswered questions remain, and ICANN needs "firm advice" from privacy chiefs and governments before moving ahead, he said at ICANN's meeting this week in San Juan, Puerto Rico, where NTIA Administrator David Redl also sought access to information in the group's database of website registrants. Stakeholders disagreed over making registrant email addresses public, the role of the Governmental Advisory Committee and how entities that will be able to access nonpublic registration data should be accredited. GAC members said Tuesday they're worried about lack of a required temporary system for dealing with access to nonpublic data before a formal accreditation system is implemented.
U.S. companies are generally taking the EU general data protection regulation seriously, but many will struggle to achieve compliance by the May 25 deadline, privacy experts said. There's a perception in Europe that American businesses are ahead in the rush to meet GDPR requirements, but one expert thinks European organizations are better prepared. Challenges for U.S. businesses are getting management buy-in, the absence of a strong American concept of data privacy, and the difficulties of finding all GDPR-relevant data across organizations, observers said.
Internet platforms and governments must raise their game against illegal content or face regulation, the European Commission said Thursday. It recommended operational measures companies and administrations take before it decides whether to propose legislation. The nonbinding recommendation builds on a September EC statement on tackling illegal content online and applies to all forms of illegal content. Digital rights activists, tech companies and ISPs slammed the action. The U.K., meanwhile, is also pressing platforms to do more.
Google and Microsoft were among the top 50 companies in EU lobbying spending in 2017. Google dropped from sixth in 2016 to 18th, ahead of Microsoft at 26th, LobbyFacts.eu said. Google was in the top 10 as of Wednesday, with an outlay of 5.25 million-5.5 million euros ($6.5 million-$6.8 million), upping the spending it reported to the EU transparency register to pass Microsoft (4.5 million-4.75 million euros). Google outpaced Microsoft and Facebook among lobbying organizations with the most high-level meetings at the European Commission, EU Integrity Watch reported. Continued strong lobbying on digital single market and digital economy issues by companies is increasingly accompanied by U.S.-style corporate tactics, European civil society organizations said.
Google+ has made its platform more consumer-friendly but Twitter and Facebook must do more, the European Commission said Thursday. The EC and national consumer protection authorities asked the companies in March to align their terms of service with EU laws, but they have only partially done so, it said. Failure to comply could mean penalties, said Justice, Consumers and Gender Equality Commissioner Vera Jourová. The European Consumer Organisation (BEUC) said the platforms' slow response is worrying. Facebook said it plans further updates to its terms later this year. Meanwhile, EC efforts to cope with illegal online content was criticized for being overly hasty and not based on evidence.
With the deadline for compliance with the EU general data protection regulation looming, many companies are still far from ready, business organizations we spoke with said. The GDPR takes effect May 25. Despite the seriousness of noncompliance, preparations are uneven, with U.S. tech companies and global digital enterprises further along than smaller businesses, industry representatives said. Lacking is final guidance from the EU Article 29 Data Protection Working Party (WP29), which said Wednesday its last set of guidelines should be completed in coming weeks.
EU efforts to finalize revamped copyright rules have been hampered by lack of consensus among governments and lawmakers on what to do about copyright protection in user-uploaded content and whether news publishers should have a new right to protect extracts of their publications that appear online, stakeholders said. The so-called "value-added" provision and the "snippet tax" are contained in articles 13 and 11, respectively, of the European Commission's proposed directive for copyright in the digital single market. The provisions are so controversial that the new EU Bulgarian presidency asked for "political guidance" on how to resolve the standoff.