Fighting for digital rights in Europe: an update

By Nani Jansen Reventlow, 30th May 2018

A lot has happened in the field of digital rights over the past few months, including the Cambridge Analytica revelations and the GDPR entering into force. What are organisations in DFF’s network doing in the midst of this? And what is DFF working on?

There is some great work going on in our network. A number of actions have been taken in relation to the GDPR, which entered into force on 25 May. Amongst others, a number of organisations joined forces to put together a helpful explainer of rights and obligations under the new Directive, and some have filed multiple information requests with data brokers with a view to assessing their response and compliance with the new data protection regulations. The first court cases have been filed as well, to test how GDPR-proof some of the big social media companies are. On net neutrality, a Europe-wide mapping of net neutrality violations is underway. As is an assessment of voluntary content blocking by ISPs with a view of increasing transparency and accountability for such restrictions to free speech online.

On DFF’s side, we are following up on one of the needs identified at the February strategy meeting, namely the opportunity for skill building and -sharing around strategic litigation. The first litigation retreat, co-hosted by SHARE Foundation, will take place in July, where those interested in pursuing strategic cases can further sharpen their litigation skills and work with others to workshop potential cases. The programme will seek to leverage the knowledge and skills present within the field and allow participants to learn from each other’s experiences. By the end of the retreat, participants will have developed a case strategy for an issue of their choosing.

Alongside this, DFF has started testing its grantmaking with a soft launch, offering financial support for litigation and pre-litigation research for projects that can contribute to advancing the respect for human rights in the digital sphere in Europe. The grantmaking criteria and process were developed based on the valuable input from our network – a post on that process will follow at the formal launch.

Our grants will especially support strategic litigation that can: (1) advance individuals’ ability to exercise their rights to privacy and data protection; or (2) protect and promote the free flow of information online; or (3) ensure accountability, transparency and the adherence to human rights standards in the use and design of technology. A formal announcement will follow this summer. Any enquiries in the meantime can be addressed to grants[at]digitalfreedomfund.org. If you want to be notified when the call goes live, you can sign up for our newsletter here.

We’re inspired by the great work we’re seeing taking place around Europe  and look forward to supporting a number of litigation-related initiatives over the coming months and years.

It Might Be Clogging Up Your Inbox, But GDPR Is One Of The Most Significant Data Laws In History

By Jonathan McCully, 25th May 2018

By Nani Jansen Reventlow & Jonathan McCully

You’ve probably heard a lot about it (or at least ignored it) in your inbox, but today’s the day! What day, you ask? Christmas? No! It’s GDPR day, of course.

This blog post was originally published by RightsInfo.org who kindly invited DFF to write the piece.

The GDPR (full and wonderful title ‘General Data Protection Regulation’) came into force on May 25, 2018 and is one of the most significant overhauls of data protection rules in history. But what does it mean for our human rights and why should you care?

First up, what actually is the GDPR? Well, it governs when our personal data can be lawfully collected, stored and used by others. Personal data means “any information relating to an identified or identifiable natural person.” This includes your name, location data, IP address, photograph, job title, or political opinion.

Whilst it may not have the snappiest title, the GDPR matters. The recent Cambridge Analytica scandal brought into sharp focus how things can go wrong when our data is misused.  So it’s important that our right to privacy under the Human Rights Convention and the more specific fundamental right to protection of our personal data (under the EU Charter of Fundamental Rights) can be upheld in practice.

This is where the GDPR comes in. It will protect these rights more fully by expanding on the old EU law on data protection and ensuring regulation is harmonised across the EU. It gives us significant empowerment over whether, how and when our data is used.

We’ll Have More Control Over Our Data
Under the GDPR, if organisations want to rely on our consent as their basis for processing our data, it must be “freely given, specific, informed, and unambiguous”, in the form of a statement or affirmative action.

This means consent cannot be implied from silence or a failure to opt-out (by, for example, unticking a box). We should, therefore, get greater control and awareness over how our data is being used.

This complements other rights protected under the GDPR, including the right to access, rectify, erase and object to the processing of our data, as well as the right not to be subject to automated decision making (including profiling).

Our Data Will Be More Secure
The GDPR introduces increased security requirements. It means those processing data must adopt “technical and organisational measures” for security purposes, such as pseudonymization and encryption. The new rules also require that data should only be used for the purpose for which it was collected – this means that companies cannot hang onto our data “just in case” they need it later.

And when the security of our data is breached, such as in the case of a ransomware attack, the relevant data protection authority must be notified straight away. Where the breach is likely to result in a “high risk” to fundamental rights, the individuals affected must also be informed.

This will increase transparency around security breaches, and stop businesses from keeping such incidents secret or being slow to disclose them.

It’s Easier To Enforce Our Rights
The GDPR significantly increases sanctions for non-compliance. Breaches of some provisions of the new rules can result in fines of up to €20 million or 4 percent of a business’ total worldwide turnover for the previous year.

It will also be easier for individuals like you and me to bring claims for breaches, including under a provision that allows individuals to authorise not-for-profits to take cases on their behalf. This means we could see class actions being brought to enforce our rights under the GDPR.

The increase in penalties, coupled with greater access to justice, should incentivise greater respect for data protection rights across Europe.

What’s more, the effects of the GDPR do not stop at Europe’s borders. For the first time, EU data protection law will apply to companies with no business establishment in the EU when they either monitor the behaviour of EU residents or offer goods or services to them. This means organisations based outside the EU (such as overseas social media platforms or website hosting providers offering their services to EU citizens) will face greater accountability.

The full implications of the GDPR are yet to become clear. But there is no doubting its potential for enhancing our right to privacy and our fundamental right to protection of our personal data. Here’s hoping it delivers on that potential.

Advancing digital rights in Europe: building on current efforts in the field

By Nani Jansen Reventlow, 2nd March 2018

Last week, over 30 digital rights experts, activists and litigators came together in Berlin. Over two days, they brought into focus work done to advance digital rights in Europe and mapped next steps and new strategies for amplifying those efforts.

The meeting took place exactly two years after a previous gathering of digital rights experts, convened by Open Society Foundations. Following the need that was expressed there to increase strategic litigation efforts, DFF was founded, with the support of OSF and two other seed funders: Adessium Foundation and Omidyar Network.

The strategy meeting followed the consultation process we started in the summer of 2017, asking digital rights activists, experts and litigators what DFF could do to support their work. Following a number of smaller local meetings, 33 individuals and representatives of digital rights, human rights and consumer rights organisations from across Europe gathered to collectively discuss the state of play for digital rights in the region and what can be done to further strengthen those efforts.

Photo: DFF/Gábor Csuday
Photo: DFF/Gábor Csuday

The gathering was kicked off with a mapping of current work done in the field. This yielded an impressive overview of activities ranging from issues like government surveillance, algorithmic profiling, to net neutrality, copyright and online content restrictions. An inventory of existing digital rights litigation work was collectively developed, after which the group focused on potential future legal cases to advance and strengthen digital rights.

Working in smaller groups across the various spaces of Kreuzberg’s betahaus – fueled by their excellent coffee and under the high-energy facilitation of Gunner of Aspiration – detailed work was done on issues such as collaboration across the field (including the identification of potential obstacles), connecting litigation to broader advocacy efforts, and breaking the digital rights “bubble” by building bridges with the broader human rights field. Initial case development conversations were started on amongst others government surveillance, the GDPR, the collection of digital evidence, and net neutrality.

The need for increased information sharing, skill building and skills sharing, as well as pre-litigation research work was discussed in detail, resulting in the formulation of a number of concrete plans to address those needs.

For DFF, the meeting was an affirmation of the impressive work being done in the digital rights field, giving us a sense of the possibilities for integrating and aligning strategies to scale impact. In their feedback on the event, one participant called it “truly inspirational”. We couldn’t agree more. We are inspired by everyone’s expertise and dedication and are excited to continue building on the enthusiasm and sense of urgency present in the room last week for taking collective work to the next level over the months and years to come.