Connect with us

Digital economy

Privacy and data protection 'can restore consumer confidence in Digital Society'



article_linking_lgThe European Commission's proposal on harmonising electronic communications services across the EU will unduly limit internet freedom, says the European Data Protection Supervisor (EDPS). In his Opinion, the EDPS welcomes the inclusion of the principle of net neutrality - the impartial transmission of information on the internet – in the text, but also said that it is devoid of substance because of the almost unlimited right of providers to manage internet traffic.

Peter Hustinx, EDPS, said: "Any monitoring and restriction of the internet activity of users should be done solely to achieve a targeted, specific and legitimate aim. The large-scale monitoring and restriction of users’ internet communications in this proposal is contrary to EU data protection legislation as well as the EU Charter of Fundamental Rights. Such interference with the rights to personal data protection, confidentiality of communications and privacy will do little to restore consumer confidence in the electronic communications market in Europe.”

The proposal promotes traffic management measures which allow the monitoring of users’ internet communications, including emails sent or received, websites visited and files downloaded in order to filter, slow down or restrict access to illegal services or content.

The EDPS cautioned against the use of these highly privacy intrusive measures under the broad umbrella of crime prevention or to filter content illegal under national or EU law as it is not compatible with the principle of an open internet.

Confidence in our digital environment in the years ahead depends on our capacity to provide legal and technical infrastructures that can generate and preserve trust in the Digital Society. This confidence has already been seriously undermined by various surveillance scandals recently.

To re-build consumer confidence in the electronic communications market in the EU, users need to be certain that their rights to privacy, confidentiality of their communications and protection of their personal information are respected. The EDPS urges the Commission to outline more precise reasons for which traffic management measures can be applied. Any interference with their rights must be clearly communicated to users, allowing them to switch to those providers that apply less privacy-invasive traffic management techniques in their services.

Furthermore, the EDPS says that the supervision of any application of traffic management measures by providers should include a greater role for national data protection authorities to ensure that the privacy and data protection rights of users are fully respected.

Background information

On 11 September 2013, the European Commission adopted a Proposal for a Regulation laying down measures concerning the European single market for electronic communications and to achieve a Connected Continent. Among other measures, the Proposal eases the requirements for communications providers to offer services across the EU, standardises the features of products allowing virtual access to fixed networks and harmonises the rights of end-users, such as those relating to the open Internet, as well as contractual and pre-contractual information. The EDPS Opinion focuses mainly on the effect that the Proposal may have on end-users' rights from a privacy and data protection perspective.

Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.

More specifically, the rules for data protection in the EU - as well as the duties of the EDPS - are set out in Regulation (EC) No 45/2001. One of the duties of the EDPS is to advise the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues that have an impact on data protection. Furthermore, EU institutions and bodies processing personal data presenting specific risks to the rights and freedoms of individuals ('data subjects') are subject to prior-checking by the EDPS.

Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).

Net neutrality: Net neutrality refers to the principle that internet service providers or governments should not restrict or interfere with users' access to the internet. Instead they should enable access to all content and applications regardless of the source, user, content, site, platform, application, type of attached equipment and modes of communication.

Internet/online traffic: Internet traffic is the flow of data across the internet, in other words the usage of the internet at any given time, such as accessing a web page.

Internet traffic management: Traffic may be blocked or filtered by internet service providers, for example, to restrict employees from accessing content that is not deemed to be work appropriate, to restrict access to objectionable content or services, to downgrade access in case of congestion, and to prevent or to respond to security attacks.

The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:

  • Monitoring the EU administration's processing of personal data;
  • advising on policies and legislation that affect privacy, and;
  • co-operating with similar authorities to ensure consistent data protection.

The EDPS Opinion.


Education and training in the digital age: Digital skills essential for learning and for life



The Commission has published its annual Education and Training Monitor, this year with a special focus on teaching and learning in EU member states in the digital age. The coronavirus crisis demonstrated the importance of digital solutions for teaching and learning, and highlighted the existing weaknesses. The report shows that, despite member state investment in digital infrastructure for education and training in recent years, large disparities persist, both between and within countries.

Contrary to the assumption that today's young people are a generation of ‘digital natives', survey results indicate that over 15% of the pupil population in surveyed countries have insufficient digital skills. In addition, teachers report a strong need for professional development in the use of ICT skills for teaching. The report will be presented during today's Digital Education Hackathon.

Innovation, Research, Culture, Education and Youth Commissioner Mariya Gabriel, said: "I am delighted that digital education is the lead theme of this year's Education and Training Monitor, the Commission's flagship report on education in Europe. We believe it is necessary to bring about deep changes in digital education and we are committed to increasing digital literacy in Europe. Just recently the Commission proposed a package of initiatives, including the new Digital Education Action Plan 2021-2027, which will strengthen the contribution of education and training to the EU's recovery from the coronavirus crisis, and help build a green and digital Europe.”

The Education and Training Monitor analyses the main challenges for European education systems and presents policies that can make them more responsive to societal and labour market needs. The report comprises a cross-country comparison, with 27 in-depth country reports. More information in the press release and factsheet.

Continue Reading

Digital economy

Economic regulation of major digital platforms : The best way to kill the European digital economy



As European leaders applaud the success of Airbus, an aerospace giant in a duopoly with Boeing, they are about to prevent any possibility of similar success in the digital sector, writes Pierre Bentata (pictured, below).

A Franco-Dutch proposal, now gaining European attention, aims at imposing specific regulations on the major digital platforms, in order to limit their market power. The target of such a regulation is pretty obvious: the big American “tech” companies, and in particular the so-called GAFAM - Google, Apple, Facebook, Amazon and Microsoft - and NATU - Netflix, Airbnb, Twitter and Uber.

Pierre Bentata

Pierre Bentata

According to several reports, these companies enjoy a monopolistic position that ultimately harms European users. More precisely, these companies of accused of controlling the markets on which they operate, based on their important market shares. Yet, the same reports concede being enable to define those markets. In this context, it is argued that a specific regulation should be introduced for platforms deemed too large: a true regulation by size, based on criteria such as turnover, market share and diversity of the services offered, which never takes into consideration consumers’ satisfaction or the economic benefits for the society as a whole.

In practice, once define as a "structuring" digital platform, the company will be required, among other things, to provide information on its algorithms (as we would ask a chef to reveal the secret of the recipes), to share its data with its competitors, and even more important, to present their business development strategies in advance to a European regulator who will decide whether the strategy is prohibited or not, depending on its likeliness to significantly increase the companies’ market share. (This last proposal has been defined as the introduction of a new “abuse of monopolization” specifically designed for large platforms). In short, although they deny it, the promoters of such regulations only have one goal: regulating the large platforms because they are large, regardless of the reason for their success and the existence of competitors.

Besides the legal risk of total arbitrariness on the part of the regulator - how to objectively assess the impact of a company on its consumers based solely on its size ? -, and the political risk of a tit-for-tat escalation in trade protectionism - as was the case with the "GAFA tax" - what will be the obvious consequences of this new regulation?

From a purely economic point of view, it will maintain status quo instead of promoting competition. This is due to the fact that no nascent platform will be willing to grow and take the risk of ending up on the "black list". In addition, the concept of “abuse of monopolization” implies that any potentially effective strategy, which would therefore result in an increase in market share, could be prohibited: in other words, only clearly ineffective strategies would be authorized, i.e. those that no one will take!

In this status quo, or rather this slump, the big losers will be the European citizens, deprived of the current dynamic of innovations and developments in the services provided by the platforms. Indeed, what the promoters of regulatory solutions forget is that the reason why major platforms keep innovating and investing in new solutions lies on the fact that they all compete to satisfy consumers who have the choice between dozens of competitors. While most of the people do their research on Google Search, it is not due to the lack of alternatives - Qwant, DuckDuckGo, Ecosia, Yandex, Yahoo - but to the efficiency of the former. Likewise, those who don't like Amazon can easily turn to Walmart, Otto, or eBay, to name only the most famous. And the same reality prevails in all areas: browsers, "cloud" services, streaming platforms or social networks. In fact, there are hundreds of competitors, and these "giants" themselves are in fierce competition with each other.

With a regulation aiming at limiting the size of the platforms, all of this will end. Platforms will no longer have the possibility to innovate and will no longer have the right to improve their services, since this would increase their attractiveness. This will also slow down the emergence of new digital solutions that could improve teleworking and strengthen individual autonomy.

Instead of promoting the rise of major European digital platform, this regulation will deprive Europeans of the platforms they value and use every day. And to benefit from innovations and new services, they will have to take a plane and go to the United States and China. Hopefully, they’ll take an Airbus to do so.

Pierre Bentata is professor of economics and president of Rinzen Conseil. He holds a Ph.D in economics and an LL.M is civil law. He is a specialist of the economic analysis of regulation and has published several reports on the digital economy and digital platforms.

Continue Reading


Despite talk of digital sovereignty, Europe sleepwalks into Chinese dominance on drones



In her State of the European Union speech, European Commission President Ursula von der Leyen delivered a clear-eyed assessment of the European Union’s position within the global digital economy. Alongside predictions of a European “digital decade” shaped by initiatives such as GaiaX, von der Leyen admitted Europe had lost the race on defining the parameters of personalized data, leaving Europeans “dependent on others”, writes Louis Auge.

Despite that straightforward admission, the question remains whether European leaders are willing to mount a consistent defence of their citizens’ data privacy, even as they accept reliance on American and Chinese firms. When it comes to challenging American social media or e-commerce giants like Google, Facebook, and Amazon, Europe has no problem seeing itself as the global regulator.

In facing China, however, the European position often seems weaker, with governments only acting to curb the influence of Chinese technology suppliers such as Huawei under intense US pressure. Indeed, in one key area with serious implications for several economic sectors Commission President von der Leyen cited in her speech – unmanned aerial vehicles, otherwise known as drones – Europe is allowing a single Chinese firm, DJI, to corner the market practically unopposed.

A trend accelerated by the pandemic

Shenzhen Dajiang Innovation Technologies Co. (DJI) is the unquestioned leader of a global drone market predicted to skyrocket to $42.8 billion in 2025; by 2018, DJI already controlled 70% of the market in consumer drones. In Europe, DJI has long been the unmanned aerial vehicle (UAV) supplier of choice for military and civilian government clients. The French military uses “commercial off-the-shelf DJI drones” in combat zones like the Sahel, while British police forces uses DJI drones to search for missing persons and manage major events.

The pandemic kicked that trend into high gear. In European cities including Nice and Brussels, DJI drones equipped with loudspeakers admonished citizens about confinement measures and monitored social distancing. DJI representatives have even tried to convince European governments to use their drones to take body temperatures or transport COVID-19 test samples.

This rapid expansion in the use of DJI drones runs counter to decisions being taken by key allies. In the United States, the Departments of Defense (the Pentagon) and the Interior have banned the use of DJI’s drones in their operations, driven by concerns over data security first uncovered by the US Navy in 2017. In the time since, multiple analyses have identified similar flaws in DJI systems.

In May, River Loop Security analyzed DJI’s Mimo app and found the software not only failed to adhere to basic data security protocols, but also that it sent sensitive data “to servers behind the Great Firewall of China.” Another cybersecurity firm, Synacktiv, released an analysis of DJI’s mobile DJI GO 4 application in July, finding the company’s Android software “makes use of the similar anti-analysis techniques as malware,” in addition to forcibly installing updates or software while circumventing Google’s safeguards. Synacktiv’s results were confirmed by GRIMM, which concluded DJI or Weibo (whose software development kit transmitted user data to servers in China) had “created an effective targeting system” for attackers – or the Chinese government, as US officials fear – to exploit.

To address the potential threat, the Pentagon’s Defense Innovation Unit (DIU) has introduced a small Unmanned Aircraft Systems (sUAS) initiative to procure drones from trusted American and allied manufacturers; France’s Parrot is the only European (and, indeed, non-American) firm currently included. Last week, the Department of the Interior announced it would resume purchasing drones through the DIU sUAS program.

DJI’s security flaws have also sparked concern in Australia. In a consultation paper released last month, the Australian transport and infrastructure department flagged weaknesses in Australia’s defenses against “the malicious use of drones,” finding UAVs could potentially be used to attack the country’s infrastructure or other sensitive targets, or otherwise for purposes of “image and signals gathering” and other types of reconnaissance by hostile actors.

In Europe, on the other hand, neither the European Data Protection Board (EDPB), the German Federal Commissioner for Data Protection and Freedom of Information (BfDI), nor the French National Commission on Informatics and Liberty (CNIL) have taken public action on the potential dangers represented by DJI, even after the company’s products were found forcibly installing software and transferring European user data to Chinese servers without allowing consumers to control or object to those actions. Instead, the use of DJI drones by European military and police forces may appear to offer consumers a tacit endorsement of their security.

Despite an opaque ownership structure, links to Chinese state abound

Suspicions of DJI’s motives are not helped by the opacity of its ownership structure. DJI Company Limited, the holding company for the firm via the Hong Kong-based iFlight Technology Co., is based in the British Virgin Islands, which does not disclose shareholders. DJI’s fundraising rounds nonetheless point to a preponderance of Chinese capital, as well as linkages with China’s most prominent administrative bodies.

In September 2015, for example, New Horizon Capital – cofounded by Wen Yunsong, son of former premier Wen Jiabao – invested $300 million in DJI. That same month, New China Life Insurance, partly owned by China’s State Council, also invested in the firm. In 2018, DJI may have raised up to $1 billion ahead of a supposed public listing, although the identify of those investors remains a mystery.

DJI’s leadership structure also points to links with China’s military establishment. Co-founder Li Zexiang has studied or taught at a number of universities linked to the military, including the Harbin Institute of Technology – one of the 'Seven Sons of National Defence' controlled by China’s Ministry of Industry and Information Technology – as well as the National University of Defense Technology (NUDT), directly supervised by the Central Military Commission (CMC). Another executive, Zhu Xiaorui, served as DJI’s head of research and development up until 2013 – and now teaches at the Harbin University of Technology.

These links between DJI’s leadership and China’s military would seem to explain DJI’s prominent role in Beijing’s repression of ethnic minority groups. In December 2017, DJI signed a strategic partnership agreement with the Bureau of Public Security of the Autonomous Region of Xinjiang, outfitting Chinese police units in Xinjiang with drones but also developing specialized software to facilitate missions for the “preservation of social stability.” DJI’s complicity in the campaign of “cultural genocide” against the Uighur population of Xinjiang burst into the headlines last year, when a leaked video – shot by a police-controlled DJI drone – documented a mass transfer of interned Uighurs. The company has also signed agreements with authorities in Tibet.

An inevitable crisis?

While DJI has gone to considerable efforts to counteract the findings of Western governments and researchers, even commissioning a study from consultancy FTI that promotes the security of its new “Local Data Mode” while sidestepping existing flaws, the monopolistic control of this emerging sector by a single firm with links to China’s security establishment and direct involvement in systemic human rights abuses could quickly become a problem for regulators in Brussels and the European capitals.

Given how prevalent drones have become across the wider economy, the security of the data they capture and transmit is a question European leaders will have to address – even if they prefer to ignore it.

Continue Reading