EDRi works to influence legislative proposals on artificial intelligence (AI) to protect people, communities and society from the escalating economic, political and social issues posed by AI. EDRi provides input to EU institutions on AI to ensure fundamental rights based legislation and policy.

EDRi’s recommendations to European Union institutions on AI can be found here and the response to the European Commission’s consultation on AI is here.

The Audiovisual Media Services Directive (AVMSD) is the EU’s legal framework that regulates traditional TV broadcasters, on-demand services, and, since 2017, video-sharing platforms. It contains rules on audiovisual advertising, the promotion of European works, and providers’ obligations with regards to the protection of minors from potentially harmful content, among other measures. Regulating online content and the role of online platforms in dissimenating it has a direct impact on freedom of expression and access to information. We are therefore concerned about the AVMSD’s lack of clarity and safeguards for respecting the rule of law and protecting fundamental rights.

In the digital era, copyright should be implemented in a way which benefits creators and society. It should support cultural work and facilitate access to knowledge. Copyright should not be used to lock away cultural goods, damaging rather than benefiting access to our cultural heritage. Copyright should be a catalyst for creation and innovation. In the digital environment, citizens face disproportionate enforcement measures from states, arbitrary privatised enforcement measures from companies and a lack of innovative offers, all of which reinforce the impression of a failed and illegitimate legal framework that undermines the relationship between creators and the society they live in. Copyright needs to be fundamentally reformed to be fit for purpose, predictable for creators, flexible and credible.

The 2016 Data Protection Law Enforcement Directive, or LED, accompanies the more well-known General Data Protection Regulation (GDPR), but relates specifically to data processing for law enforcement purposes. The LED has many similarities with the GDPR, but differences include different requirements for consent. It is an important piece of legislation for holding law enforcement to account and ensuring that people’s personal data is properly protected and not abused by law enforcement. The LED is relevant to many topics on which EDRi works, including surveillance, biometrics, data retention, cross-border data sharing and more.

In 2006, the European Union enacted its Data Retention Directive, requiring telecommunications providers to retain communications data for a period of between 6 months and 2 years, placing the entire population under surveillance. Eight years later, the Court of Justice of the European Union (CJEU) ruled that blanket data retention was illegal under EU law and declared the Directive invalid. Some Member States still ignore this ruling and maintain illegal data retention regime to this day. Despite its role of “guardian of the Treaties”, the European Commission appears unwilling to start infringement proceedings. EDRi monitors regular attempts to give data retention a fresh start at EU level while EDRi members continue to bring legal action against national data retention laws.

EDRi follows and inputs into EU processes related to the Data Strategy to uphold data protection rights, ensure freedom of expression, accessibility and access to information, and resist the exploitation of personal data.

The Digital Services Act (DSA) is a proposed EU law that aims at regulating the large variety of online services available today. It focuses on the responsibilities of online platform providers such as Facebook, Youtube, Twitter and TikTok, who are already today legally liable for illegal content they know of. While the DSA will likely demand more from companies, it is crucial that those political demands respect the fundamental rights of users. The DSA should empower users to be in control of their online lives, guarantee legal redress for users whose content has been falsely blocked or taken down, and help redecentralising the digital sphere.

The European Commission proposed a Regulation on cross-border access to and preservation of electronic data held by service providers and a Directive to require service providers to appoint a legal representative within the EU in April 2018. Since then, the legislative process to adopt them has been fast-tracked, which has prevented any proper assessment of these measures to be carried out.

New devices are being continually developed that increasingly have the ability to connect to the internet and communicate between themselves. These devices, while making our life easier in many ways, also create major privacy and security risks. We explained in our series of blogposts on privacy the freedoms that are under threat, if these technologies are not regulated effectively.

The 2020 European Democracy Action Plan (EDAP) is a Communication from the European Commission on threats to democracy in the EU, including misinformation, disinformation, media freedom and plurality and electoral integrity.

In May 2018, EDRi and our members widely and warmly welcomed the increased protections and rights enshrined in the General Data Protection Regulation (GDPR). Now and two years on, we call on the EU Commission, EDPB, and DPAs to move forward with the enforcement and implementation of the GDPR to make these rights a reality.

The GDPR was designed to address information and power asymmetries between individuals and entities that process their data, and to empower people to control it. Two years since it was introduced, this is unfortunately still not the case. Effectiveness and enforcement are two pillars of the EU data protection legislation where national data protection authorities (DPAs) have a crucial role to play.

Disinformation refers to false, inaccurate, or misleading information used to intentionally cause public harm or make a profit. Hate speech denigrates people based on their race, ethnicity, gender, social status, sexual orientation, religion, age, physical or mental disability among others. Disinformation and hate speech are both dangerous practices, infringing our rights to freedom of information and to non-discrimination, that are further amplified in the digital space.

Net neutrality ensures that internet users can connect to any other point in the network, and that they can create, access and use any content, service and application they choose without discrimination. Since 2015 EU has legislation in place that protects net neutrality and related user rights to an acceptable degree but every year powerful industry lobby groups attempt to
undermine those protections and weaken the law to increase profits. EDRi fights to maintain and further strengthen the current net neutrality rules to keep the internet in Europe truly free (as in freedom not gratis) and accessible to all.

Passenger Name Records (PNR) are very detailed pieces information that are collected by airlines about travelers. As of result of the terrorist attacks of 11 September 2001 (9/11) a number of proposals were pushed to collect more data about everyone, allegedly with the goal to find “patterns” that would reveal terrorist plans before they were executed.

Terrorist networks have grown highly prone to the use of the internet for spreading their propaganda and recruiting followers in recent years. Although the fear of the general public of terrorist attacks certainly puts considerable pressure on policy makers, politicians also strategically use the climate of diffuse anxieties to increase the securitisation of the internet and present themselves as capable, tough leaders. The latest example of such election-motivated policy making is the proposal for a Regulation on preventing the dissemination of terrorist content online, with which the European Commission continues its trend of producing a watershed of “solutions” to terrorist propaganda on the internet.