EU must up its game

Yesterday I received a copy of a reply to a question which had been put to the European Commission by British MEP Mary Honeyball.

Here is the question

Subject: The potential impact of the ePrivacy Regulation on the safety, security, privacy of children

Could the Commission indicate, in relation to the draft ePrivacy Regulation currently being considered by the Council, at what point in the drafting or consultation processes were views sought in relation to the regulation’s potential impact on the safety, security, privacy or other interests of children?

To whom did Commission officials speak, when did they do so, and what responses or comments were received?

Here is the answer in full

Prior to the adoption of the Proposal for the ePrivacy Regulation, the Commission held a thorough consultation procedure[1], where everyone had the opportunity to raise concerns, including about child protection online. Issues about the use of PhotoDNA and similar technologies to fight child pornography[2] have, however, not been raised.

It is important to highlight that the vast majority of services using these technologies do not constitute an electronic communications service and thus do not fall under the scope of the ePrivacy Regulation. However, the General Data Protection Regulation applies to those services.

[1]     The questionnaire used did not contain questions regarding the safety, security and privacy of children as the objective of the Regulation is protecting the confidentiality of communication.

[2]     These concerns have been raised more recently by child protection organisations and some Member States during discussions at the Council of the European Union.

You will see I have included the texts of two of the footnotes referred to in the reply. Note the first. It is acknowledged they did not ask about children. Note also the second. Several national Governments and children’s organizations later woke up to the fact that children’s interests were likely to be impacted by the proposed Regulation.

This appears now to be accepted. The Commission refers to  “the vast majority of services“. In other words some will be. QED. And note there is no suggestion anybody reached out to anyone with expertise in the field.

In the midst of the GDPR

The consultation  on the e-Privacy Regulation took place between April and July 2016, in other words at the same time as deliberations and discussions on the GDPR. The GDPR consultations were an extremely unsatisfactory experience from the point of view of children and children’s organizations but even so, in relation to privacy, all of our attention was focused on the GDPR because we had been directed towards it.

We were aware of the e-Privacy Regulation but were assured it was comparatively minor, largely technical, and in no way approaching the same level of importance as the GDPR, the implication being that we should stay focussed on the GDPR.  Our bandwidth was already stretched beyond all tolerable limits so it was a relief to hear this. Turned out to be misleading advice.

Why was our bandwidth stretched beyond all tolerable limits? That’s easy. There was so little to begin with and the gradual withdrawal of support and funds  from this area of work by the Commission had made matters much, much worse.

The Commission must create a level playing field

Instead of withdrawing support the Commission ought to be stepping in and stepping up its efforts to level the playing field as between the internet industry, its own policy making processes and children’s interests. I say this because it appears to have given up.

Children’s groups  cannot divert their scarce funds from meeting the immediate needs of children and families so they can  help the EU and big business understand how to do a better job.  This means if they are to engage at all they have to go with a begging bowl and the only obvious place to go with it is the internet industry. Begging bowls almost always come with a price tag that compromises the independence of the person holding it.

Other than in relation to economic or competition issues I doubt there is a single internet business on the planet that is even to the  smallest degree anxious or worried about what the EU might do. That is not true in respect of the Governments of Germany, France, the UK, Australia or even the USA and a growing number of other countries besides. How has it come to this? The EU was once a global leader in the field. No more.

A systemic failure

The above notwithstanding, if the Commission’s internal processes had been working properly the e-Privacy Regulation débâcle need never have happened. None of the units within the Commission that have a brief for children’s rights saw any of the e-Privacy papers at the relevant time, nor were their views sought. None of the politicians in the Parliament who normally take up children’s interests were alerted or clocked what was happening. This was a systemic failure and it is far from being an isolated one.

A  senior post needs to be created within the Commission, reporting directly to the President of the Commission. It should be mandatory that at an early stage in the policy development process,  irrespective of the DG in which a proposal originated, any and all papers have to cross the new postholder’s desk for sign off in relation to their potential impact on children’s rights or children’s welfare in the online space.

Part of this person’s job has to be to ensure there is a vibrant and independent eco system of NGOs that can act  on behalf of  children and parents,  as a countervailing force to the overweening power of the tech industries. The Commission should positively support a network of academics who can look at key issues in a sustained way.

There was a time

There was a time when something like this existed, de facto.  In October 1996 the European Commission published a “Communication on illegal and harmful content on the Internet”. This was a world-first. It presaged a series of world firsts that went a lot further and wider than the title alone implied.

The title simply reflected the principal preoccupations of the time but it was a hugely important milestone. The Communication led, in 1999,  to the establishment of the Safer Internet Programme which fostered a flowering of initiatives that did not depend on the self-interested munificence  of tech companies.

Independent research into the impact of the emergence of the internet got underway, programmes to enhance public understanding of the internet and its associated benefits and risks, particularly for children, started to flourish.

INHOPE, the global association of hotlines, was created and hotlines in individual countries also received support. A programme to support the self-classification of content got money. Crucially,  faced with the emergence of this new-fangled  transnational phenomenon, the EU enabled children’s NGOs  across  the 28 Member States and beyond to connect with each other, work together to understand the new environment and insert the child’s voice into conversations about policy.  Without the financial support the Commission provided almost certainly none of these things would have have happened.

Virgin territory

All this was new. There were no text books, handbooks or guides to point the way or even make helpful suggestions – and bear in mind also the huge power of the technology companies (plus ça change), then fully in their West Coast plutocratic pomp.

The Safer Internet Programme could easily have foundered. But it didn’t. It went from strength to strength and that was in no small part due to the intellectual rigour,  leadership, drive and personal commitment of the Commission official given responsibility for managing the programme, a Brit called Richard Swetenham. He had been a principal author of the seminal Communication referred to earlier. People listened to what he had to say and wanted to know what his views were because he always evinced a complete mastery of his brief. He had been in on the ground floor and grown with it.

I am not suggesting even for a moment Swetenham did anything other than play by the rules but he somehow managed to maintain the confidence and trust of the NGOs while at the same time being respected by the industry bodies with whom he also had to deal. Mind these were in the internet’s salad days when even I believed self-regulation was the only way to go.

It will be hard to find or create another Swetenham, not least because things have moved on so substantially, but that is precisely why someone needs to give serious attention to the Commission’s organizational arrangements.