Facebook has been ordered by the Hamburg Data Protection Authority to allow the use of pseudonyms on its social networking site – a practice which has so far been prohibited according to the site’s terms of service.
Facebook has been ordered by the Hamburg Data Protection Authority to allow the use of pseudonyms on its social networking site – a practice which has so far been prohibited according to the site’s terms of service.
Second-ranked candidate, Malta’s Joseph Cannataci was appointed as the UN's first investigator for digital rights after German Joachim Ruecher, president of the UN Human Rights Council overruled the choice of Estonias's Katrin Nyman-Metcalf, on the grounds that Metcalf might be soft on US government surveillance.
The same cyber-attackers who breached Office of Personnel Management and healthcare giant Anthem appear to have also stolen flight manifests containing passenger information from United Airlines earlier this year
Privacy and data protection are two interrelated Internet governance issues. Data protection is a legal mechanism that ensures privacy. Privacy is usually defined as the right of any citizen to control their own personal information and to decide about it (to disclose information or not). Privacy is a fundamental human right. It is recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. The July 2015 appointment of the first UN Special Rapporteur on the Right to Privacy in the Digital Age reflects the rising importance of privacy in global digital policy, and the recognition of the need to address privacy rights issues the the global, as well as national levels.
The International Covenant on Civil and Political Rights (ICCPR) is the main global legal instrument for the protection of privacy. At a regional level, the main instruments on privacy and data protection in Europe is the Council of Europe (CoE) Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of 1981. Although it was adopted by a regional organisation (CoE), it is open for accession by non-European states. Since the Convention is technology neutral, it has withstood the test of time. The EU Data Protection Directive (Directive 95/46/EC) has also formed an important legislative framework for the processing of personal data in the EU and has had a vast impact on the development of national legislation not only in Europe but also globally. This regulation has also entered a reform process in order to cope with the new developments and to ensure an effective privacy protection in the current technological environment.
Another key international – non-binding – document on privacy and data protection is the OECD Guidelines on Protection of Privacy and Transborder Flows of Personal Data from 1980. These guidelines and the OECD’s subsequent work have inspired many international, regional, and national regulations on privacy and data protection. Today, virtually all OECD countries have enacted privacy laws and empowered authorities to enforce those laws.
While the principles of the OECD guidelines have been widely accepted, the main difference is in the way they are implemented, notably between the European and US approaches. In Europe there is comprehensive data protection legislation, while in the USA the privacy regulation is developed for each sector of the economy including financial privacy (the Graham-Leach-Bliley Act), children’s privacy (the Children’s Online Privacy Protection Act) and medical privacy (under the Health Insurance Portability and Accountability Act).
Another major difference is that, in Europe, privacy legislation is enforced by public authorities, while in the USA enforcement principally rests on the private sector and self-regulation. Businesses set privacy policies. It is up to companies and individuals to decide about privacy policies themselves. The main criticism of the US approach is that individuals are placed in a comparatively weak position as they are seldom aware of the importance of options offered by privacy policies and commonly agree to them without informing themselves.
These two approaches – US and EU – to privacy protection have generated conflict. The main problem stems from the use of personal data by business companies. How can the EU ensure that data about its citizens is protected according to the rules specified in its Directive on Data Protection? According to whose rules (the EU’s or the USA’s) is data transferred through a company’s network from the EU to the USA handled?
A working solution was found in 2000 when the European Commission decided that EU regulations could be applied to US companies inside a legal ‘safe harbour’. US companies handling EU citizens’ data could voluntarily sign up to observe the EU’s privacy protection requirements. Having signed, companies were required to observe the formal enforcement mechanisms agreed upon between the EU and the USA.
The so-called Safe Harbor Agreement was received with a great hope as the legal tool that could solve similar problems with other countries. However, it was criticised by the European Parliament for not sufficiently protecting the privacy of EU citizens.
In a turning point for data transfers between the EU and the USA, in October 2015, the Court of the Justice of the European Union (CJEU) struck down this long-standing agreement and declared the Safe Harbour Agreement to be invalid. The Court found that the European Commission had failed to examine whether the USA afforded an adequate level of protection equivalent to that guaranteed in EU, but simply examined the safe harbor scheme. It found that in the US, the scheme is applicable only to undertakings that adhere to it, whereas public authorities are not subject to it, and national security, public interest and law enforcement requirements prevail over scheme. The US scheme therefore enables interference by public authorities, whereas no such limitations exist under EU law.The Court also found that the powers of national supervisory authorities could not be diminished other than by the Court.
Given the high importance of privacy and data protection in the relations between the USA and the EU after the Snowden revelations, it is likely to expect higher pressure to find a post-Safe Harbour Agreement solution.
A series of blog posts which explore the main dilemmas surrounding the Apple-FBI case. In these posts, three fictitious characters, Privarius, Securium, and Commercias talk about encryption, privacy, and security.
The report outlines data security threats and concerns in emerging cloud, big data and Internet of Things technologies. Based on the results of a global survey conducted among over 1100 senior security executives, the report identifies the following as the main data security concerns: security breaches/attacks, increased vulnerability from shared infrastructure, lack of control over the location of data, privacy violations from data originating in multiple countries, protecting sensitive data generated by IoT.
This article reflects on trends in Internet censorship in Australia, Chile, China, Finland, Libya, Myanmar, Singapore, Turkey and the UK.
This paper argues that mobile is both a medium and a media delivery platform. Changes in handset devices and levels of literacy will affect who has access to what content and there are key equity issues to be addressed.
The latest edition of glossary, compiled by DiploFoundation, contains explanations of over 130 acronyms, initialisms, and abbreviations used in IG parlance. In addition to the complete term, most entries include a concise explanation and a link for further information.
The booklet looks at legal restrictions on and informal obstacles to personal use of encryption for communication and the exercise of anonymous speech online in four countries: Morocco, Pakistan, South Korea, and the United Kingdom.
The book, now in its sixth edition, provides a comprehensive overview of the main issues and actors in the field of Internet governance and digital policy through a practical framework for analysis, discussion, and resolution of significant issues. It has been translated into many languages.
The study looks into how much of a role security and privacy played in people’s decisions to use a mobile instant messenger.
The paper, addressed to organisations that collect, store, or make use of personal data related to Russian citizens, outlines a series of recommendations on how to comply with the existing Russian legislation in this field, taking into account legal, organisational, and commercial aspects.
The report outlines predictions of the development of the technology, media, and telecommunications sectors in 2017. It covers issues such as: biometric security, distributed denial of service attaches, self-driving vehicles, 5G networks, machine learning, and Internet of Things as a service.
The report outlines examples of privacy enhancing technologies applied to drones. It describes how drone manufacturers and operators use privacy-by-deign principles to help drone users respect privacy, and to promote trust in drone operations.
The report provides an overview of the US Department of Commerce’s policies in the field of digital economy over the course of the Obama administration. It covers area such as: management of the Domain Name System, privacy and security online, innovation and emerging technologies, and access and skills.
The report, prepared by the Global Commission on Internet Governance, outlines a series of recommendations to policy makers, private industry, the technical community and other stakeholders on modalities for maintaining a ‘healthy Internet’. It tackles aspects such as: the promotion of a safe, open and secure Internet, human rights for digital citizens, the responsibilities of the private sector, safeguarding the stability and resiliency of the Internet’s core infrastructure, and improving multistakeholder Internet governance.
The report explored the connection between encryption and human rights, and argues that individuals should be able to encrypt their communications and personal data as an essential protection of their rights to privacy and freedom of expression.
Report on the implications of technological and economic convergence for the regulation of the digital ecosystem. The report focuses on six areas of regulatory policy: access regulation, barriers to entry and exit, privacy and data protection, merger review, spectrum management, and universal availability and access
This report examines the growth of social media platforms and the subsequent rapid surge in digital content shared online.
The report outlines several predictions for technology developments in 2016. It focuses on: 5G, big data, Internet of Things, the customerisation of software, and market convergence.
This report addresses internet freedom around the world and measures Internet freedom in different countries. Categories used are 'obstacles to access', 'limits on content', and 'violations of user rights'.
This report examines and documents evolutions and emerging opportunities and challenges in the digital economy. It provides a comprehensive overview of the digital economy, including matters of infrastructure, policy, net neutrality, development, privacy and security.
This report focuses on mobile Internet, its trends and growth, benefits, challenges and recommendations.
Report listing the requests received by Facebook from governments around the world and Facebook's approach to handling them.
This report develops five theoretical models to analyse the effects of taxation in the digital economy.
This session, moderated by Ms Karmen Turk (Attorney-at-Law, TRINITI) featured discussions on the role of intermediaries in enforcing human rights in the online world. As an introduction, Turk emphasised that current debates on Internet governance often address the issue of human rights, but usually fail to define what the necessary framework would be to effectively enforce them.
Mr Wolfgang Kleinwächter (Professor Emeritus, University of Aarhus) argued that today ‘human rights are in the centre of the Internet governance debate’, but emphasised that discussions have evolved since the beginning of the year 2000. Indeed, there used to be a debate on whether we would need to rewrite human rights in the digital age or instead address emerging challenges within the existing legal instruments. The choice that was finally made and which is reflected by the outcome of the 2015 World Summit on the Information Society (WSIS) in Tunis is that existing rights are sufficient. Instead of reinventing new rights, current debates have thus shifted towards the question of the implementation of human rights in cyberspace. Kleinwächter emphasised the recent extension of the Human Rights Council’s mandate to address these issues, in particular through reports, fact-finding missions, and the appointment of new special rapporteurs on freedom of expression and privacy. They each constitute important instruments for ensuring that governments and companies alike protect and respect human rights online.
Mr Markus Kummer (Board Member, Internet Corporation for Assigned Names and Numbers (ICANN)) dealt with the question of the implementation of human rights online from the perspective of ICANN. Given its contribution to the good functioning of the Internet, ICANN promotes human rights, and in particular freedom of expression. But in the past, human rights were rarely addressed within ICANN’s internal discussions. This situation progressively changed after non-commercial stakeholders and certain ICANN Board members attempted to progressively introduce human rights to the agenda. This process had led ICANN to work on a framework for the implementation of human rights, currently under discussion. This framework for human rights intends to reaffirm ICANN's existing obligations within its core values.
Ms Charlotte Altenhoener-Dion (Administrator, Council of Europe) addressed the enforcement of human rights online based on recent developments at the level of the Council of Europe (CoE). From a legal perspective, the doctrine of the European Court of Human Rights (ECHR) is characterised by its dynamic interpretation of human rights, and thus follows the evolutions of society by taking into account ongoing technological developments. In addition to the ECHR’s jurisprudence, the CoE is also active at policy level to ensure the enforcement of human rights online. It formulates non-binding soft-law standards in order to help governments and other stakeholders to apply human rights online. These standards offer guidelines on specific issues, such as media pluralism and the service value of the Internet. In this context, standards set by the CoE usually differentiate obligations for states in terms of human rights with the responsibilities of intermediaries to respect human rights in the online space.
Mr Matthias C. Kettemann (Researcher, University of Frankfurt) then presented more specifically the work of the CoE with regard to human rights enforcement online by presenting its recommendation on Internet intermediaries. Still in its draft version, this recommendation aims to help intermediaries realise human rights online on the basis of existing law. For Kettemann, there is no need to reinvent the law to ensure that intermediaries adequately deal with human rights challenges. Intermediaries need to increase transparency and accountability, and conduct due diligence assessment with regard to human rights. For instance, terms of service must be in line with human rights standards, as is not systematically the case. Respecting the rights of users requires avoiding general untargeted filtering systems of users’ content and adopting the least restrictive means possible to control content. Finally, effective remedies need to be accessible for users and intermediaries should engage in age and gender-sensitive efforts to promote the awareness of users of their rights and freedom online. At the level of states, it is of great importance that states apply the principle of legality, meaning that demands addressed to intermediaries must be prescribed by law.
This session presented the European Commission and the Internet Society’s respective perspectives on the Internet of tomorrow.
The first keynote speech was given by Mr Pearse O'Donohue (Acting Director for the Future Networks Directorate of DG CONNECT, European Commission) on the vision and projects of the European Commission with regard to the Next Generation Internet. O'Donohue started by acknowledging that the future of the Internet has become central to international discussions on Internet governance and requires the inclusion of all stakeholders.
He introduced the work of the European Commission on the future of the Internet. The European Commission recently conducted a public consultation on the Next Generation Internet to engage with all stakeholders on this issue. The results of this consultation highlight the widely shared concerns among stakeholders regarding the online world. Users increasingly limit their online activities due to challenges in terms of security, inclusiveness, and overall trust. O'Donohue argued that there needs to be an acknowledgment of these issues in order to prevent the digital divide further widening and becoming a permanent reality.
At the level of the European Union (EU), several initiatives and legislative proposals have been recently launched to strengthen the digital single market. In May, the European Commission conducted a mid-term review and its results show that more needs to be done. With regard to privacy for instance, many non-regulatory steps still need to be taken, so that the regulation of privacy becomes systematically embedded in the way businesses operate. More generally, the EU, when addressing the future of the Internet, needs to build more on its core values, such as inclusiveness and solidarity.
To do so, the European Commission recently launched its Next Generation Internet Initiative to rebuild trust in the Internet by identifying key areas of future developments. This initiative adopts a human-centric approach to address the growing disconnect between individuals and technology. At the same time, this initiative acknowledges that European Commission cannot act alone in the Internet ecosystem and strongly relies on the multistakeholder model. This is why this new initiative also aims to engage with more stakeholders, including start-ups and groups that are usually less represented in Internet governance debates.
Ms Sally Shipman Wentworth (Vice President of Global Policy Development, Internet Society) then presented the recent work conducted by the Internet Society on the future of the Internet. If it is impossible to predict the future, she argued that studying several patterns and trends at the community level could allow us to better imagine the Internet of tomorrow. Therefore, the main goals of this research are to understand the current forces of change in order to make recommendations on how to shape the future of the Internet.
Though this research project is still ongoing,Wentworth presented its preliminary findings. They build on 2500 survey responses from over 160 countries, 130 expert interviews conducted across the world, as well as 15 roundtable discussions. The final outcome of this research will be presented as part of the 2017 Internet Society Global Internet Report in September 2017.
Overall, the Internet Society’s community identified six areas as driving forces for the future of the Internet: the interaction of the Internet and the physical role, the evolution of the Internet economy, the role of governments in the online world, cyber-threats, artificial intelligence, networks standards and operability. The community also looked at the interactions between these drivers by focusing on three topics: personal rights and freedoms; the digital divide; and issues related to media, culture, and society. In terms of recommendations, interviews from the community indicated the strong need for amplifying civil society and end-user voices as part of the multistakeholder model.
The objective of the session was to discuss the meaning of digital citizenship; define the level of e-accessibility, obstacles, and risks; and explore issues such as the creation of secure digital identity and of a borderless digital society.
The moderator of the session, Ms Birgy Lorenz (PhD, Scientist at Tallinn University of Technology Centre for Digital Forensics and Cyber Security (project Cyber Olympic)), presented the Estonian digital society model.
Mr Alex Wellman (Head of Marketing, Estonia Investment Agency), elaborated on Estonia’s e-residency programme, the advantages for business, the benefits from digitalization, and the difference of the initiative from countries providing tax benefits.
Ms Clara Sommier (Analyst, Public Policy & Government Relations, Google) emphasised the importance of accessibility for all in a digital society, along with the openness of the Internet, finding your voice online, and the ability to empower the disadvantaged and get them in the mainstream.
Ms Sandra Särav (PhD candidate at University of Lausanne, Switzerland) stressed that trust is the key to digital citizenship. She also emphasized the need for global citizenship.
Ms Marianne Franklin (PhD, Professor of Global Media and Politics, Goldsmiths University of London, UK and the Co-Chair of the Internet Rights and Principles Coalition at the IGF) noted that migrants, refugees, and asylum seekers need to be considered when discussing citizenship. It is important to define the digital citizen and to understand the issues holistically. She questioned whether digitisation or citizenship comes first. Franklin believes that the design of any digital framework for citizenship is critical and should not be restrictive. She emphasised the importance of design of the systems and the importance of having alternatives in order to avoid overreliance on one system. On the question of cross-border digital citizenship, it is important, she said, for countries to agree on some underlining principles.
To address the issue of digital skills of older people, Mr Haris Kyritsis (Greek Safer Internet Centre youth panel) shared the example of youngsters having digital skills, teaching older generations how to use this platform. Sommier suggested using a blend of online and offline options. Sarav emphasised showing and teaching elders how to use the Internet.
Mr Raed Yakoub (Research Associate at Goldsmiths, University of London) added that there may be different ways in which a group of people may be discriminated against owing to requirements for different identification and authentication documents than the ones they have. He proposed creating e-societies and e-residents as ways to encourage inclusion.
There was also a discussion between Sarav and Wellman on the advantages and disadvantages of having a single identity to stop digital threats.
On the question of the possibility of setting up a scrutinising body to ensure citizen data is not abused by any government, Sarav suggested the need to recognise cross-border interoperable services while Sommier suggested sharing only legitimate data with governments on a case-by-case basis.
Responding to the question of youth participation and their lack of trust in government, Sommier noted that e-participation is important, but that a suitable space needs to be created so that the voice of the youth can be heard. Such an initiative she believes needs to be taken at the political level. Kyritsis believes that digital citizenship can be an option to engage the youth. Franklin added that participation needs to be encouraged in many ways and on many levels. Having youth role models was also a suggestion.
Responding to the question as to what would be the perfect digital society, Sarav suggested the existing one, as there cannot be anything which is perfect; for Kyritsis, it is one where privacy and security issues are addressed; for Sommier it is when the Internet is open and everybody can access it safely. Wellman suggested looking at things from a higher level, while Franklin will be satisfied when citizenship is defined as inclusive participation and success is measured in terms of inclusion of disadvantaged in the society.
Ms Oliana Sula (Lecturer at Faculty of Business, Universiteti "Aleksander Moisiu" Durres) summarised the discussion, stating that the Estonian model can be termed as a best practice. She noted that models need to be customised and there is a need to make different systems more interoperable. Models should define digital citizenship and distinguish it from digital residency as well as define digital inclusion and how to address the disadvantaged to improve digital participation and regulating competition.
At the meeting of the Government Advisory Committee (GAC) with the ICANN Board during ICANN59, the topics discussed included an update on the new Board process for considering and processing GAC advice, ICANN document handling, two-character country and territory codes at the second level, the Board’s response to GAC advice on international governmental organisations (IGOs) protections, and the mitigation of domain name abuse, among others.
On the issue of mitigating domain name abuse, Ms Cathrin Bauer-Bulst (Deputy Head of Unit, Fight Against Cybercrime, Belgium) thanked Mr Göran Marby (CEO, ICANN) for initiating a dialogue on abuse mitigation measures between the GAC, the GAC Public Safety Working Group and the CEO.
Mr Thomas Schneider (GAC Chair) raised concerns over the handling of the existing ICANN document, and the need for following minimum standards to track important information, which include details about the author of the document, its purpose, the address and status. Mr Markus Kummer (ICANN Board Member) responded by saying that initiatives are currently underway to improve the internal processes handled by the Board, while making them more traceable, as well as to develop a new document management system within ICANN. Marby stated that ICANN is exploring modalities to support fact-based discussions within the GAC, as well as between the GAC and the Board. It was also said that efforts are made for the GAC to receive Board responses on its advice earlier, thus avoiding having such responses sent shortly before an ICANN meeting.
To a question raised by the GAC Chair on how the GAC can add value to the annual Global Domains Division (GDD) Summit, and contribute to policy discussion, Marby clarified that the event is not for policy-making, and that ICANN was merely facilitating the meeting and was not responsible for preparing the agenda. Mr Akram Atallah (President, GDD, ICANN ) equated it to the intersessional sessions of contracted parties, and not an event for policies. In response, the GAC representative from Argentina raised the question of geographic name discussions during the GDD, where the GAC could have added value. Marby responded by saying that some cross-community dialogue or exchange of information should be possible.
Ms Lousewies van der Laan (ICANN Board) emphasised the importance of continued dialogue between the GAC and the Board.
Bulst raised the issue of how ICANN was planning to comply with the EU General Data Protection Regulation (GDPR), since the Next-Generation gTLD Registration Directory Services (RDS) Policy Development Process (PDP) would not be ready by the entry into force of the regulation. Marby emphasised the importance of the GAC's input on issues related to ICANN’s compliance with privacy and data protection law, within the context of the public interest. Burr said that in order to help meet the compliance requirements, ICANN has created several processes, including a GDPR Compliance Consultation Group, and the Next-Generation gTLD RDS PDP, where GAC input would be welcome.
On the issue of IGO protection, Switzerland urged the Board to advise the Working Group on IGO-INGO Access to Curative Rights Protection Mechanisms to take into consideration the inputs shared by the GAC, especially through the Copenhagen GAC Communiqué. The GAC also expressed concerns over the fact that the Board response to the committee’s Copenhagen Communiqué does not adequately addressed issues raised by governments. Marby responded by saying that the Board would support a dialogue and that the PDP process had noted the comments of the GAC.
Brazil raised the issue of the two-character country code and the need to discuss and understand the next steps. He further suggested setting up a task force with members from the GAC, the ICANN Board and other groups.
Iran expressed concerns over allowing two-character country codes at second level in gTLDd without the consent of governments, and changing the 60 day time limit for governments to respond to an application of the two-character country code, and requested for it to be continued on an interim basis. Atallah pointed out that even in the 2012 new gTLD round, there were options for applicants to either get consent from the GAC or implement mitigation measures, and that this option was still available.
Marby suggested creating a task force, comprising of the GAC chair and a few countries, to figure out how information flow can be improved.
South Africa commented that there should be more capacity building in underserved areas related to issues such as the two-character country codes.
Mr Chuck Gomes (Chair, Next-Generation gTLD Registration Directory Services (RDS) Policy Development Process (PDP)Working Group) gave a brief introduction to the next generation RDS PDP process, defining the purpose as collecting, maintaining, and providing access to generic top-level domain (gTLD) name registration data and considering safeguards for protecting the data.
He also described the three phases involved in this process: phase one, examining all requirements for gTLD registration data and directory services at a high level; phase two, developing detailed policies to satisfy those requirements; and phase three, creating any necessary implementation and coexistence guidance. He said that they were tasked on trying to reach consensus on what are the fundamental requirements for gTLD registration data. They are supposed to consider: users and purposes and associated access, accuracy, data elements, and privacy requirements. Fundamental question to be answered by ICANN60: is a new policy framework and Next-Generation RDS needed to address the requirements that they are developing? If yes, what cross-cutting requirements must any next-generation RDS address, including coexistence, system model, and cost, benefit, and risk analysis requirement? If not, does the current WHOIS policy framework sufficiently address these requirements? If not, what revisions are recommended to the current WHOIS policy framework to do so?
Dr Jin Galvin (Afilias and Vice-chair Security and Stability Advisory Committee (SSAC)) gave an overview of the draft statement of purpose which includes collecting, maintaining, and providing access to data. He noted that consensus had been reached by the working group on four specific purposes for registration data and RDS, which include, among others, the purpose to provide information about the lifecycle of a domain name and its resolution on the Internet.
Mr Rod Rasmussen (member, SSAC) explained that other purposes of the RDS was to facilitate dissemination of gTLD registration data of record, such as domain names and their domain contacts and name servers, identify domain contacts, and facilitate communication with domains contacts associated with gTLD names. He stated that the purpose of gTLD registration data in the RDS will be defined later in this PDP.
There were questions raised on the need for this exercise.
Responding to questions on the accuracy and relevance of the data published currently in WHOIS and whether there was a discussion of elements of data being collected to bridge the gap, Gomes noted that currently the focus was on thin data, or Minimum Public Data Set (data sufficient to identify the sponsoring registrar, status of registration, creation and expiration dates for each registration, name server data, the last time the record was updates in its WHOIS data store, and the URL for the registrar’s WHOIS service) and that the thick data of people and its administration was not under discussion.
Two questions were raised: How does this address the basic EU data protection criteria and how will protection of the data based on the four parameters raised in the statement of purpose be addressed. Further, if the four parameters are used by people, how can they be protected from phishing, malware, etc. The need to include consumer protection and public safety from domain name abuse into the statement of purpose was emphasised. A respondent also pointed that there was no consensus of what items should be in the statements.
The issue of anti-abuse of registration data was also raised along with a question on how to include public interest in the definition of accountability of data processing, privacy, and data protection.
On the review and discussion of preliminary agreements reached in relation to gated access to registration data, the deliberation was on what steps are needed to control access to gTLD registration data in the Minimum Public Data Set. Should gTLD registration data in the Minimum Public Data Set be public or should access be controlled. During the discussion, it was shared that per the draft working group agreement (no. 20), gTLD registration data must be accessible without requester identification, authentication, or stated purpose and there should be no policy that prevents RDS operators from applying operational controls, such as rate limiting and Captcha, provided they do not unreasonably restrict legitimate access (no. 21). There was also a discussion on what guiding principles should be applied to Minimum Public Data Set access.
On the issue of review and discussion of Preliminary Agreements reached in relation to privacy, there were discussions on what gTLD registration data in the Minimum Public Data Set should be collected, stored, and disclosed. The working group is now pursuing independent legal analysis to inform its deliberation on key concepts for data protection and privacy. There were questions raised on the words used in the document, on the existing gTLD RDS policy, and on lack of discussion on free speech.
A face-to-face meeting on 28 June will consider the cross-community session inputs to deliberate on key concepts for elements that go beyond the Minimum Public Data Set, along with the additional goals.
Members of the At-Large Advisory Committee (ALAC) and Regional At-Large Organisations (RALO) leadership discussed policy and process issues related to the At-Large Community, which represents the interests of end-users.
The session was chaired by Mr Alan Greenberg (Chair, ALAC).
Dr Rinalia Abdul Rahim (ICANN Board Member) discussed the priorities of the ICANN Board, which include:
Abdul Rahim encouraged the community to engage in annual planning for their respective constituencies to help manage the workload. Regarding the Empowered Community model, which is the mechanism through which ICANN’s Supporting Organisations (SOs) and Advisory Committees (ACs) can organise themselves under California law to legally enforce community powers, Abdul Rahim responded that the legal department at ICANN has made sure that Board members are aware of the new setup. She noted that ‘ICANN is in a much better position now than it was before, the Chief Executive Officer (CEO) is process oriented, and the Board and community are supportive.'
Mr Leon Felipe Sanchez (Vice Chair, ALAC and incoming ICANN Board member) shared his perspective as an incoming Board member. He is currently going through on-boarding, a process of getting adjusted to the new Board position. So far, he says that the Board environment looks completely different from the inside. Since Sanchez was part of the Cross Community Working Group (CCWG) Accountability Work Steam 1 (WS1), he pushed to get the Board involved from the very beginning of the Internet Assigned Names Authority (IANA) stewardship transition process. He has committed to keep in touch with the At-Large Community, which elected him to the Board position.
Regarding the next meeting, ICANN60, Greenberg informed participants that two new travel slots had been approved. The grants would be awarded to people active in ICANN work (policy development). RALOs will be asked to nominate volunteers for a working group to establish criteria for the selection of candidates.
Greenberg expounded his view that there was reason to worry in regards to the high penalties associated with the GDPR. His major concern was whether privacy of individuals outweighs the privacy of other information. He mentioned that the privacy and data protection rules are not absolute; for example, when having name server information private, it does not help the global Domain Name Systems (DNS).
On the issue of new generic TLD auction proceeds, ICANN has made USD$240 000 000 from the auctioning of strings such as .webs, .web, .shop, .hotels, .baby, .dot, .salon, .vip, .tech, .buy, etc. Community members were asked to work on defining a mechanism for how the proceeds funds could be allocated.
During the debriefing of the meeting, Mr Yrjö Länsipuro (ALAC liaison to the Government Advisory Committee (GAC)) called on the participation of the At-Large Community in the discussions concerning the issue of geographic names. The GAC has formed a working group to examine the protection of geographic names in any future expansion of gTLDs. Greenberg confirmed the participation of the At-Large Community in the working group.
The chair of the session, Ms Cheryl Langdon-Orr (Vice-chair, ALAC, ICANN) started the meeting by clarifying that the ICANN community needed awareness raising exercises to prepare for the impact of the new European General Data Protection Regulation (GDPR). She said that it was necessary to find a clear set of basic concepts and understanding of what it is that the community has to deal with concerning the implementation of the GDPR.
Ms Cathrin Bauer-Bulst (Deputy head of the unit for cybercrime and child sexual abuse, DG Migration and Home Affairs, European Commission) took the floor to suggest one such set of key basic concepts. Bauer-Bulst noted that the overall fundamental right to data protection as enshrined in legal instruments, in practice translates into specific rights for individuals. She mentioned the right to be informed, the right of access, the right to rectify inaccurate or incomplete information, the right to erase data which is no longer necessary or whose consent to process or store was withdrawn, the right to restrict the purpose of collection or processing, the right to data portability, and the right to object to specific types of processing. Another key concept, she mentioned, is the personal data itself, regarded as any information relating to an identified or identifiable person, information which together with other elements might reveal who someone is. Bauer-Bulst highlighted that, basically anything which is done with the data may amount to processing, and that three key actors were relevant to the GDPR, namely controllers, processors, and data subjects. Concerning the applicable principles, she pointed out lawful, fair, and transparent processing, balanced with the interests of data subjects, purpose limitation, and data minimisation. She ended by explaining that the governance structure comprised national authorities, courts, the Court of Justice of the European Union, the European Data Protection Board, and the European Data Protection Supervisor.
Ms Becky Burr (Chief Privacy Officer, Newstar) said that more than 60 data elements that her company (Newstar) collects as part of its privacy duties for contracted parties, are personal identifiable information (PII). She said that merely relying on consent is currently not considered enough as a lawful basis for processing personal data, and that legitimacy should also be taken into consideration, as well as a verification whether the data subject's privacy interests are not being unduly outweighed, and even then, adequate safeguards must be in place. Burr mentioned proportionality as an element to test legitimate interests, which would include an investigation into who wants to use the data element, why, and for what. Only once these issues have been incorporated into the safeguards in place, will the GDPR allow the processing to take place.
Ms Theresa Swinehart (Senior Vice President, Multistakeholder Strategy And Strategic Initiatives, ICANN) started by stating that what ICANN as an organisation is dealing with in terms of the challenges of implementing the GDPR, is a situation which is unique. She said that considering the existence of a deadline, different approaches were necessary to tackle different issues. First, she said that it was essential to understand the implications of the GDPR to ICANN as an organisation, and that an internal task force is currently helping identify where the organisation stands. Concerning the engagement with contracted parties, there is a need to understand the current situation and the implications that the GDPR has on the relevant domain name registration elements that are required from registrars. Swinehart said that she wants to work with the community at events and other dialogue spaces, to help identify which elements are relevant and which steps are necessary under different circumstances, by different actors.
Mr William J Drake, International Fellow & Lecturer, Media Change & Innovation Division, IPMZ University of Zurich, introduced the session by explaining that the discussions will revolve around the pros and cons of digital policy issues in trade negotiations from a European standpoint, while trying to answer questions such as: Which digital policy issues should be dealt with under an international trade framework and which should not? Are negotiations on international trade agreements inclusive enough? What roles should European stakeholders play in such negotiations?
Mr Pearse O'Donohue, Acting Director for Future Networks DG CONNECT, European Commission, focused on the issue of the free flow of data. He started by saying that in the EU, there have been restrictions on data flows, but without meaningful discussions on why such restrictions are in place. There are also legal uncertainties at both the national and EU levels when it comes to cross-border data flows. The EU needs to address such issues internally first, and then move on to discussing the principles of data flows beyond EU borders. O'Donohue pointed out that, while there is a clear need to ensure data protection and data security, localisation and restrictions on data flows are not necessarily the answer. It is important for economic and social development worldwide that data can circulate freely across borders.
Ms Marilia Maciel, Digital Policy Senior Researcher, DiploFoundation, spoke about the importance of data flows in discussions on international trade agreements, but underlined that there are also other digital policy issues being increasingly raised in such discussions, such as intermediary liability, cryptography, and spam. She said that there is increasing pressure for the World Trade Organization (WTO) to make progress on e-commerce related issues, and that the topic will be addressed at the WTO Ministerial Conference, to be held in December 2017. WTO member states have elaborated non-papers tackling digital issues that could be included in future trade negotiations: taxation (whether the moratorium on the non-taxation of electronic transmissions should be made permanent), data flows, trade facilitation (paperless trade harmonisation), technology transfers, privacy, consumer protection, etc.
Mr Robert Kroplewski, Minister of Digital Affairs for Information Society, Poland, said that when it comes to digital trade and e-commerce, EU stakeholders should look not only at the digital single market within the EU, but also at the global economy. He noted that data is key to innovation, and, in order to explore this potential, states should create an environment of mutual trust when it comes to data flows.
Mr Konstantinos Komaitis, Director Policy Development, Internet Society, started by asking whether the Internet governance (IG) community is ready to contribute to the international discussions on trade. He said that IG issues such as intellectual property rights, data protection, and security come up more and more in trade agreements, and that the IG community needs to make sure it becomes part of the trade discussions. At a minimum, this would mean demanding transparency from international negotiation processeses, and finding a way to provide input into the discussions before decisions are made. Komaitis also pointed to the complexities of the on-going debate on the challenges of globalisation, and the emergence of protectionist policies, which bring challenges for the Internet and the digital ecosystem, as, by definition, the Internet is supportive of globalisation.
Ms Erika Mann, Senior European Policy Advisor, Covington & Burling LLP, addressed the question of whether the IG multistakeholder model can be infused into the trade environment. In her view, the model is flexible enough to deal with a complex environment such as international trade, and its applicability can and should be tested on specific trade-related issues, such as data flows. IG stakeholders should become partners in international trade discussions, but not try to cover or capture all topics.
Mr Wolfgang Kleinwachter, Professor Emeritus, University of Aarhus, pointed out that, although digital policy issues are interconnected and decisions taken in one field affect another (security issues for example, also affect human rights and trade), they are still addressed and negotiated in silos. Better communication needs to be created among the various communities to allow issues to be more transversally addressed. Kleinwachter also mentioned that the multilateral treaty system will never disappear, but it is embedded in an environment where all stakeholders have a say.
Discussions on the multistakeholder model continued during the interactive part of the session. It was said that multistakeholderism is seen as a helpful instrument to address certain issues, but the model is still in its early days. As there are not many concrete outcomes of the process, it remains to be seen how it will develop in the future. The one size fits all approach does not work, and each issue needs special, tailored solutions built around it. When it comes to trade agreements, governments probably still need a place to ‘sit alone’, but they also need to make sure that they consult other stakeholders and understand their views before entering the decision-making phase.
The President of Estonia, Ms Kertsi Kaljulaid, started the conference with welcoming remarks.She noted that we are all connected – by optical cables and computers – but mostly by our faith in human development and freedom. We believe in free and fair elections, the rule of law, an independent judiciary, and human rights and freedoms. In modern society, free Internet is fundamental as it affects culture, the economy, communications, governance systems, and international relations.
Nonetheless, security should not be used to restrict the freedom of expression since security and freedom are not mutually exclusive, she emphasised. Securing online interactions is a precondition for enjoying Internet freedom. She gave the example of Estonia which balances between security and freedom through providing a network of public and private e-services based on a secure online identity. The country is also proud to be, as per Freedom House, the first in the world in Internet freedom.
Kaljulaid highlighted that today, much of the world’s commerce and communications pass through the Internet and hence the benefits of e-services outweigh the investment costs to create and maintain them. Estonia provides effective e-services that save 2% of the GDP. In this regard, she further referred to the World Bank 2016 report, which underscored that connectivity does not inevitably result in digital dividends. Digital technology transforms societies if supplemented by policies that support digital adoption.
Finally, she mentioned that Estonia will take EU presidency soon. Their presidency has a strong digital agenda that focuses on strengthening the single digital market, increasing solutions for cross-border e-services, and facilitating strategic discussion among member states as a cybersecurity strategy is expected in 2017.
The President of Lithuania, Ms Dalia Grybauskaite, commenced by noting that digital society is more competitive and democratic because it allows citizens to express their opinions. However, it remains a tool for European integration, and competitiveness depends on the political will to integrate. ‘A lot of people look to us because we should not only lead, but also help other countries. We have many events in this area and we hope that they do not only demonstrate our knowledge but also our willingness to introduce all areas of our life including digitisation and Internet’, she alluded. Europe is used to living in this environment, but it is also realistic about the threats entailed. Such risks should be challenged, not only through military exercises and deterrence, but through developing capacities and being innovative, competitive, integrated and knowledgeable. She finally said that she hoped that the Estonian presidency will take the lead on that.
The final remark was made by Ms Sandra Hoferichter, Secretary General, EuroDIG Association, who provided an overview of the history of the Internet policy dialogue in Europe. In 2008, EuroDIG was one of the first initiatives to discuss Internet governance after the establishment of the global IGF. What started as the idea of ten enthusiastic individuals in a café in Paris, four months later led to a meeting hosted by the Council of Europe, to discuss the potential of this dialogue. Now, there are more than twenty national and regional Internet governance initiatives across Europe, committed to the multistakeholder model.
In her talk, she noted that although many governments in Europe and around the world are committed to multistakeholderism, it is not considered to be the model of the future and forums like this are sometimes questioned vis-à-vis the impact they make. In many parts of the world, legislation is made without consultations with the relevant stakeholders. The digitisation in our life sometimes happens without an option to opt out. Yet, most users do not really see the need to be engaged in Internet governance. It is thus the aim of EuroDIG to raise awareness of the challenges ahead and to facilitate discussions, but not to finalise them. Over the past years, the discussions at EuroDIG focused on the European digital single market and industry 4.0. However, recent developments have shown that some people fear the digital revolution that goes along with the loss of their workplace and privacy. Therefore, ‘we are here looking at the digital future from a different angle, to discuss the promises and pitfalls’, Hoferichter concluded.
Opening the session, co-moderators Mr Dirk Krischenowski, dotBERLIN GmbH & Co. KG, and Ms Maarja Kirtsi, Estonian Internet Foundation/.ee, explained that the discussion will focus on issues related to innovation and competition on the domain name market, especially in the context of new generic top-level domains (gTLDs), launched by the Internet Corporation for Assigned Names and Numbers (ICANN) in 2014.
To kick-start the debates, Krischenowski gave an overview of a study conducted by ICANN on competition, consumer trust, and consumer choice in the domain name market. Some of the main findings of the study: new gTLDs contributed to the growth of the market; the sales channel integrated the new gTLDs quickly and lead to much greater consumer choice; many new registrar operators entered the market, especially in former under-developed markets; the number of registry operators increased by a factor of 60; typical TLDs are niche, targeted, and geographic TLDs. Overall, the New gTLD Program has lead to a dramatic increase in consumer choice, a modest increase in competition, and minimal impact on consumer trust.
Ms Elena Plexida, European Commission (EC), talked about the evaluation and revision process that the EC has launched with regard to the regulations for the .eu TLD. She explained that the .eu TLD was formally established by Regulation 733/2002, while EC Regulation 874/2004 set the rules for the registry and the .eu. The .eu TLD was delegated by ICANN in 2005. As the market has continuously changed, these regulations have become outdated, have generated administrative challenges and need a revision. Issues to be analysed during the evaluation process include: whether the .eu objectives have been achieved (to boost e-commerce and empower end-users to create a European digital identity), the legal separation between registry and registrars, whether the registry should be more active in other Internet governance areas (and how).
Mr Jörg Schweiger, DENIC e.G./.de outlined one issue of concern for the domain name industry: How to make sure that domains do not subsurface, in the sense that they exist from a technical point of view, but users are not really aware of them? The industry has been constantly looking for the ‘killer application’ to address this issue. He pointed out that one way to make domain names more attractive could be to build on the discussions about self-determination, sovereignty, and identity. The main objective of .de now is to retain as many domain names as possible, and that the direction the registry is growing in is not necessarily related to innovation per se, but rather to having a secure domain name space.
Ms Lianna Galstyan, Internet Society Armenia, said that the .am registry never had an objective to have a high number of domain name registrations, but rather, to give the community the possibility to register domain names under .am. The same rationale was also behind the launch of the Armenian Internationalised Domain Name (IDN).
Mr Ardi Jürgens, Zone Media OÜ, pointed out that domain names do not exist in a bubble; they are part of a system which includes resources and applications. A healthy growth in the demand for domain names could result in applications and people using domain names for creating value, either for them or society. In the search for a ‘killer application’, the industry should look at young people and try to find a way to create value for them within the domain name space. Compared to social media platforms, domain names have the main advantage of being under the control of the registrant, and this is something that the industry should try to communicate better.
Mr Andrea Beccalli, ICANN, discussed examples of innovation in the DNS, such as the new gTLDs, the introduction of IDN TLDs, and the DNS Security Extensions (DNSSEC). Even the community work on developing the rules and processes for the New gTLD Program can be seen as a form of innovation. Schweiger, however, argued that the new round of gTLDs does not necessarily means innovation, as it was simply presenting what was on the market already – TLDs. Moreover, most business models surrounding new gTLDs are similar to what had been on the market before their introduction, with only a few exceptions.
Security in the domain name space was mentioned during the discussions as an area that deserves more attention. There are troubling correlations between new gTLDs and ‘innovation in crime’, and there are service providers who have blocked all new gTLDs from their servers due to security concerns. Innovation on the security front should be a priority for new gTLDs. Privacy is also an issue that requires increased attention, as users are more and more demanding in this regard.
The risk of cybersquatting was also raised as an issue of concern for new gTLDs, with regard to the protection of trademarks. It was said that the current protection mechanisms (such as the sunrise period allowing trademark holders to register relevant domain names, and mechanisms for rights enforcement post domain name registration) are helpful, but not sufficient. Such issues are currently analysed within the ICANN framework.
At the end of the session, a point was raised – that it is not actually clear what is innovative in the domain name space, as TLDs have been in place for many years and they are basically the same ‘technology’ or ‘tool’ that they have been since the creation of the DNS.
The session was opened by Ambassador Young-moo Kim, Permanent Mission of the Republic of Korea. Kim called attention to the importance of privacy for fostering consumer trust. He provided an overview of the session, which would be divided into three parts: a) setting the stage: what are the main concerns with regards to data protection; b) cases: how data protection is being addressing in certain countries; c) new tools to protect data.
Ms Cécile Barayre, Economic Affairs Officer, ICT Analysis Section, UNCTAD, highlighted elements of a study published by UNCTAD on data protection regulations and international data flows. New technological developments, such as the Internet of Things (IoT) and the growth of e-commerce, make the discussion of privacy urgent. Harmonisation of regulation is necessary and laws on data protection and cybercrime are complementary. According to the study, 67% of countries have laws on cybercrime and 58% on data protection. However, there is global disparity and Africa still lags behind when it comes to regulation.
The lack of legal compatibility is also an issue to be tackled. There is no one global regime, but there are regional regimes that could facilitate harmonisation. Convention 108 from the Council Europe, which is open for signatures of non-European countries, constitutes a good base for co-operation.
Prof. Ian Walden, Queen Mary University of London, highlighted that although privacy and data protection are similar, they are not the same. What distinguishes data protection is the regulatory nature of the law, and this is different from privacy, which is usually a principle in the constitution. Data protection is about creating a regulatory framework. Moreover, for data protection to exist as a regime, it is necessary to create a regulatory authority, independent from governments, and with sufficient resources. This creates problems for developing countries that may have financial and technical constraints to create such an organisation. Walden also remarked that data protection can, in some situations, also be a barrier to trade – in the WTO regime, member countries can constrain the flow of cross-border data for data protection reasons.
Mr Kibyoung Kim, Director of the Global e-government division, Ministry of the Interior of the Republic of Korea, explained the status of regulation in his country. He also discussed methods to utilise the data while guaranteeing the protection of personal data. An analysis to assess the adequacy of de-identification could be put into place in order to check whether the data has been successfully de-identified and could not be re-identified.
Mr Oliver Hateley, Senior Adviser, EMOTA, explained that the current EU data protection framework consists of two instruments: the Data Protection Directive from 1995, and the ePrivacy Directive that focuses on e-communications and markets. The Data Protection Directive aims to safeguard personal data while guaranteeing the free flow of data among member states. It establishes criteria for issues such as consent, state of purpose (data should be collected with a clear purpose and should not be used for different purposes), and the right of the individual to access and correct personal information.
This data protection instrument was adopted as a directive, not a regulation. Directives set goals and leave member countries to implement these goals according to their national systems. This has led to inconsistencies that have impacted the trust and confidence of individuals. Moreover, there was no real enforcement mechanism for international processing.
Hateley provided some advice for developing countries discussing their nationals laws: a) avoid a prohibition model. Data is the currency of data economy; b) avoid a prescriptive approach. It is better to adopt principles because data and technology evolve too fast; c) ensure there is no regional fragmentation.
Mr David Satola, Lead ICT Counsel, World Bank, mentioned that there are very robust principles on data protection that still form the base of good practices and the development of national laws, such as the OECD and CoE principles. He presented the Cybercrime Toolkit Assessment, focusing on the section of safeguards about data protection and the right to communication.
Prof. Fen Osler Hampson, Carleton University, Distinguished Fellow and Director of Global Security and Politics at the Centre for International Governance Innovation, finished the discussion by reminding the audience that data protection is not only important from a human rights standpoint, but it is also good for business. Successive data breaches lead to a loss of trust. This is an issue that should tackled by governments and companies together.
The European Broadcasting Union (EBU) Big Data Conference brought together heads of digital, marketing, communications and legal departments alongside technologists and academics to share best practices for big data media strategies, with a focus on public service media (PSM).
The conference was opened by Ms Ingrid Deltenre, Director General of the EBU, who stressed the importance of big data as a ‘game changer’, as it allows for an improved understanding of the audience. As such, big data is not an aim in itself, but a tool to better engage with audiences. Mr Guillaume Klossa, Director of Public Affairs & Communications at the EBU, further elaborated on the importance of collaboration to break the silos between media, communications, legal, public affairs, technologists, and other experts and to ‘create conditions for EBU’s members to embrace big data as rapidly as possible’.
The first panel discussed the creation of trust and the importance of ethics, laws, and human rights. Ms Lokke Moerel, Senior of Counsel at Morrison & Foerster LLP, explained that ethics rules need to be respected in order to achieve social acceptation of the use of big data. This includes not only an adherence to laws, but also to underlying ethics and social conventions, including principles of non-instrumentalisation, non-discrimination, equity, and consent. Ideally, these conventions need to be analysed prior to implementation, as privacy or ethics-by-design, as they will not be automatically rectified through an ‘invisible hand’: everybody is violating the rules in order to keep up with the competition. Prof. Alessandro Mantelero, Politecnico di Torino, echoed Moerel’s comprehensive approach and pleaded for preventive policies to address and mitigate potential privacy, ethical, and social impacts. These impact assessments should be based on human rights charters and community values, but tailored to the specific context in which the data is used.
Mr Joseph Cannataci, UN Special Rapporteur on the Right to Privacy, looked deeper into the concept of privacy and argued for a ‘very very very’ critical approach to big data. Privacy needs to be understood both as the protection of personal data, but also as an enabler to the free development of personality and to other human rights, including freedom of expression. After elucidating several international legal challenges, he claimed that ‘In an Internet without borders, we need safeguards without borders and remedies across borders’. According to Mr Joe McNamee, Executive Director of European Digital Rights, privacy challenges are primarily related to a ‘broken market’ in which ‘consequences don’t matter’ and incentives for transparency and accountability are lacking. The launch of the EU’s General Data Protection Regulation (GDPR) is an opportunity to move away from a ‘race to the bottom’ and ‘move the balance back towards the trust and reliability we expect’. Finally, Mr Pierre-Nicolas Schwab, Big Data/CRM Manager at the RTBF, shared their experience of privacy protection, addressing three problems: over-personalisation, the absence of alternative viewpoints, and threats to privacy. To mitigate these challenges, education is key, and should focus on empowering users to control their data, to build knowledge on personalisation, and to open the black boxes and ‘show’ algorithms.
During the Q&A that followed, the speakers argued for a more inclusive approach to the challenge of trust-building. Cannataci stressed the importance of moving beyond transparency on algorithms (which will only be understood by less than 1% of the population), towards a total societal impact assessment. Mantelero underlined the need to be open to discussion and ask advice from experts from different fields, including anthropology, to establish trust. Schwab agreed that data scientists should not be left alone, and that there is a continued need for sociological models.
Personalisation and recommendation systems: Delivering quality
This panel, moderated by Mr Alberto Messina, R&D coordinator RAI Centre for Research and Technological Innovation, discussed the opportunities of recommendation and personalisation systems, as well as the risks of filter bubbles that could arise from them. First, Mr Andrew Scott, Launch Director myBBC, shared experiences on the balance between automation and smart curation. While the former is entirely algorithmic, the latter requires human capabilities and allows for the provision of ‘breadth’, linking users to content they do not necessarily expect. Mr Mika Rahkonen, Head of Development, News and Current Affairs at Yle, debunked five misconceptions about news personalisation and filter bubbles:
While these misconceptions might be giving rise to a false understanding of challenges, Mr Michael de Lucia, Head of Digital Innovation at RTS, provided three examples of key challenges related to the data-driven era: infobesity, competition with Internet giants, and algorithms and artificial intelligence, which might result in the PSM's inability to stand out. These challenges can be mitigated by adapting a more global and co-operative approach, and continuously learn and share experiences.
The discussion that followed reiterated that personalisation and smart curation ultimately aim at understanding the user and providing content in a better way. There is enough quality content, but the question relates to ‘getting the right content to the right people at the right time through the right devices’. Although it is difficult to compete with the ‘infobesity’ on the web, by adopting trust, transparency, and the right tone of voice, PSM can make a difference and avoid that ‘a lot of good content goes to waste’.
Algorithms and online platforms: Limitations and opportunities
Mr Robert Amlung, Head of Digital Strategy at ZDF, moderated the discussion, which aimed at sharing experiences to find out how the combination of platforms and algorithms can make sure that great content is easily found by users. According to Mr Michael Hlobil, Data Insights COE Solution Architect at Microsoft, the most important thing in this effort is to ‘document what you do’ and to have a diverse team of experts involved. Furthermore, data quality is crucial: ‘if you put shitty input, you get shitty output’. Mr Michael Paustian, Creative Director of Axel Springer, elaborated on the importance of human involvement: ‘an algorithm itself is just a set of instructions’, the process of getting there is scientific and can be understood as a dialogue with the problem. Yet Mr Rigo Wenning, Legal Counsel at W3C, wondered whether we have ‘the right instructions’? There are many ‘dumb algorithms’ that ‘make people naked’. Furthermore, challenges remain regarding the re-centralisation of the web and the power of its gatekeepers, which continuously change the rules. This problem was also emphasised by Mr Sylvain Lapoix, freelance data journalist, who explained that Internet platforms have become Internet service providers, leaving the PSM vulnerable and dependent.
Data Journalism: New possibilities for investigation, collaboration and ubiquity
This discussion focused on the utility of big data for journalism and reporting, and was moderated by Mr Laurens Cerulus, Reporter at Politico Europe. Mr Mirko Lorenz, Information Architect at Deutsche Welle, states that although individual media outlets might be small, ‘collectively we’re really big’ and can compete. There is a need to push back against fake news and invest in stories with data narratives and to think about the future of content for future generations. Zooming in on the value of data journalism, Mr Neal Rothleder, CTO of ORBmedia, explained how data brings new perspectives by seeing large pieces of the world all-together, by grasping how things are changing over time, and by providing new views on complex situations.
Although data journalism has many promises, it might not be easy to get it right at once. Mr Jan Lukas Strozyk, Journalist at NDR, added 5 lessons from his experience in data journalism:
Once data-driven stories are created, they need to be visible, and Mr Roland Schatz, CEO of Media Tenor International, spoke about the importance of knowing the audience that is to be attracted. Furthermore, they do not necessarily have to be time and resource-consuming if they are produced through partnerships with organisations that already collect extensive amounts of data, and with researchers and academics who can assist in the data analysis.
The following Q&A addressed the importance of building partnerships and collaborating with other sectors, the need for the organisation as a whole to be more data-aware (train people in Excel!), as well as bridging the gap between the data scientists and editorial teams: the former might lack the knowledge on how to build the narrative, while the latter might not know what is possible with the data. This requires a cultural shift in organisation.
The path towards a data company
This round-table focused on the new mindsets, technologies, tools, and strategies needed for the creation of a data company, and was moderated by Mr Aleksi Rossi, Head of Interfaces at Yle. Mr Ignacio Gomez, Director of Analytics and Future Media at RTVE, started by explaining the need to connect ‘tv people’ with data teams, as they are two halves of a brain that does not work in sync yet. Mr Sanjeevan Bala, Head of Data Planning and Analytics at Channel 4, added that there is a need for senior buy-in, as data should be in every part of the business. Within the business, there is a need for co-operation across different teams. Furthermore, recruiting from outside the broadcasting sector might help, as it allows for learning from other practices. These insights were echoed by Mr Dieter Boen, Manager of Research and Innovation at VRT, as the panel concluded that collaboration is key: identify shared interests with others and seize opportunities to collaborate: ‘better together!’.
The second day of the conference on Big Data Conference: Serving Citizens, on 22 March 2017 at the EBU Headquarters in Geneva, started with welcome remarks by Mr Guillaume Klossa, Director of Public Affairs and Communications at EBU, who reaffirmed the conference’s purpose: developing strategies and implementing recommendation systems aiming at fostering citizens’ trust in data.
The first panel, ‘How Can Big Data Help Public Service Media Better Serve Citizens?’, explored the possibility for Public Service Media Companies (PSMC) to better accommodate citizens’ demand and use of digital content. Mr Gilles Marchand, General Director of Télévision Suisse Romande (TSR) and Radio Télévision Suisse (RTS), first considered that competition in this sector is increasing considerably.
He stressed the importance of optimising the current co-operative processes among different PSMCs. In particular, he suggested a threefold approach, based on intelligence (optimisation of the distribution of all content), community (involvement of the public through the use of smart data), and journalism (smart data can optimise the user-on-user content and consequently increase public trust).
The second speaker, Dr Mirko Schäfer, Leader of the Utrecht Data School, discussed the positive use of datification as a potential means of fostering a European public sphere. He considered that online active participation is closely linked to civic action. Moreover, recalling the need for strategy expressed during the previous day, he reaffirmed that big data should be approached from a top-down perspective (that is, at the top decision-making levels) rather that with a bottom-up approach.
The second panel, Audience Measurement: Evolution or Revolution?, included three main speakers moderated by Mr Kristian Tolonen, Head of the Audience Research Department at Norwegian National Broadcasting (NRK), who opened the discussion by illustrating the importance of big data for audience measurement. In particular, he considered that the use of big data is beneficial on four dimensions: the target (the profile of the audience), the source (shifting from a one-source measurement system to hybrid solutions), the time (optimising the time required through measurement), and the level of the discussion (the depth of the information collected).
Mr Emil Pawłowski, Chief Science Officer at Gemius, further considered whether the big changes that have modified consumption patterns in the past decades should push for a re-evaluation of the existing measurement techniques. Currently, accurate measurement is impaired by economic reasons - conducting research on a small panel is expensive - and by a fragmentation of data caused by the existence of multiple browsers. He affirmed that the ultimate goal of audience measurement will be multimedia research, that is, a measurement system that would encompass simultaneously all the media used by the consumer (Internet, television, radio, press) rather than analysing such media separately.
Mr Nick Johnson, Solutions Architect at Ireland’s National Television and Radio Broadcaster (RTE), centred his speech on the challenges faced when measuring the performance of RTE programs across all its platforms. Consumption patterns have changed over the past years because they are technologically driven by the Internet and smart devices; hence he explained the difficulty for RTE to assess the total value of its assets and to measure it efficiently.
Lastly, Dr Uffe Høy Svenningsen, Audience Researcher at Danmarks Radio (DR), illustrated the new TV-audience measurement system launched in Denmark on 1 January 2017. This innovative approach is based on four main sources: a basic panel, a digital panel, a web profile panel, and census data. The information coming from all these sources is combined and calibrated to produce a more accurate measurement. Despite the fact that such system allows for a better measurement of overall consumption, there are still challenges regarding the calibration of the information obtained (e.g. regarding determined on-demand programmes) and the actual mapping of all the content consumed by the viewer.
The event continued with two Toolbox sections, which offered speakers a space to deliver hands-on experience illustrating specific case studies.
The first, on Privacy Policies, was moderated by Mr Pierre-Nicolas Schwab, Big Data/CRM Manager at Radio Télévision Belge de la Communauté Française (RTBF), who recalled the crucial role of education and consumers’ trust. He illustrated the four-step approach taken at RTBF based on a confidentiality charter, a single-sing-on platform, a recommendation system (sensitive to ethical concerns, marginalised groups, gender equality), and an educational programme to Artificial Intelligence (AI).
Ms Lucy Campbell, Marketing Director TV & Digital at RTE, presented RTE’s single-sign-on platform: myRTE. Digitalisation services are raising consumers’ expectations, and the proliferation of actors providing media content is making this sector very competitive. For these reasons, RTE has inaugurated a consumer experience strategy aimed at achieving a better understanding of the audience by providing personalised services and thus better experiences.
Mr Peter Farrell, Head of Legal BBC Workplace and Information Rights, complemented Ms Campbell’s speech on the necessity of rendering digital content more personal and relevant. He presented the myBBC single-sign-on platform and stressed the importance of building consumers’ trust towards the platform through clear and transparent privacy policies.
The second toolbox, on The Innersource Approach to Personalisation, focused on the Personalisation for EACH (PEACH) technology system. Mr Michael de Lucia, Head of Digital Innovation at RTS, reminded the audience that such system aims to deliver personalized media recommendations to audiences which are increasingly accessing content on demand, through a variety of devices and platforms. As Anselm Eickhoff, Software Architect at Bavarian Broadcasting (BR) further explained, PEACH system aspires to deliver ‘the right content, at the right time, to the right person, on the right device’.
Furthermore, Mr Michael Barroco, Head of Software Engineering at EBU, illustrated the organisational structure of the projects. PEACH is a cross-organisational system developed by the EBU, featuring two main stakeholders: BR and RTS. More specifically the team is composed of developers as well as data scientists functioning collaboratively as single Scrum team across organisations and borders.
The event concluded with a presentation of Project Kelvin by Mr Bram Tullemans, Project Manager at EBU. This project aims at using real-time data collected from video players in order to produce information that can optimise the distribution flow of content. The ultimate goal is to identify the content-delivery method that performs best.
The Next Generation gTLD Registration Directory Service (RDS) to Replace WHOIS Policy Development Process Working Group was established with the aim to provide the Generic Names Supporting Organization (GNSO) Council with policy recommendations regarding two main questions:
’What are the fundamental requirements for gTLD registration data? Is a new policy framework and next-generation RDS needed to address these requirements?’
The agenda of the session was qualified as ‘unique’, as it aimed to present 19 questions that were developed for Cannataci. It was underlined that questions were developed with the aim to understand more the importance of data protection and privacy requirements in the context of the domain name system.
Cannataci addressed the following questions raised by the chair, in more depth: ‘What do you mean when you say ICANN to specify the purpose of domain name? What criteria should be used to determine the legitimate purposes? What is the difference between primary and secondary purposes?’
It was stated by Cannataci that ICANN needs to consider sustainability. He invited ICANN to look into setting up a transversal group which deals with privacy and other human rights, such as freedom of expression. The group would be open to others to join the discussion, and would help ‘bounce off’ important questions. He emphasised that ‘the purpose of collecting data remains the key’. It is important that the collection of ‘specific personal data’ is one in line with a specific purpose, which can never be a general one: “Jurisprudence does not say ‘Just in case I need it’.”
Addressing the question of primary and secondary purpose for data collection, he stated that it is not up to the regulators to define secondary purpose, and that this needs to be carefully stipulated by the data controller when he/she defines the goal of looking for data. ‘When you talk about the secondary purpose, please be specific and don’t expect or let regulator do it., Cannataci said.
Another question was raised in relation to the Article 6.1. b) of the EU Data Protection Directive which provides that personal data may only be collected for specified, explicitly and legitimate purpose and not further processed in a way incompatible with those purposes, specified in Article 7 of the Directive.
‘Under what circumstances might the publication of domain name registration data elements that are personal be allowable?’ Cannataci addressed the question stating that ‘we need to start from knowing whyat all we want to publish anything. If you what to publish personal data, then there must be a reason for it. What is the public interest for publishing the information? Is it transparency, for example?”
He continued by stating that once data is easily associated with an identified or identifiable individual, then it becomes personal data. , such as in the case of domain name, it becomes a personal information. If data related to a domain nameis linked to someone who is identifiable, then it becomes a personal data.He concluded by saying that the question ‘What is the purpose of publishing (personal) data?’ should be the main question.
As the time allocated for the session ended, it was said that the 19 questions would be further fine-tuned, and, once answers are collected, the could be published on the group’s webpage, if the members find that useful.
The public forum is a platform where the community can pose the ICANN Board members questions, either in person or remotely. Two such fora were organised during ICANN58.
Topics which dominated the public fora include: ICANN's jurisdiction, the next round of applications for generic top-level domains (gTLDs), delays in the process of reviewing the 2012 round of new gTLDs, diversity, ICANN's engagement, transparency, data security and privacy, and the ICANN Board's priorities.
In regards to ICANN's jurisdiction, Mr Steve Crocker, Chair of the ICANN Board, confirmed that ICANN would remain based in the USA and that the sub-group working on ICANN's jurisdiction (in the framework of Work Stream 2 of the Cross Community Working Group on ICANN Accountability – CCWG-Accountability) would be discussing ways to handle issues, should they arise in the future.
Language diversity was highlighted by several community members, and it was suggested that there should be interpretation services at the meetings in the local host language. ICANN community members were encouraged to join the CCWG Accountability sub-group on diversity, to enhance the discussions.
Issues such as the ICANN's engagement, particularly in underserved regions, such as small islands, and the broadening of participation, especially of the next generation, were raised by several participants. The importance of measuring the engagement of participants in ICANN, especially in the subsequent meetings, was highlighted by one community member. Responding to a question on ICANN's initiatives to increase the engagement of the next generation, Mr Ram Mohan, ICANN Board member, shared examples of a hackathon event (Hack2Build) that took place during ICANN57, while Ms Rinalia Abdul Rahim, ICANN Board member, explained how the DotAsia pilot lead to the formation of the NextGen programme. On the question of how to increase engagement in underserved areas and strengthen ICANN's long term engagement plans, Mr Göran Marby, ICANN President and CEO, said that ICANN would base their plans for improving regional support on what they learn. Creating greater awareness and the continued engagement of ICANN was emphasised by participants.
On the issue of privacy and security of data, the need for stricter rules concerning the handling of private data in the context of Whois services was one of the issues raised byparticipants. Ms Becky Burr, ICANN Board member, said that while there is an ongoing discussion on the way in which Whois data is made available and its legitimate use, personal data, including Whois data, can only be processed for legitimate purposes.
ICANN’s continued engagement with Data Protection Authorities (DPAs), and the setting up a data protection or privacy officer, especially to comply with the European data protection regulations, were some of the recommendations made by participants during the public fora. Burr said that the engagements with DPAs would continue and that while ICANN is going through the compliance check-list, the ICANN community is also actively looking at the developments.
A lack of clarity with regard to the next round of gTLDs was addressed by several community members. However, no timeline for the next round of gTLDs was shared by the Board members. On issues related to specific marketing and awareness raising activities in relation to a subsequent round of gTLDs, Mr Akram Atallah, Director of the Global Domains Division at ICANN, said that such activities would be undertaken if the community so decides.
In response to the dissatisfaction that was expressed by some with regard to a Board resolution allowing the registration of two character codes as second level domain names in the new gTLDs, Crocker stated that the matter continues to be under discussion, due to its sensitive and contentious nature. Furthermore, Mr Thomas Schneider, Chair of the Governmental Advisory Committee (GAC) noted that the issue has been of great concern for a large number of GAC members, and that these governments hope they can work together with new gTLD registries and try to find a solution acceptable to all parties.
Addressing the concerns raised about possible unfair competition arising between registrars in Europe and other regions owing to ICANN's plan to designate one domain name data escrow provider at subsidy, Atallah said that after this initiative is implemented in Europe, other regions would be considered as well.
On the questions regarding status and delay of the independent review related to the Community Priority Evaluation (CPE) and the independent review process, the Board commented that the review process was ongoing and that they will be able to respond based on the outcome of the review.
Two participants raised questions regarding the complaint mechanism process at ICANN. Marby stated that going forward, complaints would be managed by a complaints officer. Mr John Jeffrey, General Counsel, elaborated on the role of the complaints officer and the ombudsman, and said that the process of filing a complaint has yet to be decided on.
On the question related to the priorities of the Board for this year, Mr Cherine Chalaby, ICANN Board member, explained that the Board would be working on three 'clusters'. These include various priorities, among which: improving the Board relationship with the community, with points such as transparency of the Board, increased engagement, increased diversity, and efficient use of volunteers; improving the efficiency and effectiveness of the Board; improving financial stability; enhance the effectiveness of review processes; supporting the ICANN CEO through the creation of an environment where the CEO succeeds; progressing on community public policy issues; progressing on technical issues; and supporting the Nominating Committee (NomCom).
Questions were raised related to transparency in ICANN's selection process of the location for ICANN meetings, the existence of closed sessions, and the expenditure report on travel support to community members to attend various meetings. There was also a request for staff to ensure appropriate planning for the ICANN59 joint session between the GAC, the Generic Names Supporting Organization (GNSO) and the Country Code Names Supporting Organization (ccNSO), on geographic names (i.e. avoiding conflicts with other important sessions). It was observed that there were no sessions on the Public Technical Identifiers during ICANN58.
The involvement of Board members in Policy Development Processes (PDP) was also raised, and it was clarified that, while there is no rule prohibiting Board members to participate in such processes, this has not traditionally been done. The Board was also asked whether it is aware of the various upcoming Internet governance events and activities, and Mr Markus Kummer, ICANN Board Member, confirmed the Board's awareness by talking about their working group on Internet governance. Apart from ICANN taking part in various events, he reaffirmed ICANN's continued support of the Internet Governance Forum (IGF), including regional and national IGFs.
Finally, ICANN was applauded for its statement about US Executive Order 13769, titled Protecting the Nation from Foreign Terrorist Entry into the United States, its fellowship programme, and the criteria being developed for choosing arbitrators for the Independent Review Panel.
The eleventh Symposium of the Future Networked Car took place on 9 March 2017, during the 87th edition of the Geneva International Motor Show. The Symposium was jointly organised by the International Telecommunication Union (ITU) and the United Nations Economic Commission for Europe (UNECE). The main objective of the event was to offer a platform for a fruitful discussion among different stakeholders – vehicle manufacturers, governments and Information and Communications Technology (ICT) industries – on the future of vehicle communication and automated driving.
The session started with opening remarks from Mr Malcolm Johnson, Vice Secretary-General at the ITU, who stressed the importance of bringing together multiple stakeholders in order to foster technological innovation. In particular, he underlined the crucial role of the ITU as a UN-mandated agency that has successfully brought together and facilitated the convergence between two communities: industry and ICT sectors. The Symposium has seen growing participation in the last years, and has attracted more than 170 participants in 2017.
Ms Eva Molnar, Director of the Sustainable Transport Division of UNECE, joined Mr Johnson in stressing the importance of co-operation, not only between different industry sectors, but also between different agencies – as is the case with the ITU and UNECE. In particular, her speech approached vehicle automation from a regulatory perspective: she reasoned on the relevance of the existing legal conventions vis-à-vis the latest technological changes and pushed for the development of harmonised regulations.
The event comprised five thematic panels, each discussing a specific aspect of vehicle automation.
The Executive Roundtable reflected on the advantages and challenges that automatic driving will bring to individuals and societies once such technology is spread on a larger scale. All speakers talked about the necessity of harmonising the standards regulating such technology among different countries.
In particular, Mr Anders Eugensson, Director of the Governmental Affairs Department at Volvo Car Group, analysed the benefits of automated driving for individuals in terms of costs, liability and accuracy of data. With the development of such technology, customers would purchase automated driving packages that would cost less than a car. Moreover, he considered that cars will operate autonomously, and, in case of accidents, the responsibility would not rely directly on customers. Finally, thanks to cloud connectivity technology, the data available to the car system will be more accurate.
The Second Panel reflected on the benefits of fifth generation mobile networks or wireless systems (5G) for the development of automated driving. The speakers agreed on the crucial role of 5G technology for automated vehicles, especially in terms of connectivity and communication among units. Mr Peter Vermaat, Chair of the Connected Vehicle Working Group at the Wireless World Research Forum, considered that as opposed to a cloud computing type of connectivity (i.e. storing and accessing data over the Internet), Peer-to-Peer (P2P) computing (interconnected communication among peers, i.e. automated vehicles) allows for increased safety and improved efficiency of communication, and reduces the need for infrastructures.
The Third Panel discussed how Artificial Intelligence (AI) will change current transport systems. All the speakers built their discussions on the benefits of automated driving discussed by the previous panellists. Furthermore, they focused mainly on the possible risks to individuals from the deployment of AI. They assessed such risks in terms of security (protection from cyber-attacks), personal data protection (privacy concerns) and social economic externalities (loss of jobs in the car industry or transportation sectors).
The Fourth Panel focused on the relationship between connected vehicles and automated driving. The panellists discussed the co-dependency of connectivity and automated driving: having accurate communication systems among vehicles is crucial for the development of automated driving systems on a larger scale. David Holecek, Director of the Connected Products and Services Division at Volvo Car Group, concluded that connectivity, autonomous driving and AI are the cornerstones that will develop the concept of fully autonomous cars rather than autonomous driving in the future.
The Fifth Panel concluded the session by focusing on the cybersecurity threats to automotive systems. The speakers discussed the consequences that connectivity has in terms of individuals’ security in particular. Based on an interconnected system, automated vehicles operate in a constantly-hostile environment, susceptible to hackers’ attacks, resulting in financial cyber ransom, car theft and loss of control over the vehicle.
The session, organised by the International Telecommunication Union (ITU) was moderated by Mr Alex Wong, Head of Global Challenge Partnerships at the World Economic Forum (WEF). Developing countries were at the centre of the discussion alongside the important gender gap underlined by Wong, considering the decreasing number of women connected to the Internet despite technology advances. The importance of involving stakeholders from the private and the public sectors in order to fill the gaps between countries and between men and women in the use of the Internet was repeatedly taken up by the panellists.
Mr Bocar Ba, CEO at the SAMENA Telecommunications Council, focused on the challenges, approaches, and opportunities to take into account in collaborations between the private sector and civil society. In his opinion, access to the Internet must become a basic human right, not only a basic human need. As regards the challenges, he considered the infrastructure a major obstacle to connecting people around the world because operators face extremely expensive fees when developing connectivity in developing countries. He underlined the need to make the Internet affordable; this can be improved if the private and public sectors work together. Concerning opportunities, he said that we are heading towards a digital economy that needs to better include the population and create new partnerships. Finally, regarding approaches, he noted that we already have the solutions on the table but that there is a need to increase collaboration to reach a common objective and to encourage cross-sector cooperation including between the education and health sectors.
The second panellist, Mr Michael Kende, Senior Fellow at the Internet Society, noted that trust in the use of the Internet is a major challenge, not only for developing countries but also for developed ones. He stated that there is a need to focus on and create a digital economy rather than just focusing on Internet access. He said that an important effort has been made in the last ten years regarding infrastructure and that the new challenge is to get more people and businesses online so they also benefit from the digital economy.
In the second part of his speech, Kende mentioned the Global Internet Report 2016, released by the Internet Society, which focuses on trust in the Internet and on data breaches. As mentioned in the report, he underlined the concern that with these breaches, there will be less trust in the use of the Internet, especially regarding sensitive information which is also a risk for companies’ reputation, particularly those that have been hacked. However, Kende stressed that companies also have strong protection via their terms and conditions which give them zero liability in the case of a breach. Therefore, as users are still the most vulnerable in these situations, he believes that there is a need for people to trust the system in order to build a strong ecosystem.
Ms Vanessa Erogbogbo, Head of the Empowering Women to Trade Programme at the International Trade Centre (ITC) stressed the importance of women in the digital economy. According to Erogbogbo, despite the growing presence of small companies on the Internet, women are still under represented. Thus, the ITC has taken several actions to unlock markets for women-owned small and medium enterprises (SMEs) under the She Trades initiative. The main aim of this initiative is to make women entrepreneurs visible to the international economy to increase visibility and networking. As part of this initiative, an Internet platform has been developed to help women secure government contracts, strike business deals, access markets, unlock financial services, and to grant ownership rights. Erogbogbo also underlined that the active role of women on the Internet is not only a concern for developing countries but also for developed ones. According to ITC data, only 6% of mobile application developers are women and in 2016, there were 257 million fewer women online, compared to 2015, which accentuates the growing gap in connectivity between men and women.
The final speaker, Ms Esperanza Magpantay, Senior Statistician at the ICT Data and Statistics Division at the ITU, regretted that there is still a large of number of developing countries which do not collect statistics on connectivity. She added that these statistics are also important for policymakers and investors to see which measures must be put in place. Magpantay focused on the results provided by the Measuring the Information Society Report 2016 which shows a steep rise in mobile cellular subscriptions and mobile broadband subscriptions and that mobile broadband networks reach 84% of global population and 67% of rural population. The report also stressed, as she mentioned, that there is a significant digital divide between developing and developed countries. Moreover, the report gives an ICT Development Index which emphasises a strong association between economic and ICT developments. The report gives several indications about the evolution of mobile cellular prices and broadband prices but it also shows several gaps between men and women or for people living in rural areas who are less likely to own or use a mobile phone than those living in urban areas. Other important points also emerge from the report according to Magpantay. The benefits of the Internet are still unavailable to over half the world’s population. Most people who have access to Internet services do not actually use them. It also shows that the full potential of the Internet remains untapped, especially for low-income and less educated users. In addition, access to the Internet as such is not enough; skills are needed to take full advantage of what it offers.
The discussion ended with a Q&A which pointed out the importance of cultural and political obstacles faced by women across the world regarding the use of the Internet. Erogbogbo added that the legal barrier is also an important element considering that gender inequality is in some cases written into law. The panel agreed on the fact that more collaboration between the different stakeholders is needed, not only in developing countries but also in developed ones.
The Internet Legislation Atlas identifies the main legal instruments in relation to Internet rights in the following seven countries: Egypt, Iran, Iraq, Jordan, Lebanon, Syria, and Tunisia. The atlas also provides an indication of how human rights are protected, or neglected in the Internet environment in those countries.
The handbook, structured around 10 major challenges in big data security and privacy, gives an overview of best practices that should be followed by big data service providers to fortify their infrastructures. Each of the 100 best practices presented, an explanation is given on why the practice should be followed and how it can be implemented.
The letter invited governments to reject laws, policies, or other mandates or practices that limit access to or undermine encryption and other secure communication tools and technologies.
This webpage outlines the limitations on the type of content and behaviour allowed by Twitter.
The document is aimed to be used as a self-regulatory harmonising tool which offers a structured way to communiucate the level of personal data protection offered by a cloud service provider to its customers. It is based on EU personal data protection mandatory legal requirements.
Continuing a trend to keep human rights at the forefront, a main session at the IGF 2016 was dedicated to the topic (Human Rights: Broadening the Conversation). This demonstrates that the IGF has matured to a point where human rights (Dynamic Coalition on Internet Rights and Principles) are now accepted as an underlying unifying force (Mapping Digital Rights in the Middle East and North Africa: A New Visual Tool for Comparative Analysis).
The broader implications that the right to privacy (Surveillance and International Human Rights Law - WS267) and data protection (Is Personal Data ‘Mine’ or There to be ‘Mined’? - WS114) have for the Internet and society were discussed in the context of global balance, with overarching links to states’ governance models. These topics are being increasingly merged with issues of security (a right in itself), jurisdiction, and other complexities. The interconnections between privacy, on one side, and access and net neutrality issues, on the other side, were also discussed (Dynamic Coalition on Net Neutrality).
Privacy and data protection in the online space was discussed from various perspectives. Internet Governance, Security, Privacy and the Ethical Dimension of ICTs in 2030 (session 150) looked at issues related to online privacy in different contexts: the evolution of Internet of Things technologies, state surveillance programmes, and cybersecurity.
In session 169 on Internet Fragmentation one interesting scenario was exposed: one in which governments had one IP address fixed for each citizen, and used it as a passport. In this scenario, the individual would have to renew their passport every year. The government would know exactly which content they had accessed and could deny renewal.
At this year’s IGF, the discussion on privacy and data protection revisited a typical dilemma: How do we ensure both privacy and security or - at least - strike a right balance between two?
This ‘balancing question’ was echoed in many discussions. In the debate on encryption (WS 141 on Law Enforcement in a World of Pervasive Encryption, and WS 53 on The Politics of Encryption), human rights and security communities presented two different views. Human rights activists argued for pervasive encryption aimed at protecting privacy, while security officials believe that strong encryption hinders investigations and poses a problem to gathering data and preventing crime and terrorism.
In the debate between Privacy and Transparency (WS 124), it was argued that the treatment of personal data needs to be transparent, with transparency being also closely associated with accountability. Yet, a recently negotiated trade agreement, which will impact users’ privacy,was not negotiated in such a transparent way.
In discussing these dichotomies, a few new proposals and ideas emerged. For example, in Implementing Core Principles in the Digital Age (WS 114), the two UN Special Rapporteurs on freedom of expression and on privacy argued that both rights could be protected in an integrated way, where encryption and transparency of policy should play an important role. The link between privacy, freedom of expression, and anonymity was discussed in depth in Special Rapporteur David Kaye’s report on the promotion and protection of the right to freedom of opinion and expression (May 2015).
Another question was whether privacy should be protected on a national or international level. The prevailing view is that it needs to be afforded international protection. In the same workshop, Special Rapporteur Joseph Cannataci said that people needed ‘safeguards without borders’ and ‘remedies across borders’, neither of which he believe is possible at the moment. He also referred to the ‘further development of international law’ during the Open Forum on the Right to Privacy in the Digital Age, a view which was picked up by a Brazilian Foreign Ministry official: the right to privacy is already enshrined in international law through the International Covenant on Civil and Political Rights, which has been ratified by 168 countries. His comment: ‘And we might ask ourselves what about the remaining countries? Well, all remaining countries recognise the universal Human Rights, which also [include] the right to privacy. So we have the norm. We have a foundation. A basis to work on.’