29.7.2014   

EN

Official Journal of the European Union

C 246/3

Executive summary of the opinion of the European Data Protection Supervisor on the Commission communication on internet policy and governance — Europe’s role in shaping the future of internet governance

(The full text of this opinion can be found in English, French and German on the EDPS website (www.edps.europa.eu))

2014/C 246/04

I.   INTRODUCTION

I.1.   Consultation of the EDPS

1.

On 12 February 2014 the European Commission published a communication on internet policy and governance (‘the communication’) (1). The communication was adopted in the aftermath of revelations about a large-scale surveillance scheme implemented by the US National Security Agency on (and through) the internet, which affected trust in the internet and its current governance model and called for immediate reform.

2.

We regret that we were not consulted before the publication of the communication. Nonetheless, as internet governance and the rights to privacy and data protection are closely related, we have decided to issue this opinion on our own initiative, pursuant to Article 41(2) of Regulation 45/2001.

I.2.   Content of the communication

3.

The communication proposes a basis for a common European vision for internet governance. In particular, among other things, it purports to:

defend and promote fundamental rights and democratic values as well as multistakeholder governance structures based on clear rules and on the respect for those rights and values,

promote a single, unfragmented network, subject to the same norms and laws that apply in other areas of our lives, where individuals may benefit from rights and judicial remedies, in case their rights are breached (2).

4.

In order to do so, the communication focuses on the main policy areas relevant to the complex internet governance ecosystem, namely the development of internet governance principles, cooperative frameworks and core internet functions. It also makes concrete proposals on how to strengthen the current multistakeholder model. Last, it looks ahead to some of the key issues that must be addressed in the context of internet governance in the future, namely the strong interplay between technical norms and internet policy, the key challenges in rebuilding trust, and conflicts of jurisdictions and laws.

5.

The underlying principles of the reform should — in the Commission's view — consist of an increased transparency, accountability and inclusiveness of the way the internet is managed.

6.

At the core of the reform, the Commission places fundamental freedoms and human rights that ‘are not negotiable’ and ‘must be protected online (3).

I.3.   Aim of the opinion

7.

Since the publication of the communication, the discussion on the development of internet governance has carried on, notably at the ICANN meeting in Singapore in March 2014 and at the Global Multistakeholder Meeting on the Future of Internet Governance (NetMundial) in Brazil in April 2014. The discussion will continue at the ICANN meeting in London in June 2014.

8.

With this opinion, we wish to contribute to the debate, as any reform of internet governance will likely have a significant impact on citizens and on their fundamental rights, not least the rights to privacy and data protection. While this opinion addresses an issue of global nature and while it takes account of the developments at global level, it focuses on the actions that the European Union and its institutions can perform to influence the debate and the internet governance structures and processes themselves.

9.

This opinion consists of three sections. Section II draws upon the tight relationship existing between internet governance, on the one hand, and privacy and data protection on the other. Section III explores how the current system of EU law may help shaping the internet, focusing on measures and rules ensuring that individual rights to privacy and data protection are properly fulfilled. Section IV touches upon further action which appears both desirable and necessary in order to achieve a satisfactory shaping of internet governance and aims at providing a timely response to the issues that the internet poses on a daily basis.

V.   CONCLUSION

67.

We welcome the Commission’s efforts in the communication to identify the main policy areas in need of reform, in the aftermath of the surveillance scandals that have shaken the confidence of internet users as a tool for participating in democratic debate.

68.

The Commission has recognised the need for a shared and truly global model of internet governance and, as a consequence, has committed itself to a number of initiatives aiming at making the reform process as inclusive and transparent as possible.

69.

Building on the Commission proposals and efforts we have formulated a number of suggestions in this opinion designed to address effectively the critical issues concerning the tight relationship between privacy and data protection and the internet.

70.

In particular, our remarks focus on the following points:

Internet policy discussions should take into account the nature of fundamental rights of privacy and data protection. Such rights are at the basis of users’ online interactions and should be protected online as well as offline.

Discussions over internet governance should include privacy and data protection as a priority.

In the framework of a multistakeholder approach to internet governance, we support measures to ensure broad stakeholder representation, including the recognition of the role of data protection authorities in improving the consistency of enforcement of data protection rules at global level.

We welcome that the Commission is committed to promoting the swift adoption of key legislation, in particular the proposed General Data Protection Regulation. The strengthening of data subjects’ rights and the right to erasure should become part of the internet governance reform.

The Commission should promote a comprehensive approach to internet governance, and ensure security of personal data processing. We invite the Commission to take action in order to facilitate coordination of security policies at global level, as any conflict of such policies would jeopardise both security and data protection.

We welcome the Commission’s reference to the close relationship between technological design and data protection. We encourage the Commission to work towards the inclusion of optimal data protection standards in the technology at the early design phase (data protection-by-design and data protection-by-default).

In relation to network neutrality, we strongly recommend, that, without prejudice to the current debate on network neutrality, any solution ultimately adopted should gather widespread consensus as to the principles to be applied and on the need to provide for adequate safeguards for users and their rights.

We support the Commission’s efforts in finding a rapid solution to conflicts of law that often arise in connection with the internet and jeopardise users’ rights to privacy and data protection. We also propose that, in cases involving conflicting jurisdictions, users are provided with additional and more accurate information as to the data protection laws and safeguards applied to the processing of their personal data.

We call for greater efforts, by the Commission and other private and public stakeholders, in order to reinforce international cooperation in the field of data protection as well as the convergence of international stakeholders on common technical and data protection standards.

We expect the Commission to show leadership and act as a catalyst in the discussions on the new internet governance model. In particular, we encourage the Commission to promote EU standards on data protection as well as to encourage the accession by third countries to relevant international data protection standards. Furthermore, we support the adoption of an international instrument requiring the respect of data protection standards by intelligence and law enforcement bodies.

Done at Brussels, 23 June 2014.

Giovanni BUTTARELLI

Assistant European Data Protection Supervisor

(1)  COM(2014) 72 final.

(2)  See communication, p. 2.

(3)  Commission Vice-President Neelie KROES, press release IP/14/142 of 12.2.2014.