sign in sign up
<<
Home , File hosting service, Hotfile, Internet in Canada, Open Rights Group

A GLOBAL MULTI-STAKEHOLDER DIALOGUE PROCESS

20132012 IN RETROSPECT & JURISDICTION PROJECT CASE COLLECTION VOLUME 2

I N T E R N E T & MORE INFORMATION ABOUT THE JURISDICTION INTERNET & JURISDICTIONMore information PROJECT AT about OBSERVATORY www.internetjurisdiction.netthe Internet & Jurisdiction Project at: k eepin g trac k o f trends twitter:www.internetjurisdiction.net @IJurisdiction TO S TAY UP-TO-DATE ON THE INTERNET & JURISDICTION PROJECT AND THE LATEST TRENDS W I T H R E G A R D TO T H E TENSION BETWEEN THE CROSS-BORDER INTERNET AND NATIONAL JURISDICTIONS, SUBSCRIBE TO OUR NEWSLETTER AT WWW.INTERNETJURISDICTION.NET A N D F OLLOW @IJURISDICTION ON TWITTER. 2013 IN RETROSPECT

The Internet & Jurisdiction Project is an evidence- based global multi-stakeholder dialogue process. To inform its participants about emerging trends and high-level patterns, the Internet & Jurisdiction Project detected, curated and categorized over 460 cases around the world in a dedicated data- base between January and December 2013. They crowd-curation show the tension between the cross-border nature of the Internet with its transnational online spaces and the patchwork of geographically defined national jurisdictions. spotlight I & J DATABASE WITH The Internet & Jurisdiction Observatory supports CATEGORIZED CASES the Internet & Jurisdiction Project team in keeping track of the latest trends around the globe. This interdisciplinary network of selected international experts crowd-ranks every month all collected crowd-ranking cases in the Internet & Jurisdiction database via a progressive filtering process. The 20 most impor- tant cases are showcased in the monthly Internet & Jurisdiction Project newsletter Retrospect with retrospect concise summaries and links to relevant back- MONTHLY NEWSLETTER WITH TOP 20 CASES ground information.

The case collection ”2013 in Retrospect“ is a com- pilation of 240 selected cases. It provides a review dialogue + analysis of crucial dynamics to stimulate discussions and trigger research. synthesis REGULAR REPORTS ON LATEST TRENDS AND INSIGHTS

FACILITATION TEAM ABOUT The Internet & Jurisdiction Project facili- tates a global multi-stakeholder dialogue process to address the tension between the cross-border nature of the Internet and Bertrand de geographically defined national jurisdic- LA CHAPELLE tions. It provides a neutral platform for Director international organizations, states, business [email protected] and civil society to discuss the elaboration of a transnational due process framework to handle the digital coexistence of diverse national laws in shared cross-border online spaces. Since its launch in January 2012, the Paul Internet & Jurisdiction Project has involved FEHLINGER more than 80 entities in its dialogue process. Manager [email protected] INTERNET & JURISDICTION OBSERVATORY

32 selected international experts from 26 different institutions in 13 countries are part of the internet & jurisdiction observatory. the interdisciplinary network is composed of respected senior experts while leaving room for emerging talents.

Séverine Robert J. Michael ARSÈNE CURRIE GEIST French Center for Research on Dalhousie University, Law & University of Ottawa, Canada Contemporary China, Hong Kong Technology Institute, Canada Research Chair in Internet and E-commerce Law, Canada @severinearsene @CdnTechLaw @mgeist

Chinmayi William H. ARUN DUTTON Nicolas JONDET National Law University New University of Oxford, Delhi, Centre for Communication Oxford Internet Institute, UK University of Edinburgh, Governance, India Edinburgh Law School, UK @BiIIDutton @chinmayiarun @NicolasJondet

Lilian Francis Augusto EDWARDS Matthias C. MEDEIROS KETTEMANN University of Strathclyde, Centre University of Oslo, Norwegian for Internet Law and Policy, UK University of Frankfurt/Main, Research Center for Computers Cluster of Excellence “The @lilianedwards and Law, Norway Formation of Normative Orders”, Germany @francisaugusto Giancarlo @MCKettemann FROSIO Ian Stanford University, Center BROWN Kathryn for Internet and Society, USA KLEIMAN Oxford University, @GCFrosio Oxford Internet Institute & Internet Counsel, Fletcher, Cyber Security Center, UK Heald & Hildreth PLC, USA @IanBrownOII Urs @KleimK GASSER Harvard University, Berkman Lee Wolfgang Center for Internet and Society & BYGRAVE KLEINWÄCHTER Harvard Law School, USA University of Oslo, Norwegian Department for Media and @ugasser Research Center for Computers Information Sciences, Unversity and Law, Norway of Aarhus, Denmark 4 OBSERVATORY

Konstantinos Carlos Affonso Lachlan KOMAITIS PEREIRA DE SOUZA URQUHART Internet Society, Switzerland Rio de Janeiro Institute for University of Nottingham, Technology and Society & Rio de Mixed Reality Lab, UK @kkomaitis Janeiro State University, Brazil @mooseabyte @caffsouza Joanna KULESZA Joana Theresa VARON FERRAZ University of Lodz, Department SCASSA for International Law and Interna- Fundação Getúlio Vargas, Center tional Relations, Poland University of Ottawa, Canada for Technology and Society, Research Chair in Information Brazil @KuleszaJ Law, Canada @joana_varon @TeresaScassa Sarah LOGAN Rolf H. Thomas WEBER Australian National University, SCHULTZ School of International and Po- University of Zurich, Center for litical Studies, Australia Graduate Institute of Interna- Information and Communication tional and Development Studies, Law, Switzerland @circt International Law Department, Switzerland Tobias Bendert MAHLER ZEVENBERGEN Wolfgang Oxford University, Oxford University of Oslo, Norwegian SCHULZ Internet Institute, UK Research Center for Computers Humboldt Institute for and Law, Norway @benzevenbergen Internet and Society, Germany @tomahler @WWSchulz Nicolo Francesca ZINGALES Dan MUSIANI University of Tilburg, Department SVANTESSON of European and International Mines ParisTech, Center for the Bond University, Centre for Public Law, Netherlands Sociology of Innovation, France Commercial Law, Australia @TechJust @franmusiani

Tatiana Nicolas TROPINA VON ZUR MÜHLEN Max Planck Institute for Foreign Max Planck Institute for Foreign and International Criminal Law, and International Criminal Law, Germany Germany @gap_the_mind

5

CONTENT

JANUARY 8 FEBRUARY 13 MARCH 18 APRIL 23 MAY 28 JUNE 33 JULY 38 AUGUST 43 SEPTEMBER 48 OCTOBER 53 NOVEMBER 58 DECEMBER 63

7 JANUARY

1. European Parliament 2. Twitter ordered to reveal Committee endorses EU Data identity of authors of racist Protection Reform, demands tweets in French jurisdiction strict provisions On January 24, 2013 the Grand Instance Court of Paris One year after the European Commission published its ordered Twitter6 to help identifying the authors of racist proposed comprehensive data protection reform1, the tweets with the hashtag #unbonjuif that were a top trend- rapporteur of the European Parliament’s Committee on ing topic in France in October 2012. The court concluded7 Civil Liberties, Justice and Home Affairs issued on January that the racist tweets violate hate speech provisions in 10, 2013 a first draft report.2 The document expresses the the French jurisdiction. Although Twitter removed some8 Committee’s support for the envisaged data governance concerned tweets, it rests unclear if the platform with framework and suggests a variety of amendments that headquarters in San Francisco will comply with the French might impact the way online platforms operate in the 27 order. The company has no offices in France and its rules EU jurisdictions. It will be the basis for further discussions stipulate that user identities can only be revealed with a in the European Parliament before a final vote in April valid US court order. French prosecutors have the pos- 2013. Among others, the report suggests extending the sibility of launching procedures in the US jurisdiction. The territorial scope to non-EU based entities to encompass French court moreover ordered Twitter to “set up, within “all collection and processing of personal data about the framework of its French platform, an easily accessible Union residents” (Amendment 13). Moreover, it empha- and visible system enabling anyone to bring to its atten- sizes the need for “explicit consent” for data processing tion illegal content, especially that which falls within (Amendment 17), stresses the “right to erasure and to the scope of the apology of crimes against humanity and be forgotten” (Amendment 34), and demands stricter incitement to racial hatred.” Twitter can be fined9 1.000 procedures for requests by foreign courts and authori- euros daily for non-compliance with the order. ties regarding personal data located in the EU jurisdiction (Amendment 259). Read further: ITWorld: Twitter ordered to identify racist tweeters in Read further: France10 Reuters: EU lawmakers seek to limit use of data by inter- France24: France orders Twitter to identify racist users11 net firms3 NPR: French Twitter lawsuit pits free speech against hate Hunton Privacy : EU Parliament Committee Rapporteur speech12 issues Draft Report on Proposed Amendments to the EU Commission’s Draft General Data Protection Regulation4 New York Times: Data Protection laws, an ocean apart5

8 3. Access and 5. Facebook, , location as basis to expand Microsoft and Yahoo jurisdiction in US and Canada demand warrants for Two recent rulings in December 2012 in the US and Cana- LEA access to private dian jurisdiction revealed the tendency of extraterritorial communication extensions of sovereignty in Internet cases. A Canadian Four US-based companies – Facebook, Google, Microsoft court decided in a dispute involving a Toronto resident and Yahoo – have decided20 to demand warrants issued and a US-based online platform that used his Canadian by US courts for law enforcement authorities to seize trade-mark that the mere accessibility of the website on communication data of their users. Currently, under the computer screens on Canadian territory is sufficient to 1986 Electronic Communications Privacy Act, police assert Canadian jurisdiction, regardless of the location forces only need subpoenas without the approval of a of the operator or the location of the servers. Likewise, judge to access opened or over 180 days old digital com- a US appeals court asserted jurisdiction over a Canadian munication data in form of or other cloud-stored resident. Accessing her business account from Canada, the formats. The four platforms base their initiative on the defendant sent data from her former Connecticut-based 2010 United States v. Warshak21 case that involved ISPs employer via a computer server located on US territory and the Fourth Amendment. to her private Canadian account. The US court argued that the fact that the used computer server was Read further: on US soil constitutes a sufficient connection to assert US The Hill: Facebook, email providers say they require war- jurisdiction over a foreign resident. rants for private data seizures22 ReadWriteCloud: Social networks use civil disobedience Read further: to protect user data23 The Star: Courts adopt aggressive approach in cross-bor- Wired: Yahoo, like Google, demands warrants for user 13 der Internet jurisdiction cases email24 Canadian Federal Court: Homeaway, Inc. v. Martin Hrdlicka14 United States Court of Appeals for the Second Cir- 15 6. Revenge porn website cuit: MacDermid, Inc. v. Deiter lawsuit targets web host 4. Data seizure in the Cloud: GoDaddy in US jurisdiction Canadian court rejects US A lawsuit25 was filed in a Texan court against the revenge demand for porn website texxxan.com for infringing Texan privacy servers laws. The site features nude pictures without the con- sent of victims. The 16 plaintiffs are not only suing26 the 16 A Canadian court refused on January 9, 2013, to com- owner of the website, claiming he is not protected by the ply with an MLAT procedure for a search warrant that Section 23027 liability exemptions. They also target the was initiated by US authorities. The latter demanded for US-based hosting company GoDaddy under the “doctrine their ongoing investigation mirror-imaged copies of 32 of civil conspiracy” since the web host generated profits Megaupload servers located at a data center on Canadian from “joining with the website”. territory, which were seized on January 19, 2012. Megaup- load protested that the demand was too broad since the 7. Dutch and Canadian servers also contain legal content that is not relevant to privacy authorities jointly the ongoing investigation. The Ontario court ordered Megaupload and the US to agree on the amount of in- investigate Californian formation US authorities should get access to. In case of WhatsApp service disagreement, the judge announced to determine himself The Dutch Data Protection authority and the Canadian what data will be revealed. Privacy Commissioner collaborated to investigate the California-based WhatsApp messaging app. Its violations Read further: of “certain internationally accepted privacy principles” Arstechnica: US rebuffed in effort to get copies of Cana- infringed the law of the Dutch and Canadian jurisdictions. dian Megaupload servers17 The joint investigation is a “global first” according28 to TorrentFreak: Canadian court refuses to ship Megaupload the two authorities. It resulted in two separate reports servers18 under the respective national laws, which will be enforced CircleID: Ontario court rejects U.S. Government demand within the limits of the two jurisdictions. WhatsApp Inc. for full access to Megaupload servers seized in Canada19 has no international establishments29.

9 8. France considers new taxes 13. Anti-piracy group tries and network charges for to cut off ’s revenue platforms in its jurisdiction streams via various On January 18, 2013, the French government published jurisdictions a 198 pages report30 on Internet taxation that targets An anti-piracy group called StopFileLockers announced cross-border platforms which generate profits in the the plan to cut off the finances41 of ’s new French jurisdiction but avoid French taxes. Ideas explored platform Mega. The hosting service does not process pay- in the report include a French tax on the collection of ments on its own but relies on a structure of resellers like data.31 Moreover, after the French ISP Free shortly blocked EuroDNS or Asia Registry to distribute its premium offer. online advertisements by default, France examines how StopFileLockers intends to terminate the PayPal account online platforms could better contribute to French infra- of these companies. structure costs.32 14. US judge rules that news 9. Swedish authority wants agencies cannot freely reuse to make grave online pictures uploaded by Twitter defamation a crime users Following deliberations in the Swedish Parliament on con- A court in the US jurisdiction decided42 that Twitter’s stitutional updates, the Swedish Data Inspection Board Terms of Service do not grant news agencies the right to 33 demands to declare grave cases of online defamation a publish photos that were uploaded on Twitter without crime, punishable by law, in the Swedish jurisdiction. The the prior permission by the owner of a picture. initiative aims at creating a new balance between freedom The case involved Twitter pictures of the Haiti earthquake of expression and privacy. that were sold by AFP via Getty Images to the Washington Post. 10. First six strikes ISP response policy revealed in US 15. German top court rules jurisdiction Internet is an essential part The website Torrentfreak revealed34 the first ISP response of life measures prior to the official launch of the voluntary “six On January 24, 2012 the German Supreme Court ruled43 35 strikes” anti-piracy scheme in the US jurisdiction. The that Internet is an essential part of life44 in the German system foresees a series of alerts to ISP customers who jurisdiction and users can therefore demand compensa- infringe and can also make use of repressive tion from their ISPs if they cannot get online. Similar actions. Verizon’s policy includes the showing of an edu- judgements have been pronounced 2009 in France45 and cational video and the reduction of the Internet connec- 2010 in Finland46. tion to 256kbs for two to three days. 11. US and Russia sign 16. EU cookie law starts to be Rights enforced in Irish jurisdiction Action Plan The office of the Irish Data Protection Commissioner sent letters47 to 80 websites within its jurisdiction to inquire 36 The US and Russia have signed an action plan to cooper- about the way their operators implemented the EU ate in the fight against piracy and online infringements. cookie law that was enacted on July 1, 2011. The letters are 37 Among others, the agreement foresees collaborations in a “first step”48 of enforcing the law. the area of content takedowns, seizures and law making, including Russia’s draft law on ISP liability for copyright 17. Rising Requests: Google infringements by users. and Twitter publish new 12. Chinese messaging app transparency reports WeChat applied local content The January 2013 transparency reports by Google49 and filters to global users Twitter50 show an increase of user data requests by vari- ous jurisdictions. Demands for private identifiers and user Filters for sensitive content in the Chinese jurisdiction data to Google rose by 17 percent over the last six months 38 were switched on for all global users of the popular chat to 21.389 requests. During the same period, Twitter re- app WeChat, operated by the Chinese company Trancent. ceived 1009 requests, which represents a 20 percent rise. The app provider monitored the communications of US authorities have issued the largest number of requests its users and blocked the sending of certain “restricted to both platforms. words” while displaying a warning message39. According to Trancent, the territorial extension of Chinese filters was a glitch40. 10 18. WTO allows Antigua hate speech against women. The social network deter- and Barbuda to pursue mined initially53 that the picture did not violate the site’s Terms of Service54 and constituted humor. Facebook with portal for later reversed its stance55 and apologized to the Face- “pirated” US material book user. On January 28, 2013 the World Trade Organization con- firmed51 a 2007 preliminary authorization and allowed 20. ISPs ordered to reveal Antigua and Barbuda to launch a download platform in identities of file shares in its jurisdiction without compensating US-based copyright Swedish civil copyright cases holders. The copyright suspension is a legal sanction after a trade dispute involving online gambling52 between the Two cases before the Swedish Supreme Court gave green 56 two jurisdictions. light to reveal the identities of alleged pirates through their ISPs under the Swedish legislation that was enacted based on the EU 2009 Intellectual Property Rights En- 19. Hate speech or humor: 57 Facebook reverses forcement Directive. determination on graphic violence A female Facebook user in Iceland’s jurisdiction flagged an offensive photoshopped picture of herself that contained

REFERENCES 1 European Commission 7 Legalis (24.1.2013). Tribunal 14 Federal Court Decisions 21 Wikipedia (27.2.2014). (25.1.2012). Commission pro- de grande instance de Paris (12.12.2012). HomeAway.com , United States v. Warshak. poses a comprehensive reform Ordonnance de référé 24 jan- Inc v. Hrdlicka. of the data protection laws. vier 2013. 22 The Hill (25.1.2013). Face- 15 InternetCases (26.12.2012). book, email providers say they 2 European Parliament’s 8 The New York Times Macdermid v. Deiter require warrants for private Committee (10.1.2013). Euro- (20.10.2012). Twitter removes data seizures. pean Parliament’s Committee anti-Semitic postings, French 16 CanLII (9.1.2013). Canada on Civil Liberties, Justice and Jewish group says. (United States of America) v. 23 ReadWrite (30.1.2013). Home Affairs draft report. Equinix Inc., 2013 ONSC 193 Social networks use civil 9 Reuters (24.1.2013). Twitter (CanLII). disobedience to protect user 3 Reuters (9.1.2013). EU ordered to identify anti-se- data. lawmakers seek to limit use of metic tweeters in France. 17 ArsTechnica (16.1.2013). US data by internet firms. rebuffed in effort to get cop- 24 Wired (25.1.2013). Yahoo, 10 ITWorld (24.1.2013). Twit- ies of Canadian Megaupload like Google, demands warrants 4 Hunton Privacy Blog ter ordered to identify racist servers. for user e-mail. (10.1.2013). EU Parliament Com- tweeters in France. mitteeRapporteur Issues Draft 18 TorrentFreak (17.1.2013). 25 Betabeat (22.1.2013). Class Report on Proposed Amend- 11 France24 (24.1.2013). Canadian court refuses to ship action suit against GoDaddy. ments to the EU Commission’s France orders Twitter to iden- Megaupload servers to the US. com and Texxxan.com. Draft General Data Protection tify racist users. Regulation. 19 CircleID (16.1.2013). On- 26 ArsTechnica (22.1.2013). 12 NPR (22.1.2013). French tario court rejects U.S. govern- New lawsuit against “revenge 5 The New York Times Twitter lawsuit pits free ment demand for full access porn” site also targets Go- (3.2.2013). Data protection speech again hate speech. to Megaupload servers seized Daddy. laws, an ocean apart. in Canada. 13 The Star (5.1.2013). Court 27 Digital Media Law Project 6 The New York Times adopts aggressive approach in 20 The Hill (25.1.2013). Face- (18.2.2011). Section 230 of the (21.1.2013). In a French case, cross-border Internet jurisdic- book, email providers say they Communications Decency Act. a battle to unmask Twitter tion cases. require warrants for private users. data seizures.

11 28 Dutch Data Protection 36 United States Trade den Ausfall eines Internetan- 51 ArsTechnica (29.1.2013). Authority (28.1.2013). Representative (1.1.2013). Intel- schlusses zu. World Trade Organization WhatsApp investigation. lectual property rights action approves new site full of “pi- plan. 44 Reuters (25.1.2013). rated” materials from the US. 29 Bird&Bird (29.1.2013). German court rules internet WhatsApp investigated by 37 CNet (25.1.2012). U.S., Rus- “essential” . 52 TorrentFreak (28.1.2013). Canadian and Dutch privacy sia agree on ‘action plan’ to Antigua’s legal “Pirate Site” authorities. fight piracy. 45 ReadWrite (11.6.2009). Is authorized by the World Trade a fundamental Organization. 30 Ministere du redresse- 38 BBC News (14.1.2013). human right? France’s high ment productif (20.1.2013). China’s denies We- court says yes. 53 Wired (1.4.2013). Face- Mission d’expertise sur Chat app global censorship. book’s questionable policy la fiscalite de l’economie 46 BBC (1.7.2010). Finland on violent content toward numerique. 39 TechinAsia (10.1.2013). makes broadband a ‘legal women. Now China’s WeChat app is right’. 31 New York Times censoring its users globally. 54 Facebook (15.11.2013). (21.1.2013). France proposes 47 Privacy and Information Statement of rights and re- internet tax. 40 TechinAsia (11.1.2013). Security Law Blog (3.1.2013). sponsibilities. Tencent responds in case of Irish data protection commis- 32 Bloomberg (7.1.2013). apparent WeChat censorship. sioner commences enforce- 55 Wired (7.1.2013). Facebook France considers charging ment of new cookie law. apologized for tolerating vio- Google for network capacity. 41 TorrentFreak (21.1.2013) lent imagery toward women. Dotcom’s mega: Anti-piracy 48 Data Protection Commis- 33 ComputerWorld group moves to cut off site’s sioner (20.1.2013). Data protec- 56 TorrentFreak (4.1.2013). (14.1.2013). Swedish authority finances. tion commissioner commenc- Identifying pirates now easier wants online defamation to be es action on “Cookie” law. following Swedish supreme punishable by law. 42 Reuters (15.1.2013). News court decisions. outlets improperly used pho- 49 Google (20.1.2013). Trans- 34 TorrentFreak (11.1.2013). tos posted to Twitter: judge. parency report. 57 Wikipedia (22.9.2013). Verizon’s “six strikes” anti- Enforcement directive. piracy measures unveiled. 43 Bundesgerichtshof 50 Twitter (20.1.2013). Trans- (24.1.2013). Bundesgerichtshof parency report. 35 PC World (29.11.2012). De- erkennt Schadensersatz für but of ‘six strikes’ anti-piracy program pushed back to 2013.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-january-references

12 FEBRUARY

1. European Court of Human technically not feasible to block YouTube in the Egyp- Rights rules on balance tian jurisdiction without interfering with the access to Google Search. The regulator said7 in a statement that the between copyright and free “government cannot carry out the contents of the verdict speech within Egypt’s borders” since only the United States were The European Court of Human Rights (ECHR) ruled1 for able to shut down YouTube. Under similar circumstances, the first time on the interrelation between copyright and the access to the video hosting platform remains blocked the right of freedom of expression as stipulated by Article in Pakistan8. 102 of the Convention for the Protection of Human Rights and Fundamental Freedoms. A French court held three Read further: photographers liable for copyright infringements, who New York Times: Egypt orders block on YouTube access9 published unauthorized fashion photos on a website. The BBC: Egypt Ministry appeals against order to block You- photographers brought the case before the ECHR claim- Tube10 ing that their Article 10 rights were violated by the French ZDNet: Egyptian court orders YouTube block over ‘anti- judgment. The ECHR clarified that since the photos were Islam film11 published with a commercial purpose, Article 10 was not violated. However, the ECHR argued that copyright 3. Google not obliged enforcement must be generally balanced with freedom of to filter defamatory expression. user in Italian jurisdiction Read further: ECHR Blog: Copyright vs Freedom of Expression Judg- On December 21, 2012, a Milan court overturned a 2010 ment3 ruling that sentenced three Google executives to prison. 12 Guardian: When does Freedom of Expression trump copy- The case involved a YouTube video of a bullied boy that right?4 was posted on the platform in 2006. The details of the TechDirt: ECHR: No, copyright does not automatically appeals court’s decision have been made public on Febru- trump Freedom of Expression5 ary 27, 2013. According to the ruling, “the possibility must be ruled out that a service provider, which offers active 2. Egyptian judge orders hosting can carry out effective, pre-emptive checks of the entire content uploaded by its user”. Moreover, the court YouTube block over ‘anti- stated that any obligations for Internet companies to Islam’ video, regulator prevent the of defamatory content would “alter” appeals the functionality of platforms. Despite Google’s temporary block6 of the “Innocence of Muslims” YouTube video within Egypt’s jurisdiction Read further: in September 2012, a Cairo court ordered the ministries Reuters: Google not expected to check every upload says of communications and investment on February 9, 2013 Italian court13 to block YouTube for 30 days for carrying the offensive Appeals Court of Milan: Written Opinion14 content. The National Telecommunication Regulatory WebProNews: Court: Google can’t be forced to filter Authority appealed the decision. It argues that it is every uploaded video15

13 4. Facing legal pressure, The 6. Iceland considers plans to Pirate Bay moves serves from block online pornography Swedish jurisdiction Iceland’s Interior minister Ogmund Jonasson is drafting a Due to impeding legal action by the copyright group new legislation that would ban online pornography in the “Rights Alliance” in the Swedish jurisdiction, the torrent Icelandic jurisdiction. Printing and distributing pornogra- link library stopped hosting the platform phy is already forbidden28 “offline”. Iceland would be the via the Swedish . Instead, the operators moved first Western country with a comprehensive pornogra- the site16 to servers of the Pirate Party in the Spanish and phy ban. Measures to implement such provisions could Norwegian jurisdictions. However, due to immediate include IP address and credit card payment blocks29. legal pressure, the platform rapidly stopped hosting its data in Norway. What followed was a well-planned hoax: 7. China issues its first The torrent library announced17 it moved its servers as a personal data governance consequence to the “virtual asylum” of North Korea and guidelines artificially routed the traffic18 to its servers through the country. On February 1, 2013 the “Guidelines for Personal Infor- mation Protection Within Public and Commercial Ser- Read further: vices Information Systems” published by the Ministry of 30 TorrentFreak: Pirate Party threatened with lawsuit for Industry and Information Technology took effect . The hosting The Pirate Bay19 non-binding framework sets for the first time comprehen- TorrentFreak: The Pirate Bay departs Sweden and sets sail sive data protection standards in the Chinese jurisdiction. 31 for Norway and Spain 20 Among others, the guidelines prohibit extraterritorial ArsTechnica: Fake headline of the day: The Pirate Bay transfers of any personal data “without the individual’s “moves” to North Korea21 express consent, government permission or other explicit legal or regulatory permission”. 5. UK court says Google can be liable for slow removal of 8. Facebook can maintain its defamatory content real name policy in German jurisdiction, court says A landmark case in the UK jurisdiction specified that Google could be liable for defamatory posts on its blog- The social network Facebook won a case against the data ging platform if it fails to remove them after notification. protection authority of the Land Schleswig-Holstein 32 A British citizen sued22 Google Inc., headquartered in the (ULD) in Germany. In December 2012, the ULD ordered US, and Google UK over comments on a Blogger.com site the platform to allow pseudonyms in accordance with called “London Muslim” that Google removed only five German and EU law. On February 14, 2013 an administra- 33 weeks after receiving a notification by the plaintiff in July tive court ruled that since Facebook is headquartered 2011. The plaintiff appealed a prior ruling23, which argued in the Irish jurisdiction, it is governed by Irish instead of that Google could not be regarded as the publisher of a German data protection laws. The ULD plans to appeal defamatory post. On February 14, 2013 the Court of Ap- the decision before the Schleswig-Holstein Higher Admin- peal agreed24 with the first judge that Google Inc. is not istrative Court. the primary publisher of such content. However, the judg- es argued that Google has an active role to play as soon 9. Brazil criminalizes phishing as it is notified about a defamatory post to initiate timely in its jurisdiction takedown measures. Nevertheless, the appeals court In April 2013, Brazil’s first cyber law that targets online agreed with the initial judgment that Google’s liability for fraud will take effect. The law that was approved34 by the the period between notification and removal should be Câmara de deputado on November 7, 2012 will criminalize regarded as “so trivial as not to justify the maintenance of phishing35 of credit cards and other financial information. the proceedings”. It is designed to protect the growing e-commerce and banking sector in the Brazilian jurisdiction. Read further: SLC: Tamiz v Google: Court of Appeal judgment on defa- mation claim 25 Guardian: Google must act quickly on libelous Blogger posts, says appeal court 26 GigaOM: Happy Valentine’s, Google – see you in court27

14 10. Facebook deletes EU users’ 14. Police partially blocks facial recognition data Tumblr in Italian jurisdiction On February 7, 2013 both the Hamburg Commissioner for by accident Data Protection and Freedom of Information in Germany Tumblr was partially inaccessible48 in Italy for two days. and the Office of the Irish Data Protection Commissioner The anti-pedophilia agency CNCPO ordered the blocking (DPC) confirmed the deletion36 of all stored facial recog- of the domain 25.media.tumblr.com that contained child nition data of EU users by Facebook. On October 15, 2012, pornography. The domain referred however to an Amazon the social network already disabled37 its facial recognition cloud server that hosted other Tumblr pictures, which feature for Europeans after the DPC published38 a re-audit were thus also blocked for Italian users. The domain was and Hamburg’s data protection commissioner investi- removed from the Italian ISP blacklist on February 14, gated39 the feature. 2013. 11. EU Cyber Security Strategy 15. EU privacy watchdogs would make breach plan to take actions against notifications mandatory Google The European Commission presented on February 7, 2013 The EU Article 29 Working Party decided49 to continue the draft Directive on Network and Information Secu- their investigation in Google’s privacy policy. The Data 40 rity . According to the proposed law, online platforms Protection Authorities announced50 the intention to such as social networks and cloud providers would need enforce EU law by mid-2013. Coordinated measures could 41 to report security breaches to public authorities. Until include warnings, injunctions, orders and financial sanc- now, only telecommunication companies are required to tions. The investigations are led by the French CNIL. do so in the EU jurisdiction. The draft Directive still needs to be approved by the European Parliament. 16. Google not liable for 12. YouTube challenges advertisement messages in Russian ‘harmful content’ Australian jurisdiction law in court The Australia’s High Court decided51 that Google is not responsible for the sponsored messages displayed on its On February 15, 2013, Google’s video platform YouTube platform. The court stressed that “ordinary and reason- 42 filed a lawsuit in a Moscow court against the Russian able users of the Google search engine would have consumer rights watchdog Rospotrebnadzor that imple- understood that the representations conveyed by the ments the 2012 law to restrict harmful online content in sponsored links were those of the advertisers, and would the Russian jurisdiction. YouTube challenges the order not have concluded that Google adopted or endorsed the to remove a video that provides instructions to fake a representations”. suicide attempt, which appears to be “clearly intended to entertain viewers”. Platforms can be put on a blacklist and blocked nationally in case of non-compliance43 with 17. Websites should notify us- Rospotrebnadzor’s decisions. ers about cookies in Mexican jurisdiction 13. CISPA reintroduced in US The new Privacy Notice Guidelines52, published by the one day after Executive Order Ministry of Economy, will take effect in April 2013. They on cybersecurity specify53 that data controllers must notify users about cookies or web beacons on their websites and provide in- On February 12, 2013, US President Obama issued a Cyber- formation on how to disable this form of data collection. security Executive Order44 that provides a framework for public-private intelligence sharing on cyberthreats. One 18. Dutch copyright group day later, the Cyber Intelligence Sharing and Protection Act (CISPA) has been re-introduced45. The bill passed the sues The Pirate Bay proxy House of Representatives in 2012 and stalled in the Sen- operator ate as civil liberties groups voiced privacy concerns46 and BREIN, a Dutch copyright group, has sued54 the operator the White House threatened to veto47 the law. of the Pirate Bay proxy kuiken.co for facilitating . Dutch residents can still access the - rent library with cybertravel tools like proxies, despite a nation-wide ISP blockade of the website.

15 19. Indian court orders block 20. French Hadopi regime of 78 defamatory web pages might target streaming The Indian Institute of Planning and Management won a The French Hadopi agency that implements the three- case before a district court that resulted in the block55 strikes copyright regime in the French jurisdiction an- of 78 URLs that contained defamatory content. Blocked nounced plans58 to target online streaming. So far, the addresses included articles from the Wall Street Journal agency monitored only peer-to-peer . Possible and the Times of India and the governmental web page of measures to stop illegal streaming could include domain the Indian University Grant Commission. The government name seizures, as well as DNS or IP blocking and financial appealed56 the decision and a district judge ordered the penalties executed by payment intermediaries. unblocking57 of 70 URLs four weeks later. The case trig- gered a public debate on the use of ISP blocks.

REFERENCES

1 European Court of Human 11 ZDNet (11.2.2013). Egypt 22 The Guardian (2.3.2012). 33 TechCrunch (15.2.2013). Rights (10.4.2013). Affaire court orders YouTube block Google wins libel case over Facebook wins court challenge Ashby Donald et Autres c. over ‘anti-Islam film. Blogger comments. in Germany against its real France. names policy. 12 Reuters (21.12.2012). 23 Bloomberg (14.2.2013). 2 Council of Europe Google executives acquitted Google gets London Muslim 34 UOL (7.11.2012). House (4.10.1950). Convention for the in Milan autism video case. blog case thrown out. passes bill that criminalizes Protocol for Human Rights invasion of email and internet and Fundamental Freedoms. 13 Reuters (27.2.2013). 24 BAILII (14.2.2013). Tamiz v card fraud. Google not expected to check Google. 3 ECHR (22.1.2013). Copyright every upload says Italian 35 CNBC (7.11.2012). Crimi- vs freedom of expression court. 25 SCL (14.2.2013). Tamiz nalise phising. judgment. v Google: Court of appeal 15 WebProNews (28.2.2013). judgement on defamation 36 The Next Web (7.2.2013). 4 The Guardian (13.2.2013). Court: Google can’t be forced claim. Irish and German regulators When does freedom of speech to filter everything. confirm: Facebook has deleted trump copyright? 26 The Guardian (14.2.2013) all facial recognition data for 16 ArsTechnica (26.2.2013). Google must act quickly as EU users. 5 TechDirt (6.2.2013) Euro- The Pirate Bay leaves Sweden libelous Blogger posts, says pean court of human rights: for friendlier waters. appeal court. 37 The Verge (21.9.2012). No, copyright does not auto- Facebook disables facial matically trump freedom of 17 The Pirate Bay (3.3.2013). 27 Gigaom (17.2.2013). Happy recognition in EU as Ireland expression. Press release. New provider Valentine’s, Google – see you publishes positive privacy for TPB. in court. report. 6 ZDNet (13.9.2012). YouTube censors controversial video in 18 Will’s Blog (5.3.2013). The 28 The Telegraph (13.2.2013). 38 Data Protection Commis- the Middle East. Pirate Bay – Northern Korea Iceland considers pornogra- sioner (21.9.2012). Report of hosting? No, it’s fake. phy ban. Re-Audit. 7 Reuters (14.2.2013). Egyp- tian regulator appeals against 19 TorrentFreak (19.2.2013). 29 CNet (15.2.2013). Iceland 39 The New York Times court’s YouTube ban. Pirate party threatened with works to block Internet porn. (15.8.2012). Germans reopen lawsuit for hosting the Pirate investigation on Facebook 8 The International News Bay. 30 English.peopl.cn privacy. (13.2.2013). Pakistan decides (31.1.2013). The Internet needs not to unblock YouTube. 20 TorrentFreak (26.2.2013). a safety net. 40 European Commission The PirateBay departs Sweden (7.2.2013). Draft directive on 9 The York Times (10.2.2013). and sets sail for Norway and 31 DLA Piper (8.2.2013). network and information Egypt court orders block on Spain. China’s evolving personal data security. YouTube access. privacy landscape. 21 ArsTechnica (5.3.2013). 41 ComputerWorld 10 BBC (18.2.2013). Egypt Fake headline of the day: The 32 BBC (18.12.2012). Germany (7.2.2013). Proposed EU cyber ministry appeals against order PirateBay “moves” to North orders changes to Facebook security law would firm up to block YouTube. Korea. real name policy. breach notification rules.

16 42 The Wall Street Journal 47 ComputerWorld 52 Diario Oficial de la 56 NDTV (19.2.2013). Govern- (12.2.2013). YouTube suit (25.4.2012). White House Federacion (17.1.2013). Al ment to challenge court order over Russian content law. threatens veto of CISPA bill. margen un sello con el Escudo in favour of Arindam Chaud- Nacional, que dice: Estados huri. 43 RIANOVOSTI (15.2.2013). 48 EDRI (27.2.2013). Protect- Unidos Mexicanos.- Secretaría Russian consumer watchdog ing digital freedom. de Economía. 57 The Times of India says its studying YouTube’s (1.3.2013). Unblock defamatory lawsuit. 49 ComputerWorld 53 Privacy and information URLs about IIPM: Court. (28.2.2013). EU privacy task- security law blog. Mexico Is- 44 The White House force plans to take action sues Cookie and Web Beacon 58 ArsTechnica (27.2.2013). (12.2.2013). Executive Order -- against Google before the Rules and Privacy Notice France’s “three strikes” Improving Critical Infrastruc- summer. Requirements. anti-piracy regime may target ture Cybersecurity. streaming sites. 50 CNIL (28.2.2013). Google’s 54 TorrentFreak (17.2.2013). 45 The Hill (5.2.2013). Rup- privacy policy: G29 ready for PirateBay proxy crowdfunds persberger: House intelligence coordinated enforcement legal fight against Hollywood committee to re-introduce actions. group. CISPA this year. 51 Reuters (6.2.2013). Google 55 The Register (19.2.2013). 46 ComputerWorld wins landmark advertising Indian government censors (14.2.2013). Privacy groups case in Australia. own website after court order. protest CISPA bill.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-february-references

17 MARCH

1. China and win 2. The Pirate Bay founders’ dismissal of a First appeal rejected by the Amendment lawsuit in US European Court of Human jurisdiction Rights On March 25, 2013 China and Baidu, the operator of The European Court of Human Rights (ECHR) unani- China’s largest search engine, won the dismissal1 of a mously rejected6 the appeal of the Pirate Bay founders lawsuit under US law before the District Court in Manhat- and Fredrik Neij who hoped to overturn the tan. The case goes back to 2011, when eight US citizens conviction in the Swedish jurisdiction that found the men claimed that Baidu “in conjunction with and as an agent guilty of assisting copyright infringement. The defendants and enforcer of the People’s Republic of China” purpose- claimed that the Swedish decision violated their freedom fully excluded certain pro-democratic content. The New of expression rights under Article 107 of the European York City residents filed a lawsuit against China and Baidu Convention on Human Rights since they were only facili- for violations of free speech provisions under state and tators of data exchanges on the Internet. They appealed federal law. China declined to effect service in line with the judgment before the ECHR in June 2012. The ECHR the provisions of the Hague Convention2 on the Service came to the conclusion that the there were “weighty Abroad of Judicial and Extrajudicial Documents in Civil reasons for the restriction of the applicants’ freedom of and Commercial Matters, Article 13: A state may refuse to expression” under Article 10 due to their conduct. Ac- comply with a request if it “deems that compliance would cordingly, the ECHR ruled that the Swedish judgment was infringe its sovereignty or security”. The US court stated sufficiently balanced. The ECHR pronounced itself for that the plaintiffs were thus not properly served and the first time on the interrelation of freedom of expres- dismissed the case. sion and copyright in January 2013 (Ashby Donald et al. v. France8). Read further: Court Opinion and Order: Zhang et al. v. Baidu.com Inc. Read further: and People’s Republic of China3 European Court of Human Rights: Fredrik NEIJ and Peter Reuters: Baidu, China win dismissal of U.S. censorship SUNDE KOLMISOPPI v. Sweden9 lawsuit4 ArsTechnica: European Court of Human Rights unani- The Register: US democracy activists lose case against mously rejects Pirate Bay appeal10 Baidu and China5 Kluwer Copyright Blog: ECHR: Copyright vs. Freedom of Expression II (The Pirate Bay)11

18 3. New draft law against on- 5. Google downranks The line piracy in Spanish jurisdic- Pirate Bay on its .co.uk tion domain Targeting websites that host or link to copyright infring- Google decided to downrank26 the search result for ing content, the Spanish Council of Ministers approved “pirate bay” in the UK jurisdiction. The search engine the reform draft of the Intellectual Property Law, which thereby uses the Domain Name System and not geo-IP is known as “Lasalle law”, on March 22, 2013. The draft is filtering. Only searches on the localized google.co.uk open for public input12 and expected to be voted on in domain are affected by the move. The torrent library can parliament before the end of 201313. The reform comes still be found with the search term “pirate bay” on Google one year after Spain adopted the “Sinde law“14, which al- sites with other Top Level Domains and even the British lows authorities to block infringing websites through ISPs. version continues to show the controversial file-sharing Under the proposed copyright law, website operators who website as a result for related search terms. In Septem- repeatedly fail to delete infringing content upon requests ber 2012, Google removed The Pirate Bay from its Instant could be fined with up to 300.000 euros. Moreover, Search27 suggestions. The Pirate Bay is currently blocked28 intermediaries such as advertising companies and pay- by leading ISPs in the British jurisdiction and therefore ment services could be forced to withdraw their services only accessible via proxies and VPNs for British residents. to illicit websites, which would also allow to increase the pressure on websites whose operators are located in for- Read further: eign jurisdictions. The Spanish Culture Minister clarified15 Search Engine Land: Google demotes The Pirate Bay UK that the high penalties are supposed to prevent recurring search ranking29 infringements and that search engines, which comply with TorrentFreak: Google downranks The Pirate Bay in UK requests, will be exempted from the new law. search results30 Telegraph: Record labels criticise Google anti-piracy ef- Read further: fort31 TorrentFreak: Spain to crackdown on pirate sites and out- law file-sharing16 EDRi: Spain: New draft law to increase copyright infringe- 6. Nine European countries ment penalties17 call upon EU to soften the Reuters: Spain cracking down on copyright infringement, data protection reform 18 online piracy The pressure32 on the EU to ease certain provisions of the draft reform that will update the 1995 Data Protection 4. French association takes Directive increases. Next to concerned business actors legal action against Twitter and the US, nine European jurisdictions including the UK, for non-compliance with Germany, Sweden and Belgium have voiced their con- local court request cerns33 on issues such as the ‘right to be forgotten” in a memo drafted by the Irish EU presidency. On March 21, 2013, the Union of French Jewish students filed a lawsuit under criminal law19 against Twitter in the 7. YouTube block in Egyptian French jurisdiction, which claims 38.5 million euros in damages. The US-based company failed to comply with jurisdiction stopped by court the January 2013 order of a Parisian court to hand over The Administrative Court of Egypt accepted the appeal34 the identification data of authors who tweeted racist by the National Telecommunications Regulatory Author- posts20 in October 2012 within two weeks. Therefore, the ity (NTRA) and overruled the decision of a Cairo court35 association, which won the civil lawsuit against Twitter on from February 9, 2013 to block YouTube for one month January 24, 2013, filed the new criminal lawsuit, together for carrying the anti-Islam video “Innocence of Muslims”. with the anti-racism NGO J’accuse – International Action NTRA argued36 in its appeal that the block would affect for Justice, against Twitter and its CEO Dick Costolo. The Google Search and that only the US was able to shut damages would be donated to the Shoah Memorial in down YouTube. Paris. Twitter in return filed an appeal21 against the initial January 2013 judgment. The Irish headquarters of the 8. British defamation reform micro-blogging service has a legal presence22 for tax pur- amendment could impose poses in the French jurisdiction since December 2012. high fines on bloggers Read further: A new amendment, dubbed “Leveson deal”, to a draft France24: French Jewish students take legal action against press law in the UK jurisdiction could impose high defa- Twitter23 mation fines37 on bloggers and other website operators CNET: Twitter hit with $50M suit over anti-Semitic who generate revenues with news items. They would be tweeter data24 obliged to sign up to a new press regulator to be excluded Huffington Post: Twitter Faces $50 Million Lawsuit In from exemplary fines. France Over Anti-Semitic Tweet Data25 19 9. Details of Italian YouTube 14. News aggregators do judgment: Pre-emptive not need to pay publishers filtering not necessary in German jurisdiction for Sixty days after a Milan court decided in Google’s fa- snippets vor and acquitted the three executives from all liability The German parliament voted47 on March 1, 2013 that charges concerning the 2006 YouTube video of a bullied news aggregators like Google News can continue to autistic boy, the details of the verdict have been pub- show snippets of news articles without paying the online lished. The court stressed38 that an “obligation for the publishers they link to. Meanwhile, Portuguese media Internet company to prevent the defamatory event would companies48 demand financial compensation for snippets impose on the same company a pre-emptive filter on all from Google. the data uploaded on the network, which would alter its own functionality.” 15. US lawmakers introduce 10. Bordeaux court holds new bill that requires linking website operator warrants for data access liable for copyright On March 6, 2013 US lawmakers introduced the Online infringements Communications and Geolocation Protection Act.49 The bill would create50 new requirements for law enforcement The French Court of Appeals of Bordeaux judged39 that agencies to access electronic communications and geo- the operator of a website with a library of links to copy- location data with court-issued warrants. The draft law right infringing movies committed criminal copyright seeks to reform the Electronic Communications Privacy infringement. The website did not host any infringing Act, which took effect in 1986. content itself. 16. EU and APEC debate 11. Data requests: Microsoft interoperability of standards publishes global statistics, for cross-border data Google discloses new details transfers 40 On March 21, 2013 Microsoft presented its first Trans- Looking at how companies should comply with data pro- 41 parency Report with statistics on the 70.665 requests tection standards in different jurisdictions, the Article 29 it received from law enforcement authorities in jurisdic- Working Party and the Asia-Pacific Economic Cooperation tions around the world throughout 2012. Google enlarged (APEC) met in Indonesia to discuss51 the interoperability 42 its Transparency Report by disclosing information on between the APEC Cross-Border Privacy Rules and EU national security letter requests from the FBI. Binding Corporate Rules. The US Department of Com- merce is equally participating52 in the talks to identify 12. French anti-piracy tools that guarantee interoperability in cross-border data agency Hadopi might target transfers. streaming and direct download sites 17. State asks Kerala The French agency behind the “three strikes” regime for High Court for order to P2P filesharing explores in a new report43 the possibility block porn sites in Indian to enlarge its efforts and target streaming sites and direct jurisdiction 44 download platforms. The paper outlines the possible Arguing that there is a correlation between the recent obligation for proactive platform filtering, as well as the sexual violence against women in India and online por- introduction of new financial penalties through payment nography, the Indian state of Kerala’s government submit- intermediaries and mechanisms for DNS and IP blocking ted53 a petition to the High Court of Kerala that seeks a in case of non-compliance. judgment, which would oblige the federal government’s agency Indian Computer Emergency Response Team to 13. Twitter complies with block websites that contain sexually explicit content. requests to block posts in Russian jurisdiction 18. First Facebook online Twitter suspended45 one account and restricted the ac- defamation case in Trinidad cess to five posts in the Russian jurisdiction, according to and Tobago the Russian Federal Service for Supervision in Telecom- More and more jurisdictions are confronted with legal munications, Information Technology and Mass Com- challenges on the Internet. In Trinidad and Tobago, a munications. The micro-blogging service complied with requests under the child protection law46 that took effect in November 2012. 20 court might rule on the first online defamation case54 in 20. Russian Duma discusses the history of the country that involves posts on a Face- new framework for law “on book page. the Internet” 19. Brazil’s first The State Duma’s Committee on Information Policy, law takes effect Information Technology and Communications presented a draft concept that is intended to trigger a discussion on The first cybercrime law takes effect in the Brazilian juris- the need to modernize Russian legislation for the Internet 55 diction. The “Dieckmann law” , named after a celebrity Age. The draft explores56 the appropriateness of a single cybercrime victim, aims at combating online frauds like legal framework “on the Internet” and debates the extent phishing. Brazilian cybercriminals have been involved in of Russian territorial jurisdiction in cyberspace. attacks beyond the Brazilian jurisdiction, including Argen- tina, Chile, Mexico and Uruguay in the past.

REFERENCES

1 Bloomberg (26.3.2013). 10 ArsTechnica (13.3.2013). 20 CNet (17.10.2012). Sparks 29 SearchEngineLand Baidu Wins Dismissal of U.S. European Court of Human fly over anti-Semitic tweets in (6.3.2013). Google Demotes Political Censorship Lawsuit. Rights unanimously rejects France. The Pirate Bay UK Search Pirate Bay appeal. Ranking. 2 Hague Conference on 21 DigitalTrends (25.3.2013). Private International Law 11 Kluwer Copyright Blog Eh oui! Twitter hit by $50 mil- 30 TorrentFreak (6.3.2013), (15.11.1965). Convention on the (20.3.2013). ECHR: Copyright lion criminal lawsuit in France. Google downranks the Pirate Service Abroad of Judicial and vs. Freedom of Expression II Bay in UK search results. Extrajudicial Documents in (The Pirate Bay). 22 HollywoodReporter Civil or Commercial Matters. (1.10.2013). France Pressures 31 Telegraph (21.2.2013). 12 Reuters (22.3.2013). Spain Twitter to Address Rise in Record labels criticise Google 3 Scribd (21.3.2013). Zhang et cracking down on copyright Hate-Speech Hashtags. anti-piracy effort. al v. Baidu.Com Inc. et al. infringement, online piracy. 23 France24 (27.11.2012). 32 Infosecurity (7.3.2013). 4 Reuters (25.3.2013). Baidu, 13 Future of Copyright French Jewish student body Brussels under pressure to China win dismissal of U.S. (28.3.2013). Spain presents new takes Twitter to court. soften EU data protection censorship lawsuit. intellectual property legisla- rules tion. 24 CNet (22.3.2013). Twitter 5 The Register (26.3.2013). US hit with $50M suit over anti- 33 The Guardian (7.3.2013). democracy activists lose case 14 BBC (3.1.2012). Anti-in- Semitic tweeter data. UK joins US in lobbying Brus- against Baidu and China. ternet piracy law adopted by sels over data protection Spanish government. 25 Huffington Post rules. 6 IP Watch (13.3.2013). Pirate (22.3.2013). Twitter Faces $50 Bay loses its appeal to Euro- 15 Cincodias (22.3.2013). Las Million Lawsuit In France Over 34 Ahram Online (9.3.2013). pean Court Of Human Rights. multas a webs con contenidos Anti-Semitic Tweet Data. Egypt’s Administrative Court ilegales llegarán a 300.000 accepts appeal against You- 7 Council of Europe euros. 26 TechDirt (6.3.2013). Tube ban, halting previous (4.10.1950). Convention for the Google downranks the Pirate order. Protection of Human Rights 16 TorrentFreak (22.3.2013). Bay in the UK, because surely, and Fundamental Freedoms. Spain to crackdown on pirate that will make people buy 35 The New York Times sites and outlaw file-sharing. again. (10.2.2013) Egypt court orders 8 ECHR Blog (22.1.2013). block on YouTube access. Copyright vs Freedom of 17 EDRi (27.3.2013). EDRi- 27 SearchEngineLand Expression Judgment. Gram – 11.6, 27 March 2013. (10.9.2013). Google removed 36 Reuters (14.2.2013). Egyp- the Pirate Bay from instant tian regulator appeals against 9 European Court of Human 18 Reuters (22.3.2013). Spain search. court’s YouTube ban. Rights (19.2.2013). Application cracking down on copyright no. 40397/12 Fredrik NEIJ and infringement, online piracy. 28 BBC (30.4.2012). The 37 The Guardian (19.2.2013). Peter SUNDE KOLMISOP- Pirate Bay must be blocked by Press regulation deal sparks PI against Sweden. 19 Politico (22.3.2013). Twit- UK ISPs, court rules. fears of high libel fines for ter sued for $50 million over bloggers. racist, anti-Semitic tweet data.

21 38 Reuters (27.22.2013). 43 Hadopi (15.2.2013). Rap- 48 CNet (27.3.2013). Portu- discuss international data Google not expected to check port sur les moyens de lutte guese media outlets demand transfer interoperability. every upload says Italian contre le streaming et le Google pay for links, news court. telechargement direct illicites. leads. 53 The Times of India (22.3.2013). State police can’t 39 The 1709 Blog (11.3.2013). 44 ArsTechnica (27.2.2013). 49 Zoe Lofgren (6.3.2013). block porn sites, govt tells HC. Linking Site Operator Convict- France’s “Three Strikes” Online Communications and ed by French Appeals Court. anti-piracy regime may target Geolocation Protection Act. 54 Guardian Media (9.3.2013). streaming sites. Defamatory Facebook page 40 The New York Times 50 ComputerWorld upsets DPP. (22.3.2013). Microsoft releases 45 The Moscow Times (6.3.2013). US lawmakers intro- report on law enforcement (18.3.2013). Twitter Agrees to duce electronic surveillance 55 Presidency of the Repub- requests. Block Access to Blacklisted reform bill. lic (30.11.2012). Law N. 12,737, Content in Russia. 41 Microsoft (10.2.2013). 51 CNIL (21.2.2013). Interna- 56 Gazeta (8.2.2013). Author- Microsoft’s Law Enforcement 46 PCMag (1.4.2013). Report: tional data transfers: towards ity will deal with Internet. Requests Report– 2013 (Jan- Russian Blacklist Bill Targets an articulation of data flow Jun). Social Networks. systems between Europe and the Asia-Pacific area? 42 CNet (5.3.2013). Google 47 Bloomberg (1.3.2013). offers data on FBI’s national- Google Defeats Publishers 52 Privacy and information security-related requests for Over Web Copyright in Ger- security blog (5.2.2013). Article user identities. man Vote. 29 Working Party and APEC

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-march-references

22 APRIL

1. US cybersecurity bill CISPA Google’s Terms of Service update that created a new, faces resistance in Senate unified privacy policy across over 60 services on March 1, 2012. In October 2012, CNIL came to the conclusion10 after passing the House that Google’s privacy policy does not provide users of its Despite a veto threat1 by the US White House and strong services with sufficient information on the processing of concerns2 of civil liberties groups due to the lack of their personal data, including the “scope of the collec- privacy safeguards, the US Cyber Intelligence Sharing tion and the potential uses”. The French watchdog issued and Protection Act (CISPA) was approved3 by the House subsequently several recommendations, which Google of Representatives on April 18, 2013. The bill intends failed to implement11 within a four-months deadline to augment the security of US networks and computer until February 2013. The coordinated inquiries in Google’s systems by facilitating the information sharing on cyber- privacy policy according to the law of the six European threats between Internet companies and local authorities. jurisdictions could now result in enforcement measures Criticism arises from provisions that would grant a large and financial sanctions.12 number of US agencies access to personal data without proper judicial oversights and authorize companies to Read further: share information directly and without legal liabilities GigaOM: Google faces wrath of European regulators over with US authorities. As a next step, CISPA needs to pass unified privacy policy13 the Senate, before arriving at the White House. Reminis- Guardian: Google facing legal threat from six European cent of 2012 when an earlier version4 of CISPA stalled in countries over privacy14 the Senate, it seems likely that the Senate will not vote New York Times: Google faces more inquiries in Europe on CISPA. Instead, new bills are being drafted in the Sen- over privacy policy15 ate, including a bipartisan information-sharing bill5 by the Senate Intelligence Committee. 3. EU privacy reform: US stresses need of Read further: interoperability for cross- Economist: From SOPA to CISPA6 border data transfers ZDNet: CISPA “dead” in Senate, privacy concerns cited7 US House of Representatives: H.R. 3523 Cyber Intelligence As negotiations around the planned update of the EU Sharing and Protection Act8 data protection legislation get more intense16 in Brussels, the US continues17 to stress the need of cross-border data 2. Six EU countries launch interoperability. Under the current proposal18, US-based coordinated privacy companies operating in the European jurisdiction could be fined with up to two percent of their global turnover investigations into Google for breaches of EU privacy laws. In what appears to be Data Protection Authorities in the United Kingdom, Ger- the first public US comment to the proposed EU privacy many, Italy, the Netherlands and Spain have announced law reform according to the news site EurActiv, a senior on April 2, 2013 to open official investigations in Google’s US Federal Trade Commission (FTC) official recalled that privacy policy. The five agencies join9 the French CNIL, privacy provisions in the US and EU jurisdiction already which led between March and October 2012, in the name share several key characteristics. With her visit to Brus- of the EU Article 29 Working Group, the inspection of sels, FTC representative Julie Brill “wanted to make sure

23 that the language will allow us to continue to co-operate Read further: robustly through the ‘safe harbour’”. In a joint statement, TechCrunch: Saudi Arabian government mulls ban of European Commission Vice-President Viviane Reding and WhatsApp, Skype and Viber over regulatory require- US Secretary of Commerce John Bryson acknowledged19 ments33 in March 2013 the “defining moment for global personal Reuters: Saudi Arabia may try to end anonymity for Twit- data protection and privacy policy” and interoperability ter users34 as both the EU and US update their frameworks. CNN: Saudi prince: Blocking social media platforms is a ‘losing war’35 Read further: Wall Street Journal: US to EU: US data law is Brill20 6. Interpol targets payment EurActive: US makes first public comment over draft EU intermediaries in fight data privacy law21 against file-sharing DataGuidance: Brill says greater cross-border flexibility needed to achieve EU-US interoperability22 Due to an investigation by Interpol in cooperation with Visa and Mastercard, the payment intermediary iKoruna, 4. ISP blocks and domain based in the Czech jurisdiction, was compelled to stop seizures: Italy cracks down offering its service to file-sharing sites. Remaining trans- actions have been retained, which could indicate that on 27 file-sharing sites Interpol conducts a criminal investigation36 against one of The Public Prosecutor of Rome ordered ISPs to block23 the the payment processor’s clients. domains of 27 file-sharing websites in the Italian jurisdic- tion. Moreover, the prosecutor announced the possibility 7. Californian draft law to initiate international legal procedures to demand the requires platforms to proper seizure of the domains. The targeted file-sharing disclose collected user data sites are registered at the top-level domains .com, .org, .net, .ch, .tv, .it .in and .co. Investigations by the Italian The draft law “Right to Know Act 2013”37 proposed by a Cybercrime Police led to the crackdown that followed a California Assembly Member was re-read and amended copyright infringement complaint24 issued by the Ital- for the second time in the US State. The bill would require ian distributor of the French animated movie “A Monster companies in its jurisdiction, including many globally of Paris”. The website Rapidgator, as well as some Italian operating online platforms, to disclose38 stored personal ISPs have filed appeals25 against the order by the Court of data upon request of users within 30 days. Rome. 8. Appealed again: 2006 Google Read further: Video lawsuit continues to TorrentFreak: Massive and Cyberlocker domain highest Italian court crackdown underway26 ArsTechnica: Italy blocks 27 sites suspected of aiding file- In 2010, the Court of Milan pronounced suspended prison sharing27 sentences for three senior Google officials. They were EDRI: A Monster from Rome – huge crackdown action on held liable for a clip showing a bullied disabled boy, which “file-sharing”28 circulated in 2006 on Google Video. The appeals court of Milan overturned39 the initial ruling and acquitted the executives of all charges in December 2012. The prosecu- 5. Saudi Arabia seeks to 40 monitor communications on tor now appealed this decision. The case will be heard Skype and Twitter by the Italian Court of Cassation. Saudi Arabia’s telecommunications regulator, the Com- 9. ICANN’s Governmental munications and Information Technology Commission, Advisory Committee flags a explores how to enforce local jurisdiction over online dozen new strings activities of Saudi citizens using communication and micro-blogging services established in third countries. On April 11, 2013, at the ICANN meeting in Bejing, the The regulator asked29 the operators of encrypted chat Governmental Advisory Committee (GAC) issued a Com- and messaging platforms including Skype, WhatsApp or munique that advises the ICANN Board not to proceed Viper30 to provide the government with means to monitor with the evaluation of several new top-level domains communication in its jurisdiction. The Commission said including .patagonia, .persiangulf and .wine. Moreover, the 41 it would consider procedures31 to block these services in GAC suggested a number of safeguards for the creation the Saudi Kingdom if it was impossible to monitor them. of new strings that can be commented until May 14, 2013. Moreover, Saudi authorities announced plans32 to track identities on Twitter by obliging Saudi users to register their IDs to access the platform.

24 10. Uruguay accedes to takedown of content that is defamatory for members of Council of Europe’s personal the Chamber. Hereby, to avoid lengthy court procedures, data processing Convention the Attorney General suggested putting in place a proce- 108 dure for direct requests that do not run through courts. Uruguay has become the 45th country and first non- 15. French Intelligence agency European signatory to accede42 to the Council of Europe’s forced Wikipedia volunteer Convention for the Protection of Individuals with Regard to delete an article to Automatic Processing of Personal Data. The data pro- tection framework that also regulates cross-border data The French Intelligence Agency Direction Centrale du 49 transfers will become effective on August 1, 2013. Renseignement Intérieur has allegedly compelled a vol- unteer editor of Wikipedia France to take down an article about a French military base, after the Wikimedia Founda- 11. CC-TLDs: The Pirate Bay moves tion refused to comply with an initial takedown request. from Sweden over Greenland The article has been reposted by other Wikipedia users to to Iceland’s jurisdiction become the most-viewed page on wikipedia.fr. The torrent link library The Pirate Bay continues to evade national enforcement actions by switching its country 16. German court confirms: code top-level domain (cc-TLD) to new jurisdictions. Facebook can maintain its Preempting43 an imminent seizure of their .se (Sweden) real-name policy domain, the platform moved to Greenland’s .gl on April 8, 2013. However, the operator of .gl quickly announced44 to Confirming two lower judgements, the Administrative suspend the domain for illegal activities. The Pirate Bay is Court of Appeals of the German State of Schleswig- now registered under Iceland’s .is.45 Holstein ruled on April 23, 2013 that Facebook can forbid pseudonyms on its platform in the German jurisdiction. The Office of the Data Protection Commissioner (ULD) of 12. Japanese law enforcement Schleswig-Holstein previously ordered Facebook to abol- urges ISPs to block online ish its strict real-name policy. The court reaffirmed50 that anonymizer such an order would need to be made under Irish law due In order to limit cybercrime in its jurisdiction, Japan’s Na- to the location of Facebook’s international headquarters tional Police Agency has asked national ISPs to voluntarily in Dublin. block46 communications that use The Onion Router (Tor), an anonymity software that relies on distributed, encrypt- 17. Egypt launches online ed routing and masks the location of Internet users. pornography block in its jurisdiction 13. Canadian court rejects Enforcing a 2009 order by Cairo’s administrative court, Californian jurisdiction Egypt started51 to progressively employ its blocking pro- clause in eBay’s Terms of gram that was set up in January 2013 to restrict the access Service to Internet pornography for Egyptian residents. A court declared eBay’s Terms of Service clause that specifies California as the only jurisdiction to solve 18. Germany fines Google over disputes with the US-based platform to be “excessive and Street View data collection 47 unreasonable” . The Canadian court therefore asserts The Data Protection Authority of the German state Ham- adjudicatory jurisdiction over the e-commerce company burg ordered52 Google to pay a 145.000 Euro fine on April and allows two Canadian plaintiffs to pursue legal actions 22, 2013 for the systematic collection of personal user against eBay. data during the image capturing for its Street-View ser- vice. The amount represents 0.0002 percent of Google’s 14. Brazilian legislature asks 2012 net profit. Google for new procedure to take down defamatory content The Attorney General of the Brazilian Chamber of Depu- ties has contacted Google Brazil to propose a plan48 that would allow streamlining the process of request for the

25 19. Digital reselling of music 20. National security: Indian infringes copyright in US authorities investigate jurisdiction Google mapathon A New York Judge ruled53 on April 2, 2013 in a case in- A Google “mapathon” in India, for which users were asked volving the digital music reselling platform ReDigi that to complement information on the Google Earth plat- second-hand sales would constitute unauthorized copies form, might have violated54 Indian national security laws of music that infringe copyrights. regarding mapping. Investigations were launched after India’s official mapping agency Survey of India issued a complaint.55

REFERENCES

1 The White House 9 CNIL (2.4.2013). Google 16 The Guardian (7.3.2013). 23 Italia & Mondo (16.4.2013). (16.4.2013). US cybersecurity privacy policy: six European UK joins US in lobbying Brus- Online movies, magistrate of bill CISPA faces resistance data protection authorities to sels over data protection Rome ordered the seizure of in Senate after passing the launch coordinated and simul- rules. 27 file-sharing sites. House. taneous enforcement actions. 17 ArsTechnica (1.2.2013). 24 La Stampa (16.4.2013). 2 Electronic Frontier Foun- 10 CNIL (16.10.2012). Google’s Proposed EU data protection Darks 27 streaming video sites dation (1.5.2013). CISPA Passes new privacy policy : incom- reform could start a “trade by a magistrate in Rome. Out of the House Without plete information and uncon- war,” US official says. Any Fixes to Core Concerns. trolled combination of data across services. 18 Spiegel (18.1.2013). Data 25 TorrentFreak (19.4.2013). 3 VentureBeat (18.4.2013). Protection: All you need to Rapidgator and ISPs appeal House of Representatives 11 TechCrunch (18.2.2013). know about the eu privacy domain name blockade and passes controversial cyber- Google’s consolidated privacy debate. seizure. intelligence bill. policy draws fresh fire in Eu- rope. 19 Europa (19.3.2012). EU-U.S. 26 TorrentFreak (15.4.2013). 4 Huffington Post (25.4.2013). joint statement on data pro- Massive Bittorrent and Cy- Senate Won’t Vote On CISPA, 12 Bloomberg (2.4.2013). tection by European Commis- berlocker domain crackdown Deals Blow To Controversial Google faces fines in EU after sion Vice-President Viviane underway (updated). Cyber Bill. failing to fix privacy policy. Reding and U.S. Secretary of Commerce John Bryson. 27 ArsTechnica (16.4.2013). 5 Huffington Post (25.4.2013). 13 Gigaom (2.4.2013). Google Italy blocks 27 sites suspected Senate Won’t Vote On CISPA, faces wrath of European 20 The Wall Street Journal of aiding file-sharing. Deals Blow To Controversial regulators over unified privacy (19.4.2013). U.S. to EU: U.S. data Cyber Bill. policy. law is brill. 28 EDRi (24.4.2013). EDRi- Gram – 11.8, 24 Apr 2013 6 The Economist (18.4.2013). 14 The Guardian (2.4.2013). 21 EurActiv (23.4.2013). US From SOPA to CISPA. Google facing legal threat makes first public comment 29 BBC (25.3.2013). Saudi from six European countries over draft EU data privacy law. Arabia ‘threatens Skype ban’. 7 ZDNet (25.4.2013). CISPA over privacy. ‘dead’ in Senate, privacy con- 22 Data Guidance (18.4.2013). 30 CNet (1.4.2013). Saudi cerns cited. 15 The New York Times USA: Brill says greater cross- Arabia threatens to ban Skype, (3.4.2013). Google faces more border flexibility needed to WhatsApp, and Viber. 8 US House of Representa- inquiries in Europe over pri- achieve EU-US interoper- tives (25.5.2013). H.R. 3523 vacy policy. ability. 31 Al Arabiya (25.3.2013). Cyber Intelligence Sharing and Saudi Arabia threatens to Protection Act block Skype, WatsApp, Viber.

26 32 The Times (1.4.2013). Tweet- 38 ArsTechnica (2.4.2013). 44 TorrentFreak (10.4.2013). 50 Computerworld ers ‘could lose anonymity’. California lawmaker introduc- New PirateBay Greenland do- (23.4.2013). Facebook can keep es unprecedented personal mains (about to be) seized. its real name policy, German 33 TechCrunch (1.4.2013). data disclosure bill. appellate court decides. Saudi Arabian government 45 TorrentFreak (25.4.2013). mulls ban of WhatsApp, Skype 39 ArsTechnica (21.12.2012). PirateBay finds safe haven in 51 Los Angeles Times and Viber over regulatory Italy finally acquits Google Iceland switches to .IS domain. (4.4.2013). Egypt moves to requirements. execs convicted over user- block access to pornography. uploaded video. 46 Mainichi (29.5.2013). 34 Reuters (30.3.2013). Japanese law enforcement 52 The New York Times Saudi Arabia may try to end 40 ComputerWorld urges ISPs to block online (23.4.2013). Germany fines anonymity for Twitter users: (17.4.2013). Google Video trial anonymizer. Google over data collection. paper. to continue to Italian supreme court. 47 The Star (29.3.2013). Que- 53 BBC (2.4.2013). Judge rules 35 CNN (7.5.2013). Saudi bec court says no to eBay’s digital music cannot be sold prince: Blocking social media 41 ICNN (23.4.2013). New online contract: Geist. ‘second hand’. platforms is a ‘losing war’. gTLD Board Committee Con- sideration of GAC Safeguard 48 Journalism in the 54 The Hindu (5.4.2013). 36 TorrentFreak (17.4.2013). Advice. Americas (22.3.2013). Brazilian Delhi Police probing Google’s Interpol probe targets funds legislature proposes plan to map contest. of major file-hosting services. 42 Data Guidance (18.4.2013). streamline removal of defama- International: Uruguay accedes tory content online. 55 Teresa Scassa (8.4.2013). 37 California Legislative to Convention 108; Morocco Google mapathon provokes Information (1.4.2013). AB-1291 to follow. 49 ArsTechnica (6.4.2013). police investigation. Privacy: Right to know act of Wikipedia editor allegedly 2013: disclosure of a custom- 43 TorrentFreak (9.4.2013). forced by French intelligence er’s personal information. The PirateBay moves to .gl to delete “classified” entry. domain in anticipation of domain seizure.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-april-references

27 MAY

1. German court prescribes apparently complied with existing US trade sanctions notice and takedown regime against Syria. According to WHOIS records, most seized domains were marked by the registrar with the notion for defamatory Google “OFAC Holding”, a reference to the US Department of autocomplete terms the Treasury’s Office of Foreign Assets Control8 which Germany’s Federal Court of Justice overturned on May 14, enforces the sanctions. US-based companies which do 2013 the decisions of two lower courts and decided1 that not comply with enacted sanctions can face civil enforce- Google.de must block defamatory autocomplete search ment actions and financial sanctions. suggestions2 in the German jurisdiction upon notification. Autocomplete suggestions are generated by algorithms Read further: and based upon frequent search terms typed by users. The Krebs on Security: Trade sanctions cited in hundreds of case involved a German company that complained over Syrian domain seizures9 the suggested search terms “Scientology” and “fraud”, ArsTechnica: Network Solutions seizes over 700 domains which were connected to its name. The top court came to registered to Syrians10 the conclusion that this constitutes a form of defamation Web Host Industry Review: Network Solutions seizes 700 since the suggestions imply a “factual link” between the domains belonging to Syrian Entities11 plaintiff and the terms, which have “negative connota- tions”. Another high-profile case involving the former Ger- 3. German court asks man First Lady Bettina Wulff3 and Google’s autocomplete European Court of Justice function is still pending in Germany. about legality of embedding YouTube videos Read further: Deutsche Welle: German federal court raps Google on On May 16, 2013 Germany’s Federal Court of Justice 12 the knuckles over autocomplete function4 asked the European Court of Justice to decide upon the Search Engine Land: German court says Google must question whether a website operator potentially infringes 13 block libelous words added via autocomplete function5 copyrights by embedding protected third-party YouTube BBC: Germany tells Google to tidy-up auto-complete6 videos on a website. A water filter manufacturer brought the case before German courts after competitors embed- 2. US registrar seizes over ded its promotional video in their website. The video was 700 domain names of Syrian uploaded on YouTube by another person without any authorization. The court came to the conclusion that the entities so-called framing of the YouTube video does not infringe The US-based registrar Network Solution has seized7 copyright law in the German jurisdiction, but could 708 domains that were registered in .com .org and .net violate European laws. The lawsuit did only focus on the top-level domains and used by Syrians. The majority of embedding of YouTube videos. The plaintiff filed a sepa- the seized domains were pointing at IP addresses assigned rate lawsuit against YouTube. The decision of the Euro- to the Syria’s domain registration authority and Internet pean Court of Justice on framing and resulting copyright regulator Syrian Computer Society. Network Solutions infringement liabilities could trigger changes in the laws of all EU member states.

28 Read further: Read further: PCWorld: German case on embedding YouTube videos TorrentFreak: Pirate Bay domain registrar assists copyright referred to EU court14 infringement, prosecutor claims26 Deutsche Welle: Who owns a YouTube clip?15 Network World: Swedish domain admin comes out DLA Piper: German Federal Court of Justice submits deci- against Piratebay.se seizure27 sion on the legality of framing to the ECJ16 The Register: P2P badboy The Pirate Bay sets sail for the Caribbean28 4. Dealing with viral defamation on Facebook, 6. Brazilian court decides YouTube: Irish court explores Google should take down takedowns content upon notification, On May 16, 2013 the Irish High Court gave an interlocutory without court order judgment17 in a case that involves the questions of how to On May 20, 2013, the ruling of a Brazilian Higher Court deal with the viral spread of defamatory content on so- from April 2013 became public. A content owner wanted cial network platforms and remediation. The defendants Google to remove an unauthorized copy of his material include Facebook Ireland, Google Ireland and US, You- from a blog hosted by the company. The court decided29 Tube and Yahoo UK. False accusations of an Irish student that content providers in the Brazilian jurisdiction must not paying a taxi fare circulated widely on the Internet take down infringing content immediately after receiving after a taxi driver posted a video of a fleeing costumer a notice from the author of the content, even without on YouTube. The video became viral and the student who a court order. Any non-compliance with such requests was wrongly identified18 as the culprit filed a lawsuit to could render the providers liable for damages. The rea- demand the permanent removal of the video. The High soning of the judgement was applied30 in a similar case in- Court ruled that experts for the plaintiff should meet volving offensive content takedowns, in which a Brazilian with experts of the concerned Internet companies to dis- court ordered Google to pay 30.000 Real for not having cuss the feasibility and technical steps for takedowns to removed six pages after receiving a notification. implement a mandatory injunction19 until the full trial. 7. Australian financial Read further: regulator accidentally The Journal: Court says YouTube video of taxi evasion may blocks 1200 websites while be taken down from the Internet20 targeting two Daily Mail: MoS proves that innocent young man was falsely branded a thief on the world’s biggest websites21 The Australian Securities and Investment Commission IT Law in Ireland: Defamatory material on Facebook and tried to block31 two fraudulent websites registered in YouTube: McKeogh v. Doe and others22 .com. However, one of the websites was sharing its IP ad- dress with 1200 other websites that were unintentionally 5. Swedish authorities want blocked. This is the first time that a governmental agency to seize The Pirate Bay’s .se and apart of the Australian Federal Police uses the Section .is domains 313 of the Telecommunications Act to order ISPs to block websites. On May 1, 2013 the torrent link library The Pirate Bay moved23 its site to Sint Maarten’s .sx domain in anticipa- 8. Plan in Taiwan to block tion of a potential seizure of its .se and .is domains. One overseas websites that day before, on April 30, 2013, a Swedish prosecutor filed a infringe copyrights motion at the District Court of Stockholm to demand the seizure of thepiratebay.se, piratebay.se and thepiratebay. abandoned is. The Icelandic domain registry ISNIC however clarified24 On May 21, 2013 the Taiwanese Intellectual Property of- that it would not implement a seizure order coming from fice announced32 a plan to amend the Copyright Act to the Swedish jurisdiction. Sweden’s domain registry IIS order local ISPs to limit the access to copyright infring- protested25 against the intention to seize a domain and ing websites outside its jurisdictional reach through IP argued it would be disproportionate. Moreover, according and DNS blocks. Free speech protests, however, led the to IIS, this would be the first time that a state sues a reg- agency to quickly back off33 from the intended plan. istry “for abetting criminal activity or breaching copyright law”: The Swedish prosecutor included IIS in the list of defendants in the case against The Pirate Bay for assisting in criminal copyright infringement. The domain adminis- trator must respond to the request until early June 2013.

29 9. Syria shuts off Internet in 14. Antigua might cooperate its jurisdiction for 20 hours with The Pirate Bay to launch On May 7, 2013 Syrian authorities disconnected the coun- WTO authorized piracy portal try from the Internet for 20 hours. Syria used the core In January 2013, the World Trade Organization (WTO) au- routing protocol Border Gateway Protocol34 to shut off thorized Antigua to suspend US copyrights in its jurisdic- the Internet and guarantee that both incoming and outgo- tion in response to trade sanctions. The government of ing traffic came to a stop35. Antigua is currently exploring potential partnerships41 for a planned “piracy” platform and will soon accept official 10. Russia ratifies Council bids for cooperation. The website TorrentFreak reports of Europe’s data protection that the state is considering to team up with The Pirate Convention 108 Bay, which responded positively to the idea. On May 15, 2013 Russia ratified36 the “Convention for the 15. Indian Supreme Court protection of individuals with regard to Automatic Pro- cessing of Personal Data” of the Council of Europe, which examines validity of content sets legally binding standards for data protection and screening law for website privacy. It will enter into force37 in the Russian jurisdiction operators on September 1, 2013. The Indian Supreme Court is going to examine42 the valid- ity of the Information Technology Rules of 2011, which 11. Indian may ask Skype to obliges operators of websites in the Indian jurisdictions set up local servers and ISPs to screen content on their platforms for illegal content in to segregate IP addresses by order to remove it. region 16. Singapore introduces The Indian Ministry of Home Affairs considers38 to de- mand VoIP providers such as Skype to set up servers in licensing regime for the Indian jurisdiction to allow law enforcement authori- online news outlets in its ties and security agencies to . jurisdiction Moreover, plans were pronounced to ask ISPs and mobile Singapore’s Media Development Authority announced43 phone companies to “segregate Internet Protocol (IP) ad- on May 28, 2013 a new rule that obliges news outlets that dresses on a state basis” to allow websites such as social meet certain criteria to apply for a license that requires networks to be blocked in selected Indian regions. them to take down “prohibited content” as specified in the national Internet Code of Practice44 within 24 hours. 12. US blogger might face 1 It rests unclear how this rule applies to foreign news web- million dollar reputation sites or platforms with servers in other jurisdictions. lawsuit by Indian publisher Following critical comments by a US blogger, an Indian 17. US judge denies worldwide publishing company announced39 the intention to sue copyright class action the operator of the site for violations of Section 66A of against YouTube the Indian Information Technology Act, which forbids to A US district judge in Manhattan denied45 certifying a publish “any information that is grossly offensive or has class action of copyright holders from around the world menacing character” or to publish false information via against YouTube that would have required a “mammoth a computer. The publisher claims 1 million US dollar in proceeding”. The class action lawsuit was filed in 2007 damages. It rests unclear if the lawsuit will be filed in the against infringing videos and music on the platform. Indian or US jurisdiction. Initiators included the English Premier League and the French Tennis Federation. 13. Norwegian Copyright Act amendment to block piracy 18. Cyberbullying might sites likely to be adopted become a criminal offense in A majority in the Norwegian parliament voted40 in favor Canadian jurisdiction of amendments to the Copyright Act, which would On May 11, 2013, the Canadian Prime Minister announced46 establish the legal basis in the Norwegian jurisdiction to that the government explores to criminalize cyberbul- compel ISPs to block piracy websites on its territory. The lying, cyberintimidation, and cyberassault. The plan to law would also remove personal data protections in cases review the Criminal Code was triggered by two teen- of copyright infringements to identify end-users. The age victims of cyberbullying who committed suicide in amendment was presented by the Ministry of Culture in Canada. January 2013.

30 19. US revenge porn lawsuit 20. Russian social network targets hosting websites and VKontakte blacklisted by server operators error In a case involving a revenge porn video uploaded to Due to a human error49 in dealing with the Russian black- different pornography websites, a woman in the US list50 database, the social network VKontakte was blocked state Florida has filed47 a lawsuit not only against her in some parts of the Russian jurisdiction, including St ex-boyfriend, but also against the websites to which the Petersburg, on May 24, 2013. The responsible regulator video was uploaded, as well as their hosting companies. A Roskomnadzor quickly restored the access to the social similar48 revenge porn lawsuit filed in January 2013 equally network that counts 210 million users. targeted the involved web hosting company.

REFERENCES

1 Juris (14.5.2013). Federal 8 U.S. Department of the 15 Deutsche Welle (17.5.2013). rial on Facebook and YouTube: Court of Justice decides on Treasury (12.5.2013). Organiza- Who owns a YouTube clip? McKeogh v. Doe and others. the Admissibility personality tional structure. infringing Search addenda to 16 DLA Piper (1.4.2014). No 23 The Verge (1.5.2013). The “Google”. 9 KrebsonSecurity (8.5.2013). surprises as CJEU upholds Pirate Bay of the Caribbean: Trade sanctions cited in website blocking injunctions. torrent site shifts domain to 2 Bloomberg (14.5.2013). hundreds of Syrian domain Sint Maarten. Google Loses German Case seizures. 17 Scribd (19.4.2013). McKe- Over Autocomplete Function. ogh v. Doe and Others. 24 Mashable (1.5.2013). The 10 ArsTechnica (8.5.2013). Pirate Bay Moves to the Carib- 3 Spiegel (20.9.2012). Au- Network Solutions seizes over 18 Independent (16.5.2013). bean. tocompleting Bettina Wulff: 700 domains registered to YouTube video falsely accus- Can a Google Function Be Syrians. ing student of running out on 25 Ahram Online (9.3.2013). Libelous? taxi fare must be removed. Egypt court halts YouTube 11 TheWhir (9.5.2013). Net- ban. 4 Deutsche Welle (15.5.2013). work Solutions seizes 700 19 RTE News (16.5.2013). High German federal court raps domains belonging to Syrian Court rules video to be taken 26 TorrentFreak (16.5.2013). Google on the knuckles over entities. down from YouTube, Face- Pirate Bay domain registrar autocomplete function. book. assists copyright infringement, 12 Federal Court (16.5.2013). prosecutor claims. 5 SearchEngineLand Bundesgerichtshof referred 20 The Journal (16.5.2013). (14.5.2013). German Court Says to the Court of the European Court says YouTube video 27 NetworkWorld (16.5.2013). Google Must Block Libelous Union rights issue to admis- of taxi evasion may be taken Swedish domain admin comes Words Added Via Autocom- sibility of “framing”. down from the internet. out against Piratebay.se plete Function. seizure. 13 Spiegel (16.5.2013). Social 21 DailyMail (22.1.2012). 6 BBC (14.5.2013). Germany media: Court must decide on Crucified by vigilantes of the 28 The Register (1.5.2013). tells Google to tidy up auto- YouTube integration. internet: MoS proves that in- P2P badboy The Pirate Bay sets complete. nocent young man was falsely sail for the Caribbean. 14 PC World (16.5.2013). branded a thief on the world’s 7 The Domains (8.5.2013). German case on embedding biggest websites. 29 Techmundo (20.5.2013). Network Solutions Seizes YouTube videos referred to EU Brazil: Google should delete Over 700 Domain Names & court. 22 IT Law in Ireland content plagiarized even with- Sites Associated To Syrian (16.5.2013). Defamatory mate- out court order. President.

31 30 Jornal Jurid (23.5.2013). connected from the Internet 41 TorrentFreak (3.5.2013). 46 Canadian Privacy Law Google Brazil shall indemnify again. Pirate Bay and Antigua explore (20.11.2013). Anti-cyberbullying writer at £ 30,000. launch of authorized “Pirate bill tabled in Canadian Parlia- 36 New Europe (15.5.2013). Site”. ment. 31 Delimiter (15.5.2013). In- Russia signs international data terpol filter scope creep: ASIC protection convention. 42 The Times of India 47 ArsTechnica (2.5.2013). ordering unilateral website (30.4.2013). Supreme Court to Revenge porn” suit targets blocks. 37 EDRi (22.5.2013). EDRi- examine validity of Informa- generic porn sites, Web hosts. Gram – 11.10, 22 May 2013. tion Technology rules. 32 Global Voices (26.5.2013). 48 ArsTechnica (22.1.2013). Copyright Amendment Could 38 The Times of India 43 ZDnet (30.5.2013). Singa- New lawsuit against “revenge Bring Web Filter System to (20.5.2013). Government wants pore’s online licensing rule a porn” site also targets Go- Taiwan. Skype to set up servers in sign of more to come. Daddy. India. 33 Focus Taiwan (6.3.2012). 44 MDA (12.5.2013). Internet 49 BBC (24.5.2013). Error Taiwan backs off plan to block 39 Chronicle (15.5.2013). Pub- code of practice. blacklists Russia’s top social sites violating copyright laws. lisher threatens to sue blogger network VKontakte. for $1-billion. 45 Reuters (16.5.2013). 34 Wikipedia (1.4.2014). Bor- Copyright owners can’t sue 50 Wikipedia (17.3.2014). Rus- der gateway protocol. 40 TorrentFreak (1.5.2013). Google’s YouTube as a group sian internet blacklist. Pirate site blocking legisla- – judge. 35 Next Web (7.5.2013). The tion approved by Norwegian nation of Syria has been dis- parliament.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-may-references

32 JUNE

1. US intelligence service Twitter to provide a local “interlocutor” or open an office collects data of foreign to receive local requests for takedowns and access to user data. Twitter refused to comply11 with Turkish requests to citizens via operators reveal the identity of users who tweeted posts that were located in its jurisdiction deemed to insult the government, the prime minister Documents leaked1 by the former intelligence contractor of the personal rights of other Turkish citizens. Anti- revealed on June 6, 2013 the existence government protests12 in Istanbul that started on May 28, of the large-scale Internet surveillance scheme “Prism” 2013 were making use of Twitter and other social media operated by the US National Security Agency (NSA). platforms to coordinate efforts. According to available information, Prism was created in the US jurisdiction under the Foreign Intelligence Surveil- Read further: lance Act2 and collects information about non-US citizens Reuters: Turkey seeks to tighten grip on Twitter after who use US-based cross-border online platforms, which protests13 were obliged to to participate in a request and transfer BBC: Twitter seeks to tighten control over Twitter14 scheme3 to exchange user data stored on the platforms’ Hürriyet: Twitter under microscope amid ‘Gezi Park probe’ servers with the NSA. The surveillance program is over- seen by the secret Foreign Intelligence Surveillance Court. 3. France to delete Internet Google, Microsoft, Yahoo, Facebook, AOL, Apple and cut-off sanction from Paltalk are legally required to cooperate. Some compa- anti-piracy law after first nies published aggregated statistics4 on national security application requests, including Prism. The Spiegel reports that the 15 16 NSA monitors 500 million data connections5 in the Ger- France’s ministers for the digital economy and culture man jurisdiction alone. Similar surveillance programs in announced the intention of the government to remove other jurisdiction were also uncovered. The UK’s Tempora6 the Internet cut-off sanction from a 2009 anti-piracy law program monitors cross-border traffic that passes through that created a three-strikes system in the French juris- transatlantic undersea cables located on its territory. diction. The agency Hadopi was created to scan French Internet traffic for illegal peer-to-peer file-sharers and Read further: enforces the law through two warnings, by mail and let- New York Times: US confirms that it gathers online data ter, and ultimately a temporary Internet cut-off. Despite overseas7 millions of warnings issued by Hadopi, no Internet access Associated Press: Secret to PRISM program: even bigger sanctions were issued until June 2013: a court ordered the 17 data seizure8 15 days disconnection of an Internet user who continued Guardian: Boundless Informant: the NSA’s secret tool to to share one or two infringing files after ignoring the first track global surveillance data9 two “strikes”. The Internet user must also pay a 600 euros fine. Hadopi is likely to be replaced by an automated fine 2. Turkey asks Twitter to system, as suggested by the Lescure reform report.18 reveal user data and establish Read further: a local representation ArsTechnica: France removes Internet cut-off threat from On June 26, 2013 the Turkish government asked Twitter its anti-piracy law19 to establish a local representation in its jurisdiction. The TorrentFreak: France disconnects first file-sharer from the Minister for Transport and Communications Binali Yildir- Internet20 im said10 “if you operate in Turkey you must comply with New York Times: French appear to soften law on media Turkish law” and asked social media platforms, including piracy21

33 4. France and Spain open Read further: CNet: Twitter must reveal names behind anti-Semitic coordinated EU efforts to tweets, rules French court29 enforce privacy laws on ZDNet: Twitter’s appeal against racist tweets case Google written off30 On June 20, 2013, the French data protection authority Web Pro News: Twitter looses French appeal, told to (DPA) CNIL and its Spanish counterpart AEPD launched give up anti-Semitic users31 initiatives to enforce national privacy laws. Their actions follow investigations led by CNIL in the name of the EU 6. Street View: UK orders Article 29 Working Party, an alliance of European DPAs, Google to delete payload on the introduction of Google’s unified Terms of Service data of UK residents, re- in March 2012. The French CNIL set up a task force of opens investigation DPAs which are willing to enforce national laws after the company failed to implement recommendations issued by On June 11, 2013 the British Information Commission- 32 the Article 29 Working Party in October 2012. Members er’s Office (ICO) ordered Google Inc., incorporated also include the UK, Germany, Italy and the Netherlands. in the US, to delete all remaining payload Street View The CNIL announced that all DPAs will have taken coer- data that Google collected from public WiFi networks cive actions against Google by July 2013. In the French in the UK jurisdiction between May 2007 and May jurisdiction22, Google was ordered to change its privacy 2010 and did not delete following a 2010 ICO deci- 33 policy within three months or face a fine of up to 150.000 sion. The enforcement notice issued by the ICO gives euros. In Spain, Google could be fined between 40.000 to Google a 35 days compliance deadline before it faces 34 300.000 euros if the company fails to solve five identified criminal proceedings. Moreover, the ICO re-opened infractions. the formal investigation into the Street View incident following a report by the US Federal Communications Read further: Commission and asked Google to “list precisely what Reuters: France, Spain take action against Google on type of personal data and sensitive personal data was privacy23 captured”. BBC: France and Spain launch probe into Google’s privacy law24 7. Austrian students Bloomberg Law: Google gets 3 months to fix privacy or file complaints against face French fines25 platforms involved in Prism for EU privacy violations 5. Twitter looses appeal in On June 26, 2013 members of the student group “eu- French jurisdiction, has to rope-v-facebook.org” have filed formal complaints35 reveal users behind racist against EU-based subsidiaries of major Internet com- posts panies involved36 in the US Prism surveillance scheme On June 12, 2013 Twitter lost the appeal26 against a January for potential violations of EU privacy laws. The stu- 37 2013 order issued by a Parisian court that obliged the US dents argue that by “exporting” European data to US based micro-blogging platform to reveal the identity of based headquarters for processing, the NSA’s access to the authors of anti-Semitic tweets in the French jurisdic- European user data might violate European “adequate tion. Moreover, the court ordered Twitter to implement a level of protection” rules. Complaints were filed in 38 mechanism for French users to easily report hate speech Germany against Yahoo , in Luxembourg against 39 40 to the platform. Tweets with the hashtag “UnBonJuif” (a Skype and Microsoft , as well as in Ireland against 41 42 good Jew) became a top-3 trending topic in the French Facebook and Apple . jurisdiction in October 2012. The five French organizations that filed the lawsuit wanted to avoid the lengthy proce- 8. British ISPs to filter dure27 of the Mutual Legal Assistance Treaty (MLAT) with pornography by default the US and demanded Twitter to directly reveal the iden- By the end of 2013, Internet users in the British juris- tity of the users in question. Twitter’s Terms of Service diction will have to temporarily opt-in if they want specify that it only reacts to US court orders. Another to access pornography on the Internet, according 43to French 50 million dollars lawsuit28 for non-compliance the government’s special advisor on preventing the with the January 2013 court order in March 2013 was still sexualization and commercialization of childhood. UK pending in June 2013. based ISPs will role out parental filtering technologies by default44 to all costumers.

34 9. Pakistan threatens Google 13. Facebook accidentally with ban over YouTube deletes political satire post in video, implements new filter Brazilian jurisdiction technology Facebook deleted temporarily53 a Brazilian satire page’s In an ongoing conflict over the “Innocence of Muslims” post. The account impersonated Brazil’s president Dilma YouTube video, Pakistan’s IT minister said45 that Google Rousseff. The post was deleted automatically by Face- could be blocked as a consequence of the refusal to book on the basis of user notifications and was only re- takedown the video in the Pakistani jurisdiction. Google’s stored after Facebook manually checked the content. On video platform is already blocked by local ISPs since June 27, 2013 Facebook explained that it only54 removes September 17, 2012. Pakistan recently installed46 the filter- political and defamatory speech after human verifica- ing technology Netsweeper, which allows more granular tions. filtering. 14. Cyberlocker wins appeal 10. New Russian draft against disproportionate copyright bill passes State Italian website blocking Duma In April 2013, an Italian court ordered the seizure of 27 On June 14, 2013 the Russian State Duma voted47 in favor websites55 for offering copyright infringing of of a new copyright law that would require website opera- the movie “A monster in Paris”. Italian ISPs consequently tors or hosting companies to remove infringing content blocked the websites. The cyberlocker Rapidgator suc- or links to the same within 72 hours48 after a lawsuit by a cessfully appealed56 the decision. The Court of Appeal ar- rightsholder is filed. In case of non-compliance, the entire gued57 that the seizure was disproportionate as the entire website would be blocked in the Russian jurisdiction until platform was blocked for one infringing movie. a court decision is taken. 15. Wiretapping and 11. Draft notice and takedown taxation: France wants directive in EU jurisdiction Skype to declare itself as According to the blog IPtegrity, the European Commission e-communications operator 49 is preparing a new directive that would regulate notice The French regulator ARCEP has informed58 the public and takedown actions in the EU jurisdiction. The direc- prosecutor of Paris on June 15, 2013 about the refusal of tive targets hosting companies, search engines and social Microsoft’s Voice-over-IP communication tool Skype to media platforms alike and could “standardise the process register as an “electronic communications operator” in for take-down requests”. Moreover, it could potentially the French jurisdiction. The status would allow French au- introduce other measures such as the blocking of content thorities to lawfully intercept communications on Skype and payment facilities. and would result in the taxation59 of its French revenues. 12. Google plans to fight 16. Taiwanese government child abuse images through backs off copyright global database amendments after public On June 15, 2013 Google announced50 plans to build a protests 51 global database of child abuse images to prevent the Plans to amend60 the exiting copyright legislation in the reappearance of known pictures through the hashing Taiwanese jurisdiction came to a halt on June 3, 2013 as technology. The database is designed to “enable compa- the proposal triggered resistance and was compared to nies, law enforcement and charities to better collaborate the 2012 US draft bill SOPA. The amendment proposed by on detecting and removing these images, and to take the Taiwan Intellectual Property Office was designed61 to action against the criminals”. UK Prime Minister Cameron authorize local ISPs to block websites operated from third 52 called upon search engines, including Google, on June 9, countries that contain copyright infringing content. 2013 to use their “technical abilities to do more to root out these disgusting images”.

35 17. Japanese chat app Lianwo 19. Chinese chat app WeChat filters politically sensitive faces ban in Indian words in Chinese jurisdiction jurisdiction The Japanese developer NHN, who created the popular Indian officials raised security concerns65 related to the chat app Line, launched a local version in the Chinese ju- Chinese app WeChat, operated by Tencent. WeChat risdiction in December 2012 under that name Lianwo. The stressed that it complies with relevant laws and regula- Chinese version contains filters62 to block words that are tions in the Indian jurisdiction. It rests unclear if the app considered to be politically sensitive. A user of the app will be blocked in India. discovered Lianwo’s blacklist63 by hacking the software and accessing the company’s servers. 20. Indian court asks Facebook and Google how 18. Mexican state adopts they guarantee the safety of broad anti-cyberbullying young Indian users legislation The Delhi High Court has asked66 Facebook Inc. and The state Nuevo Leon in Mexico amended64 an exiting Google Inc. to submit “suggestions regarding the online defamation bill to tackle cyberbullying. Under the new media sites used by the minors in India and how their law, any user who causes “harm, dishonor, discredit to a rights were protected”. The decision was triggered by person, or exposes him or her to contempt” by posting a submission by Facebook, which indicated that the content on social networks can face prison sentences of platform operates under the US Children’s Online Privacy up to three years. Civil liberties groups criticize the broad Protection Act. scope of the new defamation law.

REFERENCES

1 The Guardian (12.6.2013). 8 Associated Press 15 Numerana (25.5.2013). the French Data Protection Edward Snowden: how the spy (15.6.2013). Secret to PRISM: Hadopi was an “emergency Act, within three months. story of the age leaked out. Even bigger data seizure. legislation,” according Fleur Pellerin. 23 Reuters (20.6.2013). 2 The Atlantic (12.6.2013). 9 The Guardian (11.6.2013). Update 3-France, Spain take Prism’s legal basis : How we Boundless informant: The 16 Le Figaro (20.5.2013). action against Google on got here and what we can do NSA’s secret tool to track Hadopi: the cut end of the privacy. to get back. global surveillance data. month. 24 BBC (20.6.2013). France 3 Mashable (14.6.2013). See 10 Gigaom (28.6.2013). Are 17 NextInpact (12.6.2013). and Spain launch probe into how PRISM may work — in this you a dissident choosing Support the independence of Google’s privacy law. Infographic. between Facebook and Twit- PC INpact becoming premium. ter? Here’s why you should 25 Bloomberg (20.6.2013). 4 Global Post (18.6.2013). definitely go with Twitter. 18 Ministry of Culture and Google gets 3 months to fix PRISM: Apple, Facebook, Mi- Communication (18.6.2013). privacy or face French fines. crosoft ... Who released which 11 The Guradian (27.6.2013). Lescure Reform Report. data? Turkey heads for Twitter 26 Le Monde (12.6.2012). showdown after anti-govern- 19 ArsTechnica (3.6.2013). Racist and anti-Semitic 5 Spiegel (30.6.2013). Partner ment protests. France removes Internet cut- tweets: appeal dismissed, and Target: NSA Snoops on off threat from its anti-piracy Twitter will have to collabo- 500 Million German Data Con- 12 Bloomberg (27.6.2013). law. rate. nections. Turkish protests planned using Twitter, Negotiator says. 20 TorrentFreak (13.6.2013). 27 The Times of India 6 The Guardian (21.6.2013). France disconnects first file- (15.6.2013). Twitter urged to re- GCHQ taps fibre-optic cables 13 Reuters (26.6.2013). Turkey sharer from the Internet. veal identities of ‘racist’ users. for secret access to world’s seeks to tighten grip on Twit- communications. ter after protests. 21 The New York Times 28 BBC (13.6.2013). Twitter (3.6.2013). French appear ready told to reveal details of racist 7 The New York Times 14 BBC (27.6.2013). Turkey to soften law on media piracy. users. (6.6.2013). U.S. confirms that it seeks to tighten control over gathers online data overseas. Twitter. 22 CNIL (20.6.2013). CNIL orders Google to comply with

36 29 CNET (13.6.2013). Twitter 39 WebProNews (13.6.2013). 49 IP Integrity (13.6.2013). EU 58 The New York Times must reveal names behind Twitter loses French appeal, notice & action directive : its (13.3.2013). Is Skype a tele- anti-Semitic tweets, rules told to give up Anti-Semitic on the way. phone operator? France will French court. users. investigate. 50 Google (15.6.2013). Our 30 ZDNet (18.6.2013). Twit- 40 Europe v Facebook continued commitment to 59 The Register (12.3.2013). ter’s appeal against racist (16.6.2013). PRISM and Micro- combating child exploitation France demands Skype regis- tweets case written off. soft. online. ter as telco.

31 WebProNews (13.6.2013). 41 Europe v Facebook 51 The Telegraph (15.6.2013). 60 ZDNet (28.5.2013). Tai- Twitter Loses French Appeal, (16.6.2013). PRISM and Face- Google builds new system to wan’s Copyright Act amend- Told to Give Up Anti-Semitic book. eradicate child porn images ment proposal comes under Users. from the web. fire. 42 Europe v Facebook 32 BBC News (21.6.2013). (16.6.2013). PRISM and Apple. 52 The Independent 61 Infojustice (5.6.2013). Street View: Google given 35 (9.6.2013) ‘Lives are being put Facing public opposition, days to delete wi-fi data 43 ArsTechnica (16.6.2013). at risk’: Google must do more Taiwanese government with- ISPs to include porn filters as to rid internet of child por- draws SOPA-Like copyright 33 Information Commis- default in the UK by 2014. nography, says David Cameron. legislation. sioner’s Office (16.6.2013). . Google’s enforcement notice. 44 The Next Web (17.6.2013). 53 Technology and games 62 ZDNet (22.5.2013), Chat Less porn for you: UK ISPs will (29.5.2013). Facebook removes app LINE preparing mecha- 34 ZDNet (13.6.2012). Google enact auto-filtering of adult post profile that parodies nism for China censorship. Wi-Fi snooping probe back on content by the end of 2013. Dilma despite deletion of vital data. 63 The Next Web (21.5.2013). 45 The Times of India 54 Economy Media and Mar- Messaging app Line prepares 35 TechCrunch (26.6.2013) (10.6.2013). Pakistan threatens keting (28.6.2013). Facebook the groundwork for censoring Facebook, Apple, Microsoft, Google with ban. will remove ads from pages politically sensitive phrases in Skype & Yahoo hit with prism with ‘controversial’ content. China. data protection complaints in 46 CitizenLab (20.6.2013). Europe O Pakistan, we stand on 55 Future of Copyright 64 Global Voices Online guard for thee: an analysis of (3.6.2013). Italian court: Seizure (13.6.2013). Mexico: Local cy- 36 PCWorld (26.6.2013). canada-based Netsweeper’s of file sharing website dispro- berbullying law could threaten PRISM implicates Facebook, role in Pakistan’s censorship portionate. free expression. Yahoo and others in Europe, regime. student group charges. 56 PuntoInformatico 65 The Times of India 47 RT (14.6.2013). Internet (29.5.2013). Rapidgator, seizure (19.6.2013). WeChat: We com- 37 Europe v. Facebook sector sounds alarm over fresh cancelled. ply with all Indian regulations. (28.1.2014). “Frivolity“: High Russian anti-piracy bill. Court will hear Irish DPC on 57 TechDirt (30.5.2013). Ital- 66 Indian Express (30.6.2013). PRISM in April. 48 TorrentFreak (21.6.2013). ian court overturns seizure of Delhi High Court seeks sug- Russia’s ‘SOPA’ passed by law- cyberlocker Rapidgator. gestions from Facebook and 38 Europe v Facebook makers, site blocking begins Google to protect Indian (16.6.2013) PRISM and Yahoo. “in weeks”. children.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-june-references

37 JULY

1. Google Search does not 2. Brazil explores inclusion have to implement a right of “data sovereignty” in to be forgotten, says top EU Marco Civil, calls for court’s Advocate General new multilateral Internet In a non-binding opinion to the European Court of Justice governance agency (ECJ), Advocate General Niilo Jääskinen proposed1 not to Following the revelations7 of the extraterritorial reach acknowledge a “right to be forgotten” based on current of the US National Security Agency’s (NSA) surveillance EU legislation. The case, which is expected to be ruled programs on Brazilian citizens, voices for national data until the end of 2013, involves Google Spain, Google sovereignty become louder. Brazil’s President Dilma Inc. and the Spanish Data Protection Authority AEPD. A Rousseff announced8 the intention to ensure the storage Spanish citizen filed a complaint in 2009 to have a link of the personal data of Brazilians within its territorial to a news article about his former social security debts jurisdiction to “improve and ensure privacy”. A new data removed from Google Search. In 2010, AEPD supported sovereignty article is discussed that could be included in the request and ordered Google Spain to delete the link. the draft of the comprehensive Internet bill Marco Civil, Google appealed the decision arguing, among others, which is currently before the Brazilian Congress. More- that Google Spain is not responsible for the content, as over, the Brazilian Communications Minister Paulo Ber- it does not process personal data for Google Search. The nado proposed9 the creation of a multilateral agency for case was sent to the ECJ. The Advocate General argues2 the governance of the Internet, and the Foreign Minister that Google is subject to national data protection laws if Antonio Patriota expressed10 “deep concern” over the ac- it opens a local office and directs its activities to a given cess to data of Brazilian citizens and announced to pursue jurisdiction, however “[r]equesting search engine service United Nations actions to “preserve[...] the sovereignty providers to suppress legitimate and legal information of all countries” and to “impede abuses and protect the that has entered the would entail an inter- privacy” of online communications. ference with the freedom of expression”. The case is seen as potential test3 for the inclusion of a right to be forgot- Read further: ten in the EU data protection reform, which is currently Aljazeera: Brazil eyes Internet bill amid spying leaks11 discussed in the EU Parliament. Convergencia Digital: Marco Civil will include data sover- eignty12 (translation) Read further: Guardian: The NSA’s mass and indiscriminate spying on European Court of Justice: Advocate General’s Opinion in Brazilians13 Case C-131/12, Google Spain S.L. and Google Inc. v Agen- cia Española de Protección de Datos4 Hunton Privacy and Information Security Law Blog: EU Court of Justice Advocate-General issues opinion in Google Search case5 Guardian: Google does not have to delete sensitive infor- mation, says European court6

38 3. Europe stresses need networks, while the Russian Senate suggests the creation for stricter privacy rules, of an UN agency to monitor personal data collections and launches official NSA usages, similar to the International Atomic Energy Agency. surveillance investigations Read further: The European Commission, the EU Parliament and individ- New York Times: NSA leaks revive push in Russia to con- ual member states react to the NSA surveillance programs trol Internet24 with demands for strong privacy safeguards to protect RT: Russian senator officially demands ‘measures’ against the personal data of EU citizens in their jurisdictions. EU ‘flagrant’, ‘privacy-breaching’ Google25 Justice Commissioner Viviane Reding highlights14 the loss RIA Novosti: Google to talk to Russian senators over data of trust in transnational data flows and importance of leak probe26 clear rules and a “transatlantic framework for data pro- tection for law enforcement purposes”. Likewise, the Eu- 5. Cybertravel: Mastercard, ropean Commissioner for the Digital Agenda Neelie Kroes Visa and PayPal ban VPN stressed15 the impact on distributed . The operators in Swedish European Parliament voted16 for a formal “in-depth in- jurisdiction quiry” into US surveillance programs by the Civil Liberties Committee to assess its impact on “EU citizens’ right to For reasons of facilitated copyright infringement trough privacy and data protection, freedom of expression, the illegal file-sharing, financial intermediaries increasingly presumption of innocence and the right to an effective ban operators of Virtual Private Networks (VPN), which remedy”. The planned EU data protection reform gains allow to anonymize online traffic and evade local Internet further momentum as German Chancellor Angela Merkel restrictions through “cybertravel”. The Swedish payment 27 stresses17 the need for a “common European agreement” provider Payson stopped to accept Mastercard and Visa because of the multiple jurisdictions involved in online transactions for five anonymization services, including activities. Moreover, Merkel called18 for new international VPNs. Among the concerned customers is iPredator, a data privacy rules. VPN that was created by The Pirate Bay co-founder Peter Sunde. The VPN is also concerned by a similar payment Read further: block administered by PayPal. The online payment service, 28 The Huffington Post: Merkel urges stronger Europe, global which already banned major copyright infringing cyber- 29 data rules19 lockers, decided to stop payments and freeze existing GigaOM: European PRISM anger gains momentum with assets of the VPN operator. fresh cloud warnings and data threats20 ZDNet: PRISM: EU renews efforts to get US to recognize Read further: citizens’ right to privacy21 TorrentFreak: Mastercard and Visa start banning VPN providers?30 4. Russian Senate strives to Register: Mastercard and Visa block payments to Swedish VPN firms31 foster national sovereignty TorrentFreak: PayPal cuts off “Pirate Bay” VPN iPredator, over online services, 32 advocates creation of UN freezes assets privacy agency 6. US Surveillance: New Concerned about “user data leaks” by US-based cross-bor- revelations and lawsuits in der online platforms, the Russian senator Ruslan Gattarov, multiple jurisdictions Chair of the Federation Council’s Commission on the A new NSA surveillance program has been revealed: XKey- Information Society Development, requested the Prose- score33 is a tool that allows wide-reaching access to real- cutor General’s Office and the Federal Service for Super- time online communications such as emails or Facebook vision of Communications, Information Technology and chats of non-US citizens or US citizens communicating Communications Roskomnadzor to launch investigations with foreigners, as well as to searchable metadata without into the compliance of Google’s Terms of Services with prior authorization by the Foreign Intelligence Surveil- personal data protection provisions of the Russian juris- lance Act (FISA) court. Several lawsuits in the US, Ger- diction on July 18, 2013. Examinations22 for tax evasions many, Luxembourg, Ireland, France34 or the UK35 (including are also opened and Facebook, as well as Twitter could the GCHQ program Tempora) challenge public and private face similar probes. On July 24, 2013 Google announced actors involved in the NSA surveillance scheme for issues its willingness to cooperate with the investigations. More- ranging from violations of the right of association to the over, a deputy speaker of the ruling party United Russia infringement of privacy laws in multiple jurisdictions. proposed to create a new national “digital sovereignty”23 data storage law for operators of email services and social

39 7. European Court of Justice 11. US government orders to decide if viewing content companies to reveal user in browsers can breach passwords, say anonymous copyrights sources The UK Supreme Court has asked36 the European Court of According to a report44 by CNET News, US government Justice if Internet users can violate copyrights by view- authorities have asked US-based Internet companies ing infringing content in a web browser, according to the through legal requests to divulge password of users, as EU Directive37 on the harmonisation of certain aspects of well as entire codes, called salt. The article is copyright and related rights in the information society of based on anonymous quotes of industry sources. 2001. The case, which involves a license to view a media monitoring service in a browser, was referred to the high- 12. Major Internet companies est European court due to its “transnational dimension”. implement notice and takedown scheme for ads on 8. ICANN’s 2013 Registrar piracy websites Accreditation Agreement violates EU law, say data Adtegrity, Aol, Condé Nast, Google, Microsoft, SpotX- change, Yahoo and 24/7 Media created45 self-regulatory protection authorities best practice guidelines to stop supporting websites that The Article 29 Working Party, which consists of data pro- host copyright infringing contents through advertise- tection authorities from 27 EU member states, criticized38 ment revenues. Rightsholders can remove advertisement ICANN’s 2013 Registrar Accreditation Agreement, which on infringing websites by filing complaints, similar to the stipulates that registrars need to store Whois data about DMCA notice and takedown regime. registrants for two years following the expiration of a domain. In a letter39 sent to ICANN the data protection 13. FiNnish legislation to authorities stressed that “the proposed data retention vote on a crowd-sourced requirement violates data protection law in Europe” and copyright bill that such rules should be established by law instead of through a private contract. Taking advantage of a change in the Finnish constitu- tion, which now allows citizens to propose bills that are 9. Twitter complies with voted on by the legislature if they get 50.000 supporters court order to hand within six months, a draft law titled “The Common Sense in Copyright Act” will be put for a vote46 in the Finnish over user data in French Parliament. The bill seeks, among others, to decriminalize jurisdiction filesharing and to reduce penalties. As a consequence of a lost appeal in the French jurisdic- tion, Twitter Inc. decided to comply40 with the order of a 14. Russian proposal to block Parisian court and revealed the identity of authors of rac- websites if harmful content is ists tweets with the hashtag #unbonjuif. Twitter initially not removed within 24 hours refused to comply as its Terms of Service stipulate that it only reacts to US court orders. The Parisian court also The Chairperson of the Committee for Family, Women ordered the company to provide a hate speech notifica- and Children in the Russian State Duma, Yelena Mizulina, 47 tion tool in the French jurisdiction. Twitter is opening an proposed the obligation to remove harmful content office41 in France. from the Internet upon notice within 24 hours. In the case of non-compliance, the website hosting the content 10. French intelligence service could be blacklisted and blocked. This would amend the operates mass-surveillance September 2012 law “On the protection of children from program information harmful to their health and development”. The French intelligence agency DGSE monitors42 online 15. German intelligence service communications on services such as Facebook or Yahoo, BND monitors Frankfurt as well as emails in the French jurisdiction. Surveillance Internet Exchange Point data is stored43 for years in what seems to be the largest 48 European intelligence data center after the British one. The German intelligence service BND is monitoring Both inner French communications, as well as data flows partially the traffic that runs through the world’s largest between France and the rest of the world are intercepted, Internet Exchange Point DE-CIX, located in Frankfurt. Peak with a special focus on metadata. traffic rates can reach 2.5 terabits per second. The traffic of over 500 peering partners from 55+ countries could, in theory, also be observed.49

40 16. Yahoo allowed to release consensual distribution of intimate images, a step deemed secret 2008 NSA data requests crucial to handle some “criminal” forms of cyberbullying. The report however ruled out the need for a specific law On July 16, 2013 the US Foreign Intelligence Court (FISC) on cyberbullying. granted50 a motion filed by Yahoo on June 14, 2013 to de- classify a 2008 NSA order for user data requests in order 19. UK removed over 5.700 pieces to prove its resistance to collaborate in the Prism spying of extremist content from program. The court order allows51 the US government the Internet since 2010 to remove information that is deemed to be relevant to national security before the declassified documents are The Counter Terrorism Internet Referral Unit of the UK made public. removed55 over 5.700 “individual pieces of online terror- ist content” since February 2010. Moreover almost 1.000 17. Canadian BlackBerry illegal links to extremist content have been removed from company RIM grants India public computers in libraries and universities. lawful access to user data 20. Facebook refuses to According to leaked documents52 of the Indian Depart- comply with user data ment of Telecommunications “the lawful interception sys- request by United Nations tem for BlackBerry Services is ready for use” in the Indian jurisdiction. It remains unclear when the system will be experts activated. It will allow real time access to emails and can Experts who monitor the implementation of a UN arms intercept mobile web browsing. The cooperation excludes embargo against Somalia have notified56 the UN Security access to Blackberry’s corporate email service. Council that Facebook refused to cooperate in an inves- tigation in pirated ships. The investigators claim that the 18. Canada explores Criminal organization of hijackings and hostage taking were taking Code changes to cope with place on Facebook and asked for user data. Other private cyberbullying companies appear to cooperate with the UN experts. A report53 by the Canadian Coordinating Committee of Senior Officials Cybercrime Working Group suggests54 to introduce a new criminal offense to deal with the non-

REFERENCES

1 BBC (25.6.2013). Google not 5 Privacy and Information 9 G1 Globo (15.7.2013). Minis- 14 NeuEurope (15.7.2013). obliged to delete data, rules Security Law Blog (16.7.2013). tro diz nao ter duvida de que Reding says trust lost in spying EU lawyer. EU Court of Justice Advocate- eua espionaram-brasileiros. scandals. General issues opinion in 2 TechDirt (26.6.2013). EU Google search case. 10 The New York Times 15 European Commission Court of Justice Advocate- (7.7.2013). Brazil Voices ‘Deep (4.7.2013). Statement by Vice General: no right to be forgot- 6 The Guardian (25.6.2013). Concern’ Over Gathering of President Neelie Kroes “on the ten; Google not responsible Google does not have to Data by U.S.. consequences of living in an for what it finds. delete sensitive information, age of total information”. says European court. 11 Al Jazeera (14.11.2013). 3 CNet (25.6.2013). EU court Brazil eyes internet bill amid 16 European Parliament lawyer backs Google in ‘right 7 Policy (8.7.2013). Minister spying leaks. (8.7.2013). Parliament to launch to be forgotten’ case. says he has no doubt that U.S. in-depth inquiry into US sur- spied Brazilian. 12 Convergencia (11.7.2013). veillance programmes. 4 European Court of Justice Civil Marco does not attack (7.7.2013). Advocate-General’s 8 BNAmericas (10.7.2013). “staples” but will include data 17 The New York Times opinion in case C-131/12, NSA espionage: Brazil’s sovereignty. (16.7.2013). Merkel urges Google Spain S.L. and Google president vows to change data Europe to tighten Internet Inc. v Agencia Española de storage regulation. 13 The Guardian (7.7.2013). safeguards. Protección de Datos The NSA’s mass and indiscrimi- nate spying on Brazilians.

41 18 Deutsche Welle 28 TorrentFreak (10.7.2013). of 22 May 2001 on the har- 48 Phoenix (3.7.2013).The (16.7.2013). Berlin calls for PayPal bans major file-hosting monisation of certain aspects BND collects data on the global data protection rules. services over piracy concerns. of copyright and related rights Internet DE-CIX in Frankfurt. in the information society. 19 The Huffington Post 29 Silicon Angle (25.7.2013). 49 DataCentres (3.7.2013). (14.7.2013). Merkel urges stron- PayPal Stops Payments to 38 Domain Incite (8.7.2013). German internet exchange ger Europe, global data rules. Swedish VPN Provider iPreda- 2013 RAA is illegal, says EU points as targets for surveil- tor, Freezes Assets. privacy watchdog. lance. 20 Gigaom (4.7.2013). European PRISM anger gains 30 TorrentFreak (3.7.2013). 39 Domain Incite (6.6.2013). 50 TechRadar (16.7.2013). momentum with fresh cloud Mastercard and Visa start ban- Article 29 letter to ICANN. Yahoo scores order to declas- warnings and data threats. ning VPN providers. sify docs it claims show Prism 40 VentureBeat (29.4.2013). resistance. 21 ZDNet (15.7.2013). PRISM: 31 The Register (4.7.2013). Twitter releases personal EU renews efforts to get US Mastercard and Visa block account details of alleged 51 Jurist (16.7.2013). Secret to recognise citizens’ right to payments to Swedish VPN anti-Semites to French gov- court allows Yahoo to disclose privacy. firms. ernment. NSA data requests.

22 The Wall Street Journal 32 TorrentFreak (24.7.2013). 41 Le Point (18.7.2013). EX- 52 The Times of India (25.7.2013). Russia Probes Paypal cuts off “PirateBay” CLUSIF. Twitter se renforce en (10.7.2013). Government, Black- Google; Facebook, Twitter Are VPN Ipredator, freezes assets. France. Berry dispute ends. Next. 33 The Guardian (31.7.2013). 42 Le Monde (4.7.2013). In 53 Department of Canada 23 The Nation (16.7.2013). XKeyscore: NSA tool collects English : Revelations on the (1.7.2013). Cyberbullying and Moscow’s Reaction to ‘nearly everything a user does French Big Brother. the non-consensual distribu- Snowden Revelations: relocate on the internet’. tion of intimate images. servers to Russia. 43 The Guardian (4.7.2013). 34 The Guardian (11.7.2013). France ‘runs vast electronic 54 Brampton Guardian 24 New York Times NSA surveillance: French hu- spying operation using NSA- (23.7.2013). Cyberbullying (14.7.2013). NSA leaks revive man rights groups seek judicial style methods’. report calls for Criminal Code push in Russia to Internet investigation. changes. control. 44 CNet (25.7.2013). Feds tell 35 The Guardian (8.7.2013). Web firms to turn over user 55 Sky (16.6.2014). Violent 25 RT (16.7.2013). Russian NSA and GCHQ spy pro- account passwords. Extremist Content ‘Still Rife’ senator officially demands grammes face legal challenge. On Web ‘measures’ against ‘flagrant’, 45 TorrentFreak (15.7.2013). ‘privacy-breaching’ Google. 36 The Supreme Court Tech giants sign deal to ban 56 France24 (19.7.2013). UN (22.5.2013). European Court advertising on “pirate” web- experts slam Facebook Soma- 26 RIANovosti (24.7.2013). of Justice to decide if view- sites. lia sanctions silence. Google to Talk to Russian Sen- ing content in browsers can ators Over Data Leak Probe breach copyrights. 46 TorrentFreak (22.7.2013). Finland writes history with 27 Silicon Angle (8.7.2014). 37 European Parlia- crowdsourced copyright law. Fight Against Anonymization ment (22.5.2001). Directive Services, MasterCard and 2001/29/EC of the European 47 Wired (30.7.2013). Russia Visa Block Payment to VPN Parliament and of the Council out-censors Cameron by try- Providers. ing to ban online swearing.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-july-references

42 AUGUST

1. French prosecutor opens This includes both domestic and cross-border traffic rout- preliminary probe into US ed through networks on US soil. The surveillance system is carried out in conjunction with US telecommunication Prism scheme companies. Sources told the Washington Post that the Following a complaint1 submitted by the French NGOs program potentially intercepts communications between International Federation for Human Rights and French Hu- US citizens as well. An officially released US Foreign Intel- man Rights League in July 2013, the Parisian prosecutor’s ligence Court ruling, published on August 21, 2013, reveals office ordered2 French law enforcement to investigate if that in 2011 the NSA collected also domestic emails. the US National Security Agency’s (NSA) Prism surveil- lance scheme violated laws in the French jurisdiction by Read further: intercepting communications on its territory. In detail, the Washington Post: New details show broader NSA surveil- probe focuses on “fraudulent access and maintenance of lance reach10 and automated data processing system,” the “illicit col- Guardian: NSA illegally collected thousands of emails lection of data of a personal nature,” “attacks on privacy,” before Fisa court halted program11 and “violations of the secrecy of correspondence”. Since PCMag: The tech behind the NSA’s XKeyscore12 the complaint is filed “against X” it targets both the role of the US companies Google, Microsoft, Apple, Yahoo, 3. German Supreme Court: Paltalk, YouTube, AOL and Skype, as well as the one of Filehoster RapidShare needs the US intelligence agencies NSA and FBI. The preliminary to monitor incoming links investigation could be transformed3 into a formal one, if sufficient evidence can be gathered. On August 16, 2013, the German Supreme Court con- firmed13 a previous March 2012 ruling by the Higher Read further: Regional Court of Hamburg, which obliges the Swiss file Reuters: French prosecutor investigates U.S. Prism spying hosting service RapidShare to monitor external web- scheme4 sites for incoming links to potential copyright infringing The Local: France ‘opens probe’ into US spy program Prism5 materials uploaded by its users. It was reconfirmed that ZDNet: France investigates role of Internet companies in RapidShare does not have the obligation to preemp- Prism6 tively monitor user uploads. However, the court affirmed that RapidShare needs to make infringing files that were 2. XKeyscore, US emails and detected via third party sites inaccessible. In case the traffic interception: new measures are not efficient enough to curb piracy on its revelations about the NSA’s service, the court furthermore noted that Rapidshare Internet surveillance could limit anonymous uploads. The existence of the big data and data analytics NSA Read further: software XKeyscore7 was revealed that allows agents to TorrentFreak: Supreme Court orders RapidShare to police access, without prior court authorization, in real time vast the Internet14 amounts of information on online interactions of targets. Music Week: GEMA hails “landmark” court ruling against In an official release, the NSA claims8 that it only “touch- RapidShare in Germany15 es” 1.6 percent of the 1.826 petabytes of data the circulate TechWeek Europe: RapidShare is legal, but must check daily on the global Internet. The Washington Post reports9 incoming links16 that the NSA can intercept 75 percent of all US traffic.

43 4. Twitter to be sued over 6. Browser tracking: Google anti-gay hashtag in French argues British privacy case jurisdiction should be filed in Californian On August 10-11, 2013, the anti-gay hashtags #LesGaysDoi- jurisdiction ventDispaîratreCar (“gays must die because”) and #Bru- A group of over 100 British users of Apple’s browser Safari lonsLesGaysSurDu (“let’s burn gays on”) were a trending filed a lawsuit30 against Google’s search engine to claim topic17 on Twitter in the French jurisdiction. The French damages for privacy violations under British law. The con- branch of the gay rights advocacy group IDAHO filed a sumers argue that Google bypassed privacy settings of Sa- lawsuit against Twitter arguing18 that “these illicit tweets fari and installed tracking cookies without their consent. on Twitter’s site characterize the offense of public incite- In September 2012, the illicit tracking resulted in a 22.5 ment to discrimination, to hatred or national, racial or million US dollar penalty payment to settle charges31 by religious violence”. Furthermore, the group claims that the US Federal Trade Commission. According to reports, Twitter failed to react appropriately to alters and allowed Google argues in a submission to the UK High Court that the development of a “homophobic atmosphere” on its it has no jurisdiction32 over the case, since Google’s search platform. The French ministers for women’s rights and services for British consumers are provided by Google Inc. digital economy condemned19 the incitement to discrimi- incorporated in California. nation, which is against French law. 7. Twitter introduces report Read further: abuse button, publishes new France 24: Complaint filed over anti-gay posts on French transparency report Twitter20 RudeBaguette: Twitter in hot water again in France – this Following headline news about the viral spread of hate time, for Homophobic Hashtags21 speech on its microblogging platform, as seen in the IB Times: Twitter removes ‘let’s burn gays’ hashtag follow- French33 and British34 jurisdictions, Twitter has introduced ing complaint22 a report button to flag abusive content.35 The new feature was rolled out throughout August 2013 and is supple- 5. Facebook releases first mented by an enlargement of Twitter’s review team. Ac- transparency report cording to a new transparency report36 covering the first six months of 2013, Twitter received 1.157 requests from 71 23 On August 27, 2013, Facebook released for the first time governments. a transparency report titled “Global Requests Report“24. Between the first six months of 2013, the social network 8. Delhi High Court: Facebook received around 26.000 requests on 38.000 users (or ac- Inc and Google Inc are counts) from 74 countries. The requests issued in the US jurisdiction cover over 50 percent of all concerned users bound by rules of Indian or accounts. It rests unclear25 to what extent the number jurisdiction of US requests includes demands under section 702 of the On August 24, 2013, the Delhi High Court asked Facebook FISA Amendments Act for data of non-US citizens, as well Inc and Google Inc, both incorporated in the US jurisdic- as the percentage of requests going back to demands by tion, to indicate their grievance officers to respond to third countries through Mutual Legal Assistance Treaties. Indian requests. The court gave the two platforms, as well The US issued26 11.000-12.000 requests (79% compliance), as other intermediaries a two weeks deadline to comply followed by 3.254 requests from India (50% compliance), with this requirement stipulated by the Indian Informa- 1.975 requests from the UK (68% compliance) and 1.886 tion Technology Rules: “Just because you are a foreign requests from Germany (37% compliance). company, you cannot flout the law. Like us, you are bound by the rule of law of this country”, the court said37. Read further: GigaOM: Facebook publishes first Transparency Report: 9. Disclosure of FISA court exceeds Google with 11,000 US government requests27 requests: Microsoft and Washington Post: Facebook report: 74 countries sought data on 38,000 users28 Google plan to sue the US The Guardian: Facebook reveals governments asked for government data on 38,000 users in 201329 Microsoft and Google announced38 plans on August 30, 2013 to collaboratively file a lawsuit39 against the US gov- ernment to disclose requests for user data they received from the Foreign Intelligence Surveillance Court. The two companies try40 since June 2013 to publish ”aggregate information” related to the quantity of received FISA

44 requests with the authorization of the Department of Jus- 14. Payment intermediary tice. The US Director of National Intelligence published on August, 29 2013 a Tumblr post 41 to announce the an- Paysafecard bans VPN nual publication of official transparency reports.42 providers The payment intermediary Paysafecard, which is based on 10. National email services: prepaid coupons, announced that it stopped to work with German ISPs introduce VPN providers. According to the specialized news outlet domestic servers and routing Torrentfreak51, it is the “first payment method to confirm a VPN ban”. In response to the wide reaching surveillance capacities of the US NSA’s Prism program, the German ISPs Deutsche 15. Delhi High Court asks Telekom and United Internet launched43 a “E-Mail made in Germany” service. It will automatically encrypt emails Google, Facebook about via SSL, channel the traffic between the email services of procedures to handle the two ISPs through domestic cables and store data on requests and child German territory. German Justice minister Leutheusser- protection 44 Schnarrenberger said Germans are increasingly switching On August 2, 2013, the Delhi High Court questioned the52 to national services after the NSA revelations. platforms Google and Facebook how they deal with complaints requests. The court reacts to a public interest 11. Vietnam orders foreign litigation that seeks to examine the mechanisms of the websites to have local two platforms to protect children from online abuses. Un- servers, might ban free der Indian law, children below 18 are not allowed to enter communication services into a contract to open accounts on social networks. A new decree45 in the Vietnamese jurisdiction will require foreign websites to establish local servers. Moreover, the 16. US Sponsored Stories law stipulates that or social networking sites should Facebook settlement triggers only be used to “to provide and exchange personal in- Terms of Service changes for formation” and forbids the publication of online content global users that harms national security or opposes the government. Following a class action53 that was filed in the US jurisdic- 46 The government also announced the introduction of tion in April 2011 on privacy violations through Facebook’s new policies to deal with free Internet based communica- Sponsored Stories advertisement program, the US District tion platforms, which curb revenues of traditional ISPs. Court for the Northern District of California approved54 This might result in a potential ban of chat apps like Viber a settlement on August 26, 2013. Facebook will pay 15 US or WhatsApp in its jurisdiction. dollar to each of the 150 million members of the class ac- tion and is required to change its global Terms of Service 12. Viral spread: Indian provisions to educate consumers better. Proposals for court reconfirms 36 hours changes to its Statement of Rights and Responsibilities takedown requirement and Data Use Policies were published55 on August 29, 2013. On August 26, 2013 the Indian Supreme Court ruled47 that the requirement to take down objectionable content in 17. Citing Safe Harbor regime, the Indian jurisdiction within 36 hours after reception of Irish DPA decides not to complaints does not violate free expression rights. The investigate Apple, Facebook website mouthshut.com that hosts user-generated con- over Prism tent tried to challenge this obligation of the Information The Irish Office of the Data Protection Commissioner an- Technology Rules for intermediaries. nounced56 that it will not open a probe the headquarters

of Apple and Facebook, located in its jurisdiction, over 13. US court rules that the the sharing of personal data of EU citizens with the US circumvention of IP blocks NSA as part of the Prism surveillance scheme. The Austri- on public sites violates US law an student group europe-v-facebook filed two complaints A US judge ruled48 on August 15, 2013 that the changing for violation of EU and Irish data protection law in Ireland 57 of IP addresses or use of proxy servers to access publicly on June 23, 2013. The Irish DPA argued that since the two accessible websites violates49 the US Computer Fraud companies are part of the US-EU Safe Harbor regime “and and Abuse Act (CFAA) and constitutes an access without as this provides for US law enforcement access, there is authorization. The company 3tabs has been bypassing IP nothing to investigate”. blocks of Craiglist to hide its identity and scrap data from the platform. The case is similar50 to the one of .

45 18. India to foster data in September 2012 due to the “Innocence of Muslims” video. As a prerequisite, the government implements a sovereignty after Prism new URL filter mechanism administered by Pakistan Tele- revelations communications Authority to selectively block60 URLs The Indian Communications and Telecommunications to avoid the blocking of entire platforms due to granular Minister Kapil Sibal qualified58 the violation of Indian content. privacy laws by the US NSA Prism scheme as “unaccept- able” and announced that the “[g]overnment is promoting 20. Proceedings against 13 Indian players in the IT field to develop and offer internet US-based websites for public services by having their servers located in India, in order order distortions in Indian to protect the interests and secrecy of communication of jurisdiction on hold India citizens”. On August 12, 2013 a Delhi court stayed61 the proceedings 19. Pakistan might unblock against 13 websites including Facebook, Orkut, YoutTube, YouTube in its jurisdiction, Google, Microsoft and Yahoo for public order distor- tions, since US authorities did not “execute” an Indian tests URL blocking mechanism assistance demand to serve the summons in the US juris- The Pakistani Minister for Information Technology Anusha diction. The court will nevertheless proceed with the pre- Rehman Khan announced59 plans to re-open YouTube in charge evidence recording on September 28, 2013. Pakistan’s jurisdiction, after the platform was blocked

REFERENCES

1 Scribd (8.8.2013). Plainte- 9 CNet (21.8.2013). NSA said 16 TechWeek Europe 23 Mashable (27.8.2013). prism Finale. to have broader Net reach (20.3.2012). Rapidshare is legal Facebook releases first trans- than previously thought. but must check incoming links. parency report. 2 BFMTV (28.8.2013). Prism: Paris opens investigation into 10 The Wall Street Journal 17 The Huffington Post 24 Facebook (28.8.2013). U.S. spying program. (20.8.2013). New details show (13.8.2013). French Anti-Gay Global governments requests broader NSA surveillance Hashtag Sparks Lawsuit report. 3 PCWorld (29.8.2013). French reach. Against Twitter In France. prosecutor starts preliminary 25 Salon (28.8.2013). Over inquiry into Prism privacy 11 The Guardian (21.8.2013). 18 The Local (28.8.2013). half requests for Facebook violations. NSA illegally collected thou- France investigates ‘#gays must user data came from U.S. sands of emails before Fisa die’ tweets. government. 4 Reuters (28.8.2103). French court halted program prosecutor investigates U.S. 19 French Ministry for 26 PCMag (27.8.2013). Face- Prism spying scheme. 12 PCWorld (2.8.2013). The Women Rights (12.8.2013). Na- book report highlights govern- Tech Behind the NSA’s XKey- jat Vallaud-Belkacem et Fleur ment data requests. 5 The Local (28.8.2013). score. Pellerin condamnent ferme- France ‘opens probe’ into US ment les propos homophobes 27 Gigaom (27.8.2013). Face- spy program PRISM. 13 Heise (16.8.2013). Rapid- émis sur Twitter. book publishes first Transpar- share: BGH confirmed inspec- ency Report: exceeds Google 6 ZDNet (29.8.2013). France tion duties for Sharehoster. 20 France24 (14.8.2013). with 11,000 US government investigates role of internet Complaint filed over anti-gay requests. companies in PRISM. 14 TorrentFreak (19.8.2013). posts on French Twitter. Supreme court orders Rapid- 28 The Washington Post 7 The Guardian (31.7.2013). share to police the internet. 21 Rude Baguette (13.8.2013). (28.8.2013). Facebook report: XKeyscore: NSA tool collects Twitter in hot water again in 74 countries sought data on ‘nearly everything a user does 15 MusicWeek (19.8.2013). France – this time, for Homo- 38,000 users. on the internet’. GEMA hails ‘landmark’ court phobic Hashtags. ruling against RapidShare in 29 The Guardian (28.8.2013). 8 CNet (12.8.2013). NSA Germany. 22 International Business Facebook reveals governments claims it ‘touches’ only 1.6 per- Times (14.8.2013). Twitter Re- asked for data on 38,000 users cent of Internet traffic. moves ‘Let’s burn gays’ hashtag in 2013. following complaint.

46 30 The Guardian (19.8.2013). 38 CNet (31.8.2013). Micro- 46 Times of India (21.8.2012). 54 Hunton Privacy Blog Google trying to evade UK pri- soft, Google to sue over FISA State media providers. (29.8.2013). Court Approves vacy laws, campaigners claim. gag order. 20 Million Dollar Facebook 47 Times of India (16.8.2013). Settlement. 31 US Federal Trade Com- 39 Microsoft TechNet Supreme Court refuses to stay mission (9.8.2012). Google Will (30.8.2013). Standing together rule on removing objection- 55 TechCrunch (29.8.2013). Pay $22.5 Million to Settle for greater transparency. able post within 36 hours. Facebook updates its policy FTC Charges it Misrepresented documents regarding how it Privacy Assurances to Users 40 ArsTechnica (30.8.2013). 48 Volokh (8.8.2013). Order uses and shares your data. of Apple’s Safari Internet US won’t let Microsoft, denying renewed motion to Browser. Google reveal more data on dismiss. 56 Europe v. Facebook FISA orders. (23.7.2013). Response. 32 Telegraph (18.8.2013). 49 ArsTechnica (19.8.2013). Google argues UK privacy laws 41 IC on the Record Changing IP address to access 57 Bloomberg (5.8.2013). do not apply to it. (29.8.2013). DNI clapper public website ruled violation Ireland DPA will not probe directs annual release of of US law. Facebook, Apple over PRISM 33 TechPresident (22.7.2013). information related to orders since both in safe harbor plan. Obeying French Courts, Twit- issued under national security 50 Volokh (18.8.2013). ter Hands Over Identities of authorities. District court holds that 58 The Times of India Users Who Employed Anti- intentionally circumventing IP (23.8.2013). Sibal: Electronic Semitic Hashtag. 42 CNet (30.8.2013). US address ban Is “Access without surveillance of Indians unac- intelligence chief promises Authorisation” under the ceptable. 34 CNet (3.8.2013). Twitter transparency reports. CFAA. updates its rules for users 59 The Times of India after uproar over rape, bomb 43 ZDNet (12.8.2013). 51 TorrentFreak (25.8.2013). (23.8.2013). Pak govt gives threats. Deutsche Telekom and United Paysafecard begins banning deadlines to PTA on YouTube. Internet launch ‘made in VPN providers. 35 CNet (28.8.2013). Twitter Germany’ email in response to 60 ZDNet (26.8.2013). Paki- ‘report abuse’ button now live PRISM. 52 The Times of India stan reportedly testing URL on all platforms. (2.8.2013). Google, Facebook filters, may lift YouTube ban. 44 EUObserver (29.8.2013). questioned by Delhi HC. 36 Twitter Report Germans switch to national 61 The Times of India (30.6.2013). Information email providers after US 53 Wired (5.8.2013). US Spon- (12.8.2013). Delhi court stays requests. scandal. sored Stories Facebook settle- proceedings against Google, ment triggers Terms of Service Facebook. 37 The Times of India 45 BBC (1.9.2013). Vietnam changes for global users. (24.8.2013). Delhi High Court internet restrictions come asks Facebook and Google to into effect. respond to Indian requests.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-august-references

47 SEPTEMBER

1. Right to be forgotten for 2. Cross-border traffic: NSA minors signed in Californian can intercept encrypted jurisdiction information flows On September 23, 2013 the Governor of the US State of New revelations of the Edward Snowden leaks published California approved a new bill1 which would give minors on September 5, 2013 showed that the US intelligence under the age of 18 the right to have personally posted service NSA has the capacities7 to either circumvent or content deleted2 from platforms and services they are crack global encryption standards. To do so, a variety of using. The bill, known as “online eraser law”, is part of the different means are deployed. The NSA gained backdoor comprehensive Privacy Rights for California Minors in access to Internet companies and their master encryption the Digital Age3 which sets new standards for teenagers’ keys, introduced backdoors and so-called “trapdoors” into privacy and complements the existing Children’s Online encryption software and developed computer programs Privacy Protection Rule which only applies to children to crack conventional encryption standards. The NSA’s under the age of 13. The new law will become effective British counterpart GCHQ worked actively on the decryp- on January 1, 2015 and apply to operators of Internet tion of secured traffic of Hotmail, Facebook, Google and websites, online services, online applications or mobile Yahoo. These capacities allow the US and UK to intercept applications located on Californian territory, if they are encrypted information flows, including cross-border traf- directed to minors. It rests unclear how this criteria will fic from foreign jurisdictions. be determined and to what extent major cross-border on- line platforms incorporated in California will be obliged Read further: to comply with the new law. New York Times: NSA able to foil basic safeguards of privacy on web8 Read further: Guardian: Revealed: how US and UK spy agencies defeat Washington Post: Author of California online eraser law: internet privacy and security9 It’s not always easy to find the delete button4 MIT Technology Review: NSA leak leaves crypto-math ArsTechnica: Soon, California kids will have the right to intact but highlights known workarounds10 delete things they said online5 Wired: California paves way on privacy in digital age6

48 3. Brazil plans local data 5. Facebook “likes” declared storage law for cross- protected free speech in US border online platforms jurisdiction Brazil’s President Dilma Rouseff asked the Congress On September 19, 2013, the 4th US Circuit Court of Ap- member Alessandro Molon, author of the Marco Civil peals in Virginia ruled20 that “likes” on the social network bill that is pending in the Brazilian legislature, to include Facebook are protected by the free speech provisions of a new paragraph that would oblige11 cross-border online the US Constitution’s First Amendment. The judge argued platforms like Google, Facebook or Microsoft to store that “liking” something is the “Internet equivalent of data of Brazilians on Brazilian territory. The new data displaying a political sign in one’s front yard, which the sovereignty initiative is a direct reaction to revelations Supreme Court has held is substantive speech”. A previous that the US NSA spied on the Brazilian head of state and ruling by a lower court in April 2012 came to the con- would complement12 other announced measures like the clusion that Facebook likes do not merit constitutional construction of new submarine cables to route traffic protections. The case involved a former sheriff, who was around US territory or the creation of new Internet Ex- fired after he liked the Facebook page of a candidate for change Points in Brazil. If the provisions were included in the post of the city sheriff – who was a direct competitor the Marco Civil and enacted by the Congress, the new law of his own superior. would guarantee that the data of Brazilians is exclusively governed by laws of the Brazilian jurisdiction. President Read further: Rouseff requested on September 11, 2013 that the bill is CNN: U.S. court says ‘liking’ something on Facebook is passed within 45 days by the Brazilian Congress. free speech21 Reuters: Facebook ‘like’ deserves free speech protection: Read further: U.S. court22 Reuters: Brazil’s Rousseff targets internet companies after Washington Post: Facebook ‘liking’ is protected free NSA spying13 speech, federal court says23 Guardian: Brazil’s controversial plan to extricate the inter- net from US control14 6. Yahoo publishes first The Verge: Cutting the cord: Brazil’s bold plan to combat transparency report on user the NSA15 data requests 4. Max Mosley files lawsuits On September 6, 2013, Yahoo published24 its first transpar- against Google in Germany ency report25 on requests for user data it received from the 17 jurisdictions in which the company has a legal and France to block incorporation. The report does not include requests for defamatory pictures Tumblr data. During the first half of 2013, Yahoo received In 2008, the ex-Formula One President Max Mosley 29.470 requests for the data of 62.775 accounts from participated in an S&M orgy. As the British newspaper these 17 countries. News of the World published the story, pictures and videos went viral on the Internet. On September 4, 2013, 7. Gmail keyword scanning Max Mosley filed a lawsuit16 in the French jurisdiction to might violate US wiretapping request Google to remove from its search engine all refer- laws ences to the reputation damaging pictures and videos. A 26 similar lawsuit was also filed in a Hamburg court in the A US District Judge decided on September 26, 2013 that German jurisdiction. The plaintiff wants Google to deploy the automatic keyword scanning of emails handled by an automated filter to prevent the appearance of the Google’s Gmail service might violate wiretapping provi- 27 footage in question. The French court is expected to pro- sions under US and Californian law. The US court denied nounce a decision on October 21, 2013. According to his Google’s motion to dismiss a federal class-action against lawyers, the two lawsuits are test cases and similar suits the machine scanning to deliver targeted advertising, could be filed in other jurisdiction, including in California, which is part of Gmail’s business model. Gmail has 450 where Google Inc is incorporated. million users around the world.

Read further: The Drum: Max Mosley takes European privacy battle against Google to courts in Paris and Germany17 Bloomberg: Google says Mosley suit over sex-part search defies free speech18 CNET: Google slapped with lawsuit over man’s salacious images19

49 8. Blacklist: New non- 12. Facebook briefly on compliance fines for blocking blacklist in Russian intermediaries and users in jurisdiction Russian jurisdiction On September 19, 2013, the Russian Federal Service A committee of the Russian Duma approved28 on Septem- for Supervision in the Sphere of Telecom, Information ber 3, 2013 a new bill against online piracy that introduces Technologies and Mass Communications put Facebook’s pecuniary measures against intermediaries like ISPs or website on the national ISP blacklist.35 The site had 72 search engines, hosting companies and Internet users hours to remove illegal content that was flagged by ten if they fail to comply with orders to block designated complaints. The platform complied36 with the request on websites. Fines of up to one million rubles (ca. 30.000 US the same day. dollar) can be issued. 13. Google’s lack of anti- 9. Privacy groups ask US FTC to piracy measures condemned prevent Facebook’s Sponsored in British jurisdiction Stories Terms of Service A report37 on the UK’s creative industry was published on changes September 26, 2013 by the British House of Commons Six NGOs have sent a letter29 to the US Federal Trade Culture, Media and Sport Committee. The document 38 Commission (FTC) on September 4, 2013 to ask30 for ac- “strongly condemns” Google’s failure to remove links tions to prevent Facebook’s planned update of its State- to copyright infringing websites from its search engine. It 39 ment of Rights and Responsibilities, as well as its Data Use notes Google’s engagement to block child abuse images Policy. The update would allow allow Facebook to show and demands a similar cooperation to curb online piracy. users’ images and content for advertisement purposes, for example in Sponsored Stories, without their explicit 14. NSA requests: Facebook, consent, they claim. Google, Microsoft and Yahoo file motions in FISA 10. Revised OECD privacy court guidelines for cross-border Facebook, Google, Microsoft and Yahoo have filed on data flows published September 9, 2013 new or amended motions40 in the The Organization of Economic Cooperation and Develop- secrete Foreign Intelligence Surveillance (FISA) court. ment (OECD) published on September 9, 2013 an updated They seek for the permission41 to publish aggregated data version of the Guidelines Governing the Protection of Pri- on the number of FISA requests that the four US-based vacy and Transborder Flows of Personal Data31. This is the platforms received from the FISA court. On September 13, first update of the 1980 framework, which was the first 2013, the FISA court announced the disclosure42 of some internationally agreed upon32 set of privacy principles. secret legal opinions. The OECD stresses the need for more interoperability33 between the patchwork of national privacy regimes. 15. Only French Hadopi Internet cut-off order will 11. Resolution on US and not be executed British Internet surveillance On July 3, 2013 a court in Montreuil ordered the first full published by DPAs in German sanction by the Hadopi three strikes anti-piracy system jurisdiction in place in the French jurisdiction: A 46 year old man was A joint resolution by DPAs of all 16 German states and the supposed to be cut off the Internet for 15 days. A few Federal Commissioner for Data Protection and Freedom weeks later, the French Minister for Culture published a of Information addresses the impact and extraterritorial decree to abolish the cut-off sanction. It now became extension of sovereignty by the US surveillance schemes clear that the first and only final sanction ordered in July 43 PRISM and XKeyscore, as well as the British Tempora 2013 will never be executed. program. In detail, they ask34 to what extent German authorities collaborated or made use of intelligence data and demand an array of actions to ensure the privacy of German citizens.

50 16. France proposes EU-wide explores the possibility to leverage payment intermediar- personal data export tax ies subject to UK law. Websites could be deprived from money if they fail to stop children’s access47 to pornog- France proposed44 to the EU to prepare a report on the raphy: “Government sources have made it clear that feasibility of introducing an export tax for personal ministers would be prepared to consider legislation, if data that leaves European borders. The tax for Internet necessary.” companies would “ensure that profits they generate in the European market are subject to taxation and the revenues 19. New anti-piracy law in shared among the member states”. Spanish jurisdiction targets linking sites 17. Germany submits Internet privacy initiative to UN Human On September 20, 2013, Spain approved48 an amendment to the penal code that foresees prison sentences of up to Rights Council six years for operators of websites that provide links to At the 24th session of the UN Human Rights Council, Ger- copyright protect material on third-party sites and make many stressed45, on behalf of Austria Hungary, Lichten- direct or indirect profit from this activity. stein, Norway and Switzerland, the need for the Council to address privacy on the Internet. Brazil equally empha- 20. Facebook and Twitter sized the need for the Council to act after the Snowden unblocked for one day in revelations of NSA online surveillance. Germany submit- Iranian jurisdiction ted a corresponding initiative46 to the Council. On September 17, 2013, Iranian authorities blocked49 ac- 18. UK plans to leverage cess to the platforms Facebook and Twitter, after they payment intermediaries to were briefly accessible on the day before. It rests unclear whether the ISP block suspension was a deliberate action stop children’s access to porn or a technical glitch. In order to prevent children from viewing pornography on the Internet in the British jurisdiction, the UK government

REFERENCES

1 California Legislative 6 Wired (4.10.2013). Califor- 11 Bloomberg (17.9.2013). Bra- 16 Gigaom (5.9.2013). Fight Information (23.9.2013). SB-568 nia paves way on privacy in zil May Require Google, Face- over sex video shows why Privacy: Internet: minors. digital age. book to Store Data Locally. “right to be forgotten” laws are a bad idea. 2 Infosecurity (24.9.2013). 7 The Economist (12.9.2013). 12 Al Jazeera (17.9.2013). California enacts poor man’s Cracked credibility. Brazil plans online indepen- 17 The Drum (10.9.2013). Max right to be forgotten. dence, and calls off president’s Mosley takes European pri- 8 The Guardian (6.9.2013). US trip. vacy battle against Google to 3 Lexology (20.9.2013). Revealed: how US and UK courts in Paris and Germany. California establishes digital spy agencies defeat internet 13 Reuters (12.9.2013). privacy rights law for minors. privacy and security. Brazil’s Rousseff targets 18 Bloomberg (4.9.2013). internet companies after NSA Google says mosley suit over 4 Washington Post 9 TechnologyReview spying. sex-party search defies free (25.9.2013). Author of Califor- (9.9.2013). NSA leak leaves speech. nia online eraser law: It’s not crypto-math intact but high- 14 The Guardian (20.9.2013). always easy to find the delete lights known workarounds. Brazil’s controversial plan to 19 CNet (5.9.2013). Google button. extricate the internet from US slapped with lawsuit over 10 TechnologyReview control. man’s salacious images. 5 ArsTechnica (24.9.2013). (9.9.2013). NSA leak leaves Soon, California kids will have crypto-math intact but high- 15 The Verge (25.9.2013). Cut- 20 Gizmodo (18.3.2013). the right to delete things they lights known workarounds. ting the cord: Brazil’s bold plan Facebook likes are officially said online. to combat the NSA. free speech, says US Appeals Court.

51 21 CNN (19.9.2013). U.S. court 29 The New York Times 36 TechWeek Europe 43 NextInPact (5.9.2013). says ‘liking’ something on (4.9.2013). Privacy groups let- (20.9.2013). Facebook briefly Hadopi : la peine de 15 jours Facebook is free speech. ter. appears on Russia’s internet de suspension à Internet ne blacklist. sera pas appliquée. 22 Reuters (18.9.2013). 30 Los Angeles Times Facebook ‘like’ deserves free (4.9.2013). Facebook under fire 37 UK Parliament (26.9.2013). 44 The Local (21.9.2013). speech protection: U.S. court. from privacy watchdogs over Supporting the creative France moots taxing data ‘Sponsored Stories’ ads. economy report published. taken out of EU. 23 The Washinton Post (18.9.2013). Facebook ‘liking’ is 31 OECD (9.9.2013). Guide- 38 Future of Copyright 45 Access (16.2013). UN Hu- protected free speech, federal lines governing the Protection (27.9.2013). Report on support- man Rights Council discusses court says. of Privacy and Transborder ing the UK’s creative industry surveillance and other inter- Flows of Personal Data (2013). calls for Google to increase net issues at 24th session. 24 Gigaom (6.9.2013). Yahoo’s its efforts in fighting online first Transparency Report: 32 OECD (9.9.2013). The 2013 piracy. 46 The Permanent Mission more gov’t requests than OECD privacy guidelines. of Germany to the United Google or Facebook. 39 TorrentFreak (26.9.2013). Nations, New York. (28.9.2013). 33 Privacy and Information Google “condemned” by UK General debate of the 68th 25 Yahoo (6.9.2013). Trans- Security Law Blog (16.9.2013). politian’s for linking to piracy. General Assembly: Speech by parency Report Overview. OECD Issues Updated Privacy Foreign Minister Westerwelle. Guidelines. 40 ZDNet (9.9.2013). Micro- 26 Wired (9.9.2013).Google soft, Google, Facebook and 47 The Guardian (20.9.2013). Gmail order. 34 Hunton Privacy Blog Yahoo! file motions in FISA Plan to block payments to (10.9.2013). German DPAs pass Court. websites that allow children 27 Wired (26.9.2013). resolution on PRISM, Tempora to view pornography. Google’s Gmail keyword scan- and XKeyscore. 41 Slate (10.9.2013). Tech ning might violate wiretap law, Giants Unite in Court Fight 48 Reuter (20.9.2013). Spain judge finds. 35 TorrentFreak (20.9.2013). Against Government Surveil- readies hefty jail terms over Facebook added to Russian lance Secrecy. internet piracy. 28 TorrentFreak (4.9.2013). website blocklist, joins 30,000 Russia to punish ISPs, search unofficial others. 42 ArsTechnica (13.9.2013). 49 The New York Times engines & users over content FISA intelligence court will (17.9.2013). Iran bars social blocking. reveal some of its secret legal media again after a day. opinions.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-september-references

52 OCTOBER

1. Data Sovereignty: 2. European Court of Marco Civil to introduce Human Rights holds website local data storage provision accountable for defamatory, in Brazilian jurisdiction anonymous comments A new provision introduced into the draft of the Marco On October 10, 2013, the European Court of Human Civil bill after the revelations of USA NSA surveillance Rights (ECHR) ruled6 on the balance between freedom in the Brazilian jurisdiction might stipulate data sover- of expression, as stipulated in Article 10 of the European eignty requirements for cross-border online platforms Convention on Human Rights7, and intermediary liability used by Brazilian citizens. In detail, the draft law of the for hateful or defamatory comments. In January 2006, comprehensive bill of Internet rights proposes1 that “the the Estonian news portal defli.ee published a story about government can oblige Internet service companies [...] a ferry company, which was in itself not defamatory, to install and use centers for the storage, management but attracted 185 comments, of which 20 were insult- and dissemination of data within the national territory.” ing or threatening. The portal immediately responded The determination of applicability of the data localiza- to the takedown requests by the company in question, tion will be made by the Brazilian government for each but refused to pay damages in accordance with the EU E- company individually, “taking into consideration their Commerce Directive8 and its provisions for intermediary size, their revenues in Brazil and the breadth of services liability exemptions if a notice and takedown system is in they offer the Brazilian public”. Those local server stor- place. Ultimately, the Supreme Court of Estonia held Defi age requirements aim at increasing the protection against liable for anonymous defamatory comments on its site foreign online espionage and fostering online privacy. It and the news portal appealed to the ECHR. The judges would also allow courts and law enforcement authorities found that it is both “practical and reasonable for the site to circumvent lengthy Mutual Legal Assistance Treaty owner to be held responsible” for the comments and did (MLAT) procedures with third countries, in which many not detect a violation of Article 10. The ECHR judgement servers of major platforms used in Brazil are physically is not yet final and can be appealed to the Grand chamber located today, to access user data of Brazilian citizens. of the ECHR within three months. The Brazilian Chamber of Deputies is expected to vote on the adoption of the new law in November 2013, after Read further: President Rousseff requested to handle the matter with European Court of Human Rights: Case of Delfi v. Estonia9 constitutional urgency.2 Kari’s journal Blog: Delfi vs Estonia ECHR judgment10 Stanford CIS: The European Court of Human Rights holds Read further: delfi.ee liable for anonymous defamation11 Reuters: Brazil to insist on local Internet data storage after U.S. spying3 The Guardian: Brazil to legislate on online civil rights fol- lowing Snowden revelations4 Bloomberg: NSA spying allegations put Google on hot seat in Brazil5

53 3. Germany and Brazil to Read further: TorrentFreak: UK Police orders registrars to suspend do- prose UN Resolution on mains of major torrent sites 22 online privacy The Register: Canadian operator EasyDNS stands firm German Chancellor Angela Merkel and Brazilian President against London cops23 Dilma Rousseff have launched a coordinated initiative to EasyDNS: Whatever happened to “Due Process”?24 advocate the creation of a UN Resolution on the right of privacy on the Internet. The moves is a response to the 5. US and British intelligence extraterritorial extension of sovereignty on the Internet services intercept global through the US NSA surveillance scheme. It comes after it traffic between Google, was revealed that the telephones of both heads of state Yahoo data centers were tapped12 by US authorities. Brazil’s president previ- ously qualified the reach of US online surveillance in third A new joint US-British large-scale surveillance program countries a “breach of international law” in a UN speech13 was revealed through the Snowden leaks. The MUSCULAR in September 2013. On October 26, 2013, German and Bra- program25 refers to the capability of the NSA and the zilian diplomats met to discuss a draft resolution, which GCHQ to directly intercept unencrypted traffic between could extent the 1976 UN International Covenant on Civil the globally distributed data centers of Google and and Political Rights’ Article 17 14 on privacy to online in- Yahoo. The access points, according to the leaked docu- teractions. Representatives from France, Sweden, Norway ments, are telecommunication operators that provide and Austria were equally participating15 in the meeting. direct access to either the physical fiber optic cables that President Rousseff has also proposed to directly connect connect the data centers, or to switches and routers. This Brazil and Europe with fiber optic cables16 to route traffic allows the intelligence services to collect huge amounts around US territory. of personal data from citizens of other jurisdictions from internal company traffic. The MUSCULAR program has the Read further: capacity26 to filter relevant data and make it accessible for Reuters: Germany, Brazil to propose anti-spying resolu- investigations. It complements the already revealed pro- tion at U.N.17 gram PRISM, which only allows targeted access to specific Washington Post: Brazil seeks UN resolution to guarantee user data with a FISA court warrant, as well as the large- Internet privacy amid anger over US surveillance18 scale direct collection of raw traffic at Internet Exchange Atlantic Wire: Germany and Brazil will take NSA spying Points. For resilience purposes, most cloud-based services frustrations to the UN19 try to geographically distribute and copy data of their clients, which results in high cross-border traffic volumes 4. London Police requests between data centers. domain registrars outside Read further: its jurisdiction to take down Washington Post: How the NSA’s MUSCULAR program col- infringing websites lects too much data from Yahoo and Google27 A newly created Intellectual Property Crime Unit of the ArsTechnica: How the NSA’s MUSCULAR tapped Google’s City of London Police (PIPCU) issued several requests20 to and Yahoo’s private networks28 foreign domain registrars to globally suspend websites, Wired: NSA is intercepting traffic from Yahoo, Google which allegedly “directly or indirectly” infringe copy- data centers29 right laws in the British jurisdiction. The requests were not based on any court orders, but issued in the context 6. Luxembourg’s Data of ongoing investigations for copyright violations. The Protection Authority London police forces demanded registrars to point all investigates Skype’s links with global visitors of the suspended domains to a website of NSA the PIPCU which announces that the website “is under criminal investigation by the UK”. In detail, the suspen- The National Commission for Data Protection of the sion requests were framed as “alerts” to notify foreign Grand Duchy of Luxembourg has opened a formal inves- registrars about the existence of infringing domains and tigation into Skype’s links with the US NSA surveillance recalling their duty to react according to their Terms of scheme, which might potentially violate national privacy Service. Moreover, PIPCU evoked the possibility to refer and surveillance laws. The global headquarters of the the matter to ICANN, highlighting a potential breach of Microsoft subsidiary are located in Luxembourg’s juris- the ICANN Registration Accreditation Agreement (RAA), diction. The probe was probably triggered30 by a formal which states that “accreditation as a Registrar can be ter- complaint by the Austria-based student group europe-v- minated if the Registrar is found to have ‘permitted illegal facebook. It rests unclear if Luxembourg has a secret legal activity in the registration or use of domain names”. The assistance or data transfer agreement with the US. Canadian registrar EasyDNS21 published the request and publicly demanded due process for domain suspension requests.

54 7. Judge threatens to block the conclusion that the Russian social network can not Facebook over defamatory monitor all user uploads for pirated content. The initial lawsuit was filed in June 2013 by a record label seeking posts in Brazilian jurisdiction damages for over 60 infringing tracks hosted on VKon- In a case against Facebook Brazil that involved the takte. takedown of defamatory posts, the Civil Court of Sao Paulo granted on October 2, 2013 an injunction to block 12. Indian court asks Facebook31 in Brazil if the company did not remove the Center for notification on content in question within 48 hours. Facebook Brazil com- e-signature requirement to plied with the court order, after having argued that only send complaints to Facebook Facebook Inc and Facebook Ireland Ltd were responsible for the content. The judge stated that “Facebook is not a A Public Interest Litigation against Facebook in the Indian sovereign country superior to Brazil” and stressed the fact jurisdiction was filed with the Delhi High Court in April that the company is subject to Brazilian law. 2013. It accuses the platform of having a cumbersome procedure for individuals to send complaints to the social 8. Copyright: Italy submits network: They need to be transmitted by conventional draft regulation to EU for mail to Facebook Ireland, or via email with a mandatory electronic signature, which is not commonly used in India. domain seizures and blocks Therefore, the Indian court has demanded the central The Italian Electronic Communications Authority AGCOM government’s counsel to issue a notification38 on the sig- has submitted a draft anti-piracy regulation32 to the Euro- nature requirement. pean Commission, which includes provisions to seize or block sites that carry copyright infringing content within 13. Russian Ministry wants to 72 hours without a court order33. On 17 October 2013, an block 160 piracy websites via Italian court ordered34 ISPs to block major torrent sites in their IP addresses the Italian jurisdiction. The deputy head of the Russian Ministry of Communica- 9. India to ban government tions announced39 plans to introduce a distinction be- use of email platforms tween online platforms that comply with the notice and takedown regime, as stipulated by Russian law, and other located outside its websites with the purpose of hosting pirated content. jurisdiction The latter category, consisting of roughly 160 identified The Indian Department of Electronics and Information websites, might soon become blocked by Russian ISPs at Technology is changing the email policy of the govern- the IP address level. ment of India after the revelations of NSA surveillance of US-based online services. It is expected that services plat- 14. Canadian VPNs required forms like Google or Yahoo will be banned by December to keep logs and forward 2013 for official use. Government emails will need to be copyright notices to users routed through the official website NIC’s email service35. VPN providers incorporated in the Canadian jurisdiction 10. Brazil issues MLAT request will be required40 by a new Copyright Act amendment41 to keep logs of their users for six months. Moreover, to US to interrogate CEOs of the law requires them to forward notices for copyright global platforms infringements to the respective users. Although certain After having questioned local representatives of US based modalities are still to be set42 by the government, the cross-border online platforms, the Brazilian Federal Police notice-and-notice system will become effective in the is extending36 its investigation in the aftermath of the near future. Snwoden revelations. The police issued a Mutual Legal As- sistance Treaty (MLAT) request to the US for an authoriza- 15. Privacy lawsuit against tion to question the CEOs of Google, Microsoft, Apple the UK filed at the European Yahoo and Facebook in the US jurisdiction. Court of Human Rights 11. VKontakte not liable The NGOs Big Brother Watch, Open Rights Group, English for copyright infringing PEN and the former Chaos Computer Club spokesperson Constanze Kurz filed a lawsuit43 against the UK at the user uploads in Russian European Court of Human Rights on October 3, 2013. They jurisdiction claim that the British government has violated44 privacy The Arbitration Court of St. Petersburg and Leningrad provisions of Article 845 of the Convention for the Protec- region ruled that VKontakte is not liable37 for copyright tion of Human Rights and Fundamental Freedoms with infringing music uploaded by its users, but obliged to take the online surveillance scheme operated by the GCHQ, down content after receiving a notice. The judge came to which was revealed by Edward Snowden. 55 16. Singapore consults on ian jurisdiction, which would protect in particular official modalities for executing messages from potential foreign espionage. The Brazilian website blocks in its federal data processing service Serpro is designated to jurisdiction operate the national email system. The Senior Minister of State for Law of Singapore an- 19. German intelligence nounced46 on October 21, 2013 plans to review the imple- service taps fiber optic cables mentation of the national Copyright Act. In detail, the and Internet Exchange Point government will discuss47 “appropriate regulatory mea- sures” to curb online piracy and consult with stakehold- The German Federal Intelligence Service BND has a secret 51 ers from business and civil society on the “appropriate agreement with over 25 ISPs in the German jurisdiction approach to site blocking” in Singapore’s jurisdiction. to monitor directly traffic that is routed through fiber optic cables. Moreover, the BND can tap into the traffic of the Frankfurt Internet Exchange Point DE-CIX. It rests 17. Posting revenge porn unclear how the BND distinguishes between national declared a crime in communications and international traffic. The BND can California’s jurisdiction only spy on German citizens under certain circumstances. On October 2, 2013 the governor of California signed a bill48 that makes the posting of so-called “revenge porn” 20. Seychelles-based VPN on the Internet a criminal offense49 in the jurisdiction, operator to monitor users in which several globally operating online platforms are for online harassment incorporated. The bill introduces jail sentences of up to six months and a 1000 US dollar fine. The VPN operator Proxy.sh, incorporated in the Republic of Seychelles, began to engage into platform policing activities52. Without a court order, the VPN reacted to a 18. Brazil is building a complaint by a victim of online harassment and installed, national email system despite its no-logging policy, a network monitoring tool Brazilian President Dilma Rouseff announced50 on Twitter to identify the VPN user in question. the creation of an encrypted email service in the Brazil-

REFERENCES

1 Al Jazeera (29.10.2013). Af- 6 European Court of Human 11 Stanford CIS (25.10.2013). 16 Politico (29.10.2013). Brazil ter US spying, Brazil to require Rights (10.10.2013). Making The European Court Of Hu- to take up Internet privacy local data storage. an Internet news portal li- man Rights holds delfi.ee bill. able for the offensive online liable for anonymous defama- 2 Data Guidance (31.10.2103). comments of its readers was tion. 17 Reuters (25.10.2013). Brazil: Fast-tracked legislation justified. Germany, Brazil to propose could force ISPs to store data 12 The Guardian (24.10.2013). anti-spying resolution at U.N. locally. 7 Council of Europe Germany summons US ambas- (4.10.1950). Convention for the sador over claim NSA bugged 18 The Washington Post 3 Reuters (28.10.2013). Brazil protection of human rights Merkel’s phone. (26.10.2013). Brazil seeks UN to insist on local Internet data and fundamental freedoms. resolution to guarantee Inter- storage after U.S. spying. 13 Huffington Post net privacy amid anger over 8 European Commission (24.9.2013). Dilma Rousseff’s US surveillance. 4 The Guardian (1.11.2013). (10.10.2013). E-Commerce UN Speech: Brazilian President Brazil to legislate on online Directive. Calls U.S. Spying ‘Meddling’. 19 The Wire (24.10.2013). civil rights following Snowden Germany and Brazil Will Take revelations. 9 European Court of Human 14 UNHR (23.3.1976). Interna- NSA Spying Frustrations to Rights (10.10.2013). Case of tional Covenant on Civil and the UN. 5 Bloomberg (29.10.2013). Delfi As. Estonia. Political Rights. NSA Spying Allegations Put 20 City of London Police Google on Hot Seat in Brazil. 10 Kari’s journal (10.10.2013). 15 Al Jazeera (26.10.2013). (24.9.2013). EasyDNS. Delfi vs Estonia ECHR judg- Germany and Brazil seek UN ment. privacy resolution.

56 21 The Register (9.10.2013). 29 Wired (30.10.2013). 37 TorrentFreak (26.10.2013). 45 Council of Europe London plod plonks, er, pull Report: NSA is intercepting Russian Facebook not respon- (4.10.1950). Convention for the request on EasyDNS. traffic from Yahoo, Google sible for users’ pirate music protection of human rights data centers. uploads. and fundamental freedoms. 22 TorrentFreak (9.10.2013). UK police orders registrars 30 Europe V Facebook 38 The Times of India 46 Singaporean Ministry of to suspend domains of major (29.10.2013). Luxembourg’s data (31.10.2013). Delhi HC seeks Law (21.10.2013). Oral answer torrent sites. protection authority investi- notification on Facebook e- by Senior Minister of State gates Skype’s links with NSA. signature. for Law, Indranee Rajah, to 23 The Register (11.10.2013). Parliamentary Question on Canadian operator EasyDNS 31 Stanford CIS (7.10.2013). 39 TorrentFreak (21.10.2013). online piracy. stands firm against London A Brazilian judge orders Minister: Government will cops. Facebook off air if it fails to censor all 160 Russian ‘Pirate’ 47 Out-law (24.10.2013). remove a defamatory discus- sites. Singapore Government to 24 EasyDNS (8.10.2013). sion. consult on role of website Whatever happened to “due 40 TorrentFreak (11.10.2013). blocking in fighting online process”? 32 European Commission Canada wants VPNs to log and copyright infringement. (20.9.2013). Notification warn pirating customers. 25 The Washington Post 2013/0496/I. 48 Leginfo (13.2.2013). Legis- (30.10.2013). NSA infiltrates 41 Parliament of Canada lative counsel’s digest. links to Yahoo, Google data 33 TorrentFreak (29.10.2013). (20.4.2012). Legislative Sum- centers worldwide, Snowden Italy plans to wipe out Pirate mary of Bill C-11: An Act to 49 ArsTechnica (2.10.2013). documents say. sites and expose owners. amend the Copyright Act. First bill banning “revenge porn” passes in California. 26 The New York Times 34 TorrentFreak (17.10.2013). 42 Michael Geist (10.10.2013). (30.10.2013). N.S.A. said to tap Italian court orders ISPs to Government launches consul- 50 Wired (14.10.2013). Brazil- Google and Yahoo abroad. block several major torrent tation on rules for ISP Notice- ian president Tweets about sites. and-Notice System amid shift new national email, continutes 27 Washington Post in priorities. anti-NSA rhetoric. (14.10.2013). How the NSA’s 35 The Times of India MUSCULAR program collects (29.10.2013). Gmail, Yahoo may 43 ArsTechnica (3.10.2013). 51 ArsTechnica (7.10.2013). too much data from Yahoo be banned in government of- European organizations file German NSA has deal to and Google. fices by year-end. lawsuit against UK over vast tap ISPs at major Internet digital surveillance. exchange. 28 ArsTechnica (31.10.2013). 36 The Herald (26.10.2013). How the NSA’s muscular Europe wants new spy deal. 44 The Guardian (3.10.2013). 52 TorrentFreak (6.11.2013). tapped Google’s and Yahoo’s GCHQ faces legal challenge VPNS: Is it ok to monitor ‘bad’ private networks. in European court over online users on ethical grounds? privacy.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-october-references

57 NOVEMBER

1. French court orders 2. Google’s Terms of Service Google Inc and Google in breach of privacy laws in France to filter Max Mosley Dutch jurisdiction orgy photos On November 28, 2013, the Dutch Data Protection Au- On November 6, 2013 the French civil court Tribunal de thority (DPA) published7 the findings of its seven-month Grande Instance ordered1 both Google Inc and Google investigations into the combining of personal data by dif- France to filter nine defamatory images of the former For- ferent online services of Google such as Gmail, YouTube mula One president Max Mosley from its search results. or Google Search. The DPA came to the conclusion8 that The pictures in question show Max Mosley participating Google’s Terms of Service update of March 2012, which in a 2008 “Nazi orgy” and were published by the British enabled the personal data combination, breaches Dutch tabloid News of the World before spreading on the In- privacy laws. Google “does not adequately inform us- ternet. In detail, the Parisian court ruled2 that the images ers about the combining of their personal data from all intruded the privacy of the plaintiff and came to the con- these different services” and “does not offer users any clusion that Google must “remove and cease, for a period (prior) options to consent to or reject” that their data of five years beginning two months after this decision” is processed in a combined way, which is “forbidden by the appearance of the images on its Google Images search law”9, according to the Chairman of the Dutch DPA. In engine results. The French injunction obliges Google thus the Netherlands, companies are only allowed to gather to install a dedicated filtering system. Google announced information about individuals for a particular purpose to appeal the French decision. A similar lawsuit3 was filed or business goal10. Google responded11 that it operates in in Hamburg, Germany and the decision is expected in compliance with European law. The DPA announced no early 2014. immediate sanctions12 against Google.

Read further: Read further: Digital Media Law Project: French court: claim of First Bloomberg BNA: Dutch DPA concludes that Google is in Amendment rights in search results inconsistent with breach of Data Protection Act13 “neutral and passive role” as host4 PC World: Google’s privacy policy violates Dutch data Search Engine Land: French court orders Google to re- protection law, Dutch DPA says14 move Max Mosley’s Images from search engine results5 Guardian: Google privacy changes break Dutch data pro- Reuters: Google ordered to remove Max Mosley sex party tection law, says regulator15 images6

58 3. EU Commission demands Read further: IDG: Berlin court rules Google privacy policy violates data measures to restore “trust” protection law21 in EU-US cross-border data Bloomberg BNA: Berlin court rules Google privacy policy transfers too vague; Internet giant set to appeal22 On November 27, 2013, the European Commission pub- Gigaom: German court chides Google over its vague pri- lished16 a comprehensive set of actions to address the lost vacy policy and terms23 trust in privacy protections in EU-US cross-border data transfers after the Snowden revelations on the extrater- 5. Microsoft, Google ritorial extension of NSA surveillance that leveraged introduce algorithms to the physical presence of platforms and operators in the block searches for child US jurisdiction. The recommendations focused, among abuse images others, on the improvement17 of the EU-US Safe Harbor agreement. US-based cross-border online platforms could The two search engines operated by Google and Micro- 24 be obliged to include provisions in their Terms of Service soft announced on November 17, 2013 new measures to to specify to what extent US law “allows public authori- combat the spread of child abuse images. The companies 25 ties to collect and process data transferred”. Moreover, teamed up to developed algorithms that block the the Commission highlights the need to strengthen appearance of search results for 100.000 search terms procedures for redress for EU citizens if their privacy related to child abuse images. Google announced that the rights are infringed in the US jurisdiction. This includes new filter will be introduced first in the British jurisdic- the strengthening of alternative dispute mechanisms tion before being extended to 158 jurisdictions and their under the Safe Harbor agreement, as well as the creation corresponding local languages by mid-2014. Moreover, the of “judicial redress mechanisms” for EU citizens “not two companies agreed to cooperate with the UK based resident in the US”. The communication also stresses the Internet Watch Foundation and the US-based National importance for law enforcement agencies (LEA) to acquire Center for Missing and Exploited Children to provide user data in foreign jurisdiction through the existing EU- technological expertise and to offer their capacities to US Mutual Legal Assistance and sectoral arrangements. A identify child abuse images. The search engine filters were new umbrella agreement for LEA data sharing is currently introduced after UK Prime Minister Cameron demanded negotiated between the US and the EU and could become that the companies take measures earlier in 2013. operational in 2014. Read further: Read further: Reuters: Google, Microsoft tighten online searches to 26 Gigaom: Europe’s response to U.S. surveillance is hopeful combat child porn rather than harsh18 Daily Mail: Google chief Eric Schmidt explains block on 27 Guardian: NSA surveillance: Europe threatens to freeze US child porn data-sharing arrangements19 CNET: Google, Microsoft ramp up fight against online 28 ZDNet: Realizing it’s the underdog post-PRISM, EU lays child pornography out new BFF pact with the U.S.20 6. Microsoft and Skype may 4. German court rules continue to send data of Google’s privacy policy EU citizens to the US, says violates national data Luxembourg’s DPA protection law Following the revelations of the extraterritorial exten- On November 19, 2013, the Berlin Regional Court ruled sion about the US surveillance on European users of that Google Inc. does not comply with data protection US-based online platforms, the Austrian privacy campaign 29 laws in the German jurisdiction. In detail, 25 clauses – 13 Europe-v-Facebook asked Luxembourg’s data protection clauses in its Privacy Policy and 12 ones in its Terms of authority CNPD in July 2013 to investigate into Micro- Service – were found to be unlawful or restrictions of soft and Skype, both incorporated in its jurisdiction. The consumer rights. The complaint was filed by the German CNPD published its response on November 18, 2013: It 30 Federation of Consumer Organizations in 2012 after Ger- did not find breaches of national or EU privacy laws by man Google users flagged the vaguely formulated data the transfer of personal data of EU citizens to the US and use policies as new Terms of Service unified the privacy the alleged sharing of user data with the NSA under the policies across Google services. Google announced to PRISM scheme. appeal the ruling. A decision by the court of appeals is ex- pected for the end of 2014. If the ruling was final, Google could be forced to change its Terms of Service to operate in the German jurisdiction and be fined up to 250.000 Euro per infringing clause.

59 7. UN draft resolution on 11. Indian Supreme Court privacy in the digital age to asks Department of be voted on in UN General Telecommunications how to Assembly block porn sites The UN draft resolution “The right to privacy in the On November 18, 2013, the Indian Supreme Court issued digital age”31, jointly sponsored by Brazil and Germany an notice42 to the Department of Telecommunication on in response to the global reach of NSA surveillance, has how to block websites with pornographic content that been approved32 on November 26, 2013 by the UN General are accessible in India, but operated from foreign jurisdic- Assembly’s Social, Humanitarian and Cultural Committee. tions. Existing procedures to block content within the The 193 members of the General Assembly are expected Ministry of Information and Broadcasting in India are only to vote33 on the non-binding resolution in December 2013. designed for radio and television, and not for websites. 8. Canadian and Indian 12. Apple issues first registrars clash over transparency report execution of takedown On November 5, 2013, Apple published43 its first “Report request by London police on Government Information Requests” in the wake of the The Canadian registrar easyDNS has filed34 a Request for Snowden revelations about NSA access to personal data Enforcement with the registry VeriSign under ICANN’s of users of US-based companies. The report covers the 44 Tranfers Dispute Resolution Policy35 to transfer-out three first half of 2013. The company received around 1800 domain names to it, which the India-based registrar Public requests from law enforcement agencies for account in- Domain Registry (PDR) blocked after having received a formation from 31 jurisdictions (notably the US, UK, Spain, suspension request by the City of London Police. Con- Germany and Australia). trary to PDR, easyDNS publicly denied to comply with similar British police requests, which were not backed 13. Telco compliance with by any court order. PDR refused however to transfer the British Tempora spying: locked domains to easyDNS. As a consequence, easyDNS Privacy International files asked PDR to abide to its obligations under the Registrar complaints with OECD Accreditation Agreement36 to transfer the three domains. 45 In the end, VeriSign’s verdict was “a decision of No Deci- The UK-based NGO Privacy International has filed on 46 sion“.37 November 5, 2013 formal complaints with the OECD against major telecommunication companies for their 9. First VPN provider publishes compliance in the surveillance scheme operated by the British intelligence service GCHQ. The complaints state transparency statistics that BT, Verizon Enterprise, Vodafone Cable, Viatel, Level Proxy.sh, a VPN provider based in Seychelles’ jurisdiction, 3, and Interoute violated several OECD guidelines for is the first38 operator of its kind to publish transparency human right standards of cooperate actions by letting statistics39 about all data and takedown requests it re- GCHQ access their fiber optic cables under the Tempora ceives. In addition, it also reveals its compliance deci- program47. sions. Instead of publishing regular aggregated reports, the VPN makes individual requests available on its website 14. NSA links: Civil society within 12 hours after reception. coalition sues Dutch state for whitewashing 10. French court orders surveillance data search engines and ISPs to block streaming sites A coalition of the Dutch Association of Defense Councils, the Dutch Association of Journalists and individuals from The Tribunal de Grande Instance of Paris ordered40 on the Dutch civil society and technical community initi- November 28, 2013 the blocking of 16 websites that linked ated on November 6, 2013 legal proceedings48 against the to online streams of copyright protected material. In de- Dutch state following the Snowden revelations about the tail, six French ISPs, including Orange and SFR, as well as surveillance activities of the US. In detail, the coalition the search engines operated by Google (Inc and France), accuses the Netherlands of “whitewashing”49 surveillance Microsoft (Inc and France), Yahoo (Inc and France) and Or- data by circumventing national privacy laws through the ange are now obliged to block and de-index the websites use of data that was acquired by the NSA. within 15 days and for a period of 12 months.41

60 15. UK High Court orders new 18. Shared Endorsements: pirate website blocks Google faces privacy A new order50 by the UK High Court extends the numbers complaints in 14 EU countries of piracy websites blocked in the UK jurisdiction to 33, On November 26, 2013, a lawyer filed complaints54 in addition to blocked proxies or alternative domains. demanding Google to change its Terms of Service with Six ISPs were ordered to make the sites YIFY-Torrents, data protection authorities in 14 EU jurisdictions: Austria, PrimeWire, Vodly, WatchFreeMovies and Project Free TV Belgium, the Czech Republic, Denmark, France, Germany, inaccessible on UK territory. Italy, Lithuania, the Netherlands, Norway, Poland, Slove- nia, Spain and Sweden. A recent Terms of Service update 16. Encryption: Twitter begins by Google introduced “shared endorsements“55, which to use Perfect Forward allegedly violate national privacy laws by showing user Security to prevent access to pictures and comments in advertisements if users follow traffic data a company’s site on Google+. In response to the revelations of the NSA’s capacities to 19. Bill in Israeli jurisdiction monitor traffic data, Twitter announced51 on November could legalize downloads of 22, 2013 that it began using a new encryption standard. The technology Perfect Forward Security52, adopted also copyright protected material by Google, Mozilla and Facebook, encrypts each web ses- Members of the Israeli parliament are about to present56 sions with a distinct key, which renders bulk encryption of a bill, which would legalize57 the downloads of copyright- (cross-border) traffic data harder. protected content for personal use. The Israeli collecting society ACUM seems to support the bill, which foresees a 17. UK government to order levies-based system to re-compensate financial losses. blocking of “extremist” websites in its jurisdiction 20. Belgium court orders ISPs to search for and block The UK government announced53 on November 27, 2013 plans to order ISPs to block websites containing “extrem- Pirate Bay proxies ist” content, similar to already existing child abuse images The Belgium Supreme Court decided that ISPs must pro- blocks in the UK jurisdiction. A government funded-body actively search for, report and block proxy websites that will probably determine what constitutes “extremist” provide Belgium Internet58 users with an access to The content and issue blocking orders to national ISPs. Pirate Bay, a torrent site that is blocked in the Belgium jurisdiction. The Supreme Court came to the conclusion that this measure is not disproportionate.

REFERENCES

1 Droit du Net (6.11.2013). 5 SearchEngineLand 9 Dutch DPA (28.11.2013). Pri- 13 Bloomberg (17.11.2013). TGI Paris, 17th c., Nov. 6, 2013, (6.11.2013). French court orders vacy policy Google in breach Dutch DPA concludes that RG 11/07970, c Max Mos- Google to remove Max Mos- of data protection law. Google is in breach of Data ley. Google Inc. and Google ley images from search engine Protection Act France. results. 10 BBC (29.11.2013). Google violated Dutch data protec- 14 PCWorld (28.11.2013). 2 BBC (6.11.2013). French 6 Reuters (6.11.2013). Google tion laws, says watchdog. Google’s privacy policy vio- court orders Google to block ordered to remove max Mos- lates Dutch data protection Mosley ‘orgy photos’. ley sex party images. 11 Out-Law (29.11.2013). law, Dutch DPA says. Unambiguous consent cannot 3 France24 (7.11.2013). French 7 DutchDPA (11.11.2013). In- be gleaned from consumers’ 15 The Guardian (29.11.2013). court tells Google to bury vestigation into the combining agreement to privacy policy Google privacy changes break Mosley orgy images. of personal data by Google. terms, says Dutch watchdog. Dutch data protection law, says regulator. 4 Digital Media Law Project 8 The Verge (28.11.2013). 12 TechCrunch (28.11.2013). (26.12.2013). French court: Dutch data protection agency Dutch authorities find Google 16 European Commission Claim of First Amendment says Google is violating pri- violates its privacy data pro- (27.11.2013). European Com- rights in search results in- vacy policy. tection act. mission calls on the U.S. to consistent with “neutral and restore trust in EU-U.S. data passive role” as host. flows.

61 17 Out-Law (28.11.2013). 27 Mail Online (18.11.2013). 37 TechDirt (27.11.2013). subpoena Minster of Interior US tech giants should look ‘We’ve listened - and here’s EasyDNS continues to fight due to cooperation with NSA. beyond ‘Safe Harbour’ certi- how we’ll halt this depravity’: bogus website seizures by city fication to win EU businesses’ Google chief ERIC SCHMIDT of London police after Veri- 49 Gigaom (6.11.2013). Dutch trust on privacy, says expert. explains block on child porn. sign issues ‘No decision’. lawyers and journalists sue government over NSA links. 18 Gigaom (27.11.2013). 28 CNet (18.11.2013). Google, 38 TorrentFreak (4.11.2013) Europe’s response to U.S. Microsoft ramp up fight VPN provider details DMCA 50 TorrenFreak (22.11.2013) surveillance is hopeful rather against online child pornog- and user data requests in UK piracy block list expands than harsh. raphy. transparency report. with Yify, Primeware, Vodly and others. 19 The Guradian (26.11.2013). 29 Europe v Facebook 39 Proxy.sh (18.11.2013). Trans- NSA surveillance: Europe (18.11.2013). NSA: Micro- parency Report. 51 Twitter (22.11.2013). For- threatens to freeze US data- soft and Skype may further ward secrecy at Twitter. sharing arrangements transfer data from EU to US. 40 Future of Copyright Luxemburg DPC sees ‘adequate (29.11.2013). French court or- 52 The New York Times 20 ZDNet (27.11.2013). Real- protection’ despite PRISM. ders ISPs and search enginess (22.11.2013). Twitter tough- izing it’s the underdog post- ening its security to thwart PRISM, EU lays out new BFF 30 Gigaom (18.11.2013). Pri- 41 PCInpact (28.11.2013). Af- government snoops. pact with the U.S. vacy campaigners lose Luxem- faire allostreaming: les ayants borg bid to censure Microsoft droits font appel. 53 The Guardian (27.11.2013). 21 ComputerWorld over NSA links. Ministers will order ISPs to (20.11.2013). Berlin court rules 42 The Times of India block terrorist and extremist Google privacy policy violates 31 United Nations (18.11.2013). DoT gets SC notice websites. data protection law. (26.11.2013). The right to pri- on blocking porn sites. vacy in the digital age. 54 The Privacy Surgeon 22 Bloomberg (25.11.2013). 43 Apple (5.11.2013). Report (26.11.2013). Complaint lodged Berlin court rules Google 32 PCWorld (26.11.2013). UN on Government Info Requests. with the Data Protection Au- privacy policy too vague; panel passes draft resolu- thorities of Norway, Sweden, internet giant set to appeal. tion on privacy threats in the 44 ZDNet (5.11.2013). Apple Czech Republic, Denmark, digital age. defends government-mandat- France, Spain, Italy, Slovenia, 23 Gigaom (20.11.2013). Ger- ed gaps in new transparency Austria, Belgium, Germany man court chides Google over 33 The Guardian (26.11.2013). report. (Federal and Berlin), Lithuania, its vague privacy policy and UN advances surveillance Netherlands and Poland. terms. resolution reaffirming ‘human 45 PCWorld (5.11.2013) right to privacy’. Privacy group files OECD com- 55 Google (26.11.2013). How 24 BBC (18.11.2013). Google plaints over UK telco spying. shared endorsements work. and Microsoft agree steps to 34 TorrentFreak (3.11.2013). block abuse images. Registrars clash at Verisign 46 Privacy International 56 TorrentFreak (21.11.2013). over seized “Pirate” site (5.11.2013). Privacy interna- Israel to consider legalizing 25 The Verge (18.11.2013). domans. tional files OECD complaints downloading. Google’s Eric Schmidt an- against telcos for role in UK nounces new blocks on child 35 ICANN (27.11.2013). Regis- program. 57 The Jewish Press porn. trar transfers dispute resolu- (20.11.2013). New bill legal- tion policy. 47 Wired (24.6.2013). A izing downloading music and 26 Reuters (18.11.2013). simple guide to GCHQs inter- movies. Google, Microsoft tighten 36 ICANN (27.11.2013). Regis- net surveillance programme online searches to combat trar accreditation agreement. Tempora. 58 TorrentFreak (30.10.2013) child porn. Court orders ISPs to police the 48 Bureau Brandeis Internet for PirateBay proxies. (6.11.2013). Press release: Dutch

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-november-references

62 DECEMBER

1. UN General Assembly website then registered6 under Peru’s .PE domain. There, it was suspended again after five days on December 18, 2013. adopts privacy in digital age The torrent library moved to .GY in Guyana, where it was resolution suspended for violations of the registries acceptable use On December 18, 2013 the UN General Assembly ad- policies. On December 19, 2013 the website moved back7 opted unanimously the resolution1 “Right to privacy in to its initial Swedish .se domain. It rests unclear8 in which the digital age”. For the first time, the General Assembly jurisdiction the servers of the website are located. established that human rights should be applicable both offline and online. The resolution has been introduced by Read further: Germany and Brazil after the revelations of the extra- Register: The Pirate Bay changes domain again … twice9 territorial extension of US surveillance in cyberspace. Torrentfreak: Pirate Bay moves to Guyana after domain The resolution calls upon the 193 UN member states to suspension, 70 domains to go10 “respect and protect the right to privacy, including in the Ars Technica: After sailing the domain name seas, Pirate context of digital communication” and “to review their Bay returns to Sweden11 procedures, practices and legislation on the surveillance of communications, their interception and collection of 3. New version of the Marco personal data, including mass surveillance.” The General Civil submitted to Brazilian Assembly resolution is not legally binding. Congress Read further: On December 11, 2013, Alessandro Molon, the author of 12 Associated Press: UN votes to protect privacy in digital age2 the Marco Civil submitted a new version of the draft New York Times: A blow against Big Brother3 bill to the House of Representatives. Following the NSA Hindu: The right to privacy in the digital age4 Internet surveillance revelations, Brazilian President Dilma Rousseff ordered in September 2013 that the bill 2. The Pirate Bay moves from shall be voted with constitutional urgency. Although it was expected that the bill is passed on to the Senate in Ascension Island over October 2013, no compromise was reached in the House Guyana to Sweden of Representatives and the urgency deadline stipulated by The torrent library The Pirate Bay switched its country- Brazilian law expired. As a consequence, the Marco Civil code top-level domains (cc-TLD) six times in 2013 to blocks13 other legislative proposals in the lower house escape seizures in various jurisdictions. After its .SX ad- until it is voted. The Brazilian minister for institutional dress was seized5 on December 10, 2013 in Sint Maarten, relations Ideli Salvatti announced14 that the Marco Civil a land of the Kingdom of the Netherlands, the website will be the first bill to be voted on in 2014. moved on to Ascension’s Islands .AC – a cc-TLD subject to UK jurisdiction. To preempt another suspension, the

63 Read further: Read further: Marco Civil: Substitutive Bill Proposal to Bill No. 2,126, ArsTechnica: settles MPAA copyright case, agrees from 2011 (English translation)15 to $80 million in damages26 Global Voices: New Version of Brazil’s Marco Civil Submit- TorrentFreak: Hotfile shuts down and takes user files with 27it ted to the House of Representatives16 NetworkWorld: Hotfile ordered to pay damages, install TeleGeography: Minister affirms: civil internet bill is ‘first copyright filtering, says MPAA28 in line’ for 2014 vote17 6. EU advocate general argues 4. Italy approves new system data retention directive to block and seize pirate breaches fundamental rights websites On December 12, 2013 an Advocate General of the Euro- A new regulation18 confers the power to seize and block pean Court of Justice (ECJ) argued in a non-binding opin- websites containing copyright infringing material without ion29 that the 2006 EU data retention directive breaches a court order upon the Italian telecommunications regula- the EU Charter of Fundamental Rights30. The directive tor Autorità per le Garanzie nelle Comunicazioni (AG- prescribes the storage of location and communication COM). From March 31, 2014 onwards, the authority will be data for six months to two years without stipulating ap- able to send takedown requests to websites and order19 propriate limitations31 for data access and processing by domain seizures for websites hosted or registered in Italy, the Member States, according to the opinion. The case in as well as ISPs blockades of foreign websites which do question was sent to the ECJ from the Irish jurisdiction. not comply with requests to within 72 hours. The new procedure is intended to speed up considerably the pro- 7. US and Indian law cess to react to copyright infringements on the Internet enforcement seek to enhance and reduce the time from the reception of a complaint to cooperation on digital issues the implementation of an action to less than 35 days. The system also introduces a fast-track procedure of 12 days On December 3-4, 2013 law enforcement representatives in case of “serious violations”. The new AGCOM measures of India and the US met32 in New Delhi to explore en- were enacted by an administrative process without a hanced cooperation. The talks were part of the Indo-US hearing in the Italian parliament. homeland security dialogue. Among others, the confer- ence focused on challenges related to the viral spread Read further: of rumors and misinformation on the Internet, as well as TorrentFreak: Measures to black out pirate sites unani- on the improvement of the process of legal assistance by mously approved20 the US to send requests and receive access to user data. ZDNet: Italy’s site-blocking law comes into effect: A The US signaled support, but noted33 that national privacy threat to Pirate Bay or a curse on online freedom?21 laws govern Internet services based in the US. EDRI: Italian telecom authority gets the power to block websites22 8. British ISP blocks website Imgur by 5. Panama-based cyberlocker error Hotfile shuts down after US The popular image sharing platform Imgur became inac- copyright settlement cessible34 for several hours in the British jurisdiction for On December 3, 2013, shortly before the official trial subscribers of Sky Broadband. The ISP intended to block was set to start, the U.S. District Court for the Southern the file-sharing website YIFY-Torrents, which is blacklisted District of Florida agreed with a settlement between the by all six major ISPs in the UK. However, an automated US-based Hotfile and the industry system35 blocked the IP address of an Australian Content group Motion Picture Association of America (MPAA). Delivery Networked used by both sites, which in return The MPAA initially demanded23 517.200.000 US dollar for blocked Imgur, too. copyright damages caused by 3.448 infringing video files that were hosted by Hotfile. The settlement24 required 9. Spain issues maximum Hotfile to pay 80 million US dollar and install a filtering fine for Google’s privacy system to prevent the upload of copyright protected violations material in order to continue to operate. On December 36 4, 2013 Hotfile however shut down permanently. It is The Spanish data protection authority APED fined 37 believed that the service hosted a large number of legal Google for violating national privacy laws through the files, which are now inaccessible25 for both international combination of personal data across almost 100 services and US users. It remains unclear if they will loose their and for providing insufficient information on the process- data. The cyberlocker incorporated in Panama’s jurisdic- ing of this data. Google is ordered to pay the maximum tion was considered to be one of the largest file-sharing possible fine of 900.000 euro. sites on the Internet.

64 10. UK plans to offer social Court of Cologne wrongly45 ordered the ISP Deutsche Telekom to reveal the identity behind 1.000 tracked IP media guidelines to avoid addresses, as it misunderstood the difference between legal incidents on Twitter, streaming and file-sharing. Moreover, it is unclear how the Facebook plaintiff was technically able to collect the IP addresses On December 4, 2013 the chief legal adviser of the Brit- of streamers. ish government announced38 plans to publish guidelines for users of social media in the British jurisdiction. The 15. Major Internet companies measure is intended to avoid users breaking British laws file briefs in Kentucky case online and comes after high profile cases proliferated on liability for third party in the UK and posed “certain challenges to the criminal content justice system”. A judge in the US state Kentucky allowed a gossip website 11. Irish ISPs ready to block to be sued for defamatory user generated content. As a reaction, major US-based platforms including Google, torrent sites without court Facebook, Twitter and Amazon filed46 briefs with the order 6th US Circuit Court of Appeals in Cincinnati as the case On December 3, 2013, the Irish High Court ruled39 could “significantly chill online speech”. The case is based that UPC, Vodafone, Digiweb, Hutchison 3G and Tele- on the intermediary liability exemptions under the 1996 fonica Ireland are required to block the file-sharing site US Communications Decency Act Kickass Torrents. Prior to the court ruling, the ISPs Eircom, Meteor, Magnet, Sky and Imagine Telecommunications 16. Default pornography – not listed as defendants – signaled that they would filters block sex education voluntarily40 block the website, too, if the court obliges sites in UK the five other ISPs to do so. The UK’s four main ISPs have activated pornography filters 12. Italian Supreme Court by default to protect children. However, they face chal- lenges of over-blocking47. The filtering technologies not acquits Google executives of only fail to block certain hardcore pornography websites, liability charges but also render several sexual education and health web- The Supreme Court of Italy ruled41 on December 17, 2013 sites inaccessible. that three Google executives are not liable for a video uploaded by a user in 2006, which showed the bully- 17. Google Ireland sued for ing of a disabled young man. A prosecutor appealed the displaying a defamatory decision of a lower court of appeals in Milan in Decem- image on a Knowledge Graph ber 2012, which overturned42 the 2010 conviction of the profile Google executives for privacy violations. The Irish senator Thomas Byrne filed a defamation law- 13. Indian domains and traffic suit48 at the Irish High Court against Google Ireland for should be stored on Indian displaying the image of a convicted solicitor with the same name next to his Google Knowledge Graph profile. territory, says security The court granted the senator an interim injunction that committee obliged Google not to display the picture in question. According to a note43 prepared after a meeting of the Indian Sub-Committee on International Cooperation on 18. Saudi Arabia plans to Cyber Security under the National Security Council Secre- require permits for users to tariat, India should “insist that data of all domain names post videos on the Internet originating from India…should be stored in India. Similarly, all traffic originating/landing in India should be stored in The Commission for Audiovisual Media of Saudi Arabia 49 India”. announced plans to create a new agency to monitor video hosting platforms in order to ensure that only 14. Copyright: German porn content in accordance with Saudi “culture, values and tradition” would be allowed to be uploaded. This could streamers receive legal require Saudi Internet users to request a permit to upload letters after court error videos on platforms such as YouTube. At least 10.000 Germans received44 legal letters with a fine of 250 euro from a Bavarian law firm for having streamed a copyright infringing pornographic video on the website Redtube. It is believed that the Regional

65 19. London Police announces 20. Iran blocks Instagram suspension of 40 domains of for 12 hours UK and foreign pirate sites The photo website Instagram was blocked51 in the Iranian As an outcome of the Operation Creative, an alliance be- jurisdiction for 12 hours on December 30, 2013. It is the tween the City of London Police and the music and movie first time that the service was blocked in Iran. It rests industries to combat online copyright infringements, unclear to what extent the block was a technical glitch or the domains of 40 “national and international websites” a test. were suspended50 by their registrars. Moreover, the police informed 60 advertisement intermediaries about a list of 61 targeted websites which are considered to infringe copyrights.

REFERENCES

1 UN General Assembly 10 TorrentFreak (18.12.2013) 17 Telegeography (18.12.2013). 25 The Inquirer (5.12.2013). (20.12.2013). The right to pri- PirateBay moves to Guyana Minister affirms : civil internet Hotfile shuts down after hand- vacy in the digital age. after domain suspension, 70 bill is ‘first in line’ for 2014 ing over $80m to the MPAA. domains to go. vote. 2 Associated Press 26 ArsTechnica (3.12.2013). (18.12.2013). UN votes to pro- 11 ArsTechnica (19.12.2013). 18 DigitalTrends (16.12.2013). Hotfile settles MPAA copy- tect privacy in digital age. After sailing the domain name Italy approves measure to right case, agrees to $80 mil- seas, PirateBay returns to clamp on piracy. lion in damages. 3 The New York Times Sweden. (18.12.2013). A blow against big 19 MusicWeek (18.12.2013). 27 TorrentFreak (4.12.2013). brother. 12 Folha (12.11.2013). New New pirate site block powers Hotfile shuts down and takes version of Marco Civil releases for Italian comms body. user files with it. 4 The Hindu (12.1.2014). The Internet marketing pack- right to privacy in the digital ages without discriminating 20 TorrentFreak (15.12.2013). 28 NetworkWorld (4.12.2013). age. content. Measures to black out pirate Hotfile ordered to pay dam- sites unanimously approved. ages, install copyright filtering, 5 TorrentFreak (10.12.2013). 13 Ultimo Segundo (4.1.2014). says MPAA. The PirateBay moves to .ac Civil Marco internet will first 21 ZDNet (17.12.2013). Italy’s after domain name seizure. meeting of the year between site-blocking law comes into 29 European Court of Justice the government PMBD. effect: A threat to Pirate Bay (12.12.2013). General Cruz Vil- 6 TorrentFreak (12.12.2013). or a curse to online freedom. lalon on Case C‑293/12. PirateBay docks in Peru: New 14 BN Americas (17.12.2013). system will make domains Civil internet bill to be first 22 EDRi (18.12.2013) Italian 30 European Commission “irrelevant”. project voted on in 2014, as- telecom authority gets the (13.12.2013). EU Charter for sures minister. power to block websites. Fundamental Rights. 7 TorrentFreak (19.12.2013). PirateBay back in Sweden’s 15 Info Justice (30.11.2013). 23 TorrentFreak (2.12.2013). 31 Internet Policy Review calm waters after .gy suspen- Substitutive Bill Proposal to MPAA wants up to $500 mil- (13.12.2013). Advocate general: sion. Bill No. 2,126, from 2011 (Eng- lion in damages from Hotfile. EU data retention directive lish translation) unconstitutional. 8 PCWorld (5.3.2013). The Pi- 24 The Verge (3.12.2012) File- rateBay admits to North Korea 16 GlobalVoicesOnline hosting service Hotfile agrees 32 The Times of India hosting hoax. (18.12.2013). New version of studios $80 million in piracy (4.12.2013). India, US police Brazil’s Marco Civil submitted settlement. chiefs meet to evolve plans 9 The Register (23.12.2013). to the house of representa- against terror. The PirateBay changes domain tives. again … twice!

66 33 The Economic Times 38 Reuters (4.12.2013). Tweet- 42 The New York Times 47 BBC (18.12.2013). Porn (6.12.2013). India-US police ers to be offered legal tips to (22.12.2013). Italian appeals filters block sex education chiefs’ conference: Social avoid lawsuits. court acquits 3 Google execu- websites. media misuse dominates. tives in privacy case. 39 Irish Times (3.12.2013). 48 Independent (3.12.2013). 34 TorrentFreak (16.12.2013). Music firms entitled to orders 43 The Hindu (7.12.2013). Delay on Fianna fail senator Imgur wiped out by Sky broad- to require internet providers India to push for freeing Inter- Thomas Byrne’s legal action band torrent site blocking. to block music site. net from U.S. control. over Google pic.

35 ISPreview (17.12.2013). UK 40 TorrentFreak (30.11.2013). 44 ArsTechnica (11.12.2013). 49 The Independent ISP Sky broadband removes ISPs say they will block Kick- Thousands of German get (17.12.2013). Is Saudi Arabia wrongful Imgur.com website asstorrents without a court “porn troll” letters over planning to censor YouTube? block. order. streaming video. 50 TorrentFreak (9.12.2013). 36 AGPD (19.12.2013). Spanish 41 International Associa- 45 The Local (10.12.2013). UK Police: Domain and advert data protection authority tion of Privacy Professionals ‘Court error’ lands porn suspensions for dozens of APED fines Google. (18.12.2013). Supreme court streamers in hot water. pirate sites. acquits Google execs in pri- 37 Reuters (19.12.2013). Spain vacy case. 46 USA Today (8.12.2013). 51 Mashable (29.12.2013). privacy watchdog fines Google Web giants weigh in on Ohio Instagram gets blocked, then for breaking data law. defamation suit. unblocked in Iran.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2013-december-references

67 DESIGN: ANDREAS B. KRUEGER – www.andreasbkrueger.com A GLOBAL MULTI-STAKEHOLDER DIALOGUE PROCESS A GLOBAL MULTI-STAKEHOLDER DIALOGUE PROCESS

INTERNET & ABOUT JURISDICTION OBSERVATORY

The Internet & Jurisdiction Project facili- The members of the Internet & Jurisdiction Observatory tates a global multi-stakeholder dialogue network provide expert input into the global multi- process to address the tension between stakeholder dialogue process and help the Internet the cross-border nature of the Internet & Jurisdiction Project to detect trends related to the and geographically defined national ju- tension between the cross-border nature of the Internet risdictions. It provides a neutral platform and national jurisdictions around the world. Based on a for international organizations, states, progressive crowd-based filtering process, they identify business and civil society to discuss the most relevant cases. This ranking is the backbone the elaboration of a transnational due of the Internet & Jurisdiction Retrospect, our monthly process framework to handle the digital newsletter that informs the different stakeholders coexistence of diverse national laws in who participate in the ongoing dialogue process about shared cross-border online spaces. emerging trends.

download the pdf of 2013 in Retrospect: www.internetjurisdiction.net/observatory/2013-retrospect.pdf

The Internet & Jurisdiction Project is a not-for-profit project. Since its launch in 2012, it has been made possible thanks to contributions by: AFNIC (France’s ccTLD .fr), auDA (Australia’s ccTLD .au), CGI.br (Brazilian Internet Steering Committee) /NIC.br (Brazil’s ccTLD .br), CIRA (Canada’s ccTLD .ca), Facebook, Google, Internet Society (ISOC), Public Interest Registry (Manager of .org), Sigrid Rausing Trust, Swiss Confederation – Federal Office of Communications OFCOM, Verizon, Walt Disney Company

www.internetjurisdiction.net Twitter: @IJurisdiction 72