Chapter 1: Internet regulation in the European Union
1 CHALLENGES OF CYBERSPACE
The modern world has been subject to information and communication technology (ICT) penetration at an unprecedented level. The main aspect of this phenomenon has been the ability to distribute information and knowledge widely and at great speed. This is a phenomenon that predates our decade and even the last century. But the Internet, as its latest manifestation, is fundamentally different from a television transmission or a newspaper, neither in its purpose nor in its ability to reach audiences instantaneously but in its capacity to involve them as active participants. This active participation and its networking potential are unique to the Internet and a direct result of its architecture, which promises low costs, decentralization and anonymity. To maintain this liberating potential, prudent regulation is needed. At the beginning of the Internet’s history, however, it was believed that cyberspace could not be regulated at all and ought to be left to its own means. We now know this not to be true, but we still do not know how to regulate it.
The Internet attracts and empowers people but at the same time makes itself a target of control and a battleground of interests. On one hand, with its vast potential for information distribution, the Internet is often viewed by the general public only or primarily in light of its liberating potential. Regulation is here perceived as something restrictive that endangers and limits the acquired liberties. On the other, a different trend is emerging: the Internet is gaining a reputation as dangerous, morally dubious and difficult to control. Consumers are attracted to the potential that the Internet opens up for them but are afraid of the lack of protection. Businesses are eager to benefit from electronic commerce (e-commerce) but wary of having to become accustomed to different legal systems or of becoming liable in different jurisdictions. Content producers see new business opportunities but are loath to abandon habits formed in the old world. In this duality of character lies the power, the danger and the difficulty of governing the Internet.
The fact that the modern Internet is influenced by a multiplicity of actors, ranging from governments, corporations, regional organizations, non-governmental entities and individual users means that it is today more meaningful to talk about ‘governance’ as a process rather than ‘regulation’ as a single government-directed activity.1 Nevertheless, the primary actors in the Internet regulation of today are still nation-states.2 Both the United States and the European Union have decisively shaped the Internet as we know it today. As a result of its economic strength and of its strong starting position, the United States has been the dominant force behind the Internet’s expansion, although the European Union followed in its steps. The Internet’s emergence as a global medium of communication made a quick impression on the European Union. In little more than a decade, it adopted laws on issues as wide in range as intellectual property, electronic commerce, data protection and privacy, consumer protection and criminal law. Initiatives were tabled as quickly as various technological developments allowed and policies were drafted with an atypical enthusiasm.3 To an outside observer, this flurry of activity and abundance of documents in the EU makes clear the perceived importance of the Internet but at the same time disguises the fact that Internet regulation remains difficult and ambiguous.
Towards the end of the last century, the number of Internet users started to increase dramatically.4 Two ideas motivated the EU’s intervention in this area. First, the European Union acknowledged that the Internet promises further economic development, which cannot be tapped into without intervention in the areas where it directly bears on the Internal Market. The EU began to view electronic commerce as a vital tool in keeping the Single Market competitive. On the other hand, the EU also realized that the development and spreading of the Internet had a direct influence on the protection of individuals as consumers and as private persons since the global impact of the Internet was felt in everyday activities, including the actions of private individuals. The intervention, therefore, could not concentrate on furthering only the Single Market aims but had to include individual freedoms. As a result of this tension, two focal points of EU intervention in the field of Internet law began to crystallize: one centred around the Single Market and the other around consumers.5 The first reflected the ideal of a unified European market for goods, services, people and capital and the belief that this aim cannot be achieved without a single market for electronic commerce. The second reflected the EU’s determination to protect the individual. Both aims were asserted strongly, beginning from treaty provisions, through Directives and judgments. The presence of both aims in EU instruments gave, as will be argued elsewhere in this book, conflicting results.
As a result of fast-paced legislative activity in many loosely connected areas, the Community body of laws relating to the Internet, at present, is not joined in a common overarching structure, guided by Single Market-informed policies. Instead, it is an aggregate of loosely connected secondary laws reliant on the European Commission (‘the Commission’)’s interpretation as the cases slowly trickle through the Court of Justice of the European Union (CJEU). The instruments normally referred to as ‘Framework Directives’ act as frameworks only for the specific areas they cover (such as electronic commerce or telecommunications). The policy instruments (such as Action Plans or Green and White Papers) have indirect influence on the multitude of Directives in fields other than their own. Many projects were begun in the 1990s, at a time when the Internet was in its infancy and its potential impact poorly understood. Other projects were drafted in fulfilment of the European Union’s international obligations, partially under the influence of commercial forces and lobbies. Others yet were a result of the work of the Council of Europe, the EU lacking the required competence.
At the same time, policies and legislation on the other side of the Atlantic appeared more transparent, individual interests were easier to trace and public debate seemed louder. The drafting of such laws as the hotly disputed 1998 Digital Millennium Copyright Act (DMCA)6 in the United States was followed by a public and academic debate, the formation of interest groups and clashes in Congress. In the United States, the battles also raged over speech regulation on the Internet in light of the First Amendment, as well as over privacy and the role of intermediaries. In Europe, some of these issues remained altogether unnoticed while many others were observed dispassionately. Where even stricter regimes than those found in the United States came into place beginning in the 2000s, none of the public excitement seen in the US was evident and general interests seemed to be lost in complicated law-making procedures that demonstrated the less democratic traits of EU law-making only too well. It was only after 2011, with the net neutrality debate and the Snowden revelations, that public interest in telecommunications and data protection regimes respectively began to stir.
In the meantime, the Internet as it was in the 1990s and early 2000s had gradually transformed. What influenced the Internet of the twenty-first century more than any other development was the presence and expansion of collaborative efforts.7 The exclusive and limited network of the early 1990s had turned into a global decentralized phenomenon. From a linear model characterized by exclusive content being placed by individual corporations, the Web has moved towards a collaborative, interoperable, user-centred platform sometimes referred to as Web 2.0 and, further, to a platform enabling large degrees of personalization.
At the same time, the telecommunications (carrier) and audio-visual and e-commerce worlds (content) began to converge. Services which had hitherto been the privilege of traditional providers (such as telephony, text messages or television) increasingly started to be provided through disruptive business models which use the Internet as their universal pipeline. The Internet itself gradually started to be more accessible through mobile platforms such as smartphones and SIM-enabled tablets and laptops.
But it is not only the content distribution model that has changed. The Web itself has evolved from a passive medium into a platform, from a released and finished package into a constantly changing, dynamic ‘permanent beta’.8 The concepts of open access and open source are some examples of not only how the Internet can transform the social milieu from which it arose but also of how traditional patterns of regulation can be transformed. At the same time, much of daily life had migrated to the Internet to the extent that the Internet became representative of our culture. We, the users, at the same time, have transformed our identities. The Internet, whose regulation is also in the hands of the European Union, is built on an architecture different from any other medium before it.
2 INTERNET ARCHITECTURE
The uniqueness of Internet architecture rests on three groups of features: its layered structure, its end-to-end nature and its neutrality. This architecture led some authors to declare that it also determines its governance method.9 Technology here determines regulatory policy, which then influences that very technology.
The idea of the layered structure describes the Internet’s heterogeneous nature and the complexities of its hardware, software and substance: the Internet is not homogenous but rather composed of different layers.10 In order to regulate the Internet properly one has to embrace and understand its layered structure. Or, in other words, ‘regulation should be directed at or match the layer where the problematic conduct arises’.11
The end-to-end architecture refers to the Internet’s decentralized nature and its lack of dependency on a central distribution system. This architecture depends on packet switching, decentralized standard-setting, cryptography and anonymity.12
Packet switching is a technology that is inherently difficult to control by traditional mechanisms applied to telecommunications. The computers are independently managed but connected in a network and adhere to a common standard enabling them to communicate (the TCP/IP protocol). The most important feature of the protocol is that it enables the data to be broken into packets, which are then transmitted through the network of intermediaries and reassembled in the target computer. The data can use any route available on the way but the route chosen does not have an impact on the quality of the ultimate information received. This feature of the Internet is a result of the desire of the original client (the US Defense Department) to make the network resistant to failures of individual communication lines.
Directly in connection with this is the decentralized standard-setting. Although the original network arose under the auspices of the US government, the actual standard-setting is performed by non-governmental bodies. The first among these is the Internet Engineering Task Force (IETF). Another significant body is the World Wide Web Consortium (W3C). The very influential organization in charge of the domain names is the Internet Corporation for Assigned Names and Numbers (ICANN).13
Connected with these features are anonymity and cryptography. A varying degree of anonymity is available and even guaranteed to users on the Internet. Following from this last feature is what Froomkin14 calls regulatory arbitrage: the ability of Internet users to evade unfavourable regulatory regimes by choosing to subject their transaction to more liberal ones. The first consequence of this is that proper censorship is difficult. A website can be registered under any one of a multitude of domain names (every country has one, plus there are a number of universal ones such as .biz, .org, .eu, or others). The content itself can be offered for hosting to any one of the thousands of hosting services across the globe. Cryptography can be used on any content crossing the borders. The second consequence is that it is often easier to speak freely on the Internet than it is on traditional media. The countries that do control the Internet with varying degrees of success15 face rising costs and difficulties as the customer base and the number of services grow.
Alongside its architecture, which opens up its liberating potential, the Internet is also influenced by the regulatory regime to which it is subject. That regime has been described by Oxman16 as having succeeded due to three factors. First, no legacy solutions were imposed on new technologies. The Federal Communications Commission (FCC) has treated information technology (IT) services as unregulated from the moment they appeared. They were transmitted through telephone infrastructure, and yet they were not regulated as telephone services. Secondly, as Internet services began replacing legacy services, the former were not forced into regulatory models of the latter but, rather, remained unregulated. As services such as Voice over Internet Protocol (VOIP) and wireless access spread, this should have the effect of removing the regulatory burdens from legacy services. Finally, competition was strictly monitored and preserved, and the responses to violations were targeted and minimal – they addressed specific problems rather than the whole industry.
The final of the three defining features of the Internet is its neutrality.17 In simplest terms it is a concept that describes how the Internet relates to the content posted on it or, in other words, the relationship of the Internet towards applications or services that run on it. More precisely, it refers to the belief that governments should step in to actively prevent the Internet service providers (ISPs) from discriminating between types of data on the network. Presently, the Internet provides the same standards of service (upstream and downstream download speeds, bandwidth, quality of signal) irrespective of the application or content used and distributed. The question has distinctly political undertones (see section 6 below).
Importantly, network neutrality is a result of Internet architecture. This architecture, as was indicated above, rests on the end-to-end principle: the core of the network is simply a protocol that describes how the neutral machines placed at the end of the network communicate. What exactly is placed on the network is not a result of a decision made at the core but, on the contrary, on the periphery, where ultimate users reside18 and changing this balance may damage the Internet.
As a consequence of the described architecture, the Internet is open – not susceptible to authorizations either at the production or at the user end. At the same time, these features make it a subject and target of numerous interests: international, national, corporate and individual.19 In summary, understanding the Internet’s architecture is a prerequisite for good governance of the Internet. Although this point does not have a particularly European flavour it is perhaps worth recalling the complexities of the EU law-making process and emphasizing that good flexible solutions, although much needed, are also the most difficult to achieve.
3 MAKING LAWS FOR THE INTERNET: INTERNET GOVERNANCE
Many ideas about governing the Internet have crystallized since its emergence.20 Some are idealistic.21 Others repeat the metaphor of cyberspace as a separate place.22 A preliminary question, popular at the onset of the debate about Internet regulation, asked whether the Internet can be governed at all. The wave of popular enthusiasm that followed the discovery of the medium’s potential dictated a certain kind of optimism that was empowering but ill-suited to the Internet of today. The best representative of that mood is the famous ‘A Declaration of the Independence of Cyberspace’ written by John Parry Barlow.23 In memorable words, Barlow said:
We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.
We now know that the ‘global social space we are building’ is not naturally independent of tyrannies24 and that governments do have methods of enforcement that both corporations and individuals have reasons to fear.
Other ideas, however, have crystallized into policy and decidedly shaped the Internet. Among these, few are as indicative of the formative phase of the Internet or as important for the course that it took as ex-President William Clinton’s ‘A Framework for Global Electronic Commerce’.25 The principles which it contains, informed by the liberal 1990s, have pushed the Internet from a purely regulatory environment into governance, from hard to soft law and from public to private regulation. The Clinton framework notes that the expansion of the Internet has been driven primarily by investment from private corporations. In order to maintain the acquired freedom, the regulatory ‘nudge’ is supplied in the form of a simple idea that the Internet must not be regulated but ought to be market-driven, and that markets and not governments are the most efficient regulators. To ensure future development, businesses and consumers should maintain their central role with as little government intervention as possible. On the contrary, governments should encourage self-regulation and create such environments that would enable free and unhindered development of the Internet. Following from that, governments should avoid undue restrictions and, where their involvement is needed, ‘its aim should be to support and enforce a predictable, minimalist, consistent and simple legal environment for commerce’. Governments should also recognize the unique qualities of the Internet and not attempt to fit the Internet to the legacy regime developed for telecommunication services. Finally, e-commerce should be facilitated on a global basis. The ideas developed here were followed and copied in the European Union’s Initiative in Electronic Commerce from 1997 and permanently informed most of the core EU Internet regulatory efforts.26
Internet governance does not have a precise definition. The Working Group of Internet Governance defines Internet governance in the following manner:27
Internet governance is the development and application by Governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.
As is apparent, one important feature distinguishes ‘governance’ from pure regulation: governance applies to international organizations, citizens and businesses in addition to governments as is understood in a traditional sense. Governance, in other words, is an attempt to address a global phenomenon by global action. The importance of the above definition lies in the recognition of the fact that the Internet is not ruled or shaped purely by laws or regulation but that it spreads to all ‘principles, norms, rules, decision-making procedures, and programmes’ that shape the Internet. The Internet, in other words, requires something more than pure traditional regulation.
In recent years, the concept of ‘new governance’ has been extensively discussed in the European Union.28 Although the term does not have a firm definition, many of its features are known. It suggests alternative legal paradigms for regulating issues ranging from environment to education and others. It was said29 that the mere usage of the term governance suggests that the approach in the EU is already changing from ‘command-and-control’ towards a ‘regulatory’ one. Some of the features that can be used to describe it include ‘diversity’, ‘revisability’ and provisional character. Others are participation of the affected, transparency, openness, evaluation and review. A central authority would have the task of coordinating the new governance and facilitating ‘the emergence of new infrastructure’.
Another term which has an autonomous EU meaning is multi-stakeholder governance.30 This simply means that different stakeholders, including non-government and commercial entities, are all involved in Internet governance. Since its inception in 2009, the approach has already found its way into several initiatives. An example of this is the European Multi Stakeholder Platform (MSP) on ICT standardization set up at the end of 2011. The MSP typically holds four meetings a year and helps with ICT standardization.
We suggest, and will demonstrate in different parts of this book, that the dominant EU paradigm is, therefore, that the Internet ought to be governed rather than purely regulated. But how is the right balance chosen between intervention of national governments, involvement of independent bodies and of corporations and the power of the medium, which has, it seems, a significant potential to regulate itself?31 Which governance model preserves the autonomy of the Internet, its liberalizing potential and its networking power while enabling the state to regulate? Looking purely in terms of traditional regulation, there are four (exclusive or concurrent) potentially applicable governance models.32 They can briefly be described as follows.
The first model presupposes the extension of territorial sovereignty. This model assumes that the present legal paradigm based on state territorial sovereignty is adequate for Internet regulation, and its proponents say that the state can simply adapt its current laws to apply to the Internet. The latter is not a separate entity that exists outside national borders, but, on the contrary, is largely subject to national jurisdictions which states can and should take advantage of. A large proportion of activity on the Web does rely on this model, ranging from protection and enforcement of intellectual property rights to data protection, taxation or consumer protection. In fact, it would be difficult to claim that this model is anything but dominant today. This does not automatically mean that the Internet is illiberal and subject to government restrictions, or liable to adapt to the standard of the most restrictive state. The application of this model simply means that the Internet can be contained. In as much as this localization is present, that is, to the extent that the users and the networks are found in individual geographic locations, the rules that apply to them will also be local. This prevents neither the globalizing nor the liberalizing effect of the Internet which both derive from its architecture. In fact, one can go as far as to say that Internet architecture encourages regulatory competition and forces governments to be liberal rather than restrictive regulators. This competition has been especially evident in the case of electronic commerce, where businesses tend to place themselves in jurisdictions legally and financially more favourable to them.
At the same time, it would be wrong to say that complete reliance on national regulation is a desirable model. First, the relationship between regulation and innovation is still largely unknown. An overly restrictive regulatory climate may create a less competitive, less innovative digital economy. Second, a significant number of areas (such as regulation of spam, child pornography, domain names or data transfer between states) require either cooperation between states, or corporate involvement, or both.
The second model relies on international agreements and international regulatory efforts. The Internet, its proponents argue, should be left to international agreements, concluded between sovereign Member States. The record of such achievements is, at least at the present time, poor although existent.33 A practical example of this approach is found in the EU–United States Agreement on transfers of passenger data.34 The EU regime forbids private data transfer outside the European Union unless specific, very strict conditions have been met. This transfer agreement introduces a special regime for data transfer across the Atlantic as a way of overcoming these limitations. The US security regulations require that all passenger airline data is transferred, and the two parties managed to negotiate a deal setting the conditions on which such data can be provided to the United States.
The third model of regulation relies on new international organizations. This model presupposes the creation of new international organizations formed specifically to deal with the Internet and entrusted with its regulation. Examples of organizations which have operated with success include the Internet Corporation for Assigned Names and Numbers (ICANN), the World Wide Web Consortium (W3C) or the Internet Society (ISOC).
The nature of these organizations varies. The first, ICANN, is a non-profit organization created in 1998 to supervise the performance of a number of Internet-related tasks of which the most notable is the assignment of Internet names and addresses. The second, the World Wide Web Consortium, is a standards organization for the World Wide Web. It is a consortium of member organizations, of which there are presently over 400, which it coordinates in their job of setting Internet standards. The third, the Internet Society, is an international organization for the promotion of Internet use.
Some of the organizations are unique and historical. Such is the position of ICANN, whose importance cannot be replicated. Others, such as W3C, are, although successful, entrusted with standard-setting rather than regulation. Others, yet, play a limited role. Arguably, this model has not had a significant success rate in any of the Internet governance areas today.
The final model emphasizes Internet architecture and its regulatory potential.35 This idea has in the past been influential and important but also poorly understood.36 In simple terms, the architecture or ‘code’ of the Internet produces regulatory effects. The Internet is governed not only by traditional regulatory methods in the form of legal norms but also and primarily by the architecture it is based on. Any impact on the regulatory regime also brings changes to the architecture itself, making it more or less restrictive. The present Internet is liberal only because it is built on architecture not easily subject to centralized control. But, although this may evoke the vision of the invisible hand leading the Internet, one of Lessig’s most important ideas is that cyberspace should not be left to the invisible hand:
[W]e have every reason to believe that cyberspace, left to itself, will not fulfil the promise of freedom. Left to itself, cyberspace will become a perfect tool of control … The invisible hand, through commerce, is constructing an architecture that perfects control.37
Or, in another place:
We can build, or architect, or code cyberspace to protect values that we believe are fundamental. Or we can build, or architect, or code cyberspace to allow those values to disappear.38
Closely related to the link between code and law is the idea that the Internet is not suited to direct legal control and needs a more flexible approach in the form of self-regulation.41 In this context, self-regulation is the delegation of regulatory powers from state to non-state entities comprising of industry representatives. As such, self-regulation is not synonymous with deregulation, which is the reduction of excessive governmental control, or with non-regulation, which is complete absence of regulation. Likewise, self-regulation is not synonymous with governance, which is a general term for a move from regulation to less government-oriented approaches.
In Europe, self-regulation started to gain prominence in the Internet area in the late 1990s. Today, self-regulatory authorities and codes of conduct are widespread. In a study of Internet self-regulation in the EU, the Oxford Internet Institute found that self-regulation had worked best where there was a firm legal basis, where codes of practice were well known and where clarity and transparency were not at issue.42 The EU itself supports self-regulation, which is mentioned in various EU policy documents,43 but also endorses co-regulation, which is a combination of state and non-state regulation. In the 2005 EU-commissioned study on co-regulation,44 this model was seen as a viable option as long as transparency and openness were maintained.
Article 16 of the 2000 Electronic Commerce Directive, entitled ‘Codes of Conduct’ specifically supports self regulation. It provides that Member States and the Commission shall encourage:
(a) the drawing up of codes of conduct at Community level, by trade, professional and consumer associations or organisations, designed to contribute to the proper implementation of Articles 5 to 15;
(b) the voluntary transmission of draft codes of conduct at national or Community level to the Commission;
(c) the accessibility of these codes of conduct in the Community languages by electronic means;
(d) the communication to the Member States and the Commission, by trade, professional and consumer associations or organisations, of their assessment of the application of their codes of conduct and their impact upon practices, habits or customs relating to electronic commerce;
(e) the drawing up of codes of conduct regarding the protection of minors and human dignity.
In addition, Member States and the Commission shall encourage ‘the involvement of associations or organisations representing consumers’ in the drafting and implementation of codes of conduct affecting their interests and drawn up in accordance with paragraph (a). ‘Where appropriate, to take account of their specific needs, associations representing the visually impaired and disabled should be consulted.’
The European Union, as will be seen further in this book, relies on all four models of regulation. But the coexistence of the models does not ensure a ‘free’ Internet nor does it make the EU a liberal regulator. The perceived and desired freedom of the Internet is a function of many factors. In the European Union, first among them is the Single Market. As the raison d’être of the Community, this aim features prominently in all Community legislative measures. However, tensions are present between the Single Market, on the one hand, and other treaty values, such as the protection of private life, fundamental rights or consumer protection, on the other.
Furthermore, the Internet originated in the United States45 and much of the development and control as well as legal problems, are inextricably tied to it. Solutions to problems in cyberspace inevitably often also need to be American solutions. A large number of questions, if not all of them, have a trans-Atlantic dimension. In this book, we will also look at these problems from the United States’ perspective. In fact, one of the biggest challenges placed before EU regulators today is facing the United States’ regulatory power and providing an alternative to it.46
The Internet developed in the United States and its current ‘look and feel’ is a result of that development.47 Its main features were a result of both the architecture and the deregulatory approach mandated by the Federal Communications Commission.48 The architecture, set up in the early 1960s and 1970s, and careful regulation in the 1980s led to the booming of the medium in the 1990s and its ubiquity in the twenty-first century. The European Union can never match this historically given fact. Neither does it have to. Its regulatory choices are determined by its own history and environment.
3.1 Domain Name Regulation as an Aspect of Governance
The control of domain name assignment was from the very beginning conducted on behalf of the US government by other organizations, notably the Internet Assigned Numbers Authority (IANA).49 This organization was established under a contract with the US Department of Defence and put in charge of overseeing global Internet Protocol (IP) address allocation, Domain Name System (DNS) root zone management, and other Internet Protocol assignments. In reality, it was a small group of people, directly supervised by Jon Postel of the Information Society Institute of the University of South California. On 24 December 1998, IANA entered into a transition agreement with the Internet Corporation for Assigned Names and Numbers (ICANN) and transferred its functions to it, effective on 1 January 1999. The United States has, directly or indirectly, been in charge of assignment of names and addresses since the inception of the Internet and is very reluctant to hand over that control to an international body.50
At a World Summit on the Information Society held in Tunisia in 2005, a broader international participation was requested. The EU along with some other members proposed a new way of regulating the Internet that relied on cooperation between governments and the private sector.51 These proposals were defeated at the conference. On 30 June 2005, the United States issued Principles on the Internet’s Domain Name and Addressing System.52 The principles provided:
(a) The United States will continue with its special role to guarantee the security and stability of the Internet.
(b) The United States recognizes the legitimate interests of governments over the national domain name space.
(c) For the United States, ICANN is the main body for the technical management of the Internet core resources.
(d) The United States supports a continuing dialogue on Internet governance.
The most important of these is item (c), ICANN is the appropriate technical manager of the Internet DNS. This shows primarily that the United States is unwilling to relinquish the control of the DNS management to an international body.
The EU proposals, radically different from the American, relied on the public–private cooperation model:
(a) [the model] should not replace existing mechanisms or institutions, but should build on the existing structures of Internet Governance, with a special emphasis on the complementarity between all the actors involved in this process, including governments, the private sector, civil society and international organisations each of them in its field of competence;
(b) this new public-private co-operation model should contribute to the sustainable stability and robustness of the Internet by addressing appropriately public policy issues related to key elements of Internet Governance;
(c) the role of governments in the new co-operation model should be mainly focused on principle issues of public policy, excluding any involvement in the day-to-day operations;
(d) the importance of respecting the architectural principles of the Internet, including the interoperability, openness and the end-to-end principle.
The notable feature of this model is the public–private cooperation. The private sector would lead the daily operations but governments would be in charge of overseeing them. Importantly, however, this was seen as a movement away from ICANN control and towards an intergovernmental, possibly United Nations-led, effort. The US government, backed by the media,53 vigorously opposed the idea, seeing it as vague and ineffective in practice. The final agreement was a compromise that included wider participation of governments of world nations. This equality of governments, however, is limited to control of their own top-level domains.
In 2016, an agreement had been reached to end direct US oversight of the domain name system. The model that replaces it is a multi-stakeholder governance model. This means that from late 2016, ICANN, which remains in existence, answers to multiple parties rather than only to the US government. The model, which had been agreed on in 2014,54 is a result of voluntary agreement between ICANN and the US Department of Defence (DOD).
Today, it does not seem that the ability to control Internet domains really represents the feared power. In our time, the threat to the Internet comes mostly from other sides.55 Nevertheless, it is a fact that the European Union plays but a marginal role in this sphere of Internet governance.
4 EU COMPETENCE TO REGULATE
When transferring parts of their sovereignty to the Union, Member States placed safeguards in the Treaty on European Union (TEU) ensuring that EU legislation has a proper legal basis, is proportionate to the objective to be achieved and does not violate the principle of subsidiarity.56 The authority to legislate in the sphere of information technology, intellectual property, telecommunications or, specifically, the Internet derives from several legal bases and is subject to different procedures. Among these are free movement of services provisions, Articles 49 and 56 TFEU. The Single Market legal basis, contained in Article 114 TFEU, is the most widely used legal basis in the EU, both in general and for various laws affecting the Internet.
The use of the Single Market legal basis has been subject to judicial scrutiny since its introduction in the Single European Act in 1986. In order to speed up the completion of the Single Market, it enabled laws to be adopted more easily with only a qualified majority instead of the more common uniformity. It quickly became popular and was used even when the original purpose was not fulfilled. The culmination came in 1998 with the Tobacco Advertising57 judgment in which the (then) European Court of Justice ruled that Article 114 TFEU could not be used as a general legal basis in the absence of other bases. On the contrary, that basis is available only when there is a genuine Single Market aim. After the Tobacco Advertising judgment, in other words, it is much more difficult to rely on the Single Market basis.
In spite of relative clarity of Article 114 TFEU, doubts remain as to whether the breadth and the scope of intervention which it enables in Internet regulation can be squared with the principles of subsidiarity and proportionality. It is doubtful whether subsidiarity, which is the idea that law-making powers should be located at the lowest level of government, close to the citizens, is duly taken into consideration in some of the Directives. Subsidiarity rests upon a dual test: not only are Member States not in a position to achieve the objective but the Community itself, by reasons of scale or effect, is better suited to the task.
The claim that serious disruptions in the Internal Market result from lack of harmonization in these areas is tenuous. A typical instance is found in Recital 6 of the Preamble to the Data Retention Directive:58
The legal and technical differences between national provisions concerning the retention of data for the purpose of prevention, investigation, detection and prosecution of criminal offences present obstacles to the internal market for electronic communications, since service providers are faced with different requirements regarding the types of traffic and location data to be retained and the conditions and periods of retention.
No ‘obstacles to the internal market for electronic communications’ had been presented by industry representatives in the months leading to the adoption of the Directive. On the contrary, it is possible to argue that the new requirements present an additional burden for corporations. The principal objective, moreover, is not to contribute to the Internal Market but to help combat serious crime. Examples of these kinds of problems can be found in almost every EU Directive affecting Internet law.
On the surface, the EU seems to respect the principle of proportionality as it opts for Directives more often than Regulations and for framework instruments when possible.59 On the other hand, on a more substantial level, it can be argued that some Community Directives, at least, lack proportionality.
The TFEU provisions serve not only as a legal basis for most of the EU’s Internet laws but also as a general backdrop for Internet activity in the Community. In that sense, it is to be expected that the Community Single Market law will be applicable in this area. That law, as developed in the CJEU’s cases, states that both discriminatory and non-discriminatory obstacles to trade in goods and services are illegal unless specifically justified in the Treaty or by reference to the Court’s own exceptions.
Very few cases concerning the Single Market coming from the CJEU specifically focus on the Internet and those that do, do not necessarily establish far-reaching principles. Nevertheless, the cases serve to support the point that measures restricting the sale of goods or provision of services on the Internet are illegal, unless otherwise justified in the Treaty or by reference to the Court’s case law.
An example of the Court’s approach to a purely Single Market case is found in DocMorris.60 In that case the issue was whether a Dutch company which legally provided pharmaceutical services via a dispensary in The Netherlands, by mail order and on the Internet, can also provide them on the Internet in Germany, where such sales are restricted to authorized pharmacies. The Court, after careful consideration of all the conditions of sale and the classification of drugs, decided that a national measure restricting such sales is a measure having equivalent effect, normally justifiable under Article 36 TFEU but not so if the prohibition is absolute. In Gambelli,61 it was held that the Italian prohibition on online gambling was in violation of the provisions on free movement of services. Both cases illustrate nothing more than the Court’s willingness to apply its developed Single Market doctrines to the Internet. The CJEU cases, although numerous, do not normally revolve around constitutional protections of the four freedoms but concentrate instead on these freedoms’ implementation in the specific Directives.
5 EUROPEAN POLICY ON INFORMATION TECHNOLOGY
The history of the EU’s interest in Internet law is relatively brief. Although relevant intellectual property (IP) and data protection laws predate the earliest Internet laws, specific e-commerce initiatives can be dated to the mid-1990s.62 On the other hand, someone attempting to find a single EU-endorsed policy document on Internet law or even just electronic commerce from that period would be looking in vain. Doubts remain even over the question whether the European Union actually has a coherent Internet policy rather than a set of mini-policies. This is true in spite of an abundance of official agendas. Nevertheless, several documents provide an indication of the drive behind the EU Directives to be analysed further in the book.
Historically, the first document of interest to Internet law and the one to colour the EU’s subsequent approach to the Internet is the European Initiative in Electronic Commerce from 1997.63 The purpose of the document was to encourage the growth of e-commerce but its specific interest lies in the Commission’s desire to create a ‘coherent regulatory framework’. This was to be built on existing ‘Single Market legislation which already creates the right conditions for online businesses’.64 Four guiding principles were developed for the framework. The first related to technology: the EU must ‘promote technology and infrastructure’ necessary to ensure competitiveness. The second related to regulation: the EU must enable a coherent regulatory framework based on the Single Market. The third related to promotion: the EU was to make consumers and industries aware of the opportunities that electronic commerce enables. The last was related to the international dimension: the EU was to ensure effective international participation.
At the same time, four principles were to provide an ‘adaptable and appropriate’ framework for legislation:
• no regulation for regulation’s sake;
• all regulation based on Single Market freedoms;
• all regulation to take account of business realities;
• all interests to be reached effectively and objectively.
Several observations must be made about the Initiative. The first is that the Community is signalling its preference for a flexible approach, which includes self-regulation. This largely follows in the steps of the Clinton administration’s ‘A Framework for Global Electronic Commerce’,65 which is itself a model of liberal, non-state initiated regulation. The second is that the balance between producers’ and consumers’ interests is taken into account.66
A new policy on Information Technology was initiated under the Council of Europe at the Strasbourg Summit in 1997 and developed in 1999.67 Stressing the significant potential of digital technologies, particularly for such issues as freedom of expression, transparency, pluralism, and so on, the document is also interesting for highlighting the darker side of information technology such as cybercrime and threats to privacy. The Declaration talks about access as particularly important for any potential success of information technology. Further to this, important conventions have been drafted under the auspices of the Council of Europe, such as the Data Processing Convention.68
The third historically significant step was taken with the Lisbon Declaration and the e-Europe initiative.69 The initiative was to make Europe the most dynamic ‘knowledge-based economy in the world’ by 2010. Among the declared goals that were to help achieve this were those that related to Internet access (then judged to be slow, uncertain and expensive) and the development of electronic commerce. Internet penetration, it was thought, had to be wider and electronic commerce needed to meet with better acceptance. Both problems were directly related to the need to liberalize the telecommunications sector in the Member States, a difficult step taken only reluctantly, but also due to the lack of a proper legislative framework. In light of this, work was initiated on a number of Directives, including the E-Commerce Directive. In addition to this, self-regulation was promoted as was the creation of a separate .eu domain name.
The practical blueprints for Internet regulation in most of the 2000s were two action plans: eEurope 200270 and its continuation eEurope 2005.71 The 2002 Action Plan had Internet penetration as its main task. It contributed significantly to the 2002 revision of telecommunications regulation. The 2005 Action Plan had connectivity as its main focus in addition to services such as e-health, e-government, e-learning and e-business. The 2005 plan was reviewed in 2009.72
‘i2010: A European Information Society for Growth and Employment’73 is an information society initiative launched in June 2005 as a new strategic framework defining rather broad policy guidelines for the information society and the media. It has three aims: to create a ‘Single European Information Space’; to strengthen investment in innovation and information technology; and to improve public services and quality of life through better use of ICT. In essence, this document is just a continuation of the previous initiative.
5.2 Current Framework
Two documents play a particularly important role in outlining current policy goals for Internet regulation: the 2010 Agenda and the 2015 Strategy. While the former replaces all the previously mentioned policy instruments, the latter updates it to the demands of new technologies.
A Digital Agenda for Europe74 is a 2010 initiative within the Europe 2020 strategy.75 The Digital Agenda is an action plan which aims to help deliver a digital Single Market.76 It is, to date, possibly the most comprehensive policy document in the sphere of Internet regulation. It contains seven key ‘pillars’, which are: Digital Single Market, interoperability and standards; ICT standard-setting and interoperability; trust and security; access to fast Internet; improved ICT research and innovation; enhanced digital literacy and digital skills; and ICT-enabled societal benefits.77 The Agenda is also a list of 101 actions which need to be undertaken to achieve these goals. Among these are legislative actions, such as amending the Electronic Signatures and the Electronic Commerce Directives (Actions 8 and 9).
Each of the seven pillars is a framework in itself, outlining the presently persisting problems but also giving a general direction in which the area ought to advance. These are then developed in further policy documents. Copyright, audio-video services or consumer protection, for example, feature within one or more Agenda pillars but are subject to their own policies, legislative revisions, etc. In that sense, it is possible to talk not only about EU Internet policy but also, for example, about EU digital copyright policy, EU cybercrime policy, etc.
The second document is the 2015 Digital Single Market Strategy for Europe.78 This document should be treated both as an update to the 2010 Digital Agenda and as a completely new policy framework. This is because, while keeping the 2010 aims intact, the 2015 Strategy introduces new political goals.
The 2015 Strategy starts from the viewpoint that the Digital Single Market has not yet been achieved and that specific actions can be taken within the coming years to make it more realistic. These are: better online access to consumers and businesses; level playing field for networks and services; and maximizing the growth potential of the digital economy. Each of the three policy sections has a specific timeframe and each has specific sub-goals, which are a result of extensive input which the Commission had received from both businesses and consumers.
Within ‘better access’ policy area, the Commission suggests harmonized cross-border e-commerce rules for ‘digital content’ and ‘key mandatory EU contractual rights’ for online sales. This essentially means partial harmonization of contract law. It also calls for better cross-border parcel delivery, removal of unjustified geo-blocking, a more modern EU copyright framework and reducing VAT-related burdens.
Within the ‘level playing field’ policy goal, the Commission calls for telecommunications rules ‘fit for purpose’ and proposes an overhaul of telecommunications rules including improving spectrum policy and tackling regulatory fragmentation. Importantly, it also calls for incentivising investment in high-speed broadband and the creation of a ‘level playing field’. The latter essentially means same or similar conditions for traditional telecommunications services and for over-the-top providers (OTTs). OTTs, such as Skype, Netflix and others, are not subject to the regulatory burden the traditional telecommunications providers are normally subject to. They are able to provide cheaper and popular alternatives to services which have customarily been a revenue source for traditional telecoms (such as messaging, or streaming). Putting the ‘level playing field’ as a policy goal is a sign of increased anxiety and lobbying from traditional operators who fear that they are subject to unfair competition while being required to invest in next-generation networks. Within the same policy goal, the Commission also proposes an overhaul of the audio-video regulatory framework and a reassessment of the role of platforms (including intermediaries).
The introduction to the Strategy emphasizes that the three strategic EU Internet policy goals are the removal of roaming charges; the removal of unjustified geo-blocking; and the creation of the level playing field. Prioritizing these three goals over others does not seem to be the most rational choice. First, it is not clear why roaming ought to be prioritized over improving fixed and mobile telecommunications networks where the EU is beginning to fall behind rivals. While roaming charges may be frustrating, they are not seriously hampering the development of the digital single market and present a source of extra revenue for the beleaguered telecoms providers. Geo-blocking in content industry, while inconvenient, is mostly a result of the existence of 28 copyright regimes in the Member States. It is not clear how it could be removed without the copyright framework and licensing rules being fully harmonized at the same time. Finally, the level playing field is often emphasized as a desire by the traditional telecommunications providers but it involves extending telecommunications regulatory framework to OTT providers, a risky enterprise at the best of times and potentially a disastrous one.
The prioritization of the three mentioned goals shows confusion in EU policy-making. This is because it demonstrates the lack of clear goals in the telecommunications policy (see section 6 below), hesitance about deeper copyright reform (see Chapter 6) and a focus on secondary problems while ignoring the deeper underlying structural challenges on both the content and the carrier levels.
5.3 Institutional Ecology
The EU Internet policy, both in its formation and implementation aspects, is a result of cooperation between several institutions, where the role of each is well defined. The final documents are a result of this institutional structure, which also means that they are a product of compromises and intense lobbying.
The Commission has the sole right of legislative initiative.79 The 2015 Commission, headed by Jean-Claude Juncker, assigned the role of coordination of digital policy-making to a Vice-President for the Digital Single Market. This change is meant to improve efficiency and solve the problem of coordination between different parts of the Commission. The Vice-President’s role is to coordinate all the work on Digital Single Market issues otherwise performed by different Directorates General (DGs). This could reduce some of the problems associated with different DGs normally being involved in creation of Internet legislation.
In the current Commission, other than the Vice-President, two officers play a crucial role in Internet policy creation. The first is the Commissioner for Digital Economy and Society who coordinates DG Connect (Communications, Network, Content and Technology). This DG is the one directly charged with policy-making in the ICT area. The second is the Competition Commissioner, who is in charge of DG Competition. In addition to this, DG Informatics, DG Internal Market and Services, DG Trade and DG Justice and Consumers all play significant roles. Drafting of Directives is normally a product of collaboration between different DGs, which sometimes causes agendas and goals to clash.
The Commission’s proposals are normally adopted in the ordinary legislative procedure80 which requires cooperation between the Council and the European Parliament. A text cannot be adopted unless there is agreement between these two bodies. This is usually the point where intense lobbying alters the Commission’s drafts. Transparent lobbying begins in the Parliament in Brussels as various stakeholders push MEPs for the protection of their interests. It then continues in each of the Member States’ capitals when the text moves to the Council. At this point transparency decreases significantly as the sitting Minister in the Council changes for each proposal and as pressure dissipates between 28 different state bureaucracies. In recent years, this mechanism was most dramatically at work when the controversial measures in the telecommunications and privacy packages were being negotiated. In both cases, the original draft was altered many times on its way from the Commission to the Parliament, to the Council and back to the Parliament in a procedure that took several years. In both cases, intense negotiations between the Council and the Parliament were needed to reach a compromise and in both cases the public attention had diminished significantly by the time that compromise was reached.
Harmonization of Internet law is normally not full harmonization, which would completely replace Member States’ laws, but only a partial one. This means that only the essential rules (the minimum) are harmonized whereas the rest is subject to mutual recognition of each other’s laws. While this mechanism produces the desired flexibility and preserves Member States’ sovereignty, it increases uncertainty and brings with it the need for interpretation. This is coming from the CJEU, which has the competence to interpret the Treaties and secondary legislation and rule on the validity and interpretation of secondary legislation.81 The Court’s work has played an invaluable role in most of the areas discussed in this book. In copyright, civil jurisdiction or privacy, for example, the legal picture would be completely different, had it not been for the Court’s interventions. In Internet law, the Court had mostly been an activist court.
Finally, even outside of the European Union framework, a number of initiatives have concentrated on the regulation of the Internet. The most notable of these come from the Council of Europe, which has contributed vigorously to information and communications technology regulation by drafting a number of policies, issuing policy statements and working on important conventions.82 Importantly, the aims of the Council are markedly different from that of the European Union. Unlike the latter, whose primary concern is trade between Member States, the former deals with human rights, democracy and the rule of law. The interpretation of the Council’s documents in the European Court of Human Rights (ECtHR) had sometimes led to clashes with EU law.83
The picture that emerges from this multitude of policies and instruments is complex and occasionally confusing. Not only is it often not clear which authority stands behind different policies but it is also evident that policy goals may occasionally be confusing and contradictory. Nevertheless, what can be extracted from these instruments is a desire to keep Europe competitive and the idea that a link between technology and development is a key for achieving that aim.
6 EU TELECOMMUNICATIONS LAW AND THE INTERNET
While the subject of this book is mainly the top and the middle layers of the Internet, that is, the providers’ network and the actual content, the EU also regulates the bottom layer – the physical layer used to convey the signals. The term telecommunications regulation today refers to legislation pertaining to the physical layer: linear broadcasting through cable and satellite (such as radio and television), regular telecommunications (fixed and mobile telephony) and provision of Internet access through broadband, wireless and other means.
The telecommunications regulatory framework does not regulate content. This is emphasized in the Framework Directive which separates the ‘regulation of transmission’ from the ‘regulation of content’.84 In other words, the regulatory framework says nothing about electronic contracts, about the IP status of the material provided, about the privacy of users or the providers, the appropriateness of the content or the possible criminal sanctions. These issues are covered in various other EU and national instruments on electronic commerce, copyright and others and, in the case of audio-visual services, in a separate EU Directive.85
The importance of telecommunications regulation for the Internet lies primarily in the phenomenon known as ‘convergence’. Convergence means the coming together of different technologies – telecommunications, IT and media – in a single device.86 Today’s devices, mobile phones, tablets, laptops and other SIM-enabled devices, are capable of serving the same content as traditional ‘wired’ media (such as telecoms companies or cable TV providers). The problem arises from the lack of convergence in the regulatory sector; while services and technologies may be converging in the physical world, the law-makers still operate with the three largely independent frameworks. These are the telecommunications framework described here, the audio-visual framework (see Chapter 4) and the e-commerce framework (see Chapter 2). This presents two Internet-specific problems: first, traditional telecommunications and cable providers are burdened by potentially onerous legislation which does not affect providers which are only subject to the e-commerce framework (e.g. OTTs such as Netflix). Second, it may not be clear to a new entrant to the market which legislative framework(s) it may be subject to.
6.1 Current Framework
The EU regulates the telecommunications sector extensively.87 Telecommunications services have for years been subject to national monopolies and were limited to radio, television and voice telephony. With the technological advances in the 1980s and 1990s, it became necessary to liberalize them and maximize the advantages of the Single Market while increasing competition. This resulted in a number of liberalizing Directives in the areas of telecommunications terminals, services and infrastructure.88 The main goal of these Directives was to remove the existing national monopolies and to prevent the creation of the new ones. Full liberalization of telecommunications networks and services had been achieved in 1998.89
As indicated in section 4 above, the EU only has legislative competence in those fields where the treaties specifically give it such competence. The basis for telecommunications regulation is found in several Articles. First, there is the general Single Market basis (Article 114 TFEU). Further to this, there is Article 106 TFEU which provides for the abolition of special or exclusive rights granted to undertakings. The first paragraph of Article 106 prohibits Member States from discriminating on the basis of nationality as well as violating EU competition rules. The second paragraph covers services of general economic interest and subjects them to the Treaty’s rules, including those on competition, provided that these do not ‘obstruct the performance … of the particular tasks assigned to them’. The last paragraph of Article 106 gives the Commission the appropriate law-making powers necessary to ensure the application of the Article. Finally, Articles 170–172 TFEU add explicit telecommunications policy goals for trans-European telecommunications networks.
The European Union has a dual regulatory approach in the telecommunications field. On one side, Article 106 TFEU authorizes the EU to liberalize the telecommunications sector. On the other, Article 114 TFEU authorizes it to harmonize the Single Market conditions. This division is not just a simple legacy of the initial set-up under which telecommunications became an interest in the EU. More than that, it hides true tensions between Member States who wish to preserve their competence in this field, on one side, and the EU on the other, which believes that only full harmonization can overcome fragmentation and truly open up the competitive potential of EU markets.
The regulatory framework on telecommunications in the European Union is complex, consisting of over 20 different Regulations, Directives and Decisions. As a result of developments in the broadcasting, telecommunications and information technologies, the EU adopted a new regulatory framework in 2002.90 The new regime was meant to simplify and consolidate the current laws, deal with convergence issues and introduce more flexibility. The new framework was designed to cover both the Single Market and competition issues and to improve the development of new infrastructures and technologies. Additionally, the framework addresses specifically the convergence between fixed and mobile telecommunications as well as convergence between broadcasting, telecommunications and information technologies. The new framework, which is a consolidation of the previous Directives in the telecommunications sector, puts telecommunications services under a single regulatory framework without creating a central regulatory authority.
The three key instruments of the new regime are the Framework, Authorisation and Access Directives. The general framework of the new regime is provided in the Framework Directive.91 The Directive defines the applicability scope of the new regime, defines its terms and explains the fundamental policy goals. The Framework Directive also introduces national regulatory authorities (NRAs), which are supposed to be independent. The market entry is regulated in the Authorisation Directive92 which simplifies access conditions for electronic networks and services. Wholesale access is covered in the Access Directive.93 In order to prevent distortion of competition in services of general interest (referred to in Article 106(2)), the Universal Services Directive ensures the availability of a minimum standard of high-quality services to end-users while establishing their rights and imposing obligations on companies.94
The 2009 reform95 introduced some important changes to the 2002 Framework, without altering its substance. The network of NRAs was kept in place but the previous European Regulators Group for Electronic Communications Networks and Services (ERG) was replaced by the Body of European Regulators for Electronic Communication (BEREC). BEREC, which is a Member State-controlled body, mainly has an advisory function. The 2009 package also sought to improve broadband penetration, increase some consumer rights, introduce an ‘Internet freedom provision’ securing citizens’ access rights, and secure net neutrality.
The 2009 package was subject to further reform that concluded with the 2015 ‘Connected Continent’ reform.96 In spite of the somewhat ambitious title, the 2015 package is also a limited reform. Faced with the same policy choices as in 2002 and 2009, the 2015 regulation again decided against introducing a single telecommunications regulator. In essence, the Connected Continent Regulation only introduces two novelties. The first is the removal of mobile roaming charges. The second is the introduction of certain measures pertaining to end-users’ Internet access (see section 6.2 below). As such, it is not offering a solution to the most pressing issues in the telecommunications world (competition from OTTs, mergers, investment in infrastructure).
With the new updated framework, the general operation of the bottom Internet layer and access to it has been submitted to a uniform but still exceedingly complex and Member State-controlled regime at European level. This complexity, as well as the lack of a central EU telecommunications authority, has a negative impact on the effectiveness of EU telecommunications services in the Single Market and their competitiveness. With the fears that the EU is not investing enough in next-generation networks, the telecommunications framework is on schedule for revision in 2016. That revision will have to focus more on the convergence between IT, telecommunications and media technologies.
In September 2016, the Commission proposed the most comprehensive telecommunications reform since 2002. The reform consists in one framework directive, an action plan for 5G97 and several other communications. The main document – Proposal for a European Electronic Communications Code98 – is a recast of the four 2009 directives. The new Directive is meant to simplify the current rules (deregulation) while incentivising investment and solving systemic problems in the telecommunications sector: fierce competition between the incumbents and the disruptive OTTs, large discrepancies in Internet (both broadband and mobile) availability, penetration and use between the poorer and more developed parts of the EU and convergence between content and carrier. The Proposal redefines the term ‘electronic communication services’ partially subjecting OTT services to regulation and partially removing regulation from traditional services. Considering the importance of telecommunications and the political difficulties usually associated with this field, it is to be expected that the original Proposal would be subject to further amendments.
6.2 Net Neutrality
Net neutrality is a principle of Internet regulation requiring that Internet service providers (ISPs) do not favour application or content based on their source.99 In other words, the principle is both stating that the present Internet does not discriminate on the basis of content and that legislation ought to be introduced to maintain this. The principle is meant to operate on the last mile only, that is, only between the ISPs and the end-users. It does not control the peering arrangements which are happening on the Internet backbone. Legislation protecting net neutrality normally consists in rules prohibiting providers from introducing differential treatment of some over other kinds of traffic.
Net neutrality is a highly politicized but extremely poorly understood issue.100 The difficulties arise from the fact that although technical arrangements on the Internet have a very significant impact on political rights and citizens’ freedoms they remain poorly understood by those making policy decisions.101 In the past five years, the United States went from limited net neutrality to no net neutrality to pretty comprehensive neutrality.102 The European Union, on the other hand, went from very strong net neutrality amendments to the Connected Continent package (resulting from the opposite trends in the United States) to limited net neutrality in the final version.103
With the 2009 telecommunications framework,104 the EU has taken basic measures to ensure net neutrality and some of its provisions are of significance. Article 3(a) of the Second Amending Directive, the ‘Internet freedom provision’, provides that measures taken by Member States regarding end-users’ access to electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the 1950 European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and general principles of Community law. Any restrictions may only be imposed if they are ‘appropriate, proportionate and necessary within a democratic society’ and must in any case be subject to proper judicial safeguards.
There are two ways in which this can be read.105 The first is the right to access the Internet, which may mean that Internet access in itself is a fundamental right, although this remains untested in most national courts. The second relates to prosecution of national non-commercial copyright infringements which, although allowed, may not disproportionately and unnecessarily restrict the users’ access.
Several other provisions are of significance. First, under the 2009 telecommunications framework,106 ‘national regulatory authorities’ are required to promote ‘the ability of end-users to access and distribute information or run applications and services of their choice’. Secondly, Article 22(3) of the Universal Service Directive107 further allows the creation of safeguarding powers for national regulatory authorities to prevent the degradation of services and the hindering or slowing down of traffic over public networks. This provision simply means that national regulatory authorities, after consulting the Commission, can set a minimum quality of service requirements if a problem arises. Finally, articles 20(1)(b) and 21(3)(c) and (d) of the Universal Services Directive further strengthen transparency requirements related to the treatment of consumers. These provisions are designed to enable consumers to better understand the Internet.
The 2015 Connected Continent Regulation108 introduces only limited net neutrality. Article 3(1) and (3) guarantee the right of access for end-users. Article 3(3) provides that:
Providers of internet access services shall treat all traffic equally, when providing internet access services, without discrimination, restriction or interference, and irrespective of the sender and receiver, the content accessed or distributed, the applications or services used or provided, or the terminal equipment used.
At the same time, the same article allows the implementation of ‘reasonable traffic management measures’. The ISPs are obliged not to:
block, slow down, alter, restrict, interfere with, degrade or discriminate between specific content, applications or services, or specific categories thereof, except as necessary, and only for as long as necessary.
The ISPs are allowed to restrict in order to comply with EU or national laws or to preserve the integrity or security of network or services or to prevent congestion.
Possibly even more importantly, article 3(4) allows the so-called specialized services which are ‘services other than internet access services which are optimised for specific content, applications or services’. These can be, for example, various TV, music and gaming subscriptions, Internet to businesses or public organizations, special data storage, etc. The service providers have lobbied for these to be allowed, claiming that providing extra services in no way influences the regular operation of the Internet and that their enabling does not mean that certain popular applications (such as, for example, YouTube) would instantly be treated as ‘special’ and thus charged extra. The 2015 framework also provides for transparency measures (article 4) and supervision mechanisms (article 5) as well as penalties for violation (article 6).
On 6 June 2016, BEREC published its draft Guidelines on the Implementation of European Net Neutrality Rules.109 The Guidelines are drafted in accordance with article 5(3) of the 2015 reform package, which demands that they be published but does not specify their scope. The Guidelines to article 3 point out that operators are allowed to offer free access to applications (such as a streaming music service) as long as this is not subject to preferential traffic. On the other hand, when assessing the so-called ‘zero-rating’, a practice where the operator applies zero price towards certain applications or groups of applications (usually the ones they own or promote for other reasons), the BEREC Guidelines point out that any blocking or slowing down of all applications except those zero-rated once the data cap is reached would be illegal. Other aspects of zero-rating need to be assessed by national authorities, which need to have the aims of the Regulation in mind. In relation to specialized services, the Guidelines point out that these can only be offered if regular services are in no way affected and not as a higher-price alternative to otherwise degraded basic services.
It is this author’s position that net neutrality at present is largely a solution in search of a problem. This is for several reasons. First, the European telecommunications market is significantly more competitive than the American one where the danger of a monopolist provider of services discriminating is significantly higher. Secondly, the evidence of actual discrimination on the last mile is either non-existent or limited to isolated examples of blocking and throttling by vertically-integrated ISPs. Thirdly, net neutrality legislation, which is by definition on the last mile only, does not effectively deal with problems that arise on the backbone and these problems are better dealt with by competition and contract law anyway. Finally, there are commercial and organizational reasons why service providers ought to be allowed to provide separately charged specialized services while at the same level providing the ‘best effort’ guarantee for the general Internet. It is submitted here that present EU rules provide an adequate guarantee for this.
The debate about Internet law is often subject to simplification as issues are politically coloured or portrayed in black and white. In fact, Internet regulation remains an elusive concept. While the early battles over Internet regulation have largely subsided, the debate about who regulates and when and the share of work between the actors has not. The latest interest in governance, self-regulation and home country control has demonstrated the Internet’s adaptability in the face of increasingly complex demands put on it but it has also demonstrated its vulnerability. The Internet is remarkably susceptible to traditional methods of regulation, to traditional models of political pressure and traditional policy-making, none of which should be underestimated. Poor choices lead to an economy that is less dynamic and less competitive but also to a society that is less free.
The European Union has played a crucial part in Internet regulation in Member States. Large parts of electronic commerce, privacy, copyright protection and other areas are extensively covered by EU instruments. Globally, the European Union has a potential to hold a unique position. Its quasi-federal status, so often a source of problems, is also a starting place for regulatory competition and a drive for introducing decentralized solutions. Its desire to introduce new governance models is an asset in a battle to find the right solution, as is its bias in favour of a public over the private model of regulation. Its economic strength makes it a plausible alternative to the pervasive power of the United States. The choice of governance models is therefore crucial for the development of a new electronic economy in the EU as it is for the preservation of the individual freedoms of its citizens.
One of the theses of this book is that the fluid status of the Internet, its little-explored consequences and its unknown impact warrant as liberal a regulatory approach as possible and a balance between governmental intervention and self-regulation, careful participation in governance efforts and recognition of the exceptional features of the Internet’s architecture. As will be demonstrated in the chapters to follow, this is a task that is not always easy to fulfil.
1 See I. Brown (ed.), Research Handbook on Governance of the Internet (Edward Elgar Publishing, Cheltenham and Northampton, MA, 2013).
2 See D. Drezner, ‘The Global Governance of the Internet: Bringing the State Back In’ (2004) 119 Political Science Quarterly 477.
3 Dickie has aptly called this state of affairs a mixture of ‘soft- and hard-law, and of established, pending and proposed law’, J. Dickie, Internet and Electronic Commerce Law in the EU (Hart, Oxford/Portland, OR, 1999), p. 103.
4 For statistics on Internet usage in the EU, see Eurostat and European Commission, Science, Technology and Innovation in Europe (Publications Office of the European Union, Luxembourg, 2013).
5 Cf. J. Dickie, Consumers and Producers in EU E-Commerce Law (Hart, Oxford/Portland, OR, 2005), especially Chapters 1 and 7.
6 H.R. 2281.
7 R. Ghosh (ed.), Code: Collaborative Ownership and the Digital Economy (MIT Press, Cambridge, MA, 2005); Y. Benkler, The Wealth of Networks: How Social Production Transforms Markets and Freedom (Yale University Press, London/New Haven, CT, 2006).
8 On Web 2.0, see T. O’Reilly, ‘What is Web 2.0? Design Patterns and Business Models for the Next Generation of Software’, available at www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html.
9 The clearest exposition of this term is Lessig’s ‘code is law’ thesis. See L. Lessig, Code 2.0 (Basic Books, New York, 2006).
12 M. Froomkin, ‘The Internet as a Source of Regulatory Arbitrage’ in B. Kahin and C. Nesson (eds.), Borders in Cyberspace (MIT Press, Cambridge, MA. 1996), pp. 129–63.
13 On the role that the United States plays here, see T. Wu, E. Dyson, M. Froomkin and D. Gross, ‘On the Future of Internet Governance’, American Society of International Law, Proceedings of the Annual Meeting, vol. 101, available at http://ssrn.com/abstract=992805.
14 Froomkin, ‘The Internet as a Source of Regulatory Arbitrage’, note 12 above, p. 142.
15 Such as China, Saudi Arabia or Iran. On this see J. Goldsmith and T. Wu, Who Controls the Internet: Illusions of a Borderless World (OUP, Oxford, 2006).
16 J. Oxman, The FCC and the Unregulation of the Internet, OPP Working Paper No. 31 in B. Fitzgerald, Cyberlaw I and II (Ashgate, Dartmouth, 2006), vol. I, p. 77, at pp. 78 and 99–101.
17 See D. Nunizato, Virtual Freedom: Net Neutrality and Free Speech in the Internet Age (Stanford University Press, Stanford, CA, 2009). See also T.W. Hazlett, The Fallacy of Net Neutrality (Encounter Books, New York, 2011).
18 For more on the consequences of this design and the potential dangers, see J. Zittrain, ‘The Generative Internet’ (2005–2006) 119 Harvard Law Review 1975.
19 Specifically, on the unobserved security concerns of such an Internet, see J. Zittrain, The Future of the Internet and How to Stop it (Allen Lane, London, 2008).
20 For a detailed overview of issues concerning governance and policies in the IT sector in the EU, see G. Christou and S. Simpson, The New Electronic Marketplace: European Governance Strategies in a Globalising Economy (Edward Elgar Publishing, Cheltenham and Northampton, MA, 2007). See also L. Bygrave and J. Bing, Internet Governance: Infrastructure and Institutions (OUP, Oxford, 2009). In this book we understand ‘governance’ to mean the problem of ruling the Internet in general and not just the issue of domain name regulation.
21 J.P. Barlow, ‘A Declaration of Independence of Cyberspace’ in B. Fitzgerald (ed.), Cyberlaw I and II (Ashgate, Dartmouth, 2006), vol. I, p. 129.
22 On the problems associated with this and the dangers arising from it for the judiciary, see D. Hunter, ‘Cyberspace as Place’ (2003) 91 California Law Review 439 and M. Lemely, ‘Place and Cyberspace’ (2003) 91 California Law Review 521.
23 Barlow, ‘A Declaration of Independence of Cyberspace’, note 21 above.
24 For an empirical study of the Chinese government’s measures to control the early Internet, see J. Zitrain, Internet Filtering in China, Harvard Law School Public Law Research Paper No. 62 (IEEE Computing, March/April 2003), p. 70.
25 W. Clinton, ‘A Framework for Global Electronic Commerce’ in B. Fitzgerald (ed.), Cyberlaw I and II (Ashgate, Dartmouth, 2006), vol. I, p. 133.
26 European Commission, A European Initiative in Electronic Commerce, Communication to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, COM(97)157 (15 April 1997).
28 For an overview of the issues involved, see G. de Búrca and J. Scott (eds.), Law and New Governance in the EU and the US (Hart Publishing, Oxford/Portland, OR, 2006).
30 See Commission Communication, Internet Policy and Governance: Europe's Role in Shaping the Future of Internet Governance, COM(2014)072 final (12 December 2014). See also Commission Communication, Cybersecurity Strategy of the European Union, JOIN(2013)1 final (7 February 2013)and Commission Communication, Internet Governance: The Next Steps, COM(2009)277 final (18 June 2009).
31 On the issue of regulating cyberspace through technology, see J. Reidenberg, ‘Lex Informatica: The Formulation of Information Policy Rules Through Technology’ (1998) 76 Texas Law Review 553. See also L. Lessig, ‘The Law of the Horse: What Cyberlaw Might Teach’ (1999) 113 Harvard Law Review 501.
32 See D.R. Johnson and D.G. Post, ‘Law and Borders: The Rise of Law in Cyberspace’ (1996) 48 Stanford Law Review 1367.
33 For the Cybercrime Treaty, see Chapter 10.
34 Agreement between the United States of America and the European Union on the use and transfer of passenger name records to the United States Department of Homeland Security  OJ L215/5, 11 August 2012. A previous Council Decision 2004/496/EC of 17 May 2004, on the conclusion of an Agreement was annulled by the European Court of Justice. See C-317/04 and C-318/04 European Parliament v Council of the European Union and Commission of the European Communities  ECR I-4721, 30 May 2006.
35 Although Lessig is usually credited with the metaphor, it originated with Mitchell, see W. Mitchell, City of Bits: Space, Place, and the Infobahn (MIT Press, Cambridge, MA, 1995), p. 111. For another early version of the metaphor, see J. Reidenberg, ‘Lex Informatica: The Formulation of Information Policy Rules Through Technology’ (1998) 76 Texas Law Review 553.
36 See T. Wu, ‘When Code Isn’t Law’ (2003) 89 Virginia Law Review 103, who looks at the problem from the perspective of the interest group behaviour.
37 L. Lessig, Code and Other Laws of Cyberspace (Basic Books, New York, 1999), pp. 5–6.
38 L. Lessig, Code V 2.0 (Basic Books, New York, 2006), p. 6.
39 For a general debate about code as code and some issues that highlight the difficulties of the relationship between Information Technology and regulation, see E. Dommerin and L. Asscher, Coding Regulation: Essays on the Normative Role of Information Technology (T.M.C. Asser Press, The Hague, 2006). See also T. Wu, ‘When Code Isn’t Law’, n. 36 above, on instances where code acts against regulation. On the problem with the idea that code must be subject to political action, see G. Post, ‘What Larry Doesn’t Get: Code, Law and Liberty in Cyberspace’ (2000) 52 Stanford Law Review 1439.
40 See E. Dommerin, ‘Regulating Technology: Code is Not Law’ in E. Dommerin and L. Asscher, Coding Regulation: Essays on the Normative Role of Information Technology (T.M.C. Asser Press, The Hague, 2006), p. 1.
41 See M. Price and S. Verhulst, Self-Regulation and the Internet (Kluwer, The Hague, 2005), p. 19.
42 Oxford Internet Institute, Internet Self-Regulation: An Overview, EU No. 27180-IAPCODE.
43 See references in section 5 below.
44 Hans-Bredow-Institut, Final Report Study on Co-Regulation Measures in the Media Sector, Study for European Commission, available at http://ec.europa.eu/avpolicy/docs/library/studies/coregul/final_rep_en.pdf.
45 On the Internet’s origins, see B. Leiner, V. Cerf et al., ‘A Brief History of the Internet’ in B. Fitzgerald (ed.), Cyberlaw I and II (Ashgate, Dartmouth, 2006), vol. I, p. 3.
46 For more detail on this issue, see B. May, J.C. Chen and and K.W. Wen, ‘The Differences of Regulatory Models and Internet Regulation in the European Union and the United States’ (2004) 13 Information and Communication Technology Law 259.
47 For a concise history, see Leiner, Cerf et al., ‘A Brief History of the Internet’, note 45 above, p. 3.
48 See J. Oxman, The FCC and the Unregulation of the Internet, OPP Working Paper, No. 31 in B. Fitzgerald (ed.), Cyberlaw I and II (Ashgate, Dartmouth, 2006), vol. I, p. 77.
49 For an overview of domain name regulation in the world see T. Bettinger and A. Waddell, Domain Name Law and Practice (Oxford, Oxford University Press, 2015).
50 W. Kleinwachter, ‘WSIS and Internet Governance: The Struggle over the Core Resources of the Internet’ (2006) 11 Communications Law 3.
51 ‘Proposal for addition to Chair’s paper Sub-Com A Internet Governance on Paragraph 5, Follow-up and Possible Arrangements’’, WSIS-II/PC-3/DT/21-E of the WSIS Summit, 30 September 2005. For comments, see Kleinwachter, ‘WSIS and Internet Governance’, n. 50 above.
53 The papers engaged in a vigorous campaign. The US government, however, exercised pressure on the EU to withdraw the proposal. See letter from Condoleezza Rice and Carlos Gutierrez to Jack Straw, 7 November 2005, available at www.theregister.co.uk/2005/12/02/rice_eu_letter/. For more on EU–US policy differences, see also D. Drissel, ‘Internet Governance in a Multipolar World: Challenging American Hegemony’ (2006) 19 Cambridge Review of International Affairs 105.
54 Details of the agreement are available at https://www.ntia.doc.gov/other-publication/2016/q-and-iana-stewardship-transition-0.
55 See Zittrain, ‘The Generative Internet’, note 18 above.
56 Article 5 TEU.
57 C-376/98 Federal Republic of Germany v European Parliament and Council of the European Union  ECR I-08419.
58 More on the Directive can be found in Chapter 8.
59 See Protocol on the Application of the Principles of Subsidiarity and Proportionality,  OJ C310/207, 16 December 2004.
60 C-322/01 Deutscher Apothekerverband eV v 0800 DocMorris NV  ECR 14887.
61 C-243/01 Criminal Proceedings against Piergiorgio Gambelli and others  ECR I-13031.
62 Y. Poullet, ‘Towards Confidence: Views from Brussels: A European Internet Law? Some Thoughts on the Specific Nature of the European Regulatory Approach to Cyberspace’ in G. Chatillon, Internet International Law (Bruylant, Brussels, 2005), p. 123. For a more detailed overview, see Chapter 5 in Christou and Simpson, The New Electronic Marketplace, note 20 above.
63 European Commission, A European Initiative in Electronic Commerce, Communication to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, COM(97)157 (Brussels, 15 April 1997).
65 See note 25 above.
66 Although, in reality, there are reasons to believe that it is tilted in favour of producers. See, e.g., Dickie, Consumers and Producers in EU E-Commerce Law, note 3 above and Christou and Simpson, The New Electronic Marketplace, note 20 above, p. 99.
67 Declaration on a European Policy for New Information Technologies, adopted by the Committee of Ministers, Dec(1999)NTI, 7 May 1999.
68 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28 January 1981.
69 Communication from the European Commission, E-Europe: An Information Society for All, COM(1999)687 (8 December 1999), repeated in the conclusion of the Stockholm European Council on 23 March 2001.
70 Commission Communication, eEurope 2002: Impact and Priorities: A Communication to the Spring European Council in Stockholm, 23–24 March 2001, COM(2001)140 final (13 March 2001).
71 Communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions, The eEurope 2005 Action Plan: An Information Society for Everyone, COM(2002)263 final (28 May 2002).
72 Communication from the Commission, Final Evaluation of the eEurope 2005 Action Plan, COM/2009/0432 final (21 August 2009).
73 Commission Staff Working Paper, Communication from the Commission, SEC(2005)717/2 (1 June 2005).
74 Communication from the Commission, A Digital Agenda for Europe, COM(2010)245 (Brussels, 19 May 2010).
75 Communication from the Commission, Europe 2020: A Strategy for Smart, Sustainable and Inclusive Growth, COM(2010)2020 final (3 March 2010).
76 See also study: P. Van Eecke and M. Truyens, Legal Analysis of a Single Market for the Information Society, SMART 2007/0037 (30 May 2011).
77 On these aims in detail, see G. Spindler, ‘EU Internet Policy’ in A. Savin and J. Trzaskowski, Research Handbook on EU Internet Law (Edward Elgar Publishing, Cheltenham and Northampton, MA, 2013), p. 3.
78 Communication from the Commission, A Digital Single Market Strategy for Europe, COM(2015)192 final (6 May 2015).
79 Article 17(2) TEU.
80 Article 289(1) TFEU.
81 Article19 TEU.
82 For an overview of their efforts, see K. Oakley, Highway to Democracy: The Council of Europe and the Information Society (Council of Europe Publishing, Strasbourg, 2003).
83 See discussion of the ECtHR Delfi v Estonia case in Chapter 5.
84 Directive 2002/21/EC of 7 March 2002 on a common regulatory framework for electronic communications networks and services  OJ L108/33, 24 April 2002. See Recital 10, which specifically excludes most information society services because they do not consist of ‘the conveyance of signals on electronic communications networks’. Web-based content is specifically excluded from the framework.
85 Directive 2010/13/EU ‘Audiovisual Media Services Directive’  OJ L95/1, 15 April 2010.
86 Green Paper, Preparing for a Fully Converged Audiovisual World: Growth, Creation and Value COM(2013)231 final (24 April 2013).
87 In detail see P. Nihoul and P. Rodford, EU Electronic Communications Law (OUP, Oxford, 2011).
89 See in detail J. Scherer (ed.), Telecommunication Laws in Europe, 6th edn (Bloomsbury, West Sussex, 2013), pp. 4–8.
90 The framework was revised in 2009. The amending Directives are the First Amending Directive  OJ L337/11, 18 December 2009, and the Second Amending Directive  OJ L337/37, 18 December 2009.
91  OJ L108/33, 24 April 2002, amended in 2009.
92  OJ L108/21, 24 April 2002, amended in 2009.
93  OJ L108/7, 24 April 2002, amended in 2009.
94  OJ L108/51, 24 April 2002, amended in 2009.
95 European Commission, Regulatory Framework for Electronic Communications in the European Union, Situation in December 2009 (Publications Office of the European Union, 2010).
96 Final text of Regulation 2015/2120 (EU) of the European Parliament and of the Council of 25 November 2015  OJ L310/1, 26 November 2015.
97 5G for Europe, An Action Plan, Brussels, 14.9.2016 COM(2016) 588 final.
98 Proposal, Brussels, 14.9.2016 COM(2016) 590 final.
99 T. Wu, ‘Network Neutrality, Broadband Discrimination’ (2003) 2 Journal of Telecommunications and High Technology Law 141.
100 On the politics and law of net neutrality see L. Belli and P. De Filippi, Net Neutrality Compendium (Springer, London/New York, 2016).
101 On this issue in general see L. DeNardis, The Global War for Internet Governance (Yale University Press, London/New Haven, CT, 2014).
102 The latest iteration is FCC Rules passed on 26 January 2015. Federal Communications Commission doc. FCC 15-24, available at http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db0312/FCC-15-24A1.pdf.
103 Regulation 2015/2120 (EU)  OJ L310/1, 26 November 2015.
104 Second Amending Directive: Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009  OJ L337/37, 18 December 2009.
105 See Scherer, Telecommunication Laws in Europe, note 89 above, p. 28.
106 Framework Directive, art. 8(4)(g).
107 Directive 2002/22/EC  OJ L108/51, 24 April 2002.
108 Regulation 2015/2120 (EU) of the European Parliament and of the Council of 25 November 2015  OJ L310/1, 26 November 2015.
109 BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules, BoR(16)94 (June 2016).