Global Network Initiative
GNI
The Global Network Initiative is an international multi-stakeholder organization that brings together information and communications technology (ICT) companies, civil society (including human rights and press freedom groups), academics and investors to work together to forge a common approach to protecting and advancing free expression and privacy in the ICT sector around the world.
ID: 602889028780-88
Lobbying Activity
Meeting with Birgit Sippel (Member of the European Parliament)
13 Jan 2025 · UN Convention on Cybercrime
Meeting with Lara Wolters (Member of the European Parliament, Rapporteur) and Nederlandse Vereniging van Banken / Dutch Banking Association
24 Oct 2023 · Staff level: CSDD Directive
Response to Performance of independent audits provided for in the Digital Services Act
2 Jun 2023
The Global Network Initiative (GNI) is grateful for the opportunity to provide input on the draft delegated regulation on independent audits of very large online platforms and very large online search engines (draft delegated regulation). The role of audits is critical to the DSAs overall compliance and enforcement architecture. Allowing third-parties to examine and verify actions that very large online platforms and very large online search engines (covered providers) take to implement the obligations in Chapter III of the DSA can provide flexibility, create opportunities for expert input, minimize regulatory burdens, and allow for the evolution of creative and effective provider-specific approaches to compliance. These benefits will depend significantly on the extent to which audits generate involvement from experienced audit practitioners, as well as technical and subject-specific experts, and the degree to which broad consensus can be established on both the substantive criteria against which Chapter III obligations should be assessed, as well as the appropriate methodologies for conducting such assessments. Much will depend on the clarity that can be established in the delegated regulation, as well as through any further guidance and expert multistakeholder deliberation that the Commission is able to produce and encourage. Below are the top-line recommendations that we respectfully suggest to the Commission. The attached submission sets out these recommendations in more detail. The points raised in this submission stem from lessons GNI has learned over four cycles of multistakeholder assessments of the internal systems and processes used by information and communication technology (ICT) companies to identify and address risks to freedom of expression and privacy, as well as events that GNI has helped facilitate with a broader audience of experts through the Action Coalition on Meaningful Transparency, which GNI helped establish and manages. -- The Commission should encourage and support opportunities for auditors to engage with and learn from the broad multistakeholder community of experts that have been working to develop methodologies for identifying risks associated with digital platforms. -- The draft delegated regulation should include guidance on which types of "third parties" auditors are encouraged to consult and how. -- The Commission should consider a lower degree of assurance, at least for the initial cycle of audits. -- The Commission should explicitly identify the importance of audit reports as a transparency mechanism and further clarify the ways in which the audit process can and should build on and contribute to the types of expert consultations addressed in Recital 90 and the research facilitated through Article 40 of the DSA. -- The Commission should encourage and support credible, multistakeholder processes that can provide training of auditors, as well as the types of certifications and declarations referenced in the draft delegated regulation. -- The draft delegated regulation should afford flexibility regarding the criteria set out in Article 37(3) or create a mechanism whereby auditors can request exemptions from the Commission in order to sub-contract certain experts that might otherwise be disqualified. -- The Commission should consider including and defining a fourth type of conclusion that clearly applies to findings of material misstatements or misrepresentations. -- The Commission should consider ways in which the top-line audit conclusion can distinguish between audits that contain a small number of negative opinions, and others where a substantial number of conclusions are negative. We remain committed to ensuring that the DSA achieves its objectives and sets a positive global example of how to address digital risks, while upholding and expanding digital rigWe look forward to engaging in further discussion with the Commission and other stakeholders on these topics.
Read full responseMeeting with Axel Voss (Member of the European Parliament, Shadow rapporteur) and amfori - Trade with Purpose and The Shift Project
13 Mar 2023 · Corporate Sustainability Due Diligence
Response to Digital Services Act: deepening the Internal Market and clarifying responsibilities for digital services
31 Mar 2021
The Global Network Initiative (GNI) welcomes the European Union’s efforts on the Digital Services Act (DSA). We were pleased to see several recommendations from GNI’s prior submission addressed in the Commission’s draft. This submission draws from from our recent analysis of two dozen content regulation initiatives from around the world and the resulting recommendations on how to address digital harms while upholding human rights principles (attached). We stand ready to continue engaging constructively.
We welcome the distinctions among categories of intermediaries and the exemption of micro and small enterprises. However, the DSA should be refined to ensure that obligations align appropriately with different intermediaries’ ability to adequately address underlying risks. For instance, the notice-and-action regime applies equally to search engines, which index and display entire web pages, and cloud services, which do not have visibility of or control over content. This may create unnecessary burdens and impacts on freedom of information.
GNI also welcomes: the stated ambition to remove only illegal content; the inclusion of transparency, notice, counter-notice, and grievance requirements for all removals; the retention of core principles of the e-Commerce Directive (2000); and the creation of a “safe harbor” for content moderation. However, Article 14(3) imputes “actual knowledge” of illegal content for purposes of liability when any properly formed notification is made, creating perverse incentives likely to lead to disproportionate over-removal of content. As we have stated, “actual knowledge” that content is illegal should be imputed only when an order indicating such illegality is received from a duly authorized, independent authority, preferably a judicial order.
While we are pleased to see the clear, rights-preserving criteria applied to government demands in Articles 8 and 9, we are concerned that Article 21 would require online platforms to turn over user information upon mere “suspicion” of serious criminal offense. Deputizing private entities with such a quasi-law enforcement function creates significant concerns and should be avoided. Furthermore, while the language in Article 8(2)b requiring orders to act against illegal content not exceed the territorial scope “strictly necessary to achieve its objective” is helpful, further clarification and guidance is necessary to ensure such orders avoid creating conflicts of law.
We also express concern at the lack of checks and balances in the proposed governance structure. Certain tasks, such as the designation and regulation of trusted flaggers and out-of-court settlement bodies, may be better managed by the EDSB. Currently, the draft does not provide the EDBS with sufficient legal personality, staff, or resources to ensure the level of independence necessary to carry out oversight of such sensitive issues as electoral oversight and questions on speech.
The DSA’s extension of personal liability to the “legal representatives” required to be designated under Article 11 is unnecessary and risks further incentivizing overly-aggressive surveillance and policing of users. Furthermore, it sets a troubling precedent as non-democratic governments insert “hostage provisions” in their content regulations in order to increase their leverage over intermediaries.
Finally, Articles 26 and 27 on the identification and mitigation of risks by VLOPs are overly focused on identification and removal of illegal content. This may incentivize overly-aggressive and technology-enabled monitoring and policing of users, in tension with the prohibition against general monitoring obligations. These should be revised to clarify that the preservation of fundamental rights is the primary objective of such assessments, and provide guidance on how VLOPs should ensure that their services, including their efforts to detect and address illegal content or conduct, do not impinge upon these rights.
Read full responseMeeting with Agnieszka Skonieczna (Cabinet of Commissioner Thierry Breton), Filomena Chirico (Cabinet of Commissioner Thierry Breton)
18 Feb 2020 · Presentation of the Global Network Initiative and discussion of issues concerning the regulation of online content
Response to Improving cross-border access to electronic evidence in criminal matters
19 Jul 2018
GNI has developed a full submission in response to the proposed Directive and Regulation, which is attached for your consideration. We have extracted and included below the recommendation section from that submission for your convenience:
Recommendations:
The GNI Principles create a set of expectations and recommendations for how companies should respond to government requests that could affect the freedom of expression and privacy rights of their users, consistent with the UN Guiding Principles on Business and Human Rights. As the GNI Principles evidence, ICT companies can and often do play an important role in ensuring that government requests for user data are consistent with domestic law and international human rights principles. Efforts, including these proposals, to facilitate such requests across borders may help expedite legitimate law enforcement investigations, but they also introduce increased risks to user rights. As a result, the Commission must ensure (i) that the responsibility falls squarely on issuing authorities to ensure that EPOs are consistent with domestic law and the Charter of Fundament Rights, and do not constitute manifest abuse; (ii) that compliance with EPOs does not create liability for providers; and (iii) that providers have sufficient information and opportunity to assess and respond to EPOs consistent with relevant laws, their responsibility to respect human rights, and legitimate user expectations.
Specifically, the GNI recommends that (1) appropriate safeguards should be built in to the final regulation to ensure that orders served on providers will be clear and narrowly tailored to the crime being investigated so as not to create legal uncertainty and undue burden on service providers, or elicit responses from service providers that unduly interfere with the privacy interests of their users. The Commission should also consider amending the regulation to (2) require, consistent with EU law, that the subject of the data request be given notice in a manner that does not compromise the investigation. In addition, the Commission should (3) ensure that the enforcing state is provided adequate notice of relevant orders.
The GNI is also concerned that the high bar required under the Regulation to challenge orders on human rights grounds (“if, based on the sole information contained in the European Production Order Certificate (EPOC), it is apparent that it manifestly violates the Charter or that it is manifestly abusive…”) might deter providers of all sizes and types from challenging orders and would thereby undermine protections for users’ human rights. The Commission should therefore (4) ensure that the grounds for challenging EPO are clear and that companies have sufficient information to enable them to understand whether a given order is authentic and lawful.
In addition, (5) the time frames should be relaxed in the final regulation to permit providers to assess the orders they receive and prioritize the most critical requests. Furthermore, the final regulation (6) should ensure a substantial level of harmonization is specified in order to minimize the risk of forum shopping. It is also of the utmost importance to (7) ensure that transmission of EPOs and responses are secure, including by facilitating access to secure transmission methods for smaller companies. The Commission should also (8) consider limiting the number of authorities that member states may identify as competent to issue and/or validate EPOs. Finally, the proposed Regulation only mentions that possible reimbursement schemes should be determined through national Law. Instead, (9) the Regulation should foresee a mandatory harmonized reimbursement calculation.
Read full responseResponse to Improving cross-border access to electronic evidence in criminal matters
19 Jul 2018
GNI has developed a full submission in response to the proposed Directive and Regulation, which is attached for your consideration. We have extracted and included below the recommendation section from that submission for your convenience:
Recommendations:
The GNI Principles create a set of expectations and recommendations for how companies should respond to government requests that could affect the freedom of expression and privacy rights of their users, consistent with the UN Guiding Principles on Business and Human Rights. As the GNI Principles evidence, ICT companies can and often do play an important role in ensuring that government requests for user data are consistent with domestic law and international human rights principles. Efforts, including these proposals, to facilitate such requests across borders may help expedite legitimate law enforcement investigations, but they also introduce increased risks to user rights. As a result, the Commission must ensure (i) that the responsibility falls squarely on issuing authorities to ensure that EPOs are consistent with domestic law and the Charter of Fundament Rights, and do not constitute manifest abuse; (ii) that compliance with EPOs does not create liability for providers; and (iii) that providers have sufficient information and opportunity to assess and respond to EPOs consistent with relevant laws, their responsibility to respect human rights, and legitimate user expectations.
Specifically, the GNI recommends that (1) appropriate safeguards should be built in to the final regulation to ensure that orders served on providers will be clear and narrowly tailored to the crime being investigated so as not to create legal uncertainty and undue burden on service providers, or elicit responses from service providers that unduly interfere with the privacy interests of their users. The Commission should also consider amending the regulation to (2) require, consistent with EU law, that the subject of the data request be given notice in a manner that does not compromise the investigation. In addition, the Commission should (3) ensure that the enforcing state is provided adequate notice of relevant orders.
The GNI is also concerned that the high bar required under the Regulation to challenge orders on human rights grounds (“if, based on the sole information contained in the European Production Order Certificate (EPOC), it is apparent that it manifestly violates the Charter or that it is manifestly abusive…”) might deter providers of all sizes and types from challenging orders and would thereby undermine protections for users’ human rights. The Commission should therefore (4) ensure that the grounds for challenging EPO are clear and that companies have sufficient information to enable them to understand whether a given order is authentic and lawful.
In addition, (5) the time frames should be relaxed in the final regulation to permit providers to assess the orders they receive and prioritize the most critical requests. Furthermore, the final regulation (6) should ensure a substantial level of harmonization is specified in order to minimize the risk of forum shopping. It is also of the utmost importance to (7) ensure that transmission of EPOs and responses are secure, including by facilitating access to secure transmission methods for smaller companies. The Commission should also (8) consider limiting the number of authorities that member states may identify as competent to issue and/or validate EPOs. Finally, the proposed Regulation only mentions that possible reimbursement schemes should be determined through national Law. Instead, (9) the Regulation should foresee a mandatory harmonized reimbursement calculation.
Read full response