Rechten

De zaak komt aan het rollen als een man zijn zaak verliest hij het gerechtshof Amsterdam, en cassatieberoep aantekent. Hij vraagt cassatieadvocaat Bert van Schaick, verbonden aan het Tilburgse advocatenkantoor Linssen C.S., om advies. Die stelt een cassatieadvies op, maar de declaratie daarvoor (ruim € 2.000) betaalt de man niet. Linssen legt de kwestie voor aan de rechtbank Noord-Holland.

Daar betoogt de man dat Van Schaick zijn opdracht niet had mogen aannemen omdat hij als cassatieadvocaat ook raadsheer-plaatsvervanger is bij het gerechtshof Amsterdam – het hof waar hij zijn zaak verloor. Een andere cassatieadvocaat, Marc Janssen (verbonden aan Banning) en ook raadsheer-plaatsvervanger bij het hof Amsterdam, zou de man hebben verteld dat het hem niet was toegestaan om als cassatieadvocaat zaken aan te nemen die betrekking hebben op uitspraken van het Amsterdamse hof. Dit moet dus ook gelden voor Van Schaick, stelt de man: hij had hem hiervan op de hoogte moeten stellen, maar heeft dat niet gedaan. Hierdoor heeft de man gedwaald, want als hij had geweten dat het Van Schaick verboden was in die gevallen cassatieadvies af te geven, had hij hem de opdracht niet gegeven. Van Schaick bracht echter een voorschot in rekening en gaf een (negatief) cassatieadvies af. Daardoor heeft hij niet zuiver gehandeld. Bovendien voldeed het cassatieadvies niet aan hetgeen daarvan mocht worden verwacht van een bekwaam en redelijk handelend jurist. Daarom betaalt de man niet.

Volgens de kantonrechter had Janssen gelijk, maar Van Schaick ook. Dat blijkt uit een e-mail (26 november 2021) van de president van het gerechtshof Amsterdam aan de raadsheer-plaatsvervangers. Daarin staat dat de president heeft besloten dat het optreden als cassatieadvocaat in een zaak waarin het gerechtshof Amsterdam uitspraak heeft gedaan, per 1 januari 2022 als onwenselijk wordt beschouwd. Maar het cassatieadvies van Van Schaick – tevens hoogleraar privaatrechtelijke rechtshandhaving en rechtsvergelijking aan de Universiteit van Tilburg – dateert van vóór die tijd (juni 2021). Het nieuwe beleid gold op dat moment nog niet. Binnen Van Schaicks team van het hof Amsterdam was openlijk bekend dat hij ook optreedt als cassatieadvocaat. Dit heeft de man onvoldoende betwist en zo dus niet aangetoond dat hij heeft gedwaald.

Was het cassatieadvies onder de maat, zoals de man beweert? Dat hoeft de kantonrechter niet meer vast te stellen nu de man daarover te laat heeft geklaagd. Klagen moest binnen twee maanden nadat de man kennis had genomen van het werk. Hij klaagde niet toen hij het advies onder ogen kreeg, ook niet nadat hij de factuur had gekregen en ook niet na de betalingsherinneringen. Hij klaagde er pas over in zijn conclusie van antwoord. Nu niet vaststaat wat de kwaliteit van het cassatieadvies was, wordt de overeenkomst niet ontbonden. De man moet gewoon de factuur betalen, evenals de proceskosten.

ECLI:NL:RBNHO:2023:5892

Het bericht Raadsheer-plaatsvervanger mocht wel degelijk optreden als cassatieadvocaat verscheen eerst op Mr. Online.

The summer is upon us and that means only one thing, the DEF CON hacking conference is almost here! We're thrilled to announce that security expert Tarah Wheeler will host EFF's second annual charity poker tournament at the Horseshoe Poker Room on Friday, August 11. Get ready for an unforgettable event with emcee Ohm-I and many more special guests! This is an official DEF CON 31 contest, but all are welcome to participate in some friendly competition to support civil liberties and human rights online.

Take a break from hacking the Gibson to face off with your competition at the tables—all while benefiting EFF! Your buy-in is paired with a donation to support EFF's mission to protect online privacy and free expression for all. Play for money, and the future of the web! Seating is limited, so reserve your spot today.

SIGN UP!

FIND FULL EVENT DETAILS AND REGISTRATION

The first fifty people to sign up and attend the event will receive a limited bronze challenge coin—the size of a poker chip—celebrating the event. The first place winner will receive a one-of-a-kind solid silver challenge coin, as well as a now-traditional Jelly Bean trophy!

Tournament Specs: $100 Horseshoe tournament buy-in, with a donation of $250 or more to EFF to sign up. Rebuys are unlimited to level 6, with each having a suggested donation of $100 on site. Levels will be fifteen minutes, and the blinds go up at each level. Attendees must be 21+.

Pre-Tournament Clinic: Have you played some poker before but could use a refresher on rules, strategy, table behavior, and general Vegas slang at the poker table? Tarah Wheeler will run a poker clinic from 11 am-11:45 am just before the tournament. Even if you know poker pretty well, come a bit early and help out. Just show up and donate anything to EFF. Make it over $50 and Tarah will teach you chip riffling, the three biggest tells, and how to stare blankly and intimidatingly through someone’s soul while they’re trying to decide if you’re bluffing.

On January 31, the Swedish computer security expert and free software developer, Ola Bini, was found not guilty by a unanimous verdict from a three-judge tribunal in Ecuador. This marked the culmination of an unfounded criminal prosecution that has persisted for over four years. The Prosecutor’s Office appealed the acquittal, however, dragging out this problematic criminal case and suspending the court’s decision to lift the precautionary measures pending against Bini. As a result, Bini cannot leave Ecuador or use his bank accounts. 

As we previously wrote, the January ruling set a crucial precedent. It was the first time an Ecuadorian court analyzed the issue of unauthorized access to a computer system, an act classified as an offense under Article 234 of Ecuador’s criminal code. Most importantly, the court resisted setting an expansive interpretation of what constitutes unauthorized access of computer systems, a move that could have seriously endangered the beneficial work of security researchers and the vital role they play for our privacy and security across information systems.

The acquittal sentence makes three important facts clear. First, the evidence the prosecution presented was essentially unrelated to the charge of unauthorized access and did not prove the alleged criminal facts. Second, the only piece of evidence that was possibly related, the image of a telnet session showing a connection to a National Telecommunications Corporation (CNT) router, was not proof of criminal activity. And third, the prosecution didn’t present any evidence to prove the required threshold of malicious intent—necessary for the crime of unauthorized access. In short, the court refused to convict Bini based on stereotyped views of security experts intended to stoke fear that he was a danger to the public and state security.

The alleged evidence presented to the court was mainly unrelated to the criminal offense levied against Bini. His visits to Julian Assange at the Ecuadorian embassy in London, his internet service contract, the amount of computer equipment he owned, and translations of private conversations held with various contacts through different messaging applications, were related to a strategy of fear mongering around a “hacker panic,” not evidence of a crime.

The court also did not endorse the prosecution’s attempt to associate the use of Tor, a crucial tool to protect one’s privacy, with inherent criminality. The plaintiffs raised this argument because the image of the telnet session shows that the alleged connection to a CNT router was made using Tor. Tor is a privacy protection tool, but the prosecution and the CNT tried to frame its use as an indication of criminal activity. The fact that the court didn’t endorse this argument is key for those who want to protect their privacy, safety, and security online, as well as for security researchers to develop their work.

The single piece of “evidence” that the court evaluated was an image of a telnet session. It was leaked to the media even before being included in the case file and, as we previously flagged, it ultimately failed to establish proof of unauthorized access or criminal activity. Based on Article 234 of Ecuador’s criminal code, the court assessed whether (a) Bini had "accessed" or "remained" in a system, and (b) whether there was a malicious intent involved, like illegitimately exploiting such access or diverting its traffic. On (a), the court determined that a telnet connection to a CNT router, which asked for a username and password but received no input before the connection time out, is not “access.” Yet, the court didn’t address the issue of the veracity of the image itself. On (b), the court stressed that both the Prosecutor's Office and the CNT failed to present any evidence to corroborate the element of malicious intent, necessary to classify the act as a criminal offense of "unauthorized access." This combination of elements in Article 234 reaffirms how important it is to include malicious intent in the definition of criminal liability when drafting cybercrime laws. As we have repeatedly stressed, the requirement for malicious intent helps prevent the arbitrary enforcement of cybercrime provisions against the beneficial activity of security experts and researchers. 

The court also endorsed experts' testimonies that the image cannot even prove that the commands illustrated therein were actually executed. The sentence points out that CNT's expert witness never had access to the devices and systems involved in the alleged intrusion, and the report he produced on behalf of the prosecution was limited to the analysis of a previous report by a CNT's employee. The person who led the area of networks and connectivity of Ecuador's Presidency also stated that the Prosecutor's Office did not request information about any of the equipment, nor the IPs of the equipment, nor the accesses made to the equipment in order to verify a possible unauthorized access.

In June, the Observation Mission of Ola Bini's case, which EFF joins with many other digital and human rights organizations, held a session at RightsCon to analyze Ola Bini's unanimous acquittal sentence, and released a statement emphasizing the points above. These constitute key precedents for other cybersecurity experts and digital rights defenders under persecution. The statement highlights how important it was for the court to refuse to endorse a case based on purported evidence that is unrelated to the charge, avoid broad interpretations of criminal law to persecute security experts based on stereotypes about technology and the infosec community, and refuse to endorse allegations that the use of Tor indicates any suspicion of criminal activity. Although the court missed the opportunity to reinforce the relevance of privacy-enhancing technologies, such as Tor, for ensuring freedom of expression, privacy, and other human rights online, the acquittal sentence is a relevant precedent to enforce. 

Now that Ecuador's Prosecutor's Office has appealed Ola Bini's acquittal, despite a lack of evidence against the security expert, Ecuadorian judicial authorities must uphold the sentence’s crucial points and ratify Bini's innocence. It is telling that CNT, responsible for the system allegedly accessed without authorization, did not appeal, which corroborates the weakness of the case. We will continue to monitor case developments to ensure that due process prevails. 

Het Openbaar Ministerie heeft in het onderzoek naar de Rotterdamse advocaat Inez Weski het verschoningsrecht geschonden. Dat meldt het FD, dat zich baseert op een rechtszitting – vorige week – in Den Haag. Weski (68) was tot voor kort de advocaat van Ridouan Taghi en is nu verdacht van deelname aan een criminele organisatie die zich bezighoudt met internationale drugshandel en witwassen. Weski zou volgens het OM informatie van Taghi vanuit de Extra Beveiligde Inrichting (EBI) in Vught met diens contacten in de buitenwereld hebben gedeeld. Taghi is de hoofdverdachte in het Marengo-proces, een strafzaak die draait om meerdere liquidaties in het drugsmilieu.

Bij de aanhouding van Weski nam het OM in april een grote hoeveelheid vertrouwelijke documenten (ook over haar cliënten) uit haar praktijk in beslag. De informatie valt onder het verschoningsrecht. Anderen, ook niet het OM, mogen dat inzien. Toch deelde de officier van justitie (de geheimhoudersofficier) op 25 mei een proces-verbaal met ‘informatie uit het onderzoek’ naar Weski, met als codenaam 26Palma, dat ook terechtkwam bij de zaaksofficier, die het weer deelde met andere collega’s. Het OM heeft laten weten om ‘formele redenen’ hierop niet inhoudelijk te reageren. Een geheimhoudersofficier heeft als taak het uitfilteren van vertrouwelijke documenten van advocaten en moet met het oog daarop expliciet beloven over de inhoud te zwijgen.

In het FD reageert de Rotterdamse deken Peter Hanenberg geschokt: ‘Juist in deze zaak verwacht je de grootste zorgvuldigheid van het OM. Je moet gewoon veilig je verhaal kunnen doen bij een advocaat, zonder dat de staat daarin kan wroeten. In landen waarin dit wel gebeurt, zouden u en ik niet willen leven.’ Hij wil weten wie er allemaal in de stukken ‘hebben zitten rondneuzen’, en eist dat het OM alle gegevensdragers overdraagt aan de rechter-commissaris. Eventuele kopieën moet het OM ‘verifieerbaar vernietigen’.

Het bericht ‘Openbaar Ministerie schond in zaak-Weski verschoningsrecht, deken boos’ verscheen eerst op Mr. Online.

Zomeractie:

Om de blogpauze goed te maken, heb ik gedurende de hele vakantieperiode dit boek met maar liefst 40% korting in de aanbieding. Bestellen doet u op de site van ICTRecht.

Mijn blog hervat weer maandag 31 augustus.

Arnoud

Het bericht Vakantielectuur: het boek “ICT en Recht” is nu verkrijgbaar met 40% korting! verscheen eerst op Ius Mentis.

Bij de zestien advocaten- en accountantskantoren werken volgens het FD 1676 partners. Daarvan zijn er 360 vrouw, iets meer dan 21 procent. Vijf kantoren hebben meer dan 30 procent vrouwelijke partners; in 2019 waren dat nog vier kantoren. Dat percentage wordt veelal gehanteerd als een belangrijk omslagpunt voor cultuurverandering op de werkvloer. De cijfers blijven ver achter van wat SER vindt als ‘het nieuwe normaal’: dat betreft een evenredige vertegenwoordiging van mannen en vrouwen (50-50) en van mensen met een niet-westerse migratieachtergrond in de top van het bedrijfsleven.

In de afgelopen vier jaar boekten alle kantoren ‘enige vooruitgang’ met de benoeming van vrouwelijke partners, behalve Allen & Overy en KPMG. Kantoren die meer dan 30 procent vrouwelijke partners hebben zijn Pels Rijcken, Kennedy Van der Laan, Van Doorne, Allen & Overy en Baker McKenzie. Bij Allen & Overy liep het percentage vrouwelijke partners terug met 4 procent, maar komt toch nog uit op 31 procent – net boven de kritische grens.

In de FD-enquête vormt KPMG samen met AKD de hekkensluiter. Bij AKD groeide het aandeel vrouwen van 7 procent in 2019 naar 12 procent in 2023, op een totale populatie van 43 partners. Volgens het FD is AKD het enige kantoor dat in 2008 niet zijn handtekening zette onder het Charter Talent naar de Top. Een van de doelen van dit charter is om meer vrouwen te laten doorstromen naar de top van het bedrijfsleven. Dit charter is niet het enige document van betekenis. De zakelijke dienstverlening heeft sinds vorig jaar ook te maken met het Besluit inhoud bestuursverslag tijdelijke verplichting grote vennootschappen […] in de top en subtop en over de streefcijfers. Die schrijft voor dat de vijfduizend grootste vennootschappen na deze zomer publiekelijk moeten rapporteren over de man-vrouwverhouding in de (sub)top van hun onderneming.

In 2019 stond bij twaalf kantoren een man aan het roer. Drie kantoren werden geleid door een vrouw: KPMG, Allen & Overy en Baker McKenzie. In 2023 zijn er twee vrouwelijke bestuurders bijgekomen, bij Pels Rijcken en PwC. Pels Rijcken scoort het best met vrouwen in de raad van bestuur: 75 procent (vier jaar geleden nog nul). Nu heeft een derde van de ondervraagde kantoren een vrouw als leider. Dat zijn naast Pels Rijcken ook NautaDutilh, PwC, Stibbe en Baker McKenzie, zo turfde het FD. Het zijn cijfers die vergelijkbaar zijn met de rest van het bedrijfsleven, maar met een groot verschil, constateert het FD: elders zijn vrouwen minder beschikbaar, Zuidas-kantoren kunnen putten uit voldoende vrouwen. Doorgaans is 60 procent van de medewerkers van de grote advocatenkantoren vrouw, maar dat vertaalt zich niet in een evenredige vertegenwoordiging in de top. Het FD toont bij Loyens & Loeff aan hoe het zit. Het kantoor telt in totaal 1524 medewerkers, waarvan 59,3 procent vrouw is. In de groep senior medewerkers is 51,7 procent vrouw, maar in de partnergroep is dat 18 procent.

Volgens diversiteitsexperts werken de meeste kantoren niet met een vrouwenquotum. Daardoor ligt niet vast hoeveel topfuncties door vrouwen moeten worden bekleed. Kantoren gaan liever uit van wettelijk verplichte streefcijfers, die vrijblijvender zijn dan quota. Daarmee schieten deze kantoren zichzelf wel in de voet, stellen de diversiteitsdeskundigen: het is wetenschappelijk aangetoond dat bedrijven beter presteren als zij divers en inclusief zijn. Ook medewerkers en klanten hechten steeds meer waarde aan een organisatie waarin vrouwen en minderheidsgroeperingen goed zijn vertegenwoordigd.

Diversiteitsadviseurs zien ook de oorzaken: de ideale Zuidas-medewerker is efficiënt en extravert. Die gaat graag op pad om nieuwe opdrachten binnen te halen. Dat zijn eigenschappen die veelal als ‘masculien’ worden gezien. Als gevolg daarvan is ook de beloningsstructuren binnen Zuidas-kantoren afgestemd op dergelijke masculiene kenmerken en eigenschappen.

Het bericht Meeste Zuidas-kantoren hebben nog steeds te weinig vrouwelijke partners verscheen eerst op Mr. Online.

Intern Nicholas Wilson was the primary author of this post.

U.S. government intelligence agencies are buying data about us. The danger to our civil liberties is so extreme that even the Office of the Director of National Intelligence (ODNI) said things have gone too far in a detailed report released in June.

The report explains that federal intelligence agencies, like the NSA and FBI, do more than just conduct their own surveillance: they also buy data from private surveillance companies. This is a powerful partnership: the government’s desire to surveil us aligns well with corporations’ incentives in the surveillance economy. When intelligence agencies buy our data, they do not even follow basic constitutional safeguards—like obtaining warrants—since they say the purchased data is “publicly available.” In other words, since many data brokers will sell our personal data to anyone, intelligence agencies see no reason to treat that data as protected by the Fourth Amendment.

But the report warns that when the government buys data about us, it threatens our privacy and civil liberties, something EFF has been saying for years. The government should not escape warrant requirements simply by paying private surveillance companies. As the report says, commercially available data, just like data the government collects itself, can be “misused to pry into private lives, ruin reputations, and cause emotional distress and threaten the safety of individuals.” This commercially available data “can disclose, for example, the detailed movements and associations of individuals and groups, revealing political, religious, travel, and speech activities.”

The government’s purchases of corporate surveillance data are pervasive. Intelligence agencies are buying up so much data that ODNI was not able to comprehensively review all the purchases. ODNI’s report warned that commercial data “has, at least in part, overtaken current IC [intelligence community] policies that address it.”

Examples from the report illustrate the problem. The FBI and the Coast Guard have both contracted with surveillance tech companies to monitor our social media accounts. And the Department of Homeland Security has used the “Web of Science” tool to identify foreign academic researchers working in the U.S.

The report rightly calls for intelligence agencies to do more to consider the privacy impact of buying and using commercial data. Intelligence agencies should not turn a blind eye to their privacy harms. And they should respect the Supreme Court’s holding in Carpenter v. United States that the government cannot obtain certain personal data, like location data, from private companies without a warrant.

The report also calls for intelligence agencies to conduct a sweeping review to understand how they are buying and using commercial surveillance data. Since these agencies are making so many data purchases that ODNI couldn’t find them all, this review is necessary. And the report is right that the review should cover not just purchases, but also uses of the data—data that is purchased for one purpose can become more threatening when it is later combined with other data sources or used in a different way.

But the report does not solve the problems it identifies. The report is not binding on the Director of National Intelligence or her successors. And the report, even after noting the threat to civil liberties, fails to disavow government use of commercial surveillance data. Instead, it invites intelligence agencies to do their own balancing of privacy harms against national security benefits of intelligence. That is not enough. Intelligence agencies will always have a clear bias towards supposed national security “benefits,” meaning they will inevitably put civil liberties on the chopping block.

Instead, we need changes across government. Legislatures need to pass strong consumer data privacy legislation, so that data brokers have less data to sell the government. Legislatures also need to pass statutory limits on the government, to prevent them from using data brokers to dodge search warrant requirements, and to stop them using reverse warrants. Courts should respect Fourth Amendment precedent by continuing to disallow the government from buying personal data without a warrant.

Government surveillance and corporate surveillance are bad enough on their own. They should not be allowed to join forces.

De Zweedse toezichthouder heeft vier bedrijven waaronder de Zweedse tak van Tele2 een boete opgelegd en gesommeerd om het gebruik van Google Analytics per direct te staken. Dat las ik bij AG Connect. De inzet van de Standard Contractual Clauses is onvoldoende om de veiligheid van persoonsgegevens te borgen. In Nederland blijft men maar om de hete brij heen draaien, dus waar staan we nu?

Ik zou maar vast een alternatief voor Google Analytics gaan zoeken als ik jou was, blogde ik dapper in februari vorig jaar. In Oostenrijk was Analytics toen al verboden, de Noren zaten het te overwegen (ondertussen ook verbod) en er waren er meer, zoals de Duitse rechter. Opmerkelijke uitzondering was Spanje, dat in december een klacht afwees – zij het mede omdat de betrokken website was gestopt met de tool.

Het leek erop dat Nederland ook tot een verbod zou komen: de AP kondigde in datzelfde jaar een onderzoek aan en voegde een omineus zinnetje toe aan haar handleiding “Privacyvriendelijk Google Analytics”. Dat er nog steeds staat, tot grote ergernis van velen.

De Fransen kwamen met een technische oplossing, zij het technisch wat ingewikkelder namelijk een anonimiserende proxy. Dat lost het onderliggende probleem inderdaad op. Het gaat er immers om dat iedereen die de Analyticstool inzet, persoonsgegevens overbrengt naar de VS en dat doet met enkel de schaamlap van de Standard Contractual Clauses als onderbouwing. Dat mag niet, want er is geen daadwerkelijk toezicht.

Ondertussen is het dus juli 2023, gebruiken velen nog Google Analytics en is het alles bij elkaar bepaald onduidelijk te noemen. Waardoor je je afvraagt, die AVG is een Europese wet, hoezo is het zo moeilijk om daar als Europa één uitspraak over te doen?

Het probleem zit hem in de fundamentele keuze destijds in 2016 om geen centrale Europese handhaver aan te stellen. Er is wel de EDPB, maar dat is een samenwerkingsverband van toezichthouders. Die moet “consequente toepassing” van de AVG bevorderen en samenwerking regelen, maar kan niet afdwingen dat toezichthouders allemaal hetzelfde besluiten.

Daardoor ontstaat het beeld dat we toch per land anders kunnen bepalen wat de AVG wel of niet toestaat. Er is dan alleen nog een uitspraak van het Hof van Justitie die duidelijkheid kan brengen, maar dat duurt normaal nogal lang.

Arnoud

Het bericht Gaat Google Analytics verboden worden, of is het dat eigenlijk al? verscheen eerst op Ius Mentis.

Mobiele telefoons zijn vanaf 1 januari volgend jaar niet meer in het klaslokaal toegestaan, las ik bij Security.nl. De Rijksoverheid heeft hierover afspraken gemaakt met alle relevante koepelorganisaties in het onderwijs. Eind volgend schooljaar wordt geëvalueerd of de afspraak het gewenste effect heeft of dat eventueel toch een wettelijk verbod nodig is.

De vraag of een school mobieltjes van leerlingen mag verbieden is inmiddels een klassieker op deze blog. De kern is (zo blogde ik in 2015): Een school is bevoegd om regels te stellen om de goede gang van zaken op de school te bewaren, en om daar sancties op te stellen bij overtreding. Zij mag zelf bepalen wat die sancties zijn, zolang ze maar redelijk en proportioneel zijn. Wel moeten de sancties en hun grondslagen (wanneer krijg je welke straf) in het onderwijsreglement zijn geregeld. Een leraar mag dus niet ter plekke bedenken “jij kauwt kauwgum onder de les, lever je telefoon maar in tot 4 uur”. Een paar jaar later bleken de verzuchtingen nog groter: Het grote probleem vanuit juridisch perspectief is eigenlijk dat er nauwelijks iets geregeld is op dit gebied. De wet houdt het bij het vereiste dat er een reglement moet zijn de rechten en plichten van de leerlingen vastgelegd worden (art. 24g Wet voortgezet onderwijs) en dat daarin moet staan hoe handhaving van de goede gang van zaken binnen de instelling in zijn werk gaat. Er is nu dus (nog) niet gekozen voor een wettelijk geregeld verbod, maar voor een serie afspraken. De hoofdlijnen komen neer op: “geen mobiele telefoons of andere devices in de klas, tenzij sprake is van educatief gebruik in de les.” Als leerlingen een telefoon voor specifieke redenen in de klas nodig hebben, dan blijft dat wel nodig.

Scholen moeten deze hoofdlijnen uitwerken naar specifiek schoolbeleid, en daarmee komt de bal dus juridisch gezien weer terug bij waar ‘ie al tijden lag, met dezelfde onduidelijkheid als destijds. Het argument is natuurlijk dat de ene school strenger (of duidelijker of wat dan ook) wil zijn dan de andere, maar een wettelijke regeling had wel meer algemene duidelijkheid gegeven.

Arnoud

Het bericht Mobiele telefoons vanaf 2024 niet meer in het klaslokaal toegestaan verscheen eerst op Ius Mentis.

People around the world have been searching for ways to hold accountable companies that build tools for government repression. From massive surveillance systems to state-sponsored malware, governments around the world are increasingly using technology to locate, track, and engage in human rights abuses against disfavored communities, journalists, and activists.

In a tremendous victory for the victims of those tools of repression, the Ninth Circuit cleared a path of legal accountability for American technology companies who build tools that facilitate human rights abuses by foreign governments, in a case called Doe I v. Cisco Systems. EFF filed multiple amicus briefs in the case, including in the Ninth Circuit. 

Cisco is just one of many American technology companies that have been complicit in facilitating human rights abuses in foreign countries. We applaud the Ninth Circuit in helping ensure that the key statute in the case, the Alien Tort Statute (ATS), remains an important mechanism for holding companies accountable when they choose profit over human lives.

The Ninth Circuit allowed victims to sue tech giant Cisco Systems in a long-running case seeking redress for the company’s role in building and deploying the “Golden Shield,” also referred to as “The Great Firewall of China.” It’s a vast surveillance system that Cisco began building in the late 1990s and that the Chinese government used to violate the human rights of disfavored minorities, including members of the Falun Gong religion, who are the plaintiffs in the case.

The thirteen plaintiffs alleged arrest, detention, and torture, including of themselves and family members, at least one of whom died by beating while being detained. The claims are horrific and echo reports by the U.S. State Department and many human rights NGOs. They include claims that the plaintiffs were placed in forced labor camps, beaten with steel rods, shocked with electric batons, and endured sleep deprivation and violent force-feeding. The plaintiffs also alleged that their private emails, text messages, and other information—intercepted by the Golden Shield—were shown to them and used as part of their torture and forced conversion, including threats to their family members and others who communicated with them. 

 The Ninth Circuit’s opinion, which comes after a long wait, makes several critical determinations:

• U.S. corporations can be held liable under the ATS, which allows foreign persons to sue for human rights abuses in U.S. courts. ATS defendants need not only be natural persons.
• A company can be held responsible for “aiding and abetting” human rights abuses and does not have to commit the abuses directly.
• A company does not need to have a purpose to facilitate human rights abuses. It only needs to have knowledge that its assistance helped in human rights abuses.
• When deciding whether a company had done enough to constitute “aiding and abetting,” a court can look at the cumulative impact of many corporate actions and need not find one that alone constitutes sufficient assistance.
• The fact that a technology has legitimate uses does not shield a company from liability for other uses that led to human rights abuses. Thus, the fact that China also used the Golden Shield for legitimate law enforcement purposes does not immunize Cisco from liability for its knowing facilitation of human rights abuses. This is a critical point, as we often see companies rejecting responsibility for their surveillance technologies simply because they have dual or multiple uses.
• The actions Cisco took in the United States were sufficient to allow the case to go forward here. The court said: “Plaintiffs allege that Cisco designed, developed, and optimized important aspects of the Golden Shield surveillance system in California; that Cisco manufactured hardware for the Golden Shield in California; that Cisco employees in California provided ongoing maintenance and support,” among others.

There’s much more in the opinion, including allowing a claim to move forward against Cisco’s top executives under another law, the Torture Victim Protection Act (TVPA). Overall, the Ninth Circuit’s opinion is a tremendous victory for human rights and for those who want to ensure that U.S. companies stop helping repressive governments.

For those who want to understand the complex set of legal doctrines that the plaintiffs had to overcome to survive even at this early stage, below is a deep dive into a several aspects of the Ninth Circuit’s critical rulings.

As with so many efforts to advance human rights around the world, this case has been an exercise in patience. The plaintiffs first filed their case in 2011 and have faced multiple motions to dismiss by the defendants. The currently operative complaint is the Second Amended Complaint (third overall). The case was paused several times as the Supreme Court considered three important cases related to the ATS: Kiobel v. Royal Dutch Petroleum (2013), Jesner v. Arab Bank (2018), and Nestlé USA v. Doe (2021).

As a specific matter, the Ninth Circuit held that the plaintiffs’ ATS claims may move forward against the corporate defendant Cisco, and one plaintiff’s claims under the TVPA against individual Cisco executives, reversing the district court. Unfortunately, the court affirmed the district court’s dismissal of the plaintiffs’ ATS claims against the Cisco executives.

One argument that Cisco and other companies have made to try to escape accountability is that only people, not companies, can be sued under the ATS. This issue was implicitly addressed by the Supreme Court in Nestlé USA (where EFF filed an amicus brief). Five justices in that case agreed that the ATS should apply to U.S. companies, even though the Court had held in Jesner that the statute does not apply to foreign companies. Putting to rest this argument that places companies above the law, the Ninth Circuit expressly concluded that U.S. companies may be sued under the ATS, preserving the statute as a critical tool of corporate accountability for facilitating human rights abuses. (p. 22 of the opinion)

The ATS is a simple jurisdictional statute that provides: “The district courts shall have original jurisdiction of any civil action by an alien for a tort only, committed in violation of the law of nations or a treaty of the United States.”  

Thus, in every ATS case, a court must ensure that the underlying claim exists in international law before it can go forward, whether that’s a substantive claim like torture or child slavery, or an indirect form of liability such as aiding and abetting a substantive violation. The Supreme Court has urged caution in expanding the claims available under the ATS, which companies like Cisco have tried to use to slam the courthouse door on victims of human rights abuses. 

The Ninth Circuit conducted an extensive analysis and concluded that “aiding and abetting” liability is firmly established in international law and thus available as an ATS claim:

[I]n agreement with every circuit to have considered the issue, [we conclude] that aiding and abetting liability is a norm of customary international law with sufficient definition and universality to establish liability under the ATS [and] does not raise separation-of-powers or foreign policy concerns. (pp. 23-24)

Crucially, the Ninth Circuit made clear that a company like Cisco need not share an abusive “purpose” with a government—something that Cisco and others have argued. Instead, the court held that a company’s “knowledge” that it is assisting in the commission of human rights violations is sufficient. This is a big win for human rights victims, since a knowledge standard is easier to meet than a purpose standard, and it can be particularly difficult to prove a “purpose” for a corporation. Specifically, the Ninth Circuit explained:

The knowledge mens rea [i.e., mental state] standard is satisfied when a defendant acts with knowledge that the defendant’s actions will assist in the commission of a crime or with awareness of a substantial likelihood that the defendant’s acts would assist the commission of a crime. … An accused’s statements regarding the purposes and goals of the project for which they are providing assistance can establish awareness that crimes are likely to be committed. And when ongoing abuses are common knowledge, knowing action may be imputed to the defendant. (p. 59) (emphasis added)

The Ninth Circuit went on to hold that Cisco meets this “knowing assistance” (p. 39) standard. The company’s marketing materials and internal reports revealed that it knew that its customer, the Chinese government, wanted to target Falun Gong practitioners specifically—first through surveillance and identification, then physical apprehension, torture, and coerced renunciation of their religion. Additionally, shareholder resolutions, the U.S. State Department, news outlets, and other entities all called out the abuse the Falun Gong were experiencing in the late 1990s and early 2000s at the hands of the Chinese government, often referred to as douzheng, a Chinese word for persecution. The court stated:

[T]he complaint alleges facts demonstrating that Cisco was aware of the [Communist] Party and Chinese authorities’ goal to use Golden Shield technology to target Falun Gong adherents and that it was widely known that the authorities’ efforts involved significant and ongoing violations of international law, especially torture and arbitrary detention. We conclude that Plaintiffs’ allegations, accepted as true, are sufficient to state a plausible claim that Cisco provided essential technical assistance to the douzheng of Falun Gong with awareness that the international law violations of torture, arbitrary detention, disappearance, and extrajudicial killing were substantially likely to take place. (p. 62) (emphasis added)

In a footnote, the Ninth Circuit agreed with an argument we made in our most recent amicus brief, that Cisco’s alleged actions also meet the higher “purpose” standard. The court stated:

We note that we would likely reach the same conclusion were we to apply the purpose mens rea; these same allegations, accepted as true, are likely sufficient to state a plausible claim that Cisco acted with the purpose of facilitating the violations of international law. … We have held that where a defendant ‘supported’ and ‘benefitted’ from the commission of a violation, the purpose mens rea standard is satisfied … If true, then Cisco supported the douzheng and benefitted from specifically tailoring its assistance, including software, training, and messaging, to the illegal goals of the [Communist] Party and Public Security. Had Cisco not tailored its assistance in this way, it would not have obtained the lucrative contracts. (footnote 22, pp. 62-63) (emphasis added)

We argued in our brief that Cisco’s financial interests were aligned with human rights violations: “it is far more reasonable to infer that if the Golden Shield had been designed as a simpler, less customized, general law enforcement tool, then Cisco’s fee would have been smaller … [B]y being compensated for providing the Chinese government with an essential means of achieving its ambitious persecutory goals, Cisco directly benefited from the Chinese government’s campaign of persecution against the Falun Gong.”

For an aiding and abetting claim under the ATS, Cisco needed not only the right mental state, it also had to provide “assistance to the principal [i.e., the Chinese government] with substantial effect on an international law violation.” (p. 39) And the actions constituting substantial assistance had to have occurred largely in the United States. The Ninth Circuit held that both occurred. 

Importantly, the court found that no single act by Cisco needed to satisfy the substantial assistance standard. Instead, “In assessing the effect of a defendant’s action, courts consider the cumulative contribution a defendant makes to the alleged violation—not whether each individual act had substantial effect.” (p. 42) (emphasis added)

The Ninth Circuit considered the plaintiffs’ detailed allegations of how Cisco designed and built the Golden Shield to meet China’s persecutory goals, and how this technology provided the “essential means” (p. 46) that allowed the Chinese security forces to target Falun Gong practitioners. The court concluded:

[G]iven Cisco’s significant technological assistance; the use of such technology to identify, detain, and torture Falun Gong practitioners; and the timing of that assistance during a period in which Chinese authorities did not have equivalent technological tools, we conclude that Plaintiffs have plausibly alleged that Cisco provided assistance with substantial effect on Chinese authorities’ violations of international law. (pp. 47-48) (emphasis added)

In doing so, the Ninth Circuit expressly rejected Cisco’s argument that it should be immune from liability because its surveillance technology could be and was used for legitimate law enforcement purposes. The court stated:

Here, although Golden Shield technology could be and was used for some legitimate law enforcement activities, a multipurpose use and the general legality of providing crime control software does not render the assistance Cisco provided any less substantial in its facilitation and enhancement of Chinese authorities’ persecution of Falun Gong in violation of customary international law. (p. 49)

As supporters of technology and believers in the promise of technology to be a force for good, a key point we made in our amicus brief is that merely providing a tool that can be misused is not enough for ATS liability. We distinguished what Cisco did in this case, which was to design and build a customized surveillance product that the company knew would have a substantial effect on the ability of the Chinese government to engage in violations of human rights. The Ninth Circuit’s ruling is consistent with this line for liability.

Finally, the Ninth Circuit considered whether enough of Cisco’s conduct occurred in the United States to allow the case to go forward here. This is because the Supreme Court has held that ATS claims must “touch and concern the territory of the United States,” and that mere “general corporate activity” in the U.S. is not enough.

The Ninth Circuit held that Cisco had done enough in the U.S. to warrant a case here—a crucial holding after the Supreme Court’s further narrowing of the ATS in Nestlé USA. The court summarized:

In sum, Plaintiffs allege that Cisco designed, developed, and optimized important aspects of the Golden Shield surveillance system in California; that Cisco manufactured hardware for the Golden Shield in California; that Cisco employees in California provided ongoing maintenance and support; and that Cisco in California acted with knowledge of the likelihood of the alleged violations of international law and with the purpose of facilitating them … [T]he domestic activities alleged here constituted essential, direct, and substantial assistance for which aiding and abetting liability can attach. So, with regard to corporate defendant Cisco, Plaintiffs’ allegations support application of the ATS. (p. 68-69) (emphasis added)

With regard to U.S.-based design of a technology system deployed abroad, the Ninth Circuit adopted an argument we made in our amicus brief, that the case against Cisco was similar in this way to another case in New York, Balintulo v. Ford (2015), where IBM (along with Ford) was sued for creating a national ID system that facilitated the South African government’s apartheid regime.

As the Ninth Circuit wrote, “The Second Circuit concluded that ‘designing particular technologies in the United States that would facilitate South African racial separation’ would be sufficient” to allow a case in the U.S. Just as we argued, the Ninth Circuit concluded: “The design and provision of hardware and software in Balintulo closely resembles what Plaintiffs here allege to have occurred in San Jose.” (p. 70)

EFF is thrilled that, after 12 years, the plaintiffs are finally able to move forward with their ATS claims against Cisco Systems. They will now have the chance to conduct discovery and collect more evidence to ensure that Cisco is held accountable for building the tool that was so integral to their suffering.

More importantly, we hope this decision sends a message to the other companies who have been building and providing surveillance, spying, and other equipment and services to foreign governments that are being used to assist in human rights abuses. No company should be able to escape accountability for putting profits over people.

Introduced in September 2022 by the European Commission as part of the “new push for European Union Democracy,” the European Media Freedom Act (EMFA) seeks to promote media pluralism and independence across the EU. 

EMFA in a Nutshell

The EMFA sets out rights and obligations for ‘media service providers’, including rules on transparency about media ownership and protections against political interference. The proposed bill also introduces valuable safeguards against surveillance powers of states and the use of spyware against them. EFF has warned for years about the dangers of powerful state-sponsored malware, and the Pegasus project shows the need to take the abuse of power by governments seriously. 

Article 17: Media Exemption

One of the most controversial provisions under the EMFA is Article 17, which endeavors to address the treatment and moderation of media content by ‘Very Large Online Platforms’ (VLOPs), such as Twitter and Facebook. Article 17 requires VLOPs to give special privileged treatment to media outlets by notifying them before content is removed. Should VLOPs remove content without ‘sufficient grounds’, Article 17 enables media service providers to find an ‘amicable solution’ through dialogue with the VLOP. Article 17 also provides that VLOPs must create fast-track systems for actors to self-declare as independent and regulated media providers, hence leaving it to online platforms to decide over the status of a wide range of media actors. 

Content shared by media service providers on VLOPs should not be exempt from moderation protocols through a carte blanche exception from regulation provisions. 

If passed, Article 17 would:

1. facilitate an environment of disinformation wherein harmful content would remain online if posted by a self-declared media service provider.
2. undermine existing provisions outlined under the Digital Services Act (DSA), which already introduced obligations to address arbitrary content moderation systems and regulate the power imbalance between VLOPs and media service providers.

Increased Risk of Disinformation 

Article 17 is a reckless approach to protecting media pluralism across the EU. By handing out content moderation privileges and providing anyone the discretion to self-declare as a media outlet, the Media Freedom Act will inadvertently foster a plurality of disinformation rather than media diversity. Article 17 provides a framework that can be manipulated by rogue actors. It stifles the ability of platforms to warn users about the content, thus enabling the spread of hate speech, electoral propaganda, scams, and other forms of damaging disinformation.

In practice, (actual and self-declared) media services could publish disinformation about a war, for example, on a VLOP platform like Twitter. In response, Twitter would need to contact the media service provider and be encouraged to wait, according to suggestions by some EU parliamentarians up to 48 hours, before adding a fact-check or deleting the content. This is enough time for disinformation to spread during the suspense-period, with any exchanges between individuals on the content amplifying the spread of the disinformation across platforms. This would also function as a loophole for rogue actors to exploit the system and distort public discourse—undermining the equality of free speech as well as democratic debate. Some influential voices within the EU Parliament have even proposed exempting media content entirely from moderation protocols, thus contradicting the expectations of million EU users, who rely on online platform to remove content that violate community standards.

This light version of a must-carry provision is particularly concerning in EU countries where public service broadcasting is captured by the ruling party as state media. Under these conditions, harmful state propaganda or government-orchestrated disinformation would remain online—even if the content is false—due to the privileged treatment provided by the media exemption. 

And in these countries where the media is at a ‘high risk’ from state interference, the likelihood of disinformation spreading is exacerbated by the discretionary power under Article 17 to self-declare a provider as a media service. This would allow state media outlets to shape public discourses in alignment with government-oriented propaganda, as well as facilitating a gatekeeping of media content and public information.

Undermining the EU’s Digital Services Act

The EU’s Digital Services Act came into force on 16 November 2022, seeking to make the internet a fairer place by setting out new legal responsibilities for online platforms and educating users on why content is removed and what they can do about it. The idea of a media exemption was rejected during DSA negotiations and condemned by civil society organizations.

Alternatively, the DSA requires VLOPs to comply with far-reaching obligations to responsibly tackle systemic risks and abuse on their platform. These risks cover a variety of aspects, including the dissemination of illegal content and the communication of disinformation. VLOPs also face oversight through independent audits, which assess whether platforms respect their obligations under the DSA.

On these grounds, the obligations under Article 17 EMFA add an extra layer to the existing EU’s comprehensive rules and overload VLOPs with new and potentially conflicting procedures. VLOPs will face an impossible choice under Article 17: hand out blanket content moderation privileges and risk leaving problematic content online (and thus face potential fines and liability) or engage in arduous communications with media services when moderating content.

While the EMFA attempts to distinguish between media content that pertains to systemic risks covered by the DSA's regulations and other content with less contentious issues, it remains entirely unclear as to how and when a violation of terms of service by a media service provider will be linked to these risks.

With such conflicting and subjective requirements, Article 17 will have a detrimental impact on individual rights to freedom of expression and speech, and will make the already-passed and vetted DSA almost impossible to enforce against many large platforms in a human-rights friendly manner. And by forcing platforms to keep (any) media content up, Article 17 could potentially evolve into an enforcement tool that major publishers use to seek reimbursement for their content under copyright rules.

What Happens Next?

EFF supports the worthwhile attempt to promote media pluralism and independence across the EU and we welcome critical safeguards that protect media service providers from surveillance measures, including actions such as deploying spyware against journalists.

However, Article 17 of the European Media Freedom Act is a harmful provision, which must be rejected or at least significantly revised by EU parliamentarians and the EU member states. As we’ve said before, media actors should not, as a matter of principle, be granted special treatment when it comes to the moderation of their content. 

Without accountability and transparent content moderation systems for all content online, the media’s ability to provide reliable information and scrutinize political leaders is at risk of being eroded. It is essential that media freedom is able to operate outside the confines of political interference and outside the parameters of state censorship to give users more information, not less.

As the EMFA continues its progression through EU institutions—the dossier is negotiated in the EU Parliament whilst the Council already secured their mandate for negotiations—EFF and our allies will continue to oppose any media exemptions, and defend digital rights and fundamental freedoms for all.

De Europese Commissie onderneemt een derde poging: het nieuwe EU-US Data Privacy Framework zou wel houdbaar zijn onder Europees recht. Dat las ik bij AG Connect. Nadat eerst Safe Harbor en Privacy Shield sneuvelde, zou een nieuwe afspraak tussen VS en EU op magische wijze wél binnen de Europese grondrechten moeten passen. Ik zeg: moehaha, geloof je het zelf.

De basis van het verhaal is bekend genoeg denk ik. In de jaren negentig was er een overeenkomst tussen de VS en Europa (Safe Harbor) die afspraken maakte waarmee het transporteren van persoonsgegevens naar (en gebruik daarvan in) de VS legaal zou zijn onder de voorloper van de AVG.

In 2015 werd deze getorpedeerd, omdat uit de Snowden-onthullingen was gebleken hóe ver de VS gaat in haar (naar Europese maatstaven illegaal) gebruik van dergelijke gegevens door Justitie en opsporingsdiensten. De opvolger heette Privacy Shield en sneuvelde in 2020 dankzij toedoen van privacy-activist Max Schrems, vandaar dat we deze prestatie “Schrems II” noemen.

Voor ondernemers is dat een probleem, want de Amerikaanse cloud is onbereikbaar als er geen AVG-afspraken zijn. Er werd dan ook snel en hard gewerkt door de politiek om een compromis te bereiken. Dat is nu dus gelukt: met een Executive Order regelde president Biden de nodige dingen aan Amerikaanse zijde, en nu heeft de Europese Commissie gezegd dat die regeling in orde is.

Maar is dat ook zo? Het gaat hier uiteindelijk om een juridisch probleem, ingegeven door schendingen van mensenrechten. Dus dan mag de politiek wel van alles willen, uiteindelijk is dit aan de juristen. De kern van het probleem is namelijk dat de VS niet keihard haar inlichtingendiensten wil verbieden aan die transatlantische data te komen, of met een apart onafhankelijk gerecht Europeanen in staat wil stellen om op te treden tegen misbruik van persoonsgegevens (in de zin van: strijdig met de AVG).

Ik citeer Schrems maar even:

1. The “trick” here: the US will attribute another meaning to the word “proportionate” than the CJEU.
2. The Ombudsperson mechanism wasrenamed and split to a Civil Liberties Protection Officer (CLPO) and a so-called “Court” (which is not a court, but a partly independent executive body).
3. Finally, the US has refused to reform FISA 702 to give non-US persons reasonable privacy protections.

Als cynicus zou ik dan zeggen: wat had je dan verwacht, de transatlantische handel is belangrijker dan juridisch geneuzel, natuurlijk komt de politiek dan met een compromis. Maar het begint ondertussen best opzichtig te worden dat hier iets adequaat wordt genoemd dat het daadwerkelijk niet is.

Arnoud

Het bericht EC neemt nieuwe privacyregels aan voor datadoorgifte aan VS verscheen eerst op Ius Mentis.

Het inkorten van de looptijd van schuldhulpverleningstrajecten leidt vooralsnog niet tot een verkorting van de termijn van de schuldenbewinden. Tot deze conclusie komt de landelijke expertgroep Curatele, Bewind en Mentorschap, een overlegorgaan van rechters. 

Op 1 juli trad de vernieuwde Wet Schuldsanering Natuurlijke Personen (Wsnp) in werking. Onderdeel van de vernieuwde wet is het inkorten van de looptijd van schuldhulpverleningstrajecten, waardoor de vraag rees of dit ook moest leiden tot een verkorting van de termijn van schuldenbewinden.

Omdat nog onvoldoende duidelijk is hoe de wetswijziging in de praktijk zal uitwerken, is vooralsnog afgesproken om de reguliere vijfjaarstermijn van de schuldenbewinden niet te wijzigen. Totdat hierover meer duidelijkheid bestaat, zijn er voor de kantonrechter voldoende mogelijkheden om toezicht te houden op het verloop van het schuldenbewind. Hierbij kan ook rekening worden gehouden met de mogelijke invloed van de verkorting van schuldentraject op het bewind en kan de kantonrechter daarop ingrijpen als dit nodig is, bijvoorbeeld bij de driejaarsevaluatie of de controle van de jaarlijkse rekening- en verantwoording. Daarnaast hebben de betrokkene en de bewindvoerder de mogelijkheid om de kantonrechter te vragen om opheffing van de maatregel. 

In januari 2024 wordt opnieuw bekeken of het gewenst is om de termijn van het schuldenbewind te verkorten.

Voor meer informatie over de vernieuwde procedures met betrekking tot de Wsnp, kunt u terecht op onze website.

Een lezer vroeg me: Mag mijn baas mij verplichten om 24/7 beschikbaar te stellen d.m.v. een door de werkgever aangeschafte I-phone, om zakelijke emails te lezen en te beantwoorden c.q. de werkgever te bellen, buiten mijn contractuele werktijden c.q. buiten kantooruren? Dat hangt een beetje af van het werk en uw positie. Om even twee extremen te nemen: van een directeur bij een multinational mag dat zonder meer maar van een verpleegkundige mag dat absoluut niet. (Dat van die verpleegkundige is een makkelijke, want dat staat in hun cao. Ik ken geen andere sectoren waar expliciet is afgesproken dat buiten werktijd er niet wordt gewerkt.)

Als er geen cao is, dan komt het neer op de open regel van “goed werkgeverschap”, een goed werkgever moet je buiten werktijd met rust laten maar als goed werknemer (de overeenkomstige norm) moet je af en toe als dat nodig is bijspringen. Wanneer het nodig is, dat is dus niet te zeggen zonder het werk te kennen.

Het is geen reden voor ontslag dat u niet werkt buiten werktijd, maar het kan wel irritaties geven als dit blijft sudderen en dat kan op lange termijn de werksfeer onaangenaam maken.

In april blogde ik over het Franse recht op onbereikbaarheid, waar in Nederland ook soort van aan gewerkt wordt. Al een paar jaar ligt er een wetsvoorstel in Den Haag, zo schrijft men: het initatiefwetsvoorstel Wet over de bereikbaarheid van werknemers buiten werktijd, zoals het heet (Barbara Kathmann, PvdA). De kern is dat je beleid moet maken en in gesprekken met de werknemers moet kijken hoe ze zelf vinden dat het gaat.

Ik pak even mijn uitsmijter van toen erbij, want de vraag blijft actueel: “Moet je e-mailboxen blokkeren? Of mensen verbieden op bepaalde tijden te mailen?” Het klinken als retorische vragen van [hoogleraar Arbeidsrecht] Verhulp. Maar voor mij als ict-jurist klinken dit als hele logische suggesties. Wat is precies het probleem, dat de ict-afdeling niet weet waar het knopje zit? Wat gaat er stuk als je ergens vrijdag aanvinkt als “No access day” en dat dan die dag die persoon zhaar wachtwoord niet werkt? Of waarom is het technisch onhaalbaar om de aflevering van mail te vertragen tot de eerstvolgende dag die wél aangevinkt is als werkdag? Arnoud

Het bericht Mag mijn werkgever me verplichten buiten werktijd te werken? verscheen eerst op Ius Mentis.

Vanaf 4 september kunnen burgers, organisaties en juridische professionals zoals advocaten en belastingadviseurs bij alle rechtbanken digitaal procederen in rijksbelastingzaken. Digitaal procederen in rijksbelastingen in hoger beroep is al langer mogelijk bij alle gerechtshoven.

Via het beveiligde webportaal 'Mijn Rechtspraak' is digitaal procederen mogelijk in nieuwe en lopende rijksbelastingzaken. Procespartijen en -vertegenwoordigers loggen in via 'Mijn Rechtspraak' met DigiD (burgers); eHerkenning (organisaties, belastingadviseurs en andere juridische professionals) of met de Advocatenpas (advocaten). Digitaal procederen biedt een snelle toegang tot documenten uit eigen dossiers en bespaart papier. 

Digitaal procederen in rijksbelastingzaken is onderdeel van het project Digitale Toegang van de Rechtspraak. Met dit project realiseert de Rechtspraak de komende jaren eenvoudige digitale toegang voor alle rechtzoekenden en hun procesvertegenwoordigers in de rechtsgebieden civiel recht en bestuursrecht. Digitaal procederen is vooralsnog vrijwillig, maar wordt op enig moment verplicht voor juridische professionals.

Patience is a virtue. And so is tenacity.

We are elated to celebrate the Electronic Frontier Foundation’s 33rd anniversary today. EFF has officially been working toward internet freedom longer than many people have been online. I'm grateful to EFF's supporters for ensuring that digital rights remain important and vital, even as the internet itself becomes a crucial yet often overlooked fact of life for most.

What would the world be without any privacy or free expression online? You can see examples of that dark dimension in the battles we continue to fight every day: the rules that keep you from controlling the services you use and devices you own; corporate policies that censor the powerless; rampant data collection by both companies and governments; and laws that would break encryption.

That’s why EFF works so carefully to nurture a web that puts civil liberties and human rights at its center. It’s with great pride that EFF takes on court and legislative battles that may last years. But simultaneously, our team works on—and wins—immediate policy and legal fights while we develop rights-enhancing technologies to bridge the gap. We’re committed to defending your digital freedom for as long as technology changes and grows. With support from people like you, we’re not going anywhere.

EFF’s membership drive for this summer touches on the ways we tend the internet like a digital garden. It’s an apt metaphor because let me assure you: we get our hands dirty every day to weed out threats for your rights online. Through July 20, you can be an EFF member for just $20, and receive two limited-edition gifts as a special thanks.

Together we till the hard ground, plant the ideas, nurture the discussions, and nourish the movement we know today. It’s hard and sometimes slow work to grow the law, international policy, and the way people think and companies act to support our rights online, but it’s necessary. I hope you’ll join us and keep this mission thriving.

The seeds of digital freedom aren’t sown alone. I'm grateful to every person who has stood with EFF’s technologists, lawyers, researchers, and advocates since the 90s. Together we can cultivate tech’s future for the users.

Join EFF

Plant the seeds for a better internet

The implementation of Article 14 of the Copyright in the Digital Single Market Directive (CDSM Directive) in Italy raises a number of questions regarding the protection of the Public Domain. This article explores these questions by analysing the relationship between Article 14 of the CDSM Directive and the Italian Code of Cultural Heritage and Landscape (CCHL).

According to Article 14 of the CDSM Directive, any material resulting from an act of reproduction of a public domain work cannot be subject to copyright or related rights-protection unless it is original in the sense that it is the author’s own intellectual creation. All EU member states are required to implement Article 14 and amend their national legislation accordingly (see Deborah De Angelis’s blog post).

Italy transposed Article 14 of the CDSM Directive into domestic law by passing Article 32-quarter of the Italian Copyright Law n. 633/1941 in November 2023 (Legislative Decree no. 177). The article includes a problematic addition: “The provisions on the reproduction of cultural heritage contained in Legislative Decree No. 42 of 22 January 2004 [CCHL] remain unaffected.” The reference is to Article 108 of the CCHL, which requires the payment of a concession fee for the reproduction of digital images of state-owned cultural heritage in the public domain if the reproduction is for-profit. The provisions of the CCHL beg the question of the protection of the public domain by other fields of law outside of copyright and related rights, which are not explicitly mentioned in Article 14 of the CDSM Directive (see Mirco Modolo’s article on the subject). Only the European Court of Justice (ECJ) can provide guidance on this matter. However, no Italian court has referred to the ECJ yet to clarify the relationship between Article 14 and the CCHL.

In recent years, the CCHL has been used by Italian cultural heritage institutions to initiate a number of lawsuits against commercial uses of works by Italian artists, which are clearly in the Public Domain.

In 2018, a famous Italian luxury fashion brand posted a video on the internet in which a physical copy (a clone of the statue) of the David—created by Studi d’Arte Cave Michelangelo S.r.l. (Cave)—could be seen wearing a tailor-made high-quality outfit of the brand. The Ministry of Culture sought to have the Court of first instance of Florence issue an interim measure to prevent further use of the image of Michelangelo’s David for commercial purposes. The Court dismissed the petition on the grounds of lack of urgency, as both defendants had removed the contested material from their websites.

However, the Ministry of Culture found out that Cave continued using the image of the David on another website, studidarte.it, still for commercial purposes, and filed a new urgent petition against Cave in 2021. The petition was dismissed and then appealed against it. On 11 April 2022, the Court ordered (see Simone Aliprandi and Carlo Piana’s comment) Cave to stop using the images of the David for commercial purposes, to remove all images of the statue from Cave’s websites, to pay the Gallerie dell’Accademia di Firenze a fine of € 500 for each day of delay in the execution of the preventive order, and it was further ruled that summaries of the order would be published at the expense of the defendants in two national daily newspapers, in two local daily newspapers and on Cave’s Instagram profile and YouTube channel.

The Court concluded that the mere ex-post payment of compensation is insufficient for the legitimate reproduction of a cultural asset. For the use of the image to be lawful, consent is required, following a discretionary assessment of the requested use (and its possible configuration) concerning the asset’s cultural purpose and historical-artistic character. The nature of a cultural asset inherently requires the protection of its image through an evaluation of compatibility reserved for the Public Administration. This evaluation encompasses the right to reproduce the asset and the safeguarding of the asset’s consideration by fellow citizens – its identity as a collective memory of the national community and the territory. Therefore, according to the Court of Florence, this notion should constitute a comprehensive right to the cultural asset’s image (right of publicity).

In 2020, the Gallerie dell’Accademia di Firenze and the Ministry of Culture sued the publishing house GQ (Condé Nast) for the unauthorised use of the image of Michelangelo’s David on the July/August issue’s cover of GQ Italia (see Justus Dreyling’s post on this blog and this interview with Deborah De Angelis). The plaintiff asked the Court to enjoin the use of the image of Michelangelo’s David. The Court promptly issued an order banning the use of the image on the cover of the magazine and prohibited any further digital use of the image.

Eventually, on 15 May 2023, the same Court ruled again in favour of the Gallerie and the Ministry of Culture and condemned the publisher GQ to pay the Galleria dell’Accademia di Firenze two separate amounts: € 20,000 as a concession fee and an additional € 30,000 for the way in which David’s image was distorted for the magazine. In addition, the judge acknowledged the right to the image (which is granted by Article 10 of the Italian Civil Code to physical persons and legal entities), with specific reference to cultural heritage, considering the legal basis for this right is found in Articles 107 and 108 of Legislative Decree No. 42/2004, which directly implement Article 9 of the Constitution(See Eleonora Rosati’s comment on IPKat).

On  24 October 2022 (see Deborah De Angelis and Brigitte Vézina’s comment on this blog and Giuilia Dore’s contribution on the Kluwer Copyright blog), the Court of first instance of Venice decided on the lawsuit brought by the Gallerie dell’Accademia di Venezia, a public museum under the Italian Ministry of Culture, against the German toy-making companies Ravensburger AG and Ravensburger Verlag GmH as well as their Italian branch represented by Ravensburger S.r.l. for the unauthorised use of the images of Leonardo da Vinci’s Vitruvian Man on a series of puzzles. The order enjoined the German company to stop using the image of the Vitruvian Man for commercial purposes, to pay to the Gallerie dell’Accademia di Venezia a fine of € 1,500 for each day of delay in the execution of the preventive order, and it was further decided that summaries of the order would be published at the expense of the defendants in two national daily newspapers and in two local daily newspapers.

In October 2022, the Uffizi Galleries announced their intention to sue the French fashion house Jean Paul Gaultier for damages that could exceed € 100,000 after the company’s (allegedly) unauthorised use of images of Botticelli’s Renaissance masterpiece The Birth of Venus to adorn a range of clothing products, including T-shirts, leggings, and tops, for the brand’s new line Le Musée. There has not been any news on this controversy, and there is no evidence that a lawsuit has been served (see, Justus Dreyling, Brigitte Vézina, and Teresa Nobre’s post on this blog).

It is clear that a protectionist trend is emerging in line with the approach of the government (for a critical approach, see Roberto Caso’s comment on the Kluwer Copyright blog).

Prior to 11 April 2023, the interpretation and practice of art. 108 of CCHL granted cultural heritage institutions discretion to decide whether to adopt an Open Access policy, enabling the use of the digital images of cultural heritage through the use of a Creative Commons licence or Public Domain tools, to promote fair access to and sharing of Italian culture, while supporting the role of cultural heritage institutions in sustainable economic and social development.

In April 2023, however, the Italian Ministry of Culture  introduced minimum fees for commercial reproductions of State-owned cultural heritage, including for works in the Public Domain that all state-owned public museums will have to apply (Decree no. 161 also known as Guidelines). The Decree will have a detrimental effect on the promotion and dissemination of Italian cultural heritage globally, impeding knowledge sharing (see reporting on huffingtonpost.it and repubblica.it). The new guidelines represent a significant setback as they contradict the fundamental principles of public enjoyment and enhancement of cultural heritage enshrined in the Italian Cultural Heritage Code.

The situation in Italy escalated on 14 June 2023, when Senator Marcheschi (Fratelli d’Italia) proposed to punish with a fine between € 20,000 to 60,000 the unlicensed use of cultural objects in the public domain in violation of Articles 107(1) and 108(1)-(3) of the CCHL (as an amendment to the proposal of law on Article 518-duodecies of the Italian Criminal Code, on the destruction, dispersal, deterioration, defacement and illegal use of the physical cultural heritage and landscape). At the session of June 21st, 2023, the amendment was withdrawn, having received a negative opinion because of the costs it would entail to activate the sanctions, but it turned into an agenda for the Government “to consider the advisability of providing for the imposition of an administrative fine of 20,000 to 60,000 euros against anyone who, in violation of Articles 107, paragraph 1, and 108 paragraphs 1, 2 and 3 of Legislative Decree No. 42 of January 22, 2004, reproduces a cultural heritage or markets its reproduction in the absence of or in contravention of the order of the authority in charge of the property.”

The flow of income generated from the licensing of images of cultural objects remains more or less unchanged for major museums. Peripheral and smaller museums, by contrast, lament an increase in bureaucracy not supported by the hiring of new staff. The reproduction and dissemination of images of cultural heritage in smaller museums, even for commercial purposes, contributed to the diffusion of culture and the promotion of national heritage.

The discretion that was left to individual museums when licensing images of the objects under their custody, allowed the museum staff to consider different factors: internal costs, whether they already had good quality images not covered by copyright, the promotion of the museum, the valorization of the cultural object, etc. The mandatory application of the minimum tariff stated by the guidelines makes it impossible, e.g. for state-owned museum staff, to permit the free use of images according to the open access principle. In the past, museums and other state-owned cultural institutions could allow the free use also for commercial purposes (as permitted by CC licences and tools compatible with open access) without asking for a concession fee. The discretion previously held by cultural institutions to decide whether to authorise the free use of cultural heritage images has been eliminated.

Instead of creating positions to help under-staffed museums or promoting the preservation of the Italian cultural heritage, the Ministry of Culture has enacted unnecessary restrictions. The imposition of high fixed fees for the for-profit use of images of cultural objects in the Public Domain may result in limiting the exploitation only to privileged classes of individuals, while preventing local communities or “communities of origin” with a limited budget from participating in it. Moreover, the community has not been involved in the decision-making process and has not had a chance to participate in the debate. This scenario is further complicated by the possibility for the licensing administration to deny for-profit uses of images by invoking the “decorum” exception, namely judging the declared use of the image of the artwork as inappropriate. “Decorum” is a very broad, subjective, and undefined concept that contributes to generating uncertainty in this field (see Daniele Mancorda’s contribution).

What is more, creativity is at risk! Today, when using professional photographic reproductions of works in the Public Domain, which are subject to both copyright and the Guidelines, users will face the so-called “tragedy of anticommons” (a term coined by Michael Heller). These works will be used less due to the existence of multiple layers of protection, which are hard to navigate.

The post Tales of public domain protection in Italy appeared first on COMMUNIA Association.