The WannaCry ransomware cyber-attack hitting thousand of systems around the world, the continuous debate in the USA over net neutrality, and the increasing number of bilateral tax settlements involving Internet companies were among the main digital policy developments in the month of May. These and other developments, trends, and regional updates were the subject of May's just-in-time briefing on Internet governance – our monthly appointment on the last Tuesday of every month – which took place on 30 May 2017. They were also summarisied in the Internet Governance Barometer for May, and in Issue 21 of the Geneva Digital Watch newsletter, published on 30 May.
Leading the briefing, Dr Jovan Kurbalija, Director of DiploFoundation and Head of the Geneva Internet Platform, gave an overview of the top trends in digital policy in May:
- Ransomware attacks on the increase. The WannaCry ransomware, which affected healthcare services, government departments, schools, businesses, and individual users around the world, lead to significant debate and raised several questions: What was the technology used for the ransomware? Who was behind the attack? Despite the scale of the attack, why was the ransom so low?
- Uber classified as a transport company by the Advocate General of the Court of Justice of the European Union (CJEU). According to the Advocate’s opinion, Uber is a comprehensive on-demand urban transport company, and cannot be classified as an information society service. Although the opinion is not binding, it is expected to influence the ruling of the CJUE, to be issued in the upcoming period. And it has implications for the sharing economy and the labour law.
- US Federal Communications Commission (FCC) starts a process that may roll back net neutrality rules. FCC’s proposal – now under public comment – is aimed to overturn the classification of broadband providers as utility carriers, and envisions the repeal of the ‘general conduct’ rule that allows the Commission to investigate business models of Internet providers that might be uncompetitive.
- More bilateral tax settlements recorded. Alphabet (Google's parent company) settled a year-long tax-dispute with Italy for €306 million for 2002–2015. In October last year, Facebook also paid £4.2 million to British tax authorities. Bilateral tax settlements are used as a corrective measure for lack of taxation rules for new Internet business models. Given current fiscal difficulties, one can expect further pressure on the Internet companies to pay taxes in the jurisdiction where they gain a profit, even if they are not formally obliged to do it due to the lack of rules for taxation of Internet activities.
- Data protection authorities sanction Facebook over privacy breaches. Facebook was fined €150 000 by the Commission Nationale de I’Informatique et des Libertés (CNIL), France’s data protection watchdog, for violating data protection rules. The company is under investigation in four other European countries – The Netherlands, Spain, Germany, and Belgium.
|The next Internet governance briefing is on 27 June. Registrations are open.|
The briefing also included an overview of other digital policy issues that were particularly prominent in the public policy debate in May (including e-commerce and the digital economy, digital rights, and security), as well as an overview of the main Internet governance events held this month and planned for June. More details are available in Issue 21 of the Geneva Digital Watch newsletter.
During the interactive section of the briefing, several issues were raised: whether a Digital Geneva Convention – as proposed by Microsoft few months ago – could have prevented or stopped WannaCry; whether decentralised currencies such as Bitcoin could improve the economy or not; the possible negative consequences that the CJEU Advocate General opinion’s in the Uber case could have for innovative companies and their business models.
Regional perspectives from GIP hubs
Local hubs in Brazil and South Eastern Europe shared regional updates and perspectives.
The Rio hub, represented by Luca Belli, from the Center for Technology and Society of the Getulio Vargas Foundation, gave an overview of several digital policy developments in Brazil. The country’s civil aviation authority issued a new regulation on drones which, among others, provides that drone pilots need to comply with civil and criminal legislation, including on issues related to individual rights (such as the right to privacy). Brazil launched its first satellite since 1998, and it is expected that this will contribute to expanding Internet coverage in rural areas. Public authorities and private companies across the countries were affected by the WannaCry ransomware. A video with a more in-depth overview of regional updates and perspectives from Brazil is available.
During the South Eastern European hub, an overview was given of the main Internet governance and digital policy developments that occurred in May in the region. In Romania, the Chamber of Deputies rejected a draft law on .ro, which would have introduced a multistakeholder registry model for the country’s top-level domain. Ukraine, Romania, and Azerbaijan were among the top 20 countries most affected by WannaCry. The Serbian government adopted a Strategy for the Development of Information Security 2017-2020. In Turkey, the Information and Communication Technologies Authority banned access to all language versions of Wikipedia. The reason for the ban was stated as ‘unfounded claims of Turkey’s involvement in terrorist activities’. In Ukraine, a ban was introduced on Russian social networks VK and Odnoklassniki, email service Mail.ru, search engine Yandex, and cybersecurity and anti-virus providers Kaspersky Lab and Dr. Web. More details on the regional developments are available in the May summary. The briefing also included an overview of the third annual meeting of the South Eastern European Dialogue on Internet Governance (SEEDIG), which took place in Ohrid, on 24-25 May. The recording of the South Eastern Europe hub meeting is available.