This stuff is really getting out of control.

Article 13, now 17, of the recently approved EU Copyright Directive says that “content hosting providers” ( e.g. platforms like Facebook or YouTube) make their best to prevent the upload or re-upload of copyright-protected works… except if they are covered by specific copyright exceptions such as quotation, criticism or parody.

The problems is who or what decides if a specific upload is covered by one of those exceptions? If the decision were left to human reviewers, the process would be slow enough that all those platforms would grind to a halt. The solution is (of course) automatic filters, and this is where the fun starts:

In order to recognize those exception, that software would need to recognise the context of each upload, that is to say specific information surrounding that specific upload of that same content, including personal data of the user uploading it."

According to a German judge with experience in data protection:

• Detecting such differences would depend on metadata such as the user identity, the place, and the date. This information would be considered personal data, and its analysis by the algorithm would be processing under GDPR. BUT in that case:
• Consent could not be freely given because all platforms would be required to have this processing in place, leaving no alternative to users
• smaller platforms would likely have to implement third party filters, bought as a service from bigger companies that have invested tens of millions of euros in such technologies. As a result, few big content filtering companies will be able to process the above-mentioned personal data of the vast majority of users.

The new copyright Directive would thus lead to “centralised filtering mechanisms”. Which, in case you were not paying attention, is marketing lingo for “ubiquitous, permanent censorship, just less accountable than when made by governments, because privatized”.

Even ignoring censorship, such filtering procedures would be “problematic in regards to the principle of proportionality mentioned in the GDPR and in the Charter of Fundamental Rights of the European Union”, and were “already discarded by the Court of Justice of the European Union”, because it failed to strike a fair balance “between the right to intellectual property, on the one hand, and the freedom to conduct business, the right to protection of personal data and the freedom to receive or impart information on the other”.

Summary: The legal obligation that Article 13 / 17 creates for platforms is incompatible with the right to protection of personal data, which makes it hard to rely on for the processing of personal data under the GDPR. So we have two regulations from the same entity, stomping on each other. Cool! Not.

For a more detailed summary, please do read the EDRI post where I took the quotes above and, for the whole story, the article from German judge Dr. Malte Engeler.

Image source: a good anticipation of the worldwide mess that mandatory upload filters will create: “YouTube’s Copyright Protection System is a Total Mess, Can it Be Fixed?"