The Council of Europe is Europe’s leading human rights organisation, with 47 member states, including all of the 28 members of the European Union. It campaigns to defend freedom of speech, privacy and the rule of law. It is an entirely separate organisation from the Council of the European Union and the European Council.

The Council is now ten days away from adopting a non-binding draft Recommendation whose provisions on the rule of law, privacy and net neutrality are baffling and contradictory.

On 20 November 2014, the Council of Europe’s Steering Committee on Media and Information Society discussed a draft text on “the right to freedom of expression and the right to private life with regard to network neutrality”. On Monday, 1 December, the “final” text was communicated to the members of that Committee, with a deadline of 15 December to provide comments.

The text is disturbing from the perspective of the rule of law, the right to privacy and net neutrality:

1. Rule of law

In its second paragraph, the text proposes that internet access providers “may” use traffic management “action to prevent access to, or the dissemination of, unlawful or harmful content, for example through self-regulatory systems in co-operation with public authorities,” while recognising that such activities could permit inspection or monitoring of communications, which “can undermine users’ trust in the Internet”.

A statement that they “may” do this appears to recognise a vigilante “right” for internet access providers to block content and to do so outside the rule of law (and potentially without any public oversight, due to the inclusion of the words “for example”), if they deem that the content in question was “harmful” or “illegal”. This would be in obvious contravention of the European Convention on Human Rights (ECHR), which states that restrictions on freedom of communication must be “prescribed by law” and “necessary in a democratic society”.

Except, later in the same document, the definition of traffic management states that such interferences are to “effect to a court order or an order of a regulatory authority”. This is far narrower, even though it is still a gross contradiction with basic principles of international law, as well as national constitutions. Turkey’s national constitutional court rejected a law which permitted the Telecommunications Regulatory Authority to impose blocking orders. A similar law in Italy has been referred to the Italian Constitutional Court.

The motivation behind this appears to be that in many countries, these regimes are already in place and not (yet?) deemed contrary to international law. These countries, among them the UK, apparently wish to keep these regimes and push for explicit recognition in formal rules, such as this Recommendation.

According to the ECHR, restrictions on privacy need to be in accordance with a predictable law and restrictions on freedom of communication need to be prescribed by law. Basic principles of international law are now being quietly reinterpreted. One wonders, if this process continues, what impact this will have in countries whose national courts need to interpret the long-established principle that restrictions on freedom of communication must be based on law.

2. Privacy

The text appears to acknowledge and accept that surveillance measures implemented for the purpose of identifying and blocking “harmful” communications “permit inspection or monitoring of communication” and “can be an interference with the right to private life”. The only safeguard mentioned is that this monitoring activity should be in line with Article 8 of the ECHR (even though the applicability of the provision to a private policing initiative is far from clear) and should be “tested against” applicable law. One wonders where that leaves Turkish citizens, whose government has not ratified Convention 108 (on personal data processing) or how, on what legal basis and by whom the testing should be done.

However, this interpretation of the draft Recommendation appears invalid, as this would be entirely incoherent with the Council of Europe’s Guide to Human Rights for Internet Users adopted in April 2014 by the Committee of Ministers (that is also expected to adopt this text). That Recommendation states that “your personal data should only be processed when laid down by law or when you have consented to it.” So, it seems at least that we know what the text does not mean.

3. Net neutrality

The text closely follows the line of the major telecommunications providers – the anti-net neutrality lobby. It consistently refers to “Internet users’ freedom of choice”, as if internet users are simply passive recipients of data. Or not… the text never actually clarifies which “Internet users” it is talking about. Internet users in general, or internet users that have chosen to use non-neutral internet access providers?

For example, the text says that “internet users’ freedom of choice should not be restricted by favouring or hindering the transmission of Internet traffic associated with particular content, services, applications or devices or traffic associated with services provided on the basis of exclusive arrangements or tariffs”. If, of course, an “internet user” chooses a service which restricts or hinders particular content, etc, this principle is not undermined for that user. If all other “internet users’” freedom to impart information is hindered by price discrimination, or their use of a protocol that is blocked by the ISPs of millions of recipients, then this principle is profoundly undermined. What does “internet user’s freedom of choice” mean? We don’t know.

The draft Recommendation has text that comes almost directly from the lobbyist’s playbook. Acceptable traffic management is defined as including measures “fulfilling contractual obligations with an end-user to deliver a guaranteed level of quality of service to that end-user provided that this does not impair the quality of open Internet access and does not constitute a discriminatory or anti-competitive practice”. Similar text was explicitly rejected when the European Commission’s Telecoms Single Market Regulation was put to a vote of the European Parliament in April of this year.

Except… the text also says that traffic management measures should be maintained no longer than is “strictly necessary”. Such restrictions are never “strictly necessary”. Sadly for the telecoms lobbyists, the text on “contractual obligations” appears to have been put in the wrong section of the text. The lobbyists included this text in Article 23 European Commission’s draft Telecoms Single Market Regulation, which covered “Freedom to provide and avail of open internet access, and reasonable traffic management,” where it could be understood as a contractual provision outside the scope of “reasonable traffic management”. In the Council of Europe document, it is under a section that only covers exceptional, time limited and necessary traffic management, where it makes absolutely no sense at all.

While we are confident that the text is too contradictory and unclear to have any lasting impact, EDRi is working hard to have the text improved.

