If there’s one thing U.S. researchers know about the state of the web in The Netherlands, it’s that those Lower Countries got their act together when net neutrality became law in 2012. Hell, even the New York Times ran a story, as it was the first net neutrality law in Europe, the second in the world after Chile. These days, net neutrality is the talk of the town both in the U.S. and the E.U., but it seems further away than ever: the U.S. Senate has scheduled a hearing about the Comcast/Time Warner Cable merger, creating a telco giant with huge power of internet access provision. And at the E.U. level, the issue is up for vote in the Pariament – and it doesn’t look too good. The key provisions from the Dutch internet freedom legislative package may provide some inspiration in times of desperation. They cover net neutrality, a prohibition on commercial wiretapping (DPI), and one on three strikes copyright enforcement.
The provisions are re-posted them from Bits of Freedom’s website in 2011. When we re-started Bits of Freedom in the summer of 2009, positive legislation for internet freedom was one of our first promises to the Dutch internets. For two years, our team — as always in close collaboration with ravingly smart expert volunteers — thought hard about how such legislation should look like and how to prepare and involve the right Members of Parliament. My first meeting with a politician, ever, was in September 2009 with a Dutch Social-Democrat where we proposed an attack plan. In 2011, we were ready and we had formed the right coalitions within the Parliament. Together, we caught the everyone — especially the telco industry — by surprise. It became one of Bits of Freedoms big success stories of those first years, and the experience is still foundational for my understanding how law is shaped on the ground. The provisions have survived ever since, save some minor tweaks. Net neutrality and commercial wiretapping have since been enforced by communications- and data protection agencies in the Dutch mobile broadband market.
Here are the unofficial translations made by Ot van Daalen — Bits of Freedom’s director at the time — of the Dutch provisions and their explanatory memo’s:
1. Proposal for net neutrality, explanatory memorandum
2. Proposal for safeguards against internet disconnection, explanatory memorandum
3. Proposal for safeguards against wiretapping, explanatory memorandum
1. Proposal for a net neutrality provision – Article 7.4a Telecommunications Act (unofficial translation)
1. Providers of public electronic communication networks which deliver internet access services and providers of internet access services do not hinder or slow down applications and services on the internet, unless and to the extent that the measure in question with which applications or services are being hindered or slowed down is necessary:
a. to minimize the effects of congestion, whereby equal types of traffic should be treated equally;
b. to preserve the integrity and security of the network and service of the provider in question or the terminal of the enduser;
c. to restrict the transmission to an enduser of unsolicited communication as refered to in Article 11.7, first paragraph, provided that the enduser has given its prior consent;
d. to give effect to a legislative provision or court order.
2. If an infraction on the integrity or security of the network or the service or the terminal of an enduser, refered to in the first paragraph sub b, is being caused by traffic coming from the terminal of an enduser, the provider, prior to the taking of the measure which hinders or slows down the traffic, notifies the enduser in question, in order to allow the enduser to terminate the infraction. Where this, as a result of the required urgency, is not possible prior to the taking of the measure, the provider provides a notification of the measure as soon as possible. Where this concerns an enduser of a different provider, the first sentence does not apply.
3. Providers of internet access services do not make the price of the rates for internet access services dependent on the services and applications which are offered or used via these services.
4. Further regulations with regard to the provisions in the first to the third paragraph may be provided by way of an administrative order. A draft order provided under this paragraph will not be adopted before it is submitted to both chambers of the Parliament.
5. In order to prevent the degradation of service and the hindering or slowing down of traffic over public electronic communication networks, minimum requirements regarding the quality of service of public electronic communication services may be imposed on undertakings providing public communications networks.
Additional article regarding transition
Article 7.4a of the Telecommunications Act will not apply to agreements concluded before the entering into force of that article for up to a year after the entering into force of that article.
[note: Due to an error an amendment to allow for filtering for ideological purposes was introduced in the act, but this error will hopefully be corrected this week.]
Proposal for net neutrality provision – Explanatory memorandum
Dutch provision
End-users should be able to decide what content they want to send and receive, and which services, applications, hardware and software they want to use for such purposes (in accordance with paragraph 28 of Directive 2009/136/EC). The original article 7.4a proposed by the Minister can not adequately ensure this, because it allows providers to restrict access to websites or services. Internet Service Providers will increasingly take measures to hinder or slow down Internet traffic, either at their own initiative or under pressure from third parties, unless this is prohibited. This amendment is intended to replace Article 7.4a Telecommunications Act proposed by the Minister.
The amendment aims to maximise choice and freedom of expression on the Internet for end users. The term “Internet” refers to the global, world wide network of endpoints with IP addresses assigned by the Internet Assigned Numbers Authority. It is not intended to prohibit the “reservation” of bandwidth for IP-based services which are offered through its own network, including IP-based television that is not offered via the Internet: these are no services or applications on the Internet. The term Internet should be interpreted broadly, however, to ensure that providers cannot circumvent the scope of this provision. The term “provider of an Internet access service” refers to the term as used in the appendix under Article 13.2a of the Telecommunications Act.
It is clear that the term Internet access service should be interpreted broadly, to prevent circumvention of this provision. If access to websites, multiple services or applications, including apps, is offered, this should at any rate be considered an Internet access service. It is, therefore, at at any rate not allowed to offer a service consisting of access to (certain) web pages, services or applications, where the use of certain applications or services are blocked or priced differently. This means that providers are allowed to offer separate services over the Internet, but may not offer packages to access a part of the Internet. Of course, providers may differentiate their subscriptions for internet access or in other ways, such as bandwidth and data limits.
This restriction on the behavior of providers of Internet services is necessary to ensure open and unrestricted access to the Internet for (online) service providers, citizens and business. It should be prevented that Internet access service providers block or restrict specific information or services.
The amendment prohibits the hindering or slowing down of services or applications on the Internet. This means firstly that a provider may not hinder or slow down a service or application of a specific party. It also means that the provider may not hinder or slow down any specific service or application, such as Internet telephony. The amendment seeks inter alia to prevent the damage a user suffers by breach of the standards contained herein.
To avoid misunderstanding, applicants would like to emphasize that the providers under this article are allowed to provide separate services over the Internet. This allows the provider to offer a separate subscription for mobile VoIP calls instead of the regular cell phone (think for instance of a VoIP mobile phone subscription). Although this service is provided over the Internet, it is not a service intended to provide access to Internet. Such a service is not an Internet access service as defined in this article, but a telephone service. In these cases, it allowed to block the remaining internet traffic (in the case of a VoIP-only subscription all traffic that is not used for VoIP).
Only in certain, limited cases as described in Article 7.4a, first paragraph sub a to da, an exception may be made to the principle that ISPs may not hinder or slow down traffic from end users. Those exceptions must also be interpreted narrowly, whereby the assessment of the necessity must be based on criteria of proportionality and subsidiarity which are similar to criteria established in the context of the application of the European Convention on Human Rights.
The exception under a aims to ensure that in case of congestion, traffic which should be passed without delay (such as VoIP) can be passed quickly, and that in such a case other traffic may be delayed. Few measures will in the opinion of the petitioners be deemed necessary. The most effective method to combat the effects of congestion is indeed to avoid congestion. Providers can avoid congestion in the first place by adequate investment in capacity. However, if there is congestion, then the measures under this exemption are designed to encourage end-users continue to have maximum access to information, disseminate information and use applications or services. Providers may under this exception only take measures which are not discriminatory, so providers must treat the same or similar services equally. It is to be expected that a heavier service will be delayed first. The measures should be removed as soon as there is no congestion anymore.
The amendment does not seek to prevent the provider from applying necessary network management in order to ensure proper transfer and access. In addition, the provider in the case of congestion may prioritize proportionally the traffic of Internet subscribers with high bandwidth over the traffic of Internet subscribers with a lower bandwidth, in proportion to the difference in bandwidth between these subscriptions.
The exception under b is aimed at blocking traffic which affects the safety or integrity of the network or the terminal of the end user (as discussed in the above mentioned paragraph 28). Traffic which affects the safety or integrity of the network, can for example be traffic from computers that are part of a botnet and which is used for a distributed denial of service attack. Violations of the security or integrity of the terminal are for example traffic used by a hacker without authorisation of the user views, copies or manipulates files on the PC. Again, a measure must be proportionate, so must be restricted to only the traffic that affects the security or integrity, and should no longer be in force if the traffic is not being transmitted anymore. The term “integrity and security” should be interpreted narrowly and does not protect interests of third parties. The measures for the integrity and security of the service and network also include the blocking of outbound spam by the provider.
The exception under c is designed to make it possible to block unsolicited commercial communications such as spam.
The exception under d is designed to allow for the situation where providers are required by statute to hinder or slow down to certain traffic, or are required to do so under a court order.
The second paragraph seeks to ensure that a measure which safeguards the integrity or security of a network or service is protected with sufficient procedural safeguards. Internetproviders under this paragraph would for example only be allowed in limited cases, to block traffic from botnets within its network, when they have informed an end user from whose computer the traffic originates, an opportunity to take action to stop the transmission of the traffic. This is intended to prevent the undesirable situation where a company network is shut off from the internet if a provider has determined that within this network there is a computer that is part of a botnet. The administrator of the company will then first have the opportunity to turn the infected computer off itself.
The third paragraph is intended to prevent Internet service providers to charge prices which result in restrictions of access to specific services or applications on the Internet. This still allows for the charging of different prices for different types of bandwidth. Under this paragraph, providers are prohibited from charging a higher price for Internet access where internttelephony is used than for Internet access where it is not the case.
To avoid misunderstanding, the authors would like to emphasize that it is permissible to offer an Internet access service in conjunction with filtering software or technology, for “parental controls” or filtered Internet for religious communities and schools. To prevent circumvention of the principle of net neutrality, the provision, quality or the rate of Internet access service may not depend on whether the filtering software or technology is used. The subscriber must be free to obtain the Internet access service without the filtering software.
Latsly, it remains possible to provide a mobile Internet access service to customers in the Netherlands alone, and not abroad. This may be attractive to a subscriber which would like to avoid data roaming costs abroad.
The fourth paragraph makes it possible to make further rules regarding the provisions in the first, second and third paragraph. In the case of (at the time of establishment of this article as yet) unforeseen circumstances it may be necessary to to clarify or specify the first to third paragraph. For such legislation, only clarifications of the first to the third paragraph may be arranged. This regulation at a lower level may not introduce additional exceptions to the principle of net neutrality. These rules must be filed beforehand at the parliament.
The fifth paragraph was proposed by the government to implement Article 7.4a.
Article VIb proposes a transition regime for Article 7.4a. Article 7.4a as it is replaced after the effective date will apply to all contracts for an Internet access service. In the interest of legal certainty, and in order to give the providers a reasonable time to comply with this obligation, it is proposed that existing agreements are exempt from Article 7.4a. This transition is valid for one year after the effective date. The obligation to act in accordance with Article 7.4a is valid for all contracts to supply an Internet access service after the date of entry into force of section 7.4a and agreements concluded after that date (automatically) be extended or renewed. Of course, providers remain free to offer subscriptions before entry into force of section 7.4a which already comply with Article 7.4a in anticipation of the enactment.
2. Proposal for safeguards against internet disconnection – Article 7.6a Telecommunications Act (unofficial translation)
Dutch provision
1. A provider of an internet access service to an end user may only wholly or partially terminate or suspend the supply of this service:
a. at the request of the subscriber;
b. in case of a failure of the subscriber to perform its payment obligations or the bankruptcy of the subscriber;
c. in the case of deception as referred to in Article 3:44 of the Civil Code by the subscriber;
d. when the duration of the fixed-term agreement to supply the internet access service expires and the agreement with the consent of the subscriber is not extended or renewed;
e. in order to give effect to a legislative provision or a court order; and
f. in the case of force majeure and unforeseen circumstances as referred to in Article 6:258 of the Civil Code.
2. The provider does not take a measure as referred to in the first paragraph, first sentence and part c, before he has informed the subscriber in writing of the intention to take this measure, including a motivation in writing relating to the alleged deception, and he has provided the subscriber with a reasonable term to react to the intention and react on the alleged deception.
Proposal for safeguards against internet disconnection – Explanatory memorandum
Dutch provision
The former government has indicated that it feels sympathy for a policy that wants to protect users against frivolous Internet disconnection (See Papers II 2009/10, 21 501-33, No. 230). Currently, Internet providers on the basis of their terms and conditions may terminate or suspend the internet connection for various reasons. Given the importance of the internet in The Netherlands, it is necessary to describe exhaustively the circumstances under which an Internet access provider may terminate or suspend the internet connection. The term “provider of Internet access service” refers to the term as used in the appendix under Article 13.2a of the Telecommunications Act. For the sake of clarity, this new article does not relate to web hosting. Websites can be taken offline in the case of manifestly unlawful or criminal matters, in accordance with the statutory provisions and the Notice and Takedown-procedure which the industry itself has prepared.
Section a provides that the service provider may terminate the service at the subscriber’s request. The subscriber is the person who concluded the contract agreement with the provider of the Internet access service. The subscriber can terminate the contract itself, after which the provider may terminate the service.
Section b provides that the service provider may terminate the service if the subscriber does not perform his payment obligations or goes bankrupt. In accordance with the contract rules set out in the Civil Code, the subscriber should be defaulted and be offered the opportunity to repair and still meet its payment obligations. If the subscriber does believe that he has paid, redress can be sought at the Arbitration Board, OPTA [The Dutch National Regulatory Authority] or the court.
Section c provides that the service provider may terminate the subscription in the case of deception, e.g. providing a false identity or a false address. The provider should have to prove the fraud, so the burden of proof lies with the provider. The second paragraph ensures that the provider follows a careful procedure if he believes there to be deception.
Section d provides that a supplier may terminate the service if the contract period of a fixed term contract expires. Normally speaking, such a contract is continued as an agreement of indefinite duration, which may be terminated each month. The subscriber will often expect the initial contract period of one or two years to continue as a contract of indefinite duration when concluding a subscription for an Internet service. Hence, in this section it is stated that the service may be terminated only if the subscriber agrees that the service will terminate after the contract period. This ensures that a subscriber is well informed and his consent is given to termination of service and he not is disconnected against his will.
Section e provides that the Internet service provider may terminate the connection if required by law or the court.
Under f, the service can be discontinued in the case of force majeure as referred to in Article 6:258 of the Civil Code. This provision does not change this, but should be mentioned here.
These six situations provide an exhaustive list of circumstances under which the provider may terminate the internet access service. It is not allowed to terminate the service reasons other than those listed here. This ensures that people cannot simply be disconnected from the Internet. The authors wishes to stress that Article 7.4a [This refers to the net neutrality provision] already allows for the blocking of an internet connection in order to ensure the safety and integrity of the network. The termination of the services for this reason is a disproportionate measure. The subscriber after all has a chance to terminate the threats to the security and integrity by the network connection or terminals by himself. If he does, the connection can be restored and thus the service will continue.
3. Proposal for safeguards against wiretapping – Proposed Article 11.2a Telecommunications Act
Dutch provision
1. Notwithstanding the Dutch Penal Code and the provisions set out in or by way of this act, the provider of a public electronic communications network and the provider of a public electronic communications service ensure the confidentiality of the communication and the related data via their network or their services.
2. The provider of a public electronic communications network and the provider of a public electronic communications service shall refrain from the tapping, listening, or other kinds of interception or surveillance of communications via a public electronic communications network or public electronic communications service and the related traffic data, unless and to the extent that:
a. the subscriber in question has provided is explicit consent for these actions;
b. these actions are necessary to ensure the integrity and security of the networks and services of the provider in question;
c. these actions are necessary to ensure the transmission of information via the networks and services of the provider in question; or
d. these actions are necessary to comply with a legislative provision or a court order.
3. Prior to obtaining consent as referred to in paragraph 2, sub a, the provider provides the subscriber with the following information:
a. the type of data which is being tapped, listened, intercepted or surveilled;
b. the purposes for which the data are being tapped, listened, intercepted or surveilled;
c. the duration of the tapping, listening, intercepting or surveilling of the data.
4. A subscriber can retract the consent as referred to in paragraph 2, sub a, at any moment.
Proposal for safeguards against wiretapping – Explanatory memorandum
When Directive 2002/58/EC on privacy and electronic communications (ePrivacydirective) was implemented in the Dutch law, the Minister of Economic Affairs indicated that it did not provide for an implementation of Article 5 of the Directive (Kamerstukken II 2002 / 03, 28 851, No. 3, p. 46). He then announced, partly at the urging of the Raad van State (Kamerstukken II 2002/03, 28 851, No. A, p. 3), that an implementation proposal would be proposed at a later date. The abovementioned provision was, in the opinion of the petitioners, never properly implemented. The European Commission now initiated infringement proceedings against the United Kingdom as a result of the inadequate implementation of this Article, further underscoring the need for proper implementation in Dutch law.
Currently, only the third paragraph of Art. 5 ePrivacydirective, regulating the use of cookies and spyware, among other things, is implemented in Dutch law (see art. 4.1 of the present Decree on Universal Service and users’ interests and the amendment of the Telecommunications Act to implement the revised Telecommunications directives). This implies that an important part of this provision is not implemented. This amendment seeks to implement Article 5 paragraph 1 of the ePrivacydirective.
Articles 139c and 273d of the Penal Code include provisions aimed to prevent the provider from violating the confidentiality of communications. This proposal is intended to supplement these articles. On this basis, explicit consent of the subscriber is required and also the purposes for which communication may be controlled are limited. This provision is enforced by OPTA [The Dutch National Regulatory Authority] instead of the public prosecutor.
Paragraph 1 of this article contains a general duty of care for providers regarding the communications and related data being transported through their network and services. This is an elaboration of the duty of providers to ensure and respect the confidentiality of communications. This paragraph shall not affect the provisions of Section 13 Telecommunications Act, inter alia, which concern the interceptability of the networks and services. The term “communications and related data” is broad and includes traffic and location data.
Paragraph 2 contains a general prohibition to listen to traffic that is transported via service providers, except if specifically defined exceptions apply. Not only the storing of, but also the storage without analyzing the communication is prohibited under this paragraph. The exceptions under a to d should be interpreted restrictively, as evidenced by the words “unless and to the extent”. The authors with these phrases emphasize that an exception should never go further than necessary, and thus must meet strict requirements of proportionality. Also the use of the term “necessary” in the exceptions is intended to underline this. The exception under a is aimed to grant the user the freedom to choose to have his communication analyzed. Because this is a severe curtailment of privacy and the confidentiality of communications from both the subscriber and other users with whom the subscriber communicates, this requires that the consent of the customer’s be explicit. This refers to the consent as required by Article 23 of the Data Protection Act. The exception under b is intended to allow for providers to take measures necessary for protecting their networks or services. The exception under c comes from Article 5 paragraph 1 of the ePrivacydirective. The exception under d is intended to clarify that a provider may comply with a legal requirement or court order.
If a corporation uses a third company to enable the performance of activities (e.g. through subcontracting), the corporation (as the principal) is responsible for the quality of service to its customers and for complying with legal obligations. This also applies to the provider of a public electronic communications network or the provider of a public electronic communications having work executed for the benefit of its network or services. The provider in the arrangements with the third party from now on will also have to provide for ensuring compliance with the obligations contained in this article regarding the confidentiality of communications and data. After all, if the obligations contained in this article are violated, the national regulatory authority will hold the provider responsible, even if the provider has outsourced the work to a third party.