EU Policy Blog News and perspectives on EU digital policy Thu, 23 Mar 2017 13:36:34 +0000 en-US hourly 1 Celebrating Europe Thu, 23 Mar 2017 09:06:49 +0000 Read more »]]> Sixty years ago, on the 25th of March 1957, European politicians gathered in Rome to lay the blueprint for the European Union as we know it today. This momentous occasion ushered in decades of peace and prosperity, and we at Microsoft are proud to join in the Treaties of Rome anniversary celebrations.

Our success as a company has been closely linked to the success of the European project. We’ve always supported the fundamental ideal of a union of European nations and peoples, even if we’ve sometimes disagreed with the EU on specific issues, and paid some record fines along the way. When all is said and done, the arguments in favor of the European Union far outweigh those against.

Microsoft’s own European journey began in 1982 when we opened a headquarters in London – our first outside the U.S. At the time, the company employed just 128 people worldwide. Today, 25,000 of our employees live and work in Europe. Our main European operations are based in Dublin, Ireland. And our business is increasingly rooted in cloud computing – technologies which will transform Europe’s economy.

I vividly remember my first business visit to Brussels. It was in 1995 and I had recently started working for Microsoft in Paris. Brad Smith – now Microsoft’s President and Chief Legal Counsel – and I travelled to Brussels for meetings with EU officials. But on that occasion, we also had another very particular mission: to introduce Stuart ‘Stu’ Eizenstat, the U.S. Ambassador to the EU, to the most exciting new technology of the time – the World Wide Web. Our demo equipment tripped the circuit breaker and we literally turned off the lights, but the power of the Web to transform society was evident. Over twenty years later, I’ve come full circle, living and working full time in Brussels to try to help shape a regulatory framework for cloud computing.

It seems fitting to recall this anecdote on EU Digital Day. Tremendous technological leaps forward have been made in a relatively short time. But it’s likely that there are plenty more to come. As digital has become increasingly interwoven into the fabric of societies and citizen’s lives across the globe, Brussels’ significance has grown.

Today, the EU is the center of regulation for the ICT industry, setting standards and norms for the rest of the world and exporting policies on key issues such as privacy, security and competition law. Amidst the ongoing debate about the purpose of the EU, setting rules for the technology sector which benefit Europeans and the European economy is an achievement to be proud of. In our industry we have a saying, “Where the U.S. talks, Europe acts”. This is good a thing for us, too, because rules help people trust our technology.

Respectful and constructive transatlantic relations are a necessity for the data economy to work properly. The EU-U.S. Privacy Shield is just one example of how Europe and the U.S. can successfully work together. This agreement protects European’s privacy rights in the U.S., whilst allowing U.S. companies to offer their services in Europe and create jobs at home and abroad.

If both sides of the Atlantic are to seize the opportunities offered by the digital transformation, then we must narrow – not widen – the gap between Brussels and Washington D.C. This week, as the EU reflects on its past and looks to its future, it’s worth remembering how transatlantic relations grounded in mutual respect, trust and openness have been and will be key to our common wellbeing. Microsoft’s focus going forward is to help make sure existing bridges between Brussels and Washington D.C. stay open and to help build new ones for even closer cooperation in future.

B20: The new global economy runs on free flow of data and trust Fri, 03 Mar 2017 09:05:16 +0000 Read more »]]> The German Federal Government took over the G20 Presidency at the end of last year. The economic dialogue B20 is an integral part of the G20 process, representing the entire business community of all G20 members. Its mission is to support the G20 through concrete policy proposals, consolidated representation of interests and expertise. Within the B20 task forces, joint recommendations for action are developed by representatives from trade associations, industry and international organisations from around the world.

Sabine Bendiek, Chairwoman of the Management Board, Microsoft Germany, is Co-Chair of the B20 Digitalization Taskforce, which was established for the first time within the B20 process. The taskforce will present the results of its work during the meeting of G20 digital ministers on “Digitalization: Policies for a Digital Future” to be held on 6-7 April in Düsseldorf. Next to topics such as Industry 4.0 and artificial intelligence, the B20 Digitalization Taskforce also addresses policy recommendations in the area of cross-border data flows. The B20 dossier on the topic, written by Sabine Bendiek, explains the significance of free data flows for the global economy and outlines the implications for political and legal frameworks.

Read Sabine Bendiek’s full contribution “The new global economy runs on free flow of data and trust” in the B20 Digitization Dossier.

This article first appeared on our Microsoft Politik Blog (in German) published by Inger Paus, Head of Social and Economic Policy, Microsoft Germany

Why we need new rules to deal with cyber (in)security Fri, 24 Feb 2017 15:45:08 +0000 Read more »]]> Last weekend, I had the pleasure of joining over 500 political leaders, diplomats, academics, civil society representatives and tech industry colleagues, at the 2017 Munich Security Conference (MSC). As was to be expected given the recent installation of a new U.S. administration, the future of the transatlantic relationship dominated conference discussions – but I was surprised at how the topics of cybersecurity, and insecurity, kept coming up over and over again.

Cybersecurity concerns have escalated into one of the central security policy issues of our time, with serious implications for the stability of our economies and social structures. Recent incidents of state hacking and doxing, as well as the distribution of fake news, have raised awareness and concerns to new levels.

Forty nations are currently known to be developing offensive cyber capabilities, reinforcing the urgent need for international rules for cyber actions, whether in war or peacetime. Microsoft has been one of the most vocal companies advocating for cybersecurity norms to govern state actions – we’ve come up with proposals for such norms for both the public and private sectors. And just last week, at the RSA Conference in San Francisco, Microsoft’s President, Brad Smith, called for a Digital Geneva Convention to protect civilians on the Internet in peacetime.

While at MSC, Microsoft hosted a discussion entitled “Cyber Influence, Attack, and Integrity – The Need for Norms of State Behaviour in Cyberspace,” moderated by my colleague Jan Neutze. I had the pleasure of introducing former U.S. Secretary of State, Madeleine Albright, who spoke on the topic, followed by a delegation of international panelists united by their expertise: former U.S. Secretary of Homeland Security, Michael Chertoff; the former Foreign Minister of Estonia, Marina Kaljurand, and Julian King, European Commissioner for the Security Union.

The principle of integrity was central to the discussion. It doesn’t just mean sticking to a code of values – something very pertinent in the context of defining acceptable behavior in cyberspace – it also defines “a state of being complete or undivided”.

This isn’t only about keeping cyberspace safe in the face of escalating threats. It’s about ensuring that all actors are united in their determination to protect citizens online. We should all lend our support to the recently launched Global Commission on the Stability of Cyberspace, an organization which will be entirely dedicated to developing policies that can improve security in cyberspace.

So where do we go from here? I think the answer lies in strong engagement from all; whether around agreeing to norms of conduct and building the capacity to enforce them, or finding ways to address the challenges of attribution and deterrence. A global agreement should create mechanisms to foster cooperation on attribution and hold perpetrators of attacks accountable.

We can learn from and build on the work of international legal experts whose recently published Tallinn Manual 2.0 is a very timely and valuable contribution on how existing international law applies to cyberspace.

Defining the parameters for state actions deserves broad and thoughtful discussion to find agreement where we can. Constructive and collective dialogue is the only way to progress. There was an overwhelming consensus in Munich that nation states should not be interfering with each other’s electoral processes, be it around balloting, counting, or reporting. It may be harder to reach agreement in other areas.

However, I did get the sense from almost all attendees at MSC that, now more than ever before, it is vital that we demonstrate a commitment to international cooperation, in particular to the historically-significant relationship between Europe and the United States, and to reducing cyber insecurity. In times of uncertainty, we should aim for more unity, not more division.

Get GDPR compliant with the Microsoft Cloud Wed, 15 Feb 2017 12:00:52 +0000 Read more »]]> The new General Data Protection Regulation (GDPR) is the most significant change to European Union (EU) privacy law in two decades. The GDPR requires that organizations respect and protect personal data – no matter where it is sent, processed or stored. Complying with the GDPR will not be easy. To simplify your path to compliance, Microsoft is committing to be GDPR compliant across our cloud services when enforcement begins on May 25, 2018. ]]> The need for a Digital Geneva Convention Tue, 14 Feb 2017 13:42:29 +0000 Read more »]]> This year’s RSA Conference in San Francisco brings the world’s security professionals together to discuss cybersecurity at a critical time.  The past year has witnessed not just the growth of cybercrime, but a proliferation in cyberattacks that is both new and disconcerting.  This has included not only cyber-attacks mounted for financial gain, but new nation-state attacks as well.  As engineers and other employees across the tech sector meet in San Francisco, we need to ask ourselves what our response should be.

Protecting innovation in the cloud Wed, 08 Feb 2017 16:07:39 +0000

Rapid advancements in cloud computing are creating new capabilities, insights and efficiencies, allowing businesses big and small to transform the way they deliver products and services. As this transformation accelerates, virtually every company in every sector of the economy is becoming in part a digital business. And as a digital business, it must master the new legal challenges that come with participation in the booming digital economy.

Staying civil online Tue, 07 Feb 2017 12:56:04 +0000 Read more »]]> On the occasion of Safer Internet Day 2017, Microsoft has published its first Digital Civility Index showing people’s perceptions of online behaviors and interactions in 14 different countries. The results demonstrate an urgent need to reinforce a culture of digital civility and promote effective public policies that protect people online, and we are encouraging people to take Microsoft’s “Digital Civility Challenge”.

It’s no coincidence that the same adjective that relates to a country’s citizens – “civil” – is also synonymous with courtesy and politeness. Almost 70 years ago, the UN General Assembly unanimously enshrined freedom of expression in the Universal Declaration of Human Rights. But this right can only be preserved when underpinned by respect for others, regardless of any difference in opinion.

Over the past year, we’ve seen an increased polarization of online discourse, frequently descending into harassment, denigration or intimidation. As the Microsoft Digital Civility Index shows, this kind of negative online behavior can have real-world consequences for those at the receiving end – ranging from increased stress or mental health problems, to financial losses or reputation damage.

Across the four EU Member States included in the survey – the UK, Germany, France, and Belgium – over 56% of respondents said they, or a family member, had been exposed to online risks in their lifetime. These risks include unwanted contact (38%), being treated meanly (17.5%), sexual solicitation (14.5%), trolling (14%), online harassment (12%) or exposure to hate speech (10%).

We are all tasked with safeguarding the values that define our societies – including respectful and civil discourse both online and offline – in order to foster a positive environment for each and every citizen.

Policymakers need to promote approaches that deter online exploitation and harassment, as well as actively collaborating with civil society and industry to raise awareness of online risks and agree foundational principles for counteracting these.

The European Commission has taken several steps in this regard, which Microsoft has always supported. In May 2016, we were one of several technology companies to sign the Commission’s Code of Conduct on countering illegal hate speech online, and we were a member of the CEO Coalition on creating a Better Internet for Kids, put together by the Commission in 2011. And even before, we signed the Safer Social Network Principles in 2009.

Now we have united with other private sector companies from a range of sectors, as well the Commission and relevant NGOs, to form the Alliance to Better Protect Minors Online. This initiative aims to help minors across Europe embrace all the opportunities of digital technology without compromising their safety, rights or freedoms.

Our commitment to this new alliance is part of a wider reflection on how to make the most of the Internet to transform our societies without leaving anyone behind. Technology can only be at its best when it benefits everyone, rather than just the fortunate few. Despite their past exposure to online risks, the European respondents of our Digital Civility Index survey were positive about the future, showing less concern that online risks would worsen. Let’s give credence to their optimism, by working together to create a more inclusive online environment rooted in digital civility.

Brad Smith speaks on rules for the digital economy at DLD Munich Mon, 16 Jan 2017 17:26:28 +0000 Read more »]]> “We need a new generation of law; one that will match technology, ensure technology is global, and ensure people’s rights are respected.” This was the rallying cry from Microsoft’s President and Chief Legal Officer, Brad Smith, speaking at the DLD conference in Munich yesterday.

Smith joined David Kirkpatrick, founder, host, and CEO of Techonomy, to discuss the rights and responsibilities of global technology companies in the cloud era, and to share Microsoft’s standpoint on the role of technology as a force for social good.

Smith stressed that the first step is acknowledging that “our products and services are having a huge impact on the world.” An impact which is often positive, but which can also create challenges for some people. He followed by saying that we need to start thinking about how to ensure that “cloud computing is trusted by people, is responsible, and genuinely contributes to an era of inclusive economic growth.” You can read more about Microsoft’s commitment to creating a trusted, responsible, and inclusive cloud here.

Trust in particular was a recurring theme throughout the panel, with Smith reflecting on how recent court cases have shown the need for a better balance between the global nature of technology and the importance of national laws protecting people’s rights. To bridge the gap, he concluded, we first need to modernize national laws, so they better reflect the reality of technological progress. Once that’s done, like-minded governments can work together to create treaties that work for the digital era.

Smith also recognized that the technology sector has a wider opportunity to foster social progress in Europe by accelerating entrepreneurship and innovation. Whether it’s investing in digital skills and computer science education, supporting startups across the continent, or playing an active part in discussions around digital policy, Smith expressed his belief that we “should do our part”.  Only in this way can we help every European feel the benefits of technology.

DLD Munich runs until tomorrow, with more than 1,000 participants and 70 separate panel sessions – including a “fireside chat” with Microsoft CEO Satya Nadella sharing his thoughts on artificial intelligence.

Laying the foundations for a data-driven European economy Wed, 11 Jan 2017 16:47:53 +0000 Read more »]]> Less than two weeks into the New Year, and we have our first digital milestone moment of 2017. Yesterday saw the presentation of the final building blocks for Europe’s Digital Single Market: the European Commission’s Communication on Building a European Data Economy, the proposed Regulation on Privacy and Electronic Communications, and a Communication on Exchanging and Protecting Personal Data in a Globalised World. All of these initiatives will help Europe unlock the potential of cloud-based technologies.

Microsoft’s business is built on trusted data flows, underpinned by our belief that privacy is a fundamental right. Trust is what empowers our customers in Europe to use the intelligent cloud to digitally transform and grow their business – trust between them and us, and between their customers and partners. By enhancing the mechanisms for global data transfers and customizing solutions that safeguard people’s privacy, the Commission is protecting citizens’ rights while maximizing opportunities for innovation, growth and job creation.

The measures presented yesterday will complement last year’s adoption of a single, uniform data protection law for the EU, the General Data Protection Regulation (GDPR), which laid the ground for ensuring the free flow of data.

These benefits, however, will only be realized if all Member States adhere to the spirit of a regulation whilst implementing it. The GDPR contains many derogation clauses allowing Member States to vary in their transposition. We are strongly supportive of how the Communication on the European Data Economy, and specifically the European Free Flow of Data Initiative, discourages Member States from using derogations in the GDPR that could fragment the market.

Member States can and should advance Europe’s digital transformation by removing both real and perceived blockers to cloud adoption, through governments’ clear endorsements. They should also avoid adopting rules on data localization which fall outside the remit of the GDPR. A recent study by the European Centre for International Political Economy (ECIPE) found that such restrictions risk backfiring, potentially leading to productivity losses and the creation of additional trade barriers, or lowering the competitiveness of the economy, without achieving any intended objectives.

2016 presented a whirlwind of changes in the area of technology and data management. Expect 2017 to be no different. Gartner, Forrester and IDC predict that companies will continue to expand their use of emerging technologies such as augmented and virtual reality, laying the ground for even greater adoption in years to come. Artificial intelligence (AI) is no longer the stuff of science fiction. Many companies have recently made significant investments in AI and a range of real-world applications already exist in areas such as customer service, finance, or healthcare.

The Communication on the European Data Economy also highlights several legal issues which will require review as emerging technologies continue to evolve. We commend the thoughtfulness of this approach, which respects the spirit of better regulation principles, and we stand ready to contribute to this dialogue.

Given the rapid pace of technological change, compliance with new rules laid down in the GDPR will also need further consideration. We appreciate that the Commission is taking an active interest in the efforts of companies to prepare for the May 2018 deadline.

Finally, the proposed Regulation on Privacy and Electronic Communications provides an opportunity to discuss how to protect confidentiality without relinquishing services consumers have come to expect or hampering the development of new products and features. Nowadays, service providers do far more than simply transmitting communications, encompassing a range of simple functions which make our lives easier; features which tell you your email is missing an attachment, correct your spelling and grammar, enable speech-to-text transcription, or help organize your day. All these functions rely on “deep learning” and could potentially be impacted by the proposed expansion of confidentiality protections to new service providers, limiting their ability to develop and offer such innovations.

In its Work Programme for the year ahead, the European Commission prioritized the implementation of its Digital Single Market Strategy first presented almost two years ago. The initiatives presented this week are a positive step forward, but to fully achieve a digitally-driven economy, we must ensure companies can provide innovative services to users whilst also protecting privacy. Only by striking this right balance can we create a more innovative, inclusive and globally-competitive European Union for generations to come.

A lack of cybernorms threatens Western democracies Wed, 14 Dec 2016 14:30:32 +0000 Read more »]]> Election season has upended cybernorms. It all started before the 2016 U.S. presidential election when U.S. officials alleged that Russia had hacked the Democratic National Committee and orchestrated cyberattacks to influence the electoral outcome. “The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations,” read a joint statement from the U.S. Department of Homeland Security and the Office of the Director of National Intelligence on October 7.

The fear that foreign-led cyberattacks might undermine democratic outcomes spread to other Western countries, too. German authorities pointed to Russia as the culprit of a massive cyberattack on the Bundestag, the lower house of parliament. Berlin also accused Moscow of being behind cyberattacks on the headquarters of the ruling Christian Democratic Union. The threat level is so acute that German Chancellor Angela Merkel is on record as saying that Russia could try to influence the 2017 German parliamentary election through cyberwarfare and disinformation.

The use of cyberattacks to influence electoral outcomes is a new and serious challenge for Western nations. Developing a proper and timely response is both necessary and difficult. The lack of a mutually accepted framework for the gradation of cyberattacks and the absence of potential countermeasures are parts of this conundrum. Most nations have long relied on a strategy of deterrence by secrecy to preempt cyberattacks. The thinking was that one side’s nondisclosure of its offensive cybercapabilities would create sufficient uncertainty to deter cyberattacks against critical targets.

But over the last year, there has been a fundamental shift in this posture. Russia’s relentless targeting of democratic institutions in Western countries heading toward elections is a clear indication that the age of deterrence by secrecy in cyberspace is drawing to a close. Earlier in 2016, the U.S. administration signaled that a more active cyberdefense posture might be needed to deter hacking by Chinese cyberwarriors. More recently, U.S. officials including Vice President Joe Biden have emphasized Washington’s newfound resolve to retaliate against Russia’s cyberhacking.

Similarly, UK Chancellor of the Exchequer Philip Hammond, who chairs the cabinet’s cross-department cybersecurity committee, set out a more aggressive cyberposture by confirming that Britain would retaliate against foreign governments that launch cyberattacks on the UK’s national critical infrastructure.

But as these developments show, the cybersecurity universe is edging toward uncharted territory, where the lack of proper norms to regulate escalation and retaliation has a potentially destabilizing impact on global security.

The transatlantic alliance stands out as the forum where norm building for cyberconflict below the threshold of military warfare can be advanced. The Tallinn Manual, an academic study launched in 2009 on how international law applies to cyberconflicts, is being updated to cover these situations.

More importantly, at its July 2016 summit in Warsaw, NATO decided to upgrade its cyberposture. The recognition of cyberspace as a new operational domain is a turning point for the alliance’s cyberstrategy and will have significant repercussions for NATO’s security doctrine and operational readiness. The alliance will need to develop a more elaborate understanding of how to make cyberdefense a collective endeavor and establish an acceptable set of principles for burden sharing among allies in the cyberdomain—just as for nuclear deterrence.

NATO’s more ambitious outlook was greatly facilitated by a shift in U.S. thinking that reduced Washington’s aversion to offering its impressive active cyberdefense capabilities as a resource for the alliance. It is unclear, however, whether the U.S. presidency of Donald Trump will be equally intent on outsourcing U.S. capabilities to respond to NATO’s cyberdefense challenges.

The events of 2016 have demonstrated that the gap between security threats triggered by the proliferation of cybercapabilities, on the one hand, and international norms to define acceptable behavior for state actors in cyberspace, on the other, has widened. This lack of international policy entrepreneurship may become a key challenge for ensuring peace and stability in today’s increasingly interconnected world.

Sinan Ülgen is the author of the Carnegie Europe report Governing Cyberspace: A Road Map for Transatlantic Leadership, which was supported by Microsoft.

This article was originally published on Carnegie Europe’s Strategic Europe blog.