Ref. Ref.Ares(2019)5227886 Ares(2018)805234 - 13/08/2019 12/02/2018

ANNEX 1 RELATED ONGOING INITIATIVES AT EU LEVEL The Commission shares with Germany many of the concerns to which the NetzDG tries to give a response. As a consequence, action at EU level is under way in many areas, through on-going legislative and non-legislative initiatives: 1.1. Notice and action In the Communication on the Mid-Term Review on the implementation of the Digital Single th Market Strategy, from 10 May 2017, the Commission has committed to underpin ongoing platform dialogues within the Digital Single Market with guidance on coherent procedural aspects such as the notification and removal of illegal content while ensuring transparency and the necessary checks and balances to protect fundamental rights, avoiding over-removal of legal content. In this context, the Commission will focus on issues such as minimum procedural requirements for the ‘notice and action’ procedures of online intermediaries related for example to quality criteria for notices, counter-notice procedures, reporting obligations, third-party consultation mechanisms, dispute resolution systems and coordination with public authorities as well as measures against repeat infringers and abusive, bad-faith notices. This work should produce first concrete results by end of 2017. The Commission considers that national solutions at this respect can lead to unwanted legal fragmentation and have a negative effect on innovation; guidance on the main common principles can address these issues, while leaving discretion to Member States as to how to design the process in the detail. 1.2. Free flow of data EU legislation already prohibits restrictions on the free movement of personal data within the European Union on grounds connected with the protection of personal data. Additionally, the same Communication on the mid-term review of the DSM includes the announcement of a legislative proposal, by autumn 2017, on the EU free flow of data cooperation framework which takes into account the principle of free flow of data within the EU, the principle of porting non-personal data, including when switching business services like cloud services as well as the principle of availability of certain data for regulatory control purposes also when that data is stored in another Member State. As referred above, the draft law contains two instances of data localisation requirements, obliging covered social networks to ensure that the content removed is "stored" and "documented" in the country for the purpose of prosecution. Even if limited in time, social networks would need to develop (or outsource) storing systems in German territory to comply with this obligation. It is not clear to what extent this is necessary and proportionate, and whether the access to this content for prosecution purposes cannot be equally be ensured if localised in a different Member State. While, unlike the Code of Conduct, the draft German law is a legal instrument, an analysis of its objectives against the objectives pursued in the Code of Conduct shows that the two are broadly coherent in terms of the overall objective. 5 5 Code of conduct on hate speech Page 1.3.

Both instruments aim at ensuring that notifications of illegal hate speech are assessed against the law and not only against the internal terms of service of the IT companies and that the assessment is made expeditiously. An important difference is that the scope of application of the German law goes beyond the Code of Conduct in so far that it includes also other offences, such as defamation (for this point see the assessment on fundamental rights and freedom of expression below). Further, the German draft law also makes progress on transparency rules that goes in the direction of what the Commissions would like to achieve too, including by ensuring that the IT companies provide a reason for the decision to remove or not remove a particular piece of content and by obliging them to publish detailed data on the number of notifications received and the corresponding removals. The draft German law also reflects the commitment in the Code of Conduct to identify national contact points for the purpose of easing the cooperation between national authorities and the IT companies concerned. The Code however does not specify where the contact points should be located. There is no correspondence in the Code of Conduct to the provision in the draft German law on the need for IT companies to ensure, through proactive measures, that also all copies of the notified illegal content is identified and removed if necessary. 1.4. Action on e-evidence According to Article 4(3) of the draft law, the regulatory offence may be sanctioned even if it is not committed in Germany. From the explanatory memorandum: "Paragraph 3 ensures that the obligations envisaged in this regard and the corresponding elements constituting a regulatory offence also apply to acts carried out abroad. In the absence of the clarifying provision, it would be doubtful whether, as regards all offences resulting in a fine under the draft, Section 5 and Section 7(1) of the Regulatory Offences Act would result in acts committed abroad being punished. For example, the provider could also draw up the report as per Section 2(1) sentence 1 (or make arrangements for it to be drawn up) abroad or also offer training abroad in accordance with Section 3(4) sentence 3. The place where the act was committed within the meaning of Section 7(1) of the Regulatory Offences Act, where the obligated person would have to act in case of default, would therefore be outside Germany, meaning that the geographical coverage of the Regulatory Offences Act as per Section 5 would not apply." Last year, EU Ministers of Justice asked the Commission to look into ways to improve cross- border access to electronic evidence for authorities, and the Commission will present an initial reflection paper on options to enhance such cross-border cooperation to the next Justice and Home Affairs Council. Such cooperation mechanisms – possibly underpinned by the appropriate regulatory framing – offer more sustainable and EU-wide solutions than the unilateral obligations of the German law. The proposed draft Audiovisual Media Service Directive, proposed by the Commission on th 25 May 2016, is currently in the process of negotiation by the Council and the Parliament. The proposed directive foresees a limited extension of its scope to video-sharing platforms. 6 6 Negotiations on AVMSD Page 1.5.

Video-sharing platforms will be obliged to take measures to protect minors from harmful content and to protect all citizens from incitement to hatred. In the context of the negotiation, there are strong calls to extend its scope to social media, to the extent that the provision of audiovisual content (videos) constitute its main and essential functionality. To the extent that hate speech (as defined by the national law) is contained in audiovisual content and spread through a video-sharing platform or through a social network which complies with the criteria to be established, it will be covered by the new obligations established in the Directive. In this sense, the German draft law is partially overlapping with the scope of the draft Directive: this already asks video-sharing platforms (and some social networks) to establish reporting mechanisms and parental control systems. Annex 2- Full analysis of the German draft law to improve law enforcement in social networks Page 7 Redacted (pages 8-16) 7