Saturday, May 31, 2014

European court’s Internet privacy ruling may prove costly

This month’s bombshell decision from the European Court of Justice pronouncing a “right to be forgotten” on the Internet was couched as a principled stand for digital privacy. Looking closer, however, one could see a double standard at work.

The enormously expensive effects of the decision fall squarely on the shoulders of search engines based mostly in the United States, while the European players left the courtroom free of obligation. The courage of the court’s convictions, it seems, applies only outside the borders of the European Union — a result that, while convenient in the short term,carries ominous implications for Europe’s future.

Read more here:

While Google may have the resources to forge on in Europe, tomorrow’s Google or Facebook or Tumblr may not. It isn’t difficult to imagine start-ups simply forgoing a European presence, given the high cost of doing business there. It’s a dire consequence, but by creating special rules that apply only within the European Union, the continent has set itself on a path toward cutting itself off from the global community.

Read more here:

Read more here:

Friday, May 30, 2014

Privacy call for internet browsing in the wake of Edward Snowden leaks

More than eight out of 10 internet users believe browsing history should be kept private, according to a survey.

The poll, commissioned by the Joseph Rowntree Reform Trust one year after US whistleblower Edward Snowdon leaked top-secret files revealing the activities of UK and US intelligence agencies, showed 85% believe it is "fairly important", "very important" or "essential" to keep browsing records private.

Only 12% believe it is not important, the survey conducted by Ipsos Mori showed.

... The Don't Spy On Us campaign is a coalition of freedom of expression and privacy campaigners including ARTICLE19, Big Brother Watch, English PEN, Liberty, Open Rights Group and Privacy International.

Results were based on a face-to-face survey of 1,958 Britons aged 15 and over conducted between 25 April and 3 May.

 read more at The Guardian

Internet of Things crisis? Privacy issues could be barrier to smart-device take-up, says Ipsos Mori report

Over half (53 per cent) of the UK population do not realise that smart devices can collect data about their personal activities, and only seven per cent of them would be comfortable with advertisers accessing this data, according to research from Ipsos Mori.

The ‘TRUSTe Internet of Things Privacy Index - GB Edition’ study, conducted across 2,005 UK internet users aged between 16 and 75 years old on behalf of data management company TRUSTe, predicted that 26 billion connected devices will be in the market by 2020.

“Companies must be honest and up front with consumers about the scale and type of data that’s being collected and how they can control its potential uses. We look forward to bringing together experts from across the industry at the Internet of Things Privacy Summit this July in Silicon Valley, to start to address these needs and scope out the next generation of privacy solutions.”

read more at The Drum

U.S. officials, Snowden clash over e-mail records

The Obama administration and former intelligence contractor Edward Snowden offered divergent accounts Thursday of his efforts to raise concerns about National Security Agency activity more than a year ago, as each side tried to shape the debate over whether the massive leak of classified information was avoidable.

Intelligence officials released a brief e-mail that Snowden wrote in April 2013 inquiring about legal authorities but raising no concerns about any particular NSA program or law. The suggestion was that the e-mail did not make Snowden a whistleblower. U.S. officials said the NSA had found no other evidence that he had expressed concerns to anyone in a position of authority or oversight...

... Congress is weighing legislation to carry out President Obama’s call to end one program — the NSA’s mass collection of data about Americans’ phone calls.

“Ultimately, whether my disclosures were justified does not depend on whether I raised these concerns previously,” Snowden said. “That’s because the system is designed to ensure that even the most valid concerns are suppressed and ignored, not acted upon.”

On Thursday, Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) also released the e-mail exchange. The panel last month had asked the NSA for any communications between Snowden and the agency relating to the legality of NSA programs.

more at Washington Post

Google takes steps to comply with EU's 'right to be forgotten' ruling

Google Inc has launched a service through which European citizens can request that links to what they deem as objectionable material be taken off search results, the first step to comply with a court ruling affirming the "right to be forgotten."

The world's largest Internet search engine, which processes more than 90 percent of all Web searches in Europe, said on Thursday that it has made available a webform through which people can submit their requests, but stopped short of specifying when it would remove links that meet the criteria for being taken down.

Google also said it has convened a committee of senior Google executives and independent experts to try and craft a long-term approach to dealing with what's expected to be a barrage of requests from the region's roughly half-billion occupants.

more at Reuters

Thursday, May 29, 2014

Hackers are winning the cyber crime war, says new study

"... It is a continuation of a number of reports on cyber security that have been published in recent months after a series of mass attacks hit a number of websites, including most recently eBay and Spotify, where millions of users accounts were hacked by outside sources.

 The study surveyed some 500 officials from American businesses, law enforcement agencies as well as government agencies and claims if a hacker wants to get into a website and garner personal and private data, little can be done to stop them as the hackers boast more advanced technology and background.

"Despite substantial investments in cybersecurity technologies, cyber criminals continue to find ways to circumvent these technologies in order to obtain sensitive information that they can monetize," Ed Lowery, who heads the U.S. Secret Service's criminal investigative division, said in a written statement.

He argued more action needs to be taken by companies as well as the government effort needs to have "a radically different approach to cybersecurity," which goes beyond antivirus software, training employees, working closely with contractors and setting up tighter processes..."

full article at Tech Times

Google fined $1.32 million for breach of privacy: implications for your privacy compliance program

A recent European Union Court decision signals “the right to be forgotten” is gaining momentum. The Court fined Google 900,000 Euros (A$1.32 million) and ordered links to outdated newspaper articles be removed from search results on the basis the links were a breach of privacy. The decision has ramifications for search engines, online publishers and media outlets in the EU, as well as for Australian organisations with EU operations. In Australia, the decision highlights the tension between the right of individuals to protect the privacy of their personal information and the realities of privacy in the digital era.


The short is answer is “no”.

The Australian Privacy Principles contained in the Privacy Act focus on the rights of individuals to access and correct personal information held by an Australian organisation or agency, and the requirements for personal information to be kept up-to-date during its lifecycle and then destroyed (or put beyond use) if it is no longer needed for a legitimate business purpose.

An individual does not, currently, have a right to request that the organisation delete personal information.

The recent Australian Law Reform Commission’s discussion paper on “serious invasions of privacy” recommends that such a right be introduced as a new APP. Submissions to the ALRC paper closed on 12 May 2014 and we await its recommendations.

Australian organisations conducting business in the EU should be aware they may be bound by EU data protection laws generally. As such, the privacy compliance programs of these organisations may now need to include measures to address this “right to be forgotten”.

full article at ACC

EU calls for common position on tax for digital economy

European Union member states should adopt a common position on corporation tax in the current debate on changing global tax rules, according to a high level European Commission report on the digital economy.

The report says that the OECD’s Base Erosion and Profit Shifting project (Beps), which is examining how to combat aggressive tax avoidance by multinationals, will be fundamental to addressing the issue of levying corporation tax in the digital economy.

The digital economy does not require a separate tax regime, but current rules may have to be adapted to respond to the digitalisation of the general economy, according to the Report of the Commission Expert Group on Taxation of the Digital Economy, released today. 

The OECD Beps project is being conducted at the request of the G20 and is to produce a number of recommendations later this year, for the consideration of G20 finances ministers, to be followed by a second set of additional recommendations late next year. 

ICANN urges IPv6 adoption as global address shortage looms

The Internet Corporation for Assigned Names and Numbers (ICANN) announced this week its Internet Assigned Numbers Authority department (IANA) had started the process of allocating the remaining blocks of IPv4 addresses to the five regional internet registries (RIRs) — in Africa, North America, Asia Pacific, Latin America and Europe.

 According to ICANN, the activation of the process was triggered when the Latin America and Caribbean Network Information Centre's supply of addresses dropped below eight million.

 The move is an indicator that the global supply of IPv4 address is reaching a critical level, according to ICANN, as a burgeoning number of internet-enabled devices come online and the demand for IP addresses rapidly increases.

IPv4 was the first publicly-used version of the internet protocol and was developed as a research project by the Defence Advanced Research Projects Agency in the US. It went on to become the foundation for the internet.

IPv4 still carries over 96 percent of internet traffic globally, with the percentage of users reaching Google services over IPv6 hitting three percent as of February this year.

IPv6 adoption currently stands at around 3.5 percent according to Google, with Germany claiming 8.02 percent adoption, the US at 7.35 percent, and Australia at 0.54 percent.

IPv4 uses 32-bit addresses, providing around 4.3 billion unique addresses, whereas IPv6 employs a 128-bit address, facilitating up to 340 undecillion (10 to the power of 36) unique addresses.

full article at ZDnet

Information security is even more vital for the internet of things era

The Internet of Things (IoT) is the term in vogue for the technology sector, referring to internet-connected devices from fitness wristbands to connected cars. But once we're fully connected, who is responsible for governing the flow of data between our linked-up devices?

APIs (Application Programming Interfaces) are the connectors for the IoT, allowing our devices to speak to each other. However, APIs are the dark matter of the internet – end users are not aware that they are there. But APIs are everywhere: when a fitness wristband sends your jogging time to a website – that uses an API; when you remotely unlock a car with a mobile app – that uses an API; when you remotely change the temperature in your home thermostat from your office – that uses an API. These APIs must be managed and secured.

Businesses need to monitor the lifecycle of data from the second a customer supplies you with their details, or accesses a device, to when they leave.

full article at

Technology companies join legal battle against online surveillance

"Big companies say they want to turn the legal tide against warrant-less wiretapping and other methods used by federal agencies to conduct secret, sweeping surveillance of Americans online.

 Four tech giants – Google, Microsoft, Facebook and Yahoo – have filed amicus briefs in support of legal action by the Electronic Frontier Foundation to stop the FBI from indiscriminately issuing National Security Letters, or NSLs, to request customer data from U.S. companies.

 Over 300,000 NSLs – which gag the recipient from revealing that such a letter was even received – have been issued in the last decade, according to the EFF.

 The briefs – filed on April 7 but kept sealed until May 23 by a three-judge panel of the U.S. Ninth Circuit Court in San Francisco – represent the industry's most forceful legal move yet to fight federal spying on their customers.

"Given that the battle for constitutional freedoms is a never-ending and hard-fought one, the tech giants' better-late-than-never legal filings are welcome news for Internet privacy advocates."

full article at

Industry Reaction to FTC Data Brokers Report: Eh.

The statements from the Federal Trade Commission (FTC) surrounding the release of its long-awaited data broker industry reportData Brokers: A Call for Transparency and Accountabilityhave been relatively strident.

“We want to lift the veil of secrecy that shrouds the data broker industry’s practices,” FTC Chairwoman Edith Ramirez told journalists. If data broker profiles are based on inaccurate information or inappropriate classifications, or used for inappropriate purposes, the profiles have the ability to not only rob us of our good name,” wrote FTC Commissioner Julie Brill in a concurring statement accompanying the report, “but also to lead to lost economic opportunities, higher costs and other significant harm.”

Yet the industry response to the FTC’s call for legislation to address their numerous concerns has been mostly a shrug of the shoulders.

Commissioner Brill, in a further interview with the IAPP, wasn’t content to wait for the potential abuses to come to pass, however. While Acxiom and the DMA may say there are ethical best practices already in place, “we do highlight that there are more aggressive players out there,” she said, and she pointed to the FTC’s enforcement against Spokeo, a relatively large player that agreed to change its business practices.

Sam Pfeifle, IAPP Publications Director
full article at

Security and privacy? Now they can go hand in hand

"Online identification and authentication keeps transactions secure on the Internet, however this has also implications for your privacy. Disclosing more personal information than needed online when, say, you log in to your bank website may simplify the bank’s security at the cost of your privacy. 
Now, thanks to research by the EU-funded project Attribute-based Credentials for Trust (ABC4Trust), there is a new approach that keeps systems secure and protects your identity. 

Users want Privacy, Organisations want Security
According to recent research by market research organisation, Ovum, 68 % of us in the EU would like to opt out of having our personal data tracked. In a speech in May, Commissioner Neelie Kroes stressed that it is essential for EU business ‘To show the citizen that going online is not just convenient, but trustworthy... With resilient and secure networks and systems I think we can build that trust.’

New ways of managing online identities that increase privacy while maintaining security are now a high priority for businesses and citizens alike. ABC4Trust makes this as easy as ABC."


The EU 2014 Digital Scoreboard: how did you fare?

New data shows the Commission is on track to complete 95 of its 101 digital actions by 2015, which shows good progress. EU citizens and businesses are going online more, shopping more and they have greater confidence and skills in ICT. However, they often lack the high speed broadband – especially in rural areas - to satisfy this digital appetite; and the looming digital skills gap is still a big problem (see MEMO/14/383).

European Commission Vice-President @NeelieKroesEU said: “Most Europeans now live digital lives and they are hungry for more. We have solved the internet access problem. But the digital skills gap persists. Unless we all do more, we will face a digitally illiterate underclass in Europe." 

Internet Policy and Governance in plain language

"For over fifteen years, the EU has helped to sustain and develop the Internet: as an essential part of life and a fundamental pillar of the Digital Single Market, the Internet has fostered innovation, growth, trade, democracy and Human Rights.

Growth related to the Internet economy is forecast at almost 11% in the EU, with a contribution to GDP expected to rise from 3.8% in 2010 to 5.7% in 2016. Small and medium-sized enterprises intensively using the Internet grow almost twice as fast as others. This economic potential needs to be further exploited ensuring that individuals can access the content, goods and services they want, and control which personal data they want to share or not. Secure, stable and resilient networks form the basis of a trusted and flourishing Internet economy.

An open and free Internet in which all rights and freedoms that people have offline also apply online facilitates social and democratic progress worldwide.

 Sustainable governance of the Internet involving all stakeholders is essential to preserve these benefits. Internet governance involves a wide variety of organisations, and is broadly understood to refer to the "development and application by Governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet".

 Recently, conflicting visions on the future of the Internet and on how to strengthen its multistakeholder governance in a sustainable manner have intensified. Moreover, revelations of large-scale surveillance programmes and a fear of cybercrime have negatively affected trust in the Internet. Taken together, a continued loss of confidence in the Internet and its current governance could slow down innovation and the growth of European internet companies. It could also lead to pressure for new regional and national governance structures that might lead to a fragmentation of the Internet." 

These "info-fiches" provide factual information and background explanation on 11 key aspects covered by the Communication on "Internet Policy and Governance". They describe the issues at stake, their current situation and the European Commission's perspective on them:

Wednesday, May 28, 2014

Mergers: Commission clears proposed merger between Hutchison 3G (H3G) and Telefónica Ireland (O2 Ireland) subject to conditions

The Commission had concerns on two markets in Ireland, namely the retail market for mobile telecommunications, and the wholesale market for network access and call origination.

On the retail market, the Commission identified two concerns:
- The Commission's main concern was that the merger would eliminate competition between the merging parties and remove Three as an important competitive force in the market. Three was the smallest player among the four Mobile Network Operators (MNOs), with clear incentives to grow its subscriber base by offering attractive prices and services. For instance, Three had very attractive data offers, including so-called "all-you-can-eat" data plans (that is, unlimited data use under certain conditions). The merger would remove this important competitive force and result in a larger merged company that would only face competition from Vodafone and Eircom as remaining mobile network operators. The Commission's investigation showed that this would reduce overall competitive pressure in the Irish retail market, resulting in higher prices for consumers.
- The Commission was also concerned about the future of the network sharing agreement that Eircom has with O2 in Ireland. This agreement is important for Eircom to achieve its network roll-out plans, including for 4G/LTE services. The Commission was concerned that after the merger, Three would have the ability and incentive to terminate or frustrate the network sharing agreement. That would severely limit Eircom's options for achieving its network roll-out plans.

In relation to the wholesale market, Three and O2 are mobile network operators which compete as network hosts for MVNOs that wish to offer their services to end consumers. The merged company would only face Vodafone as its main competitor. The Commission had concerns that without a network with national coverage, Eircom would not be a credible network host for MVNOs. The roll-out of its national network would be in jeopardy if Three were to terminate or frustrate the network sharing agreement that Eircom had with O2 in Ireland. For these reasons, the Commission's investigation revealed concerns about the reduction in the number of network hosts in Ireland. This could lead to deteriorated access conditions for MVNOs. Ultimately, this would have a negative impact for end consumers as well. 

 However, there was no need for the Commission to reach a final conclusion in this respect, as the commitments addressing the concerns on the retail market also address any concerns on the wholesale market. 

Only the powerful will benefit from the 'right to be forgotten'?

"...The unprecedented burden the court seeks to place on online intermediaries would damage the internet for all users, especially those in Europe. Online innovation stemming from the internet, from search engines to social media, has been made possible by protecting intermediaries, not by incentivising them to censor information.
The individuals with the motivation and resources to pursue complaints are likely to be those political and business elites about whom the public interest should demand unfettered search results. And companies will face pressure to remove whatever is asked of them rather than face the legal costs of challenging illegitimate requests.
Among the most troubling implications of the judgment are its impact on political speech and processes. Potential candidates for public office will now have a means of curating their own bespoke search results to ensure that only flattering information remains readily available to the public. The ruling is not limited to those embarrassing photos we wish we could banish from social media but includes news stories and other items of critical importance to an honest accounting of history..."

read more at The Guardian

EU and US negotiators kick off a fifth round of talks on a new trade and investment pact (TTIP)

Negotiators began their work on Monday in several areas:
  • regulatory coherence
  • intellectual property rights
  • labour and the environment
  • certain sectoral regulatory areas.
Additional groups will begin work today, including:
  • services and investment - without investment protection or investor-state dispute settlement (ISDS)
  • technical barriers to trade
  • agricultural market access
  • rules of origin.
Members of the press can direct requests during the round to our respective contacts in Washington D.C.:
You can also:

more at

What did the media miss with the 'right to be forgotten' coverage?

"The fallout from the recent European court of justice ruling on the "right to be forgotten" has reached far and wide in the past week, prompting an international discussion about how personal information is used online.
Mario Costeja González succeeded in his bid to have two archived newspaper articles removed from Google's search index, securing an apparent victory for those who argue against the hegemony of tech giants. Those denouncing the ruling – spanning the tech industry, free speech advocates, mass media and even Downing Street - have warned that this is bad for the internet, and bad for Europe.
But there is another perspective. A growing number of academics have expressed a more profound and inspiring observation – a recognition that this ruling could eventually lead to the updating of an outmoded legal framework and help make the internet more harmonious than it is today".

full article at The Guardian

"Facebook, Blogs and Rights"

Four writers (not all of us lawyers) are trying to describe and analyze the fundamental issues of the Internet and the Social Media, under the scope of the freedom of expression, the data protection and privacy, the e-communications regulations and the general social behavior.

Our effort is to answer some basic questions using simple examples from  the legal framework and the related case-law:
-          Are the Electronic Social Media and Blogs a replica of our real life or it is a rather uncharted new land where our rights cannot be (self)limited?
-          Do we have to accept a significant change to the “freedom of expression” as we know it?
-          Who is entitled to draw boundaries to the electronic communication or to impose penalties?
-          Is it expected that anything we say in the virtual world shall be used against us?

Our book is part of the “Law and Society in the 21st Century” series published by Sakkoulas Publications S.A. 

"Facebook, Blogs και δικαιώματα"

Το Διαδίκτυο έχει ήδη μεταλλάξει τις ζωές των ανθρώπων προσφέροντάς τους καταρχήν απεριόριστες δυνατότητες να συνδεθούν και να επικοινωνήσουν, να ανακαλύψουν, να διευρύνουν γνώσεις, γνωριμίες κι εμπειρίες, να εκφράσουν τον εξατομικευμένο δημόσιο λόγο τους. Το συμμετοχικό διαδίκτυο εξελίσσεται σε κατεξοχήν πεδίο προσωπικής παρουσίας και δια-προσωπικής αντιπαράθεσης.
Είναι τα ψηφιακά κοινωνικά δίκτυα, το Facebook και τα Blogs, η ρεπλίκα της offline, της πραγματικής ζωής, ή μία νέα επικράτεια όπου ασκούνται, (αυτό)περιορίζονται ή παραβιάζονται τα δικαιώματα των προσώπων; Αλλάζουν οι όροι άσκησης της ελευθερίας της έκφρασης αλλά και των περιορισμών της; Ποιος δικαιούται να θέτει όρια στη διαδικτυακή επικοινωνία και συμπεριφορά ή και να επιδιώκει και πώς τον κολασμό, όταν παραβιάζονται τα δικαιώματα των άλλων;
Στον νεόκοσμο του κυβερνοχώρου όπου οι χρήστες «ιδιωτεύουν δημόσια» παραμένει η ιδιωτικότητα αγαθό, αξία και αξίωση; Ή μήπως ισχύει το «παράδοξο της ιδιωτικότητας», να παραιτούνται δηλ. οι φορείς δικαιωμάτων – χρήστες από την ιδιωτικότητά τους, κι ας την αξιολογούν ως σημαντική, χάριν του διαμοιρασμού πληροφορίας και ζωής με τους «φίλους» και «συνομιλητές» του «παγκόσμιου χωριού»;
Είναι (και αισθάνονται) τα άτομα – χρήστες δεσμευμένα από τις επιταγές κι απαγορεύσεις της offline δικαιικής τάξης; Προσδοκούν και αξιώνουν, ευλόγως και έναντι ποίων, προστασία των δικαιωμάτων τους, δικαιωμάτων που έχουν διατυπωθεί και εξελιχθεί ωστόσο σε «παραδοσιακά» θεσμικά και κοινωνικά πλαίσια, όπου συνήθως αντιπαρατίθεται το Κράτος και οι πολίτες και όχι οι πάροχοι και οι χρήστες;
Ποιοί είναι οι κυρίαρχοι παράγοντες και διαμορφωτές αυτής της αλλαγής: οι συν-ομιλούντες πολίτες, η διαδικτυακή κοινωνία πολιτών, οι πάροχοι, η Πολιτεία; Ποια είναι τα όρια και οι πραγματικές δυνατότητες της ρυθμιστικής παρέμβασης του νομοθέτη;
Αυτά τα ερωτήματα θέτουν και πραγματεύονται οι συγγραφείς αυτού του τόμου. Φιλοδοξία τους δεν είναι η τελική απάντηση αλλά η συνεισφορά σε ένα νέο και εξόχως ενδιαφέρον πεδίο δημόσιου διαλόγου. 

"Facebook, Blogs και δικαιώματα"
(Μήτρου, Πισκοπάνη, Τάσσης, Καρυδά-Κοκολάκης)

Article 29 Data Protection Working Party on the CJEU's decision on the "right to be forgotten"

"... The ECJ concluded that web users have the right to directly request from the search engine the deletion of the links to web pages containing information breaching their rights under the Directive, even if the publication of the information on the web pages in question is lawful in itself.

The ECJ nevertheless indicated that the rights to privacy and to the protection of personal data enshrined in the EU Charter of Fundamental Rights, although they override the search engine’s economic interest, are not absolute, and that therefore the right to deletion of information will have to be assessed on a case by case basis depending on the nature of the information in question, on its sensitivity for the data subject and on the interest of the public to have access to that information, considering in particular the role played by the data subject in public life.

A first exchange of views between the EU data protection authorities will take place at the WP29 plenary meeting of 3-4 June 2014 in order to analyse the consequences of the ECJ’s ruling and to identify guidelines in order to build a common approach of EU data protection authorities on the implementation of the ruling..."

more info at

Forget Me Not - What the EU's New Internet Privacy Ruling Means for the United States

"... Americans -- who usually prize free speech over privacy -- may find this turn of events upsetting. European officials can now tell U.S. businesses -- and Washington -- what information they can and cannot disseminate about European citizens. Yet Americans’ reflexive distaste for speech regulation should not blind them to realities. First, free speech isn’t what it used to be: U.S. courts are increasingly redefining it as a right to corporate bad behavior, striking down economic regulation in the name of free speech. Second, Europeans have legitimate human rights concerns. As technology expert Bruce Schneier has warned, surveillance is the business model of the Internet, and Europeans have no choice but to reshape this business model to accommodate individuals’ privacy rights, if those rights are to have any meaning..."

By Henry Farrell and Abraham Newman
full article at

EUROPA - State aid: Commission adopts new General Block Excemption that favours #broadband funding under 70m

What are the main new elements of GBER?

The adoption of an amended Enabling Regulation (see IP/13/728) enabled the Commission to exempt more categories of aid from the notification requirement.
In line with its experience and decision making practice and after a public consultation (see IP/13/736), the Commission has included the following new categories of aid in the GBER:
- aid to innovation clusters and aid to process and organisational innovation,
- aid schemes to make good the damage caused by natural disasters,
- social aid for transport residents of remote regions,
- aid for culture and heritage conservation, including aid schemes for audio-visual works,
- aid for sport and multifunctional recreational infrastructures,
- investment aid for local infrastructure. 

- aid for broadband infrastructure,

The GBER exempts aid to “white” and “white NGA” areas (i.e. areas where no relevant broadband operator exists or is likely to invest in the next three years), but excludes block exemption for aid to “grey” or "grey NGA areas", where potential competition concerns need to be analysed very carefully. The requirements of an open tender for selecting the beneficiaries of aid, of fair and non-discriminatory wholesale access to the supported network and of full and effective unbundling ensure maximum competitive benefits. This category of aid should be seen in connection with the Commission's broadband guidelines (see IP/12/1424). 

more at