European Media Freedom Act: the end of source confidentiality?

The original draft

Published last September by the European Commission, the European Media Freedom Act (EMFA) is a huge, ambitious project to ensure that the media have the same level of protection and rules across the European Union. The European landscape is in fact very fragmented and the various member countries regulate this delicate area in very different ways, with the risk of undermining the solidity of the European project.

The regulation touches on issues such as audience measurement and the advertising market, the functioning of public media, the transparency of media ownership, and the protection of sources. The text recognises journalism as a fundamental actor in public coexistence and defines the strong protection of press freedom as a necessary condition not only for the functioning of European democracies, but also for the European economic market.

The latter is a fundamental step because it is the instrument via which the Commission legitimises the regulation in the eyes of the member states. In fact, regulating the media is much more than an economic operation: it touches fundamental chords of the functioning of democracy and also concepts such as security, an issue that today remains the exclusive competence of states.

Here the first problems arise because the member states have seen the EMFA as a pitch invasion by the Commission, whose competences fall above all in the management of the common market.

Article 4: protection of editorial autonomy, protection of sources, and the threat of spyware

This fracture between the Commission and the member countries is especially true for Article 4, which more than others regulates the relationship between the media and the member states on the issue of security.

The starting assumption is that in recent years European states have shown little attention, if not total contempt, for the sacredness of the confidentiality of sources, especially since they have equipped themselves with new tools: spyware. These are digital products designed to exploit the vulnerabilities of other digital products and which allow covert surveillance of natural or legal persons, by monitoring, extracting, collecting, or analysing their data. The most famous is Pegasus, used to surveil journalists, politicians, lawyers, and activists. But there are dozens, perhaps hundreds, for a booming billion-dollar industry that is still too little known due to the climate of secrecy and opacity that states have built around it.

The Commission, having taken note of this, has decided to intervene by protecting the media through article 4 which can be summarised as follows:

1. The media have the right to carry on their economic activities in the internal market without restrictions other than those permitted by Union law.
2. Member states cannot interfere or influence the policies and editorial decisions of the media.
3. Member states may not sanction, intercept, subject to surveillance, search or seizure, media professionals, their employees, or their family members for refusing to disclose information about their sources, unless justified by public interest. 
4. Member states may not install spyware in any device used by media professionals, their family members, or their employees unless the use is justified, on a case-by-case basis, by reasons of national security or the use is in an investigation on serious crimes, as required by national law and in accordance with Union law, and when any other measure would be inadequate to obtain the requested information.

The text therefore seeks to provide journalism with the necessary guarantees for its functioning, but at the same time opens the way for a violation of sources on the basis of public interest, investigations involving serious crimes (a restricted list of crimes considered particularly worrying by the EU jurisprudence), and national security issues.

A plurality of visions

Dozens of civil society and journalism organisations have analysed the text and, while finding it one step ahead of existing legislation, especially in some European countries, have also offered the Commission advice on how to improve it, in particular on two points. First, Article 4 must explicitly provide that any surveillance provision must be assessed by a judicial body, including the legitimacy and duration of the provision. Second, the text must remove the principle of national security - to date an extremely confused principle, legally vague and the cause of the major violations of professional secrecy, as confirmed by numerous journalistic investigations and academic research, in addition to the conclusions of the PEGA parliamentary commission, which in recent months has dealt specifically with the Pegasus spyware scandal.

However, things can always get worse. The modification proposal presented last June by the European Council, a body that represents the interests of the member states, worsens the protections of article 4 and reinforces the legitimacy of state surveillance for reasons of national security which, reads the text, must remain a guaranteed prerogative of the member states and never be challenged by the EMFA. Furthermore, the Council proposes that the legitimate use of surveillance and in particular of spyware be extended to dozens of other crimes, including minor crimes such as copyright infringements.

Among the countries promoting this pejorative draft we find Germany and France - countries producing Spyware technology - but also Greece , a country where surveillance abuses against journalists have become a topic of national relevance.

In July, however, the revision draft produced by the commissions of the European Parliament was presented, which incorporates the indications received from civil society and implements fundamental safeguards which make the surveillance of journalists and the use of spyware the last resort when any other tool available to member states does not produce satisfactory investigation results. On the other hand, some important requests were absent in the parliamentary draft: the elimination of the national security exception, the ban on spyware against the journalistic category, and strong cryptography as a legitimate professional protection tool for protecting sources.

The EMFA is on its way

The regulation is now awaiting its last phase, the trilateral discussion between the Commission, the European Council, and the Parliament. From this discussion a text will emerge which will be the synthesis of the positions of the three European institutions. Plausibly, the regulation will affirm those safeguards that are still absent in the national legislations of many EU countries. At the same time, it is easy to foresee that the EMFA will establish once and for all that it is possible and legitimate for member states and their police forces to access the confidential contents of journalistic sources. Journalists working in tomorrow's Europe will therefore have to know that nothing of their work will be truly safe anymore.

This content is part of the Media Freedom Rapid Response  (MFRR), a Europe-wide mechanism which tracks, monitors and responds to violations of press and media freedom in EU Member States and Candidate Countries. The project is co-funded by the European Commission.