WELCOME to Connected Rights, your ham in the slow cooker of digital rights news and analysis.

A NEW EU LAW COVERING THE PRIVACY OF ELECTRONIC COMMUNICATIONS appears to have stalled in the legislative process. The Council of the EU, currently led by the Austrians under a rotating presidency, is supposed to figure out a common position between member states so that negotiations with the European Parliament can begin. But it’s not happening.

The Austrian presidency now admits it won’t produce anything more than a status update (at most) on the ePrivacy Regulation by the end of this year, and the negotiations could well end up being conducted by new members of the European Parliament, after elections in May. That means the Parliament’s tough stance on the regulation could drift away. And Birgit Sippel, Parliament’s rapporteur on the file, is livid.

“The Austrian presidency wants to sell citizen rights and democracy to profit,” she told me for an IAPP story, referring to the Austrians’ apparent openness to lobbying by powerful media interests that oppose the regulation in its current form, because they don’t want to let people read their stuff without being put under surveillance. “The Commission, the Parliament and also the member states must oppose that. Democracy needs resistance. Now.”

The Austrians: “From today’s point of view we are not sure if a common position in this topic is reachable.”

This law was supposed to go into effect alongside the GDPR, as it covers stuff the better-known law does not – communications to legal entities and between machines (the internet of things comes into play here, bigtime). Now it’s looking unlikely that the regulation will become a thing before 2020 at the earliest.

THE EU’S TOP COURT WILL GET TO RULE ON MASS SURVEILLANCE YET AGAIN, this time regarding the obligations on French telecoms operators to serve up subscriber communications and other personal data. The Conseil d’État referred the case to the Court of Justice of the European Union last week.

At what point will everyone get it through their thick skulls that generalised surveillance is illegal? It’s not like the CJEU hasn’t ruled this way twice before.

A US JUDGE HAS GRANTED A TEMPORARY RESTRAINING ORDER against Defense Distributed, the outfit that recently won a government settlement allowing it to distribute 3D-printing files for guns. A gaggle of state attorneys general had sued to stop the distribution, and even Trump is now claiming to be against it.

To support my work, why not become a patron of Connected Rights or buy my book, Control Shift?

TECH STOCKS HAVE HAD A HORRIFIC WEEK, largely prompted by Facebook losing a fifth of its value thanks to worse-than-expected subscriber growth, and the cost of improving privacy on the platform.

As I wrote for Fortune, this is a necessary adjustment for Facebook, and an overdue one. If investors were surprised, well, they shouldn’t have been. Analysts who thought Facebook & Co. could simply brush off the GDPR and Cambridge Analytica scandal were wrong. People care. Subscriber numbers fell in Europe. The party is over.

I’m reminded here of something Max Schrems said last year (I think), about not fighting Facebook in order to watch the platform burn, but to make it comply with the law. Hopefully the company doesn’t have to suffer the former in order to achieve the latter – I suspect it won’t, and that this is just a phase. But then again, Facebook is still the target of serious complaints under the GDPR, so let’s see what the future holds. It seems likely that further changes must be made.

THERE SHOULD BE ACCURACY AND IMPARTIALITY STANDARDS for social media, a parliamentary committee has recommended in the UK, urging the media watchdog Ofcom to step up regulations in the wake of the Cambridge Analytica scandal and attempted manipulation of the Brexit referendum. The DCMS select committee said Facebook and its rivals “must begin to take responsibility for the way in which their platforms are used,” and “electoral law in this country is not fit for purpose for the digital age, and needs to be amended to reflect new technologies”.

A major issue noted by the committee was that Facebook et al aren’t merely platforms, because they are editors too. But they’re also not publishers in the traditional sense. “We recommend that a new category of tech company is formulated, which tightens tech companies’ liabilities,” the committee said. “Facebook and other social media companies should not be in a position of ‘marking their own homework’.”

EUROPEAN POLITICIANS LOVE BASHING FACEBOOK, BUT they also love advertising on it, a Politico piece notes.

It’s fair to highlight the apparent hypocrisy on display here – indeed, parties could put their money where their mouth is by loudly boycotting the platform. But then again, there is no comparable way to effectively reach people these days. Heck, even I ran a Facebook ad for my book on online power and surveillance, though I noted the irony in the ad itself. Even if you want to reform the system, it’s hard to escape participating in it.

WANT TO READ ALMOST 3 MILLION RUSSIAN “TROLL” TWEETS from the time around the 2016 U.S. election? FiveThirtyEight has your Internet Research Agency cravings covered.

FACEBOOK SCUTTLED A “FAKE NEWS” NETWORK in Brazil, in the runup to October elections. The platform nuked 196 pages and 87 accounts for constituting a “coordinated network that hid behind fake Facebook accounts and misled people about the nature and origin of its content, all for the purpose of sowing division and spreading misinformation”.

And then, the company did the same in the US, removing 32 Facebook and Instagram pages and accounts, to stop someone spreading discord ahead of November’s midterms. Experts say the accounts’ output bore the hallmarks of the Internet Research Agency.

GIZMODO HAS A TERRIFYING STORY ABOUT AN ESTATE AGENT WHOSE LIFE was turned upside down by an online troll who falsely claimed she was a homewrecker, destroying much of the woman’s livelihood. Even after spending $100,000 on legal fees to identify the troll, and settling the matter face-to-face, the victim has had tremendous difficulty getting sites to take down the false information about her.

Key part: “She’s A Homewrecker has already taken down the post, but it remains up on BadBizReport. BadBizReport’s website states that it doesn’t respond to court orders and that ‘there’s no way in hell to get off of BadBizReport once you’re listed on it,’ adding ‘American lawyers make us laugh’ Luckily, the judge also ordered search engines, ‘such as Google,’ to de-index all versions of the post ‘to ensure that it does not appear as a search result when Ms. Glennon’s name is searched.’ In Europe, the right to remove irrelevant or false information from your search results is enshrined in the law as ‘the right to be forgotten.’ In the US, you have to pay for it.”

IN ORDER TO DEMONSTRATE THE DANGERS OF TODAY’S CRAPPY facial recognition technology, the ACLU tested Amazon’s controversial Rekognition software on the faces of members of Congress. It incorrectly matched 28 of their faces with criminals’ mugshots. And you will no doubt be shocked to learn that the false matches disproportionately affected people of colour.

If you’d like me to speak about digital rights at your event or provide advice for your business, drop me an email at david@dmeyer.eu.

GERMANY HAS A LONG-RUNNING PROBLEM WITH GETTING people to open up more free Wi-Fi hotspots. That’s traditionally been because of the liability issues if someone downloads something illegally over the connection. Last year the government changed the law to remove that liability, but it left an open question as to what sorts of blocking hotspot operators may be required to implement, to stop people being naughty.

Now a ruling from the Federal Court of Justice suggests that hotspot and Tor exit node operators (for the defendant here is both) may have to go beyond site and content blocking to adding a password for their connections, or even blocking all access. Which rather nullifies the point of last year’s law change. Back to the drawing board?

CAN EMBEDDING PREVIEW IMAGES ON A WEBSITE VIA “FRAMING” be a copyright violation. No, says the Berlin Court of Appeal.

LAST YEAR THE UK’S CARPHONE WAREHOUSE SUFFERED a data breach that affected 1.2 million people. Except it wasn’t 1.2 million people; it was 10 million, the company has just admitted. The hackers were probably able to access names, addresses and email addresses, but not bank details.