On 12 September 2018, on the occasion of his State of the Union Address, President Jean-Claude Juncker said: "We must protect our free and fair elections. This is why the Commission is today proposing new rules to better protect our democratic processes from manipulation by third countries or private interests."
To help make sure that next year's elections to the European Parliament are organised in a free, fair and secure manner, President Jean-Claude Juncker announced in his State of the Union Address a set of concrete measures, including greater transparency in online political advertisements and the possibility to impose sanctions for the illegal use of personal data in order to deliberately influence the outcome of the European elections. The objective of today's Commission proposals is to address potential threats to elections and thereby strengthen the resilience of the Union's democratic systems.
Recent cases have shown the risks for citizens to be targeted by mass online disinformation campaigns with the aim to discredit and delegitimise elections. Peoples' personal data are also believed to have been illegally misused.In addition, attacks against electoral infrastructure and campaign information systems are hybrid threats that need to be addressed. Ahead of the European elections next year, it is therefore essential to bolster Europe's democratic resilience and make sure that the off-line rules created on transparency and to protect the electoral process from foreign interference also apply online.
First Vice-President Frans Timmermans said: "Together with the rule of law and fundamental rights, democracy is part of ‘who we are' and defines our Union. We must not be naive: there are those who want to disrupt European elections and their tools are sophisticated. And that is why we all must work together urgently to beef up our democratic resilience. Today's elections package is a strong contribution to that effort."
Commissioner for Justice, Consumers and Gender Equality, Věra Jourová added: "We need to draw lessons from the recent elections and referenda. We want to minimise the risk in the upcoming elections, ranging from non-transparent political advertising to misuse of people's personal data, especially by foreign actors. I want Europeans to be able to make a free decision when casting their vote. To ensure this, the online anarchy of election rules must end.”
The set of measures presented today by the European Commission consists of:
- A Recommendation on election cooperation networks, online transparency, protection against cybersecurity incidents and fighting disinformation campaigns: Member States are encouraged to set up a national election cooperation network of relevant authorities – such as electoral, cybersecurity, data protection and law enforcement authorities – and to appoint a contact point to participate in a European-level election cooperation network. This will enable authorities to quickly detect potential threats, exchange information and ensure a swift and well-coordinated response.
- The Commission is also recommending greater transparency in online political advertisements and targeting. European and national political parties, foundations and campaign organisations should make available information on their expenditure on online advertising campaigns, by disclosing which party or political support group is behind online political advertisements as well as by publishing information on targeting criteria used to disseminate information to citizens. Where these principles are not followed, Member States should apply national sanctions.
- National authorities, political parties and media should also take measures to protect their network and information systems from cybersecurity threats, based on guidance developed by national authorities within the Network and Information Systems (NIS) cooperation group, with the EU Cybersecurity Agency and the European Commission.
- Guidance on the application of EU data protection law. The guidance will help national authorities and European and national political parties to apply the data protection obligations under EU law in the electoral context.The EU's General Data Protection Regulation applies since May 2018 and also covers all European and national political parties and other actors in the electoral context like data brokers and social media platforms. In light of the Cambridge Analytica case and more generally the growing impact of micro-targeting of voters based on their personal data, the Commission recalls the data protection obligations for all actors in the European elections.
- A legislative amendment to tighten the rules on European political party funding. The targeted change of the 2014 Regulation on party funding will make it possible to impose financial sanctions for breaching data protection rules in order to deliberately influence the outcome of the European elections. Sanctions would amount to 5% of the annual budget of the European political party or foundation concerned. The sanction will be enforced by the Authority for European political parties and European political foundations. In addition, those found to be in breach would not be able to apply for funding from the general budget of the European Union in the year in which the sanction is imposed.
- A Regulation to pool resources and expertise in cybersecurity technology. To keep up with the ever-evolving cyber threats, the Commission is proposing to create a Network of Cybersecurity Competence Centres to better target and coordinate available funding for cybersecurity cooperation, research and innovation. A new European Cybersecurity Competence Centre will manage cybersecurity-related financial support from the EU's budget and facilitate joint investment by the Union, Member States and industry to boost the EU's cybersecurity industry and make sure our defence systems are state-of-the-art.
The actions proposed today complement other actions carried out by the Commission, such as the entry into application of the new EU data protection rules, the wide-ranging set of measures to build strong cybersecurity in the EU currently negotiated by the European Parliament and the Council, and the ongoing efforts to tackle disinformation online.
The European elections of May 2019 will take place in a very different political and legal environment compared to 2014. All actors involved in the elections, in particular Member State authorities and political parties, have to assume special responsibility to protect the democratic process from foreign interference and illegal manipulation.
The General Data Protection Regulation is directly applicable since 25 May 2018, giving the European Union the tools to address instances of unlawful use of personal data also in the electoral context.
The Parliament and the Council have agreed on amending the Act governing the elections to the European Parliament, providing for enhanced transparency for the elections of the members of the European Parliament. The Regulation on the statute and funding of European political parties and European political foundations, amended on 3 May 2018, increases the visibility, recognition, effectiveness, transparency and accountability of European political parties and European political foundations.
The European Commission also issued a Recommendation in February 2018 which highlights key steps to further enhance the efficient conduct of the 2019 elections.
Election periods have also proven to be a particularly strategic and sensitive target of hybrid threats. To this end the European Commission and the High Representative identified areas where additional steps need to be taken in June 2018 Joint Communication on increasing resilience and bolstering capabilities to address hybrid threats.
To equip Europe with the right tools to deal with cyber-attacks, the European Commission proposed in September 2017 a wide-ranging set of measures to build strong cybersecurity in the EU. This included a proposal for strengthening the EU Agency for Cybersecurity as well as a new European certification scheme to ensure that products and services in the digital world are safe to use.
The Commission has also put forward a European approach for tackling online disinformation in its Communication of 26 April 2018. This includes a self-regulatory Code of Practice for the online platforms and advertising industry as an essential step for ensuring a transparent, fair and trustworthy online campaign ahead of the European elections. The online platforms and advertising industry are expected to agree with media, academics and fact-checkers representatives on the Code of Practice on disinformation in the coming weeks and to start applying it.
For more information
Factsheet: Securing free and fair European elections
Commission Communication on securing free and fair European elections
Commission Recommendation on election cooperation networks, online transparency, protection against cybersecurity incidents and fighting disinformation campaigns in the context of elections to the European Parliament
Commission Guidance on the application of Union data protection law in the electoral context
Factsheet: Protecting Europeans' personal data in elections
Proposal for amending the Regulation on funding of European political parties
Commission Regulation proposal establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres