 talk is 5G and net neutrality and the statues of the net neutrality reform in Europe and the presenter is Thomas Lohninger from APRICENTERWORKS and I'm very happy he's here today with us and so please give a big applause to Thomas Lohninger. Thank you. Hello. Here we go again. Yeah. Hello and welcome everybody. I'm going to talk a little bit about net neutrality. This is not my first talk about this issue here at Congress and I really joined the net neutrality debate because I really found it to be an important issue. I liked it as a philosophical concept of the Internet serving the edges and also because it was back then was still a very young debate. You could still read up on all the legislation around the world because there was so little about it and a decade later there is more legislation. The debate has moved on a lot of course in the US. It has been first and foremost after Trump repealed the Obama era rules and in Europe we feel like we're a little bit stuck in time and I also want to explain where we currently are and where we are heading. So it is an update but it's also an update with a little bit of a perspective and might even have a civil lining. But before we do that we first have to go back to the beginning and explain what net neutrality is. If you are in the US and you ask anybody serving coffee in the train they will know it but in Europe it's still something that maybe needs to be explained. In general net neutrality means that all bits should be created equal. That the network should not make distinctions about our data packages how important they are if the checksum is correct. Of course if the checksum is correct but also a lot like is this a valid feature for this application. Is this a legal transmission. All of these decisions should not be made in the network because they should be made by their endpoints by the applications on either side. And the easiest way to understand net neutrality is if you compare it with previous global telecommunication networks in the television system. You also have a global communication network but it takes a lot of money to actually have a voice there to start a television channel. So you're just consuming it is not a bidirectional network. Telephony allows that it's a global network system but you have a central entity that decides if you're allowed to make that call and what the cost of that call per duration will be. That's all not the case with the internet in a way net neutrality is just trying to protect these inherent principles that the internet was born with from under discrimination of network operators of telecom companies or ISPs. And telecom companies can discriminate or interfere with our traffic more or less in two ways. The first is technical by prioritizing or throttling certain data packages also modifying them or blocking them completely. And the second way to influence them is by so called zero rating by making certain data more or less expensive cheaper or more expensive or as exempting certain applications from your monthly data cap at all. And that all creates a system where certain big players have it easier to get reach to grow to innovate and others have a harder time to even being noticed or growing. And it can also be summarized by the principle of innovation without permission so that you can just start a new service. You don't need a license to start an app. You don't need the network to support your new functionality. The open layered architecture of the Internet is protecting this innovative capacity. And that even allowed this young man 2004 to create the Facebook dot com in his college dorm and the total cost of operating the server in the beginning was eighty five dollars per month. And you would ask yourself OK but isn't Mark Zuckerberg and Facebook really a horrible person company. Yes they are. That's also why they are against net neutrality these days. Facebook is one of the most violating companies around the world because their program Free Basic is really the opposite of net neutrality. What they're doing there is basically creating a walled garden for the global south. The most vulnerable people on this planet that do not get to fall into that axis. But what they get is a way of being marketed to via the Facebook services of course without any privacy. And similarly also Netflix was once a company strongly on our side supporting net neutrality. And then when it was clear that Trump would repeal the Obama era net neutrality rules the Netflix CEO said to the shareholders don't worry we are now big enough that we can survive without net neutrality. So inherently this principle protects the underrepresented voices and the small players the ones that still need to grow. And it is not the silver stick that will solve all of the problems from the previous talk. The problems we have with the big platforms. But if we lose net neutrality we more or less freeze the current dominant players forever because it will be really hard for anybody else to ever become as big. And so it's all about that right column here. Where are we in Europe. In Europe we started the discussion around the neutrality in 2011 12. They were the first non binding resolutions of the parliament calling for net neutrality protections. And it all culminated in 2013 when the Commission released their proposal for really an anti net neutrality bill. So we had to turn the ship 180 degrees around to get it back on track. And we did that with the safety internet dot you campaign which was hosted by a big coalition of NGOs all around Europe. And we followed the legislative process for two and a half years with seven iteration of that campaign always changing our means from faxing to the parliament to making phone calls to just must bombarding the embassies to send in comments to the regulators in the consultation period. We also demonstrated Enriga in Barcelona in Bonn in Brussels in Vienna. And at the end we got a net neutrality law. The open internet regulation was adopted in 2015. And it was further than implemented by the barric guidelines that are kind of the handbook for the guys who actually have to enforce the law. Telecom regulators and telecom regulators will be important in the rest of the talk because that's where the action currently lies. And so this was in 2016. And in January of 2019 we released this report which was really more academic exercise of summarizing everything that has happened since. So it's really the one thing you should read if you want to know how a net neutrality has played out over the past two and a half years. That's the table of content and there's a lot of it in there from analyzing 800 pages of annual reporting going through case law and looking ahead about 5G. But the most important thing was the chapter about zero rating because that's where the debate currently is focused on in Europe. And in order to bring this debate back to a factual basis we actually did a lot of work with doing a complete survey of all zero rating offers in the European economic area. I don't think that anything like this was ever done before also because yeah it wasn't easy. We went through 32 countries so all of the European economic area that this law applies to including Switzerland because we have German speakers in our team so it was not that hard. That might in total going through the websites of 225 mobile operators both those that have their own network as well as the virtual ones. And we collected data with in total five people that spoke six languages and worked for over four months on this. We found 186 net neutrality violations in the form of zero rating programs. And all of the data is openly accessible. It's linked in a report. It's all online in a free format and used under a CC by SA license. So share a like. I've given that talk in front of many regulators. You're the first ones to applaud. I really liked it. And the SA of course because we think this data should remain free. We can always disagree on the interpretation but at least the fact the data itself should be openly accessible to everybody and scrutinized by everybody as well. And I've seen other people actually using that data for commercial purposes which we would even allow but not sharing it back which is a sad thing. Yeah. So what is in that data set. You could see the zero rating is really a big problem all but two European countries. You have these problems. Finland doesn't have that problem because they don't have data caps anymore. If you buy a SIM card in Finland you'll get a flat rate. The only distinction there is the speed the bandwidth that is available to you. But you know I have no data caps at all and Bulgaria also doesn't have zero rating. If we look at the application site and that's actually the very interesting takeaway for you. These are the applications that most profit from zero rating. So WhatsApp leads before 50 zero rating deals in Europe and the second to follow is Facebook. And there's a Facebook messenger in there. In total many of these companies that profit are from the U.S. only three European applications are actually in the top 20 of zero rating. And that is the overall number. And then we just looked at the geographical home of the applications in the classical zero rating programs. You know the ones where you have a youth tariff in Portugal and you can pick either WhatsApp or Telegram or you have YouTube is for free. Some ISPs actually do that. And if you just look at these close programs which only have hand selected applications the majority of the apps are from the U.S. Of course the big incumbents. But there is also around a third of applications which are of zero rating programs which are open. Open programs allow other applications to join. Think of Streamon here in Germany or Vodafone Pass or SmartNet in Portugal. These programs are actually trying to balance the scale a little bit. They are actually trying to learn from our critique and allow other applications to join. And then if we add those to the statistics we see that the majority of apps are suddenly from the same country where the Internet service is offered. All of these local radio stations in Germany that for some reason join Streamon in order to be exempt from the data volume, the ridiculously low data volume from Digitail.com. And then in the second place you still have the U.S. And most interestingly in the European economic areas, so apps from other EU countries, are really down below. So one could easily make the interpretation of that data that we actually create new barriers for cross-border provisioning of services in the European digital single market. And if you then just count how many of these zero rating programs doesn't app usually join. You have a stark peak for one to three and then it drastically goes down until you have to get to the 31 to 52 column at the right, which is the top 20. So there is an inherent difficulty to actually sign up to these so-called open, non-discriminatory zero rating programs. What Europe has created here is actually another reason why it will be difficult for the European Internet industry to be competitive, because these are all new entry barriers into markets in other EU countries. And we really have to explain this to the regulators and if you just go take the perspective of an application, you want to join a zero rating program, what do you have to do? First you have to find out that it even exists. We did that mapping because we didn't know. And there is no agency that also sells that data, so obtaining knowledge about the programs that you might want to join, because you might want to offer a competitive service to people in that country with that ISP, is the first step. And then secondly, you have to request the documents, sign an NDA even to even find out how the open Internet works with this mobile operators. Third, you have to read that contract for which for many startups is already a problem, sign it and prepare for the liability, because you are liable for wrongfully built data volume, which can be really problematic if your app is producing a lot of data or widely used by certain people. And the technical aspect that comes into play here is that, of course, you are then responsible with providing identification criteria. If suddenly your data packages need to be counted differently, go against not the general data volume, but an application specific volume per month, or completely exempt from the data cap, then you in order to make that assessment need to identify those data packages, which of course only works with the packet inspection in most cases. In some cases, you also have to modify your service in order to even enter into that deal. Spotify in Germany with Streamon only wanted their premium customers to benefit from the zero rating. And they tried to separate the ad-based free version of the Spotify program from the premium customers that are paying. They tried for four months, then they gave up. So the business decision of that app provider was directly affected by the zero rating programs. Next, whenever you make a change to your own service or infrastructure, you change the CDM provider or whatever, you have to give 30 days prior notice to the ISP so that they can change their DPI equipment to adopt this change, which of course is a big hindrance for innovation. And in some contracts that we've analyzed, it also includes giving access to beta versions of your own app. And lastly, in the case of Vodafone, you also have to sign in execute a marketing agreement so they want to advertise with your app. So there is a lot of hoops to jump through in order to be admitted into one of these zero rating programs. So you'd think at least they do a lot of effort on the telco side to make it easier for you. So for this survey, we actually created a fake application and we tried to apply to zero rating programs. We said, hello, we are the student group, we are working out of a garage, we have that cool app, we want to join your program, and we just counted the duration until we got a response. In two cases, we got a response within a day. In five cases, we got a response within a week. In one case, within a month. And in half of the cases, we never got a response at all. So not after three months, they ever got back to us. So that truly shows that there is a big problem with these open programs. And I'm going to show you how the regulators have reacted to this report in their reform. But another more general thing is speed testing. Because in Europe, net neutrality also brought us the right to contractually agreed speeds for our internet access. In no other area in the economy, you would buy up to eight apples for five euros. But in the internet, for some reason, that's the case. And so the European Parliament was keen to adopt rules that were giving each and every consumer in their contract a minimum, an average, and a maximum speed that the ISP has to deliver. But how do you then measure the speed? Speedtest.net is really not a good site if you look at their business model. So regulators are often the ones that should offer these speed tools. And Barak recently released also open source and open source speed test measurement tool. And that hopefully will also change another problem that I'm going to show you. In Norway, the telecom regulator NCOM is actually really good at showing how the internet is improving year by year in their country. And of course, fiber is hitting through the roof and it's really good. And in general, we see that the internet is improving healthily and the supply is increasing to meet the demand. Austria, similar picture, regulators reporting the numbers every year. So we know how the internet is actually developing in these countries. You would assume that in Western countries, this is a given. It is also an obligation under the law. You really have to do that. But sadly, only eight countries are actually reporting figures if the internet supply is actually increasing. 23 countries release no numbers at all about whether the internet capacity is actually constantly meeting the increasing demand, which we see as a big problem, particularly with 5G, because that will mean that the last mile will suddenly be very fast. But the rest of the network, the core, the backhaul, this is where the next bottleneck will lie. And if we don't invest there soon enough, we'll really have a big infrastructure problem in the foreseeable future. So coming to the reform, so what is on the table? First, this is not a legislative reform. Contrary to the previous talk that I've given, this is not about engaging with the commission, the parliament or the council. This is all about the regulatory community. Like with the GDPR, the privacy law, it's great when we as activists proud our head and shoulders that we actually managed to get the law approved. And then the sad awakening comes, okay, but the guys who are in charge with enforcing the law are really not particularly motivated to do so. And then you are stuck in Ireland with the data protection authority for years. And your biggest problem is that they are not doing their job. Similarly in telecom regulation, what we have found is the biggest problem is to get the regulator to do their job. And that leads a lot of name calling and submissions and talks with them, which is really frustrating because it should not be the jobs of activists to enforce legislation. It should be the task of well funded regulators. So in that reform, we are kind of in the middle. The scope was released in 2018. In May, we had official stakeholder workshop, which went for five hours and was a bit gadiated debate. And October, November, the draft guidelines were released and publicly consulted around 50 stakeholders participated. We were one of them. And now BEREC has all of the input on their draft guidelines. And most likely in Q1 2020, we'll see an interim report summarizing that consultation, which, again, will be consulted. We would like that to happen because it would allow us to respond to comments from the telecom industry and to kind of have a more ping-pong debate. And finally, that all should come to a close in June 2020, when the new rules are adopted. And so now I'm going to go into what is actually in that draft and what to expect content wise from the topic. As you have seen in the title, what we are mostly talking about these days is 5G, the next mobile network generation. You must have heard about it. The telecom industry really has spent millions and millions in advertisement to make people interested in 5G. We have that whole trade war between Trump and who are we going on? And there are people talking about health risk, which is mostly overblown, but still 5G is really portrayed as the revolutionary new technology. Sadly, that's quite far away from the truth. 5G is an evolution. If you listen to the talk yesterday morning in German about the path from 4G to 5G, you will know that technology wise, 5G is a very interesting technology. And as a nerd, I find it interesting, but the only thing that's a given is that internet will become faster. All of the other promises you should take with a grain of salt. There are two particular technology aspects of 5G that I want to talk about in more detail. The first is network slicing. The title already gives it a way. Network slicing means you slice the network and every slice, every layer has different quality characteristics. So it's basically QS on the radio access layer. So it's basically allowing you to have one SIM card with several internet accesses to it. So you could have one that is very high bandwidth, super fast for Netflix, one for very low latency for gaming, one for very low energy consumption. So when your battery goes below 20% or you have solar powered IoT sensors, then you might want to use that because you actually don't care about bandwidth, you don't care that much about reliability, but you only have tiny battery or solar power. And it actually is good that we'll have that technology. But the question is then who gets which slice? And that's where the regulators in the business models get back into gear. The one scenario in which we could see network slices being marketed to us is on a per subscriber basis. So you have that one SIM card and it allows you to have several independent internet access services that are also separated from each other. And you as a user are in control which app gets which slice. You should not assume that all of these slices will be flat rate. It could be that you have a normal internet access, but a very high bandwidth or low latency slice is kept with two gigabytes per month. And so it actually is important that we as subscribers have a say in that the second way in which network slices could hit us is a specialized services. So there the access service to pipe is the same thing as the application that runs over it. So it's no longer universal access. It is no longer something that connects you to the whole internet. But it's basically just not a power plug but a Facebook plug. And we have a few safeguards five in total in the regulation that are kind of for protecting us against specialized services becoming too widespread. But this is where we'll see a lot of innovation hold on quote from the telecom industry to vertically integrate to either have Facebook as a separate dissolved product or maybe Facebook Oculus Rift VR or maybe some IoT vertical integration with some smart home shit. So stuff like that will most likely happen and 5G gives them more argumentation basis for these types of vertically integrated products. But that's something for enforcement. And lastly, which was our original fear is that network slices would be applied on a per application basis. So Google could make a deal and suddenly they are on the high reliability slice always. And this is thankfully not the case in the current draft. So we could already prevent with the work in the previous years this scenario from being a likely result of that reform, which is good because as I'll show you later these rules in Europe will have repercussions. The second technology aspect of 5G that merits some discussion is edge computing. And it's kind of breaking the principle of end to end. You no longer have desktops or mobile devices that are connected to one internet, whereas you have suddenly some computational power on the cell tower, on a very close data center connected with fiber lines. So that whole purpose here is very low latency and the industry is marketing this as something really great, something that will be heavily needed. Actually, there is very little real use cases out there that I think are realistic. The only one that we could find in that merits discussion is local dynamic maps. So it's basically if you think of a future in which self-driving cars all have their own sensory data and that sensory data is then cached in this edge cloud. So you have a 3D model that knows from the car that has gone around the same curve a minute ago that there is a traffic jam over there. And so your car, you would know before you even pass that curve. It is telling that even the European Commission backed a Wi-Fi based mesh network standard and not 5G, which means even that very weak example of edge computing is kind of discredited in Europe. So we have good cases for the global reform. And when we talk about 5G, it's important to stress that this is a global standard. 3JPP, an international body is standardizing the technology for 5G and now it's being rolled out step by step in the rest of the world. The US, of course, will not be helpful with that because they are heavily investing in 5G, but they are no longer net neutrality standards to test this new technology against. Canada, great neutrality law, but not taking a front seat approach to 5G. So they are not actively engaging with it. India, great net neutrality again, not interested in 5G yet. And South Korea, actually, our colleagues there could prevent a repeal of the net neutrality legislation in South Korea, but they tried. They tried to regularly send box net neutrality from 5G to just let the net neutrality rules that are already weak in South Korea to begin with not apply to that technology. So Europe is kind of the first world region that tries to square these two things together, and that's why our approach here might be quite influential. Also, if you think of the whole ecosystem, because what does it mean if we have user-controlled network slices? That means that on my mobile device I need to somehow also decide which application gets which slices at which time. And so Google and Android, Google and Apple, Freud, come into play here as well. Another issue that we did not at all expect to fight about is parental control filters. So when we thought about this law in the parliament and in the council in the trial look, we always had that looming danger of parental controls, like in the UK. You buy an internet subscription and you have a porn filter on it by default. We could kill this in trial look, and so parental controls were struck out of the law books, and for some weird reason I would call it lobby pressure. The regulators wanted to allow this in this reform, and we shot heavily against it. We got even support from the consumer protection organizations from Bayouk, and we hope that we can actually prevent this. Because what would it mean? It would mean that suddenly in the terms of services you can circumvent net neutrality. Usually an ISP is of course not allowed to just randomly block websites, but parental controls are exactly that. If you want to do parental control filtering, do it on the device, but not in the network. Blocking should always happen on the edge, at the application, not on the network side. The picture is more interesting when we talk about zero rating, because they actually took many of our ideas and also from our report into consideration. The draft that was released in October actually contains even the same language of open zero rating programs, and it says they have to be fair, everyone needs to get a response. They have to be reasonable, so all documentation should be made public. They have to be transparent, so if WhatsApp calls or Spotify ads are actually counting towards your data cap and are not zero rating, you should at least tell the customer, and they have to be non-discriminatory. So Vimeo gets the same response time as YouTube. These are all our critical points. They have, I'm very thankful that they have listened to us, but sadly they are also allowing ISPs to simply don't give a fuck and have non-open programs. So they have not drawn a red line. They have not said clearly we have these types of zero rating programs, which are okay, and then we have all of these others that you have to follow these rules for. And that is just, yeah, a level of lack of opportunity and the missed opportunity for the regulators, because whenever the rules are fuzzy and unclear, that only creates problems further down the road in enforcement. The last issue was also kind of unexpected in the beginning, because I thought we've solved that, deep packet inspection. So deep packet inspection means when an ISP is looking into your data packages. So it's looking closely into what you are actually doing online, your concrete user behavior, the domains you access, the URLs you access, that means your sexual preferences, your news preferences, which videos you have watched, all of that. Usually that should be prohibited. Everything that's payload of transport layer four should be off limit for an ISP. That's the general definition of deep packet inspection. And actually we thought that we've won that. But then there were rumors that deep packet inspection, they want to open it up and allow it again. So we launched that open letter, which was signed by 45 NGOs, academics and privacy experts. But we still felt like this is a hard push. We knew the regulators on the other side, Germany is one of them, that were just because of lobby pressure, really asking for exposed allowing deep packet inspection. And in that moment, Gandalf came. And we really got support from an unexpected friend. The highest data protection body in the European Union, the EDBB, issued a letter to Barrick and saying that the board considers the processing of data such as domain names and URLs by internet access service providers for traffic management and billing purposes, it's unlawful unless consent of all users is obtained. And that is interesting because of course all users means that it will never work. Because I as a customer of my telco can maybe consent to that, but not the rest of the internet that might send a data package down my way. So and they're not just saying this for the net neutrality law, they are also saying it for the interpretation of e-privacy of the GDPR, all of the other laws. So this is actually giving us even more sticks to go after the packet inspection in the future with that legal opinion. And lastly, completely unrelated reform that still plays into this whole thing. In Germany you can pick your own router. It doesn't matter which ISP you have, you have the right to buy a router from anywhere, even open source or Libre one, and it needs to be able to connect to your internet access service. That is not the case in many European countries because it is often unclear where does the network actually end and where does my home network begin. And that network termination point is one of the things that the same body barrack, the telecom regulators will decide for us. And again it looks like we will win. Winning in this sense means that you will have the freedom to choose your own router, you will have device freedom also in the customer premise equipment and the network ends at the socket at the wall, at the antenna, so it's actually quite good for user choice. The only car that I have to give here of course when the network ends, net neutrality ends. But if your ISP tries to fuck you on your router, you can just replace it with another device. And that's it for the neutrality thing and I think we still have some time for Q&A. Thanks. Yeah, thank you so much. And don't, don't leave yet. I wanted to say support every center work, support every, we need support, we need people who believe in this and who fight for this. And thank you. Okay, so do we have questions? We have questions from the internet maybe, not really. Number two please. Yes, have you seen any requirements in digital media playback for recording location information and identifying users? So especially the location information of media playback. I'm not sure I followed the question. So like, you mean like YouTube reporting the playback position of video? No, not the playback position, the position or the location of the user that is playing back to media? I'm not sure that that would relate to this. So the ISP of course knows in most cases where the user is, you know in all cases actually, and the content provider, if it is not localizing the user on the app with the location, then the ISP at least would not share that location information. I also wouldn't know by which API or on which legal basis they could do that. I hope that answers the question, but I'm not sure. Thank you. Okay, we have another question. Microphone for please. Hi. Will users have the same rights if they are not in the home country like if they are roaming? Yeah, it's actually an interesting question. So the net neutrality regulation is also the roaming regulation in the EU. Those two things are legally mixed together, but they actually they can be seen completely separate. So when you are roaming in another country, so my Austrian SIM card here in Germany, it is actually then the German provider that is physically providing me the internet access service which has to apply by the same European regulation for net neutrality. So and in most cases that would not mean that there is even a technical or legal connection to the customer, to the ISP in Austria that I have a contract with. Of course it gets then interesting because that's mostly about the technical aspect when we look about zero rating. And for most cases the zero rating would just not be possible. So if you have Strymon in Germany, you are a customer of T-Mobile, you are going to Austria and you are in the network of some ISP, then the zero rating would just not be possible and you would just have additional data volume given to you. There was actually a court case about that out of Germany and there is still ongoing litigation from the consumer protection NGO Fazit Bifal in Germany against Vodafone around that same question. It might be differently if you are a German T-Mobile customer in Austria and roaming in the T-Mobile network there. Because technically at least I think it would be possible to then apply the zero rating but I'm not sure if they actually do that. I think it would not be easy and then send if usually would also not be there because these are very few edge cases that even to configure and maintain those wouldn't make a lot of sense. Okay so next we'll have a question from the internet. So there was a question about DPI. Are data protection authorities doing anything about this and are there any enforcements in the European country? Sadly no and no but I think there is definitely an opportunity there for enforcement action and I know many of the people that work around strategic litigation and enforcement of the GDPR and they have their hands full because similar to net neutrality the great law that we've written in the in the last year is not taken very seriously by the regulators and I think it will again depend on activists or other entities bringing cases bringing complaints to data protection authorities around DPI before we see actual movement there. Legally I think particularly with that statement from the EDBB it would be an easy win so if somebody wants to earn spores or help with that I think it's a quite doable case to bring a complaint against DPI based on that legal opinion. So you're all part of it again. Number two please. I want to ask why the hell should the ISP mess around on layer four as you described it before? That is the current definition that we have like the regulation says no monitoring of specific content and Berek interpreted that in 2016 at meaning pay a load of transport layer four should be of limit that is the interpretation that the regulators have come up with and that of course was also a political compromise like where do you draw the line and so my slide there was really based on on the 2016 text of the guidelines. Okay number one please. So currently an app developer has to apply for an ISP to get zero rated what's to stop an ISP to just zero rate an app on its own to gain some market advantage? They can and there's nothing stopping it and what's up for example is easily just saying okay here's how you zero rate us and we don't even want to interact with you and so it does not need to be a bilateral agreement of course the ISP then has the problem if the app provider changes their service or infrastructure and the identification criteria should also change that the ISP needs to implement that change before it happens and so that's the reason for the 30-day period but again that problem might not even exist for big providers that have dedicated IP addresses if your service is coming out of a CDN then you would rely on SNI or other technologies to actually be identifiable. So we have one more minute and I'm sorry to say it's number four thank you others and yeah probably you can go to episode networks and contact Thomas there thank you. Hi I'm very touched by your argument about regulation not being enforced right now in the EU and in France it has been the case about video surveillance where the state has stated that KNIL the regulators are a consultative authority you know they shouldn't enforce that's what quadrature the association that is doing most of the work about that said so I don't know where we go from there you know I'm very scared it's nice that you're doing laws. What is the question please we just have two more seconds. Sorry my question is what do you think we can do to help enforce regulation in the EU. Big question yes there are many things there like one of the things that that is a positive development to look at the bright side is that more more digital rights NGOs are warming up to strategic litigation so ultimately why are regulators not acting because on the one side they have fundamental rights the law consumer protection and on the other side you have a big big company that will not accept their decision that will bring them to court no matter what and so if you're a small regulator with a limited budget you can either take the uncomfortable decision that you know you will be sued for or just stuck away and then the thing might be over so that the risk assessment and the cost calculation is currently not in our favor and that's why we need to bring more cases we have to make regulators really bear a certain risk on both sides of the decision and only then will the decision actually move more to the factual basis and and i mean i know there are many problems in france but at least knill was one of the few and or and dpa's that actually issued a few million penalties so there's at least some civil lining there okay so complain support edry support epicenter works thank you for being here and give another applause to thomas loeninger thank you so much