This is the February 2020 Developers Alliance EU Policy Update.
In This Update
The EU’s Ambitious Artificial Intelligence & Data Strategies
AI Always Welcome, Except When It’s Not
European Data Spaces
Commission Knows What’s Best For Your Data
Hate It? Love It? They Want To Hear It
Let’s Keep This AI Liability Regime Civil, OK?
Mr. Facebook and Mr. Google Go To Brussels
Facebook Gets In The White-Papers-About-Regulation Game
The EU Is Ready To Feel “Digitally Transformed”
Miscellaneous Data Protection & Privacy
Croatia Shows “Legitimate Interest” In Metadata Legal Precedent
Germany Issues Death Threat Ban
Final Video Device Data Processing Guidelines Adopted
No ID? No SIM For You!
EU Agency For Cybersecurity Wants To Help You With GDPR Compliance
Citizen Profiling Tool, System Risk Indication (SyRI), Banned In Netherlands
Danish Weather Pros Are Not Privacy Pros
Nordic Countries To Issue Common (e)ID
New Rules For Video Sharing Platforms
Digital Tax Update
Speaking Of Taxes…
UK Outside The EU, But Still Linked To The Continent In Many Ways
State Of Withdrawal
High Score? Here’s Your Immigration Papers…
In The Age Of Brexit, European Startups Look For Standardized Data Sharing Practices The UK Continues To Weigh Options For Digital Advertising “Remedy”
The UK’s DCMS Also Places Bets On The Advertising Regulation Game
Do No Harm (Online) White Paper
The EU’s Ambitious Artificial Intelligence & Data Strategies
The European Commission presented, on February 19, its strategies for Artificial Intelligence and data, under the headline “A Europe fit for the Digital Age”. The non-legislative package also comprises the Communication “Shaping Europe’s digital future”, which sets out the broad vision and the regulatory roadmap, with the main objective to ensure “European technological sovereignty.” ICYMI, here is our preliminary reaction to the Commission’s proposals (spoiler alert: we have some concerns).
AI Always Welcome, Except When Its Not
According to the Commission’s proposals, all AI applications will be “welcome in the European market as long as they comply with EU rules”. This means that a series of AI technologies, which could be labeled as “high-risk”, will undergo conformity assessments in order to be deployed. The EU is asking that the “AI systems should be transparent, traceable and guarantee human oversight” and that the authorities should be able to test and certify the data used by algorithms as they check other products like cosmetics, cars or toys. In certain cases, authorities could ask that the AI systems be retrained in the EU. “High risk” applications could be those in ‘critical sectors’ like healthcare, transport, police, recruitment, and the legal systems, and those deemed to be of ‘critical use’, such as technologies with a risk of death, damage or injury, or with significant legal implications. For the rest, the “lower risk” AI applications, the Commission envisages a voluntary labeling scheme if they apply higher standards.
European Data Spaces
On the data economy, the EU’s ambition is to build infrastructure and “European data spaces” in areas such as industrial manufacturing, environment protection, mobility or health. Also, it proposes to foster data sharing, and a regulatory framework will be proposed, on data governance, access and reuse of data between businesses, between businesses and government, and within administrations.
Commission Knows What’s Best For Your Data
Supporting the Data Strategy, the High-Level Expert Group on Business-to-Government Data Sharing presented a report comprising a set of recommendations focused on the use of privately-held data for the public good. The report will serve as input for future Commission initiatives on Business-to-Government data sharing.
Hate It? Love It? They Want To Hear It
The Commission opened a public consultation on the White Paper on Artificial Intelligence, until May 31, 2020, and is also collecting feedback on its data strategy, until May 31, 2020. If you don’t have time to participate in the public consultation, and even so, let us know what you think about the EU’s proposals, and we’ll make sure to convey your concerns to the EU policymakers.
Let’s Keep This AI Liability Regime Civil, Ok?
The European Parliament is also preoccupied with the impact of AI technologies and adopted a resolution on February 12, calling for strong oversight. It also appointed not one, but three rapporteurs, which are overseeing the three key areas of AI regulation, depending on the committee they represent: German MEP Axel Voss (EPP) is in charge with a report on a “civil liability regime for artificial intelligence, the Spanish MEP Ibán García del Blanco (S&D) is overseeing the “framework of ethical aspects of artificial intelligence, robotics, and related technologies”, and French MEP Stéphane Sejourné’s (Renew Europe) task is “intellectual property rights for the development of artificial intelligence technologies” — copyright in the age of AI.
Mr. Facebook And Mr. Google Go To Brussels
Before the publishing of the digital strategies, it was the turn of the Facebook CEO Mark Zuckerberg to come to Brussels, after last month’s visit by Alphabet’s & Google’s CEO Sundar Pichai. Mark Zuckerberg met on February 17 with European Competition and Digital Executive Vice-President Margrethe Vestager, Internal Market Commissioner Thierry Breton as well as Vice President for Values and Transparency Vera Jourova.
Facebook Gets In The White-Papers-About-Regulation Game
On the same date, Facebook issued a White Paper on Online Content Regulation, as a contribution to the current debates and regulatory efforts in this area. The European Commission will propose new and revised rules on digital services in the last quarter of this year. The Digital Services Act is expected to harmonize the responsibilities of online platforms and information service providers and reinforce the oversight over platforms’ content policies in the EU. The EU Parliament started the debates on the future Digital Services Act, with a couple of hearings and setting up the responsible committees and their rapporteurs. Meanwhile, the European Commission will launch a public consultation in the second half of March.
The EU Is Ready To Feel
“Digitally Transformed”
The adaptation of the EU to the digital era is also being pursued at an administrative level. The digital strategy package was accompanied by the Commission’s own Digital Strategy, which, if properly implemented, should lead to a “digitally transformed, user-focused and data-driven Commission”.
Miscellaneous Data Protection & Privacy
Croatia Shows “Legitimate Interest” In Metadata Legal Precedent
The Croatian Presidency of the Council of the EU re-launched the discussion on the ePrivacy Regulation proposal, by putting forward some substantial new amendments to the text, to be discussed in two meetings of the telecom working party, on March 5th and 12th. The most important changes are related to the introduction of “legitimate interest” as a legal basis for processing metadata and collecting terminal equipment information.
Germany Issues Death Threat Ban
German Government recently approved a law that imposes a legal obligation on social media platforms to proactively report to law enforcement authorities illegal content, like death threats or incitement of hatred. The law needs to be approved by the Parliament. There is another proposal, for amending the Network Act (NetzDG), pending in the legislative procedure, which could impose further strict rules on hate speech.
Final Video Device Data Processing Guidelines Adopted
The final version of Guidelines 3/2019 on the processing of personal data through video devices is now available on the EDPB website. This is the version adopted after public consultation.
No ID? No SIM For You!
The European Court of Human Rights ruled that laws which demand buyers of prepaid mobile SIM cards to produce identification do not infringe privacy rights.
EU Agency For Cybersecurity Wants To Help You With GDPR Compliance
The EU Agency for Cybersecurity launched an online tool for the security of personal data processing. It’s a platform designed for data controllers, auditors and authorities as well as small businesses to help them develop their data protection policies, and help with GDPR compliance and analyze their risk level.
Citizen Profiling Tool, System Risk Indication (SyRI), Banned In Netherlands
The Court of the Hague banned the Dutch state from using a citizen profiling tool, System Risk Indication (SyRI), used by the government to combat fraud in areas such as benefits, allowances, and taxes. The Court ruled that the system does not comply with Article 8 of the European Convention on Human Rights (ECHR), which protects the right to respect for private life.
Danish Weather Pros Are Not Privacy Pros
Denmark’s data protection regulator decided that the Danish Meteorological Institute’s way of obtaining consent for processing personal data didn’t comply with the GDPR’s requirements.
According to the decision, website operators using embedded Google banner ads can be held jointly responsible for data collection and transfer to Google. Following this decision, The Danish DPA has published new guidelines on the processing of personal information about website visitors.
Nordic Countries To Issue Common (e)ID
The Nordic countries are preparing the introduction of a common electronic ID card. This would work in the near future in Finland, Sweden, Denmark, Norway, and Iceland.
New Rules For Video Sharing Platforms
A stakeholder consultation on new guidelines under the revised Audiovisual Media Services Directive (AVMSD) was opened, until 13 March 2020. The revised AVMSD extends certain audiovisual rules to video-sharing platforms, including audiovisual content shared on certain social media services. The consultation will support the Commission in issuing the following guidelines: i) Guidelines on Video sharing platforms (VSPs), clarifying to which extent social media actors will be covered by the new rules, paying due regard to the objectives of public interest to be achieved by the new rules and to the right to freedom of expression; ii) Guidelines on European Works, on the calculation of the 30% share of European works in Video on Demand (VOD) catalogues and on the definition of low audience and low turnover exemptions.
Digital Tax Update
The OECD recently presented a new economic analysis showing the significant impact of proposed international tax reforms currently under negotiations. The OECD work is important in finding a global long-term solution within the international tax system, avoiding overlaps with existing rules and the risks of double taxation. A failure to reach an agreement at the global level will likely lead to further unilateral measures (as already adopted at a national level or in preparation in the EU) and to uncertainty for digital companies with cross-border operations.
Speaking Of Taxes…
The Council adopted simplified VAT rules for small businesses, which will apply as of 1 January 2025. Small enterprises will be able to qualify for simplified VAT compliance rules where their annual turnover remains below a threshold set by the Member State concerned, which cannot be higher than 85 000 EUR. Under certain conditions, small enterprises from other member states which do not exceed this threshold will also be able to benefit from the simplified scheme, if their total annual turnover in the whole of the EU does not exceed 100 000 EUR.
The UK & Brexit
UK Outside The EU, BUt Still Linked To The Continent In Many Ways
It’s almost one month since the UK left the EU, but we’re continuing to closely follow what’s happening and inform on any policy and regulatory developments that have an impact on the industry – because the digital economy doesn’t stop at the political and geographical borders.
Last week, the EU’s negotiator, Michel Barnier, presented the negotiating mandate for the future relationship negotiations with the U.K. The final mandate was approved by the EU Member States ministers with some important additions related to the EU expectation that the future agreement will endorse “common high standards, and corresponding high standards over time with Union standards as a reference point”. The post-Brexit negotiations are expected to start soon and will surely focus on digital aspects. The EU is insisting on its right to determine if the UK would be granted so-called adequacy (a level of protection “essentially equivalent” to that offered by the EU) to continue the movement of data from the EU to the U.K. The EU’s negotiation position is calling for ongoing digital trade as well as the ability for “fair and equal access to public telecommunication networks and services to each other’s services.”
A European Parliament Resolution on the EU’s negotiations with the UK stated that the U.K. regime on data retention “does not currently meet the conditions for adequacy”.
Latest news: The UK Government published on February 27 the UK Approach to the Future Relationship with the EU.
State Of Withdrawal
Yes, we’ve used this title in previous EU Updates but it never gets old. Under the Withdrawal Agreement, EU data protection law will continue to apply to and in the UK during the Transition Period from January 31, 2020, until December 31, 2020. The US Department of Commerce issued guidelines for Privacy Shield participants which will seek to receive personal data from the UK after the Transition Period.
High Score? Here’s Your Immigration Papers…
The UK has announced a new points-based immigration system, with the aim to discourage the entrance of low-skilled migrants and temporary workers and to attract the highly skilled ones. The most highly-skilled, including scientists, engineers and academics will be able to enter the U.K. without a job offer, under lighter conditions, as the UK Government is focusing on investment in technology and automation. The new system will take effect on January 1st, 2021.
In The Age Of Brexit, European Startups Look For Standardized Data Sharing Practices
The largest European startups associations published an open letter, calling for a new set of startup-friendly policies, in the context of Brexit. They are proposing actions on three main directions: free flow of data, including “data adequacy arrangements between the UK and the EU”, a “” (a scheme which should “give startups and scaleups the opportunity to issue standardised share options across the 27 countries of the EU”, and an integration of the European capital markets, “to develop pan-European funds and fostering cross-border investments”.
The UK Continues To Weigh Options For Digitial Advertising “Remedy”
The second round of the stakeholder consultation for the United Kingdom’s Competition and Markets Authority Digital Advertising Market Study closed on February 12th. Developers Alliance has provided comments on the interim report (which was published in December of 2019), after participating last year in the first consultation round, with comments on the issues raised in the statement of scope. The new submissions will be published soon on CMA’s website.
The UK’s DCMS Also Places Bets On The Advertising Regulation Game
UK’s Department for Digital, Culture, Media, and Sport announced it would consider how to regulate advertising online. The department has launched a call for evidence on how to apply and enforce advertising standards on online content. The deadline for submissions is March 23, 2020, and the findings will be published as part of a public consultation later in 2020.
Do No Harm (Online) White Paper
The UK Government presented its response to a public consultation with an Online Harms White Paper, setting out the plans for a package of regulatory measures to keep UK users safe online. Going forward, technology companies will be held accountable for tackling a comprehensive set of online harms, ranging from illegal activity and content to behaviours which are harmful but not necessarily illegal.
