The October Developer Alliance EU & UK Policy Update.
DSA And DMA Are Taking Shape And Not In A Good Direction
The European Parliament’s primary committee responsible for the Digital Markets Act (DMA) and the Digital Services Act (DSA), the Committee on Internal Market and Consumer Protection (IMCO), postponed the vote on the final compromise amendments scheduled for November 8.
Instead, IMCO had a hearing with the whistleblower Frances Haugen. The UK Parliament’s Joint Committee for the Draft Online Safety Bill had a similar hearing. European Commission’s Vice-President Vera Jurova and Commissioner Thierry Breton have also spoken with her. A public hearing was also organized on November 10, before the French National Assembly’s Law and Economic Affairs committees.
Both the European Parliament and the Council of the EU (the governments of the EU Member States) are currently on the last mile toward setting their positions on the two draft regulations mentioned above. While the Council is more hesitant to add substantial amendments to the initial texts drafted by the European Commission, Parliament’s approach is more radical. Some sample proposals:
-
a ban on targeted advertising,
-
tight deadlines and conditions for removing illegal content,
-
to link intermediary liability with due diligence obligations,
-
prohibit intra-platform use of data without user’s explicit consent,
-
mandated interoperability for an array of digital services (including instant messaging and social media),
-
full algorithm transparency and ‘neutral’ recommender systems,
-
stricter scrutiny of mergers and acquisitions.
The debate has been dominated by divergent positions on:
-
enforcement (a centralized approach has been led by the European Commission vs. a strong role of the national regulators)
-
the interplay between the EU regulation and additional or parallel national rules
-
the scope of the regulations, to include additional services such as web browsers or voice assistants, which will determine how many gatekeepers should be under DMA’s rigid rules.
Here’s a recent event on the impact of the DSA on the digital economy in Central and Eastern Europe, where Developers Alliance voiced the main concerns.
Competition
The UK’s CMA imposed a penalty on Facebook of £50.5 million for deliberately withholding information during the ongoing investigation of the acquisition of Giphy. The authority noted that this is the first time a company has been found by the CMA to have breached an initial enforcement order, “by consciously refusing to report all the required information”.
Netherlands’ ACM will continue its investigation into Apple’s App Store, which complements the European Commission’s investigation. According to the EU rules, if the European Commission and a national competition authority conduct similar investigations at the same company, the national authority must end its investigation. ACM is looking into the App Store’s conditions for providers of apps that do not compete with Apple’s apps, in particular those for online dating in the Netherlands. Meanwhile, the European Commission’s investigation is focused on alleged barriers for apps that are directly competing with Apple’s apps, such as music-streaming apps.
The same ACM launched a market study to find out how online platforms are applying the rules set out by the Platforms-to-Business Regulation (P2B Regulation). The authority wants to hear from all types of online platforms and their business users on how the provisions of the regulations are implemented. The P2B Regulation, which has been applicable since July 2020, imposes a series of transparency obligations and rules for fair business practices, including for effective settlement of disputes.
Data Protection & Privacy
The Italian data protection authority found a company in breach of the GDPR for directly contacting people on LinkedIn for advertising purposes, a practice that was not indicated when the users signed up. The Authority considered that the creation of a profile on the site does not equal an indiscriminate authorization to be contacted by other LinkedIn users.
The same Italian Authority initiated an investigation on the collection of data by mobile apps which are asking user’s permission to use smartphone microphones.The authority will assess if the information provided to users is clear and transparent and if their consent has been correctly acquired.
The UK Information Commission Office (ICO) has replied to the Government’s proposals for a review of the data protection legal framework and regulatory regime. It expressed concerns related to the lack of sufficient safeguard for ICO’s independence and asked the Government “to reconsider these proposals to ensure the independence of the regulator is preserved”. The UK Information Commissioner underlined that the contribut
ion to the consultation is considering “the regulatory challenges faced by small and medium sized organisations”.
Consumer organization BEUC has complained to European regulators for audiovisual services (ERGA) about Ireland’s delay in enforcing the EU’s rules on audiovisual services, and in particular concerning the exposure of children “to various types of hidden advertising and inappropriate content on TikTok”.
Cybersecurity
October was Cyber Security month. The EU’s motto this year was “Think Before U Click”. The campaign focused on two themes: “Cyber First Aid” – useful guidelines and advice on what to do in the case of a cyberattack, and “Be Cyber Secure From Home” – tips and advice on how one can recognise potential cybersecurity risks and stay safe online.
The European Commission has adopted a delegated act to the Radio Equipment Directive, laying down new legal requirements for cybersecurity safeguards for manufacturers of wireless devices, such as mobile phones, smart watches, fitness trackers and wireless toys.
The European Parliament adopted a report on common EU cyber defence capabilities. The MEPs are recommending a comprehensive set of measures and a coherent IT policy, as well as improved military cyber defence coordination, to strengthen EU cyber resilience.
Europol announced a successful joint international operation targeting 12 individuals “wreaking havoc across the world with ransomware attacks against critical infrastructure”. The cyber actors were specifically targeting large corporations, and laundering the ransom payments in Bitcoin. The final actions took place in the early hours of 26 October in Ukraine and Switzerland, after an intense cooperation between law enforcement and judicial authorities from France, Netherlands, Switzerland, Norway, UK, Germany, US, Ukraine, coordinated by Europol and Eurojust.
ENISA’s Cybersecurity Certification Conference will be organized virtually this year on 2 and 3 December.
Content And Media Regulation
The European Commission has released the results of the sixth evaluation of the Code of Conduct on countering illegal hate speech online. The scorecard is mixed, showing improvement for some companies and worsened results for others. IT companies reviewed 81% of the notifications within 24 hours and removed an average of 62.5% of flagged content, lower than the average recorded in 2019 and 2020. In this monitoring exercise, sexual orientation was the most commonly reported ground of hate speech (18,2%) followed by xenophobia (18%) and anti-gypsyism (12.5%). The Commission notes that, for the first time, the IT companies reported detailed information about measures taken to counter hate speech outside the monitoring exercise, including their actions to automatically detect and remove content. The Code of Conduct will evolve within the future legal framework for countering illegal content set up by the Digital Services Act (DSA).
Meta/Facebook announced a multiyear agreement to pay French publishers for resharing their content on its platform. The licensing agreement for Neighbouring Rights was concluded with Alliance de la presse d’information générale, and follows the requirements of France’s Copyright law introduced in October 2019. The announcement included the launch of a new product in France(Facebook News), in January 2022.
France set up Arcom, a new authority for fighting online antipiracy. The recently adopted law on the regulation and protection of access to cultural works in the digital age replaced the current High Authority for the Distribution and Protection of Intellectual Property on the Internet (Hadopi), with additional powers, including some competencies transferred from the Superior Audiovisual Council (CSA), as Euractiv reports.
Liability For AI-Embedded Products
The European Commission has launched a stakeholder consultation on the review of the civil liability framework for products. In the wider context of the proposals to regulate AI, the Commission considers that the Product Liability Directive 85/374/EEC, which sets out rules to ensure that injured parties are compensated for damage caused by defective products, needs to be revised and adapted to the current state of technology. The legislative initiative is planned for the third quarter of 2022. The consultation seeks to gather evidence on several issues, such as: if software can be classified as a stand-alone product; identifying who should be liable for product defects covering their whole lifetime, including on software/AI-embedded products (e.g. product depending on software updates); and tackling obstacles for injured parties to obtain compensation (the EC considers that there are difficulties in establishing causal links where the behaviours of AI systems are partially or wholly opaque). The consultation closes on 10 January 2022.
Technology For Military Defence
NATO Defence Ministers agreed to NATO’s first-ever strategy for Artificial Intelligence, which sets standards of responsible use of AI technologies in accordance with international law and NATO’s values (NATO Principles of Responsible Use of Artificial Intelligence in Defence). The strategy addresses the threats posed by the use of AI by adversaries and how to establish trusted cooperation with the innovation community on AI. NATO is also committed to “further work with relevant international AI standards setting bodies to help foster military-civil standards coherence with regards to AI standards”.
Defence Ministers from 17 Allied countries have started NATO’s first Innovation Fund, worth 1 billion euros, which, together with NATO’s Defence Innovation Accelerator for the North Atlantic (DIANA), will support the development of a protected transatlantic innovation community. The objective of the Innovation Fund is to help NATO to “retain its technological edge by enabling investment in dual-use technologies of potential application to defence and security” and to “facilitate closer and trusted cooperation with deep-tech innovators, which may otherwise be unable to develop successfully the innovative solutions most needed to the protection of the Alliance.”
A Long-Waited Agreement On Digital Taxation
The European Commission welcomed the OECD agreement on global taxation and committed to “work closely with the Member States to ensure that the EU moves forward in a united manner.” The agreement, endorsed by the G20 group during the last meeting in Rome on 30-31 October, imposes the elimination of unilateral digital services taxes and consists of two pillars:
-
Pillar One would reallocate taxation rights concerning the largest and most profitable multinationals.
-
Pillar Two would introduce a global minimum corporate tax rate.
The European Commission put on hold its proposal for an EU digital levy earlier this year. Four EU Member States (Spain, France, Italy, Austria) and the UK, which already introduced national digital taxes targeting Big Tech companies, committed to transition to the new multilateral solution, in a specific agreement with the US.
Miscellaneous
The governments of the EU member states agreed on a negotiating mandate on the proposal for a Data Governance Act (DGA), which will allow the start of the negotiations with the European Parliament on the final text. The proposal envisages mechanisms to facilitate the reuse of certain categories of protected public-sector data, conditions for data intermediation services and promote data altruism across the EU. The Council’s position differs from the Parliament’s in allowing more flexibility for data sharing between public administrations, proposing a code of conduct for data altruism entities and deleting cloud providers from the list of entities that are not considered data intermediaries.
The European Commission has launched an online consultation platform on the EU-US Trade and Technology Council (TTC), inviting different categories of stakeholders “to share their views and provide common proposals on the work ahead” of the ten specific Working Groups. The first TTC meeting took place on September 29 in Pittsburgh, confirming the objectives “to coordinate approaches to key global technology, economic, and trade issues; and to deepen transatlantic trade and economic relations, basing policies on shared democratic values.”
The Banking Package, adopted by the European Commission on October 27, contains new rules for the supervision of fintech groups, as a response to the WireCard scandal.
The UK Government has proposed a regulation of ‘Buy Now Pay Later” services and launched a consultation until 6 January 2022.
Speaking of such payment services, Stripe and Klarna announced a strategic partnership to offer flexible payment options to consumers in 20 countries.
The European Commission has adopted a Decision designating the European Registry for Internet Domains (EURid) as the .eu Top-level Domain (TLD) Registry from 2022 to 2027.
The European Commission’s work programme for next year includes several initiatives related to the technology sector. The main focus will be on cybersecurity, with a Roadmap on security and defence technologies (non legislative), Legislation on “building an EU space-based global secure communication system” and an European Cyber Resilience Act. Other planned initiatives are the European Chips Act, the European Media Freedom Act and a Single market emergency instrument.
European tech startups wrote an open letter to the European Commission asking for more coherence of the initiatives meant to boost the European startups ecosystem. One of the main issues is the lack of a single interlocutor within the Commission, due to the relevant policy areas for startups being handled by several departments. Politico reports that these vary from research and innovation, to the internal market and to financial services.
EU Code Week took place in the period 9-24 October. The initiative aims “to make programming more vis
ible, to show young, adults and elderly how you bring ideas to life with code, to demystify these skills and bring motivated people together to learn.” It counted 75479 activities for this year, in more than 80 countries.
