The EU Is Preparing New Rules For The Digital Economy

The October 2020 EU Policy Update

oct eu policy update image.png

Digital Services Focus Of Future Legislative Package

On October 22 the European Parliament adopted its position on the future legislative package on digital services, which should be presented by the European Commission on December 2. The package’s main proposals:

  • Digital service providers established in third countries must adhere to the EU rules when their services are also aimed at consumers or users in the EU.

  • Stronger rules to tackle illegal content online and a clear distinction between illegal and harmful content.

  • The principles “What is illegal offline is also illegal online” and “Know your business Customer.” 

  • Preserving fundamental rights online and more user control, including measures aimed at “making users less dependent on algorithms.” 

  • Stricter regulation of targeted advertising in favour of contextual or other forms of advertising that require less data and do not depend on previous user interaction with content. MEPs also call on the Commission to further assess options for regulating targeted advertising, including a phase-out leading to a ban.

  • Specific ex-ante rules “to prevent market failures caused by big platforms”, and “to open up markets to new entrants.”

Here are the Developers Alliance standpoints on the upcoming regulations for digital services and digital markets.

Economic Costs of Ex-Ante Regulations

Speaking of ex-ante rules, the European Centre for International Political Economy published the research study “Economic Costs of Ex-ante Regulations”, which presents the negative impact of an ex-ante approach on digital services.

More Regulatory Plans

  • Following a resurgence of terrorist attacks, France is pushing for even stricter content obligations for online platforms, as Politico reports.

  • In the same context, a new round of closed-door inter-institutional negotiations (trilogues) on the regulation on preventing the dissemination of terrorist content online took place on October 29, without an agreement. The negotiations are heading into the end, with compromise texts still maintaining controversial measures, such as those requiring mandatory automated filtering.

  • The European Parliament also adopted three reports on Artificial Intelligence, with regards to ethics, liability, and intellectual property rights. The MEPs are calling for:

    • ethics and legal framework for AI “to be followed when developing, deploying and using artificial intelligence, robotics and related technologies in the EU including software, algorithms, and data”

    • a future-oriented civil liability framework, “making those operating high-risk AI strictly liable for any resulting damage”. The liability obligations rules should be applicable for “physical or virtual AI activity that harms or damages life, health, physical integrity, property, or that causes significant immaterial harm if it results in “verifiable economic loss”. Deployers of AI systems qualified as high-risk use should hold specific insurance.

    • an effective intellectual property rights system and safeguards for the EU’s patent system to protect innovative developers, but “not at the expense of human creators’ interests, nor the European Union’s ethical principles”. AI should not have a legal personality, and the ownership of IPRs should only be granted to humans.

  • A joint position of 14 EU Member States calls for a proportionate and flexible regulatory approach to AI. Soft law solutions should “incentivise AI developers and deployers to proactively and systematically promote trustworthy AI for the benefit of our society, citizens, and economy.”

  • The European Commission’s 2021 work programme, presented on October 19, schedules several legislative initiatives for the digital economy, such as European e-ID in Q1, digital taxation and legislation on tackling child sexual abuse online in Q2, Data Act, and a review of the Database Directive in Q3, and European health data space in Q4.

The EU Invests In Its “Digital Sovereignty”

  • A joint declaration by 25 EU Member States on building the next generation of cloud in Europe was welcomed by the European Commission. The EU cloud federation’s scope is “to shape the next generation secure, energy-efficient and interoperable cloud supply for Europe.” The Member states agreed to invest up to €10 billion, and “to cooperate towards one set of common technical rules and norms (future EU Cloud Rulebook) and the deployment of interconnected cloud capacities across the EU, including common marketplaces”. The initiative is part of the European Commission’s data strategy, which aims to create a single market for industrial data, and an attempt to replace the large cloud services coming from outside the EU, in order to strengthen the EU’s “digital sovereignty.”

  • A project developing a high-performance computing system, called LEONARDO, was launched in Italy on October 19. The European High-Performance Computing Joint Undertaking, together with CINECA, a leading supercomputing centre, has announced the European company Atos as the awarded vendor. This is also part of the EU’s ambitious Digital Decade agenda to achieve its “digital sovereignty.” 

EU-Harmonized Rules For Crowdf

  • A regulation setting uniform EU rules to facilitate crowdfunding was published in the Official Journal of the EU and shall apply from November 10, 2021. According to the new rules, crowdfunding service providers should give clients clear information about the potential financial risks of each project. 

Data Protection & Privacy Updates

  • On October 28, the EU’s deputy ambassadors approved the Council’s negotiation mandate for the interim e-Privacy Regulation. The regulation sets out a temporary derogation from certain e-privacy rules on the processing of personal and other data for the purpose of combatting child sexual abuse. It is the European Parliament’s turn to adopt its position in the next period. 

  • Check out the latest adopted documents by the European Data Protection Board (EDPB):

  • Here are the French Data Protection Authority (CNIL) clarifications regarding its guidelines on cookies and other tracking technologies (in French). 

  • The Irish Data Protection Commission issued two statutory inquiries into Facebook’s processing of children’s data on Instagram.

  • IAB Europe rejected the findings of the Belgian DPA report that its Transparency and Consent Framework (TCF) is inappropriate for GDPR compliance. The industry solution was developed by IAB to help the digital advertising ecosystem comply with obligations under the GDPR and ePrivacy Directive and was largely adopted by websites and publishers, as well as large tech companies, such as Google. TechCrunch reported in detail on this situation.

  • The UK Information Commissioner’s Office (ICO) presented to Parliament the conclusions on the Cambridge Analytica investigation. As the Guardian noted in a dedicated article, the main conclusion is that the controversial data company did not directly misuse data to influence the Brexit referendum, as Cambridge Analytica’s claims on microtargeting individuals with suggestive political messages “may have been an exaggeration”, and the company used “well recognised processes using commonly available technology”.

  • ICO released on October 27 the report on the investigation into data protection compliance in the direct marketing data broking sector. The two-year investigation looked into the use of personal data by data brokering businesses Experian, Equifax, and TransUnion. The report identifies ‘invisible processing’ and other failings by the three organizations, including the further use of personal data provided for credit referencing purposes, for direct marketing; the use of profiling to generate new information about data subjects; a lack of transparency; and incorrect use of lawful bases for processing. ICO also has issued an enforcement notice to Experian giving it nine months to remedy non-compliant personal data processing that it considers to be in breach of data protection legislation.

  • Germany’s federal authority and 16 state data protection regulators concluded that Microsoft’s Office 365 was not compliant with privacy rules.

  • Following the invalidation of the EU-US Privacy Shield agreement, there are worries about the transfer of personal data to the US by the European Parliament’s coronavirus test website. According to her statements for EurActiv, German MEP Alexandra Geese has filed a complaint to the European Data Protection Supervisor, in charge of ensuring data protection standards across the EU institutions.

  • Four French online advertising associations have filed on October 28 an antitrust complaint against Apple over iOS 14 privacy features, more precisely on the users’ explicit consent to allow installed mobile apps to use key identifiers for targeted advertising. In the complaint to the Autorité de la concurrence, the associations contend that the changes would significantly harm the advertising ecosystem, reducing mobile ad revenue, and making it impossible to measure the effectiveness of ads. IAB US response underlines that the best and quickest way to guarantee users privacy and security is “through the collective development of technical standards and operating practices by the major browser and OS providers”, w
    hich “needs to be done together with bodies representing users, with regulation assuring all participants’ compliance if needed”. 

Cybersecurity Updates

  • The European Union Agency for Cybersecurity (ENISA) has published the EU Threat Landscape Report, a yearly report summarising the main cyber threats encountered between 2019 and 2020. Malware is standing strong as the #1 cyber threat in the EU, with an increased presence of Phishing, Identity Theft, Ransomware. The report also shows that monetisation remains cybercriminals’ top motivation and that the COVID-19 crisis is fuelling attacks on homes, businesses, governments, and critical infrastructure.

  • Two significant data breaches, one at a Finnish private psychotherapy centre and another at a Swedish security company, put on alert authorities in the two Scandinavian countries, as EurActiv reports.


  • The European Commission presented a second set of reports on actions taken by the signatories of the Code of Practice on Disinformation to fight false and misleading coronavirus-related information. The Commission noted “progress, but also substantial gaps in the data provided”. 

  • The European Commission launched the process to select the next registry for the .eu top-level domain (TLD), one of the largest country TLDs worldwide.

  • France’s lower house of parliament voted unanimously a draft law providing YouTube child stars with the same legal protections as child actors and models.

  • Two health apps were added by the German Federal Institute for Drugs and Medical Devices to the list of health applications which costs are reimbursed by statutory health insurances (DiGA). The National Association of Insurance Funds expressed its skepticism on the real medical impact of such apps, among controversy regarding the data protection compliance, as reports

  • After the failure of the first version of the coronavirus tracing app, the French Government re-launched it on October 22, under the name TousAntiCovid

  • The digital rights NGO Access Now resigned from the stakeholder platform Partnership on AI, claiming that civil society’s voice is ignored by the industry.  

  • The European Commission has adopted its new Open Source Software Strategy 2020-2023. The internal strategy, under the theme “Think Open,” and guided by 6 principles (think open, transform, share, contribute, secure, stay in control), “aims to reinforce an internal working culture that is already largely based on the principles of open source”. The Commission wants to create open-source innovation labs, remove the administrative burden for publication of software as open-source, develop open-source software skills, recruit talent, and increase its outreach to communities.

  • The European Commission has also adopted two initiatives on digital education, aimed to create a European Education Area by 2025 and to set a “plan for a high-performing digital education ecosystem with enhanced digital competencies for the digital transformation“. 
    This year’s edition of the EU Code Week took place between 10-25 October. Teachers, students, NGOs, and tech companies in 83 countries participated in more than 69,000 activities organised within this grassroots initiative supported by the European Commission.

Avatar photo

By Karina Nimară

Director of EU Policy and Head of Brussels Office - Karina previously served as Legal Advisor and Internal Market attaché at the Permanent Representation of Romania to the EU. Prior to her work with the Romanian diplomatic mission, Karina spent ten years in European Union affairs within the Romanian Government. While there she coordinated, inter alia, the process for transposition and implementation of EU legislation. Karina holds a law degree and specializes in EU law and policies. Based in the Alliance’s Brussels office, she's a tech enthusiast, enjoying the dawn of the Age of Artificial Intelligence. Other than robots, she's fascinated with cats and owls.

Related Content

Developers Alliance Joins Call for EU Policymakers to Swiftly Adopt the Extension of the Interim ePrivacy Derogation

Developers Alliance Joins Call for EU Policymakers to Swiftly Adopt the Extension of the Interim ePrivacy Derogation

Developers Alliance’s Reaction to the Political Agreement on the New EU Law on Liability for Defective Products

Developers Alliance’s Reaction to the Political Agreement on the New EU Law on Liability for Defective Products

A Busy Regulatory End of the Year in Europe 

A Busy Regulatory End of the Year in Europe 

Join the Alliance. Protect your interests.

©2020 Developers Alliance All Rights Reserved.