The September 2021 Europe & UK Policy Update.
Modest Start Of The EU-US Dialogue On Tech And Trade
The EU and the US have started their much-awaited dialogue toward potential cooperation regarding technology and international trade. On 29 September 2021, the EU-US Trade and Technology Council held its first round of discussions in Pittsburgh. It ended with this joint statement. Detailed discussions will continue in ten thematic working groups. A solution for the most pressing and important issue, transatlantic data flows, still seems distant following the invalidation of the Privacy Shield last year by the European Court of Justice.
The EU Court Decides The Fate Of The Android OS
Developers Alliance stood before the EU General Court in Luxembourg as an intervener in the Android case (Case T-604/18, Google and Alphabet v Commission). The hearing for the appeal lasted five days, a record previously held by the Microsoft case. The judges listened to our arguments concerning the decision’s impact on the Android developer community. We expect at least a year of deliberations before their judgement is released. Meanwhile, the negotiations on the Digital Markets Act, a regulation based on a series of Commission antitrust cases and ongoing investigations, including this one, continue in Brussels. The objective of this effort is to redesign digital markets and digital ecosystems, such as Android and iOS, outside the constraints of current competition law. The Court’s judgement in this case, however, will have a significant impact as the EU Courts have the ultimate say on the interpretation of EU law and the legality of acts of the EU institutions.
Other Competition News
The UK’s CMA had cleared Facebook’s acquisition of Kustomer. The British Competition Authority found “that there is no realistic prospect” that the merger will raise barriers to entry by increasing Facebook’s data advantage in online display advertising. The transaction is also being investigated by the European Commission and the German Competition Authority (BKA).
The Commercial High Court in Paris is judging a case brought in 2018 by the Directorate General for Competition, Consumer Affairs and Fraud Control against Google. The French government complaint argues the unfairness of Google’s contracts with developers regarding the level of fees, the power to suspend or modify the contracts unilaterally, and its access to information provided by developers. The judgement is expected on November 2, as Notre Temps reports. A twin case concerning Apple is continuing along the same path. Government movement is backed up however by the startups association France Digitale, who joined the Coalition for App Fairness in February this year.
A coalition of tech, advertising, and publishing companies, Movement for an Open Web, has submitted a formal complaint about Google’s project “Privacy Sandbox” to the European Commission. According to their website, “MOW was established by a group of businesses that care deeply about the future of the World Wide Web” and “that between them have annual revenues of $40bn-plus.” There is no reference on who precisely those businesses are, however. A Google spokesperson, as reported by Politico, pointed to a previous statement saying “the ad-supported web is at risk if digital advertising practices don’t evolve to reflect people’s changing expectations around how data is collected and used.” The UK CMA is also pursuing its own investigation into the Privacy Sandbox’ browser changes and published in June this year its intention to accept Google’s commitments.
Data Protection & Privacy
Ireland’s Data Protection Commission has fined WhatsApp €225 million for GDPR infringement. This is more than a four-fold increase in the penalty compared to what it had initially proposed, following other national DPAs and EDPB’s pressure. The fine is accompanied by a range of remedial actions.
The Irish Data Protection Commission and the Italian Data Protection Regulator (“Garante”) have started investigations regarding Facebook’s new wearable technology, Facebook View, developed in collaboration with Ray-Ban glasses. Both authorities are concerned about “the means by which those captured in the videos and photos can receive notice they are being recorded”, more precisely if the indicator LED light is an effective means of giving notice.
The Irish watchdog has also started two inquiries into TikTok’s compliance with GDPR. The inquiries concern the processing of personal data in the context of platform settings for users under age 18 and age verification measures for persons under 13, especially with respect to
the transfers of personal data to China.
An open letter signed by 81 organizations and individual cybersecurity experts, including many members of the Global Encryption Coalition, calls on the Belgian government to drop law enforcement access requirements in a draft law on the collection and storage of identification, traffic and location data in the electronic communications sector and their access by the authorities. The letter underlines that the requirements would force operators of end-to-end encrypted systems to undermine encryption to provide access to user communications.
The European Data Board (EDPB) has published its opinion on the European Commission’s draft adequacy Decision regarding South Korea. Overall, the EDPB has identified many aspects of the Korean data protection framework to be essentially equivalent to the European data protection framework. It was concluded, however, that there are certain unclear aspects that need further detailed attention.
The European project euConsent was presented during a conference in Athens, on September 9, on online child’s rights, age verification and parental consent. The project is developing “European-wide infrastructure to facilitate interoperable age verification and parental consent mechanisms”, as a possible technical solution for compliance with the upcoming requirements derived from the current legislative proposals such as European Digital Wallet-eID or Digital Services Act.
Cybersecurity
The European Commission’s President, Ursula von der Leyen, has announced, in her annual State of the Union speech, a European Cyber Defence Policy and a new Cyber Resilience Act. The new EU law will set common cybersecurity standards on connected devices, building on the existing NIS2 Directive. The initiative is part of the EU’s strategy for “European tech sovereignty”.
Lithuania’s Minister of National Defence has tweeted a warning concerning smartphones made by Huawei, Xiaomi and OnePlus, following an investigation of the national cybersecurity agency. The report shows that these devices pose significant cybersecurity and censorship risks. The German news portal Tagesschau reports that the German Federal Office for Information Security has also confirmed its own launch of an investigation into the cybersecurity of certain Chinese mobile phones.
This October is European Cybersecurity Month, with conferences, workshops, training, webinars, presentations and online quizzes across the EU. The effort looks to advance awareness of cybersecurity and build trust in online services. Stakeholders can propose online or physical awareness-raising cybersecurity events for the 2021 campaign by registering an activity.
Miscellaneous
The European Commission proposed USB-C as the harmonized standard port for all smartphones, tablets, cameras, headphones, portable speakers and handheld video game consoles. The revised Radio Equipment Directive also includes unbundling the sale of chargers from the sale of electronic devices. A common charger was a long-standing and pressuring request of the European Parliament. Companies will have two years to comply with the new rules. Apple opposed the EU’s imposition of a single type of connector, considering that it “stifles innovation rather than encouraging it, which in turn will harm consumers in Europe and around the world.”
The European Parliament has adopted the new EU Blue Card rules, facilitating labour market access for highly qualified immigrants. The criteria for admission will be more flexible:
-
a valid work contract or binding six-month job offer instead of twelve months contract or offer,
-
lower salary thresholds at least 100% and not more than 160% of the average gross annual salary in the member state of employment, from the current 150% minimum with no upper limit,
-
and more rights for beneficiaries and their families.
Proof of relevant work experience will be accepted to attest certain types of professional qualifications, such as in the information and communication technology sector. The revised directive needs formal approval by the Council and then will be published in the Official Journal. Member States will then have a two-year period to transpose it in their national legislation.
The UK’s AI Strategy, published on September 22, is intended “to make Britain a global AI superpower” in the next ten years, based on “the most pro-innovation regulatory environment in the world,” investment and skills and talent attraction and support.
The European Commission published a study on the economic impact of Open Source Software and Hardware on the EU economy, as a basis for future policy options in different digital sectors. Open source is considered as a public good, in “a change of paradigm f
rom the previous irreconcilable difference between closed and open source.”
A series of hackathons for students are taking place in several Member States within the framework of EU Code Week. The European final will take place on 14 October.
