Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“I’ve invited you all here today because you have the power, the capacity, and the responsibility, I believe, to raise the bar on cybersecurity”
– –Joe Biden, President of the United States
Story of the week: In a meeting between Joe Biden and the chief executives of Amazon, Apple, Google, IBM, and Microsoft this week, the US President called on the tech giants to step up when it comes to cybersecurity. Biden also announced a new executive order mandating that the federal government only acquire tech products that pass certain cybersecurity standards, new versions of which are to be developed in a collaboration between the private sector and the National Institute of Standards and Technology (NIST). The tech companies present had announcements of their own including training programmes for cybersecurity experts, investments in protections and programmes designed to increase user security. The meeting comes amid a wave of recent cyberattacks which have targeted high-profile infrastructure and companies, including the US government itself in the past few months. Biden, whose approach to cybersecurity so far has drawn praise, cautioned Russia and China in July that state-sponsored cyberattacks have the potential to lead to very real conflict. Read more.
Don’t miss: The UK has announced new post-Brexit global data plans as part of a broader push to establish itself as a “science and technology superpower”. However, London’s grand strategy could lead to conflict with EU data protection standards and consequently endanger data flows between the two trading partners. A key part of the plans is the establishment of international data partnerships with a range of countries, including Australia and the United States, where privacy protections are not considered at the same level as GDPR. The UK government also announced changes to its data protection regime, to make it more innovation-friendly and compatible with economic growth. In adopting its own data adequacy standards less than a month ago, the European Commission reserved the right to review, suspend or terminate its decision to continue transferring personal data to the UK if the country made changes that fell short of the bloc’s standards. Read more.
Also this week:
- Fear grows as personal data and biometric devices fall into the hands of the Taliban
- China takes the lead on digital regulation with new privacy laws and regulation on recommender systems
- Social media approach to the Taliban is a microcosm of the content moderation dilemma
- The campaign on banning targeted ads enters the DMA debate, with businesses watching closely
A message by Facebook:
Data & privacy
In the wrong hands. If anyone needed proof of the risks personal data entails if it fell in the wrong hand, Afghanistan provides a dramatic example. Many Afghans have been scrambling to delete their digital history, fearing that it could be used against them in the wake of the Taliban’s takeover of the country. US military biometric devices are reported to have been seized by the Taliban during their advance through the country, meaning databases containing data such as the fingerprint, facial and iris scans of thousands of Afghans could be accessible to them. Fear is that this information might be used to target those that collaborated with the Western-sponsored regime, political opponents, and minority groups. In response, civil rights groups around the world have been publicising advice on how people can delete their digital footprints and evade biometric recognition, and Facebook unveiled new user controls to allow people in the country to do so more easily.
Privacy law enacted. An expansive new privacy law was passed by China’s top legislative body this week. Broadly modelled on the EU’s GDPR, the law will prevent companies from using personal data for user profiling or setting different prices for the same services. Instead, state and private bodies with access to this kind of information will have to reduce their collection and obtain user consent for its use. The law does not, however, affect China’s state security apparatus, which still has access to immense amounts of personal data.
Privacy pressure increases. Pressure is mounting on Apple to abandon plans to embed “surveillance features” to scan for child sexual abuse material in its devices. Earlier this month the company announced that it would introduce measures to scan children’s communications on iMessage and iCloud photos for evidence of abuse and exploitation. Policy groups have pushed back against the plans, saying that they could compromise users’ privacy and potentially serve as a way for authoritarian governments to target individuals. Read more.
Cybersecurity violation. Alibaba’s cloud computing unit has violated China’s Cybersecurity Law and must take steps to address this, the company was told by Zhejiang province’s telecoms authority (ZCA) last month. ZCA told Alibaba Cloud that it had shared user information with third parties without consent, thereby violating 2017 law. The company said that the information leak had occurred in 2019 and was the result of an individual employee’s actions.
Who is watching who? Analysis by Common Sense Media has found that almost all streaming platform providers share extensive information on users’ viewing habits for advertising purposes and fail to implement legally required protections of children’s data. The report covered many of the biggest platforms, awarding the lowest overall privacy score to Netflix and the highest to AppleTV+, the only streaming app that received a “Pass” rating.
Card criticism. Ireland’s data protection commission has initiated an investigation into the country’s Public Services Card (PSC), currently required for access to a number of public services. The PSC has received heavy criticism from data privacy campaigners and a previous investigation by the watchdog found that the grounds for forcing users to have one in order to access certain services was unlawful. The new investigation, launched by a complaint from Digital Rights Ireland, will see the privacy watchdog consider the role of the Department of Public Expenditure and Reform in processing a database connected to the PSC.
Digital marketplace futures. The World Economic Forum predicts that Data Marketplace Service Providers (DMSPs) will be a central component of future digital market governance. In a briefing paper released this month, the WEF described them as key in both acting as “trust anchors” and providing economic incentives, and notes that many businesses are taking on similar roles.
Recommendation regulation. China has unveiled sweeping new regulations concerning recommendation algorithms, installing tight controls on their use. The draft regulations, published by the country’s cyberspace watchdog, the Cyberspace Administration of China (CAC), set out a number of safeguards on how, when and why such algorithms can be used, designed to apply to both small app-makers and big tech. Provisions entail that the users shall be able to see and change the keywords their profile is associated with or to opt-out from the recommendation system altogether. There will also be a limit to the type of keywords that can be used for profiling, as the algorithms need to adhere to the official ‘values’ and avoid influencing public opinion. Requirements for gig economy workers and minors were also introduced.
Trump 0, Taliban 1. Platforms have adopted starkly contrasting approaches to content moderation when it comes to social media accounts belonging to the Taliban. Facebook has said it will continue to ban Taliban accounts, prioritizing the blocking of terrorist organisations. Twitter is instead prioritizing access to information, allowing the group’s representatives to use its platform while still upholding a ban on former US President Donal Trump. The divergence highlights the complexity not only of deciding who should or should not be allowed an online space to speak but also of whether big tech companies should be the ones making these decisions. Read more.
PR backfire. Facebook declined to publish a report on its most popular content earlier this year over concerns that it would attract bad press for the platform. The report, which covered the first three months of 2021 was pulled before its intended release after company executives decided its content, for example, the finding that among the most popular pages on the site was a publication known to spread right-wing conspiracy theories could spell a PR disaster.
Airbnb opens its doors. Airbnb has announced that it will temporarily house 20,000 Afghan refugees, covering the costs of their stay in its properties around the world. No details have been released yet on how long the housing might last but the company’s CEO, Brian Chesky, said that in the wake of the humanitarian crisis and evacuation airlifts, “we feel a responsibility to step up.”
OnlyFans u-turn. After strong pushback from its users, OnlyFans has reversed its decision to ban sexually explicit content. The platform announced plans last week to ban the posting of porn from October, reportedly in response to difficulties securing funding. The decision drew fierce criticism, particularly from sex workers who have been central to the platform’s growth, which accelerated massively during the pandemic, and who, in many cases, rely on the site for a safer source of income.
Who benefits from ads. Business representatives have pushed back against calls from Green MEPs to limit targeted online advertising, arguing that it would harm small businesses by simultaneously reducing the effectiveness and increasing the cost of advertising. The Green MEPs have pushed forth this initiative against targeted ads also in the context of the cross-party Tracking-Free Ads Coalition, and supporters of their position have countered trade organisations with the argument that Big Tech, rather than small business, is the one truly benefitting from targeted ads. Read more.
Who wants to use it. US federal agencies are set to expand their use of facial recognition software, according to a report by the US Government Accountability Office. The use of facial recognition by government agencies is “increasingly common”; 18 out of the 24 surveyed at a federal level currently use some form of the technology, with many utilising more than one system, and 10 plan to increase their deployment of it by 2023. Outside the US, law enforcement and government agencies from 24 countries were found to be deploying Clearview AI, a controversial facial recognition technology, the use of which is currently being reviewed for potential GDPR violations in the EU, after having been offered free trials by the company.
Who wants to ban it. A group of prominent European civil society organisations published an open letter calling on the UK Parliament to ban the use of live facial recognition technology (LFRT) by both the police and private companies, saying that they don’t believe it is possible for it to be safely deployed in public spaces or for mass surveillance. The signatories, which included Privacy International, European Digital Right (EDRi) and Amnesty International UK, voiced concerns that the use of LFRT could not only have grave implications for human rights but could also exacerbate existing policing practices that disproportionately target minority communities.
Give me some credit. The European Data Protection Supervisor (EDPS) has issued its opinion on the proposed Directive on consumer credit. While endorsing the goal of the proposal, the EU privacy watchdog invited the European Commission to include stronger safeguards that limit the use of consumers’ personal data and guarantee fair access to credit for all Europeans. The opinion also suggests including the consumer credit and data protection rules in the Artificial Intelligence Act provisions on third-party conformity assessments. Read more.
Mind the (lobbying) gap. AI-powered government decision-making systems have a well-documented history of misuses and regulating this technology is a key priority of the von der Leyen Commission presidency. However, according to an EU Observer investigation, 152 lobbying meetings related to AI legislation were logged by Commission officials between December 2019 and August 2021. Out of these, two-thirds were made up of corporations and business associations. The quantity of meetings does not automatically translate in influencing the legislation, but the difference in accessibility between businesses and civil society groups seems to be rather common also for other EU institutions.
Spy stories. A massive hack of the email programme Microsoft Exchange that started in January led to extensive data breaches. The US government and Microsoft blame it on Chinese government-backed hackers. Latest revelations from officials and tech experts suggest that the information collection that drove the hack was in aid of China’s ambitions when it comes to AI, dominance in which will require access to enormous volumes of data.
Database dilemma. Controversial data sets set up to train facial recognition software may have been deleted after criticism, but they often remain many times over on the internet, and may still be being used. Given that many of these databases were removed due to ethical concerns about their contents of implications, their continued use means that these issues live on, raising the question of whether simply creating improved data sets is really the answer when it comes to building more ethical technology.
Misinformation management. YouTube has pledged to increase information from trusted sources and decrease the spread of videos containing harmful misinformation in an effort to improve its response to dangerous and misleading content. In addition to its current removal policy, the platform has announced new measures to optimize search results for quality rather than sensationalism, saying that it would prioritise returning trustworthy content to viewers over ramping up removals in order to avoid curbing freedoms of speech or becoming arbiters of truth.
Manpower for sale. Disinformation is increasingly being spread via “influence-for-hire” schemes, which are promoting government policies in countries in the Asia-Pacific region. A report released this week by the Australian Strategic Policy Institute outlines how for-profit content farms are producing and disseminating online material designed to strengthen certain government positions or discredit news articles. The cheap digital labour readily available in South-East Asia seems to provide fertile soil for the phenomenon.
The American virus. Conspiracy theories that the Coronavirus may have originated from a US military lab in Maryland are being promoted by top officials in Beijing, as part of an effort to push back against investigations into the origins of the pandemic in China. Previously predominantly aired in state-allied papers, the theories are now being publicised by the spokespeople of government ministries.
Hack the regime. Hackers known as the Belarus Cyber Partisans have been targeting the regime of Alexander Lukaschenko and claim to have hacked almost all parts of the administration. The group, made up of tech-sector workers and which says it operates in coordination with a group of Belarusian law enforcement and intelligence officers, regularly publishes damaging information it has purportedly gained via breaches of an array of government and police systems, with the aim of undermining the regime from all sides.
Indictment after journalist’s murder. Nearly four years after Maltese investigative journalist Daphne Caruana Galizia was assassinated, one of the country’s wealthiest businessmen has been indicted for instigating her murder. No trial date has been set yet for Yorgen Fenech, who has been under arrest since late 2019, but the prosecution is said to be aiming for a life sentence. One man accused of carrying out the murder has been jailed and two more are awaiting trial. The plot’s middleman, who was pardoned for collaborating with the authorities, has named Fenech as the organiser of the anti-corruption reporter’s killing.
“Foreign Agent” classification. Russia has added independent TV channel Dozhd, one of the last remaining outlets that are critical of the government, to its list of “foreign agent” media organisations. Outlets that receive this classification are required to disclose their funding sources and tag all their publications and social media posts. Dozhd has received EU funding since 2014 and has previously suffered from what it has described as a campaign of intimidation. Its addition to the list comes amid the increasing targeting of liberal media outlets in Russia.
Change of hands. The German publisher Axel Springer announced on Thursday a deal to acquire the American news website Politico. Axel Springer is the largest publishing company in Europe, it owns several influential publications such as Bild and Die Welt and operates in over 40 countries. The deal also includes the complete takeover of Politico Europe, 50% of which Axel Springer already owned.
Huawei breathes again. The US has begun granting licenses authorising suppliers to sell chips to telecoms company Huawei, which has been crippled by Trump-era trade restrictions on the sale of components including chips. The Biden administration has upheld a hard line on exports to Huawei, but the last few months have seen a gradual handing out of licenses for the sale of chips to the company for its production of items less susceptible to US trade bans.
5G accelerates. The 5G smartphone installed base will come close to half of the total by the end of 2021, according to predictions made by analyst group Omdia. The increased presence of 5G modems in cheaper devices, driven by both their decreasing cost and the expanding rollout of 5G, will be a key driver of this overall trend. A similar analysis published by Gartner earlier this month projected the steepest rate of growth yet for 5G this year, though a potential slowdown in 2022.
Telecoms tax. The European Telecommunications Network Operators’ Association (ETNO) and the Global System for Mobile Communications Association (GSMA) have raised concerns that OECD/G20 proposals for a minimum corporate tax fall short when it comes to recognising the telecoms sector’s contribution to economies around the world and has issued a call for a more equitable and a balanced approach to taxation. The organisations also voiced concerns over what they say is a shift in the tax framework which would subject large telecoms multinationals to double taxation.
Will look into that. The European Commission will launch a formal investigation on Nvidia’s plan to acquire Arm, a British chip-designer company, according to the Financial Times. The investigation can only start once the EU executive is officially notified of the takeover, which Nvidia is expected to do on the second week of September. The massive deal worth $54 bn is to be scrutinised on competition grounds, as rival chipmakers voiced concerns Nvidia might bloc their access to Arm’s design. Similar concerns were also raised by the Competition and Markets Authority, the UK antitrust watchdog. The UK government is also looking into the deal for national security reasons, indicating the strategic value of the semiconductor supply chain.
Another alarm bell. Industry 4.0, a German-coined term, might no be German for too long. The warning comes from Bitkom, an influential digital association, that conducted a survey according to which two-thirds of German companies see themselves as falling behind in automating their production process. Respondents indicated as the main causes of the delay the lack of financial resources, the strict data protection rules, and the IT security requirements. The business representatives also criticised the fragmentation of the funding programmes, which often require long applications. Read more.
Musk’s robot. Tesla, Elon Musk’s electric car company, is set to develop a robot prototype, to be completed next year. The “Tesla Bot”, announced at the company’s AI Day last week, marks a departure from Musk’s previously voiced concern over the future of AI-powered robots. The robot will, according to Musk, be built like a human at 5 feet 8 inches tall with hands and feet, and will be designed to eventually undertake “dangerous, repetitive, boring tasks
What else I’m reading this week:
China’s digital currency is gathering speed, but its effects on privacy and authoritarianism could be grave. (Wired)
Technological developments are often the by-product of wars but in Afghanistan, it has been the Taliban rather than the US who have overwhelmingly benefitted from this kind of innovation. (MIT Technology Review)
As the presence of Silicon Valley tech giants in London expands, UK tech firms are finding it increasingly difficult to recruit their own workers. (CNBC)