Digital Brief powered by Google: Parliament bashing US data transfers, Ireland’s GDPR enforcement, UK adequacy decision

The Digital Brief is Euractiv's weekly tech newsletter.

Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here


“The Commission must not repeat the same mistakes by negotiating and signing off on data transfer agreements with third countries, including the United States and the United Kingdom. We do not want to witness a ‘Schrems III’ case.”

Juan Fernando López Aguilar, S&D chair of the LIBE committee and rapporteur for data protection adequacy


Story of the week: EU lawmakers have endorsed two resolutions, sending a strong political message to the European Commission on data transfers with the United States and the United Kingdom respectively. The first resolution calls on the Commission to develop clear guidelines in line with the Schrems II and the opinion of the European Data Protection Board (EDPB), in light of the EU executive’s ongoing negotiation with the US administration. The resolution accuses the Commission of having “put the relations with the US before the interests of EU citizens, and the Commission thereby left the task of defending EU law to individual citizens”.

The second resolution concerns the UK data adequacy decision. MEPs voiced several concerns, echoing a recent opinion from the EDPB. In particular, the resolution points to the UK migration and public security policies, which for the lawmakers should be better considered in the adequacy decisions. Another key point of concern relates to the onward transfers, as MEPs fear the UK might sign trade agreements with third countries that would allow EU data to be moved without an adequate level of protection. Listen to the podcast for more.

Don’t miss: as part of the resolution on the Schrems II ruling, MEPs have also called on the European Commission to start an infringement procedure against Ireland. The resolution states that Ireland has failed to enforce GDPR, as the Irish Data Protection Commissioner has only sanctioned one GDPR breach so far, against thousands of complaints received per year. There are also those who considers this bashing of the Irish authority excessive, pointing to the overall failure of the GDPR enforcement across Europe. While the resolution was adopted with a very large majority (only one opponent), an amendment from Tom Vandenkendelaere (EPP, Belgium) and Jeroen Lenaers (EPP, Netherlands) that proposed scrapping the part on the infringement procedure was rejected 383 vs 291. Read more.


Also this week: codes for clouds, the first SLAPP awards, WiFi vs. 5G, cybersecurity exercises, and much more…


Digital Brief, powered by Google

Private by design. Secure by default. You’re in control.

From knowing that your personal content is never used for ads to setting your data to “auto-delete,” you should be able to use the best that the internet has to offer without worrying about your privacy. We see it as our responsibility to prove every day that you are safer with Google.


Data & privacy

Speaking of Ireland. On Friday (14 May) the High Court ruled in favour of the Data Protection Commissioner’s (DPC) probe against Facebook. The Preliminary Draft Decision (PDD) issued in August last year challenged Facebook transfers of EU personal data on the ground of the Schrems II ruling. Facebook disputed the judicial review, which was overruled by the court. The social media network warned about the devastating consequences the provisional order would have if enforced. Austrian privacy activist Max Schrems considered that the stop of EU-US data transfers is now ‘inevitable’. Other Big Tech companies like Microsoft have decided to store EU data in European facilities.

Codes for clouds. On Thursday (20 May), the European Data Protection Board (EDPB) adopted two Codes of Conduct, the EU CLOUD for cloud service providers, and the CISPE, intended for providers of cloud infrastructure. The codes were presented by the Belgian and French supervisory authorities respectively. The Codes are intended to provide practical guidance for processing EU data. The EDPB also adopted a follow-up statement on the Data Governance Act (DGA), restating the need for the DGA to be fully aligned with the current privacy rules. The DGA is a landmark initiative meant to create European data spaces, currently being discussed in the Industry, Research and Energy (ITRE) committee of the European Parliament.


Who slapps the most. Today (20 May) marked the launched of the first European SLAPP Contest, a prestigious award launched by the Coalition Against SLAPPs in Europe (CASE). The lineup was very competitive across the five categories. Here are the winners.

  • ENI (Italy) won the award for Corporate Bully of the Year. In the aftermath of a corruption scandal for an oil concession in Nigeria, the Italian oil group kept its legal department very busy by suing a witness, journalists and Italian newspaper il Fatto Quotidiano.
  • Kaczynski (Poland) was recognised as SLAPP Politician of the Year, for his contribution to the 50 lawsuits its Law and Justice Party (PiS) brought against the local newspaper Gazeta Wyborcza.
  • HRT (Croatia) was awarded the Litigation Addict prize. In an astonishing commitment to legal proceedings, the state-owned broadcaster started suing its own journalists.
  • Carter-Ruck (UK) won the Bully Lawyers of the Year title. Specialised in ‘reputation management’, the London-based law firm has become a point of reference for SLAPP-prone clients.
  • Korindo (Germany) was declared International Bully of the Year. The Korean-Indonesian conglomerate decided to respond to the accuses of deforestation and human rights violations by an interesting legal escamotage.

Not followers. The European Commission press service is reportedly looking to make some of the COVID-induced arrangement permanent. The Spokesperson Service (SPP) is considering introducing a hybrid system initially for off-the-record technical briefings, with the view of potentially extending it to official press conferences. The new system would see journalists from outside Brussels having the same level of access as Brussels-based reporters, and also open press briefings to non-accredited journalists. Several Brussels correspondents have raised their concerns on the proposal, considering it would weaken the scrutiny of EU institutions harder. Read more.

Media transformation. On Tuesday (18 May) the Council of the European Union approved with its conclusions the Action Plan for Europe’s Media in the Digital Decade. The European Commission launched the plan in December 2020. The plan includes a MEDIA INVEST provision intended to inject €400 million in the audio-visual industry and a NEWS initiative, to provide loans and investments for news outlets.

A programme for culture. On Wednesday (19 May), the European Parliament adopted Creative Europe, the new framework programme for supporting the culture and audio-visual sector. The largest share of the €2.5 billion funding will go to support the audio-visual sector, including film production. The new media will also be financed for the first time from a European programme, supporting a sector that was hardly hit by the pandemic.

Stream titans. The telecom giant AT&T, which already includes CNN HBO and Warner Bros, will merge with the multinational media Discovery, in a clear attempt to compete with Netflix and other streaming services. The streaming market is close to saturation as consumers are only willing to pay a certain amount of subscriptions, hence we might see more mergers going forward.

Industrial strategy

Chip arms-race. Commissioner for the Internal Market Thierry Breton said on Thursday (20 May) the EU will commit ‘significant’ funds to building its chip-making capacity, following the launch of the semiconductor alliance last month. This week South Korea announced a massive $452 bn investment to scale up its chip-making capacity. The investments in chip production are taking what certain observers have defined as a ‘wartime-like’ dimension.


Online sports. MEPs have adopted a resolution urging the European Commission to adopt measures against illegal online broadcasting of sports events. EU lawmakers proposed to remove the illegal content within 30 minutes from reporting, as the timing of the enforcement is considered a key aspect to protect intellectual property rights. Green MEPs have challenged the proposal, comparing it with the removal of terrorist content that can take up to one hour. Read more.

WhatsApp’s backlash. After Germany suspended WhatsApp’s new privacy policy last week, the Facebook-owned messaging app has come at odds with India as well. The new privacy policy would allow the popular app to share data precisely with its parent company Facebook. The Indian authorities have previously expressed concerns about the update, and have now issued another warning while the antitrust watchdog is also conducting an investigation. WhatsApp is the most popular messaging service in India, and the South Asian country is the largest market for the app.


In the cyclone’s eye. On Wednesday (19 May) the first EU-wide cybersecurity exercise has taken place. The operation called CySOPEx 2021 was intended to test large-scale cybersecurity crisis management, coordinating a response to potential cyberattacks hitting several EU countries at once. The exercise was organised by the Portuguese Presidency of the Council as chair of the EU Cyber Crises Liaison Organisation Network (CyCLONe), the cybersecurity cooperation network launched in September 2020 by the European Commission. While cybersecurity response capacity remains part of the member states’ defence portfolio, these exercises are meant to test the procedures for cooperation and information exchange in critical moments.

Security needed. Europe is looking at strengthening its cyber-capacity at a time when cyberattacks are becoming ever more common. Ireland’s health system suffered a major cyberattack this week, forcing its IT system to temporarily shut down. The hackers also got their hands on sensitive health data, and are menacing to release it if a ransom is not paid by Monday 24 May. Irish authorities have denied they received requests for a ransom, which they say they would not pay anyway. Ransom payments are a short-term way out for cyberattack victims, but have a devastating effect on society as the hackers are better financed and encouraged to reiterate their cybercrimes.

Sanctions prolonged. Meanwhile, the Council of the EU decided on Monday (17 May) to extend the legal framework to impose restrictive measures against cyberattacks until 18 May 2022. These measures were adopted as part of the Cyber Diplomacy Toolbox in June 2017, and provide the legal basis for sanctioning individuals or organisations that are considered taking part in cyberattacks against the EU, its member states or third countries. Sanctions include the possibility to freeze assets and a travel ban


Band fight. There is an underlying competition between Big Tech and telecom companies over the 6GHz band. Governments around the world have been looking at allocating the spectrum between Wi-Fi and 5G. Spectrum releases do not happen very often and this is a very significant bandwidth, hence it might determine the future ICT technologies in the years to come. China has allocated the entire 6 GHz band to 5G, showing once again Beijing predilection for the technology. Conversely, the United States will only make the band available for Wi-Fi and other unlicensed technologies, probably because of Washington’s leaning on (US-made) Big Tech. The European Union is also expected to assign this band entirely to Wi-Fi in the coming weeks. Telecom operators have warned that this jeopardises the development of 5G technology, calling for a balanced distribution of the unlicensed band between Wi-Fi and 5G. Expect more on this to come.

Tit for tat. Back in October, the Swedish government excluded Huawei from providing 5G equipment based on security reasons. The Chinese telecom giant has challenged the decision, and a court ruling is now pending. Meanwhile, Beijing has announced that retaliation against Ericsson might follow as a consequence. The Swedish telecom company has been playing a key role in the 5G rollout in China, winning several important contracts and participating in the testing of the technology. Meanwhile, EU countries continue to have different approaches to Huawei on 5G.

Space race

Red planet. China landed a rover on Mars for the first time on Friday (14 May), as only the second country in history to do so, after the United States. The Zhurong rover was sent for research purposes and has already released images of the red planet. In April, Beijing started building Tianhe, its space station by launching its first module. A supply mission is expected to be launched shortly, in view of the first manned expedition to the station that will take place in June.

Under the Moonlight. The European Space Agency (ESA) announced it is developing plans for developing a constellation of satellites around the Moon. This ‘lunar link’ is intended to provide a shared telecom and navigation system that would make individual missions more cost-efficient, looking in particular at establishing a permanent human presence on Earth’s natural satellite. The agency stated that two consortia will be funded to define how such a constellation of satellites will work.


What else I’m reading this week:

  • An opinion piece from Bruegel considers why cryptocurrencies are more likely to remain a speculative asset rather than an electronic alternative to money.
  • The New York Times provided an interesting perspective on how digital technologies are being used to organise extremist violence in Israel, but also empowering the victims of such violence.
  • Project Syndacate interviewed Commission Vice President Margrethe Vestager on tech governance.

Subscribe to our newsletters