This article is part of our special report What to expect in EU policy in 2021?.
Since the pandemic started last year, European citizens have had to radically realign their lives to the new reality. For the most part, this has meant rapidly migrating our personal and professional lives online. With this comes a broad range of policy measures aimed at reinforcing Europe’s connectivity and heightening cybersecurity standards across 2021.
The pandemic also resulted in vastly accelerated profits for many of the tech giants, highlighting their dominance across online markets and provoking concern among competition regulators in Brussels.
This, alongside a renewed commitment to further harmonizing rules for online services, contributed to the conception and presentation of the EU’s landmark Digital Services Act and Digital Markets Act ahead of the Christmas break.
The EU’s data strategy has also become more pertinent in the bloc’s bid to reinforce its strategic autonomy and build its own single market for data through legislation, including the Data Governance Act and the forthcoming Data Act.
Below, EURACTIV provides you with the essential information you will need over the next twelve months.
Digital Services Act / Digital Markets Act
Online platform giants will be forced to abide by a broad range of obligations as part of ambitious new plans laid out by the European Commission in its Digital Markets Act (DMA) and Digital Services Act (DSA) in mid-December, in what represents the most formidable task in EU digital policy from 2021 onwards.
The DMA proposals will see so-called ‘gatekeeper platforms’ prohibited from engaging in practices deemed to be of detriment to “contestability and fairness” in online markets. Fines for non-compliance with the rules have been pitched at a maximum of 10% of a company’s annual worldwide turnover.
Meanwhile, as part of the Digital Services Act (DSA), platforms will face the prospect of billions of euros in fines unless they abide by new rules across fields including advertising transparency, illegal content removal, and data access.
While the eventual adoption of both files is expected to take several years as the two texts now make their way through the co-regulatory procedure, the new Portuguese Presidency of the EU Council is wasting no time in making progress.
Digital Counsellor at the Portuguese Permanent Representation to the EU, Ricardo Castanheira, recently noted that that the Digital Services Act will be tabled in the Council at the Internal Market Working Party, and the Digital Markets Act will appear in the Competition Working Party. Both files will fall under the COMPET Council.
The Internal Market working party is scheduled to commence talks on the Digital Services Act on Wednesday (6 January).
In Parliament, committee groups are jockeying for influence to lead both files, with stiff competition between the Internal Market Committee and the Economic Affairs Committee. Internal Market Chair, Green MEP Anna Cavazzini, told EURACTIV before the Christmas break that her Committee should lead on both files, citing the emphasis on harmonisation across the internal market in both files.
In terms of the transparency on online advertising, which features as part of the Digital Services Act, the Commission has announced that it will table legislation in Q3 of this year to increase transparency in paid political advertising.
Online child abuse. In Q2, the EU executive will present legislation to tackle child sexual abuse online. This comes after the EU’s Electronic Communications Code came into force towards the end of December, which expands the scope of the e-Privacy Directive to online messaging services, meaning that platforms are barred from monitoring online communications in a bid to clamp down on abusive content.
In this context, last year the Commission proposed plans to provide a derogation for these rules so that platforms would be able to scan online content for evidence of child abuse material. However, an agreement between the Council and the Parliament on the plans is still a way away.
Terrorist content. One area where the Council and the Parliament were able to reach an agreement, however, was on new rules for online terrorist content, with a political agreement cut in mid-December that will see pan-European removal orders issued from competent authorities of any EU member state. Read more here.
On the subject of online terrorist content, the EU Internet Referral Unit will expand its ‘tabletop exercise,’ which aims to harmonize member states on how best to deal with online terrorist content, to include a wider range of participants, including Online Service Providers’, in 2021.
Illegal hate speech. While the Digital Services Act introduces new rules for illegal hate speech, the Commission wants to act expeditiously to introduce clearer restrictions on this type of content. A Communication on the EU strategy on combating antisemitism is likely to focus on religious hate speech online, and an initiative to extend the list of EU crimes to all forms of hate crime and hate speech will emerge in Q4.
However, elsewhere in Europe, efforts to rein in illegal hate speech online have come up against some stiff competition, with France’s Constitutional Council ruling last year that the country’s ‘Avia Law,’ which had obliged platforms to remove certain hateful content, restricted freedom of expression and was therefore deemed unconstitutional.
France’s recently presented ‘separatism bill’ which aims to tackle Islamic extremism, includes measures to stem the spread of online hate speech. The text will be debated in the French Parliament early this year.
In Germany meanwhile, the country’s Network Enforcement Act, otherwise known as the ‘NetzDG law,’ obliges social networks to remove criminal content and illegal hate speech within a timeframe of 24 hours or face fines of up to €50 million. It was expanded last year with the inclusion of new reporting obligations for platforms with regard to certain types of criminal content online.
German efforts have proved influential on other EU nations, with the Austrian Parliament approving their own version of the NetzDG-law in mid-December, forcing platforms such as Facebook and Twitter to delete any content that has been marked as hate speech within 24 hours.
Disinformation. Alongside hate speech, concerns have abounded with regards to online disinformation. Fake News in the context of online political advertising was addressed in the Commission’s Democracy Action Plan, presented in December. The move marked the first piece of a digital agenda package that aims to fight disinformation, enforce rules on fair competition in online public debates, and protect the integrity of elections. As part of the measures, the bloc is charting the establishment of punitive measures to improve the bloc’s and member states’ capacity to counter disinformation. Read more.
The Commission will issue guidance in spring, setting out how platforms need to step up their measures based on its assessment of an updated code of practice against disinformation, which attempts to voluntarily press platforms to stifle the spread of fake news online. For their part, member states aren’t waiting around. The Netherlands is putting in place a package of measures to tackle disinformation in the run-up to its parliamentary elections in March, including a Code of Conduct that aims to make it more transparent who is behind a political advertisement.
All EU member states must transpose the EU’s copyright directive into national law by 7 June 2021.
However, with fears that Article 17 of the plans, designed to ensure that platforms would no longer make copyright-infringing work available online, could result in online upload filters being used, some member states are dragged their feet.
One of the most prominent outliers has been Poland, which has complained to the European Court of Justice over the implementation of Article 17, arguing that the article’s filter requirement could lead to censorship.
Late last year, the Court held a hearing into Poland’s complaint. Should the court decide that Article 17 constitutes a general monitoring obligation in breach of the eCommerce Directive, they could decide to strike down those elements in the article.
An initial opinion from a Court Advocate General is foreseen for 22 April, just weeks before the Copyright Directive’s implementation deadline.
Connectivity and Digital’s 20% budget outlay. The pandemic has resulted in a vastly greater uptake of digital tools and technologies among all generations and walks of life. The question of how to ensure Europe’s future connectivity has never been more pertinent.
Following a recent agreement between the European Council and the European Parliament on the EU’s next seven-year budget, 20% of the bloc’s spending has been dedicated to digital. Where the bloc’s priorities lie in this broad field, however, is still up for debate. Many argue that ensuring a sense of continuity through bolstered connectivity objectives should be a priority.
5G delays. Just before the Christmas holidays, EU auditors announced that they will probe the EU’s 5G strategy. This came ahead of end-of-2020 deadlines set out in the 2018 Electronic Communications Code, which legally binds member states to ensure the availability of 5G radio spectrum.
Under EU rules, member states were obliged to assign spectrum for 5G for the 700 MHz band by 30 June 2020, whereas for both the 3.6 GHz and 26 GHz bands the assignments were due by 31 December 2020. By mid-December, member states (as well as the UK) had assigned on average only 36.1% of the 5G pioneer bands
Such missed deadlines represent a breach of EU law. It remains to be seen how precisely the European Commission will respond, but speaking at a recent online event, Anthony Whelan, digital policy adviser to Commission President Ursula von der Leyen, spoke of the executive’s frustration at the lack of compliance with the timeframes.
Broadband costs reduction. We heard last year that the Commission was considering a review of the Broadband Cost Reduction Directive, as a means to bolster connectivity amid the pandemic. Towards the end of 2020, the Commission opened up a public consultation, which runs until March 2021.
The Commission’s data strategy, presented in February 2020, aims to establish a single European market for data, allowing public and private actors “easy access” to huge reserves of industrial information. The strategy features work produced under four pillars covering the governance model for the access, use and reuse of such data, capacity building for Europe’s data ecosystem, empowering businesses and individuals in their knowledge of how data can benefit them, and also the specific establishment of data spaces across a range of sectors. In 2021, the strategy is pursued through several policy initiatives.
Data Governance Act. In December last year, the Commission presented its Data Governance Act and decided against imposing geographical restrictions on the establishment of so-called “data sharing services” which will facilitate greater sharing of non-personal and industrial data across the bloc.
Previous drafts of the regulation, published on 25 November, had laid down the obligation that new data sharing services acting as intermediaries between data holders and secondary users would have to be established in the EU.
Yet the final version stipulated that any such data sharing services should either be established in the EU or at least “designate a representative” in Europe.
Moreover, while the Commission seems to have watered down previous attempts at ringfencing European industrial data to the bloc, the text still establishes requirements for transfers to third countries. Read more here.
The regulation will now be debated by member states and the European Parliament. In the former, the Council working party for Telecommunications and Information Society began talks on the plans on 5 December, while the Parliament’s Industry Committee, led by rapporteur Angelika Niebler of the EPP group, will deliver their response. Opinions will also be filed from Parliament’s Internal Market, Legal Affairs and Civil Liberties committees.,
The Commission has, meanwhile, opened up the Data Governance Act for public feedback, running until 1 February.
Data Act. In Q3 2021, the Commission will present its Data Act, aiming to “foster business-to-government data sharing for the public interest.”
Health Data Space. Also stay tuned for Q4 2021, when the Commission will present legislation to build a single European health data space.
ePrivacy Regulation. Nearly four years on, negotiations continue in the Council on the EU’s bid to protect data transmitted over electronic communications as part of the e-Privacy regulation.
The German presidency attempted to build consensus among member states by presenting a compromise text last year, which withdrew the ‘legitimate interest’ provision for the general processing of metadata, included in earlier versions of the text, and also sought to permit the processing of metadata in online communications for ‘monitoring epidemics’ or to help in ‘natural or man-made disasters.’
Despite their best efforts, the German presidency’s attempts were ultimately in vain, and the Portuguese have now been tasked with finding consensus among ministers. They have already sent around a compromise text, according to Politico.
Privacy Shield. $7 trillion in transatlantic trade could be at risk should the EU and US fail to agree on a new Privacy Shield agreement, a study published in mid-December by the Information Technology and Innovation Foundation said. Despite the lobbying efforts, however, talks between the Commission and the US stalled, largely because of the US Presidential election.
Justice Commissioner Didier Reynders told us this last year, and an agreement on a new transatlantic privacy accord will be one of the Commission’s priorities in the new year.
The renegotiation is required following a European Court of Justice ruling in the summer that had found the agreement to be inadequate.
On the subject of Standard Contractual Clauses, individual agreements that facilitate the global transmission of EU data, the court ruled that such accords are theoretically valid but risks involved with contracting particular data transfers to third countries must be taken into account.
One thing that the Commission did table last year was a draft decision on such standard contractual clauses (SCCs). The draft text for modernized standard contractual clauses (SCCs) published by the Commission now includes provisions addressing the issue of government data access requests, stating that “the data importer agrees to promptly notify the data exporter and, where possible, the data subject” if it receives a legally binding request by a public authority for disclosure of personal data transferred.
Brexit data extension. Following the end of the Brexit transition period, the EU and the UK reached a fudge on the conundrum of EU-UK data transfers. The EU executive had been conducting an assessment of the UK’s data protection landscape as part of a so-called ‘adequacy-decision,’ in order to determine if EU data can safely be transferred to the UK after Brexit.
During the transition period, the UK continued to abide by the EU’s General Data Protection Regulation, but there are fears in the Commission that this could change with the UK out of the single market.
As part of the trade deal agreed between the EU and the UK in December, a six-month extension has been agreed, whereby the UK will continue to follow EU data protection rules.
Database directive review. Confirmation came late last year that the Commission will present a review of its Database Directive. This is to emerge in Q3 2021. EURACTIV first got wind of this in a leaked version of the Intellectual Property Action Plan last November.
The directive, which provides protection for databases under the understanding that such forms of content constitute an author’s original creation, will be revised as a means to increase future access and use of such material, the action plan confirmed.
As part of the follow up on the Commission’s White Paper on Artificial Intelligence, published in February 2020, the EU executive is set to present legislation aimed at tackling the ‘technological, ethical, legal and socio-economic aspects of AI.’ The follow-up to the White Paper is expected in the first quarter of 2021.
In last year’s White paper on AI, ‘high-risk’ technologies should be earmarked for future oversight, including those in ‘critical sectors’ and those deemed to be of ‘critical use,’ the Commission had said.
In the end, the Commission held back on introducing strict measures against facial recognition technologies, after an earlier leaked version of the paper floated the idea of a moratorium on facial recognition software.
The Commission now plans to “launch an EU-wide debate on the use of remote biometric identification,” of which facial recognition technologies are a part.
For their part, Parliament has already made the first steps in adopting a series of initiative reports on the future regulation of Artificial Intelligence technologies.
The EPP’s Axel Voss led a report on a Civil liability regime for artificial intelligence, S&D’s Ibán García del Blanco oversaw a text on AI and ethics, and Renew Europe’s Stéphane Séjourné drafted a report on Intellectual property rights in the field of Artificial Intelligence.
Bolstered cyber strategy. Just before the holidays, the Commission unveiled a new strategy to combat cyberattacks, including a revision of the Security of Network and Information Systems Directive (NIS 2), adding new sectors to the scope of minimum cybersecurity requirements as well as attempting to further harmonise sanctions regimes for cyber attacks across EU member states.
The Commission is also looking to expand the scope of the 2008 European Critical Infrastructure directive with the introduction of a Critical Entities Resilience (CER) Directive, which would earmark ten sectors as ‘critical,’ including energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration and space. These texts will now be debated by MEPs and the Council.
New EU cyber hub. Meanwhile, in mid-December, Bucharest was selected to host the EU’s new cyber centre, becoming the first EU body based in Romania.
Marian Murguleț, secretary of state and chief information officer of the Romanian government, told EURACTIV.ro that the decision “represents both a question of fairness but also a recognition of Romania’s European course in the field.”
“Romania really wanted to bring the centre to Bucharest and it filed an extremely solid candidacy,” Murgulet said.
Europe’s Digital Decade
2030 Digital Targets. In October 2020, EU leaders invited the Commission to present, by March 2021, a ‘comprehensive Digital Compass,’ setting out the bloc’s future ambitions in the digital arena for 2030. The goals are likely to cover areas aimed to ensure Europe’s ‘strategic autonomy’ and reduce dependence on third countries for the provision of key enabling technologies.
The Digital Compass will lay out new ‘means and milestones’ to achieve benchmarks by 2030 in such areas, likely covering connectivity, skills, and computing.
EURACTIV last year disclosed the Commission’s initial outline as part of plans to introduce a European-wide Digital Identity, which would seek to provide a ‘trusted and secure’ form of online identification for the use of online services. The EU executive is due to present these plans in Q1 2021.
Last year, EU leaders pressed the Commission to come up with plans for a secure public electronic identification (e-ID), including interoperable digital signatures, to “provide people with control over their online identity and data as well as to enable access to public, private and cross-border digital services.”
Digital Euro. The European Central Bank launched a three-month public consultation on plans to introduce a Digital Euro last October. A decision on when such plans will materialize is likely to be made in mid-2021, the ECB has said.
Digital Tax. The European Commission will present a new plan for an EU-wide digital tax in Q2 of this year. Attempts to introduce a bloc-wide digital services levy faltered last year, following opposition from Ireland, Finland and Sweden among others to a planned 3% levy on companies earning €750 million in revenue, €50 million of which would need to be EU taxable revenue.
After last year’s failure to introduce a single EU digital tax framework, some member states have since pursued their own efforts in the field, including France, Spain, Italy and Austria.
The Post-Brexit Age. On 1 January, the EU’s domain name registry, EURID, informed ‘all UK registrants and their registrars that their domain name is no longer compliant with the .eu regulatory framework.’ Such domain name registrations have now moved to a ‘suspended’ status until 31 March.
Over 80,000 domains assigned to UK registrants have been suspended by the EU’s domain name registry, EURid, pending a change in the address of registrants required for use of the .eu domain.
EURID says that such a status precludes functionality of the domain’s website and email services, but say that the operational functionality can be ‘reinstated’ should the legal criteria be met, effectively meaning that registrants would have to change their registration information so that the entity is legally registered in the EU. This is a concern that had long been raised by the registry.
Meanwhile, the pro-Brexit Leave.EU campaign has updated its legal establishment to an address in Ireland in order to maintain its status as an active website following the end of the Brexit transition period, EURACTIV can reveal.
Legislative plans will come forth from the EU executive on 24 February on ‘improving the working conditions of platform workers.’
Following a period of engagement with gig-economy workers and trade unions, the European Parliament’s strongest voice on this issue has emerged from French Leftist MEP Leïla Chaibi, who last year published her proposal for an EU directive on Digital Platform Workers. Read it here.
Right to repair
In Q4 this year, the Commission is set to present legislative plans for ‘New design requirements and consumer rights for electronics,’ in which the EU executive may present plans to introduce a right to repair obligation for hardware manufacturers.
Ahead of this presentation, the Parliament made its voice heard last November, after the Internal Market committee adopted its own-initiative report on a sustainable single market for business and consumers, led by French Green MEP David Cormand.
“Harmonised mandatory labelling indicating durability and tackling premature obsolescence at EU level is the way forward,” Cormand, following the adoption of his report. As part of the report, the Parliament calls on the Commission to grant consumers a “right to repair” for electronic devices and products.
Campaigners praised Parliament’s position, with Chloe Mikolajczak, campaigner for the Right to Repair campaign saying that the Commission should take action their commitments to a green Europe. “The European Commission now needs to take this momentum and move forward swiftly in 2021 on an EU-wide repairability score for all electronic devices and repairability rules for computers,” she said.
Portugal to present rights declaration. The Portuguese EU presidency will present a declaration on Digital Rights at Lisbon’s Digital Assembly in June, a Portuguese government official informed EURACTIV last year.
The declaration aims to position the EU as the leader in “reinforcing the respect for individual digital rights, which are essential for the trust in the digital economy,” the official said, adding that the text is still being finalized at the national level.
The end of 2020 also saw the Commission come forward with a package on the digitalization of the justice sector. Specifically, the COVID-19 crisis brought the need for digitalisation of justice to the forefront, Salla Saastamoinen, acting director-general for the Commission’s DG for Justice and Consumers told EURACTIV following the presentation of the plans, stressing that “concerted effort is urgently needed, both at the national and EU level, to accelerate the digital transformation process of the justice sector”.
2021 will see the European Commission pursue efforts in this area further, with the presentation of a three-pronged approach as part of its Digital judicial cooperation package, featuring legislative proposals on digital information exchange on cross-border terrorism cases, and the Digitalisation of cross-border judicial cooperation. Both will come in the last quarter of the year.
[Edited by Benjamin Fox/Zoran Radosavljevic]