“The freedom of mind. There is a possibility that once lost, people who grow up in the digital age will have difficulty in regaining it. This may have far-reaching political consequences. People without the freedom of mind can be easily manipulated.”
So said George Soros at the start of 2018 at Davos’ World Economic Forum. Little did Soros know at the time what a prophetic statement his would turn out to be, with 2018 turning out to be a tumultuous year for tech.
Cybersecurity
In January, security officials uncovered the Meltdown and Spectre software vulnerabilities in modern microprocessors. The flaws provoked the European Commission to step up their game in their SOPHIA research programme, aiming to address the challenges of security weaknesses in processors.
Moreover, the EU’s Cybersecurity Act was adopted this year, establishing a certification framework that will set cybersecurity standards for products during the design and development stage. This, in addition to the 2016 NIS Directive and the regulation on the establishment of a network of cybersecurity competence centres, has helped bolster Europe’s cybersecurity clout on the global stage.
A summary of the risks of Meltdown and Spectre, conducted by the EU’s cybersecurity agency, ENISA, led them to conclude that they “are most likely to be exploited in targeted attacks against specific targets, rather than in massive campaigns.”
Data protection
Talking of massive campaigns, in March, news broke of the extent of Cambridge Analytica’s handling of Facebook user data, in which the personal information of around 87 million Facebook users was acquired by furtive means. In characteristically theatrical fashion, Justice Commissioner Jourova called the events “horrifying,” and Facebook founder Mark Zuckerberg was summoned to appear before party leaders at the European Parliament, to the dismay of many, however, who criticized the haphazard nature of the proceedings.
Horrifying, if confirmed. Personal data of 50 mln #Facebook users could be so easily mishandled & used for political purpose. We don't want this in the EU. #GDPR https://t.co/p2czcodOsi
— Věra Jourová (@VeraJourova) March 18, 2018
In May, Europe beckoned in legislation that had far-reaching and impactful consequences. The new General Data Protection Regulation came into effect and with it the threat of crippling fines of up to €20 million, or 4% of global annual revenue.
The new rules mean that terms of consent for acquiring personal data must be made transparently, data breaches must be reported quickly, users have a right to access their data profile from controllers and they also have the ‘right to be forgotten.’
Needless to say, earlier in the year, an EU source told EURACTIV that Cambridge Analytica had been a blessing in disguise for policy in the oft-controversial area of data protection when the GDPR came in to force in July.
Moreover, under the EU’s data accord with the US, GDPR rules were called upon to be respected by US data controllers who held by European data. This proved to be a controversial policy area throughout 2018, but ended on a positive note in December, when greater alignment from the US with EU data protection law was confirmed at the second annual privacy shield review,
GDPR is regarded by many as a precursor to the ePrivacy regulation, which is set to broaden the scope of privacy regulation to cover areas such as cookies and metadata. The regulation is one of the priorities of the upcoming Romanian presidency of the EU.
Copyright reform
The Romanians will also have to thrash out a deal with the Parliament on the controversial copyright bill, which is set for a final round of talks in January. The story of the directive’s passage through the institutions was a talking point throughout the year.
The bill aims to ensure that producers of creative content are remunerated fairly online. A number of artists, including Sir Paul McCartney, have supported the bill.
However, it has never been short of opponents, the most vociferous of whom within the EU institutions was Green German MEP Julia Reda, who warned that we should “say goodbye to the public domain” should the copyright measures be adopted.
With fierce debate still surrounding Article 11 of the bill, which would oblige internet platforms that post snippets of information to contract a license for the original publisher of the material, the January talks are set to be a dramatic affair.
Fake news
Another area in which the EU sought to apply pressure in 2018 was disinformation. In February, thirteen Russian nationals and a Russian internet agency were indicted by the US in connection with a conspiracy to disrupt the 2016 US presidential election. In the investigation, allegations also emerged of a Russian pro-Brexit troll campaign.
Germany took steps to regulate against fake news, after their Network Enforcement Act came into effect at the beginning of the year. Elsewhere, India backed down over proposals to hold journalists who publish fake news to account and Malaysia criminalised disinformation.
Kenya passed the Computer and Cybercrimes bill which includes penalties on those who publish false information, Italy’s state broadcaster appointed a chair with a history of spreading false accusations, the Singaporean government held several hearings into the challenges of fake news in Asia, the Macedonian name-change referendum was hit by allegations of meddling from the US authorities and, even before the Brazilian elections were struck by swathes of fake news, Congress had been considering a bill to penalise those who share fake news online.
More generally, in September, the European Union introduced their code of practice against disinformation, whose signatories include Facebook, Google and Twitter. A report on compliance with the code is set to be published in January 2019.
EU Digital Tax
But an EU digital tax was not to be. French Finance Minister Bruno Le Maire’s December announcement that France would go it alone with a tax on some of today’s digital giants, effectively signalled the end of an EU-wide solution to the OECD impasse.
The Commission’s proposal to oblige tech firms with annual EU taxable revenues of €50 million or above to pay a 3% levy on revenues received substantial publicity on both sides of the Atlantic, with the Americans claiming in October that it was ‘discriminatory.’
However, with tax legislation requiring unanimous agreement between EU finance ministers, the controversial idea of a digital tax was always going to be difficult to reach consensus on, particularly when nations such as Ireland play host to a number of tech giants including Google, Facebook, Adobe, LinkedIn, Apple and AirBnB.
2019
What’s in store for 2019? Keep an eye on EURACTIV’s digital coverage over the Christmas holidays to find out.
Expect lots on autonomous vehicles, blockchain, media regulation, Artifical Intelligence, Quantum technologies and of course the ever-relevant cybersecurity and data protection issues.
Stay tuned…