Digital Brief: Data Act leaked, AdTech in the storm, the importance of standards

The Digital Brief is EURACTIV's weekly tech newsletter.

Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here


“The aim to ensure fairness in the allocation of data value among actors in the data economy and to foster access to and use of data.”

— Draft proposal for the EU’s Data Act, seen by EURACTIV


Story of the week: The proposal for the new Data Act contains rules for data sharing, access by public bodies, safeguards for international data transfers and interoperability obligations, according to a leaked draft seen by EURACTIV. The proposal will be published later this month and will set out rules to be followed by device manufacturers, digital service providers and users as the presence of connected devices accelerates.

The overall principle will be that platforms will have to open up their data to the users (including organisations) that help to create it. The users will be able to either use the data directly or give it to a third party, while respecting trade secrets and without competing with the platform. However, gatekeepers are explicitly prohibited from receiving data in this way. The draft law includes provisions to avoid unfair contractual terms, reversing the burden of proof on the platform.

Public bodies will be able to request access to privately-held data in the context of public emergencies or legal obligations. Emergencies include natural disasters, pandemics and terrorist attacks, but not day-to-day law enforcement activities. Safeguards to prevent access to data from foreign jurisdictions were also put in place.

Perhaps the most unexpected rules are those on cloud switching and interoperability. The Commission had to – at last – acknowledge that the SWIPO codes of conduct were a failure, as dominant players still make it impossible to change cloud providers. The EU executive seems determined to address the matter head-on this time, requesting harmonised standards and including cloud switching in the contractual obligations. Read more.

These obligations did not go down well with many stakeholders. Not only tech companies, but also the automotive industry, seem determined to water down the proposal. Trade associations are already mobilised to ask for voluntary agreements, rather than binding obligations, according to an internal letter seen by EURACTIV. Private stakeholders are also worried the access of public bodies might become disproportionate, and that the provisions on international transfers might further force them to localise their data in Europe. Read more.

Don’t miss: On Wednesday, the Belgian data protection authority issued a decision that is bound to shake the very way the AdTech industry operates in the EU. The Transparency & Consent Framework (TCF), the industry standard to manage user preferences in compliance with the General Data Protection Regulation (GDPR), has ironically been deemed in breach of the GDPR. The decision has many layers and potential implications.

It directly affects the organisation that developed the TCF, trade association IAB Europe, which was deemed a data (co-)controller for having shaped the way other organisation process their data. That is a very broad definition of controllership, one that some consider opportunistic, and that might put legal advisors and consultants in an unprecedentedly difficult spot.

Moreover, the decision marks is hugely disruptive for advertisers and the way they have working until now. Although the authority did not throw out the TCF completely, it dismissed its interpretation of ‘legitimate interests’ for putting non-essential cookies in place. With six months to bring the TCF in line with the decision, the industry will have to rethink the entire advertising ecosystem. Read more.

Also this week

  • The DMA negotiations might be at a turning point
  • EU institutions adopt stronger mandate for Europol
  • The French data protection authority might spill more troubles for Google Analytics
  • Big Tech suits Germany’s content moderation law

Before we start: With Alessandro Gropelli, deputy director-general at the European Telecoms Association (ETNO), we take stock of digital networks in Europe, the structural problems of the telecom market compared to international competitors and potential remedies to stimulate infrastructural investments.

The state of connectivity in Europe

With Alessandro Gropelli, deputy director-general at the European Telecoms Association (ETNO), we take stoke of digital networks in Europe, the structural problems of the telecom market compared to international competitors and potential remedies to stimulate infrastructural investments.

Artificial Intelligence

Beijing takes on deep fakes. China’s cyberspace watchdog (CAC) has released a set of draft rules on “deep synthesis tech”, for example deep fakes. Included in the text are provisions that would see the application of China’s existing content rules to this machine-generated content, meaning prohibitions on fake news and pornography, for example, would be carried through. Creators of the software to synthetically manipulate content will also have to ensure that it is traceable and where the tech allows for significant editing of biometric information, such as a face or voice, consent must be obtained from the person to whom they belong prior to their use.


Keep me in the loop. Meta has been fined £1.5 million by the UK competition authority for failing to issue an advance warning of key personnel changes. The Competition and Markets Authority (CMA) found the company to be in breach of an Initial Enforcement Order issued in 2020 at the start of its investigation into Meta’s acquisition of Giphy, as part of which it was required to alert the CMA in advance of high-level staff changes. Meta says it intends to pay the fine but is “disappointed” at the watchdog’s decision to issue it over the voluntary departure of employees. Read more.


Cyber eastern front. US, EU and NATO cybersecurity officials met this week to discuss the risk of cyberattacks on Ukraine by Russia. Anne Neuberger, a White House cybersecurity advisor, joined the gathering in Brussels on Tuesday before traveling to Poland to meet with other European officials working on the issue. Her visit comes in the wake of a major cyberattack on Ukrainian government websites in January and amid rising concern of an impending Russian invasion of the country. Read more.

NSO 2.0 The iPhone flaw exploited by Israeli surveillance company NSO Group last year was also targeted by another company, Reuters reports. NSO rival QuaDream, an Israeli firm that develops smartphone hacking software for governments, was also able to hijack Apple devices using the weakness. QuaDream served some of the same government clients as NSO, whose Pegasus software was found to have been used to compromise the phones of a number of high-profile politicians and activists around the world. Read more.

Data & privacy

The new Europol. Europol has received a new mandate from European co-legislators, marking what is (possibly) the final chapter for the contention over the E.U. law enforcement agency’s data handling. Under the new terms, Europol will have a legal basis for storing and processing large amounts of personal data, something that it was already doing but which the European Data Protection Supervisor (EDPS) ruled in 2020 was beyond its mandate. The enhanced mandate has caused concern amongst many lawmakers and rights groups, however, on the grounds that it legitimises the agency’s unlawful data practices. Moreover, it contains a new article allowing Europol to maintain the data the EDPS recently ordered the agency to destroy. Read more.

Second yellow card? After a rough few weeks, Google Analytics is now under the scrutiny of the French data protection authority CNIL, which is set to rule on whether the tool violates the EU privacy law. Two weeks ago, Austria’s data watchdog found Google Analytics to be in breach of the GDPR due to its storing and processing of personal data in the US, deemed by the highest EU court to have insufficient protections in place. Google has pushed back against the findings, but it remains to be seen whether France will follow Austria’s suit and whether this could prompt a cascade of cases against the tool in other member states. Read more.

Gatekeeping explained. Big tech’s control over data is inhibiting closer relationships with customers and driving down revenues, say SMEs, according to a new report by Klaviyo. A survey of 500 directors at UK-based SMEs found that many see building a close relationship with customers as a key challenge – one which is made more difficult by the data control exercised by large tech companies in ecommerce. A third of respondents, however, said they could foresee an increase in profits were they able to regain this control.

Speaking of automotive. The European Consumer Organisation (BEUC) has written to the Commission calling for sector-specific regulation when it comes to accessing “in-vehicle data”. Cars, BEUC says, hold an increasing volume of data over which customers have no control and often where they lack the ability to make informed choices. The letter follows earlier requests to the Commission to legislate on the issue; BEUC is now again asking for regulation to prevent what it says could be eventual data abuses by car makers and tech companies. Asked about the letter at a press conference on Wednesday, commissioner Breton anticipated this point will be addressed in the Data Act.

Mapping the flow. The Commission has published a study mapping data flows within Europe, a key part of the European Strategy for Data which sets developing an analytical framework for measuring data flows as one of its key objectives. The study found that the largest volume of enterprise data flows is served by cloud and edge data centres in Germany, followed by the Netherlands. The health sector was the origin of the largest data flows to the cloud in 2020, and the largest volumes of data were found to come from businesses with at least 250 employees.

Digital Markets Act (DMA)

Two out of three. The second political trilogue took place on Thursday (3 February), with a very dense agenda. According to a source who set in the meeting, everyone stated their priorities with little time for actual discussions, although some openness on interoperability was expressed. From the Commission side, Vestager seems to be the most reluctant to expanding the list of obligations beyond the competition rulebook (Art. 5 and 6), probably because her DG COMP will be in charge of the implementation. By contrast, Breton seems to be more flexible to move away from the initial proposal.

Behind the scene. An EU diplomatic source told EURACTIV that a common problem in the negotiation is when MEPs try to push too many things at once, as the Presidency tries to figure out what the actual priorities are. A European Parliament official confirmed that no internal meeting took place to nail down these priorities. In this regard, it is quite telling that rumours would have MEP Andreas Schwab bilaterally negotiate with French state secretary, Cedric O. Moreover, Schwab told EURACTIV he is in discussion with DSA rapporteur Schaldemose to see interlinks between the files. The ban on targeted ads on minors, in particular, might be moved to the DSA, but progressive MEPs are cautious the Council might not keep its word.

Something might move. The second trilogue is usually a turning point in the negotiations, the diplomat added. Pressure is up now for the French to make their move, if they really want to close the file by March. Indeed, the timing for the next political trilogue is marked as ‘open-ended’. The European Parliament official also said that they were expecting the Presidency to make their proposal in writing. The next four-column might therefore be a key one in the negotiations.

Meanwhile in Washington. A policy paper sent last week by the US administration to several EU lawmakers and governments made the case for the DMA not to target American firms. The paper represents concerns that the DMA will hit US tech companies hardest, given its focus on the largest “gatekeeper” platforms. The US Department of Justice, however, reportedly did not receive the news of the paper’s dissemination well. Officials are concerned that its arguments could hamper Washington’s own tech regulation efforts, particularly antitrust measures currently under consideration in the Senate. The Trans-Atlantic Consumer Dialogue also reacted noting that various legislative initiatives in the US, such as the American Innovation and Choice Online Act, would regulate exactly the same types of companies.

Digital Services Act (DSA)

So it begins. Interinstitutional negotiations started on Monday, with a usual ceremonial meeting. Rapporteur Schaldemose stated two key points for ‘improvement’ in the proposal: the ban on dark patterns and the additional obligations for marketplaces. The measures on targeted ads, new remedies for compensation from intermediary services also make it on the priority list. While the Council is hardly in favour of a partial ban on targeted ads, the position is much more open in regards to the obligations against illegal products. On the other hand, MEPs seem receptive to fine-tuning the definition of very large online platforms to also include search engines in the scope.

Not only researchers. NGOs and journalists should be among  those able to access platform’s data, Nobel Peace Prize winner Maria Ressa told lawmakers in the European Parliament this week. Counting a broad range of stakeholders as researchers – third parties who would be allowed access to internal platform data in order to conduct research and provide oversight – would help to foster a better understanding among people about how their personal data is being used. Ressa also spoke out against targeted ads and the so-called “media exemption”, both high-profile issues in the legislation. Read more.

Gig economy

Rapporteurship taking shape. Lawmaker Elisabetta Gualmini has been officially assigned the lead on the platform worker directive, confirming the clout of the Italian delegation to the S&D group. The EPP also confirmed its shadow, the German Dennis Radtke. Both MEPs worked as shadows on the own-initiative report for platform workers. However, Radtke prompted negative reactions in the conservative party for appointing himself such an important file without discussing the matter internally. In an internal email to his group, seen by EURACTIV, Radtke explained that “as I have also been continuously in contact with social partners on this matter, I have decided to become the shadow rapporteur of the file. I know that some of you were also interested in this file, which is why this decision was not easy for me to take.” Radtke was recently reconfirmed group coordinator of the EMPL committee.

Gig economy platform gap. Women are at a consistent disadvantage within the platform economy, according to a report released by the European Institute for Gender Equality this week. The downsides of some of the main attractions of gig work, such as the flexibility it allows, often hit women harder, the report found, and the AI systems that manage the platforms also often contribute to gender-based discrimination. While proposals are on the table to legislate on both these issues, the report concludes that this alone is not enough and that more needs to be done to ensure that women are equally as involved in developing and operationalising these systems. Read more.

Industrial strategy

Chips Act, soon to come. At an event on Thursday, Commission President Ursula von der Leyen made several anticipations on what the Chips Act will contain. The proposal that will be presented on Tuesday is intended to make Europe “a strong player across all the value chain.” First, the Commission wants to concentrate on its strongpoint, its world-leading research community, to start developing sophisticated chips below 3nm. Second, the initiative will focus on translating research into industrial innovation and chip design. Third, as entirely relying on foreign producers is considered not sustainable, the EU executive wants to scale up Europe’s production capacity, including by relaxing its state aid rules. Fourth, European officials want to involve smaller actors more, to make sure they have access to advanced chips by developing industrial partners. Last but not least, the Commission wants to prevent bottlenecks in the international supply chain with more balanced interdependencies with like-minded partners, starting with the US and Japan.

The sense for standards. The Commission presented a new Standardisation Strategy this week, renewing its commitment to engage in defining technological standards for emerging technologies as a means of countering international competition. Commissioner for the internal market, Thierry Breton, said that Europe’s position as a leader in international standardisation had been challenged by the rise of US and Chinese companies, which now hold a majority of voting shares even in European standardisation organisations. The strategy aims to embolden national representatives, SMEs and consumers when it comes to standard-setting and will seek to ensure that European interest and values are reflected in international standards. Read more.

Think about the future. French civil society organisations have called on candidates in the French presidential election to devote more attention to innovation and skills after a notable absence of digital issues in the contest so far. Despite the growing importance of tech during the pandemic, and France’s push for digital sovereignty, discussion of these issues have been minimal so far. One area that has, however, been the subject of some focus recently, is data sovereignty. Read more.

The SME challenge. Following the acceleration of SME digitisation during the pandemic, policymakers now need to focus on infrastructure and education if they want to bridge the digital divide, experts have said. In order to support the 25 million SMEs currently operating in the EU, digital skills and integration will be vital, especially when it comes to addressing disparities in digitalisation between member states. Read more.


German ban. Russia Today (RT) must immediately cease broadcasting its German-language TV programme due to the outlet’s lack of the required license, German authorities said on Wednesday. RT Deutschland, which launched its programme in December, had not applied a license, the German commission on licensing and supervision of media institutions (ZAK) said. RT, long criticised for spreading disinformation, came under investigation the day after it launched its German operation over the absence of a broadcasting license. The decision was unrelated to the channel’s content, ZAK said. Read more.

Russian retaliation. In response to the ban, Russia on Thursday retaliated by announcing the shut down of the Moscow bureau of German broadcaster Deutsche Welle (DW) and the withdrawal of the press licenses of all its journalists in the country. The government has also initiated proceedings to declare DW a “foreign spy”. DW described the move as a “complete overreaction” and said it had been turned into a “pawn”; the broadcaster said it would continue to operate until confronted and would take legal action to challenge the measures. Read more.

Greece’s Orbánisation. Greece is heading for “Orbánisation” due to deteriorating press freedom, EPP MEP Giorgos Kyrtsos has said following comments made by Greek Prime Minister Kyriakos Mitsotakis about the two journalists who revealed the Novartis scandal. Ruling party New Democracy has been accused of seeking to silence the journalists who are now facing prosecution for alleged complicity in the case, which unveiled 10 high-profile politicians as having received bribes from pharmaceutical company Novartis. The development has elicited widespread condemnation, with Kyrtsos as the latest voice to join the criticism, warning that EU funds to Greece could be under threat if the decline in press conditions continues. Read more.


NetzDG, no thanks. Big tech platforms in Germany are pushing back against an amendment to the country’s Network Enforcement Act (also known as NetzDG) which came into effect this week. The amendment to the law, which aims to target online hate speech, introduces obligations on platforms that have more than 2 million users that would see them have to provide authorities with information for criminal prosecutions and delete and report content that violates criminal law. Google, Meta, Twitter and TikTok, however, are going to court to protest the amended law; Google and Meta have already received an exemption from their reporting requirements until the case is decided. Read more.

Meta stumbles. Shares in Meta suffered a major hit this week, plunging 20% on Wednesday after it was revealed that Facebook’s daily active users declined to 1.929 billion in the fourth quarter of 2021, for the first time in the company’s history. The dip in value cost Meta $200 billion in market value and the company has forecast a first quarter revenue lower than what analysts had been expecting. For its part, Meta has attributed its current difficulties to privacy changes put in place by Apple and increased competition from rival platforms.

Diem is no more. Facebook’s foray into cryptocurrency is set to end after it announced the closure and sale of its Diem project this week. Diem, launched in 2019, aimed to design a digital currency and payment system, but drew concern from regulators over its security and reliability. The project’s leaders have acknowledged that the pushback from finance officials has made continuation unviable and, following the $182 million sale of the technology to Silvergate Capital Corporation, now plan to “begin the process of winding down”. Read more.

Disinformation on Spotify. Controversial US broadcaster Joe Rogan, accused of spreading vaccine disinformation via his popular podcast, has pledged to seek more balanced views on his show moving forward after a number of high-profile artists pulled their music from Spotify in protest at the platform’s hosting of the series. Singers Neil Young and Joni Mitchell were amongst the artists who withdrew their work from Spotify, saying that the platform would have to choose between hosting their content or Rogan’s. Rogan has now said he will look to invite more balanced speakers on his podcast and will include a disclaimer in each episode, as suggested by Spotify.


French telecoms say “enough”. The French operators are demanding that the biggest content providers, here meaning tech giants such as Google, Amazon and Meta, or streaming platforms such as Netflix, do their bit in financing the networks, which they would overexploit on their own. The “current power” of these players has allowed them “to impose free traffic” and forced operators “to give in to blackmail”, said the director general of the French telecom federation. This isn’t a new debate, but it could gain momentum this time around as the digital giants are increasingly challenged for their dominant position in certain markets.

R&D in Spain. Vodafone opened a new European Research and Development centre in Málaga this week, set to receive €225 million from the company over the next five years. The centre will look at developing next-generation tech solutions covering, for example, Internet of Things (IoT), unified communications and edge computing. Vodafone says the centre will create 600 highly-skilled jobs, part of the company’s goal of adding 7,000 software engineers to Europe by 2025. Partnerships with local universities, companies and vocational schools are also planned in order to promote the hub’s work.

Transatlantic ties

Privacy Shield, for real? Noises that a new agreement for data transfers between the EU and the US might be near are getting louder. On Thursday, US secretary of commerce Gina Raimondo said that the agreement was a number one priority for the Biden administration. Meanwhile, some experts have concluded that European law might be flexible when it comes to whether the U.S. is required to establish the redress. Establishing such a mechanism in statutory form would bring many advantages, but would be practically very difficult due to the US’s constitutional and political system, the experts conclude. However, there is greater room for manoeuvre, they note, when it comes to non-statutory approaches, which could still be compatible with European law.

TTC targets. Trade association DIGITALEUROPE has released a set of 24 targets for the EU-US Trade and Technology Council to focus on achieving by 2024. Amongst the areas zeroed in on a green growth, where the creation of a Transatlantic Green Technology Alliance is encouraged; inclusion, which suggests equipping 20% of the workforce with digital skills and ensuring that at least 30% of ICT specialists are women; and innovation, including the goal of launching a €100 million joint funding project for SMEs. The report also sets out a number of Working Groups for collaboration on the targets in the short and medium terms.


What else we’re reading this week:

The E.U. and U.S. are starting to align on A.I. regulation (Brookings)

Meta moves to tackle creepy behaviour in virtual reality (BBC)

White House backs U.S. antitrust pushes. The E.U.’s? Not so much. (Protocol)


[Edited by Nathalie Weatherald]

Subscribe to our newsletters