Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The Data Act clarifies who can access and share data and on what terms. It provides legal certainty, and it aims at removing barriers to data sharing.”
– Margrethe Vestager, Executive Vice-President of the European Commission
Story of the week: The European Commission showed its hand with the Data Act proposal this week. The final text does not diverge too much from the draft EURACTIV leaked earlier this month, especially regarding data-sharing obligations, public access to data, cloud switching, interoperability and international data transfers. Even the parts that might have been red herrings to test the water like the ban on gatekeeper access to data have been maintained. However, the devil is in the details.
The scope has been tightened to focus on the Internet of Things, including fine-tuning the definition of product and introducing one for virtual assistants. The data law will no longer apply just to moveable products such as fitness trackers and connected toys but also to moveable items incorporated in an immoveable structure, such as wind turbines and IoT technology in smart buildings. When sharing data with public bodies in an emergency, the leaked text mentioned the data could not be used to cause the data holder harm, a safeguard that has been removed.
In terms of interoperability, data holders have identified essential requirements to ensure data can be shared with other services. The Commission will also have the power to introduce new requirements via delegated acts and guidelines for European data spaces, for instance, technical standards to implement legal obligations and contractual arrangements for data sharing.
Further specifications ensure open interoperability and technical standards, focusing on cloud service providers. Moreover, cloud switching should be free of charge within three years from the signature of the contract. References to open standards and the definition of a common data space definition have been removed in the final proposal.
Don’t miss: The Commission left aside the environmental cost of producing semiconductors as it launched the Chips Act earlier this month. The proposal seeks to boost European production capacity but only factors in the environmental implications in terms of the benefits that the semiconductors will bring once created and deployed. This overlooks the fact that the chip industry is “one of the most resource-intensive in the world”. The lack of attention to the downsides of ramping up chip production puts the new act at odds with the EU’s environmental goals, driving a wedge between the two halves of the “twin transition” at least in the short-term. Read more.
Moreover, chip manufacturers make extensive use of PFAS, a hazardous chemical for human health that does not break down in the environment. Leakage of PFAS due to semiconductor manufacturing have been reported in Taiwan, the world’s top chip producer and the dangerous chemical has a grim track record in Europe as well. The growth in PFAS emissions is closely related to semiconductor and electronic devices production. Although the only way to process PFASs safely is in a completely secured system, the final products might contain dangerous substances without the consumer or business user knowing it. Moreover, Europe’s waste management infrastructure is largely inadequate, a problem that an increase in chip production can only exacerbate. Read more.
Also this week:
- The European Commission circulated a compromise text on the DMA
- The state of work in the European Parliament on the AI Act
- Russia’s cyber and disinformation war
- Google Analytics’ competitors foretaste new business opportunities
Before we start: Google experimenting with its Privacy Sandbox, Facebook blaming Apple for a massive loss of revenues, pending EU legislation- the world of digital advertising is changing fast, with plenty of moving parts. We discuss the topic with Jason Kint, CEO of Digital Content Next.
Parliament report, what to expect. According to parliamentary sources, the key part of the work will occur during the amendment process. Dual leadership means the two rapporteurs have to agree on common ground, but trust between them does not seem to run high. Even agreeing on a less ambitious draft seems challenging, given the number of points that prove contentious, from the self-assessment for compliance to the enforcement architecture. A common denominator might be found on some requirements and prohibitions. MEPs are also considering the extension of a ban on social scoring by private entities, in a similar vein to the Council’s compromise text. The ambitious timeline is already considered off by several weeks.
South Korea takes aim at clouds. The South Korean competition authority will closely look at major cloud service providers by requesting their information and conducting a stakeholder survey. The authority said that the cloud market is growing rapidly, but a small number of companies dominate it. The investigation should determine potential restraints and unfair commercial practices due to such market dominance.
Cyber defence. The EU’s Cyber Rapid Response team will be tasked with supporting Ukraine in facing cyberattacks from Russia, as threat levels increase with the movement of Russian troops across the border. The team, made up of cybersecurity officials from six EU countries, was activated in response to a request for cybersecurity assistance from Ukraine last week. As tensions with Russia have grown over recent months, several attacks have hit the country, including those directed at government departments and banks. Digital Europe and nine of its members also reiterated the call on European leaders to cyber support Ukraine.
Data & privacy
Ready to feast. With the future of Google Analytics in Europe looking increasingly uncertain, alternatives to the tool stand to benefit and are already reaping the rewards of past decisions. The Austrian and French data protection authorities have already ruled that Google Analytics falls short of EU privacy standards due to its transfer of data to the US, and the watchdogs of other countries could be set to follow suit. Any more decisions to outlaw the tool’s use could be good news for other analytics providers. Some of them report already seeing a shift in traffic towards their alternatives since the Austrian ruling in January. Read more.
Transatlantic transfers. A decision on the legality of Meta’s US data transfers is on track to be made by April. The company, headquartered in Dublin, was given 28 days to make submissions in response to a preliminary ruling issued by the Irish data protection authority on Monday, which seeks to suspend the transfers altogether. Facebook initially said that blocking the transfer of data would have devastating consequences. More recently, they hinted at leaving the European market altogether if they could not process EU personal data in American servers. The statement has later defined as a misunderstanding as European leaders coldly received the warning. The Facebook case might have wider implications as the mechanisms in question are used by Meta and many European businesses.
Pressure is up. Facebook whistle-blower Frances Haugen joined the group of bashers of the Irish Data Protection Commission (DPC) on Wednesday, calling for an independent review over its GDPR enforcement failings. As many large online platforms have their European headquarters in Ireland, the shortcoming of the DPC have meant that they have “got away” with respecting the EU privacy rule, Haugen said. She invited Dublin’s government to reflect on its responsibility for the harmful behaviour of online platforms. The DPC rejected the accusations and invited the whistle-blower to discuss the authority’s work.
War of words. Moscow has also launched an offensive in the information space in parallel to military operations. Although they have lasted for several weeks now, experts warn these efforts might further increase as the conflict unfolds. The intent is to shift the blame on the West and NATO over why Russia decided to invade Ukraine while also spreading false information about developments in the war. These could include reusing video content and images from other conflicts. Disinformation has not simply been driven by bots, as false-flag operations amplified by Russian media are also playing a prominent role.
Europe vs RT. As tension in Ukraine escalated in a full-scale invasion, European governments have been aiming at Russia Today, often accused of being the mouthpiece of Moscow’s propaganda. The editor of the TV broadcaster has been included in the list of individuals to be targeted by EU sanctions. The TV channel was banned in Poland and the UK might do the same as the British government formally requested the media authority to take action what it considers a disinformation tool of the Kremlin. The French parliament also took on a similar stance. RT condemned what it considers political pressure over the media authorities that would go against the freedom of speech. These sanctions come as Germany already banned the channel earlier this month.
Digital Markets Act
Trilogue, yes or no. No technical meeting (at least officially) has taken place on the DMA this week, as it was the green week for the European Parliament. It is still uncertain whether the political trilogue planned for next week will take place, given that all attention is now concentrated on Ukraine and lawmakers are due to meet in an extraordinary plenary session. The Ukrainian conflict might actually change the political backdrop for the proposal considerably, as Big Tech regulation might fall off the key topics of the French presidential elections, and Eastern countries might grow more vocal in their calls not to antagonise the United States. If the high-level meeting goes ahead, it is expected to validate the first bunch of compromises and advance on the key issues of obligations, scope, and enforcement.
Commission’s compromise. The European Commission circulated a compromise text that clarifies that gatekeepers cannot use data generated on their core platform services by business users or their customers, to develop competing services. The extension of this measure to ancillary services is still up for discussion. The positions of the co-legislators have been merged for what concerns operating systems: the possibility to change default settings, remove pre-installed apps, a choice screen at the time of first use for search engines (but web browsers and virtual assistants are still to be decided.) Proposals from both sides were also integrated on sideloading: from the parliament, third party apps should be able to request the users to set them as default settings; for the Council, gatekeepers will be able to take the necessary measures to ensure system integrity, as long as they are properly justified.
Designation process. The Commission’s text also strengthens the anti-circumvention provisions. Upon request from the member states, platforms that divide their services to go below the quantitative thresholds will not escape the gatekeeper designation. From the MEPs, the gatekeepers are prevented from lowering the quality of services to the consumers or businesses that require the DMA obligations to be fulfilled. The definition of circumvention techniques will also include dark patterns. At the same time, platforms that fall under the quantitative thresholds will be able to rebut the designation, but only taking into consideration the overall impact of the company on the market, the size of competitors, by how the thresholds have been passed and for how long.
High-level group. The Commission proposal includes a European High-Level Group for the DMA. The expert group would be chaired by the Commission and include 30 members from the European Regulatory Group of Audiovisual Regulators, BEREC, the EDPS, the EDPB, the Consumer Protection Cooperation Network and the European Competition Network. Compared to the Parliament’s original idea, national authorities have been excluded. The advisory body would have a much more limited role, as it would only provide input on the Commission’s request about the adoption of secondary legislation, the implementation and a streamlined adoption to enforcement.
Infringement proceedings. It is not yet clear the complaints will be filed to the national authorities or directly to the Commission, but in both cases, the regulators would have the discretion to take the appropriate measure, including taking no action. In case national authorities are involved, they could refer the matter to the EU executive or start their own proceedings. Meanwhile, 31 civil society organisations and academics have published an open letter urging the EU to ensure that the DMA allows for consumer groups to take legal action before national courts, as only competitors and business users are so far empowered to do that. While there is overall recognition on the proposal’s merits, there is no agreement on what rights to guarantee the consumer representatives as the Commission is concerned it could overburden the process. Importantly, if consumer groups are not formally involved, the investigative authority will not be able to share information with them.
Legal risks. The Commission’s limited capacities compared to those of big tech will hinder the DMA’s enforcement, civil society group LobbyControl has said in a paper identifying the legal risks of the proposal. The paper also warns that the Commission may make political concessions to avoid legal defeats, that the EU executive’s decisions may be inadequately implemented by platforms and that drawn-out processes may jeopardise fairness, amongst other concerns over the future success of the bill.
Parliament’s movements. The European Parliament’s draft report for the platform worker directive is expected in May. With compromise amendments to be discussed throughout the summer, the vote in the EMPL committee is planned for September, to be confirmed with a plenary vote. Meanwhile, the Council is expected to adopt the general approach in December. Andrus Ansip for IMCO and Axel Voss for JURI have asked to issue an opinion on the file. IMCO seems best placed, given the implications of harmonising worker status inside the single market. Still, the request of the internal market committee was not well received in EMPL, which decided not to issue an opinion on the AI Act to keep the commercial aspect separate from the labour side of things.
Survey time. Seventeen per cent of the working-age population did some kind of internetwork over the past year, while 4.3% engaged in platform work, according to the Internet and Platform Work Survey newly published by the European Trade Union Institute (ETUI). The study confirmed the growing size of the internet economy, estimated in the EU in 2021 to involve 47.5 million platform workers. Although the survey took place in 14 EU countries, no geographical pattern emerged, suggesting a homogeneous market. According to the authors, the mean earning for a platform worker is €250 per month, with a small part (7.5%) of them relying on it entirely for their income being below the poverty line.
Trump’s social. A new social media platform launched by former US President Donald Trump soared to the ranking of top free app on Apple’s app store hours after its launch, with some people placed on a download waitlist. “Truth Social” has been marketed as a “free speech” platform, with an intentionally lesser degree of content moderation than on major platforms such as Twitter, which Trump was banned from last year for glorifying violence following the violence at the US Capitol in January.
Summit set. The EU-US Trade and Technology Council (TTC) will hold its second meeting on 15-16 May, the European Commission announced this week. The transatlantic forum, which was established to coordinate approaches to and align values on the digital transformation and economic growth on both sides of the Atlantic, met for the first time in September 2021 in Pittsburgh and will convene this year in France.
What else we’re reading this week:
Data Protection Commission publishes 2021 Annual Report (Data Protection Commission)
EU-US data wrangle tests digital sovereignty (FT)
Four things to consider as the US imposes chip sanctions on Russia (Protocol)
[Edited by Alice Taylor]