Digital Brief: Privacy Shield update, DMA obligations, GAFA Tax

The Brief + Hubs ARTICLE template

Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here


“Now, with the Biden administration, we feel in Europe that the United States as we know it is back.”


– European Commission’s vice-president for values and transparency, Věra Jourová, speaking this week on the negotiations between the EU and the US on a new Privacy Shield agreement. 


Top Story: EU negotiators want an “absolute guarantee” that personal data transferred to the US will not be subject to “mass surveillance,” as part of ongoing talks on a new EU-US data transfer mechanism, according to the European Commission’s vice-president for values and transparency, Věra Jourová.


Also this week: Irish DPC TikTok worry, Copyright directive transparency concerns, Portugal pushes for TERREG rules, DMA Obligations document, GAFA tax in France and Spain, Apple privacy complaint in France, Digital decade targets, MEPs in call for AI rights, and more…

Speaking as part of a EURACTIV event on Wednesday (10 March), Jourová set out her stall for what she would like to see as part of a revision of the EU-US Privacy Shield agreement, which was struck down by the European Court of Justice last year.

The Commission vice-president noted that negotiations on a new Privacy Shield agreement should move closer towards a situation where there is the “absolute guarantee that mass surveillance will not happen, [and] that the private data of European people will not be abused.”

More specifically, Jourová also highlighted that EU negotiators will also be attempting to achieve several guarantees as part of a new transatlantic data transfer accord.

“As like-minded partners, we should be able to find appropriate solutions as we have to address principles that are cherished on both sides of the Atlantic: access to court, enforceable individual rights and limitations against disproportionate interference with privacy,” she said, highlighting that these three objectives would form the backbone of the EU’s negotiating stance in the talks.

Elsewhere, as part of the EURACTIV event, Christopher Hoff, who is leading discussions on behalf of the US Department of Commerce on a new transatlantic data accord with the EU was critical of calls coming from the EU for personal data to be localised on the bloc and thus avoid having to be transferred to third countries, following last year’s ruling from the European Court of Justice in the famed Schrems II case.

His comments came as Irish Data Protection Commissioner Helen Dixon, also taking part in the panel, revealed that her authority believes that the video-sharing platform TikTok may be sending EU data to mainland China.

On the subject of data localisation, Hoff noted his concerns at comments coming from various data protection authorities in the EU, including the bloc’s umbrella data protection authority, the  European Data Protection Board, gesturing towards more data localisation in the EU.

“I am concerned about data localisation, de facto or built into the law,” Hoff said, adding that he would much rather support an agreement on international data transfers at the level of the G7 and with “like-minded democracies.”

In this vein, Hoff said more scrutiny should be paid to how certain “totalitarian” regimes, including China, have access to EU personal data.

In this context, Irish Data Protection Commissioner Helen Dixon, who also took part in the EURACTIV event supported by Cisco, spoke about the emerging concerns being the lead authority in the EU for overseeing TikTok’s data protection standards.

“There are a number of challenges in relation to TikTok for the Irish DPC,” Dixon said. “First of all is now to get to know TikTok, to get to know and understand the service, to get to know and understand the data protection team in Dublin.”

Dixon also disclosed that the Irish data protection commission has also had a “significant number of meetings” with TikTok since December when it was confirmed that the platform would be on the authority’s books, and that as a result of research conducted by the DPC, there may be issues related to EU personal data being sent to mainland China.

“TikTok tells us that EU data is transferred to the US and not to China. However, we have understood that there is the possibility that maintenance and AI engineers in China may be accessing the data.”

Watch the event here


CSAM trilogues. Inter-institutional negotiations on the temporary derogation from the e-Privacy derogation for detecting child sexual abuse material have taken place this week. An inside source confirmed to EURACTIV that talks were “constructive” and a number of issues was discussed, including the mandatory pre-authorization for anti-grooming technologies. The next trilogue has been pencilled in for the end of March.

UK looking for third-country adequacy agreements. Meanwhile, in the UK, Sky News reports this week that the UK’s  digital secretary Oliver Dowden wants Britain to take a “slightly less European approach” to privacy, as well as swiftly concluding data adequacy agreements with third countries outside of the EU.

Swiss against digital electronic identity plans. Swiss voters have shot down plans in the country to introduce an electronic identity system, due to data protection concerns. Read more from SwissInfo.

Apple privacy complaint in France. Earlier this week, French startup association France Digitale issued a complained against US tech giant Apple, pressing the French data protection authority to look into data protection protocols of the company.  Nicolas Brien, director of France Digitale, told Figaro that Apple is “hypocritical” in its approach to privacy.

EDPB and EDPS on Data Governance Act. In a joint opinion this week, the EU’s institutional data body, the European Data Protection Supervisor and the bloc’s umbrella authority, the European Data Protection Board said that co-legislators should ensure that the Commission’s recently proposed Data Governance Act is fully in line with the EU personal data protection legislation. Read it here.


Digital Decade

Digital Decade Targets. The European Commission will try to mitigate the risks stemming from EU data being in the hands of third countries by outlining a series of 2030 objectives that will help the bloc procure next-generation data processing technologies, as part of new Digital Decade targets put forward this week, which we saw in advance of the presentation.

One area the Commission has identified as being in peril with regards to the amount of autonomy Europe has in the field is the bloc’s data economy, with documents showing that 90% of the EU’s data is managed by US companies.

In this spirit, by 2030, the Commission wants 10,000 climate-neutral highly secure edge nodes to be deployed in the EU, “distributed in a way that will guarantee access to data services with low latency [few milliseconds] wherever businesses are located.”

As part of the new targets, the Commission notes that achieving gigabit connectivity by 2030 is key, and in this respect, the focus should be on the roll-out of fixed and mobile technologies, including 5G and 6G.

One concrete target is that all European households will be covered by a Gigabit network, with all populated areas covered by 5G by 2030.

In terms of connectivity targets, the documents also note that microprocessors are a key technology at the start of the strategic value chain for a series of next-generation appliances.

Here, the Commission wants by 2030 the production of cutting-edge and sustainable semiconductors in Europe including processors to be “at least 20% of world production in value”.

BEREC on digital targets. The Body of European Regulators for Electronic Communications (BEREC) responded to the digital decade targets this week by praising the renewed efforts in the field of gigabit connectivity in particular, saying that it is “indispensable for all parts of society in order to transition to a healthy planet and a Europe that is fit for the digital decade.”



Copyright transparency concerns. European Commission officials should not be “influenced behind closed doors” during private meetings with MEPs on the implementation of the copyright directive, says a letter penned by a cross-section of EU Parliamentarians.

The letter raises concern at recent meetings revealed by EURACTIV, in which high-ranking Commission officials briefed EU lawmakers on their vision for transposing the hotly debated Article 17 of the Copyright Directive.

Croatian copyright law “reduces journalist’s rights.” Journalists in Croatia have hit out at new legislation on copyright in the country, saying it will not adequately protect the rights of journalists, and that it gives too much power to the publishers themselves. More from Balkan Insight.

CJEU copyright ruling. The Court of Justice of the EU said this week that the act of online framing, consisting of dividing a website page into several frames and posting within one of them, comes under the protection of copyright rules, noting that the technique constitutes “making available that work to a new public.” The courts said that the copyright holder must authorise such operations.

“The impact of this decision does not affect plain vanilla linking and embedding done by millions of users every day, without any copyright related implications,” a statement from Copyright for Creativity read. “The Court does not close the door to hotlinking infringing copyright, but only if rightholders use specific ‘technical protection measures.’ It seems to reject the AG’s dangerous interpretations that (i) copyright owners cannot be asked to ‘opt-out’ but must ‘opt-in’ to allow this type of links (ii) ‘non-clickable’ links are always an infringement.”


Digital Services Act / Digital Markets Act

DMA Obligations document. We’ve got our hands on a recent presentation given by the European Commission during the Working Party meeting on Competition in mid-February, clarifying certain “obligations” outlined in the Digital Markets Act. Predominantly, the Commission covers Articles 5 & 6, and provides detail on obligations such as self-preferencing, device neutrality, and consumer profiling. Read it here.

US tech lobby on DMA.  The Computer & Communications Industry Association have this week issued a position paper on the Digital Markets Act. One point that particularly stands out is the organisation’s call for the DMA not to be applied to “pro-competitive conduct in the interest of consumers, including the creation of entirely new products or services.”



France 5G developments. Three amendments proposing to have a “moratorium” on 5G deployment in France – first spotted by news websites Numerama and Next INpact – were tabled before the French National Assembly during its committee’s examination of the bill to combat climate change. EURACTIV France reports.

UK £500 million support package to boost rural mobile coverage.  The UK government announced this week that it is a “step closer” to its £500 million investment plan to provide all corners of the country with better mobile connectivity, after publishing a transparency notice for the so-called Shared Rural Network (SRN) programme.

US 5G for defence and security. The US Department of Defense discussed the use of 5G and other resources during a national science and technology conference earlier this week, reports Mariana Labbate. The Department’s Director for 5G Joe Evans urged for the development of the technology in the country, calling it “transformational” for telecommunication networks. The director affirmed the country has done significant prototyping and experimenting for commercial use, working on projects with SpaceX’s Starlink, for example.

Evans also went beyond ordinary purposes of 5G, shining a light on its potential military use. “This is the same technology that’s going to connect our warfighters and our weapons systems,” he said.


Artificial Intelligence

MEPs in call for AI fundamental rights. A cross-party letter from 116 MEPs this week has pressed European Commission President Ursula von der Leyen and several Commissioners on the necessity of tackling the risks for fundamental rights as part of upcoming legislation on Artificial Intelligence. Read the letter here.

Clearview AI lawsuits in California. Two Californian civil rights groups have claimed in a lawsuit against Clearview AI that the companies engages in unlawful surveillance activities, violating privacy rights and facilitating “government monitoring of protesters, immigrants, and communities of color.”


Media / Culture

GAFA Tax in France and Spain. In an email to French and Spanish advertisers last week, Google announced a 3% increase in advertising rates on its platform from May, to cover what has been termed the GAFA tax in force in both countries. EURACTIV France reports.

UK action plan to save journalists. Meanwhile in the UK, the government has published its first even national action plan to protect journalists in face of increasing threats.

Media4Europe. On 3 March 2021, the Media4Europe Summit gathered 200 media professionals, key policymakers and publishers,  around the theme “Towards a healthy news media sector?”. Watch a rerun here.

Leadership for EU media. EU initiatives from last December may help renew the news media sector, if implemented fast and jointly. In an open letter, Christoph Leclercq, Marc Sundermann and Paolo Cesarini call for leadership from Berlin, Paris and the Council, and from the press leaders themselves.

Slovenia press crackdown. Prime Minister Janez Janša called for Slovenian Press Agency (STA) director Bojan Veselinović to step down on Tuesday. Read more.

EU Justice Commissioner: Ireland’s defamation law needs review. Ireland’s defamation laws “put pressure on journalists,” EU Justice Commissioner Didier Reynders told the Irish Times in an interview, adding that they “raise concerns as to the ability of the press and media to expose corruption.” Read more.

French Prime Minister Jean Castex announced new measures to support the cultural sector. €20 million will be added to the €30 million already earmarked for the recovery plan 2021, will be released to “intensify support for artistic and cultural employment in order to preserve the cultural fabric throughout France and encourage the rapid recovery of the cultural offer when the time comes,” reports Mathieu Pollet.

Bulgaria press struggles. Reporters Without Borders (RSF) on Wednesday (10 March) published 10 recommendations to address what they called “the dire press freedom situation in Bulgaria”, ahead of elections early next month.

Belarus tensions. The case of two female Belarusian journalists jailed in February for reporting about protests in Minsk once again highlighted the severity of the government’s crackdown on news media in the former Soviet republic.



Hackers break into Bulgarian defence ministry’s Facebook account. The official Facebook page of the Bulgarian defence ministry (Bulgarian Armed Forces) was hacked, forcing it to set up a new Facebook account, the ministry announced on Wednesday. Read more.

ENISA issues eIDAS guidance. The EU’s cybersecurity agency, ENISA, has this week issued guidance on the bloc’s eIDAS regulation, which lays the foundation for citizens in countries with digital ID schemes to use their own national electronic identification schemes to access public services available online in other EU countries. Read the technical guidance and recommendations here.

EU police take down illegal streaming app. Europol and Spain’s Policía Nacional have this week taken down a criminal cell distributing illegal video stream in the form of a mobile application which had been downloaded by more than 100 million users.

Encrypted crime network shut down. Police said Wednesday (10 March) they had arrested at least 80 people and carried out hundreds of raids in two European countries after shutting down an encrypted phone network used by organised crime groups.

Belgian, Dutch and French police said they hacked into the SKY ECC network, allowing them to look “over the shoulders” of suspects as they communicated with customised devices to plot drug deals and murders.

French cloud firm offline. A fire at a French cloud services firm has disrupted millions of websites, knocking out government agencies’ portals, banks, shops, news websites and taking out a chunk of the .FR web space, according to internet monitors.



TERREG. It’s a priority for the Portuguese presidency of the Council of the EU to conclude the legislative process that will allow terrorist content placed on the Internet to be eliminated in just one hour, Portugal’s minister of internal affairs, Eduardo Cabrita, said in Madrid on Thursday (11 March).

Dutch disinformation continues ahead of elections. This week, Dutch fake news monitoring group Kieskijker unearthed evidence of content spreading on Facebook calling on Dutch voters not to vote in next week’s elections. Facebook was alerted, and the content in question was removed.

Facebook urges Albanian parties to be more transparent in political ads. Albanian political parties should be transparent on how they finance their political advertising on Facebook’s pages before next month’s election, Facebook said on Monday. Read more.



Lina Khan might be the name of Biden’s newest antitrust effort. The Columbia law professor is an antitrust and anti-monopoly expert and a possible new commissioner in the US Federal Trade Commission, as reported by Politico.  Khan would replace the Democrat Rohit Chopra, who will now lead the Consumer Financial Protection Bureau and has strongly recommended the antitrust expert, reports Mariana Labbate.

Khan has taken Big Tech news before in 2017, when she published a legal paper called “Amazon’s Antitrust Paradox”, in which she mainly used Amazon as an example of a huge corporation taking over the market, and the need for antitrust laws to be reinforced.  In 2020, she also worked on an antitrust subcommittee investigation on Amazon, Apple, Facebook and Google, creating a case on why their power is harmful to the economy and the market. The law professor would be one of three Democrats in the Commission, giving her significant power.



International Women’s Day. Female involvement in research and innovation is vital for ensuring sustainable and inclusive twin digital and green transitions, writes EU Commissioner Mariya Gabriel.


Connecting Europe

Connecting Europe Facility agreement. On Thursday evening, negotiators from the Council and the European Parliament reached a provisional agreement on the second edition of the EU’s flagship programme the Connecting Europe Facility (CEF), which will fund key projects in the areas of transport, digital and energy, applying from 2021 to 2027 at a budget of €33.71 billion.



Remote work trends. The Covid-19 pandemic has meant that almost half of the working population in the EU were fully or partially working remotely in July, up from around 10% before the pandemic crisis, according to Eurofound.

Remote work needs to be regulated “quickly”, EU presidency says. Portugal’s deputy secretary of state for labour, Miguel Cabrita, urged EU countries on Tuesday (9 March) to move fast with plans to regulate remote working, saying quick action will maximise opportunities and minimise risks. More.

Hungary will join Israeli “green pass” initiative. Hungary has agreed with Israeli Prime Minister Benjamin Netanyahu that it will join Israel’s international vaccination “green pass” initiative, Prime Minister Viktor Orbán told state news agency MTI following a visit to Jerusalem on Thursday, which he made with Czech Prime Minister Andrej Babis. Read more.

On my radar

Digital Day 2021 will take place on 19 March as a virtual event, organised by the European Commission in cooperation with the Portuguese Presidency. More info here.


What else I’m reading this week:

  • Netflix Begins Test to Crack Down on Password Sharing Outside Your Household (The Streamable)
  • How Facebook got addicted to spreading misinformation (MIT)
  • The UK is secretly testing a controversial web snooping tool (Wired UK)

Subscribe to our newsletters