Digital Brief: Schrems II

The Digital Brief is Euractiv's weekly tech newsletter.

Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here


“It is clear that the US will have to seriously change their surveillance laws if US companies want to continue to play a major role on the EU market.”


– Austrian Privacy Activist Max Schrems.


Schrems II. The EU-US Privacy Shield agreement that attempts to guarantee the secure transmission of EU data to the United States, has been declared invalid by the European Court of Justice, in a ruling that will provoke major disruption to transatlantic data flows.


*Also this week*

Apple-Ireland Tax ruling, Huawei UK ban, Google-Fitbit, Antitrust internet of things sector inquiry, Russian UK election interference, Spain PNR directive, interoperable coronavirus apps, Digital Services Tax, and more….


Digital Brief: Schrems II


The ruling by Europe’s highest court on Thursday (16 July) found that the scope and pervasiveness of the US surveillance framework does not allow for a sufficient degree of protection for European data, putting it at a risk that would violate rights afforded to citizens under the EU’s general data protection regulation (GDPR).

“The limitations on the protection of personal data arising from the domestic law of the United States on the access and use by US public authorities of such data transferred from the European Union to that third country…are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law,” the court found, adding that the domestic law in this regard refers to US surveillance programmes. Read more here.

In early July, EURACTIV reported that the Commission had been conducting preparatory work for the eventuality that the Privacy Shield could be annulled.

US Surveillance Pushback. For his part, Privacy Activist Max Schrems has now successfully slayed two EU-US data transfer agreements, following the 2015 Safe Harbour decision. He spoke to reporters earlier this week and highlighted how he hopes reform of US Surveillance law is within grasp.


EU court ruling. US technology giant Apple did not unlawfully benefit from state aid as part of corporate tax rulings in Ireland, the general court of the EU said on Wednesday (15 July). The decision annuls the European Commission’s bid to claim €13 billion back in unlawful tax advantages. The Commission is expected to appeal against the ruling.



Antitrust Internet of Things. The European Commission has launched a broad antitrust inquiry into internet of things technologies such as voice assistants and connected mobile devices, the EU’s competition chief Margrethe Vestager announced on Thursday (16 July).

Google-Fitbit. EU antitrust enforcers are asking interested parties whether Google’s pledge not to use fitness tracker maker Fitbit’s health data for its advertising, and to separate the dataset from its own, might ease concerns over their tie-up.

Killer acquisitions. The EU should consider imposing ‘new obligations’ on major platforms to report their merger and acquisition activities to the European Commission in order to avoid a culture of ‘killer acquisitions,’ a report produced for the EU executive has said.



Huawei. The UK has excluded Huawei from its future 5G network infrastructure, the government announced on Tuesday (14 July). The Chinese telecommunications firm immediately urged Boris Johnson’s administration to reconsider the decision, seen as a major setback for its business in Europe. The move may result in a reduction of Huawei investment into the UK, the company has hinted.

The decision comes after a recent review by the UK’s National Cybersecurity Centre (NSCS) suggested that Huawei equipment is no longer safe to use.

This conclusion was reached following new restrictions imposed by the US Department of Commerce, under which Huawei will have to source providers for its equipment from countries other than the US.

Internal Market consolidation. The EU’s internal market chief Thierry Breton has called for greater consolidation in the bloc’s telecoms market. Speaking at an event this week he said that the “current fragmentation in Europe with suboptimised business models based on national markets and high costs for national spectrum licenses is holding back our collective potential compared to other continents.”


Digital Tax

Article 116? Will the EU have to invoke Article 116 of the Treaty in order to pass its digital tax plans? Such a move would allow qualified majority voting to take place in the Council rather than unanimity. It’s unlikely that the conditions would be met for this to happen, but earlier this week, the Commission presented plans to polish up its corporate tax regime. Read more here.

On the Digital side, interestingly the package puts forward a proposal on administrative cooperation, which extends tax transparency rules to digital platforms, meaning that firms participating in platform economy trade will be subject to new disclosure requirements.

Meanwhile, the Commission is again looking at the idea of establishing a Digital Services Tax as a means to chart its recovery from the coronavirus crisis, which it believes could generate up to €1.3 billion per year for the EU budget.

Council President Charles Michel’s most recently revamped plan for the EU’s multi-annual financial framework notes that the Commission will put forward in the first semester of 2021 proposals on a digital levy, with a view to their introduction “at the latest” by January 2023.



GDPR infringement procedures. The European Commission will consider the necessity of introducing infringement procedures against member states that fail to comply with the EU’s general data protection regulation (GDPR), the Commission’s Justice Chief Didier Reynders has warned.

Reynders also said that action against Ireland, the lead authority for actions involving several of the Big Tech firms, would be taken “if needed”. The Irish Data Protection Commission, led by Helen Dixon, has sanctioned just one action for GDPR breaches, a preliminary decision of a probe of a 2019 Twitter bug that led to protected tweets being made public.

Dixon has previously lamented that the Irish DPC is under-resourced when analysing the volume of complaints it is required to process, after receiving less than a third of the budget it had requested in 2020.

Passenger Name Record Data Directive. Earlier this week, the Commission decided to refer Spain to the Court of Justice of the EU for a delay in transposing EU rules on the use of passenger name record data. The directive requires that airlines transfer their passengers’ data to centrally stored government passenger data centres, where they can be accessed by national authorities.

The Directive was adopted in April 2016 and Member States agreed to transpose it into national law by 25 May 2018.


Common chargers

Policy options. A new report from ECOS, the European Environmental Citizen’s Organisation for Standardisation, aims to identify the most effective policy options for the EU to achieve its objective of establishing a common charger initiative.


Europol Mandate

Public consultation. Last week, the European Commission closed a public consultation on expanding Europol’s mandate to better deal with the evolving nature of internet-based crimes. Stakeholders have been quick to raise concerns about the new powers that could be afforded to Europol, with the civil rights group Statewatch claiming that the proposed measures could give the agency greater data-gathering and processing powers, without a legal basis.


Artificial Intelligence

Riksdag letter. The Swedish Riksdag recently wrote to the European Commission, highlighting their concerns on the EC’s White Paper on Artificial Intelligence (remember Sweden is a member of the D9+ pro-innovation group). Here’s the Commission’s response, broadly saying that they take note of a series of Sweden’s concerns.

New Parliament committee. The members of the European Parliament’s Special Committee on Artificial Intelligence in a Digital Age have been announced. Find them here.



Copyright opinion. Youtube is not liable for copyright infringement, an opinion from Advocate General Saugmandsgaard Øe noted on Thursday. The case was brought to the courts before the adoption of last year’s EU copyright directive, which as a result, the AG noted, was not applicable in the disputed case.



Twitter Hacking. A series of high-profile Twitter accounts were hacked earlier this week, in what appeared to be an attempted Bitcoin scam. Accounts of Barack Obama, Joe Biden and Kanye West were targeted.

Russia interference. The UK’s Foreign Secretary Dominic Raab has accused Russia of interfering in the 2019 UK general election “through the online amplification of illicitly acquired and leaked Government documents.” The documents in question are the leaked UK-US Free Trade Agreement papers which former Labour leader Jeremy Corbyn claimed proved that the government was considering selling off parts of the UK’s National Health Service as part of the deal.

Russian disinformation. In another turn of events in the UK, Parliament’s Intelligence and Security Committee has announced that it will publish the long-awaited report into Russian disinformation campaigns “before the summer recess.”

Online abuse. The Commission will present a communication on online child abuse next week (22 July), and a prominent element of the plan will concern how the EU can clamp down on online child abuse.



Interoperability for summer? The European Commission is putting the final touches to its ‘interoperability gateway,’ a system that allows different contact tracing apps across member states to function with one another. However, it is under pressure to deliver the platform in time for summer, as had previously been promised. Read more here.

Some EU leaders, however, have called for more ambitious objectives in the EU’s formulation of contact tracing.

Rather than a voluntary take-up of contact tracing applications, Slovenian Prime Minister Janez Janša recently said that applications should be made mandatory as a means of helping the European Union transition out of the public health crisis.

Six bids for Slovenian corona-tracing app. Six bidders have applied for a government tender to develop a mobile app for tracing contacts with COVID-19 infected people, reports EURACTIV’s Zoran Radosavljević. Two have already been eliminated for exceeding the bid price while an expert group will review the remaining four bids and choose the winner, who should sign the contract “in the next few days”, the official STA news agency reported. The developer will be required to create both an iOS and Android app.


Democracy Action Plan

Public Consultations. As EURACTIV reported last week, the Commission yesterday (15 July), opened up consultations on its Democracy Action Plan. The executive is seeking feedback on several areas including the transparency of political ads online, tackling disinformation, and protecting media freedom, independence & pluralism.



Anti-SLAPPs directive. The EU should better consider implementing legal measures to safeguard the freedom of the press, writes Jessica Ní Mhainín.



Chinese EU translations. eTranslation, the EU’s automated translation tool, now offers Chinese translations due to demand from small and medium-sized enterprises, the European Commission has said.



On my radar

My eyes are on tomorrow’s European Council summit, where, as part of Council President Charles Michel’s recent proposal, EU technology funding frameworks such as Digital Europe, could be in for further cuts.    


What else I’m reading this week:

[Edited by Benjamin Fox]

Subscribe to our newsletters