Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“We are working through the regulatory process and we look forward to engaging with the European Commission to address any concerns they may have. This transaction will be beneficial to Arm, its licensees, competition, and the industry.”
-An Nvidia spokesperson
Story of the week: US chipmaker Nvidia formally notified the European Commission on Wednesday about its plan to acquire UK-based chip company Arm in a $40 billion deal announced last September, which drew scrutiny from antitrust authorities and pushback from major firms such as Qualcomm, Microsoft and Google. The acquisition is highly topical given the major supply chain disruptions underway as a result of the global chip shortage. The client base of the UK company fears Nvidia would foreclose them access to Arm’s chip designs, which are widely spread across smartphones, tablets, smart devices and increasingly used in cloud datacentres. Experts consider Nvidia’s non-discriminatory commitments as little reassuring, with the international politics around semiconductor supply chains further complicating the picture. The topic might be a point of contention in the first meeting of the Trade and Technology Council (TTC), planned to take place in Pittsburgh on 29 September. Read more.
Don’t miss: Diverging views have emerged from Germany’s parties on what the country’s role in EU digital policymaking should be, and how best to foster digital sovereignty and strategic autonomy. With elections just weeks away, the parties have clarified their vision of Germany’s relationship to these issues and weighed in on the approach to digitalisation of the outgoing government, which made the topic one of its key priorities. One point on which all the parties agree, however, is that European digital sovereignty is of high importance and that Germany should seek to strengthen its collaboration with the EU and its member states in this area. Read more.
Also this week:
- DMA & DSA: Council updates
- German cybersecurity strategy
- DGA approaches the finishing line
- Berlin’s massive investment in semiconductors
- UK call to protect children online
Before we start: What’s insight for the EU digital sovereignty? In this week’s episode of the Digital Brief podcast, we take a look at the upcoming digital trends and challenges as presented in the European Commission’s strategic oversight report.
A message by Facebook
Research is happening with Facebook.
Facebook’s Data For Good programme uses privacy-protected data to address some of the world’s greatest social issues. Cornelius Fritz, a statistician at LMU München analyses aggregated data from approximately 10 million Facebook users to forecast the number of COVID-19 cases at a local level in Germany. Find out more
Work in (slow) progress. The Artificial Intelligence Act is going through the co-legislative procedure slowly. The committees in the European Parliament are still clashing over the file, as JURI, LIBE and ITRE are challenging IMCO’s lead, and the fight might go on still for several weeks. The European Council has already entered the merit of the text in the Telecommunications and Information Society Working Party that took place on Tuesday, notably analysing the provisions on prohibited and high-risk applications. The definition of these categories remains too vague, according to a source close to the matter, and the member states have not clear what falls under which one. Some countries are still trying to define their own position. The text is so technical, the analysis might go-ahead for months, the source added. The justice and home affairs attachés and national experts are due to discuss the controversial point of biometric recognition on 30 September.
Racial bias. Facebook issued an apology this week after its AI-powered recommendation system asked users who watched a video featuring black men whether they wanted to “keep seeing videos about primates.” Facebook said it was “clearly an unacceptable error” and disabled the system, but the incident is the latest in a long line of examples of racial bias in AI systems, an issue gathering increasing concern as the technology’s use expands. Earlier this year MEPs called for greater regulation of AI to tackle “gender, social or cultural bias in technology”.
Remote-control. A German start-up plans to roll out a fleet of remotely-controlled electric cars in Europe and the US next year as an alternative to the controversial self-driving trend. For the past year, the company, Vay, has been trialling the vehicles, which drive passengers to their destination, drop them off and either park or go on to their next pick-up, all under the control of a remote human operator. Vay has larger plans following the roll-out to introduce a ride-hailing service controlled entirely remotely.
Tesla chips in. Tesla has become the latest company to seek an AI advantage through the development of its own silicon chips. A number of companies are similarly building their own hardware as demand for AI capabilities grows, alongside their cost. Tesla already designs chips to interpret sensor data in their cars, but last month the company revealed its custom AI chip, intended for training the machine-learning algorithm behind its self-driving car technology, a system much more complex and expensive to develop.
Berlin’s got a strategy. The German government adopted on Wednesday a new cybersecurity strategy, developed in conjunction with business, science and society stakeholders. However, its non-binding provisions could have minimal, or zero, implications for the next government. Prior to its adoption, the strategy was already drawing criticism, with calls for it to be postponed coming from a large group of representatives from the science and civil society sectors. It was pushed through, but uncertainty remains as to whether any of its goals will actually be able to be implemented by whatever government emerges following this month’s vote. Read more.
Cyber-spending. Estonia’s Minister of Entrepreneurship and Information Technology has proposed the introduction of NATO-style expenditure rules in terms of cybersecurity spending in the private and public sectors in an effort to close the investment gap. Speaking at this week’s Tallinn Digital Summit, Andres Sutt said that cybersecurity needs to be prioritised and properly invested in order for digitalisation to be successful, and suggested a unified global framework with targets, methodology and benchmarks similar to those in place for defence spending under NATO. Read more.
Hacking hits home. People’s homes are being filled with an increasing number of internet-connected devices, vastly expanding the risk of highly personal cyberattacks, as demonstrated by a recent ethical hacking project led by Euroconsumers. Existing EU product legislation, however, is not equipped to deal with the challenge, according to a new report by DigitalEurope, which stresses the need for horizontal and harmonised legislation when it comes to standardising and enforcing cybersecurity standards. Read more.
Attacks on hold. A high-level cybersecurity official in the US said this week that it was too early to tell whether Russian ransomware attacks against American targets have ended. Chris Inglis, National Cyber Director, said that the attacks had slowed but that it would be premature to declare them over. The US has seen a number of prominent entities hit by attacks in recent months, including against IT firm Kaseya, an assault felt by companies around the world. The Russian-linked group blamed for the attack, REvil, disappeared from the internet in July but reappeared online just days before Inglis’ comments.
Little trust in Zero Trust. The UK’s National Cyber Security Centre (NCSC) has warned that the definition of the popular cybersecurity concept of “zero trust” is a fashionable but slippery one in the tech world and acknowledged that migration towards this approach can be difficult and costly for organisations. Zero trust architectures are gaining ground in the US, where the Biden administration this week doubled down on its push for agencies to adopt such an approach as part of wider efforts to bolster the cybersecurity of the federal government.
Spending big. US politicians are impressing upon companies the need to up their cybersecurity spending following major hacks targeting large-scale companies like SolarWinds and Colonial Pipeline. Microsoft recently announced that it would spend $20 billion on cybersecurity over the next five years, and an increasing number of both private and public entities say that more spending on cyber resilience results in lessened vulnerability.
Data & privacy
DGA nears the finishing line. Thursday was the deadline to request a plenary vote on the Data Governance Act (DGA). As none requested a ‘check’ vote, the report adopted in the ITRE committee in July is now the Parliament’s mandate for the trilogue negotiations. The Telecom working group is also close to adopting a general approach, as an agreement might be reached already next Tuesday. The file is expected to land on the COREPER agenda by early October. The main differences between the two versions of the proposal concern the European data spaces and the concept of data altruism. While an important file, the DGA is considered less controversial than the Data Act, for which the public consultation closed last Friday.
Privacy, with caveats. ProtonMail has come under fierce criticism after it handed a climate activist’s IP address to Swiss authorities, following a request from the French police. The encrypted email service has said it had no choice and was required by law to comply with the judicial order to hand over the details of the activist, believed to have participated in anti-gentrification sit-ins in Paris. Proton’s CEO and founder Andy Yen took to Twitter to justify the decision and to attempt to reassure users that the company’s encryption could not be bypassed and that it would not provide information to foreign governments. The case has served as a reminder, however, of the limits of encryption when it comes to guarding against surveillance. Read more.
EU law breached. The UK’s Investigatory Powers Tribunal has ruled that the country’s bulk communications data regime is incompatible with EU law. The violation was brought to light through a legal challenge brought by rights organisation Privacy International (PI), which exposed a decade’s worth of secret data capture now confirmed as unlawful. PI’s challenge began in 2015 when it contested the bulk acquisition and use of communications data by the UK’s Security and Intelligence Agencies.
EURODAC backlash. An open letter to the European Parliament’s LIBE Committee signed by 32 civil society organisations has outlined a number of privacy and data concerns related to the proposed reform of the EURODAC database, the EU repository where the personal data of asylum seekers and migrants is stored, and called for a temporary delay and reforms. The letter raises concerns that the proposals would vastly expand the database, leading to unaccountable and opaque surveillance at the EU’s borders. Among its provisions, is one that would see the age from which people’s fingerprints are collected lowered to six years old.
Build privacy back better. The US House of Representatives Energy and Commerce Committee has proposed devoting $1 billion of the US’ Build Back Better Act, a COVID-19 relief package, to boosting the Federal Trade Commission, including by establishing a new office to address privacy and security issues. The bureau, according to the Committee proposal, will be “dedicated to stopping unfair and deceptive acts and practices related to privacy violations, data security incidents, identity theft, and other data abuses.”
Privacy mapped. The International Association of Privacy Professionals (IAPP) has released a chart mapping privacy laws around the world, to be updated as regulations progress. The EU’s GDPR has provisions mapped covering most of the areas mapped by the chart, lacking only in exemptions for employee data, criminal penalties and personal liability.
Crypto-assets under scrutiny. The UK’s Financial Conduct Authority (FCA) has called for powers to regulate the online promotion of crypto-assets, the rapid growth of which has created an increasingly complex marketplace for authorities to govern. The FCA has made a start, however, having already consulted on the need to regulate the promotion of “tokens” by online influencers and celebrities and banning crypto exchange Binance from undertaking any regulated activity in Britain earlier this year. Opinions diverge on how to balance the regulation of this emerging sphere with the provision of the space necessary for new ideas to grow.
Bitcoin goes national. El Salvador began accepting bitcoin as legal tender this week, the first country to do so, to a mixed reaction from onlookers. President Nayib Bukele has touted the move as a way of allowing Salvadorans to reduce commissions on remittances from abroad, which currently make up a large portion of GDP, but many are wary of making the switch to the cryptocurrency. Critics have also raised concerns about the potential for money laundering and the financial volatility that could ensue, potentially endangering the $1 billion financing agreement El Salvador is currently seeking from the IMF.
Blockchain overlooked. Despite proposing an EU-wide digital identity framework before the summer, the European Commission chose not to put in place the overall adoption of blockchain technology, instead of allowing states to choose the technicalities of the system and leaving the door open for fragmentation. The Commission says it prefers remaining neutral on the technology states choose. Experts, however, consider using blockchain could bring a number of benefits for example in relation to data security and GDPR enforcement. Read more.
Memes-for-hire. Since the 2020 US election, members of Donald Trump’s inner circle have been paying teenagers from right-wing online networks to run meme accounts, providing an opaque gateway to huge but specific online communities. Almost none of the accounts indicate their funding, so much so in some cases that their activity could equate to a violation of US laws on political advertising. A number of the posters have also used their accounts to spread false information on topics such as COVID-19 vaccines, and can rake in tens of thousands of dollars doing so.
Wanted: Twitter troll. “Disinformation influencers” were paid between $10 and $15 a day to tweet hashtags undermining Kenya’s High Court and supporting the country’s president’s Building Bridges Initiative, which the judicial body was reviewing at the time. The exact funders of the campaign are hard to determine but their targets were clear: the hired trolls directed criticism towards the judiciary and civil society actors through thousands of accounts, part of a growing industry of disinformation and online attacks for cash.
DMA friends strike again. The Dutch, French and German governments circulated on Tuesday a working paper on ‘Strengthening the Digital Markets Act and Its Enforcement’, in what is the second attempt to shape the policy discussion. The three governments propose the addition of remediation measures tailored to the business model of each gatekeeper. The new provisions are included in a new Art. 16(a), additional to the obligations included under Art. 5 and 6, are meant to give the Commission more flexibility in the implementation, as the antitrust probes could be based on four pre-defined principles: access to platforms, data-related interventions, fair commercial relations and end-users and business users open choices. The principles and approach are similar to those of the UK DMU regime, someone has noted. However, the critics of the proposal stress that the application would then be on a case-by-case basis. The paper also addresses the issue of enforcement, arguing for greater involvement of national authorities “within a referral system similar to the one currently already in use in merger control.”
Back to work. The DSA was discussed in the Council’s Internal market working group for the first time after the summer break on Thursday. While the preparatory body still needs to review the new compromise text the Slovenian Presidency shared on 2 September, it is already clear that Art. 8 on the Orders to act against illegal content and Art. 9 on the Orders to provide information remain the most controversial ones. One of the main concerns raised was the potential interference of these provisions with national criminal law, something the new text has dully addressed. Enforcement also remains a key point, as the role of the different authorities remains to be clarified. The Slovenian version has not brought major changes but was rather a combination of the comments made by the member states before the summer break, according to an EU diplomatic source. The only significant contribution was the addition of the definition of a search engine under intermediary services, which however some member states have challenged as not being enough for regulating this online market.
Anti-piracy provisions. The Audiovisual Anti-Piracy Alliance (AAPA), a coalition of companies many of which are broadcasters, has published a set of recommendations it has made to the European Parliament concerning the development of the DSA. Among the suggestions made by the AAPA are provisions calling for takedown-and-stay-down obligations to be placed on platforms and for a requirement that user-upload platforms have to tackle not just content that infringes on their servers, but also material that promotes or links to infringements on other servers, such as videos on how to circumvent online anti-piracy measures.
Packages in the sky. An increasing number of companies, most notably Amazon and FedEx, are exploring the use of drones as a cost-effective and more environmentally-friendly alternative means for delivering small packages. Drones offer a means of delivering goods to hard-to-reach areas as well as of providing in-the-moment tracking for customers and a way of arranging speedy drop-offs of perishable goods. Despite being a market sector that is expected to grow, package drones are highly susceptible to cyber thefts, due to their remote operation, and their usage is currently restricted to specific regions.
Chips take centre stage. Germany is planning to invest several billion euros in returning semiconductor production to Europe and strengthening the technological sovereignty of both Germany and Europe more broadly. Driven by the global semiconductor shortage and the fact that Europe has consistently fallen short in terms of their production, the project will seek to address this gap, receiving funding from the European Initiative “Important Projects of Common European Interest”. Read more.
Democratic connectivity. The EU and US are hoping that a joint push for a trusted connectivity approach will counter the rising economic power of autocratic countries. Speaking at the Tallinn Digital Summit this week, representatives of both sides stressed that connectivity grounded in democratic values could guard against autocracies gaining ground both economically and in terms of setting international standards. Independently, both parties have expressed recent support for measures to bolster alternatives to the economic rise of countries such as China which, while not explicitly mentioned at the summit, was an implicit central player in the concerns expressed. Read more.
Open software benefits. An investment of €1 billion by European companies in open-source software in 2018 gave the EU’s GDP a boost of between €65 and €95 billion, according to a Commission report released this week. The EU falls short in terms of capacity, especially in comparison to countries such as China and South Korea, which have made open source a key aspect of their industrial strategy. In contrast, EU governments, the report notes, have taken a much more laid-back approach; moving forward, a 10% increase in open software contributions could reap a 0.4% to 0.6% GDP reward for the EU. Read more.
Chip-focus grows. Intel has announced plans to invest as much as €80 billion in Europe through the next decade with the aim of boosting chip capacity and intends to announce the location of two major new chip manufacturing plants by the end of the year. The company will also open the doors of its Irish semiconductor plant to automakers who are currently struggling to handle the fallout of the global chip shortage, projected by big names in the industry to continue for a number of years.
SME recovery. A new online resource tool launched by the European Bank for Reconstruction and Development (EBRD) will offer legal and business advice to micro, small and medium-sized enterprises (SMEs) to support them in dealing with challenges presented by the COVID-19 pandemic. SMEs, hit particularly hard by the crisis given that many do business in some of the economically worst-affected sectors, will be able to use to tool for guidance on a wide range of areas including, for example, corporate or employment law, and successful digitalisation, a key part of the European Parliament’s SME recovery plan.
STA victory. The Slovenian Supreme Court has ruled that the government must resume financing STA, the country’s only news agency, after 250 days of funds being withheld. The dispute began last year, shortly after Janez Janša’s new government took office, with funding suspended in December over claims that the agency had not submitted its accounts correctly. Payments were briefly resumed in January, to cover the amount withheld in 2020, but the government again refused to provide financing in 2021, forcing STA to fundraise in order to keep its doors open. Some have argued that the process of resolution has been drawn out in order to drain STA of funds; the refusal to pay has been central to what many see as the rapidly deteriorating state of media freedoms and protections in the country.
Anti-vax storm. The headquarter of RTV Slovenija (RTVS) was stormed by a group of coronavirus deniers and anti-vaccine protestors who had been rallying against Covid-19 measures and vaccinations outside the building. The protestors were able to enter RTVS HQ and make it to the newsroom studio where they harassed staff and demanded airtime before police intervened. The intrusion has elicited widespread condemnation and was described by the Slovenian Journalists’ Association as another example of increasing hostility towards the media in the country.
“Ibizagate” fallout. 15 Austrian and international NGOs have signed an open letter condemning what they describe as the “excessive” criminal prosecution of security consultant Julian Hessenthaler, who made possible the publication of a video of an Austrian politician offering to assist a woman claiming to be the niece of a Russian oligarch in buying Austria’s biggest tabloid, a scandal which became known as “Ibizagate”. The 2017 conversation, unbeknownst to the politician who along with a colleague later resigned, was a set-up, and the video was not released until 2019. Hessenthaler now faces a number of charges; the letter’s signatories, which include Amnesty International and Reporters Without Borders, say this could deter future whistle-blowers and infringe on press and information freedoms.
Journalists fight back. Plans by Apple to monitor mobile phones locally in order to identify child sexual abuse material have drawn fierce criticism from journalists in Germany, Austria and Switzerland, who have described the move as a violation of press freedoms and have called on the EU Commission, Austrian and German authorities, and data protection officers, to take action. The journalists voiced their concerns that the tools could be used to access other material on people’s devices and that sensitive images and videos could lead to the political targeting of certain groups or individuals. Representatives of the industry described the plans as a danger to journalism and a violation of the GDPR.
Double standards? US Senators are pushing forward a bill to promote press freedom abroad, but critics are asking why similar standards are not being applied at home. The two Senators who introduced the bill have been vocal critics of Julian Assange, the founder of WikiLeaks whose extradition and prosecution the US has been pushing for years, as well as of whistle-blowers Edward Snowden and Chelsea Manning. Those questioning the US approach have described attempts by the US to extradite Assange while offering visas to persecuted journalists from abroad as hypocrisy.
Press Freedom Hero. Yulia Slutskaya, the founder of Press Club Belarus, has been named 72nd World Press Freedom Hero by the International Press Institute. Slutskaya established the organisation, a hub for journalism, while in exile in Poland a decade ago, but returned to Belarus in 2015. After the crackdown on media freedom began in 2020, she was jailed on trumped-up tax evasion charges along with a number of colleagues but was released in August after eight months of pre-trial detention. The award honours journalists who have significantly contributed to press freedoms, often a great personal risk.
G7’s online focus. UK home secretary Priti Patel urged G7 governments to support the country’s push to demand accountability from tech companies over harmful online content and the safety of children as she announced the launch of the Safety Tech Challenge Fund, which will support researchers in the development of creative solutions to online child sexual abuse. Speaking during a summit hosted by the UK, which currently holds the G7 presidency, Patel called on both the countries present and social media companies to make child safety in the digital realm a priority. Read more.
Android assistant issue. EU antitrust regulators are looking into whether Google might be forcing device-makers to use Google Assistant as the default voice assistant on Android devices and preventing them from installing a second voice assistant on such devices. Google is no stranger to EU antitrust investigations, having been fined over $8 billion euros by the European Commission in the last decade.
Taliban data concerns. Google has temporarily locked a number of email accounts belonging to officials of the former Afghan government, following concerns that they might provide a digital paper trail that the new Taliban leaders could use to target people. The implications of biometric data collected before the Taliban’s takeover has also caused worry, as has people’s social media presence. A number of platforms have taken similar steps to temporarily secure the profiles and accounts of Afghan citizens in efforts to prevent them from becoming targets.
Sunset on the Valley? TikTok, the social media platform owned by Chinese company ByteDance has overtaken US social media giants in terms of growth on a number of key metrics, leading some to ask whether Silicon Valley is falling behind. TikTok became the most downloaded social media app in the US last year and has overtaken Facebook on the same count worldwide. It has also overtaken YouTube in the US and UK when it comes to average watch time, according to a new report. The time spent on the app by the average user is higher on TikTok than YouTube, though the latter remains in the first place when it comes to the overall time spent, not broken down by the user, and the total number of users. The platform’s rise could indicate a potential shift away from California when it comes to platform power.
Facebook’s glasses. Facebook has partnered with glasses-maker Ray-Ban to produce a pair of smart glasses, which went on sale this week. Ray-Ban stories, as they’re called, feature front-facing cameras that can be used to capture photos and video via voice activation, as well as to receive calls and listen to music via a Bluetooth audio connection. While Facebook’s role in the partnership focuses on the provision of tech and software, concerns have already been raised about the privacy implications of potential covert recording and the kind of devices the glasses could open the door to.
Too involved. Monopolkommission, the German monopolies commission, used an election process to reinforce calls for an overhaul of the telecoms sector, arguing that the state’s involvement in Deutsche Telekom presented an issue, given that the country has both a 31.9% stake in the company and the authority to influence the market. Monopolkommission, therefore, suggested that the stake should be sold, to avoid further conflicts of interest and urged Germany to establish “efficient network infrastructures” in order to boost the economy and society.
Sovereign cloud. T-Systems has announced that it will partner with Google Cloud to deliver a next-generation sovereign cloud for German businesses, the public sector and healthcare organisations. From mid-2022, the companies will jointly develop a system that allows customers to host sensitive work on a sovereign cloud without losing out on beneficial aspects of public cloud services. According to T-Systems, the move is part of broader efforts to drive forward the digitalization of European companies and the public sector.
3G steps aside. An increasing number of wireless operators in Europe are planning to shut down their 3G networks once and for all in order to make room on the spectrum for 4G and 5G services. Several operators across the continent have already made the switch, and the list of closures yet to come is lengthy, with schedules stretching to the end of 2025. The shutdowns began last year and are intended to free up space for newer and faster services such as 5G, which the European Commission is aiming to extend to cover all populated areas by 2030.
O2 under the spotlight. Mobile operator O2 has come under scrutiny from the UK’s Serious Fraud Office, which has apparently opened an investigation into allegations that the company violated anti-bribery laws and regulations in relation to certain customers and linked to its business supplying handsets. O2 has outlined its work with UK authorities to address disclosure requests related to potential violations in its annual reports since 2017, and the current investigation is said to date to before the company merged with Virgin Media earlier this year.
What else we are reading this week:
Increasingly, tech giants are being run by a new generation of CEOs rather than their original founders. (Axios)
A research team in Palo Alto is exploring a new way of testing quantum gravity, by reverse-engineering its emergence. (Quanta Magazine)
Apple and Google are under increasing antitrust scrutiny, but what’s next for the giants’ app stores? (Financial Times)