Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“This decision goes against the examples of good practice from the Council of Europe [CoE], the prior practice of the drafting of Convention 108+, and the CoE’s own standards on civil participation in political decision-making.”
– An email by several NGOs sent to the Council of Europe’s Committee on Artificial Intelligence
Story of the week: NGOs have been side-lined from the drafting of the Council of Europe’s Convention on Artificial Intelligence, human rights, democracy and the rule of law. In November, the US proposed the creation of a drafting group that would only include potential signatories to the treaty, as they did not want to reveal their negotiating position publicly. One of the reasons cited was that Washington was pushing to exclude private companies (read: US Big Tech) from the convention’s scope, as EURACTIV revealed in October. Although the proposal was initially only supported by the UK and Canada, the CoE secretariat presented it as a final decision in the meeting’s minutes, as it wanted to keep the US – a mere observer country – among the signatories. Despite some countries asking for a discussion to reopen the matter, the drafting group was confirmed in the plenary last week. Going forward, civil society groups will only be able to provide their comments once a first version has been drafted, and even then, their inputs will be discussed behind closed doors. Read more.
Don’t miss: WhatsApp was fined €5.5 million by the Irish Data Protection Commissioner (DPC) this week, a follow-on from similar decisions earlier this month, which handed penalties of €210 and €180 million to Facebook and Instagram, respectively. The charge results from an investigation that found the legal basis of WhatsApp’s personal data processing to violate EU law; the messaging service now has a six-month window to find a new one. However, for the plaintiff, Max Schrems’ NOYB, the DPC unduly limited the scope of the decision by not investigating to what extent WhatsApp shares data within Meta, despite this being requested by the European Data Protection Board. For the DPC, the Board overstepped its jurisdiction by trying to dictate future investigations of an independent authority. The matter is likely to be solved before the EU Court of Justice. Read more.
Also this week:
- EURACTIV obtained Germany’s position on the Data Act.
- Cab drivers and mobility apps agreed on a minimum ride payment in France.
- EURACTIV provides an anticipation of ITRE’s Chips Act report.
- The UK’s Online Safety Bill is moving forward with significant amendments.
Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.
Artificial Intelligence
Art 6 controversy. An unusual coalition formed by Renew, EPP, and the Greens proposed to the AI Act’s co-rapporteur a different wording on the provision categorising AI systems at high risk of causing harm. The proposal spurred public pushback from NGOs, which considered it would have given too much leeway to AI providers to self-assess their model. EURACTIV understands the proposal “will never fly”.
Olympic surveillance. Scrutiny of a bill that could authorise algorithmic video surveillance (VSA) at the 2024 Paris Olympics began in the French Senate this week amidst warnings that the initiative could be a ploy by the government to expand its use of the technology. According to the French digital rights group La Quadrature du Net, VSA is already being deployed illegally in France, and the Olympic bill is instead a pretext to accelerate the use of this surveillance software.
Generative AI vs Rightsholders. Getty Images has launched a lawsuit in the UK against Stability AI, the company that produced AI art software Stable Diffusion, saying it illegally scraped millions of images from its database to train its tools, breaching copyright.
Cities’ guidelines. A group of nine cities has developed a free-to-use, open-source data schema for using AI in cities, setting out common guidelines on what information should be collected on the algorithms deployed in urban areas. The standards, developed via the Eurocities network, emphasize transparency and ensure responsible and ethical use of the technology.
Facial recognition scrutiny. The Irish Council for Civil Liberties published documents about the tender the European Parliament issued in 2015 to acquire CCTV systems, including facial recognition capacity. An EP spokesperson told EURACTIV that the tender was not followed up and that the institution never purchased facial recognition technology.
Competition
Prepare to be objected to. Microsoft is reportedly set to receive a competition caution from Brussels over its purchase of gaming company Activision Blizzard. The Commission is said to be readying a statement of objections to be sent to the tech giant in the upcoming weeks, ahead of the 11 April deadline set by the EU executive for its final decision on the deal.
Copyright
Anti-piracy consultation. The Commission has launched a call for evidence on its initiative to tackle the privacy of live content, particularly sports events like football matches. The project is set to create a toolbox to combat illegal streaming of live events, despite rightsholders’ calls for a legislative initiative. The window for feedback submissions is open until 10 February, with the planned launch of the initiative scheduled for the second quarter of the year.
No snippets for Czechia. The Czech publishing sector has criticised Meta and Google’s suspension of news snippets and termination of the Google News showcase programme in the country, which followed Prague’s finalisation of the Copyright Directive’s transposition in December. The publishers said the decision was made in a one-sided manner and with minimal effort to establish a meaningful dialogue with media actors.
Cybersecurity
CRA discussions. On Wednesday, the Cyber Working Party discussed a new compromise on the Cyber Resilience Act, obtained by EURACTIV. The text introduced minor changes, such as adding references to the definitions of recall and withdrawal as per the EU’s regulation on market surveillance and compliance of products. The provision stating that the regulation should not prevent member states from introducing specific measures for products used in the military and defence field was also refined to require the proportionality of such measures. The obligations of economic operators and the essential requirements were also discussed based on the original proposal.
Crime moves online. Cybercrime in the Netherlands has tripled since 2019, with reports rising from 4,715 to 13,949 in 2022. A study by the Dutch newspaper AD found that while figures for online crimes had ballooned, the number of burglaries, robberies and muggings had fallen to all-time lows, a trend one expert attributed to growing youth knowledge and the COVID-19 pandemic. Read more.
Entry into force. The NIS2 and CER Directives entered into force this week to boost EU-wide efforts to increase the resilience of critical entities. A recommendation adopted by the Council in December invited member states to accelerate the transposition of these two initiatives in the wake of attacks on the Nord Stream 2 pipeline.
Data Policy
Berlin’s Data Act. Germany shared extensive comments on the Data Act last week, maintaining a general scrutiny reservation on the file. Berlin asked to clarify the relation between the new data law and data protection and to differentiate the provisions for sharing data with businesses (B2B) or consumers (B2C). On the gatekeeper exclusion, the German government argued it would be more appropriate to narrow it to the core platform services (defined under the DMA). Germany also wants to restrict the B2G access, extend the fairness check to all contractual arrangements, and leave dealing with egress fees with private contracts. Read more.
IMCO’s report. IMCO’s final compromise amendment, obtained by EURACTIV, was shared on Wednesday. Significant last-minute changes see the introduction of a provision that requires the unbundling of specific cloud services to be made available for switching “where there are no major obstacles.” The requirements for functional equivalence have also been slightly enhanced since the caveat of ‘where technically feasible’ was removed in the article on the technical aspects of switching. The remainder of the text largely follows what was previously reported by EURACTIV. MEPs had until Thursday at noon to request split votes ahead of the committee vote next Tuesday morning.
Things might accelerate. A general approach to the Data Act could be reached in the Council as soon as February or March, EURACTIV hears. The latest Czech compromise was received relatively positively, and the Swedish opinion paper focused on some of the most pressing open questions. Further discussions will be needed on other points, particularly the scope, where even the Commission seems conflicted. The other sticking point is the B2G part, which will likely be narrowed down. Despite some countries raising objections about international data transfers, the Commission has so far managed to keep the discussion non-political.
French lobbying. France sent a note to ITRE last week, seen by EURACTIV, urging MEPs to include smartphones in the scope of the Data Act, arguing that the bill’s current conception of “product” is too narrow. The French government is lobbying to have any product capable of collecting data via sensors included and to give companies 18 months to adapt to the new obligations, amongst other requests.
High-value datasets. The Commission set out the high-value datasets that public-sector organisations will be required to make freely available for reuse in a list published this week. Falling under the Open Data Directive, the datasets span six categories, running from geospatial to meteorological, and those seen as being of interest to creators of value-added services or as having critical societal benefits. The bodies in possession now have 16 months to make them accessible, free of charge, to the public.
Mind our IP. Tech industry associations BusinessEurope and Orgalim have issued a joint statement warning against underestimating the impact of the Data Act on the protection of trade secrets. As it currently stands, the groups say the proposal is not sufficiently evidence-based and should include stronger evaluation processes when it comes to the obligation to share data protected by trade secrets.
EDHS timeline. The LIBE-ENVI draft report should be circulated in February, with a view to getting plenary approval by the summer. The lawmakers aim to reach a political agreement with the EU Council before the end of the year.
Data Protection & Privacy
€4 bn short? Ireland’s Data Protection Commission (DPC) failed to adequately assess how much revenue Meta had generated via GDPR violations, estimating that the fine it issued to the company in December for unlawful data processing was almost €4 billion short. This is according to NOYB, which says that the DPC ignored Meta’s unlawful revenue, fining it €390 million, despite a ⅔ majority amongst EU data protection authorities directing their Irish counterpart to factor it in.
Cookie action results. The European Data Protection Board published a report on Thursday detailing the conclusions of a task force that gathered and analysed information relating to complaints made by NOYB about the design and characteristics of cookie banners. Among the conclusions is the widespread agreement by authorities that the absence of any option for refusing, rejecting or not consenting to cookies at the same level as the option to accept them constitutes a violation of the EU’s ePrivacy Directive.
Digital Markets Act
Next workshop. The next DMA workshop will take place on 6 March, focusing on Apple and the interoperability of app stores, as first reported by MLex. Three panels are expected on app developers’ choice, alternative app distribution (i.e. sideloading) and unfair commercial practices (i.e. FRAND access).
Let’s make it a habit. The first workshop was organised after too many stakeholders requested to provide input. However, the format has been appreciated as a valuable source of information for the Commission, which thus gets plenty of input with little effort, and also for those who do not participate in confidential meetings. Gatekeepers are practically forced to participate as a no-show would be interpreted as a display of bad faith that could harm future negotiations. Behind the scenes, the workshops require massive preparation, with the legal teams particularly wary of any public statement and diverging resources from the technical work to comply with the DMA’s requirements. Early indiscretions contend the workshop after the one on 6 March will be on the interoperability of messaging services.
Speaking of Apple. For those wondering who will be speaking at the next DMA workshop, a coalition of tech companies such as Spotify and publisher organisations like News Media Europe have written to EU competition chief Margrethe Vestager calling for decisive action to tackle what they say are Apple’s anticompetitive practices, particularly concerning the App Store. The group accuses Apple of continuing to defy all legal and regulatory efforts to combat these behaviours and urges the Commission to push forward with a decision in its current competition case against the company and to enforce the DMA swiftly, prioritising Apple’s designation as a gatekeeper.
Brand-new directorate. The Commission’s Competition department launched its new tech directorate to manage DMA implementation and tech-related antitrust cases this week. The directorate comprises three units; the second is still missing the head of unit.
Gig economy
Minimum ride agreement. French cab drivers and ride-hailing platforms signed two agreements this week guaranteeing a minimum payment of €7.65 per ride. The agreements, copies of which were obtained by EURACTIV France, guarantee the minimum amount across all platforms and journeys and clarify issues to be touched on in future discussions. Some trade unions and negotiators, however, have described the deal as ‘insufficient’, and voiced hope that the EU’s upcoming platform workers’ directive will help to address its deficiencies. Read more.
No panacea. The EU’s proposal on short-term rentals is a step in the right direction, as more data is needed to inform tourism policies and better understand the socio-economic impact of travel platforms, MEP Cláudia Monteiro de Aguiar told EURACTIV this week. However, the right-wing lawmaker warned the legislation would not be a silver bullet, as its effectiveness will largely depend on the national application of the DSA and the amount of red tape it will introduce for the actors involved. Read more.
Vote postponed. The plenary vote on the mandate of the platform workers’ directive has been postponed due to transport strikes all over France. The vote is now expected in the mini-plenary on 1-2 February.
Industrial strategy
ITRE’s Chips Act report. Last week saw the ITRE committee finalise its version of the Chips Act, the full text of which is set to be voted on next Tuesday to commence trilogue negotiations in March. The report streamlined the emergency mechanism, left less discretion to the Commission and made industry players more involved. A long-term strategic mapping exercise was introduced to set the early warning indicators against which the information sharing would take place. A requirement was added that to request the support of the emergency toolbox, critical sectors would need to have done their homework first. Similarly, companies that receive state aid won’t be able to set up shops where IP rights are not protected (read China). The definition of first-of-a-kind was also made broader. Read more.
Big investment, big risk. Intel’s semiconductor ambitions are facing difficulties, with negotiations ongoing for greater support and investment from Berlin, the CEO Pat Gelsinger told reporters in Davos this week.
Law enforcement
Stick to the deal. The Swedish presidency does not intend to revise the deal brokered by the Czechs on the e-Evidence, although several countries voiced opposition to it in a COREPER meeting before Christmas. Technical work has been ongoing to clean up the text and includes the last member states’ comments in the annexes. The file might land on the COREPER agenda as early as next week.
Poland’s surveillance regime. The Polish Law and Justice party put forth a legislative proposal that would make it easier for authorities to surveil citizens electronically and access their communications on services such as Messenger or WhatsApp. The bill has drawn criticism from opposition politicians and activists and is currently in the Parliament’s lower house. It would also allow authorities to block communications deemed dangerous to the state and open the door to service providers being obliged by the courts to hand over data concerning users’ emails, and even their content. Read more.
Media
RT France facing shutdown. Russia Today France looks set to shut its doors after its funds were frozen, it was revealed this week. An internal communication from the outlet’s president said it was “impossible” to continue its activity in the same way as before, with finances reportedly so low that employees face not being paid this month. Its potential closure would represent the shutdown of RT’s last major base outside Russia.
EP slams Morocco. The EU Parliament condemned on Thursday the state of press freedom in Morocco, stressing in a resolution that this right must be respected and that journalists be guaranteed fair trials. MEPs cited the cases of imprisoned journalists Omar Radi and Soulaimane Raissouni and called for an end to the harassment of media workers in the country.
Platforms
UK bill moves forward. The UK’s Online Safety Bill has taken another step towards becoming law, with legislative action picking up again after lengthy delays. A parliamentary debate on Tuesday saw lawmakers review a range of proposed amendments to the bill, including a government initiative to remove the obligations on platforms concerning “legal but harmful material”. Shortly before the discussion, it was also revealed that the government would concede to rebel lawmakers in their push to introduce criminal penalties for executives who failed to enforce the bill’s child protection measures. Read more.
Preparing for recession. Microsoft announced it will lay off 10,000 employees this week, part of a broader trend of downsizing tech firms. The decision, which follows a similar episode in 2022, when 5% of the company’s staff were cut, comes in response to “macroeconomic conditions and changing customer priorities”, the company said, and will be accompanied by the consolidation of some of its offices.
Advertisers’ runoff. More than 500 Twitter advertisers have paused their spending on the site since Elon Musk took over the company last year, according to reporting by The Information, with ad revenue dropping by 40% compared to the same period in 2022.
Join the queue. Commissioner Thierry Breton met with TikTok CEO Shou Zi Chew this week to discuss the company’s plans for implementing the DSA. The Commissioner highlighted, in particular, the need to protect younger users and also raised concerns over the transfer of personal data outside of Europe, along with the recent allegations that the company tracked journalists to identify employees suspected of leaking information to them.
Research & Innovation
From lab to patent. New research has found that more than 40% of projects funded by the European Research Council resulted in research that went on to be cited in patents, demonstrating the influence of these programmes on technologies. Life sciences projects were found to be the most likely to be cited in patents. The patents referenced in ERC-funded research tended to be in areas such as biotechnology, pharmaceuticals and semiconductors, amongst others.
Space
Europe’s spaceport. A new spaceport was opened in northern Sweden last week, envisioned as the first such base for rocket launches in mainland Europe. The site, which already functions as a research facility and has launched over 600 suborbital rockets to date, is set to be operational next year and has been touted as a crucial component in advancing the EU’s space capacity. Despite these ambitions, only one company has reportedly signed up to launch from the base. Read more.
EU-Japan cooperation. The Commission has signed a Cooperation Agreement with Japan to allow for the reciprocal sharing of Earth Observation data. Under the terms of the deal, the EU will supply Tokyo with access to data and services from the observation programme Copernicus in return for free and open access to data from Japan’s non-commercial observation satellites, an exchange intended to boost the global uptake of Copernicus’ outputs and promote it as an international standard.
Standardisation
HLF first meeting. Today marked the first meeting of the High-Level Forum on European Standardisation, a C-level gathering chaired by Commissioner Thierry Breton. The Commission’s new strategic approach to standardisation was generally well received, with the skills shortage and lack of expertise mentioned as major reasons for concern. Meanwhile, SMEs, NGOs, and consumer representatives stressed the difficulty of participating in the standardisation process at the European and national levels. This inclusiveness contrasts with the political pressure to speed up the process, highlighting the need to reflect further on the governance model. The priorities mentioned were digital technologies, quantum computing, AI, cybersecurity, and Green Tech, with a focus on batteries, hydrogen and critical raw material. These high-level guidelines will be operationalised by the Sherpa group, which is due to meet in mid-February.
What else we’re reading this week:
What it would take for Apple to disentangle itself from China (FT)
Cyber-crime gangs’ earnings slide as victims refuse to pay (BBC)
Exclusive: OpenAI Used Kenyan Workers on Less Than $2 Per Hour to Make ChatGPT Less Toxic (Time)
The future of manipulative design regulation (Future of Privacy Forum)