Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here. Before we start, a little service announcement. This is the last issue ahead of the summer break. The next issue will be on 1 September.
“I cannot anticipate what the next Commission will do. But we are attaching high importance to this issue of AI in the world of work.”
-Nicolas Schmit, European Commissioner for Jobs and Social Rights
Story of the week: The European Commission is preparing the ground for a legislative initiative on algorithmic management in the workplace for the next mandate. Commissioner Nicolas Schmit told EURACTIV that the idea is to build on the AI Act, which looks at Artificial Intelligence from a market product perspective, to focus on specific applications in the field of employment. An external study has been commissioned to assess to what extent this technology is being deployed, the risks and opportunities and eventual regulatory gaps to be filled. A future legislative proposal will likely take as a blueprint the Platform Workers Directive, which has an entire chapter on algorithmic management that is now taking centre stage during the trilogue discussions. However, what remains to be seen is whether the political conditions will remain suitable for such a proposal, as the next European Commission and Parliament will likely have a much more conservative agenda.
Don’t miss: Both COREPER and the European Parliament’s Industry Committee adopted their positions on the Cyber Resilience Act on Wednesday with broad support and no last-minute surprises. A fine-tuned version of the Council text made some significant tweaks to the sensitive chapter on reporting obligations, removed the concept of ‘highly critical products’, amended the process for requesting cybersecurity certificates, cut down the criteria for assessing a product’s lifetime, and made some final clarifications on the notion of substantial modification. The European Parliament’s version was not substantially changed from what was previously reported by EURACTIV. Trilogues are expected to start in September.
Also this week:
- The first trilogue of the Spanish presidency took place on Tuesday, but many of the political points remain open.
- Fiona Scott Morton withdrew her candidacy for the post of chief competition economist, but her saga might also mark the end of the Vestager’s era.
- Experts and industry practitioners are calling for a European cybersecurity quantum strategy.
- The Norwegian data protection authority temporarily banned behavioural ads on Facebook and Instagram, and progressive MEPs are calling for a moratorium at the EU level.
- Breton urged TikTok to speed up compliance with the Digital Services Act just days before the platform announced new measures.
- MEPs adopted a position strengthening journalists’ protections in the Media Freedom Act.
Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.
Artificial Intelligence
AI Act trilogue. The first political trilogue on the AI Act of the Spanish presidency took place on Tuesday, but little progress was made on the issues that were not already virtually closed at the technical level. The only decision was to make regulatory sandboxes, but discussions heated up on the presumption of conformity. On the Fundamental Rights Impact Assessment, the co-rapporteurs seem on track to scale down some of the requirements as they face opposition from both the Council and the Commission. For the parts on high-risk categorisation and use cases, the institutions merely restate their position. The last technical meeting before the summer recess is taking place today. The next trilogue has been postponed from 26 September to 3 October due to conflicting agendas.
Let’s speed it up. The US administration is pressuring the European Commission to speed up the AI Code of Conduct development. The idea is to have the text consolidated by the time of the G7 Trade Ministers’ Meeting in Osaka-Sakai at the end of October. The acceleration might also be seen as trying to match the timing of the AI Act trilogues, as the Code would give the United States an entry point for shaping the EU rules on generative AI.
Expecting an answer. The information the US Federal Trade Commission requested to OpenAI, in the course of its investigation on possible violations of consumer rights, to give information on its financial earnings, profit cap, corporate governance model, how it obtains data and policies related to its large language model. Several of these requests overlap with the AI Act’s requirements, whilst other go beyond it to address emerging problems like prompt injection.
SMEs & start-ups join forces. The European DIGITAL SME Alliance and Community AI announced on Tuesday that they will establish a joint focus group on artificial intelligence composed of start-ups and SMEs. The group will also focus on training, capacity-building, and matchmaking initiatives with an annual report published at the end of each year, also outlining the progress that Europe is making towards its AI goals for 2030.
UK regulation suggestions. The Ada Lovelace Institute published a new report analysing the UK’s proposals for AI regulation on Tuesday. The report emphasises three ‘tests’ for the UK’s approach and provides recommendations. According to the paper, not all contexts are comprehensively covered, and regulators must also be properly resourced to police the emerging technology. The Institute also believes that risks should be addressed sooner than the original timeline suggests due to AI’s harms.
UN on AI security. UK Foreign Secretary James Cleverly chaired Tuesday’s first United Nations Security Council session on Artificial Intelligence. The UK hosted the event as a permanent member of the UNSC and current Presidency holder for July in the Security Council Chamber in New York.
Competition
End of a saga or of an era? After controversy over her non-European nationality and possible conflicts of interest, Fiona Scott Morton has withdrawn herself from consideration for the post of chief competition economist at DG COMP. The charge against her nomination was led by France, with even President Emmanuel Macron weighing in, but gathered the support of the main political groups in the European Parliament and several commissioners. Detractors criticised the fact that an American national was called for such a key job that entails supporting high-profile cases against US Big Tech companies, with which she previously worked as an external consultant. However, the attack was not just on Scott Morton as a person but on Margrethe Vestager’s legacy as a whole. The outgoing Danish commissioner offered the flank to those who are asking for a more EU-centre competition agenda, with all that entails in terms of revising the Vestager doctrine. The lack of political awareness on this controversial appointment peaked when Vestager vehemently defended Scott Morton in a parliamentary hearing, just to announce her withdrawal a few hours later. While Vestager’s star was already fading in Brussels, the fact she failed to secure the person she wanted in her own department might as well mark the end of an era for the EU’s competition doctrine. Quite meaningfully, none of the ‘friends of the single market’ stood out to defend the principle that quality matters more than nationality. Europe’s wind has changed.
New massive fine. Spain’s antitrust watchdog said it had imposed fines worth €194.1 million on Amazon and Apple on Tuesday for conspiring to limit the online sale of devices from Apple and competitors in Spain. Apple was fined €143.6 million and Amazon €50.5 million. The companies signed two contracts in 2018, granting Amazon the status of authorised Apple dealer, which also included anti-competitive clauses that affected the online market for electronic devices in Spain, according to authority. The two companies have two months to appeal the decision. A similar sanction was handed to the two companies in Italy but was overruled in court.
Two out of three. US semiconductor company Broadcom’s deal to buy the cloud computing and visualisation company VMware would not weaken competition in the supply of critical computer server products, a panel of the UK’s Competition and Markets Authority (CMA) has found, after examining the evidence gathered from both companies. The CMA’s decision follows similar clearance from the EU competition department. The merger is still being examined in the US by the Federal Trade Commission.
Buying time. Microsoft and Sony have called a truce over the former attempt to buy Activision, signing commitments that the Call of Duty franchise would remain available on PlayStation. The agreement comes after the tide started turning on the massive mergers, with the European Commission green-lighting the takeover and the US Federal Trade Commission seeing its case for blocking it lose in court. In the UK, where the competition authority stopped the merger, an appeal tribunal will be called to agree to postpone the proceedings as negotiations between Microsoft and the regulator continue. Meanwhile, the deadline for finalising the marriage has been delayed from 18 July to 18 October.
One more headache. On Wednesday, the AWS-backed Cloud Infrastructure Services Providers in Europe joined a German investigation against Microsoft. The case will decide whether Microsoft is guilty of antitrust practices, notably because of the linkage between its corporate communication platform Teams and the Office suite, eventually resulting in unfair software licensing disadvantaging cloud provider competitors. Teams’ bundling is also at the centre of an EU probe following a complaint from rival Slack.
Cybersecurity
Should we have a plan? The European Policy Centre, a Brussels-based think tank, published a paper outlining a cybersecurity strategy for quantum computing, arguing that the EU needs a Coordinated Action Plan to prepare for a future in which powerful quantum computers are commercially available, allowing hackers to break encryption. Cybercriminals aim to obtain sensitive encrypted data that cannot be decoded yet, to hold onto until super and quantum computers become commercially available. Experts and industry practitioners think Europe should be able to respond to ‘harvest attacks’ and future quantum attacks on encryption. Read more.
Cyber Solidarity Act timeline. A consideration of the draft report on the Cyber Solidarity Act is expected in the European Parliament’s Committee on Industry, Research and Energy on the 18 and 19 September, which will be followed by voting on the 27 and 28 November. Moreover, an upcoming plenary session is also anticipated in December.
Consultation opened. The feedback period for the evaluation of ENISA and the European Cybersecurity Certification Framework opened last Friday. The feedback period seems meant to minimise engagement, including the entire summer holidays. However, that’s unlikely to cut it this time, as many stakeholders will remove pebbles from their shoes regarding the EU Cloud Services Scheme (EUCS).
Internet organised crime. Europol published its 2023 Internet Organised Crime Assessment on Wednesday, focusing on the cybercrime landscape and how it has changed over the last 24 months. The assessment mentions, for example, child sexual exploitation and online fraud. To accompany the report, a series of spotlight reports will be released later this year, each examining a specific crime area relating to cybercrime.
iPhones not welcome. Russian authorities have banned thousands of officials and state employees from using Apple products, including iPhones. The ban is due to growing concerns in the Kremlin and the Federal Security Service spy agency over a surge in espionage activity by US intelligence agencies against Russian state institutions. Similar bans are reportedly already in place or about to be enforced in the finance and energy ministries and other official bodies.
Data & Privacy
Not so legitimate. Meanwhile, the Meta vs Bundeskartellamt verdict is starting to bite. Since the EU top court said that user consent is needed to process personal data for targeted advertising, the Norwegian data protection authority took the initiative and issued a temporary ban on behavioural ads for Facebook and Instagram as of August unless explicit consent is obtained for the processed data. Meta will have to pay daily fines of almost €89,000 if it doesn’t comply with the order. The decision has been referred to the European Data Protection Board. Read more.
Ban it already. Following the Meta vs Bundeskartellamt and the Norwegian authority’s decision, ten MEPs part of the Tracking-free Ads Coalition came back with their flagship initiative to ban targeted ads, asking the Commission on Wednesday for a moratorium on tracking users online. The EU lawmakers want more details on how the EU executive intends to apply the DSA and DMA’s provisions in these domains and how it intends to collaborate with EU data protection authorities. Read more.
Legal basis changed. WhatsApp updated its privacy policy on Monday by switching to the ‘legitimate interest’ legal basis from the ‘contract model’ following an Irish Data Protection Commissioner’s sanction in January. The decision on WhatsApp followed a series of complaints by the digital rights NGO noyb, led by Austrian activist Max Schrems. Schrems told EURACTIV that it is not clear to him “what WhatsApp is still doing under legitimate interest in the most recent court filings.” He believes that “the recent decision by the CJEU on Facebook should ensure that legitimate interest is not an option for ads and sharing of data anymore.”According to the company, under legitimate interest, users will still be able to object to the use of their information. The messaging app also clarified that the changes will not affect users, encryption or data sharing with other Meta-owned platforms. Read more.
Guidance on US data transfers. The European Data Protection Board adopted an information note for individuals and entities transferring data to the U.S. during its plenary on Wednesday. The note aims to provide information about the impact of the adequacy decision on transatlantic data transfers, the redress mechanisms available under the Data Privacy Framework and national security. The EDPB agrees with the Commission’s review assessment and supports the proposal to move to a four-year review cycle.
The publishers’ saga. The Belgian privacy regulator decided to close the case against 15 Belgian news outlets without ordering a change to its cookie banners. According to the NGO NOYB, which filed the complaint, the payment was freeing the companies from the duty to comply with the EU’s General Data Protection Regulation. NOYB announced it would ask the authority to investigate the case again.
Digital Markets Act
Output indicators paper. The Centre on Regulation in Europe published a paper about the DMA’s output indicators. Present each indicator’s advantages and drawbacks, and note that none is mutually exclusive. The output indicators are mean to become the benchmark against which the gatekeepers’ compliance with the DMA obligations is measured.
Digital Services Act
Speed it up, please. EU Internal Market Commissioner Thierry Breton told TikTok’s CEO Shou Zi Chew that the platform needs to accelerate its efforts to comply with Europe’s new digital rulebook that will kick in in August. Breton called on the platform to speed up its compliance after a “stress test” was conducted at the company’s European headquarter in Dublin on Monday, the results of which were discussed between the Commissioner and the platform’s CEO on Tuesday. Read more.
TikTok’s DSA compliance. A few days later, TikTok announced that they are expanding access to their Research API to Europe and introducing new transparency tools, which will be informed by feedback from researchers and civil society. The platform is also launching a commercial content library and providing access to a Commercial Content API, for which researchers will need to create a developer account and apply for access. However, technical conditions are still awaited from the European Commission on the data access provisions of the Digital Services Act.
Digital skills
Skilled for AI. Artificial Intelligence and related fields like cybersecurity will further fuel the growing need for highly qualified talents and basic digital skills in the European Union, European Commissioner for Jobs and Social Rights, Nicolas Schmit, told EURACTIV in an interview. Asked how he thinks AI will affect the world of work, Schmit said that the picture is still to be fully defined but that his preliminary assessment is that Artificial Intelligence will mostly transform existing jobs rather than making them redundant. He also talked about the shortage of information and communications technology (ICT) experts, which he believes is related to multiple factors. Read more.
eGovernance
Taking stock of eGovernance. A new report on the 2020 Berlin Declaration on value-based digital government was published on Monday. According to the report, digital literacy is being improved in EU countries, and innovative technologies are consistently rolled out in their public services. Social participation, digital inclusion, and trust and security in digital services are the areas that require development.
Gig economy
One report, two versions. Uber and French President Emmanuel Macron had a ‘hidden deal’ going on when he was economy minister, France’s parliamentary committee looking into the Uber files case wrote in a critical report published on Tuesday. Pro-Macron deputies denied any such secret deal ever existed and dubbed the report ‘conspiracy-oriented’. Read more.
Institutional corner
Viola’s succession race. One of the favourite discussion points for policy insiders in the EU tech bubble is who will succeed Roberto Viola at the helm of DG CNECT. The Italian bureaucrat is said to retire soon, although another option is now circulating: a pre-retirement period in sunny Sevilla to head the brand-new Centre for Algorithmic Transparency. A serious contender for this race is Renate Nikolay, Jourova’s previous head of cabinet, who has become Viola’s deputy and is consistently taking his place in representing DG CNECT on public occasions. Also in pole is apparently Anthony Whelan, von der Leyen’s digital advisor, although his destiny might be linked to the President’s eventual re-election. Another potential candidate is Despina Spanou, Schinas’ head of cabinet.
Law enforcement
Spyware black list. Spyware companies Intellexa and Cytrox were added to an ‘entity list’ by the Biden administration that prohibits American companies from engaging in certain trade activities with them. According to senior administration officials, the decision is part of an ongoing effort to address the proliferation and misuse of commercial spyware. This move is the most significant since President Biden’s executive order in March set limits on U.S. agencies when there’s a risk foreign governments could exploit it to target Americans or violate human rights. The U.S. and allied nations also pledged in March to develop and implement measures to counter commercial spyware abuses. EURACTIV previously reported how these companies have been at the centre of the Greece, Cyprus-Israel spyware triangle.
New CSAM text. A new presidency compromise text, dated 16 July, was published about regulations to fight the child sexual abuse material (CSAM), with a view to discussing it at the Law Enforcement Working Party meeting on 26 July. The changes include, among others, further reinforcement of the risk assessments, mitigation, and reporting to ensure that the detection orders are the last resort. There are also extensions on cross-border removal and delisting orders.
AI-generated CSAM. The UK’s Internet Watch Foundation found seven URLs containing AI-generated child sexual abuse imagery. Analysts have also discovered an online “manual” to help offenders refine their prompts and train AI to return more and more realistic results. IWF calls AI developers and politicians to do more to prevent such abuse of AI tools and to protect users from the spread of AI-generated child sexual abuse imagery.
We’ll find out in court. The Society for Civil Rights and an individual Facebook user have filed a lawsuit today against Meta’s practice of scanning private messages sent in Facebook Messenger. The company bases the scanning on a derogation regulation to the e-Privacy Directive. However, the organisation considers these scanning tools against the GDPR and violates privacy rights.
Media
LIBE opinion reports. The European Parliament’s Civil Liberties Committee adopted its opinion report on the Media Freedom Act on Tuesday, putting forth stronger safeguards against the surveillance of journalists, as well as public media, fragmentation, and funding. The MEPs’ positioning on spyware and protection of sources clashed with the Council text, which, under pressure from France, includes a national security carveout for spying on reporters that media representatives have harshly criticised. The paper also provided more details on the role of the European Board for Media Services. Read more.
Go fund yourself. The European Union will assist a new project to top-up the support for independent Russian and Belarusian media working in the EU with significant audiences in their home countries. The Free Media Hub EAST project, led by the Prague Civil Society Centre, is set to award over €2.2 million in grants to help with the technological solutions and cooperation between media located in the EU to contribute to fighting Russian propaganda.
Telecom
A high-profile lobbyist. Romain Bonenfant has been designated to become CEO of the French telecom trade associations (FFTélécoms) representing French operators Orange, Bouygues and SFR. Bonenfant has previously worked at DG COMP for the French telecom regulatory authority Arcep and lately as a Head of Department within the French Economy and Digital Ministry.
Show us the results. What happened to the results of the Commission’s consultation on the Future of Connectivity. Initially expected these days, the results are now expected to be published after the summer break, together with the policy recommendations.
Théophane Hartmann contributed to the reporting.
What else we’re reading this week:
Bolloré et les médias : pour Emmanuel Macron, une emprise de tête (Libération)
The dirty little secret that could bring down Big Tech (Business Insider)
Apple Tests ‘Apple GPT,’ Develops Generative AI Tools to Catch OpenAI (Bloomberg)
[Edited by Alice Taylor]
