Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The Data Act will ensure that industrial data is shared, stored and processed in full respect of European rules.”
-European Commissioner for the Internal Market Thierry Breton
Story of the week: EU policymakers have bridged their differences on the Data Act in the late hours of Tuesday. On the thorny issue of trade secrets, the Council’s notion of an ‘emergency break’ based on a series of factors assessed on a case-by-case basis of “serious and irreparable economic losses” made it into the text. Another reason for denying data access requests is whether there are specific safety requirements that might be undermined as a result. The territorial scope of the data sharing was limited, as per the initial text, to only entities established in the EU. MEPs obtained the ‘single point of contact’, but the agreement still includes that competencies can be distributed across different authorities. The European Parliament’s idea of data markets also made it into the text, whilst the two institutions met halfway on the cloud switching part. The date of application was pushed to 20 months. Read more
Don’t miss: With Competition Commissioner Margrethe Vestager on her way out to the European Investment Bank, political manoeuvring has begun to fill her (rather big) shoes. Several names have been floated as potential candidates for the top job at DG COMP, where crucial cases are pending, from that of AdTech against Google to the Orange-MasMovil merger. The most talked about candidate at this point in time is Johannes Hahn, Austria’s budgetary and HR Commissioner, but trade lead Valdis Dombrovskis also seems to be part of the race. Meanwhile, Thierry Breton is said to be sitting this one out not to burn his cards, but the Frenchman is expected to make a bid to become EU competition chief in the next mandate. At the same time, Vestager’s departure also leaves open the more symbolic position of Executive Vice-President for Digital, with Commissioner Věra Jourová, seeming to be the only one to fit the profile. However, a larger reshuffle might be in order to maintain the current political balance, and much will depend on whom Denmark proposes. Read more.
Also this week:
- Germany Federal Court sided with the Bundeskartellamt on the designation of Amazon as a ‘market dominant’ company.
- A third full review of the Cyber Resilience Act was discussed in the EU Parliament, with a political deal within reach.
- Ireland has passed a law empowering the Data Protection Commissioner to designate information part of open probes as confidential.
- Zalando was the first company to legally challenge the designation as a ‘very large online platform’ under the Digital Services Act.
- EU policymakers closed some of the most critical points on the European Digital Identity Framework.
- The EU Commission sent its statement of objections on the Orange-MásMóvil merger.
Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.
Today’s edition is powered by Instagram
Instagram’s Family Tools for parents and teenagers
Instagram provides a range of tools for parents to help support their teenager’s safety and wellbeing on the app —including Daily Time Limit, Supervision and more. And when teenagers set up their profile, their accounts are private by default.
Find out more
Artificial Intelligence
Technical work starts. The first technical meeting for the AI Act was set on 4 July, with a first four-column document that might be shared as early as today. In fact, informal discussions have already been taking place between the Spanish and the co-rapporteurs. The EU negotiators will meet every Tuesday and Thursday morning for four hours.
Microsoft’s principles. Microsoft has released new principles on moving forward with the tech’s development and guarding against risks, Brad Smith, the company’s Vice Chair and President, wrote this week. These include implementing and moving forward with government-led AI safety frameworks, implementing effective safety brakes for AI that controls critical infrastructure, developing a legal and regulatory framework, promoting transparency and access, and pursuing public-private partnerships to address challenges. The company also supports the idea of an international code regulating tech and integrating various global initiatives.
Private enforcement, here we come. OpenAI is facing another lawsuit. This time, it is a class-action motion launched by a California-based law firm alleging ChatGPT has violated the copyrights and privacy of millions of internet users in its internet data-scraping practices. The case rests on the argument that the model uses data such as social media comments and blog posts without their authors’ consent, wading into a murky legal area where questions of attribution and ownership and their implications for AI developers have yet to be conclusively answered.
CEOs are worried. Dozens of major European companies have voiced their concerns in an open letter over the EU’s proposed AI Act, arguing it poses a threat to competitiveness and falls short of addressing critical challenges in the technology. Signatories, including Airbus, Renault and Siemens, argue lawmakers should aim for a broad risk-based approach to avoid companies leaving the EU market and creating a “critical productivity gap” between the US and EU. However, the letter is bound to have little effect as it comes rather late in the process and makes no actual proposal.
Competition
The court rests. Germany’s Federal Court of Justice has ruled that the decision last year by the country’s antitrust regulator to classify Amazon as “market-dominant”, thereby giving the watchdog stronger powers over it, was not in violation of EU law or the German constitution. The designation allows the Bundeskartellamt to prohibit companies from engaging in certain practices and was challenged by Amazon last year. However, the court’s initial conclusion was that the decision was valid, and it says it does not plan to involve the European Court of Justice in the case. Read more.
Let’s talk about it. Apple will today seek to allay the Commission’s competition concerns and stave off potential fines related to an antitrust investigation into its relationship with music streaming companies. The company is set to meet with officials in Brussels on Friday over a probe into whether the company prevents streaming platforms such as Spotify from altering users to purchase alternatives outside of the App Store. The anti-steering investigation was launched following a 2019 complaint from Spotify, and one charge was dropped earlier this year.
Cybersecurity
CRA round 3. Lawmakers are working on the details of the Cyber Resilience Act’s obligations on product manufacturers and its applications to open-source software as an overall deal is approached. A third complete revision of the text was circulated last week and seen by EURACTIV, covering areas including the regulation’s scope, reporting obligations, the mandated support period and high-risk vendors, amongst other topics. Technical meetings on the file were held this week, with a final political agreement between political groups expected next Wednesday. Read more.
IMCO opinion out. The Parliament’s Internal Market Committee (IMCO) voted on the Cyber Resilience Act this week, a file on which it has limited competencies. Ahead of the vote, EURACTIV provided an overview of the main changes. Read more.
A spy story. Kazakh authorities have detained a Russian cybersecurity expert who we want over accusations that he bought personal data from a 2012 hack of a now-defunct social media site. Read more.
AI incident surge. The number of AI incidents has significantly increased as its presence in our daily lives grows, according to data released by Surfshark this week, with an average annual rate of incidents set at around 79 per year, with the number only expected to grow.
Data & Privacy
Confidentiality powers. The Irish Justice Ministry has added a last-minute provision to a 2022 bill which was confirmed this week, will allow the Irish Data Protection Commission (DPC) to label information and documents in the context of investigations as confidential. The DPC has already come under fire from civil society for what has been described as its lacklustre enforcement of the GDPR, and rights groups have pointed to the new amendment as a step that would further insulate the watchdog from criticism. Read more.
Adequacy decision in sight. A new deal on EU-US data flows is set for release around 10 or 11 July, Justice Commissioner Didier Reynders told MLex this week, with member states and the US government reportedly in the process of reviewing a draft text. Reynders is set to visit the US next month, heading to San Francisco on 13 July, followed by Washington DC, where he aims to meet with Secretary of Commerce, Gina Raimondo. Despite earlier concerns, Reynders last month said he believed the new deal would not be struck down by the EU Court of Justice – the fate of the previous two arrangements.
Conflicting appointments. The workshop of the first Working Group that was meant to take place on Tuesday has been postponed, as the Commission’s consumer department was not aware of a big event on the Digital Services Act organised by their own colleagues – at which many of the same stakeholders participated. Thus, it was moved to next Thursday. The second working group will meet on Monday and the third one on Tuesday.
Mark your calendar. The European Commission’s proposal to harmonise national procedural laws on cross-border cases under the General Data Protection Regulation will come out next Tuesday. It is not in the official calendar because it is meant to be adopted via a silent procedure, namely approved unless someone explicitly opposes it.
Fingerprints are valid. The Advocate General of the EU Court of Justice concluded on Thursday that the mandatory collection and storage of fingerprints in identity cards is valid, arguing that only reliable and authentic proof of identity facilitates full enjoyment of free movement.
Digital Services Act
The court will decide. Online retailer Zalando has launched legal action against the Commission over its designation as a Very Large Online Platform (VLOP) under the DSA. The company argues that this classification, which will mean it is subject to more stringent rules, is unjust and that the EU executive’s methodology when it comes to deciding who counts as a VLOP lacks transparency and consistency. Read more.
Expect some challenges. Challenges abound regarding DSA enforcement, starting with a huge information and resource asymmetry compared to platforms and the need to move from a litigious environment to a regulatory dialogue, according to the chairman of the Dutch consumer and market authority Martijn Snoep. Ireland, often considered Europe’s enforcement bottleneck in the digital sphere, is putting forth 80 staff members, to begin with. Meanwhile, in Central and Eastern Europe, governments with trouble with the rule of law are considering getting their hands on the regulator that will have to police content moderation. Read more.
Not really stressed. During his trip to San Francisco, Breton met with Meta CEO Mark Zuckerberg last week for a “productive discussion” on topics such as the DSA, DMA and AI Act. Zuckerberg, who, contrary to Elon Musk, deigned to show up in person, says the company is readying to implement the DSA, with (believe it or not) 1,000 employees working on the subject. A “stress test” on the legislation’s enforcement was also agreed, set for July. But when asked what these stress tests actually consist of, EU officials awkwardly refrain from giving any detail.
DSA workshop. The Commission’s grand stakeholder event took place on Tuesday. DPC Helen Dixon urged to moderate the expectations on the timing of the effects – speaking from personal experience. Greens MEP Alexandra Geese called for ad hoc legislation on digital advertising to address these issues in the next legislature, and the Observatory of Online Platform Economy is set to publish a report on the topic in the next few weeks.
eGovernance
Critical points settled. Critical issues within the proposed European Digital Identity framework were closed at a trilogue on Wednesday evening, though further political meetings are needed to finalise the file. Significant progress was made on some of the most contentious elements of the proposal, with areas such as wallet certification, penalties, pseudonyms, wallet-to-wallet and e-signatures among the areas covered in the discussion. Still, entire sections of the text remain to be discussed. Read more.
Institutional corner
Trio agenda. The upcoming trio of Council Presidencies – Spain, Belgium and Hungary – have pledged their support for strengthening the twin green and digital transitions and ensuring that they are fair and inclusive in an 18-month strategic agenda seen by EURACTIV. The trio commit to boosting consumer rights and prioritising research and innovation, and also promises to focus on digital inclusiveness and ensuring the trustworthiness of a human rights-based approach to AI development.
Digital State Pact. With uncertain elections fast approaching, Spain’s digital lobby is seeking a “State Pact” between key political actors to cement the position of favourable digital economy policies in the next government’s agenda. Parties have until next week to finalise their electoral programmes, and various digital groups seek to promote their top priorities for inclusion. Read more.
Law enforcement
IMCO CSAM opinion. The European Parliament’s Internal Market Committee adopted its opinion on the proposal to fight child sexual abuse material (CSAM) on Thursday, followed by a hearing on minors’ online safety. The opinion highlights that using a number as an identifier isn’t “equivalent to the use of a number to connect with publicly assigned numbers” and so such services aren’t sufficient to qualify as number-based interpersonal communications services. Regardless of using numbers in any way, all obligations should apply to number-independent interpersonal communications.
Media
More ambition against SLAPP. The European Parliament’s Legal Affairs Committee adopted Tuesday’s anti-SLAPPs (Strategic Lawsuits Against Public Participation) directive. MEPs expanded the scope of the legislation, introduced the principle that the full costs of legal representation are covered beyond statutory fees, and introduced measures against ‘forum shopping’. Read more.
Prepare for battle. This week, the EU Parliament’s Internal Market Committee approved its opinion on the Media Freedom Act proposal. Stepping into what is an increasingly controversial conversation, lawmakers are preparing to battle against the French-pushed carveout that would allow public authorities to spy on journalists for reasons of national security. Read more.
EU coverage rising. Coverage of EU-level news has increased in France due to the war in Ukraine. Still, it remains low, according to the think tank Fondation Jean-Jaurès, which has assessed European coverage by French media for several years. EU-related coverage comprised 5.7% of the whole in 2022, an increase from 2.1% in 2021. Read more.
Platforms
An EU influencers law? Two French MEPs have voiced their support for a European regulation of online commercial influencers following the recent implementation of similar legislation in France. Stéphanie Yon-Courtin and Aurore Lalucq both said this week that they were interested in building on the DSA to effectively protect consumers from commercial malpractice, particularly through the harmonisation of regulation around the commercial promotion of services such as crypto-assets and cosmetic surgery. Read more.
Pol ads deadlock. Another trilogue on the Political Advertising regulation was held this week, in place of an earlier session that was postponed earlier in June. No agreement was reached on the text, with the rapporteur Sandro Gozi under pressure to deliver an agreement or be left out of electoral lists for the elections next year. Most elements were sent back to the technical level for further discussions, but the upcoming Spanish presidency does not expect an agreement before October.
Dirty little secrets. A legal complaint filed in Italy this week alleges that Pornhub has been illegally collecting and holding the data of the billions of users who visit the site each month in violation of the GDPR. The case is built on previous complaints in both Italy and Cyprus. It is said to focus on three aspects of the site’s data handling: tracking consent, or a lack thereof, the sharing of information with other businesses owned by Pornhub’s parent company, and the use of data to assign sexual preferences to individual users without their knowledge, based on which further content is suggested.
Telecom
Here are our objections. The Commission has released the results of its investigation into the €18.6 billion merger between Orange and MásMóvil, seen as a test case for the existing approach to competition in the telecoms sector. The Commission is concerned that the merger will (surprise, surprise) reduce the competition in the mobile market, removing incentives for innovation and driving the prices up. However, the statement was described to EURACTIV as largely procedural by one source, who said it will now be up to the two parties to demonstrate whether or not facts support the Commission’s conclusions. Read more.
GIA takes shape. Based on the preliminary exchanges and amendments tabled on Thursday, there seems to be a political consensus behind the key elements of the Gigabit Infrastructure Act (GIA) in the EU Parliament. Mituţa’s proposal to abolish fees on intra-EU calls was met with cross-party support. MEPs seem farther apart on the issue of how much flexibility should be left to national and local authorities. Other amendments concern areas such as satellite-based communications, tower companies and renovation. Read more.
Twin transitions
Energy grids go smart. Germany is prioritising the digitalisation of distribution grids, according to plans for expanding the country’s electricity grid presented by the Federal Network Agency this week. The agency is seeking to double the existing volume of high-voltage lines to 900km by the end of the year, linking the country’s north and south. Though responsibility for grid expansion lies with Germany’s 16 states, the central government in Berlin is also working on a national legal framework for “smart grids”. Read more.
What else we’re reading this week:
I Shouldn’t Have to Accept Being in Deepfake Porn (The Atlantic)
The Brief — From rule-makers to go-getters? (EURACTIV)
AI boom forces tech companies to make M&A choice (FT)
Julia Tar and Alina Clasen contributed to the reporting.
