Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The Commission may impose on gatekeepers a restriction on engaging on acquisitions in certain areas and for a limited period of time pursuant to paragraph 1 where this is necessary and proportionate to undo the damage caused by repeated infringements or to prevent further damage to the contestability and fairness of the internal market.”
-Article 16(1)(a), compromise amendments 28 October 2021
Story of the week: The issues that did not fly in the Council, France and Germany are currently pushing in the European Parliament an EU diplomatic source told EURACTIV. That seems to be particularly the case for killer acquisitions, a topic very dear to Berlin that has appeared in the compromise amendments for the first time this week. The provisions were not included under the obligations to inform the EU executive about intended mergers (Art.12), as it might have been expected, but as a temporary measure for systemic non-compliance (Art.16).
The European Commission has always opposed including merger control measures in the DMA, and not without reason as the EU executive will have to defend any legal proceedings under the DMA in court. The legal basis for the DMA is the internal market (Art. 114 TFEU), whereas provisions on killer acquisitions would probably have to be based on market dominance instead (Art. 102 TFEU).
The decision on the legal basis was also a political one, resulting from a clash between Vestager and Breton and their corresponding services. Moreover, the Commission does not want to reopen the discussions on its merger control rules because of the Franco-German push for European champions that many smaller (and more liberal) member states do not see positively. Maybe because of that, the Commission made a timid opening in that sense.
“We share your concern that [killer acquisitions] should be looked into. That’s why we have also included article 12 in the text proposal. If this can be strengthened and improved further, we’re certainly happy to work with you on that and to use the available instruments under the merger control regulation to look into such transactions and scrutinise them carefully. But I think it’s important also for the legal robustness of the DMA, that we remain within the limits of what is legally possible here,” said a representative of the EU Commission during the IMCO discussions on Wednesday.
Don’t miss: In a major rebrand operation, Facebook has officially changed its name to “Meta” to reflect better its new focus on building the “metaverse”, described by Mark Zuckerberg at the company’s annual Connect event on Thursday as “an embodied internet”. Critics say the move is just a repackaging exercise, following weeks of revelations concerning the social network’s inner workings that have caused outrage worldwide. Facebook is also looking for new ways to keep users on its platform, as it is facing growing competition from TikTok and other innovative actors. Read more.
Also, this week:
- NIS2 was adopted in the ITRE committee
- European Commission to further investigate the NVIDIA-Arm deal
- Biometric recognition is employed in a growing number of EU countries
- Online marketplaces and cloud providers intervene on the DMA
Before we start: The IMCO vote on the Digital Markets Act has officially been delayed, as some significant differences remain between the main political groups. To better understand where things stand, EURACTIV has interviewed MEP Evelyne Gebhardt, the shadow rapporteur for the social-democratic group, and MEP Andrus Ansip, the shadow rapporteur for the liberal group. The EU lawmakers explain the main differences in scope, implementation, killer acquisitions, and targeted advertising.
A message by Facebook
Research is happening with Facebook.
Facebook’s Data For Good programme uses privacy-protected data to address some of the world’s greatest social issues. Cornelius Fritz, a statistician at LMU München analyses aggregated data from approximately 10 million Facebook users to forecast the number of COVID-19 cases at a local level in Germany. Find out more.
Competition
More to follow. Following its preliminary analysis, the Commission will investigate the acquisition of UK company Arm by US chipmaker Nvidia over concerns that the merger breaches EU antitrust law. Steps taken by Nvidia following the $40 billion acquisition failed to quell EU authorities’ worries, meaning the enquiry will progress further, alongside a similar competition probe underway in the UK. Read more.
Controlling the dollar. The US Consumer Financial Protection Bureau (CFPB) has ordered six major tech firms, including Amazon, Apple, Google and Facebook, to hand over details of their data collection practices within their payment systems. Speaking to members of Congress, CFPB Director Rohit Chopra said, “I am very, very worried, as I think many in the regulatory community have been, about Big Tech taking more control of the US dollar and the global flow of payments.”
Copyright
Ready to negotiate. Société des Droits Voisins de la Presse (DVP), the body tasked with negotiating neighbouring rights in France, launched this week. The collective entity will negotiate with tech giants over remuneration for publishers to use their content online. The launch follows years of contention between publishers and tech companies since France’s transposition of the EU Copyright Directive.
Cybersecurity
Parliament adopts NIS2. The ITRE committee adopted on Thursday the NIS2 Directive, the proposal to establish harmonised cybersecurity requirements for critical entities. Sanctions for serious negligence include fines of up to 2% of the company revenue and a temporary ban on the senior management. Rapporteur Bart Groothuis told EURACTIV this was the way to make the cybersecurity issue land on the desk of the CEOs. The ITRE report includes some significant changes from the initial proposal. Notably, it expands the scope while leaving out root services, the backdrop of the internet architecture. In addition, it contains a differentiated reporting mechanism that US legislators have inserted in similar legislation. Provisions clarifying how the cyber community can exchange data for fighting cybercrime were also included. Read more.
Not leading by example. Another key addition to the text is that if the NIS2 does not cover the EU institutions, the Commission needs to develop an identical proposal covering them. “The European institutions are not well-protected at all, it is worse than anyone,” Groothuis said, criticising the EU institutions for not investing in cybersecurity while asking others to do it. “This is unacceptable, I don’t feel safe here,” he added, noting the Commission and Council were not much better off than the Parliament.
Cybercrime record. Cyberthreat levels in Germany have climbed to their highest levels, according to a report published by the Federal Office for Information Security (BSI) last week. There has been a significant rise in ransomware attacks and an expansion of the types of malware being used, among other concerning trends, and those carrying out the attacks are becoming increasingly professional. “We are on red alert” when it comes to information security, the president of the BSI said. Read more.
Secure wireless. The European Commission adopted a delegated act under the Radio Equipment Directive on Friday to enhance the cybersecurity of wireless-connected devices such as smartphones, smartwatches and fitness trackers. The delegated act established new legal cybersecurity requirements that the manufacturers must respect when producing these devices.
Data & privacy
Grey areas. Facial recognition systems are already being used by law enforcement in 11 countries for ex-post identification in investigations, and eight more countries could develop similar capacity in the future, according to a report commissioned by the Parliament’s Greens group. The report warns that these technologies are being tested in a legal grey area, and these trials might make their use normalised. Moreover, after the testing, the technology is deactivated but often not physically removed. Read more.
Data Act delayed. The adoption of the Data Act planned for 1 December has been postponed to the beginning of 2022, following the negative feedback of the Regulatory Scrutiny Board. The board has requested a clarification on the obligations the legislative proposal would introduce for companies to share data with public institutions based on public interest. According to several media reports, the proportionality of the measure, the notion of public interest, and the potential incentive for companies to provide such data needs to be clarified. The board is due to review a revised version of the text early next year.
Europol expansion. A new mandate for Europol could be ready by the end of the year, Slovenia’s interior minister told EURACTIV this week. The update could see the agency’s data collection and processing capabilities considerably expanded, legalising practices that were already ongoing outside of the agency’s mandate. Civil rights groups have pushed back against the mandate, describing it as a “blank cheque” for law enforcement to build AI systems that threaten fundamental rights. Read more.
Distract and delay. Google said in a 2019 memo that by working behind the scenes with other tech companies, it had been “successful in slowing down and delaying” EU ePrivacy regulation, according to a file in 12 US states that alleges the company abused its ad power. Google has pushed back against the revelation, which provides an insight into the machinations of Big Tech lobbying in the face of growing sectoral regulation.
DPC budget. The Irish Data Protection Commission (DPC) has been granted an additional €4.1 million in funding as part of the government’s 2022 budget, a welcome boost for an authority regularly criticised for its lack of enforcement activity. The DPC says the money will go towards hiring more than 40 new staff members as the watchdog’s workload increases.
Digital rights
Rapporteur appointed. MEP Alex Agius Saliba has been announced as rapporteur for the proposed legislation to introduce a standard charger for mobile phones across the EU. The legislation was presented by the Commission in September and was considered a blow to Apple, given that most of its devices use a different port from Android devices.
Disinformation
Disinformation discussions. Brussels was host to EU DisinfoLab’s 2021 conference this week, which saw stakeholders gather to discuss the increasingly complex disinformation landscape in Europe and the potential regulatory and practitioner responses. Attendees discussed the upcoming DSA, how it might contribute to tackling disinformation, how it could be improved, and the often-problematic role of online platforms in this arena. VP Jourová criticised the proposed exception for media outlets in the DSA, putting it in the box of “good intentions leading to hell.” Read more.
DMA
Meanwhile, in the Council. The final agreement seems virtually complete, which is not surprising since most of the controversial parts are now being pushed in the Parliament or postponed to the trilogue stage. In particular, the obligations for the gatekeepers, Art. 5 and 6, were barely discussed, something which might backfire during the interinstitutional negotiations. Next Friday, a new text is expected, but since very little has changed, there is no reason to expect surprises. The only point on which further clarifications might be needed is the role of the member states to initiate investigations.
Speed over quality. A group of European tech companies, including Booking and Zalando, have penned a letter to EU economic ministers arguing that the active end users definition did not reflect their business model. In a recent text, the end-users were defined as visitors, which online marketplaces dispute is a meaningful measurement since they have a transaction-based business model. An EU diplomatic source recognised the validity of the argument. They warned such vital details might get lost given the enormous political pressure diplomats are under to reach an agreement ASAP. Read more.
ECON report. The opinion report of the ECON committee was led by Renew MEP Stéphanie Yon-Courtin, a former advisor to the French competition authority very close to the French government. The report proposes fines of 4% of companies’ annual turnover for such a violation and would double the Commission’s 10% maximum fine threshold. The committee also added web browsers and voice assistants to the list of core platform services and proposed a whistleblower system that would make reporting anti-competitive behaviour easier for companies and users. The opinion report also includes provisions on ‘predatory acquisitions’, requiring the gatekeepers to commission an independent study showing that the takeover does not harm innovation or competition. Read more.
Cloud market. Trade association CISPE commissioned a study pointing to anti-competitive practices by large software providers, naming, in particular, Microsoft and Oracle. According to the study, these operators have imposed unfair licensing conditions to limit the competition from European providers in the cloud market. Interviewees request cloud computing to be included in the DMA, arguing it is the only way to develop a ‘European cloud’. According to Jonathan Sage, a former IBM employee, the arguments used are rather old. The real issue in the cloud market is whether a platform or app built on a particular cloud service can be moved somewhere else. Read more.
DSA
Surprise surprise. The final IMCO vote on the DSA and DMA that was due on 8 November has been delayed, officially because of the testimony of Facebook whistleblower Francis Haugen on the same day. As expected, the DSA seems to be the one dragging its heels. “We’re also lagging a little bit behind the DMA; when it comes to finding solutions, we have more text, and therefore, we also need to have a couple of more shadows meetings,” rapporteur Christel Schaldemose admitted during the IMCO hearing on Wednesday.
Cooperation mechanism. Discussions in the EU Council are heading towards a complex enforcement architecture that should see the European Commission in the driving seat for all cases related to very large online platforms (VLOPs). “If every member state can file a complaint to the Commission, it will get very messy,” an EU diplomatic source told EURACTIV. This solution, which is expected to be put on paper by the Slovenian Presidency today, was preferred to make the board more operational and therefore able to start an investigation. The European Commission is more accountable to the Member States than an independent authority, the diplomat noted, adding that making the EU executive responsible for cross-border content moderation issues could become very sensitive.
Too early for Christmas? EU countries have further developed the text concerning online marketplaces, keeping in mind the ongoing work on the Product Safety Regulation. The discussions are going in a different direction than what Schaldemose proposed in the Parliament, following the principle that e-commerce platforms should verify the trader rather than being liable for the products. However, the Commission warned against a ‘Christmas tree effect’, arguing that if everyone pushes for obligations specific to a particular sector, the DSA will lose its horizontal nature.
Industrial strategy
The good marriage. Manufacturing trade association EFFRA and innovation community EIT Manufacturing have officialised their cooperation to “build a bridge between the two pillars of Horizon Europe.” The collaboration is the first of its kind and might set the model for other Horizon Europe partnerships, particularly those on AI, Data, Robotics, and Photonics, said Anne-Marie Sassen, acting head of unit at DG CONNECT. The intention is to facilitate the integration of new technologies in the production process, making the research-generated innovation reach the market faster.
Platforms
All press is bad press. There is no end in sight for Facebook’s PR woes, as this week saw the release of yet another tranche of articles detailing problematic conduct by the tech giant. Based on the same internal documents that the Wall Street Journal’s reported on recently, showing the company knew Instagram caused harm to teenage girls. Shared by whistleblower Frances Haugen, the documents that led to the latest articles detail an array of allegations about the havoc Facebook has, often knowingly, caused worldwide and the anger of its employees at the implications.
Time to act. Competition Commissioner Margrethe Vestager has said that breaking Facebook up and the legal battles that would ensue could be a years-long process, meaning that lawmakers needed to “stand together” and “take action now” to prevent the platform from doing any further harm and ensure that it takes responsibility for that which it has already caused.
Piracy prohibited. France will establish a new authority to tackle online piracy. “Arcom” will launch next January and will supervise peer-to-peer networks as well as online streaming and illicit broadcasting. It will also have the power to place sites on a publicly-accessible blacklist in the event of significant or continued violations. Read more.
Telecom
Huawei diversifies. Huawei is seeking to diversify its portfolio as pressure on its traditional business model grows. Among its focuses are the development of digital ecosystems and software applications, and the Chinese company has its sights set on sectors such as AI, facial recognition and e-mobility. Although diversification has been a longstanding goal of Huawei’s, the urgency with which it is being pursued has been increased since the introduction of sanctions by the US in 2018. Read more.
Sights set on 5G. Austria is set to expand its 5G network using Huawei technology, despite concerns over and boycotts of the Chinese company by other countries. Austria seeks to establish itself as a European leader in 5G and digitalisation more broadly and aims to provide 5G coverage nationwide by 2027. However, several other EU countries have refused to roll out or have plans to phase out Huawei’s technology, citing security concerns. Read more.
What else we’re reading this week:
Lina Khan Isn’t Worried About Going Too far: The new FTC boss says corporations abuse their power. To fight them, she’s consolidating some of her own. (New York Magazine)
Here are all the Facebook Papers stories (Protocol)
[Edited by Alice Taylor]