Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“Digital is the make or break issue”
– Ursula von der Leyen, President of the European Commission at the State of the Union
Story of the week: Commission President Ursula von der Leyen delivered her State of the Union address this week, and digital played a key part in it especially if compared to last year. The head of the EU executive made several important announcements, notably proposals for a European Chips Act and Cyber Resilience Act (more details below), investments in 5G and fibre, and recommendations on how to address the digital skill gap. She also took stock of the legislative initiatives the Commission presented in the past year, in relation to artificial intelligence (AIA), digital services (DSA) and markets (DMA). What was not mentioned was a reference on data and data infrastructure, which was very prominent in last year’s speech, in spite of the upcoming initiatives on the Data Act and the revision of the Database Directive. Businesses also felt neglected, as they consider very little acknowledgement was given to industry and increasing competitiveness.
Don’t miss: The Commission also launched its “Path to the Digital Decade”, a new governance framework intended to monitor the digital transition in the member states and fast-track multi-country projects. The digital performance of EU countries will be assessed through the DESI index and against the Digital Decade targets. Under this framework, the Commission will publish an annual report tracking the countries’ progress, which will include recommendations similar to the European Semester. For multi-country projects, the decision would introduce the European Digital Infrastructure Consortium (EDIC), a new legal procedure for large-scale digital infrastructure and services that would be able to combine EU and national funding with other sources of financing. Read more.
Also this week:
- What we know about the new proposals for a European Chips Act and Cyber Resilience Act.
- The Commission proposes a governance framework to monitor the EU countries’ digital performance.
- Ireland was accused of being “the GDPR’s worst bottleneck”.
- The Commission considers that for its AI Act to be effective, it needs to become a global standard.
- Parliament approves a resolution on platform workers that sets the bar for the Commission proposal expected for later this year.
Before we start: This week’s podcast features a double interview with Trivago’s CEO Axel Hefer and Johannes Kotte, managing director at Visual Meta. The two business executives gave their view on why the DMA is important for the European tech ecosystem, and replied to the most common criticism against the proposal. “Without the DMA, you will never have one of the top digital companies coming out of Europe,” Trivago’s Hefer said. Listen to the podcast for more.
A message by Google
Every day is safer with Google
People turn to Google for help in moments big and small. It’s our responsibility to keep you safe online by protecting your personal information and respecting your privacy so every day is safer with Google. Learn more about how Google keeps you safe online.
Artificial Intelligence
Go global or go home. Commission officials are backing the EU’s proposed AI Act as a way to give Europe a first-mover advantage when it comes to regulation. However, setting the international standards is not just part of the Commission’s broader ambitions to elevate as the leading global regulator, it might also affect the proper functioning of the Artificial Intelligence Act since most of AI applications are being developed outside Europe’s borders. The AI treaty the Council of Europe (CoE) is working on might help the Commission achieve just that. The treaty is focused on human rights, the rule of law and democracy, and might be legally binding for the 47 CoE member organisations. Read more.
Slovenia and the CoE. Slovenian foreign minister Anže Logar joined Marija Pejčinović Burić, the Council of Europe’s (CoE) secretary-general, for a meeting this week to discuss the priorities of the Slovenian EU presidency. In addition to AI and digital transformation, Logar said, Slovenia’s support for the European Court of Human Rights and efforts to protect vulnerable groups were key priorities in terms of cooperation with CoE.
AI injustice. AI and Automated Decision Making are increasingly making their way into law enforcement and criminal justice systems, raising concerns over the growth of profiling and the presence of bias in these spaces. Ahead of the LIBE committee’s upcoming “AI in Criminal Matters” report, NGO Fair Trials has released a report detailing the dangers of deploying these technologies when it comes to influencing, informing or assisting criminal justice decisions and outcomes.
Battlefield AI. The US Department of Defence is increasingly looking at expanding the role of autonomous weapons, with some senior officials even mulling the necessity of keeping humans in the loop at all. As the capacity of AI to complete actions and analysis in ways and at speeds that humans could only dream of being able to do grows, the scope of this tech’s military application looks set to broaden, as does the array of ethical questions thrown up.
Is that a good idea though? AI expert Kai-Fu Lee has outlined the four key dangers in emerging AI technology: externalities, personal data risks, the inability to explain consequential choices and warfare. The former executive of Google, Apple and Microsoft said the biggest danger lies in autonomous weaponry and the training of AI to assassinate.
Workers’ victory. The California State Senate has approved a bill designed to prevent employers from counting warehouse workers’ compliance with health and safety regulations, including taking bathroom breaks, against their productivity time, something which is increasingly calculated by algorithms. The bill is seen as being aimed in particular at Amazon which has gained notoriety for its poor treatment of staff.
Beyond the Bay? A new study has laid bare how concentrated the US AI industry is, with most activity focused in the San Francisco Bay Area. As the influence of AI in most Americans’ everyday lives grows, however, this could become a long-term weakness. Experts are urging the sector to branch out and build capacity in other regions before the concentration of resources catches up with it.
NAIAC. The US will establish a National Artificial Intelligence Advisory Committee (NAIAC) to facilitate government action in a number of areas, and drive technological development across sectors. The body will provide guidance to President Biden on AI research, ethics and development.
Cybersecurity
Cyber Resilience. The EU will present a new Cyber Resilience Act, von der Leyen announced in her State of the Union speech on Wednesday. The law will seek to set common cybersecurity standards on connected devices and will build on the existing NIS2 Directive, a proposal covering the Security of Network and Information Systems. Other proposals in the areas are also underway, but some are calling for additional action to be taken, as cyber threats gain ever-more prevalence when it comes to security analyses.
The future is passwordless. Users can now remove passwords from their Microsoft accounts and sign in solely by other means, such as an Authenticator app or a text verification code. The measure has already been rolled out for commercial users and passwordlessness has been a long-term aim of the company, accelerated by the pandemic-induced shift to online working.
Cyber defence. Finland has listed cyber and information environments, as well as space, alongside more traditional domains such as land, sea and air, in a new Defence Report. The report also directs particular attention to the Arctic, which is increasingly a realm of superpower activity, making Finland’s defence situation “tense” and “difficult to predict.”
Data & privacy
GDPR bottleneck. The Irish Data Protection Commission (DPC) has been labelled “the GDPR’s worst bottleneck” in a report by the Irish Council for Civil Liberties (ICCL), which called on the European Commission to intervene. The DPC takes the lead on many high-profile data protection cases, given that the European headquarters of many major tech companies are based in Ireland. The DPC, according to the report, has left unaddressed 98% of the cases brought since the introduction of the GDPR in 2018, though the ICCL also criticises both the GDPR architecture itself and the “quiescent” Commission. Read more.
Here we drone again. Members of the French parliament have begun consideration of the use of drones by law enforcement, just months after the country’s Constitutional Council rejected a previous version of the law. The first bill was rejected in May on the grounds that the balance between the use that drones could provide in police work and people’s privacy rights had not been adequately struck. The new version maintains the essence of the first but includes a number of additional guarantees such as specifically required authorisations, justifications and demarcations of responsibility before operations can be launched. Opponents, however, remain concerned about the threat to public freedom and the implications of additional surveillance. Read more.
Compliance round two. The French data protection authority (CNIL) has drawn up its second round of formal notices to be issued to companies charged with non-compliance when it comes to legislation on cookies. 80% of the companies that CNIL issued a formal notice to in the first round in June have complied, the watchdog said. The new rules were introduced in April, based on the idea that cookie consent must be a “clear positive act” and that simply continuing to use a site can’t be considered a valid equivalent. The organisations from the first round that still have not complied risk a penalty of up to 2% of their annual turnover. Read more.
Google backtracks. Google provided the Hong Kong authorities with user data following the introduction of a controversial national security law last year, despite having pledged to stop responding to requests for such information. The tech giant responded to three out of 43 requests made by the authorities in the second half of 2020. Other big names in tech and social media, who joined Google in promising to defy pressure for information from the authorities, unless it came via the US Justice Department, denied similar emergency requests in the same period.
TikTok faces the music. The Irish Data Protection Commission (DPC) has initiated two inquiries into TikTok over the platform’s compliance with the GDPR when it comes to processing children’s personal data and the transfer of data to China. The DPC has come under fire recently for its backlog of cases, particularly crucial given the number of major tech companies that the country hosts.
Who wants to know? The US has emerged as the government that requests user data from tech companies the most, and as the government that is most frequently granted access. In Q1 2020, it submitted 69,598 data requests, far higher than the country that took TechRobot’s number 2 spot in the ranking, Germany, which filed only 24,775 in the same period. Behind Germany, the next three places were taken by France, the UK and Japan. Of the data requests submitted by the US in that timeframe, 76% were granted.
Farewell to the GDPR? UK Chancellor Rishi Sunak told a conference this week that “you don’t need GDPR to have data adequacy”, the latest in a series of comments by government officials that suggest the UK might seek to move away from the EU when it comes to data protection. The European Commission adopted two data adequacy decisions for the UK in June, facilitating the free movement of data between the EU and UK, but reserved the right to revise their decision if changes in the latter’s legal framework diverged from the agreed position too drastically.
Lower your expectations. WhatsApp made provisions for a much heavier fine from the Irish Data Protection Commission (DPC) than the one that was eventually handed out. Expecting a fine between €245 million to €250 million, the company’s Irish arm increased its liability provisions from €77.5 million to €246.2 million last year, in anticipation of a fine from the DPC over breaching data privacy laws. Instead, the messaging service received a (still record) penalty of €225 million.
Cloud branches out. Google Cloud is unveiling new storage products centred on data protection, as an increasing number of users choose to store their data on the cloud. The two new services and one update of its existing Cloud Storage system will provide services with more availability and privacy protection to the growing number of customers bringing their data to the cloud.
Health reporting. The US FTC has clarified a 2009 Health Breach Notification Rule to say that apps and devices that collect personal health information must notify customers if their data has been either breached or shared with third parties without their permission. “Data breach”, in this context, however, is not just limited to a cybersecurity intrusion. Unauthorised access to personal data, which encompasses the sharing of personal information without a person’s permission, can also qualify, thereby necessitating notification.
Digital Currencies
Digital euro, with limits. The digital euro is not seeking to replace cash, President of the Deutsche Bundesbank Jens Weidmann said in a speech this week, as the Eurosystem’s investigation of how a digital euro might work in practice gets off the ground. Noting the benefits of the cash system, Weidmann insisted that a European digital currency was not looking to take this over and that privacy would be placed front and centre of the initiative.
Disinformation
Disinfo defence. The European Parliament has set out six pillars on which the EU should build its strategy for engagement with China as part of a new strategy. MEPs highlighted, in particular, the need to develop international standards on technologies such as 5G and 6G, with the penalty of exclusion for non-compliant companies. The strategy also asks for the EU External Action Service to be given a mandate and the resources needed to address disinformation coming from China. Included in this, they say, should be the creation of a specific Far-East StratCom Task Force.
DMA
Council state of play. Following last week’s Dutch-Franco-German attempt to move the DMA enforcement more in favour of national authorities, it is still unclear where the proposal will land although the Commission and some of the smaller countries are clearly against it. In terms of adding tailor-made remedies following a market investigation (i.e. the new Article 16(a)), some note these provisions might fall outside the legal basis, thus the proponent countries have mobilised their legal experts to argue why that is not the case. The Slovenian compromise text presented last week seems to have clarified issues related to private enforcement in national courts and how these will cooperate with the Commission, but the point on the relation between the DMA and national competition rule is not fully resolved, a diplomatic source told EURACTIV. Another point still to clarify is the regulatory dialogue, as the Commission wants to maintain a discretionary power to discard requests that are seen as buying time for the gatekeepers. However, that is not universally seen as the best way to go, as it might lead to legitimate requests being dismissed.
DSA
Regulation vs business. The DSA’s rapporteur, Christel Schaldemose, has again voiced her opposition to micro-targeting in advertising. “I don’t like micro-targeted ads and I think we should definitely do something to get rid of them”, she said this week. A diplomatic source close to the file told EURACTIV that some (large) member states seem to sympathise with the Parliament’s position, but might be waiting for the trialogues to pick up the fight. Some countries are very against the proposal, which they recuse would be very against the businesses. The same countries also express fear that the reporting obligations have been expanding since the 13 included in the original proposal, and exceptions for small and micro enterprises have been eroded.
Expect some struggle. The real power struggle around the DSA is likely to be (as is often the case) on enforcement. A coalition by countries led by France wants to shift at least part of the implementation from the country of the establishment to the country of destination. As the orders to act against the illegal content are issued by the judiciary, this change of approach might generate problems in countries that have a problem with the rule of law, which might become a way to politically control social media content. At the same time, the overall enforcement structure is broadly based on the one from GDPR, not exactly the most successful example. Some states note that in the original version of the text the Commission was driving the debate and setting the agenda, while there are advocates in the Council that would like the Digital Service Coordinators to have a more independent role.
e-Commerce
Agreement achieved. A consumer protection article will be included in a future international trade deal on e-commerce, following an agreement reached between over 80 countries. The article will require signatories to adopt or continue measures that tackle misleading, fraudulent and deceptive commercial activities that do or could, cause harm to online consumers. They will also be required to ensure that suppliers deal fairly and honestly with consumers and provide substantial access to information on goods and services, as well as to promote redress or recourse mechanisms that consumers can access.
Industrial strategy
European chips. Wednesday’s State of the Union address saw Ursula von der Leyen announce a European Chips Act designed to invigorate Europe’s chip-making capacity and drive forward the bloc’s aim of strategic autonomy. The Commission President painted the initiative as a way for Europe to regain global leadership in semiconductor production, lost in recent decades. The current global chip shortage has hit Europe’s vision of autonomy hard and some member states have independently sought to boost their own manufacturing capacity. The shortage and its fallout, experts say, could stretch years into the future. The new initiative is no longer just focused on production capacity, but also on boosting research and diversifying supply chains through international cooperation Read more.
ICT gender imbalance. 83% of the 2.7 million employed ICT-educated workers in the EU were men in 2020. The share was highest in Latvia, where 94% of the sector were men; on the other end, the figure was only 27% in Romania. Younger age groups were also in the majority, with 66% of these workers across the EU falling within the 15-34 years bracket. This imbalance occurs in a sector that is facing a dire skills gap that will only increase in the coming years.
Teaching rewarded. The Commission has launched a new European Innovative Teaching Award, to highlight outstanding teaching practices occurring within projects funded by the 2014-2020 Erasmus+ programme. The award will cover education from early childhood to vocational and training schools for older students.
Media
Media protection. The Commission has launched a Recommendation on the Safety of Journalists in response to the worsening media freedom situation in Europe. The Recommendation outlines measures that EU countries can take to bolster protections for media professionals, including the creation of legal, psychological and cybersecurity support services and the increased protection of journalists covering demonstrations. The Commission also notes that female journalists and journalists from minority groups are particularly at risk of threats and attack and states should therefore take additional steps to ensure both their safeguarding and inclusion in the media sector. Read more.
State of emergency. Reporters Without Borders (RSF) has declared a “press freedom state of emergency” in Poland in response to the controversial “Lex TVN” amendment, which threatens the broadcasting abilities of critical independent media group TVN. Despite having been recently rejected by the Senate, the lower house could still overturn the decision and pass the measure. RSF also criticised the recently-imposed restrictions on reporting near the border with Belarus, which the government has said are a result of migration and potential Russian military exercises. Both are seen as part of a broader crackdown on press freedoms as part of the ruling Law and Justice (PiS) Party’s attempted “repolonisation” of the media.
Covert sponsorship? EU Reporter has come under fire for “lobbying dressed up as journalism”. The publication has been accused of passing off content sponsored by companies and embassies as regular news coverage, rather than acknowledging and being transparent about its funding sources, as other publications do. EU Reporter is said to promote itself specifically as a way for entities to influence EU politics and gain access to the Brussels decision-making process.
Platforms
Social protection fit for the digital age. The Parliament has adopted a resolution on social protection for platform workers, designed to combat the “precariousness and poor working conditions” of those employed in the gig economy. The report it non-binding, but might anticipatee key facets of a legislative proposal expected to land before the end of the year. Platform services have afforded workers more flexibility and lowered costs for consumers but have drawn criticism for the labour conditions of those they employ. Gig workers, EU lawmakers now say, should be afforded the same rights and social protections as traditional employees. Key provisions also include transparency obligations, human oversight on algorithmic management and portability from one platform to the other. Read more.
Investigation ordered. Facebook’s Oversight Board has recommended an independent investigation into whether the tech giant’s content moderation decisions, automated or otherwise, treated anti-Palestinian and anti-Israeli content differently. The Board, which scrutinises content moderation practices on Facebook and Instagram, made the recommendation as a result of a case from May in which a Facebook user’s repost of an Al Jazeera article on the subject of a truce offer from the Al-Qassam Brigade to the Israeli authorities was removed for violating the platform’s policy. The post was reinstated after an appeal but Facebook was unable to explain the removal decision and drew criticism for disproportionately censoring Palestinian content in Arabic compared to content inciting anti-Palestinian and anti-Arab violence in Israel. Read more.
Incoming. Commission Vice-President for A Europe Fit for the Digital Age has said Apple is expected to provide a statement of objection in response to a complaint filed by Spotify in the next few days. The complaint is part of a Commission antitrust investigation into charges that Apple has abused its dominant position when it comes to the distribution of music-streaming apps on the App Store, primarily via its mandatory in-app purchasing systems and restrictions on the ability of developers to alert users to cheaper alternatives.
Concealed harm. A leak from Facebook has revealed that the company has kept secret internal research on the negative impact of Instagram’s on teenage girls’ body image issues since 2019. A company presentation two years ago acknowledged that the platform makes these issues worse for one in three teen girls and is consistently blamed by many of them for worsening issues such as anxiety, depression and eating disorders. Of users surveyed who reported suicidal thoughts, 13% in the UK and 6% in the US linked them to Instagram. The findings mirror criticism that has been levelled at social media companies by observers. Facebook, which owns Instagram, has repeatedly sought to minimize the harmful mental health effects of the platform.
Apple vs Epic Games concludes. Apple’s App Store success suffered a major setback last Friday as a US judge ruled that the tech titan will no longer be allowed to prevent app developers from directing users away from Apple’s in-app purchasing system, which usually affords the company a lucrative 15-30% commission on sales. Epic Games was also not fully satisfied by the ruling since the judge did not consider Apple a monopolist and the payment system the game company introduced in Fortnite was deemed in breach of its contract with Apple. The case between Apple and Epic Games has drawn great attention, part of a broader scrutiny of the former’s dominance and potentially monopolistic tendencies.
What’s up with WhatsApp? The European Consumer Organisation (BEUC) has penned a letter to the European Commission and the Consumer Protection Cooperation Network calling for an investigation into WhatsApp. In July, BEUC filed a complaint against the messaging service for breaching EU consumer rights by pressuring users to accept new and opaque terms of use and privacy. The BEUC says that recent fines levied against WhatsApp over GDPR violations have had little bearing on its behaviour and that the platform continues to send the offending notification and violate consumer protection rules.
Watch your bot. The NGO Global Witness is launching a Twitter bot called “EU Tech Watch” that will auto-tweet every time an EU Commission official meets with a lobbyist from a Big Tech company. The tweets will include the names of those in the meeting and the company they represent. The initiative is inspired by a similar bot that was released a few months ago about the gas lobby.
Telecom
Radio spectrum clarity. The Commission has announced a requirement that EU countries provide greater clarity when it comes to the use and availability of radio spectrum and proposed that they collaborate when it comes to 5G, data, processors and blockchain in order to drive forward their attainment of digital targets. The required clarity, the Commission said, would help to increase legal certainty and investment predictability.
Tripartite control approved. The European Commission has approved the acquisition of joint control over Global Partnership for Ethiopia B.V. by the UK’s Vodafone Group, Kenya’s Safaricom and Japan’s Sumitomo Corporation. The three companies will assume control of Ethiopia B.V. and its subsidiaries, the Ethiopia JV, a newly-created entity set to provide telecoms services in Ethiopia. The Commission approved the acquisition on the grounds that Ethiopia JV has no actual or foreseen activities in the EEA and therefore did not raise any concerns in terms of competition.
Disruption sought. Telefonica has partnered with a Spanish venture capital firm to launch a fund targeting start-ups developing disruptive and transformative technology. The fund, Leadwind, will seek to raise between €150 million and €250 million and will focus on start-ups working on 5G, IoT, AI, edge computing, blockchain and data analytics..
Space race
Civilian flight. Following in the footsteps of Richard Branson and Jeff Bezos, who both recently launched themselves into space, billionaire Jared Issacman has blasted off out of Florida on a private trip to the Earth’s orbit. Accompanied by three other amateur astronauts, the crew of the Inspiration4 are currently on a three-day journey circling the Earth in a spacecraft built by SpaceX. The space trip industry is gathering steam, with two private visits to the International Space Station already planned for next month and the New Year.
What else we’re reading this week:
The Battle for Digital Privacy Is Reshaping the Internet (New York Times)
The Facebook Files (Wall Street Journal)
The map of European start-ups financed by China (Wired Italia – in Italian)