Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“We have an opportunity to create a new global golden standard for tech-regulation that will inspire other countries and regions”
– Christel Schaldemose, the European Parliament’s rapporteur for the Digital Services Act
Story of the week: The European Parliament adopted its position on the DSA with a broad majority in Thursday’s plenary vote, but not without some last-minute surprises. The primary victory was scored by the Tracking-free Ads Coalition, which successfully passed all three of its amendments. The most significant one prohibits sensitive personal data related to politics, religion and sexual orientation for targeting techniques. The other two amendments focus on consent, trying to put users in a better position to freely decide whether they want their personal data to be processed or not. Preventing platforms from extorting consent is also the subject of an article against dark patterns (Art. 13a), which conservative MEPs unsuccessfully tried to shoot down in a split vote.
What some still called a media exemption did not get through, namely the recital enabling media outlets to contest content moderation decisions. Nevertheless, thanks to the support of the Green MEPs, an amendment got through that will require the platforms’ terms and conditions to consider the charter of fundamental rights, including freedom of expression and media freedom. That is combined with an amendment from the LIBE committee which would make platforms’ own rules that contradict fundamental rights non-binding for the users. The rightsholders marked another victory with an amendment on the traceability of business users, extending information obligations to all types of intermediary services in their bid to fight piracy online.
Other last-minute changes include the possibility to make payments anonymously online and for SMEs to establish collective representation. Read more.
Don’t miss: Despite being one of the new government’s top priorities, Germany’s digital transition remains on ice as ministries continue to delineate their responsibilities. The Ministry of Digital and Transport has said it’s unclear whether it is responsible for the coalition’s promised “digital budget” and “digitalisation check”, both designed to centralise digital policymaking. Work has already begun on the other key focus area, climate change. Still, EURACTIV heard this week that it could take up to two months before digital competencies are clarified and the action gets underway. Read more.
Also this week:
- The ‘timely’ competition study on the Internet of Things
- The Data Act resubmitted to the Regulatory Scrutiny Board
- The EDPS calls for a total ban on micro-targeting in the regulation of political ads
- The Commission publishes a toolkit on how to address foreign interference in the R&I sector
Before we start: As efforts to regulate digital platforms gather steam, attention to the issue of online anonymity is growing. This week’s episode looks at the arguments being made for both limiting and preserving anonymity and pseudonymity online and how these have played out in the context of the UK’s Draft Online Safety Bill.
A Message by YouTube
Empowering our creative sectors through YouTube
YouTube recommender systems connect billions of people around the world to creators that inspire teach, and entertain us. In 2020, YouTube’s creative ecosystem contributed €2.38bn to EU GDP and supported 142 000 full-time equivalent jobs – revealing the real impact it had on real people.
Continue Reading >>
Alexa/Siri: dominate the market less. A Commission competition report on the Internet of Things (IoT) sector has zeroed in on voice assistants, highlighting several concerns surrounding their data collection, exclusivity and bundling practices, gatekeeper role and lack of interoperability. According to the study, the sector’s competitiveness is also hindered by the dominance of a few leading voice assistance operators: Google Assistant, Amazon’s Alexa and Apple’s Siri. As many of the concerns raised in the report are similar to those driving the Digital Markets Act, the report’s timing seems too good to be accidental. The study was due by the first half of 2022, and the Commission tends to be overoptimistic with its planning. MEPs have included voice assistants as core platform services in their DMA report, but member states have warned that every change to the scope should be evidence-based. The Commission provided that evidence. Read more.
Ukraine under pressure. Microsoft said last weekend it had detected malware in many computer networks, both government and privately-owned, in Ukraine that seems to be lying dormant for the moment. The US government is investigating the code, which the company detected as Ukraine was hit by a major cyberattack last week. The code, which was presumed to be waiting to be triggered, appeared to be intended to cause damage rather than extract a ransom; Microsoft said it hoped that making the discovery public would lessen the chances of a disruptive attack being launched.
Cyber Dialogue. Support for Ukraine in its recovery from recent cyberattacks, and preparation for potential future ones, featured high on the agenda of the fourth US-France Cyber Dialogue held virtually last Friday. The meeting also covered priorities including countering ransomware and defending human rights online and focused not just on transatlantic cooperation but also France’s planned emphasis on cyber issues during its current presidency of the EU Council.
Mind your face. ENISA, the EU’s cybersecurity agency, has warned that online face ID checks present a risk and may be vulnerable to attack or manipulation. The analysis included in a report released this week showed that cybercriminals could circumvent these checks in many ways, including using 3D masks and deep fakes. ENISA suggests that users should implement certain security measures, including environmental, ID document, and organisational controls, to tackle this.
Data & privacy
Data Act is back. The impact assessment of the Data Act was resubmitted to the Regulatory Scrutiny Board this week after it failed the first review in October. According to Contexte, the new text has revised the definition of public interest, the notion by which public institutions might request access to privately-held data, and removed reference to specific sectors. The study also tries to clarify how private companies would be compensated for sharing such data. If the feedback is positive, the proposal will be published on 23 February. Second negative opinions are somewhat rare and would lead to the reasoning of the Scrutiny Board being made public.
Tracking-free, in Washington. A bill that would implement a targeted ad ban has been proposed in the US by three Democratic lawmakers. The Banning Surveillance Advertising Act would prevent advertisers from using personal data in their services, apart from broad location targeting. However, the ban wouldn’t cover contextual ads that draw on the content with which users interact. The proposed legislation, which parallels calls in the EU for a crackdown on targeted ads as part of the DSA and DMA, has gained the support of many high-profile privacy experts. Read more.
Disputing the narrative. A YouGov poll has found that most SMEs in France and Germany are against tracking-based ads and want to see alternatives offered. Some 75% of small businesses said these kinds of ads on Facebook and Google were too invasive and undermined privacy, but 69% of respondents said there were too few alternatives, forcing them to advertise in this way. The survey’s implicit intent was to challenge a recurrent argument from these companies, which focuses on the benefits of targeted advertising for SMEs. Read more.
Hurry up now. Google issued a call for action on establishing a new EU-US data transfer framework this week. The tech giant argued that after the Austrian data protection watchdog ruled last week that Google Analytics had violated the GDPR, data flows and their economic benefits were at risk. Google has pushed back against the Austrian ruling but frames it as a hint of more considerable challenges to come, describing this as a critical moment requiring a durable international data transfer framework.
Welcome to Beijing. A smartphone app made mandatory by Beijing for all athletes and team officials at the 2022 Olympics has been found to contain a security flaw that allows for the interception of calls and data. The University of Toronto’s CitizenLab cybersecurity body found that a flaw in the app’s encryption meant protections for users’ audio and file transfers could be “sidestepped”. On top of this concern, the app’s software was also found to contain a list of censored words – not currently activated – and a feature that allows users to flag and report “politically sensitive content”.
Italy’s video surveillance. Italian authorities installed and purchased at least 2,430 surveillance cameras by Chinese brands Hikvision and Dahua between 2017 and 2020. Established in a wide range of venues, from parks, streets and museums to courts, hospitals and centres of the national government, the camera network spans the country and could be much more extensive than is currently known. In 2019, the US banned public-sector purchasing technology from both companies over security concerns. In Italy, a new contract for public administration video surveillance is currently underway; the question of whether this will mean an expansion of Hikvision and Dahua’s tech remains open.
End end-to-end encryption. The UK government is looking to wage war against end-to-end encryption (E2EE), Rolling Stone reported this week, already having contracted a high-profile advertising agency to lead it. The objective is to diminish support for encryption on Fakebook’s Messenger app, and planned actions include public stunts, alliances with charities and law enforcement bodies and a media campaign. The government’s focus on E2EE comes from the argument that it hinders efforts to combat child exploitation online. Still, those on the other side of the debate say removing encryption risks putting children in even greater danger.
Digital Markets Act
Who blinks first. While the discussion among the three EU co-legislators started in a climate of self-celebration, the mood swiftly changed as the technical talks tackled the core of the DMA, the gatekeepers’ obligations. The European Commission and Council are being difficult about the Parliament’s changes, particularly questioning the technical feasibility of the interoperability obligations, which for them have been underestimated. On the default settings, a possible compromise mentioned could be only to limit those to web browsers and search engines. Still, it seems unlikely that such fundamental questions could be solved at a purely technical level, which the negotiators have already recognised for the scope. At the same time, the Commission expressed its intention to examine the relevance of including whistle-blowers and class actions in the regulation.
Digital Services Act
Trilogue timeline. Even before the DSA passed the plenary test, a draft timeline was circulated. Five political trilogues have been planned: 31 January, 22 February, 15 March, 24-25 March, 6-8 April. The technical meetings are also fast-paced: 24 January, 2 February, 3 February, 7 February, 10 February, 18 February, 28 February, 3 March, 14 March, 17 March, 21 March, 23 March.
Chips take their toll. A combination of the pandemic and the global semiconductor shortage saw car sales in the EU hit a new low last year; data released this week shows. There was a 2.4% decline in the registration of new passenger cars in 2021, reaching the lowest rate since records began in 1990, with the lack of chips the main factor. The semiconductor situation doesn’t look set to improve in the short-term either: experts have said that the start of 2022 will be challenging when it comes to chips and that, while it could improve later in the year, the complexity of manufacturing during the pandemic means the road ahead for the car industry is unlikely to be smooth. Read more.
Mid-term agreement. The EU needs to develop an innovation culture to compete with the US and China in the way it does when it comes to regulation, political groups the EPP, S&D and Renew have said in their mid-term agreement on the Parliament’s legislative priorities. The EU leads in global digital regulation, but entrepreneurship, start-ups, and SMEs need to be supported to be at the helm of emerging technologies moving forward. At the same time, the responsibilities of online platforms are increased, and fundamental rights and data protection are prioritised. The group also voiced its support for the DSA and DMA, and called on the AI Act, due this year, to balance ethics and opportunity.
US vs Alibaba. Alibaba’s cloud business and its data storage practices are under scrutiny by the Biden administration over concerns that they may present a risk to US national security. The investigation is set to look at how the company retains user data, including personal information and intellectual property, and the access Beijing might have to this, Reuters reports. If risks are identified, the US could mandate changes from the company or prevent US customers from using it and while its cloud business is small, restrictions on it would deal a blow to Alibaba; in anticipation, shares in the company dropped by almost 3% earlier this week.
Slapps on the rise. More than 500 instances of SLAPPs have been confirmed in Europe, according to a new report released this week. SLAPPs, or strategic lawsuits against public participation, are cases levelled against and designed to silence journalists or activists. The report by CASE (Coalition against SLAPPS in Europe) found that there has been a sharp increase in the number of SLAPPs filed in the past four years, with Malta, Slovenia, Croatia and Ireland topping the list. More than one in ten cases, however, are cross-border and the suits are most commonly levied by businesses or individual businesspeople, followed by politicians or those in public service. Public consultation on the Commission’s planned initiative to address SLAPPs closed last week, and feedback on its results is scheduled for later this year.
Funding for journos. The Commission has issued a call for proposals on funding a course on the EU and Cohesion policy for journalism students in an effort to cultivate reporters specialised in European affairs and bolster coverage of the bloc. The initiative is also being touted as a way to tackle mis- and disinformation around the Union, and the proposals being sought will focus on the development and delivery of training schemes for emerging journalists in EU countries.
Microtargeting in the cross-fire. The European Data Protection Supervisor (EDPS) issued its opinion on the regulation on political advertising on Thursday, the same day EU lawmakers adopted a ban on the use of sensitive personal data in the Digital Services Act. Notably, the EDPS voiced support for a full ban on microtargeting for political ends, in addition to an extension of restrictions on which categories of personal data can be used. Reiterating a view already stated in different occasions, the EU privacy watchdog called for a ban on targeted ads based on pervasive tracking.
Big Gaming. Microsoft announced this week its $68.7bn purchase of video game company Activision Blizzard, the tech giant’s largest-ever acquisition. Activision has been in flux recently following several reports of sexual misconduct by executives at the company; dozens have been fired following the investigation, according to Activision, though its CEO remains in place despite calls for his resignation. The deal, which is not Microsoft’s first gaming purchase, is set to be sealed in 2023.
Reviewing the reviews. A Commission sweep of online customer reviews has revealed that doubts were triggered as to the reliability and authenticity of reviews in almost two-thirds of the sites surveyed. Among the concerns raised was the high proportion of sites that don’t reveal how reviews are collected or processed and that don’t identify or explicitly prohibit incentivised reviews. At least 55% of the sites checked by EU authorities were found to potentially be in violation of the Unfair Commercial Practices Directive, with doubts raised about a further 18%.
Research & Innovation
Beware the interference. The Commission released this week a toolkit designed to guide higher education institutions and research organisations in addressing foreign interference, a growing issue in what is an increasingly internationalised sector. Members of the university sector welcomed the initiative, which includes recommendations such as strengthening risk assessments and establishing Foreign Interference Committees: “It’s not a tool to close down cooperation, it’s a tool to facilitate cooperation where this might be difficult”, EURACTIV was told. Read more.
5G takes the sky. Amid US concerns over the potential interaction between 5G deployment and some aircraft systems, a number of European bodies have clarified that the same issues do not exist in Europe. Regulatory bodies on this side of the Atlantic have noted that current records show no sign of interference between 5G and aircraft radio altimeters, the European versions of which operate within different spectrum bands from their US counterparts. National bodies, as well as the European Aviation Safety Agency, have pointed out that 5G deployment has been ongoing for a while in Europe but any influence on aircraft instruments has yet to be detected.
One charger to rule them all. The IMCO’s rapporteur Alex Agius Saliba published his draft report on the proposed common charger, emphasising the need for a less fragmented approach and zeroing in on the current lack of voluntary commitments or binding requirements in place in this area for developers of devices. As anticipated in the preliminary discussion, Saliba is pushing for a significantly larger scope including low-voltage laptops, e-readers, keyboards, mice, smartwatches, personal care and sports devices, GPS and electronic toys. The Maltese politician also added the stipulation that consumers should be informed about the negative environmental implications of multiple unnecessary chargers. The Commission published its proposal for a common charger last year, after long-standing calls for such a measure by lawmakers.
Transformational potential. Digitalisation has the potential to be “transformational” when it comes to the green transition, the executive director of the Environmental Defence Fund Europe, told EURACTIV this week. In particular, Jill Duggan said, digital technologies can aid the collection and processing of data, as well as in everyday devices such as smart meters within people’s homes. Read more.
What else we’re reading this week:
Europe’s Move Against Google Analytics Is Just the Beginning (Wired)
Big tech’s supersized ambitions (The Economist)