digital-brief:-dsa-general-approach,-dma-compromise,-data-retention

Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here

“Based on the discussions at Working Party level, a strong and general support among the Member States has been identified regarding the level of ambition of the proposal, its overall objectives and the need for its swift adoption”

-Accompanying note to the General Approach to the Digital Services Act (DSA)

Story of the week: The 27 EU ambassadors have adopted the “general approach” to the proposed Digital Services Act, which is now set to receive final approval during the Competitiveness Council on 25 November. The adoption means a number of changes are now formally included in the proposal, notably the centralised enforcement of very large online platforms (VLOPs) in the hands of the European Commission. The scope was maintained on illegal content, with the takedown of illegal hate speech required within 24 hours, the same timeframe of Germany’s Network Enforcement Act (NetzDG). Online marketplaces will have an obligation to “know-your-business-customer”, in other words, to make their best efforts to verify the identity of the trader on their platform. On this point, Italy requested the extension of such liability provisions to non-traditional e-commerce platforms, stressing, in particular, the growing role of social media. Online search engines were also added as a fourth, stand-alone category, following fears they would slip out of the scope.

The text was agreed despite concerns over the remaining need for improvement of a number of provisions, as the diplomats were under intense time pressure to reach a consensus. This rush to find an agreement has created a delicate situation: On the one hand, there are some countries still asking for ‘improvements’ at the trilogue stage; on the other, several member states have stressed the compromise is fragile, in the sense that there was not enough time to develop a solid agreement everyone could fully buy into. The latter sign should be interpreted as a warning to the upcoming French Presidency that will represent the EU countries in the trilogues. The French are skilled negotiators, and their MEPs (even those belonging to parties that are in the opposition) are usually well-disciplined in pushing their national agenda. However, the room of manoeuvre is very tight in this case, and a compromise that goes too far on some fundamental points might lead to a backlash. Read more.

Don’t miss: The EU lawmakers have reached an agreement on the Digital Markets Act finding a compromise on the most controversial points. The scope was slightly raised to €8bn in turnover and €80bn in market capitalization, but the proposal from rapporteur Andreas Schwab to include more than one core platform service did not get through.

The killer acquisitions parts made it into the text, as measures for systemic non-compliance. The solution found seems to have satisfied the European Commission from a legal basis perspective, as the recital defines the measures as targeting acquisitions “ likely network effects, data consolidation, and possible long-term effects or whether and when the acquisition of targets with specific data resources can significantly put in danger the contestability and the competitiveness of the markets.”

On the targeted advertising, a mid-ground was found in banning targeting of ‘known’ minors. However, platforms need to obtain the explicit consent of the users and are banned from trying to circumvent such consent by using ‘dark patterns’. There will be strong limitations in using sensitive personal information such as political views, religious beliefs, sexual orientation and race. Read more.

Also this week:

  • AG opinion on data rotation enters the German coalition talks.
  • The European Commission announced a competition policy review.
  • The French Senate initiated an inquiry over the concentration of the media sector.
  • Gaia-X loses a major French cloud provider over foreign influence concerns.

Before we start: Apple has been vehemently opposing sideloading provisions in the DMA, which would allow alternative ways for downloading apps on their operating system. Damien Geradin, legal counsel for the Coalition for App Faireness responds point by point to Apple’s argument, making the case for opening up the competition among app stores.

svg%3E

Artificial Intelligence

Partial compromise soon. The Slovenian EU Council presidency is due to submit a progress report during the Council meeting on 3 December, together with a partial compromise text from Art. 1 to 29. While no major issue has so far arisen from the technical discussions, a number of EU countries led by Germany have contested the fact the regulation would cover also law enforcement, and wish to separate AI rules for policing in a separate, sectorial law.

Innovation vs regulation. A new report approved by a special committee of the European Parliament group is pushing to reduce the burden of the AI regulation on companies to promote innovation in the sector, echoing an argument already voiced by several member states in the last European Council. The AIDA special committee has no regulatory power but the rapporteur, MEP Axel Voss is an influential voice and might get its points through elsewhere, notably on the JURI committee. The decision over the dispute for competence on the AI Act between the LIBE, JURI and IMCO committee was postponed once again. Read more.

Pentagon’s ethics. Not even the US Department of Defence is able to catch with Big Tech on the AI race and has to rely on Google, Microsoft, Amazon and the likes to get access to the most advanced technologies. This collaboration has however spurred ethical concerns, notably among Big Tech employees. To counter this trust issue, the Pentagon has published guidelines for responsible AI that its external providers will have to follow when developing and deploying AI-powered tools for military use. The guidelines require the supplier to assess the risks related to the technology and how they can be avoided.

Competition

Competition Policy Review. The European Commission published on Thursday its agenda on how to enhance its antitrust rules. EU competition chief Vestager was particularly adamant against the idea of European champions, which usually take the form of Franco-German colossus, reiterating her opposition to the matter. The communication confirms the relaxation of state aid rules for what concerns broadband investments and pointed to the complementarity of the DMA with competition enforcement. An interesting reference has been added to killer acquisitions, noting how companies that have little to no turnover should also be considered for antitrust probes when such takeovers could disrupt the market. The competitive role of data is also mentioned, with a reference to the upcoming Data Act that should contain measures on data access for companies and individuals. Read more.

Copyright

Remuneration deal. Google and news agency Agence France Presse (AFP) have reached a five-year agreement that will require the former to pay the latter for the use of its journalistic content under the Copyright Directive. The deal is the culmination of 18 months of negotiations and is part of a much larger battle over “neighbouring rights” in France, which has seen high-profile contests between news publishers and tech giants over remuneration for reusing material content. The deal applies to all of AFP’s content throughout the EU and is reportedly one of the largest deals of its kind. Read more.

Cybersecurity

NIS investments. According to a survey of the European Union Agency for Cybersecurity (ENISA), 82% of essential services operators and digital service providers have implemented the requirement of the NIS (Network and Information Security) Directive, leading in 67% of the cases to additional investments in cybersecurity. At a global level, the study finds that the security budget is usually distributed to vulnerability management (20%), governance, risk and compliance (18%) and network security (18%). In case of security incidents, the banking and healthcare sectors are those paying the higher cost, ranging from €213,000 to €300,000 against an average of €100,000 for other sectors. Read more.

Data & privacy

ePrivacy update. The long waited trilogue on ePrivacy Regulation finally took place on Thursday. The focus of the discussion were Chapters III, V and VI, which are certainly not the most controversial points in the negotiation (i.e. data retention, cookies, enforcement). Although progress was made, the meeting was meant to reach an agreement on these chapters but failed to do so as technical details remained unclear, EURACTIV has learned. While technical meetings are now planned in December, for ‘scheduling issues’ there will be no more political trilogues under the Slovenian Presidency.

Germany’s sense for data retention. The opinion of the EU Advocate General, which declared the German provisions on data retentions as incompatible with EU law has abruptly entered the coalition talks in Berlin, where data retention is one of the hot issues in the coalition talks. While the SPD is in favour of pushing for data retention rules at home and in Europe, the liberal FDP and the Greens are strictly against it. The legal opinion might just be enough to convince the SPD to change its position, with SPD negotiators saying that the legal document will be “carefully examined.”

What Data Act. Christian d’Cunha, one of the policy officers in charge of the Data Act at the European Commission, told the IAPP Congress that the intention is to unleash the 80% of data that is currently not being used across all sectors of the economy. The proposal will have a complex relation to other legislation, notably with the Data Governance Act making data sharing mandatory, with GDPR on data portability and differentiation of personal and non-personal data, as well as ePrivacy on data generated from terminal equipment. A key point that remains to be seen is under which conditions businesses will have to share their data with governments (B2G).

Access to what now? The process for accessing official documents is not at all standardised and streamlined across EU institutions and services, observers said at an event organised by the European Ombudsman on Monday. Requests seem to be at the discretion of the individual services, with the same requests being accepted from some and rejected from others. This year marks the 20th anniversary of the legislation setting out the process for obtaining access to such materials and panellists, including Commission’s VP Vĕra Jourová stressed the need to update the rules not only for the sake of efficiency but also to ensure that they reflect the ways in which we communicate today.

Digital rights

Apple’s self-repair. Apple announced on Wednesday it will make self-repair available for iPhone 12 and 13, in what some considered a U-turn in the company’s policy. The programme will make Apple parts available to customers to perform repairs, whereas until now only Apple-authorised services were allowed to do that. The campaign group Right to Repair welcomed the announcement as “too good to be true,” warning that “the devil is in the detail.” The NGO pointed in particular to the high cost of repair parts and insisted the EU regulator should legislate on the matter.

Digital skills

DESI 2021. This year’s annual Digital Economy and Society Index (DESI) shows a mixed picture when it comes to the digital performance of EU countries. The Index, which measures progress in digitalisation against the Commission’s 2030 Digital Compass targets, shows that all 27 countries have made some steps forward but that they vary significantly. Read more.

Digital Europe kicks off. The first three work programmes of the Digital Europe Programme have been approved by the Commission, greenlighting almost €2 billion in funding for facilitating the green and digital transitions. The funding, a portion of the Digital Europe Programme’s overall €7.5 billion over seven years budget, will cover a range of applications, with particular focus in each package on digital skills. Read more.

Disinformation

Code of growth. Sixteen new potential signatories have joined the drafting process of the Commission’s updated Code of Practice on Disinformation, further widening participation in it from the original members who were mostly large tech companies. The Code is in the process of being updated in accordance with guidance on its improvement issued by the Commission; a report released by the European Regulators Group for Audiovisual Media Services (ERGA) this week, noted significant issues with the tool’s monitoring and transparency mechanisms and provided extensive advice for rectifying these gaps in the new text. Read more.

DSA

The state of targeted ads. The Tracking-Free Ads Coalition scored only a partial victory in the DMA, managing to ban the targeting of minors, the consent-based principle and limitations to using sensitive information, spanning from political views to sexual orientation. The proposal is however bound to reappear in the DSA discussions, which are proceeding much more slowly. During the EDAA summit that took place on Monday, marketers stressed the need to maintain the legitimate interest principle of the GDPR. EDAA itself promoted a self-regulatory programme, promoting transparency standards, but pushed back against a ban that they consider to be disproportionate.

Industrial strategy

The Gaia-X paradox. While the Gaia-X praised the progress in developing a federated cloud meant to serve European digital sovereignty at the Gaia-X summit that concluded on Friday, one of Europe’s biggest home-grown Cloud providers is already leaving the ship. The French company Scaleway announced on Thursday that they would leave Gaia-X after it became known that the summit was sponsored by Chinese and American tech giants, which are perceived as “foreign influence” by the company.

Saxony in the spotlight. The Commissioner for the Internal Market Thierry Breton has said that Germany’s Saxony region will emerge as one of the key locations of the EU’s drive to bring semiconductor production back to Europe. On a visit to Silicon Saxony, home to most of the country’s chip production, Breton met with industry leaders to discuss the upcoming EU Chips Act. Saxony, he concluded, will be “extremely important for Europe’s place on the world stage.” Read more.

Media

Concerning concentration. The French Senate will set up a commission of inquiry to investigate the concentration of media ownership in France, in what was defined as a highly concentrated landscape. “The political and general information press is now in the hands of a small number of businessmen and companies whose main activity is often far removed from the world of information and its principles,” the lawmakers said. The focus of the investigation will be the major media groups of the country as well as the proposed merger between TF1 and M6 groups.

Platforms

Missing the point. Policy debates over protecting children from sexual abuse material (CSAM) online are missing the mark in many cases, Beeban Kidron, member of the UK’s House of Lords and chair of the 5Rights Foundation told EURACTIV. Carelessness by online platforms is a major driver of the issue, she said, and tech companies need to show people that they’re responsible enough to be running these services. Kidron also described the current moment as a “tipping point”, noting the potential for the convergence of the DSA, AI Act and GDPR to serve as a key tool in combating the problem. Read the interview.

Long-awaited proposal. All eyes are on Brussels as the Commission is due to present its proposal on platform works on December 8. It will have one objective: “to ensure that people working through platforms have decent working conditions while supporting the sustainable growth of digital labour platforms in the EU,” a Commission spokesperson told EURACTIV. A difficult balancing act as it will have to reconcile different issues. On the one hand, companies demand that the flexibility, which has allowed the sector to grow so much, remain untouched. They argue, backed by studies, that curtailing it would lead couriers to give up the profession. On the other hand, MEPs and national lawmakers have been pushing for better social protection in order to address the precariousness that may come along with the gig economy and aims at rebalancing the power relationship between these workers and the platforms.

Telecom

Open RAN coalition. A coalition of telecom providers formed by Deutsche Telekom, Orange, Telecom Italia (TIM), Telefónica, Vodafone published on Thursday a paper arguing for the need to make Open Radio Access Networks (RAN) a priority for Europe’s connectivity strategy. According to the operators, the flexible and open architecture provided by Open RAN would be a major driver for competitive digital infrastructure in Europe. They also called for high-level political support, the European Commission to create a European Alliance on Next Generation Communication Infrastructures, further incentives for Open RAN development and stronger European leadership in the development of international standards.

What else we’re reading this week:

  • Metaverse bull market (Axios)
  • How Cellphone Data Collected for Advertising Landed at U.S. Government Agencies (Wall Street Journal)
  • Amazon’s Dark Secret: It Has Failed to Protect Your Data (Wired)

Leave a Reply